package de.cotech.hw.fido2.internal;

import de.cotech.hw.SecurityKeyException;
import de.cotech.hw.exceptions.AppletFileNotFoundException;
import de.cotech.hw.exceptions.ClaNotSupportedException;
import de.cotech.hw.exceptions.InsNotSupportedException;
import de.cotech.hw.exceptions.SelectAppletException;
import de.cotech.hw.exceptions.WrongRequestLengthException;
import de.cotech.hw.fido2.exceptions.FidoPresenceRequiredException;
import de.cotech.hw.fido2.exceptions.FidoWrongKeyHandleException;
import de.cotech.hw.fido2.internal.ctap2.Ctap2Command;
import de.cotech.hw.fido2.internal.ctap2.Ctap2CommandApduTransformer;
import de.cotech.hw.fido2.internal.ctap2.Ctap2Exception;
import de.cotech.hw.fido2.internal.ctap2.Ctap2Response;
import de.cotech.hw.fido2.internal.ctap2.CtapErrorResponse;
import de.cotech.hw.fido2.internal.ctap2.commands.getInfo.AuthenticatorGetInfo;
import de.cotech.hw.fido2.internal.ctap2.commands.getInfo.AuthenticatorGetInfoResponse;
import de.cotech.hw.fido2.internal.pinauth.PinToken;
import de.cotech.hw.internal.iso7816.CommandApdu;
import de.cotech.hw.internal.iso7816.ResponseApdu;
import de.cotech.hw.internal.transport.SecurityKeyInfo;
import de.cotech.hw.internal.transport.Transport;
import de.cotech.hw.util.Hex;
import de.cotech.hw.util.HwTimber;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes4.dex */
public class Fido2AppletConnection {
    private static final int APDU_SW1_RESPONSE_AVAILABLE = 97;
    private static final List<byte[]> FIDO_AID_PREFIXES = Arrays.asList(Hex.decodeHexOrFail("A0000006472F0001"), Hex.decodeHexOrFail("A0000006472F000100"), Hex.decodeHexOrFail("A0000005271002"));
    private static final int RESPONSE_SW1_INCORRECT_LENGTH = 108;
    private PinToken cachedPinToken;
    private final Fido2CommandApduFactory commandFactory;
    private final Ctap2CommandApduTransformer ctap2CommandApduTransformer;
    private AuthenticatorGetInfoResponse ctap2Info;
    private boolean isFidoAppletConnected;
    private boolean isForceCtap1;
    private final Transport transport;

    private Fido2AppletConnection(Transport transport, Fido2CommandApduFactory fido2CommandApduFactory, Ctap2CommandApduTransformer ctap2CommandApduTransformer) {
        this.transport = transport;
        this.commandFactory = fido2CommandApduFactory;
        this.ctap2CommandApduTransformer = ctap2CommandApduTransformer;
    }

    private void checkVersionOrThrow(byte[] bArr) throws IOException {
        String str = new String(bArr, Charset.forName("ASCII"));
        if ("U2F_V2".equals(str) || "FIDO_2_0".equals(str)) {
            HwTimber.d("U2F applet answered correctly with version U2F_V2 or FIDO_2_0", new Object[0]);
        } else {
            HwTimber.e("Applet did NOT answer with a correct version string!", new Object[0]);
            throw new IOException("Applet replied with incorrect version string!");
        }
    }

    private ResponseApdu communicate(CommandApdu commandApdu) throws IOException {
        ResponseApdu sendWithChaining = sendWithChaining(commandApdu);
        if (sendWithChaining.getSw1() == 108 && sendWithChaining.getSw2() != 0) {
            sendWithChaining = sendWithChaining(commandApdu.withNe(sendWithChaining.getSw2()));
        }
        return readChainedResponseIfAvailable(sendWithChaining);
    }

