package com.cisco.anyconnect.vpn.android.ui;

import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.DialogInterface;
import android.content.Intent;
import android.content.IntentFilter;
import android.nfc.TagLostException;
import android.os.Bundle;
import android.os.Handler;
import android.os.ResultReceiver;
import androidx.appcompat.app.AlertDialog;
import androidx.appcompat.app.AppCompatActivity;
import androidx.core.content.ContextCompat;
import com.cisco.android.nchs.permissions.Prerequisites;
import com.cisco.anyconnect.vpn.android.avf.R;
import com.cisco.anyconnect.vpn.android.crypto.YubikeySlot;
import com.cisco.anyconnect.vpn.android.localization.UITranslator;
import com.cisco.anyconnect.vpn.android.service.VpnActivityGlobals;
import com.cisco.anyconnect.vpn.android.ui.YubikeyPINFragment;
import com.cisco.anyconnect.vpn.android.util.AppLog;
import com.google.android.material.dialog.MaterialAlertDialogBuilder;
import com.yubico.yubikit.YubiKitManager;
import com.yubico.yubikit.piv.Algorithm;
import com.yubico.yubikit.piv.InvalidPinException;
import com.yubico.yubikit.piv.PivApplication;
import com.yubico.yubikit.piv.Slot;
import com.yubico.yubikit.transport.nfc.NfcConfiguration;
import com.yubico.yubikit.transport.nfc.NfcSession;
import com.yubico.yubikit.transport.nfc.NfcSessionListener;
import com.yubico.yubikit.transport.usb.UsbConfiguration;
import com.yubico.yubikit.transport.usb.UsbSession;
import com.yubico.yubikit.transport.usb.UsbSessionListener;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
import java.security.spec.EllipticCurve;

/* loaded from: classes.dex */
public class YubikeyActivity extends AppCompatActivity implements YubikeyPINFragment.YubikeyPINCallback {
    private static final byte INS_AUTHENTICATE = -121;
    private static final String PIN_DIALOG_FRAGMENT_TAG = "yubikey_pin_dialog";
    private static final int TAG_AUTH_CHALLENGE = 129;
    private static final int TAG_AUTH_RESPONSE = 130;
    private static final int TAG_DYN_AUTH = 124;
    private AlertDialog mDialog;
    private byte[] mHash;
    private String mPIN;
    private PivApplication mPivApplication;
    private ResultReceiver mReceiver;
    private Slot mSlot;
    private YubiKitManager mYubiKitManager;
    private boolean mIsNfcSession = false;
    private BroadcastReceiver mBroadcastReceiver = new BroadcastReceiver() { // from class: com.cisco.anyconnect.vpn.android.ui.YubikeyActivity.1
        @Override // android.content.BroadcastReceiver
        public void onReceive(Context context, Intent intent) {
            if (intent.getAction().equals(VpnActivityGlobals.YUBIKEY_ACTIVITY_CLOSE_INTENT)) {
                YubikeyActivity.this.finish();
            }
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.cisco.anyconnect.vpn.android.ui.YubikeyActivity$6, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass6 {
        static final /* synthetic */ int[] $SwitchMap$com$yubico$yubikit$piv$Algorithm;

        static {
            int[] iArr = new int[Algorithm.values().length];
            $SwitchMap$com$yubico$yubikit$piv$Algorithm = iArr;
            try {
                iArr[Algorithm.RSA1024.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$yubico$yubikit$piv$Algorithm[Algorithm.RSA2048.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$yubico$yubikit$piv$Algorithm[Algorithm.ECCP256.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$yubico$yubikit$piv$Algorithm[Algorithm.ECCP384.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    /* loaded from: classes.dex */
    private class NfcListener implements NfcSessionListener {
        private NfcListener() {
        }

        @Override // com.yubico.yubikit.transport.nfc.NfcSessionListener
        public void onSessionReceived(NfcSession nfcSession) {
            try {
                YubikeyActivity.this.mPivApplication = new PivApplication(nfcSession);
                YubikeyActivity.this.mIsNfcSession = true;
                YubikeyActivity.this.performCertOperations();
            } catch (TagLostException unused) {
                YubikeyActivity.this.handleTagLost();
            } catch (Exception e) {
                AppLog.error(this, "Exception creating Yubikey PIV application", e);
                YubikeyActivity.this.mPivApplication = null;
            }
        }
    }

    /* loaded from: classes.dex */
    private class UsbListener implements UsbSessionListener {
        private UsbListener() {
        }

