package com.veridiumid.sdk.authenticator.certificate.securityKey;

import android.app.Activity;
import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import android.hardware.usb.UsbManager;
import android.nfc.NfcAdapter;
import android.os.CancellationSignal;
import android.os.Handler;
import android.util.Base64InputStream;
import com.veridiumid.sdk.authenticator.certificate.CertificateAuthenticator;
import com.veridiumid.sdk.authenticator.certificate.CertificateAuthenticatorRequestOptions;
import com.veridiumid.sdk.authenticator.certificate.securityKey.SecurityKeyCertificateAuthenticatorService;
import com.veridiumid.sdk.authenticator.piv.R;
import com.veridiumid.sdk.core.util.function.Predicate;
import com.veridiumid.sdk.log.Timber;
import com.yubico.yubikit.android.transport.nfc.NfcNotAvailable;
import com.yubico.yubikit.core.application.ApplicationNotAvailableException;
import com.yubico.yubikit.core.application.BadResponseException;
import com.yubico.yubikit.core.application.InvalidPinException;
import com.yubico.yubikit.core.smartcard.ApduException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.lang.ref.WeakReference;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.Executor;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

/* loaded from: classes.dex */
public class SecurityKeyCertificateAuthenticatorService {
    public static final String ACTION_USB_PERMISSION = "com.veridiumid.sdk.authenticator.piv.usb_permission";
    private static final k8.g[] SEARCHABLE_SLOTS = {k8.g.AUTHENTICATION, k8.g.SIGNATURE, k8.g.CARD_AUTH, k8.g.KEY_MANAGEMENT};
    public static final int SECURITY_KEY_ACQUIRED_INSUFFICIENT = 2;
    public static final int SECURITY_KEY_ACQUIRED_TOUCH_DEVICE = 4;
    public static final int SECURITY_KEY_ACQUIRED_USB = 3;
    public static final int SECURITY_KEY_ERROR_INSUFFICIENT_USB_PERMISSION = 5;
    public static final int SECURITY_KEY_ERROR_NFC_HW_NOT_PRESENT = 10;
    public static final int SECURITY_KEY_ERROR_PIV_NOT_AVAILABLE = 11;
    private SecurityKeyCallbackHandler mCallbackHandler;
    private final Context mContext;
    private final Handler mMainThreadHandler;
    private Runnable mTimeoutRunnable;
    private final a8.d mYubiKitManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.veridiumid.sdk.authenticator.certificate.securityKey.SecurityKeyCertificateAuthenticatorService$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public class AnonymousClass1 implements OnSecurityKeyConnectionCallback {
        final /* synthetic */ Activity val$activity;
        final /* synthetic */ AuthenticationCallback val$authenticationCallback;
        final /* synthetic */ Executor val$executor;
        final /* synthetic */ List val$issuers;
        final /* synthetic */ CertificateAuthenticatorRequestOptions val$requestOptions;

