package org.mozilla.geckoview;

import android.app.PendingIntent;
import android.content.Intent;
import android.net.Uri;
import android.util.Base64;
import android.util.Log;
import com.google.android.gms.fido.Fido;
import com.google.android.gms.fido.common.Transport;
import com.google.android.gms.fido.fido2.api.common.Algorithm;
import com.google.android.gms.fido.fido2.api.common.AuthenticationExtensions;
import com.google.android.gms.fido.fido2.api.common.AuthenticatorAssertionResponse;
import com.google.android.gms.fido.fido2.api.common.AuthenticatorAttestationResponse;
import com.google.android.gms.fido.fido2.api.common.AuthenticatorErrorResponse;
import com.google.android.gms.fido.fido2.api.common.BrowserPublicKeyCredentialRequestOptions;
import com.google.android.gms.fido.fido2.api.common.EC2Algorithm;
import com.google.android.gms.fido.fido2.api.common.FidoAppIdExtension;
import com.google.android.gms.fido.fido2.api.common.PublicKeyCredentialDescriptor;
import com.google.android.gms.fido.fido2.api.common.PublicKeyCredentialRequestOptions;
import com.google.android.gms.fido.fido2.api.common.PublicKeyCredentialType;
import com.google.android.gms.fido.fido2.api.common.RSAAlgorithm;
import com.google.android.gms.tasks.OnFailureListener;
import com.google.android.gms.tasks.OnSuccessListener;
import com.google.android.gms.tasks.Task;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.List;
import mozilla.components.concept.engine.InputResultDetail;
import org.mozilla.gecko.GeckoAppShell;
import org.mozilla.gecko.annotation.WrapForJNI;
import org.mozilla.gecko.util.GeckoBundle;
import org.mozilla.geckoview.GeckoResult;

/* loaded from: classes6.dex */
class WebAuthnTokenManager {
    private static final byte AUTHENTICATOR_TRANSPORT_BLE = 4;
    private static final byte AUTHENTICATOR_TRANSPORT_INTERNAL = 8;
    private static final byte AUTHENTICATOR_TRANSPORT_NFC = 2;
    private static final byte AUTHENTICATOR_TRANSPORT_USB = 1;
    private static final String LOGTAG = "WebAuthnTokenManager";
    private static final Algorithm[] SUPPORTED_ALGORITHMS = {EC2Algorithm.ES256, EC2Algorithm.ES384, EC2Algorithm.ES512, EC2Algorithm.ED256, EC2Algorithm.ED512, RSAAlgorithm.PS256, RSAAlgorithm.PS384, RSAAlgorithm.PS512, RSAAlgorithm.RS256, RSAAlgorithm.RS384, RSAAlgorithm.RS512};

    /* loaded from: classes6.dex */
    public enum AttestationPreference {
        NONE,
        INDIRECT,
        DIRECT
    }

    /* loaded from: classes6.dex */
    public static class Exception extends RuntimeException {
        public Exception(String str) {
            super(str);
        }
    }

    @WrapForJNI
    /* loaded from: classes6.dex */
    public static class GetAssertionResponse {
        public final byte[] authData;
        public final byte[] clientDataJson;
        public final byte[] keyHandle;
        public final byte[] signature;
        public final byte[] userHandle;

        public GetAssertionResponse(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5) {
            this.clientDataJson = bArr;
            this.keyHandle = bArr2;
            this.authData = bArr3;
            this.signature = bArr4;
            this.userHandle = bArr5;
        }
    }

    @WrapForJNI
    /* loaded from: classes6.dex */
    public static class MakeCredentialResponse {
        public final byte[] attestationObject;
        public final byte[] clientDataJson;
        public final byte[] keyHandle;
        public final String[] transports;

        public MakeCredentialResponse(byte[] bArr, byte[] bArr2, byte[] bArr3, String[] strArr) {
            this.clientDataJson = bArr;
            this.keyHandle = bArr2;
            this.attestationObject = bArr3;
            this.transports = strArr;
        }
    }

    /* loaded from: classes6.dex */
    public static class WebAuthnPublicCredential {
        public final byte[] id;
        public final byte transports;

        public WebAuthnPublicCredential(byte[] bArr, byte b2) {
            this.id = bArr;
            this.transports = b2;
        }

        static ArrayList<WebAuthnPublicCredential> CombineBuffers(Object[] objArr, ByteBuffer byteBuffer) {
            if (objArr.length != byteBuffer.remaining()) {
                throw new RuntimeException("Couldn't extract allowed list!");
            }
            ArrayList<WebAuthnPublicCredential> arrayList = new ArrayList<>();
            byte[] bArr = new byte[byteBuffer.remaining()];
            byteBuffer.get(bArr);
            for (int i2 = 0; i2 < objArr.length; i2++) {
                ByteBuffer byteBuffer2 = (ByteBuffer) objArr[i2];
                byte[] bArr2 = new byte[byteBuffer2.remaining()];
                byteBuffer2.get(bArr2);
                arrayList.add(new WebAuthnPublicCredential(bArr2, bArr[i2]));
            }
            return arrayList;
        }
    }