    private void connectToDevice() throws IOException {
        try {
            if (this.transport.getTransportType() == SecurityKeyInfo.TransportType.USB_CTAPHID) {
                HwTimber.d("Using USB U2F HID as a transport. No need to select AID.", new Object[0]);
                checkVersionOrThrow(readVersion());
            } else {
                HwTimber.d("Connected to AID %s", Hex.encodeHexString(selectFilesFromPrefixOrFail()));
            }
            try {
                this.ctap2Info = ctap2AuthenticatorGetInfo();
                HwTimber.d("Call to AuthenticatorGetInfo returns valid response - using CTAP2", new Object[0]);
                HwTimber.d(this.ctap2Info.toString(), new Object[0]);
            } catch (IOException unused) {
                HwTimber.d("Call to AuthenticatorGetInfo returned no valid response - using CTAP1", new Object[0]);
            }
            this.isFidoAppletConnected = true;
        } catch (IOException e) {
            this.transport.release();
            throw e;
        }
    }

    private AuthenticatorGetInfoResponse ctap2AuthenticatorGetInfo() throws IOException {
        return (AuthenticatorGetInfoResponse) ctap2CommunicateOrThrow(AuthenticatorGetInfo.create());
    }

    private Ctap2Response ctap2ResponseFromResponseApdu(Ctap2Command ctap2Command, ResponseApdu responseApdu) throws IOException {
        byte[] data = responseApdu.getData();
        if (data[0] != 0) {
            throw new Ctap2Exception(CtapErrorResponse.create(data[0]));
        }
        return ctap2Command.getResponseFactory().createResponse(de.cotech.hw.util.Arrays.copyOfRange(data, 1, data.length));
    }

    public static Fido2AppletConnection getInstanceForTransport(Transport transport) {
        return new Fido2AppletConnection(transport, new Fido2CommandApduFactory(), new Ctap2CommandApduTransformer());
    }

    private ResponseApdu readChainedResponseIfAvailable(ResponseApdu responseApdu) throws IOException {
        if (responseApdu.getSw1() != 97) {
            return responseApdu;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(responseApdu.getData());
        do {
            responseApdu = this.transport.transceive(this.commandFactory.createGetResponseCommand(responseApdu.getSw2()));
            byteArrayOutputStream.write(responseApdu.getData());
        } while (responseApdu.getSw1() == 97);
        byteArrayOutputStream.write(responseApdu.getSw1());
        byteArrayOutputStream.write(responseApdu.getSw2());
        return ResponseApdu.fromBytes(byteArrayOutputStream.toByteArray());
    }

    private byte[] readVersion() throws IOException {
        return communicateOrThrow(this.commandFactory.createVersionCommand()).getData();
    }

    private byte[] selectFileOrFail(byte[] bArr) throws IOException {
        try {
            checkVersionOrThrow(communicateOrThrow(this.commandFactory.createSelectFileCommand(bArr)).getData());
            return bArr;
        } catch (AppletFileNotFoundException unused) {
            return null;
        }
    }

    private byte[] selectFilesFromPrefixOrFail() throws IOException {
        Iterator<byte[]> it = FIDO_AID_PREFIXES.iterator();
        while (it.hasNext()) {
            byte[] selectFileOrFail = selectFileOrFail(it.next());
            if (selectFileOrFail != null) {
                return selectFileOrFail;
            }
        }
        throw new SelectAppletException(FIDO_AID_PREFIXES, "FIDO U2F or CTAP2");
    }

    private ResponseApdu sendWithChaining(CommandApdu commandApdu) throws IOException {
        if (!this.transport.isExtendedLengthSupported()) {
            HwTimber.w("Transport protocol does not support extended length. Probably an old device with NFC, such as Nexus 5X, Nexus 6P. We still try sending extended length!", new Object[0]);
        }
        ResponseApdu transceive = this.transport.transceive(commandApdu.withExtendedApduNe());
        if (transceive.getSw() != 26368) {
            return transceive;
        }
        HwTimber.d("Received WRONG_REQUEST_LENGTH error. Retrying with short APDU Ne.", new Object[0]);
        if (this.commandFactory.isSuitableForSingleShortApdu(commandApdu)) {
            return this.transport.transceive(commandApdu.withShortApduNe());
        }
        List<CommandApdu> createChainedApdus = this.commandFactory.createChainedApdus(commandApdu);
        int size = createChainedApdus.size();
        ResponseApdu responseApdu = null;
        for (int i = 0; i < size; i++) {
            responseApdu = this.transport.transceive(createChainedApdus.get(i));
            int i2 = size - 1;
            if (i != i2 && !responseApdu.isSuccess()) {
                throw new IOException("Failed to chain apdu (" + i + "/" + i2 + ", last SW: " + Integer.toHexString(responseApdu.getSw()) + ")");
            }
        }
        if (responseApdu != null) {
            return responseApdu;
        }
        throw new IllegalStateException();
    }