        AnonymousClass1(Executor executor, AuthenticationCallback authenticationCallback, List list, CertificateAuthenticatorRequestOptions certificateAuthenticatorRequestOptions, Activity activity) {
            this.val$executor = executor;
            this.val$authenticationCallback = authenticationCallback;
            this.val$issuers = list;
            this.val$requestOptions = certificateAuthenticatorRequestOptions;
            this.val$activity = activity;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public /* synthetic */ void lambda$execute$0(AuthenticationCallback authenticationCallback) {
            authenticationCallback.onAuthenticationHelp(0, SecurityKeyCertificateAuthenticatorService.this.mContext.getString(R.string.veridiumid_certificate_acquired_good));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public /* synthetic */ void lambda$execute$1(AuthenticationCallback authenticationCallback) {
            authenticationCallback.onAuthenticationError(4, SecurityKeyCertificateAuthenticatorService.this.mContext.getString(R.string.veridiumid_certificate_error_security_key_lockout));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public /* synthetic */ void lambda$execute$2(AuthenticationCallback authenticationCallback, String str) {
            authenticationCallback.onUserInputRequired(new SecurityTokenPinCallback(str), SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public /* synthetic */ void lambda$execute$3(AuthenticationCallback authenticationCallback) {
            authenticationCallback.onAuthenticationError(8, SecurityKeyCertificateAuthenticatorService.this.mContext.getString(R.string.veridiumid_certificate_error_no_certificates));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public /* synthetic */ void lambda$execute$4(AuthenticationCallback authenticationCallback, List list) {
            authenticationCallback.onUserInputRequired(new SecurityTokenCertificateChoiceCallback(SecurityKeyCertificateAuthenticatorService.this.mContext.getString(R.string.veridiumid_certificate_authenticator_select_certificate_description), list), SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public /* synthetic */ void lambda$execute$5(AuthenticationCallback authenticationCallback) {
            authenticationCallback.onAuthenticationHelp(4, SecurityKeyCertificateAuthenticatorService.this.mContext.getString(R.string.veridiumid_certificate_acquire_touch));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public /* synthetic */ void lambda$execute$6(AuthenticationCallback authenticationCallback) {
            authenticationCallback.onAuthenticationError(4, SecurityKeyCertificateAuthenticatorService.this.mContext.getString(R.string.veridiumid_certificate_error_security_key_lockout));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public /* synthetic */ void lambda$execute$7(AuthenticationCallback authenticationCallback) {
            authenticationCallback.onUserInputRequired(new SecurityTokenPinCallback(SecurityKeyCertificateAuthenticatorService.this.mContext.getString(R.string.veridiumid_certificate_authenticator_pin_instruction)), SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler);
            authenticationCallback.onAuthenticationFailed();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public /* synthetic */ void lambda$handleException$8(AuthenticationCallback authenticationCallback) {
            if (NfcAdapter.getDefaultAdapter(SecurityKeyCertificateAuthenticatorService.this.mContext) == null) {
                Timber.e("NFC is not available on the device", new Object[0]);
                authenticationCallback.onAuthenticationHelp(10, SecurityKeyCertificateAuthenticatorService.this.mContext.getString(R.string.veridiumid_certificate_error_nfc_not_available));
            } else {
                Timber.e("NFC is not enabled", new Object[0]);
                authenticationCallback.onUserInputRequired(new SecurityKeyEnableNfcCallbackHandler(SecurityKeyCertificateAuthenticatorService.this.mContext.getString(R.string.veridiumid_certificate_error_hw_unavailable)), SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public /* synthetic */ void lambda$handleException$9(Exception exc, AuthenticationCallback authenticationCallback) {
            if ((exc instanceof IOException) || (exc instanceof ApduException) || (exc instanceof BadResponseException)) {
                Timber.w(exc, "A communication error was encountered", new Object[0]);
                authenticationCallback.onAuthenticationHelp(2, SecurityKeyCertificateAuthenticatorService.this.mContext.getString(R.string.veridiumid_certificate_acquired_insufficient));
                return;
            }
            Timber.e(exc, "An unexpected error occurred", new Object[0]);
            if (SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler.requestUserInput()) {
                SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler.setCertificateAlias(null);
                SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler.setSecurityKeyPin(null);
                authenticationCallback.onUserInputRequired(new SecurityTokenPinCallback(SecurityKeyCertificateAuthenticatorService.this.mContext.getString(R.string.veridiumid_certificate_authenticator_pin_instruction)), SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler);
            } else if (exc instanceof ApplicationNotAvailableException) {
                authenticationCallback.onAuthenticationError(11, SecurityKeyCertificateAuthenticatorService.this.mContext.getString(R.string.veridiumid_certificate_error_security_key_piv_not_available));
            } else {
                authenticationCallback.onAuthenticationError(5, SecurityKeyCertificateAuthenticatorService.this.mContext.getString(R.string.veridiumid_certificate_error_unable_to_process));
            }
        }

