package com.yubico.yubikit.piv;

import com.abinbev.android.beesdsm.beescustomerdsm.components.roundedprogressbar.RoundedProgressBarPreviewsKt;
import com.yubico.yubikit.core.Transport;
import com.yubico.yubikit.core.application.ApplicationNotAvailableException;
import com.yubico.yubikit.core.application.BadResponseException;
import com.yubico.yubikit.core.smartcard.ApduException;
import com.yubico.yubikit.core.smartcard.ApduFormat;
import com.yubico.yubikit.piv.KeyType;
import defpackage.AbstractC11273or1;
import defpackage.AbstractC13359ty;
import defpackage.AbstractC2546Kr3;
import defpackage.C2422Jx;
import defpackage.C3476Qp2;
import defpackage.C4907Zu;
import defpackage.C5105aP0;
import defpackage.C6908eC4;
import defpackage.C8078h34;
import defpackage.C9203jn4;
import defpackage.C9612kn4;
import defpackage.DP1;
import defpackage.InterfaceC7256f34;
import defpackage.W24;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.Locale;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: PivSession.java */
/* loaded from: classes8.dex */
public final class a extends AbstractC13359ty<a> {
    public static final AbstractC11273or1.a d = new AbstractC11273or1.a("Curve P384", 4, 0);
    public static final AbstractC11273or1.a e = new AbstractC11273or1.a("PIN/Touch Policy", 4, 0);
    public static final AbstractC11273or1.a f = new AbstractC11273or1.a("Cached Touch Policy", 4, 3);
    public static final AbstractC11273or1.a g;
    public static final C0736a h;
    public static final Logger i;
    public final C8078h34 a;
    public final C6908eC4 b;
    public int c = 3;

    /* compiled from: PivSession.java */
    /* renamed from: com.yubico.yubikit.piv.a$a, reason: collision with other inner class name */
    /* loaded from: classes8.dex */
    public class C0736a extends AbstractC11273or1<a> {
        @Override // defpackage.AbstractC11273or1
        public final boolean b(C6908eC4 c6908eC4) {
            return c6908eC4.b(4, 2, 6) < 0 || c6908eC4.b(4, 3, 5) >= 0;
        }
    }

    /* compiled from: PivSession.java */
    /* loaded from: classes8.dex */
    public static /* synthetic */ class b {
        public static final /* synthetic */ int[] a;

        static {
            int[] iArr = new int[KeyType.Algorithm.values().length];
            a = iArr;
            try {
                iArr[KeyType.Algorithm.RSA.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                a[KeyType.Algorithm.EC.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* JADX WARN: Type inference failed for: r0v6, types: [com.yubico.yubikit.piv.a$a, or1] */
    static {
        C6908eC4.a(4);
        C6908eC4.a(3);
        C6908eC4.a(0);
        C6908eC4.a(5);
        C6908eC4.a(0);
        C6908eC4.a(0);
        g = new AbstractC11273or1.a("Metadata", 5, 3);
        C6908eC4.a(5);
        C6908eC4.a(4);
        C6908eC4.a(0);
        h = new AbstractC11273or1("RSA key generation");
        i = LoggerFactory.getLogger((Class<?>) a.class);
    }

    public a(InterfaceC7256f34 interfaceC7256f34) throws IOException, ApduException, ApplicationNotAvailableException {
        C8078h34 c8078h34 = new C8078h34(interfaceC7256f34);
        this.a = c8078h34;
        try {
            c8078h34.c(new C4907Zu(-92, C2422Jx.a, 4, 0));
            byte[] c = c8078h34.c(new C4907Zu(-3, null, 0, 0));
            if (c.length < 3) {
                throw new IllegalArgumentException("Version byte array must contain 3 bytes.");
            }
            C6908eC4 c6908eC4 = new C6908eC4(c[0], c[1], c[2]);
            this.b = c6908eC4;
            if (c8078h34.b.v() == Transport.USB && c6908eC4.b(4, 2, 0) >= 0 && c6908eC4.b(4, 2, 7) < 0) {
                c8078h34.d = true;
            }
            if (interfaceC7256f34.u1() && c6908eC4.b(4, 0, 0) >= 0) {
                c8078h34.c = ApduFormat.EXTENDED;
            }
            C3476Qp2.b(i, "PIV session initialized (version={})", c6908eC4);
        } catch (ApduException e2) {
            if (e2.getSw() != 27266 && e2.getSw() != 27904) {
                throw new IOException("Unexpected SW", e2);
            }
            throw new ApplicationNotAvailableException("The application couldn't be selected", e2);
        }
    }

    public static AbstractC2546Kr3 g(KeyType keyType, byte[] bArr) {
        LinkedHashMap b2 = C9612kn4.b(bArr);
        KeyType.b bVar = keyType.params;
        if (bVar.a == KeyType.Algorithm.RSA) {
            return new AbstractC2546Kr3.c(new BigInteger(1, (byte[]) b2.get(129)), new BigInteger(1, (byte[]) b2.get(Integer.valueOf(RoundedProgressBarPreviewsKt.TIER_INFORMATION_SECTION_CIRCLE_SIZE))));
        }
        if (!(bVar instanceof KeyType.a)) {
            throw new IllegalArgumentException("Unsupported key type");
        }
        return AbstractC2546Kr3.b.b(((KeyType.a) bVar).c, (byte[]) b2.get(134));
    }