        @Override // com.yubico.yubikit.transport.usb.UsbSessionListener
        public void onRequestPermissionsResult(UsbSession usbSession, boolean z) {
            if (z) {
                try {
                    YubikeyActivity.this.mPivApplication = new PivApplication(usbSession);
                    YubikeyActivity.this.performCertOperations();
                } catch (Exception e) {
                    AppLog.error(this, "Exception creating Yubikey PIV application", e);
                    YubikeyActivity.this.mPivApplication = null;
                }
            }
        }

        @Override // com.yubico.yubikit.transport.usb.UsbSessionListener
        public void onSessionReceived(UsbSession usbSession, boolean z) {
            if (z) {
                try {
                    YubikeyActivity.this.mPivApplication = new PivApplication(usbSession);
                    YubikeyActivity.this.performCertOperations();
                } catch (Exception e) {
                    AppLog.error(this, "Exception creating Yubikey PIV application", e);
                    YubikeyActivity.this.mPivApplication = null;
                }
            }
        }

        @Override // com.yubico.yubikit.transport.usb.UsbSessionListener
        public void onSessionRemoved(UsbSession usbSession) {
            YubikeyActivity.this.mPivApplication = null;
        }
    }

    private Algorithm getAlgorithm(PublicKey publicKey) {
        if (publicKey instanceof RSAKey) {
            int bitLength = ((RSAKey) publicKey).getModulus().bitLength();
            if (bitLength == 2048) {
                return Algorithm.RSA2048;
            }
            if (bitLength == 1024) {
                return Algorithm.RSA1024;
            }
            return null;
        }
        if (!(publicKey instanceof ECKey)) {
            return null;
        }
        EllipticCurve curve = ((ECKey) publicKey).getParams().getCurve();
        if (curve.getField().getFieldSize() == 256 && curve.getA().equals(new BigInteger("115792089210356248762697446949407573530086143415290314195533631308867097853948")) && curve.getB().equals(new BigInteger("41058363725152142129326129780047268409114441015993725554835256314039467401291"))) {
            return Algorithm.ECCP256;
        }
        if (curve.getField().getFieldSize() == 384 && curve.getA().equals(new BigInteger("39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112316")) && curve.getB().equals(new BigInteger("27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575"))) {
            return Algorithm.ECCP384;
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleTagLost() {
        AlertDialog alertDialog = this.mDialog;
        if (alertDialog != null && alertDialog.isShowing()) {
            this.mDialog.setMessage(UITranslator.getString(R.string.yubikey_tag_lost));
        }
        this.mPivApplication = null;
        this.mIsNfcSession = false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void performCertOperations() {
        if (this.mHash == null) {
            try {
                if (Slot.CARD_AUTH != this.mSlot) {
                    this.mPivApplication.verify(null);
                }
            } catch (TagLostException unused) {
                handleTagLost();
                return;
            } catch (InvalidPinException e) {
                if (e.getRetryCounter() == 0) {
                    AppLog.info(this, "Yubikey is locked");
                    AlertDialog alertDialog = this.mDialog;
                    if (alertDialog != null && alertDialog.isShowing()) {
                        this.mDialog.dismiss();
                    }
                    new MaterialAlertDialogBuilder(this, 2131886385).setMessage((CharSequence) UITranslator.getString(R.string.yubikey_pin_locked)).setTitle((CharSequence) UITranslator.getString(R.string.app_name)).setPositiveButton((CharSequence) UITranslator.getString(R.string.ok), new DialogInterface.OnClickListener() { // from class: com.cisco.anyconnect.vpn.android.ui.YubikeyActivity.4
                        @Override // android.content.DialogInterface.OnClickListener
                        public void onClick(DialogInterface dialogInterface, int i) {
                            YubikeyActivity.this.onCancel();
                        }
                    }).setCancelable(false).show();
                    return;
                }
            } catch (Exception e2) {
                AppLog.error(this, "Exception getting remaining PIN attempts on Yubikey ", e2);
            }
            try {
                Bundle bundle = new Bundle();
                X509Certificate certificate = this.mPivApplication.getCertificate(this.mSlot);
                if (certificate != null) {
                    bundle.putSerializable(VpnActivityGlobals.YUBIKEY_CERTIFICATE, certificate);
                }
                this.mReceiver.send(-1, bundle);
                finish();
                return;
            } catch (TagLostException unused2) {
                handleTagLost();
                return;
            } catch (Exception e3) {
                AppLog.error(this, "Exception getting certificate from Yubikey ", e3);
                onCancel();
                return;
            }
        }
        try {
            if (Slot.CARD_AUTH != this.mSlot && this.mPIN == null) {
                if (this.mIsNfcSession) {
                    this.mPivApplication = null;
                    this.mIsNfcSession = false;
                    return;
                }
                return;
            }
            byte[] sign = sign(this.mHash);
            if (sign == null) {
                AppLog.error(this, "Null signature returned from Yubikey");
                onCancel();
            } else {
                Bundle bundle2 = new Bundle();
                bundle2.putByteArray(VpnActivityGlobals.YUBIKEY_SIGNATURE, sign);
                this.mReceiver.send(-1, bundle2);
                finish();
            }
        } catch (TagLostException unused3) {
            handleTagLost();
        } catch (InvalidPinException e4) {
            if (e4.getRetryCounter() <= 0) {
                AppLog.info(this, "Incorrect PIN entered. Yubikey locked.");
                AlertDialog alertDialog2 = this.mDialog;
                if (alertDialog2 != null && alertDialog2.isShowing()) {
                    this.mDialog.dismiss();
                }
                new MaterialAlertDialogBuilder(this, 2131886385).setMessage((CharSequence) UITranslator.getString(R.string.yubikey_pin_locked)).setTitle((CharSequence) UITranslator.getString(R.string.app_name)).setPositiveButton((CharSequence) UITranslator.getString(R.string.ok), new DialogInterface.OnClickListener() { // from class: com.cisco.anyconnect.vpn.android.ui.YubikeyActivity.5
                    @Override // android.content.DialogInterface.OnClickListener
                    public void onClick(DialogInterface dialogInterface, int i) {
                        YubikeyActivity.this.onCancel();
                    }
                }).setCancelable(false).show();
                return;
            }
            AppLog.info(this, "Incorrect PIN entered. Remaining attempts: " + e4.getRetryCounter());
            new YubikeyPINFragment(this, UITranslator.getString(R.string.yubikey_incorrect_pin) + e4.getRetryCounter()).show(getFragmentManager(), PIN_DIALOG_FRAGMENT_TAG);
            if (this.mIsNfcSession) {
                this.mPivApplication = null;
                this.mIsNfcSession = false;
            }
        } catch (Exception e5) {
            AppLog.error(this, "Exception signing with Yubikey", e5);
            onCancel();
        }
    }