    WebAuthnTokenManager() {
    }

    private static GeckoResult<GetAssertionResponse> getAssertion(byte[] bArr, WebAuthnPublicCredential[] webAuthnPublicCredentialArr, GeckoBundle geckoBundle, GeckoBundle geckoBundle2) {
        if (!geckoBundle.containsKey("isWebAuthn")) {
            return GeckoResult.fromException(new Exception("NOT_SUPPORTED_ERR"));
        }
        ArrayList arrayList = new ArrayList();
        for (WebAuthnPublicCredential webAuthnPublicCredential : webAuthnPublicCredentialArr) {
            arrayList.add(new PublicKeyCredentialDescriptor(PublicKeyCredentialType.PUBLIC_KEY.toString(), webAuthnPublicCredential.id, getTransportsForByte(webAuthnPublicCredential.transports)));
        }
        AuthenticationExtensions.Builder builder = new AuthenticationExtensions.Builder();
        if (geckoBundle2.containsKey("fidoAppId")) {
            builder.setFido2Extension(new FidoAppIdExtension(geckoBundle2.getString("fidoAppId")));
        }
        Task<PendingIntent> signPendingIntent = Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext()).getSignPendingIntent(new BrowserPublicKeyCredentialRequestOptions.Builder().setPublicKeyCredentialRequestOptions(new PublicKeyCredentialRequestOptions.Builder().setChallenge(bArr).setAllowList(arrayList).setTimeoutSeconds(Double.valueOf(geckoBundle.getLong("timeoutMS") / 1000.0d)).setRpId(geckoBundle.getString("rpId")).setAuthenticationExtensions(builder.build()).build()).setOrigin(Uri.parse(geckoBundle.getString("origin"))).build());
        final GeckoResult<GetAssertionResponse> geckoResult = new GeckoResult<>();
        signPendingIntent.addOnSuccessListener(new OnSuccessListener() { // from class: org.mozilla.geckoview.z6
            @Override // com.google.android.gms.tasks.OnSuccessListener
            public final void onSuccess(Object obj) {
                WebAuthnTokenManager.lambda$getAssertion$6(GeckoResult.this, (PendingIntent) obj);
            }
        });
        return geckoResult;
    }