        @Override // com.veridiumid.sdk.authenticator.certificate.securityKey.SecurityKeyCertificateAuthenticatorService.OnSecurityKeyConnectionCallback
        public void execute(k8.f fVar, d8.e eVar) {
            try {
                SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler.setConnectedDevice(eVar, this);
                if (SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler.isUserInputRequested()) {
                    Timber.w("Waiting for user input", new Object[0]);
                    return;
                }
                Executor executor = this.val$executor;
                final AuthenticationCallback authenticationCallback = this.val$authenticationCallback;
                executor.execute(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.p
                    @Override // java.lang.Runnable
                    public final void run() {
                        SecurityKeyCertificateAuthenticatorService.AnonymousClass1.this.lambda$execute$0(authenticationCallback);
                    }
                });
                if (fVar.E() <= 0) {
                    Executor executor2 = this.val$executor;
                    final AuthenticationCallback authenticationCallback2 = this.val$authenticationCallback;
                    executor2.execute(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.q
                        @Override // java.lang.Runnable
                        public final void run() {
                            SecurityKeyCertificateAuthenticatorService.AnonymousClass1.this.lambda$execute$1(authenticationCallback2);
                        }
                    });
                    throw new InterruptedException("The security key is in lockout");
                }
                char[] securityKeyPin = SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler.getSecurityKeyPin();
                if (securityKeyPin == null) {
                    SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler.requestUserInput();
                    final String string = eVar.b() == d8.a.USB ? SecurityKeyCertificateAuthenticatorService.this.mContext.getString(R.string.veridiumid_certificate_authenticator_pin_instruction_usb) : SecurityKeyCertificateAuthenticatorService.this.mContext.getString(R.string.veridiumid_certificate_authenticator_pin_instruction);
                    Executor executor3 = this.val$executor;
                    final AuthenticationCallback authenticationCallback3 = this.val$authenticationCallback;
                    executor3.execute(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.r
                        @Override // java.lang.Runnable
                        public final void run() {
                            SecurityKeyCertificateAuthenticatorService.AnonymousClass1.this.lambda$execute$2(authenticationCallback3, string);
                        }
                    });
                    return;
                }
                fVar.h0(SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler.getSecurityKeyPin());
                if (SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler.getCertificateAlias() == null) {
                    final List filterCertificatesByIssuers = SecurityKeyCertificateAuthenticatorService.this.filterCertificatesByIssuers(fVar, this.val$issuers);
                    if (filterCertificatesByIssuers.size() != 1) {
                        if (filterCertificatesByIssuers.isEmpty()) {
                            Executor executor4 = this.val$executor;
                            final AuthenticationCallback authenticationCallback4 = this.val$authenticationCallback;
                            executor4.execute(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.s
                                @Override // java.lang.Runnable
                                public final void run() {
                                    SecurityKeyCertificateAuthenticatorService.AnonymousClass1.this.lambda$execute$3(authenticationCallback4);
                                }
                            });
                            throw new InterruptedException("No valid certificate found for issuers=" + this.val$issuers);
                        }
                        if (SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler.requestUserInput()) {
                            Timber.d("Found %s certificates for issuers=%s", Integer.valueOf(filterCertificatesByIssuers.size()), filterCertificatesByIssuers);
                            Executor executor5 = this.val$executor;
                            final AuthenticationCallback authenticationCallback5 = this.val$authenticationCallback;
                            executor5.execute(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.t
                                @Override // java.lang.Runnable
                                public final void run() {
                                    SecurityKeyCertificateAuthenticatorService.AnonymousClass1.this.lambda$execute$4(authenticationCallback5, filterCertificatesByIssuers);
                                }
                            });
                            return;
                        }
                        return;
                    }
                    SecurityKeyCertificate securityKeyCertificate = (SecurityKeyCertificate) filterCertificatesByIssuers.get(0);
                    Timber.d("Found security key certificate %s for issuers=%s", securityKeyCertificate, this.val$issuers);
                    SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler.setCertificateAlias(securityKeyCertificate.getAlias());
                }
                if (eVar.b() == d8.a.USB) {
                    try {
                        k8.i d10 = fVar.K(k8.g.h(SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler.getCertificateAlias())).d();
                        if (d10 == k8.i.ALWAYS || d10 == k8.i.CACHED) {
                            Executor executor6 = this.val$executor;
                            final AuthenticationCallback authenticationCallback6 = this.val$authenticationCallback;
                            executor6.execute(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.u
                                @Override // java.lang.Runnable
                                public final void run() {
                                    SecurityKeyCertificateAuthenticatorService.AnonymousClass1.this.lambda$execute$5(authenticationCallback6);
                                }
                            });
                        }
                    } catch (UnsupportedOperationException e10) {
                        Timber.w("Could not extract slot %s metadata: %s", SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler.getCertificateAlias(), e10.getMessage());
                    }
                }
                SecurityKeyCertificateAuthenticatorService securityKeyCertificateAuthenticatorService = SecurityKeyCertificateAuthenticatorService.this;
                securityKeyCertificateAuthenticatorService.authenticateInternal(fVar, securityKeyCertificateAuthenticatorService.mCallbackHandler.getCertificateAlias(), securityKeyPin, this.val$requestOptions.getSigningData(), this.val$executor, this.val$authenticationCallback);
            } catch (InvalidPinException e11) {
                if (e11.a() <= 0) {
                    Executor executor7 = this.val$executor;
                    final AuthenticationCallback authenticationCallback7 = this.val$authenticationCallback;
                    executor7.execute(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.v
                        @Override // java.lang.Runnable
                        public final void run() {
                            SecurityKeyCertificateAuthenticatorService.AnonymousClass1.this.lambda$execute$6(authenticationCallback7);
                        }
                    });
                    throw new InterruptedException("The security key is in lockout");
                }
                if (SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler.requestUserInput()) {
                    Executor executor8 = this.val$executor;
                    final AuthenticationCallback authenticationCallback8 = this.val$authenticationCallback;
                    executor8.execute(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.w
                        @Override // java.lang.Runnable
                        public final void run() {
                            SecurityKeyCertificateAuthenticatorService.AnonymousClass1.this.lambda$execute$7(authenticationCallback8);
                        }
                    });
                }
                throw new InterruptedException(e11.getMessage());
            }
        }