    private void showDelayedTapDialog() {
        new Handler().postDelayed(new Runnable() { // from class: com.cisco.anyconnect.vpn.android.ui.YubikeyActivity.3
            @Override // java.lang.Runnable
            public void run() {
                if (YubikeyActivity.this.mPivApplication == null) {
                    YubikeyActivity.this.showTapDialog();
                }
            }
        }, 500L);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void showTapDialog() {
        AlertDialog alertDialog = this.mDialog;
        if (alertDialog == null || !alertDialog.isShowing()) {
            this.mDialog = new MaterialAlertDialogBuilder(this, 2131886385).setMessage((CharSequence) UITranslator.getString(R.string.yubikey_tap)).setTitle((CharSequence) UITranslator.getString(R.string.app_name)).setNegativeButton((CharSequence) UITranslator.getString(R.string.cancel), new DialogInterface.OnClickListener() { // from class: com.cisco.anyconnect.vpn.android.ui.YubikeyActivity.2
                @Override // android.content.DialogInterface.OnClickListener
                public void onClick(DialogInterface dialogInterface, int i) {
                    YubikeyActivity.this.onCancel();
                }
            }).setCancelable(false).show();
        } else {
            this.mDialog.setMessage(UITranslator.getString(R.string.yubikey_tap));
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:43:0x008b, code lost:
    
        if (r12.length == 128) goto L32;
     */
    /* JADX WARN: Removed duplicated region for block: B:27:0x0093 A[Catch: Exception -> 0x0111, InvalidPinException -> 0x0118, TagLostException -> 0x011a, TryCatch #2 {TagLostException -> 0x011a, InvalidPinException -> 0x0118, Exception -> 0x0111, blocks: (B:3:0x0009, B:5:0x0013, B:8:0x002e, B:10:0x0038, B:12:0x004e, B:20:0x0062, B:22:0x0076, B:25:0x008d, B:27:0x0093, B:29:0x0097, B:31:0x009d, B:32:0x00a2, B:34:0x00f4, B:36:0x007c, B:39:0x0082, B:42:0x0088), top: B:2:0x0009 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private byte[] sign(byte[] r12) throws android.nfc.TagLostException, com.yubico.yubikit.piv.InvalidPinException {
        /*
            Method dump skipped, instructions count: 284
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.cisco.anyconnect.vpn.android.ui.YubikeyActivity.sign(byte[]):byte[]");
    }