    private static List<Transport> getTransportsForByte(byte b2) {
        ArrayList arrayList = new ArrayList();
        if ((b2 & 1) == 1) {
            arrayList.add(Transport.USB);
        }
        if ((b2 & 2) == 2) {
            arrayList.add(Transport.NFC);
        }
        if ((b2 & 4) == 4) {
            arrayList.add(Transport.BLUETOOTH_LOW_ENERGY);
        }
        if ((b2 & 8) == 8) {
            arrayList.add(Transport.INTERNAL);
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void lambda$getAssertion$4(GeckoResult geckoResult, Intent intent) {
        Exception parseErrorIntent = parseErrorIntent(intent);
        if (parseErrorIntent != null) {
            geckoResult.completeExceptionally(parseErrorIntent);
            return;
        }
        if (intent.hasExtra(Fido.FIDO2_KEY_RESPONSE_EXTRA)) {
            AuthenticatorAssertionResponse deserializeFromBytes = AuthenticatorAssertionResponse.deserializeFromBytes(intent.getByteArrayExtra(Fido.FIDO2_KEY_RESPONSE_EXTRA));
            Log.d(LOGTAG, "key handle: " + Base64.encodeToString(deserializeFromBytes.getKeyHandle(), 0));
            Log.d(LOGTAG, "clientDataJSON: " + Base64.encodeToString(deserializeFromBytes.getClientDataJSON(), 0));
            Log.d(LOGTAG, "auth data: " + Base64.encodeToString(deserializeFromBytes.getAuthenticatorData(), 0));
            Log.d(LOGTAG, "signature: " + Base64.encodeToString(deserializeFromBytes.getSignature(), 0));
            byte[] userHandle = deserializeFromBytes.getUserHandle();
            if (userHandle == null) {
                userHandle = new byte[0];
            }
            geckoResult.complete(new GetAssertionResponse(deserializeFromBytes.getClientDataJSON(), deserializeFromBytes.getKeyHandle(), deserializeFromBytes.getAuthenticatorData(), deserializeFromBytes.getSignature(), userHandle));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void lambda$getAssertion$5(GeckoResult geckoResult, Throwable th) {
        Log.w(LOGTAG, "Failed to get FIDO intent", th);
        geckoResult.completeExceptionally(new Exception("UNKNOWN_ERR"));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void lambda$getAssertion$6(final GeckoResult geckoResult, PendingIntent pendingIntent) {
        GeckoRuntime.getInstance().startActivityForResult(pendingIntent).accept(new GeckoResult.Consumer() { // from class: org.mozilla.geckoview.a7
            @Override // org.mozilla.geckoview.GeckoResult.Consumer
            public final void accept(Object obj) {
                WebAuthnTokenManager.lambda$getAssertion$4(GeckoResult.this, (Intent) obj);
            }
        }, new GeckoResult.Consumer() { // from class: org.mozilla.geckoview.b7
            @Override // org.mozilla.geckoview.GeckoResult.Consumer
            public final void accept(Object obj) {
                WebAuthnTokenManager.lambda$getAssertion$5(GeckoResult.this, (Throwable) obj);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void lambda$makeCredential$0(GeckoResult geckoResult, Intent intent) {
        Exception parseErrorIntent = parseErrorIntent(intent);
        if (parseErrorIntent != null) {
            geckoResult.completeExceptionally(parseErrorIntent);
            return;
        }
        byte[] byteArrayExtra = intent.getByteArrayExtra(Fido.FIDO2_KEY_RESPONSE_EXTRA);
        if (byteArrayExtra != null) {
            AuthenticatorAttestationResponse deserializeFromBytes = AuthenticatorAttestationResponse.deserializeFromBytes(byteArrayExtra);
            Log.d(LOGTAG, "key handle: " + Base64.encodeToString(deserializeFromBytes.getKeyHandle(), 0));
            Log.d(LOGTAG, "clientDataJSON: " + Base64.encodeToString(deserializeFromBytes.getClientDataJSON(), 0));
            Log.d(LOGTAG, "attestation Object: " + Base64.encodeToString(deserializeFromBytes.getAttestationObject(), 0));
            Log.d(LOGTAG, "transports: " + w6.a(InputResultDetail.TOSTRING_SEPARATOR, deserializeFromBytes.getTransports()));
            geckoResult.complete(new MakeCredentialResponse(deserializeFromBytes.getClientDataJSON(), deserializeFromBytes.getKeyHandle(), deserializeFromBytes.getAttestationObject(), deserializeFromBytes.getTransports()));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void lambda$makeCredential$1(GeckoResult geckoResult, Throwable th) {
        Log.w(LOGTAG, "Failed to launch activity: ", th);
        geckoResult.completeExceptionally(new Exception("ABORT_ERR"));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void lambda$makeCredential$2(final GeckoResult geckoResult, PendingIntent pendingIntent) {
        GeckoRuntime.getInstance().startActivityForResult(pendingIntent).accept(new GeckoResult.Consumer() { // from class: org.mozilla.geckoview.c7
            @Override // org.mozilla.geckoview.GeckoResult.Consumer
            public final void accept(Object obj) {
                WebAuthnTokenManager.lambda$makeCredential$0(GeckoResult.this, (Intent) obj);
            }
        }, new GeckoResult.Consumer() { // from class: org.mozilla.geckoview.d7
            @Override // org.mozilla.geckoview.GeckoResult.Consumer
            public final void accept(Object obj) {
                WebAuthnTokenManager.lambda$makeCredential$1(GeckoResult.this, (Throwable) obj);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void lambda$makeCredential$3(GeckoResult geckoResult, java.lang.Exception exc) {
        Log.w(LOGTAG, "Failed to get FIDO intent", exc);
        geckoResult.completeExceptionally(new Exception("ABORT_ERR"));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void lambda$webAuthnIsUserVerifyingPlatformAuthenticatorAvailable$8(GeckoResult geckoResult, java.lang.Exception exc) {
        Log.w(LOGTAG, "isUserVerifyingPlatformAuthenticatorAvailable is failed", exc);
        geckoResult.complete(Boolean.FALSE);
    }

    /* JADX WARN: Code restructure failed: missing block: B:38:0x007b, code lost:
    
        if (r10.equalsIgnoreCase(r11.name()) != false) goto L11;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static org.mozilla.geckoview.GeckoResult<org.mozilla.geckoview.WebAuthnTokenManager.MakeCredentialResponse> makeCredential(org.mozilla.gecko.util.GeckoBundle r16, byte[] r17, byte[] r18, org.mozilla.geckoview.WebAuthnTokenManager.WebAuthnPublicCredential[] r19, org.mozilla.gecko.util.GeckoBundle r20, org.mozilla.gecko.util.GeckoBundle r21) {
        /*
            Method dump skipped, instructions count: 428
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.mozilla.geckoview.WebAuthnTokenManager.makeCredential(org.mozilla.gecko.util.GeckoBundle, byte[], byte[], org.mozilla.geckoview.WebAuthnTokenManager$WebAuthnPublicCredential[], org.mozilla.gecko.util.GeckoBundle, org.mozilla.gecko.util.GeckoBundle):org.mozilla.geckoview.GeckoResult");
    }