        @Override // com.veridiumid.sdk.authenticator.certificate.securityKey.SecurityKeyCertificateAuthenticatorService.OnSecurityKeyConnectionCallback
        public void handleException(final Exception exc) {
            synchronized (this) {
                if (exc instanceof NfcNotAvailable) {
                    Executor executor = this.val$executor;
                    final AuthenticationCallback authenticationCallback = this.val$authenticationCallback;
                    executor.execute(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.x
                        @Override // java.lang.Runnable
                        public final void run() {
                            SecurityKeyCertificateAuthenticatorService.AnonymousClass1.this.lambda$handleException$8(authenticationCallback);
                        }
                    });
                    SecurityKeyCertificateAuthenticatorService.this.mYubiKitManager.d(this.val$activity);
                    return;
                }
                if (exc instanceof UsbPermissionNotGrantedException) {
                    Timber.e("Usb permission is required", new Object[0]);
                    SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler.setConnectedDevice(((UsbPermissionNotGrantedException) exc).getDevice(), this);
                    this.val$authenticationCallback.onUserInputRequired(new SecurityKeyUsbPermissionCallbackHandler(), SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler);
                } else {
                    if (SecurityKeyCertificateAuthenticatorService.this.mCallbackHandler.isUserInputRequested()) {
                        Timber.w("Waiting for user input", new Object[0]);
                        return;
                    }
                    Executor executor2 = this.val$executor;
                    final AuthenticationCallback authenticationCallback2 = this.val$authenticationCallback;
                    executor2.execute(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.y
                        @Override // java.lang.Runnable
                        public final void run() {
                            SecurityKeyCertificateAuthenticatorService.AnonymousClass1.this.lambda$handleException$9(exc, authenticationCallback2);
                        }
                    });
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.veridiumid.sdk.authenticator.certificate.securityKey.SecurityKeyCertificateAuthenticatorService$2, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$com$yubico$yubikit$piv$KeyType;

        static {
            int[] iArr = new int[k8.b.values().length];
            $SwitchMap$com$yubico$yubikit$piv$KeyType = iArr;
            try {
                iArr[k8.b.f12315p.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$yubico$yubikit$piv$KeyType[k8.b.f12316q.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$yubico$yubikit$piv$KeyType[k8.b.f12313c.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$yubico$yubikit$piv$KeyType[k8.b.f12314o.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    /* loaded from: classes.dex */
    public static abstract class AuthenticationCallback extends CertificateAuthenticator.AuthenticationCallback {
        @Override // com.veridiumid.sdk.authenticator.certificate.CertificateAuthenticator.AuthenticationCallback
        public abstract void onAuthenticationSuccessful(CertificateAuthenticator.AuthenticationResult authenticationResult);

        public abstract void onUserInputRequired(Callback callback, CallbackHandler callbackHandler);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public interface OnSecurityKeyConnectionCallback {
        void execute(k8.f fVar, d8.e eVar);

        void handleException(Exception exc);
    }

    /* loaded from: classes.dex */
    private static abstract class SecurityKeyCallback implements Callback {
        private final String mPrompt;

        private SecurityKeyCallback(String str) {
            this.mPrompt = str;
        }

        /* synthetic */ SecurityKeyCallback(String str, AnonymousClass1 anonymousClass1) {
            this(str);
        }

        public String getPrompt() {
            return this.mPrompt;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public final class SecurityKeyCallbackHandler implements CallbackHandler {
        private final WeakReference<Activity> mActivityRef;
        private final AuthenticationCallback mAuthenticationCallback;
        private String mCertificateAlias;
        private d8.e mConnectedDevice;
        private OnSecurityKeyConnectionCallback mConnectionCallback;
        private char[] mSecurityKeyPin;
        private final AtomicBoolean mWaitingUserInput;

        private SecurityKeyCallbackHandler(Activity activity, AuthenticationCallback authenticationCallback) {
            this.mActivityRef = new WeakReference<>(activity);
            this.mAuthenticationCallback = authenticationCallback;
            this.mWaitingUserInput = new AtomicBoolean(false);
        }