    @Override // androidx.activity.ComponentActivity, android.app.Activity
    public void onBackPressed() {
        onCancel();
    }

    @Override // com.cisco.anyconnect.vpn.android.ui.YubikeyPINFragment.YubikeyPINCallback
    public void onCancel() {
        ResultReceiver resultReceiver = this.mReceiver;
        if (resultReceiver != null) {
            resultReceiver.send(0, null);
        } else {
            AppLog.error(this, "Unexpected null result receiver");
        }
        finish();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // androidx.fragment.app.FragmentActivity, androidx.activity.ComponentActivity, androidx.core.app.ComponentActivity, android.app.Activity
    public void onCreate(Bundle bundle) {
        super.onCreate(bundle);
        ContextCompat.registerReceiver(this, this.mBroadcastReceiver, new IntentFilter(VpnActivityGlobals.YUBIKEY_ACTIVITY_CLOSE_INTENT), 4);
        Intent intent = getIntent();
        this.mHash = intent.getByteArrayExtra(VpnActivityGlobals.YUBIKEY_SIGN_HASH);
        this.mReceiver = (ResultReceiver) getIntent().getParcelableExtra(VpnActivityGlobals.YUBIKEY_RESULT_RECEIVER);
        YubiKitManager yubiKitManager = new YubiKitManager(this);
        this.mYubiKitManager = yubiKitManager;
        yubiKitManager.startUsbDiscovery(new UsbConfiguration(), new UsbListener());
        try {
            if (!Prerequisites.supportsYubikey()) {
                throw new Exception("Device does not support Yubikey");
            }
            String stringExtra = intent.getStringExtra(VpnActivityGlobals.YUBIKEY_SLOT);
            if (stringExtra == null) {
                throw new Exception("Missing slot in start intent");
            }
            Slot sdkEnum = YubikeySlot.getEnum(stringExtra).getSdkEnum();
            this.mSlot = sdkEnum;
            if (sdkEnum == null) {
                throw new Exception("Unknown slot: " + stringExtra);
            }
            if (intent.getAction().equals(VpnActivityGlobals.YUBIKEY_ENUMERATE_INTENT)) {
                showDelayedTapDialog();
            } else {
                if (!intent.getAction().equals(VpnActivityGlobals.YUBIKEY_SIGN_INTENT)) {
                    throw new Exception("Unknown start action");
                }
                if (Slot.CARD_AUTH == this.mSlot) {
                    showDelayedTapDialog();
                } else {
                    new YubikeyPINFragment(this, UITranslator.getString(R.string.yubikey_enter_pin)).show(getFragmentManager(), PIN_DIALOG_FRAGMENT_TAG);
                }
            }
        } catch (Exception e) {
            AppLog.error(this, "Exception during OnCreate()", e);
            onCancel();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // androidx.appcompat.app.AppCompatActivity, androidx.fragment.app.FragmentActivity, android.app.Activity
    public void onDestroy() {
        this.mYubiKitManager.stopUsbDiscovery();
        AlertDialog alertDialog = this.mDialog;
        if (alertDialog != null && alertDialog.isShowing()) {
            this.mDialog.dismiss();
        }
        unregisterReceiver(this.mBroadcastReceiver);
        super.onDestroy();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // androidx.fragment.app.FragmentActivity, android.app.Activity
    public void onPause() {
        this.mYubiKitManager.stopNfcDiscovery(this);
        super.onPause();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // androidx.fragment.app.FragmentActivity, android.app.Activity
    public void onResume() {
        try {
            this.mYubiKitManager.startNfcDiscovery(new NfcConfiguration(), this, new NfcListener());
        } catch (Exception e) {
            AppLog.error(this, "Exception starting yubikey NFC listener", e);
        }
        super.onResume();
    }

    @Override // com.cisco.anyconnect.vpn.android.ui.YubikeyPINFragment.YubikeyPINCallback
    public void setPIN(String str) {
        this.mPIN = str;
        if (this.mPivApplication == null) {
            showTapDialog();
        } else {
            performCertOperations();
        }
    }
}