    public ResponseApdu communicateOrThrow(CommandApdu commandApdu) throws IOException {
        ResponseApdu communicate = communicate(commandApdu);
        if (communicate.isSuccess()) {
            return communicate;
        }
        int sw = communicate.getSw();
        if (sw == 26368) {
            throw new WrongRequestLengthException();
        }
        if (sw == 27013) {
            throw new FidoPresenceRequiredException();
        }
        if (sw == 27264) {
            throw new FidoWrongKeyHandleException();
        }
        if (sw == 27266) {
            throw new AppletFileNotFoundException();
        }
        if (sw == 27904) {
            throw new InsNotSupportedException();
        }
        if (sw != 28160) {
            throw new SecurityKeyException("UNKNOWN", communicate.getSw());
        }
        throw new ClaNotSupportedException();
    }

    public void connectIfNecessary() throws IOException {
        if (this.isFidoAppletConnected) {
            return;
        }
        connectToDevice();
    }

    public <T extends Ctap2Response> T ctap2CommunicateOrThrow(Ctap2Command<T> ctap2Command) throws IOException {
        if (!isCtap2Capable()) {
            HwTimber.w("Attempting to send CTAP2 command, but CTAP2 is not supported. This will probably cause an error.", new Object[0]);
        }
        return (T) ctap2ResponseFromResponseApdu(ctap2Command, communicateOrThrow(this.ctap2CommandApduTransformer.toCommandApdu(ctap2Command)));
    }

    public PinToken getCachedPinToken() {
        return this.cachedPinToken;
    }

    public Fido2CommandApduFactory getCommandFactory() {
        return this.commandFactory;
    }

    public boolean isClientPinSet() {
        Boolean clientPin;
        AuthenticatorGetInfoResponse authenticatorGetInfoResponse = this.ctap2Info;
        return (authenticatorGetInfoResponse == null || (clientPin = authenticatorGetInfoResponse.options().clientPin()) == null || !clientPin.booleanValue()) ? false : true;
    }

    public boolean isConnected() {
        return this.transport.isConnected();
    }

    public boolean isCtap2Capable() {
        return (this.isForceCtap1 || this.ctap2Info == null) ? false : true;
    }

    public boolean isSupportClientPin() {
        AuthenticatorGetInfoResponse authenticatorGetInfoResponse = this.ctap2Info;
        return (authenticatorGetInfoResponse == null || authenticatorGetInfoResponse.options().clientPin() == null) ? false : true;
    }

    public boolean isSupportResidentKeys() {
        AuthenticatorGetInfoResponse authenticatorGetInfoResponse = this.ctap2Info;
        return authenticatorGetInfoResponse != null && authenticatorGetInfoResponse.options().rk();
    }

    public boolean isSupportUserPresence() {
        AuthenticatorGetInfoResponse authenticatorGetInfoResponse = this.ctap2Info;
        return authenticatorGetInfoResponse != null && authenticatorGetInfoResponse.options().up();
    }

    public boolean isSupportUserVerification() {
        AuthenticatorGetInfoResponse authenticatorGetInfoResponse = this.ctap2Info;
        return (authenticatorGetInfoResponse == null || authenticatorGetInfoResponse.options().uv() == null) ? false : true;
    }

    public void setCachedPinToken(PinToken pinToken) {
        this.cachedPinToken = pinToken;
    }

    public void setForceCtap1(boolean z) {
        this.isForceCtap1 = z;
    }
}