        /* synthetic */ SecurityKeyCallbackHandler(SecurityKeyCertificateAuthenticatorService securityKeyCertificateAuthenticatorService, Activity activity, AuthenticationCallback authenticationCallback, AnonymousClass1 anonymousClass1) {
            this(activity, authenticationCallback);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getCertificateAlias() {
            return this.mCertificateAlias;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public char[] getSecurityKeyPin() {
            return this.mSecurityKeyPin;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public /* synthetic */ void lambda$handle$0(Activity activity) {
            ((UsbManager) activity.getSystemService("usb")).requestPermission(((com.yubico.yubikit.android.transport.usb.f) this.mConnectedDevice).w(), PendingIntent.getBroadcast(SecurityKeyCertificateAuthenticatorService.this.mContext, 0, new Intent(SecurityKeyCertificateAuthenticatorService.ACTION_USB_PERMISSION).setPackage(SecurityKeyCertificateAuthenticatorService.this.mContext.getPackageName()), 33554432));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void setCertificateAlias(String str) {
            this.mCertificateAlias = str;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void setConnectedDevice(d8.e eVar, OnSecurityKeyConnectionCallback onSecurityKeyConnectionCallback) {
            this.mConnectedDevice = eVar;
            this.mConnectionCallback = onSecurityKeyConnectionCallback;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void setSecurityKeyPin(char[] cArr) {
            this.mSecurityKeyPin = cArr;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) {
            OnSecurityKeyConnectionCallback onSecurityKeyConnectionCallback;
            OnSecurityKeyConnectionCallback onSecurityKeyConnectionCallback2;
            final Activity activity = this.mActivityRef.get();
            if (activity == null) {
                Timber.w("Activity is already destroyed", new Object[0]);
                return;
            }
            for (Callback callback : callbackArr) {
                if (callback instanceof SecurityTokenPinCallback) {
                    setSecurityKeyPin(((SecurityTokenPinCallback) callback).getInputPin());
                    this.mWaitingUserInput.set(false);
                    d8.e eVar = this.mConnectedDevice;
                    if (eVar != null && (onSecurityKeyConnectionCallback2 = this.mConnectionCallback) != null) {
                        SecurityKeyCertificateAuthenticatorService.this.lambda$discoverSecurityKey$9(activity, eVar, onSecurityKeyConnectionCallback2);
                    }
                } else if (callback instanceof SecurityTokenCertificateChoiceCallback) {
                    this.mCertificateAlias = ((SecurityTokenCertificateChoiceCallback) callback).getCertificateAlias();
                    this.mWaitingUserInput.set(false);
                    d8.e eVar2 = this.mConnectedDevice;
                    if (eVar2 != null && (onSecurityKeyConnectionCallback = this.mConnectionCallback) != null) {
                        SecurityKeyCertificateAuthenticatorService.this.lambda$discoverSecurityKey$9(activity, eVar2, onSecurityKeyConnectionCallback);
                    }
                } else if (callback instanceof SecurityKeyEnableNfcCallbackHandler) {
                    this.mWaitingUserInput.set(false);
                    SecurityKeyCertificateAuthenticatorService.this.cancelInternal(activity, 0);
                    this.mAuthenticationCallback.onAuthenticationError(1, null);
                } else {
                    if (!(callback instanceof SecurityKeyUsbPermissionCallbackHandler)) {
                        throw new UnsupportedCallbackException(callback);
                    }
                    this.mWaitingUserInput.set(false);
                    d8.e eVar3 = this.mConnectedDevice;
                    if (eVar3 != null && eVar3.b() == d8.a.USB) {
                        this.mAuthenticationCallback.onAuthenticationError(5, null);
                        SecurityKeyCertificateAuthenticatorService.this.mMainThreadHandler.postDelayed(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.z
                            @Override // java.lang.Runnable
                            public final void run() {
                                SecurityKeyCertificateAuthenticatorService.SecurityKeyCallbackHandler.this.lambda$handle$0(activity);
                            }
                        }, 50L);
                    }
                }
            }
        }

        boolean isUserInputRequested() {
            return this.mWaitingUserInput.get();
        }

        boolean requestUserInput() {
            return this.mWaitingUserInput.compareAndSet(false, true);
        }
    }

    /* loaded from: classes.dex */
    public static final class SecurityKeyEnableNfcCallbackHandler extends SecurityKeyCallback {
        public SecurityKeyEnableNfcCallbackHandler(String str) {
            super(str, null);
        }

        @Override // com.veridiumid.sdk.authenticator.certificate.securityKey.SecurityKeyCertificateAuthenticatorService.SecurityKeyCallback
        public /* bridge */ /* synthetic */ String getPrompt() {
            return super.getPrompt();
        }
    }

    /* loaded from: classes.dex */
    public static final class SecurityKeyUsbPermissionCallbackHandler extends SecurityKeyCallback {
        /* JADX WARN: Multi-variable type inference failed */
        public SecurityKeyUsbPermissionCallbackHandler() {
            super(null, 0 == true ? 1 : 0);
        }

        @Override // com.veridiumid.sdk.authenticator.certificate.securityKey.SecurityKeyCertificateAuthenticatorService.SecurityKeyCallback
        public /* bridge */ /* synthetic */ String getPrompt() {
            return super.getPrompt();
        }
    }

    /* loaded from: classes.dex */
    public static class SecurityTokenCertificateChoiceCallback extends SecurityKeyCallback {
        private String mCertificateAlias;
        private final List<SecurityKeyCertificate> mCertificates;

        public SecurityTokenCertificateChoiceCallback(String str, List<SecurityKeyCertificate> list) {
            super(str, null);
            this.mCertificates = list;
        }

        public String getCertificateAlias() {
            return this.mCertificateAlias;
        }

        public List<SecurityKeyCertificate> getCertificates() {
            return this.mCertificates;
        }

        @Override // com.veridiumid.sdk.authenticator.certificate.securityKey.SecurityKeyCertificateAuthenticatorService.SecurityKeyCallback
        public /* bridge */ /* synthetic */ String getPrompt() {
            return super.getPrompt();
        }

        public void setCertificateAlias(String str) {
            this.mCertificateAlias = str;
        }
    }

