package de.cotech.hw.fido2.internal.pinauth;

import de.cotech.hw.fido2.exceptions.FidoClientPinBlockedException;
import de.cotech.hw.fido2.exceptions.FidoClientPinInvalidException;
import de.cotech.hw.fido2.exceptions.FidoClientPinLastAttemptException;
import de.cotech.hw.fido2.internal.Fido2AppletConnection;
import de.cotech.hw.fido2.internal.ctap2.Ctap2Exception;
import de.cotech.hw.fido2.internal.ctap2.commands.clientPin.AuthenticatorClientPin;
import de.cotech.hw.fido2.internal.ctap2.commands.clientPin.AuthenticatorClientPinResponse;
import de.cotech.hw.util.Arrays;
import de.cotech.hw.util.Hex;
import de.cotech.hw.util.HwTimber;
import java.io.IOException;
import java.security.KeyPair;

/* loaded from: classes2.dex */
public class PinProtocolV1 {
    public static final int PIN_PROTOCOL = 1;
    private final PinAuthCryptoUtil pinAuthCryptoUtil;

    public PinProtocolV1(PinAuthCryptoUtil pinAuthCryptoUtil) {
        this.pinAuthCryptoUtil = pinAuthCryptoUtil;
    }

    private int checkRetries(Fido2AppletConnection fido2AppletConnection) throws IOException {
        Integer retries = ((AuthenticatorClientPinResponse) fido2AppletConnection.ctap2CommunicateOrThrow(AuthenticatorClientPin.createGetRetries())).retries();
        if (retries != null) {
            return retries.intValue();
        }
        throw new IOException("Failed to retrieve retries from authenticator.");
    }

    public byte[] calculatePinAuth(PinToken pinToken, byte[] bArr) {
        return this.pinAuthCryptoUtil.calculatePinAuth(pinToken.pinToken(), bArr);
    }

    public PinToken clientPinAuthenticate(Fido2AppletConnection fido2AppletConnection, String str, boolean z) throws IOException {
        HwTimber.d("Authenticating with PIN", new Object[0]);
        try {
            int checkRetries = checkRetries(fido2AppletConnection);
            if (checkRetries == 0) {
                throw new FidoClientPinBlockedException();
            }
            if (checkRetries == 1 && !z) {
                throw new FidoClientPinLastAttemptException();
            }
            AuthenticatorClientPinResponse authenticatorClientPinResponse = (AuthenticatorClientPinResponse) fido2AppletConnection.ctap2CommunicateOrThrow(AuthenticatorClientPin.createGetKeyAgreement());
            KeyPair generatePlatformKeyPair = this.pinAuthCryptoUtil.generatePlatformKeyPair();
            byte[] generateSharedSecret = this.pinAuthCryptoUtil.generateSharedSecret(generatePlatformKeyPair.getPrivate(), this.pinAuthCryptoUtil.publicKeyFromCosePublicKey(authenticatorClientPinResponse.keyAgreement()));
            try {
                try {
                    byte[] decryptPinToken = this.pinAuthCryptoUtil.decryptPinToken(generateSharedSecret, ((AuthenticatorClientPinResponse) fido2AppletConnection.ctap2CommunicateOrThrow(AuthenticatorClientPin.createGetPinToken(this.pinAuthCryptoUtil.cosePublicKeyFromPublicKey(generatePlatformKeyPair.getPublic()), this.pinAuthCryptoUtil.calculatePinHashEnc(generateSharedSecret, str)))).pinToken());
                    HwTimber.d("Authentication successful. pinToken is " + Hex.encodeHexString(decryptPinToken), new Object[0]);
                    return PinToken.create(decryptPinToken);
                } catch (Ctap2Exception e) {
                    byte errorCode = e.ctapErrorResponse.errorCode();
                    if (errorCode == 49) {
                        throw new FidoClientPinInvalidException(checkRetries - 1);
                    }
                    if (errorCode != 50) {
                        throw e;
                    }
                    throw new FidoClientPinBlockedException();
                }
            } finally {
                Arrays.fill(generateSharedSecret, (byte) 0);
            }
        } catch (Ctap2Exception e2) {
            if (e2.ctapErrorResponse.errorCode() == 50) {
                throw new FidoClientPinBlockedException();
            }
            throw e2;
        }
    }
}