    private static Exception parseErrorIntent(Intent intent) {
        if (!intent.hasExtra(Fido.FIDO2_KEY_ERROR_EXTRA)) {
            return null;
        }
        AuthenticatorErrorResponse deserializeFromBytes = AuthenticatorErrorResponse.deserializeFromBytes(intent.getByteArrayExtra(Fido.FIDO2_KEY_ERROR_EXTRA));
        Log.e(LOGTAG, "errorCode.name: " + deserializeFromBytes.getErrorCode());
        Log.e(LOGTAG, "errorMessage: " + deserializeFromBytes.getErrorMessage());
        return new Exception(deserializeFromBytes.getErrorCode().name());
    }

    @WrapForJNI(calledFrom = "gecko")
    private static GeckoResult<GetAssertionResponse> webAuthnGetAssertion(ByteBuffer byteBuffer, Object[] objArr, ByteBuffer byteBuffer2, GeckoBundle geckoBundle, GeckoBundle geckoBundle2) {
        byte[] bArr = new byte[byteBuffer.remaining()];
        try {
            byteBuffer.get(bArr);
            try {
                return getAssertion(bArr, (WebAuthnPublicCredential[]) WebAuthnPublicCredential.CombineBuffers(objArr, byteBuffer2).toArray(new WebAuthnPublicCredential[0]), geckoBundle, geckoBundle2);
            } catch (java.lang.Exception e2) {
                Log.w(LOGTAG, "Couldn't get assertion", e2);
                return GeckoResult.fromException(new Exception("UNKNOWN_ERR"));
            }
        } catch (RuntimeException e3) {
            Log.w(LOGTAG, "Couldn't extract nio byte arrays!", e3);
            return GeckoResult.fromException(new Exception("UNKNOWN_ERR"));
        }
    }

    @WrapForJNI(calledFrom = "gecko")
    private static GeckoResult<Boolean> webAuthnIsUserVerifyingPlatformAuthenticatorAvailable() {
        Task<Boolean> isUserVerifyingPlatformAuthenticatorAvailable = Fido.getFido2PrivilegedApiClient(GeckoAppShell.getApplicationContext()).isUserVerifyingPlatformAuthenticatorAvailable();
        final GeckoResult<Boolean> geckoResult = new GeckoResult<>();
        isUserVerifyingPlatformAuthenticatorAvailable.addOnSuccessListener(new OnSuccessListener() { // from class: org.mozilla.geckoview.e7
            @Override // com.google.android.gms.tasks.OnSuccessListener
            public final void onSuccess(Object obj) {
                GeckoResult.this.complete((Boolean) obj);
            }
        });
        isUserVerifyingPlatformAuthenticatorAvailable.addOnFailureListener(new OnFailureListener() { // from class: org.mozilla.geckoview.f7
            @Override // com.google.android.gms.tasks.OnFailureListener
            public final void onFailure(Exception exc) {
                WebAuthnTokenManager.lambda$webAuthnIsUserVerifyingPlatformAuthenticatorAvailable$8(GeckoResult.this, exc);
            }
        });
        return geckoResult;
    }

    @WrapForJNI(calledFrom = "gecko")
    private static GeckoResult<MakeCredentialResponse> webAuthnMakeCredential(GeckoBundle geckoBundle, ByteBuffer byteBuffer, ByteBuffer byteBuffer2, Object[] objArr, ByteBuffer byteBuffer3, GeckoBundle geckoBundle2, GeckoBundle geckoBundle3) {
        byte[] bArr = new byte[byteBuffer2.remaining()];
        byte[] bArr2 = new byte[byteBuffer.remaining()];
        try {
            byteBuffer2.get(bArr);
            byteBuffer.get(bArr2);
            try {
                return makeCredential(geckoBundle, bArr2, bArr, (WebAuthnPublicCredential[]) WebAuthnPublicCredential.CombineBuffers(objArr, byteBuffer3).toArray(new WebAuthnPublicCredential[0]), geckoBundle2, geckoBundle3);
            } catch (Exception e2) {
                Log.w(LOGTAG, "Couldn't make credential", e2);
                return GeckoResult.fromException(new Exception("UNKNOWN_ERR"));
            }
        } catch (RuntimeException e3) {
            Log.w(LOGTAG, "Couldn't extract nio byte arrays!", e3);
            return GeckoResult.fromException(new Exception("UNKNOWN_ERR"));
        }
    }
}