    /* loaded from: classes.dex */
    public static class SecurityTokenPinCallback extends SecurityKeyCallback {
        private char[] inputPin;

        public SecurityTokenPinCallback(String str) {
            super(str, null);
        }

        public char[] getInputPin() {
            return this.inputPin;
        }

        @Override // com.veridiumid.sdk.authenticator.certificate.securityKey.SecurityKeyCertificateAuthenticatorService.SecurityKeyCallback
        public /* bridge */ /* synthetic */ String getPrompt() {
            return super.getPrompt();
        }

        public void setInputPin(char[] cArr) {
            this.inputPin = cArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static final class UsbPermissionNotGrantedException extends RuntimeException {
        private final d8.e mUsbDevice;

        public UsbPermissionNotGrantedException(d8.e eVar) {
            this.mUsbDevice = eVar;
        }

        public d8.e getDevice() {
            return this.mUsbDevice;
        }
    }

    private SecurityKeyCertificateAuthenticatorService(Context context) {
        this.mContext = context;
        this.mMainThreadHandler = new Handler(context.getMainLooper());
        this.mYubiKitManager = new a8.d(context);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void authenticateInternal(k8.f fVar, String str, char[] cArr, byte[] bArr, Executor executor, final AuthenticationCallback authenticationCallback) {
        l8.z zVar = new l8.z(fVar);
        Security.insertProviderAt(zVar, 1);
        try {
            try {
                X509Certificate w10 = fVar.w(k8.g.h(str));
                KeyStore keyStore = KeyStore.getInstance("YkPiv", zVar);
                keyStore.load(null);
                PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, cArr);
                final String detectSignatureAlgorithm = detectSignatureAlgorithm(w10);
                Signature signature = Signature.getInstance(detectSignatureAlgorithm);
                signature.initSign(privateKey);
                Timber.d("Signature initialization completed", new Object[0]);
                signature.update(bArr);
                final byte[] sign = signature.sign();
                final byte[] encoded = w10.getEncoded();
                Timber.d("Challenge signing completed", new Object[0]);
                executor.execute(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.m
                    @Override // java.lang.Runnable
                    public final void run() {
                        SecurityKeyCertificateAuthenticatorService.lambda$authenticateInternal$7(SecurityKeyCertificateAuthenticatorService.AuthenticationCallback.this, sign, detectSignatureAlgorithm, encoded);
                    }
                });
            } catch (BadResponseException e10) {
            } catch (ApduException e11) {
                throw e11;
            } catch (IOException e12) {
            } catch (Exception e13) {
                Timber.w(e13, "The signing process failed", new Object[0]);
                if (e13.getCause() != null) {
                    if (e13.getCause() instanceof InvalidPinException) {
                        throw ((InvalidPinException) e13.getCause());
                    }
                    if (e13.getCause() instanceof ApduException) {
                        throw ((ApduException) e13.getCause());
                    }
                    if (e13.getCause() instanceof BadResponseException) {
                        throw ((BadResponseException) e13.getCause());
                    }
                    if (e13.getCause() instanceof IOException) {
                        throw ((IOException) e13.getCause());
                    }
                }
                executor.execute(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.n
                    @Override // java.lang.Runnable
                    public final void run() {
                        SecurityKeyCertificateAuthenticatorService.this.lambda$authenticateInternal$8(authenticationCallback);
                    }
                });
            }
        } finally {
            Security.removeProvider(zVar.getName());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: connectSecurityKey, reason: merged with bridge method [inline-methods] */
    public void lambda$discoverSecurityKey$9(final Activity activity, final d8.e eVar, final OnSecurityKeyConnectionCallback onSecurityKeyConnectionCallback) {
        try {
            eVar.e(i8.e.class, new j8.b() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.e
                @Override // j8.b
                public final void a(Object obj) {
                    SecurityKeyCertificateAuthenticatorService.this.lambda$connectSecurityKey$12(onSecurityKeyConnectionCallback, eVar, activity, (j8.e) obj);
                }
            });
        } catch (IllegalStateException e10) {
            Timber.w(e10, "Connection request failed", new Object[0]);
            onSecurityKeyConnectionCallback.handleException(e10);
        }
    }

    private String detectSignatureAlgorithm(X509Certificate x509Certificate) {
        k8.b h10 = k8.b.h(x509Certificate.getPublicKey());
        int i10 = AnonymousClass2.$SwitchMap$com$yubico$yubikit$piv$KeyType[h10.ordinal()];
        if (i10 == 1) {
            return "SHA256withECDSA";
        }
        if (i10 == 2) {
            return "SHA384withECDSA";
        }
        if (i10 == 3 || i10 == 4) {
            return "SHA256withRSA";
        }
        throw new NoSuchAlgorithmException("Signature algorithm is not supported for KeyType" + h10);
    }

    private void discoverSecurityKey(final Activity activity, com.yubico.yubikit.android.transport.usb.a aVar, com.yubico.yubikit.android.transport.nfc.a aVar2, final CancellationSignal cancellationSignal, final OnSecurityKeyConnectionCallback onSecurityKeyConnectionCallback) {
        try {
            this.mYubiKitManager.b(aVar2, activity, new j8.b() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.o
                @Override // j8.b
                public final void a(Object obj) {
                    SecurityKeyCertificateAuthenticatorService.this.lambda$discoverSecurityKey$9(activity, onSecurityKeyConnectionCallback, (com.yubico.yubikit.android.transport.nfc.h) obj);
                }
            });
        } catch (NfcNotAvailable e10) {
            onSecurityKeyConnectionCallback.handleException(e10);
        }
        this.mYubiKitManager.c(aVar, new j8.b() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.c
            @Override // j8.b
            public final void a(Object obj) {
                SecurityKeyCertificateAuthenticatorService.this.lambda$discoverSecurityKey$11(cancellationSignal, activity, onSecurityKeyConnectionCallback, (com.yubico.yubikit.android.transport.usb.f) obj);
            }
        });
    }