    public static byte[] h(char[] cArr) {
        ByteBuffer encode = StandardCharsets.UTF_8.encode(CharBuffer.wrap(cArr));
        try {
            int limit = encode.limit() - encode.position();
            if (limit > 8) {
                throw new IllegalArgumentException("PIN/PUK must be no longer than 8 bytes");
            }
            byte[] copyOf = Arrays.copyOf(encode.array(), 8);
            Arrays.fill(copyOf, limit, 8, (byte) -1);
            return copyOf;
        } finally {
            Arrays.fill(encode.array(), (byte) 0);
        }
    }

    public final void c(KeyType keyType, PinPolicy pinPolicy, TouchPolicy touchPolicy, boolean z) {
        C6908eC4 c6908eC4 = this.b;
        if (c6908eC4.a == 0) {
            return;
        }
        if (keyType == KeyType.ECCP384) {
            a(d);
        }
        if (pinPolicy != PinPolicy.DEFAULT || touchPolicy != TouchPolicy.DEFAULT) {
            a(e);
            if (touchPolicy == TouchPolicy.CACHED) {
                a(f);
            }
        }
        if (z && keyType.params.a == KeyType.Algorithm.RSA) {
            a(h);
        }
        if (c6908eC4.b(4, 4, 0) < 0 || c6908eC4.b(4, 5, 0) >= 0) {
            return;
        }
        if (keyType == KeyType.RSA1024) {
            throw new UnsupportedOperationException("RSA 1024 is not supported on YubiKey FIPS");
        }
        if (pinPolicy == PinPolicy.NEVER) {
            throw new UnsupportedOperationException("PinPolicy.NEVER is not allowed on YubiKey FIPS");
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public final void close() throws IOException {
        this.a.close();
    }

    public final X509Certificate d(Slot slot) throws IOException, ApduException, BadResponseException {
        Logger logger = i;
        C3476Qp2.b(logger, "Reading certificate in slot {}", slot);
        int i2 = slot.objectId;
        C3476Qp2.b(logger, "Reading data from object slot {}", Integer.toString(i2, 16));
        LinkedHashMap b2 = C9612kn4.b(C9612kn4.e(83, this.a.c(new C4907Zu(-53, new C9203jn4(92, C5105aP0.d(i2)).a(), 63, 255))));
        byte[] bArr = (byte[]) b2.get(113);
        byte[] bArr2 = (byte[]) b2.get(112);
        if (bArr != null && bArr.length > 0 && bArr[0] != 0) {
            try {
                bArr2 = DP1.a(bArr2);
            } catch (IOException e2) {
                throw new BadResponseException("Failed to decompress certificate", e2);
            }
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr2));
        } catch (CertificateException e3) {
            throw new BadResponseException("Failed to parse certificate: ", e3);
        }
    }

    public final int e(int i2) {
        if (i2 == 27011) {
            return 0;
        }
        if (this.b.b(1, 0, 4) < 0) {
            if (i2 < 25344 || i2 > 25599) {
                return -1;
            }
            return i2 & 255;
        }
        if (i2 < 25536 || i2 > 25551) {
            return -1;
        }
        return i2 & 15;
    }

    public final W24 f(Slot slot) throws IOException, ApduException {
        C3476Qp2.b(i, "Getting metadata for slot {}", slot);
        a(g);
        LinkedHashMap b2 = C9612kn4.b(this.a.c(new C4907Zu(-9, null, 0, slot.value)));
        byte[] bArr = (byte[]) b2.get(2);
        KeyType fromValue = KeyType.fromValue(((byte[]) b2.get(1))[0]);
        PinPolicy fromValue2 = PinPolicy.fromValue(bArr[0]);
        TouchPolicy fromValue3 = TouchPolicy.fromValue(bArr[1]);
        byte b3 = ((byte[]) b2.get(3))[0];
        return new W24(fromValue, fromValue2, fromValue3, (byte[]) b2.get(4));
    }

    public final void j(int i2, byte[] bArr) throws IOException, ApduException {
        C3476Qp2.b(i, "Writing data to object slot {}", Integer.toString(i2, 16));
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(92, C5105aP0.d(i2));
        linkedHashMap.put(83, bArr);
        this.a.c(new C4907Zu(-37, C9612kn4.d(linkedHashMap), 63, 255));
    }

    public final byte[] k(Slot slot, KeyType keyType, byte[] bArr, boolean z) throws IOException, ApduException, BadResponseException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(Integer.valueOf(RoundedProgressBarPreviewsKt.TIER_INFORMATION_SECTION_CIRCLE_SIZE), null);
        linkedHashMap.put(Integer.valueOf(z ? 133 : 129), bArr);
        try {
            return C9612kn4.e(RoundedProgressBarPreviewsKt.TIER_INFORMATION_SECTION_CIRCLE_SIZE, C9612kn4.e(124, this.a.c(new C4907Zu(-121, new C9203jn4(124, C9612kn4.d(linkedHashMap)).a(), keyType.value, slot.value))));
        } catch (ApduException e2) {
            if (27264 == e2.getSw()) {
                throw new ApduException(e2.getSw(), String.format(Locale.ROOT, "Make sure that %s key is generated on slot %02X", keyType.name(), Integer.valueOf(slot.value)));
            }
            throw e2;
        }
    }

    public final void l(char[] cArr) throws IOException, ApduException, InvalidPinException {
        try {
            C3476Qp2.a(i, "Verifying PIN");
            this.a.c(new C4907Zu(32, h(cArr), 0, -128));
            this.c = 3;
        } catch (ApduException e2) {
            int e3 = e(e2.getSw());
            if (e3 < 0) {
                throw e2;
            }
            this.c = e3;
            throw new InvalidPinException(e3);
        }
    }
}