    private List<String> extractIssuerNames(List<String> list) {
        ArrayList arrayList = new ArrayList();
        if (list != null && !list.isEmpty()) {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(((X509Certificate) certificateFactory.generateCertificate(new Base64InputStream(new ByteArrayInputStream(it.next().getBytes()), 2))).getIssuerX500Principal().getName());
            }
        }
        return arrayList;
    }

    private List<SecurityKeyCertificate> filterCertificates(k8.f fVar, Predicate<X509Certificate> predicate) {
        ArrayList arrayList = new ArrayList();
        for (k8.g gVar : SEARCHABLE_SLOTS) {
            try {
                X509Certificate w10 = fVar.w(gVar);
                if (predicate.test(w10)) {
                    arrayList.add(SecurityKeyCertificate.from(this.mContext.getResources(), gVar, w10));
                    if (k8.g.AUTHENTICATION == gVar) {
                        return arrayList;
                    }
                } else {
                    continue;
                }
            } catch (BadResponseException | ApduException unused) {
                Timber.d("The slot %s does not contain a valid certificate", gVar.m());
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<SecurityKeyCertificate> filterCertificatesByIssuers(k8.f fVar, final List<String> list) {
        return filterCertificates(fVar, new Predicate() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.d
            @Override // com.veridiumid.sdk.core.util.function.Predicate
            public final boolean test(Object obj) {
                boolean lambda$filterCertificatesByIssuers$6;
                lambda$filterCertificatesByIssuers$6 = SecurityKeyCertificateAuthenticatorService.lambda$filterCertificatesByIssuers$6(list, (X509Certificate) obj);
                return lambda$filterCertificatesByIssuers$6;
            }
        });
    }

    public static SecurityKeyCertificateAuthenticatorService from(Context context) {
        if (context.getApplicationContext() != null) {
            context = context.getApplicationContext();
        }
        return new SecurityKeyCertificateAuthenticatorService(context);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$authenticate$0(AuthenticationCallback authenticationCallback) {
        authenticationCallback.onAuthenticationError(2, this.mContext.getString(R.string.veridiumid_certificate_error_timeout));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$authenticate$1(Executor executor, final AuthenticationCallback authenticationCallback) {
        executor.execute(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.k
            @Override // java.lang.Runnable
            public final void run() {
                SecurityKeyCertificateAuthenticatorService.this.lambda$authenticate$0(authenticationCallback);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$authenticate$2(AuthenticationCallback authenticationCallback) {
        authenticationCallback.onAuthenticationError(5, this.mContext.getString(R.string.veridiumid_certificate_error_no_certificates));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$authenticate$3(AuthenticationCallback authenticationCallback) {
        authenticationCallback.onUserInputRequired(new SecurityTokenPinCallback(this.mContext.getString(R.string.veridiumid_certificate_authenticator_pin_instruction)), this.mCallbackHandler);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$authenticate$4(AuthenticationCallback authenticationCallback) {
        authenticationCallback.onAuthenticationError(7, this.mContext.getString(R.string.veridiumid_certificate_error_canceled));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$authenticate$5(Activity activity, Executor executor, final AuthenticationCallback authenticationCallback) {
        Timber.d("Cancellation signal received", new Object[0]);
        cancelInternal(activity, 0);
        executor.execute(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.l
            @Override // java.lang.Runnable
            public final void run() {
                SecurityKeyCertificateAuthenticatorService.this.lambda$authenticate$4(authenticationCallback);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void lambda$authenticateInternal$7(AuthenticationCallback authenticationCallback, byte[] bArr, String str, byte[] bArr2) {
        authenticationCallback.onAuthenticationSuccessful(new CertificateAuthenticator.AuthenticationResult(bArr, str, bArr2));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$authenticateInternal$8(AuthenticationCallback authenticationCallback) {
        authenticationCallback.onAuthenticationError(5, this.mContext.getString(R.string.veridiumid_certificate_error_signature_failed));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$cancelInternal$13(Activity activity) {
        Timber.d("Stop the authenticator discovery", new Object[0]);
        this.mYubiKitManager.d(activity);
        this.mYubiKitManager.e();
        if (this.mTimeoutRunnable == null) {
            Timber.d("Timeout is not scheduled", new Object[0]);
        } else {
            Timber.d("Cancelled scheduled timeout", new Object[0]);
            this.mMainThreadHandler.removeCallbacks(this.mTimeoutRunnable);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$connectSecurityKey$12(OnSecurityKeyConnectionCallback onSecurityKeyConnectionCallback, d8.e eVar, Activity activity, j8.e eVar2) {
        try {
            Timber.d("Establishing session with device", new Object[0]);
            k8.f fVar = new k8.f((i8.e) eVar2.b());
            Timber.d("Session established with device sn=%s", Integer.valueOf(fVar.J()));
            try {
                onSecurityKeyConnectionCallback.execute(fVar, eVar);
                if (this.mCallbackHandler.isUserInputRequested()) {
                    return;
                }
                cancelInternal(activity, 1500);
            } catch (InterruptedException e10) {
                if (Thread.interrupted()) {
                    Timber.w(e10, "Thread was interrupted by an unhandled exception", new Object[0]);
                    onSecurityKeyConnectionCallback.handleException((Exception) e10.getCause());
                } else {
                    Timber.w("Execution interrupted by a processing error: " + e10.getMessage(), new Object[0]);
                }
            } catch (Exception e11) {
                onSecurityKeyConnectionCallback.handleException(e11);
            }
        } catch (ApplicationNotAvailableException | ApduException | IOException e12) {
            onSecurityKeyConnectionCallback.handleException(e12);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$discoverSecurityKey$11(final CancellationSignal cancellationSignal, Activity activity, OnSecurityKeyConnectionCallback onSecurityKeyConnectionCallback, com.yubico.yubikit.android.transport.usb.f fVar) {
        fVar.I(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.f
            @Override // java.lang.Runnable
            public final void run() {
                cancellationSignal.cancel();
            }
        });
        if (fVar.z()) {
            lambda$discoverSecurityKey$9(activity, fVar, onSecurityKeyConnectionCallback);
        } else {
            onSecurityKeyConnectionCallback.handleException(new UsbPermissionNotGrantedException(fVar));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean lambda$filterCertificatesByIssuers$6(List list, X509Certificate x509Certificate) {
        if (list == null || list.isEmpty()) {
            return true;
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            if (x509Certificate.getIssuerX500Principal().getName().equals((String) it.next())) {
                return true;
            }
        }
        return false;
    }

    private void setupTimeout(Runnable runnable, int i10) {
        this.mMainThreadHandler.removeCallbacksAndMessages(null);
        this.mTimeoutRunnable = runnable;
        this.mMainThreadHandler.postDelayed(runnable, i10);
        Timber.i("Schedule timeout in %s ms", Integer.valueOf(i10));
    }

    public void authenticate(final Activity activity, CancellationSignal cancellationSignal, CertificateAuthenticatorRequestOptions certificateAuthenticatorRequestOptions, final Executor executor, final AuthenticationCallback authenticationCallback) {
        int timeout = (int) certificateAuthenticatorRequestOptions.getTimeout();
        com.yubico.yubikit.android.transport.usb.a a10 = new com.yubico.yubikit.android.transport.usb.a().a(false);
        com.yubico.yubikit.android.transport.nfc.a b10 = new com.yubico.yubikit.android.transport.nfc.a().f(timeout).b(false);
        setupTimeout(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.b
            @Override // java.lang.Runnable
            public final void run() {
                SecurityKeyCertificateAuthenticatorService.this.lambda$authenticate$1(executor, authenticationCallback);
            }
        }, timeout);
        try {
            List<String> extractIssuerNames = extractIssuerNames(certificateAuthenticatorRequestOptions.getIssuers());
            this.mCallbackHandler = new SecurityKeyCallbackHandler(this, activity, authenticationCallback, null);
            executor.execute(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.h
                @Override // java.lang.Runnable
                public final void run() {
                    SecurityKeyCertificateAuthenticatorService.this.lambda$authenticate$3(authenticationCallback);
                }
            });
            cancellationSignal.setOnCancelListener(new CancellationSignal.OnCancelListener() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.i
                @Override // android.os.CancellationSignal.OnCancelListener
                public final void onCancel() {
                    SecurityKeyCertificateAuthenticatorService.this.lambda$authenticate$5(activity, executor, authenticationCallback);
                }
            });
            discoverSecurityKey(activity, a10, b10, cancellationSignal, new AnonymousClass1(executor, authenticationCallback, extractIssuerNames, certificateAuthenticatorRequestOptions, activity));
        } catch (CertificateException unused) {
            executor.execute(new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.g
                @Override // java.lang.Runnable
                public final void run() {
                    SecurityKeyCertificateAuthenticatorService.this.lambda$authenticate$2(authenticationCallback);
                }
            });
        }
    }

    public void cancelInternal(final Activity activity, int i10) {
        Runnable runnable = new Runnable() { // from class: com.veridiumid.sdk.authenticator.certificate.securityKey.j
            @Override // java.lang.Runnable
            public final void run() {
                SecurityKeyCertificateAuthenticatorService.this.lambda$cancelInternal$13(activity);
            }
        };
        if (i10 > 0) {
            this.mMainThreadHandler.postDelayed(runnable, i10);
        } else {
            runnable.run();
        }
    }
}
