package defpackage;

import android.util.Pair;
import com.google.android.gms.common.api.Status;
import com.google.android.gms.fido.fido2.api.common.AttestationConveyancePreference;
import com.google.android.gms.fido.fido2.api.common.AuthenticatorResponse;
import com.google.android.gms.fido.fido2.api.common.PublicKeyCredential;
import java.io.IOException;
import java.net.URI;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.util.Arrays;
import java.util.HashMap;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: :com.google.android.gms@230413110@23.04.13 (180706-505809224) */
/* loaded from: classes2.dex */
public final class ujk implements vcb {
    public static final pgf a = uuj.b("ClientTunnelTransport");
    public final URI b;
    public vca c;
    public uag d;
    private final byte[] e;
    private final ukb f;
    private byte[] g;
    private byte[] h;
    private volatile ujj i;
    private volatile ujl j;
    private volatile byte[] k;
    private final ujr l;

    public ujk(byte[] bArr, Pair pair, ujn ujnVar, ukb ukbVar) {
        this.i = ujj.NONE;
        byte[] g = g(bArr, new byte[0], ukc.TUNNEL_ID, 16);
        this.e = g;
        this.b = URI.create("wss://" + ujz.a(ujnVar.a) + "/cable/connect/" + bgry.f.e().l(ujnVar.b) + "/" + bgry.f.e().l(g));
        this.i = ujj.CONNECTING;
        this.k = g(bArr, ujo.c(ujnVar), ukc.PSK, 32);
        this.l = new ujr(this.k, pair);
        this.f = ukbVar;
    }

    private static byte[] g(byte[] bArr, byte[] bArr2, ukc ukcVar, int i) {
        try {
            return bqys.l(new SecretKeySpec(bArr, "HmacSHA256"), bArr2, new byte[]{ukcVar.g, 0, 0, 0}, i);
        } catch (Exception e) {
            throw new ujv("Unable to derive key", e);
        }
    }

    @Override // defpackage.vcb
    public final void a() {
        ((bgjs) a.h()).x("websocket connected");
        this.i = ujj.CONNECTED;
        vca vcaVar = this.c;
        ujr ujrVar = this.l;
        bftz.b(ujrVar.e == null);
        if (ujrVar.a.g()) {
            ujrVar.d = new ujw(1);
            ujrVar.d.c(new byte[]{0});
            ujrVar.d.d(((ECPublicKey) ujrVar.a.c()).getW());
        } else {
            ujrVar.d = new ujw(2);
            ujrVar.d.c(new byte[]{1});
            ujrVar.d.d(((ECPublicKey) ((Pair) ujrVar.b.c()).first).getW());
        }
        ujrVar.d.f(ujrVar.c);
        ujrVar.e = ujr.a();
        byte[] g = ujw.g(((ECPublicKey) ujrVar.e.first).getW());
        ujrVar.d.c(g);
        ujrVar.d.e(g);
        if (ujrVar.a.g()) {
            ujrVar.d.e(ujr.c((ECPrivateKey) ujrVar.e.second, (ECPublicKey) ujrVar.a.c()));
        }
        vcaVar.e(bimm.b(g, ujrVar.d.h(new byte[0])));
    }

    @Override // defpackage.vcb
    public final void b() {
        ((bgjs) a.h()).x("tunnel disconnected");
        ((bgjs) uin.a.h()).x("Disconnected from Tunnel Server.");
    }

    @Override // defpackage.vcb
    public final void c(vcc vccVar) {
        ((bgjs) ((bgjs) a.i()).s(vccVar)).x("errors from websocket");
        this.f.d(2);
    }

    @Override // defpackage.vcb
    public final void d(HashMap hashMap) {
        pgf pgfVar = a;
        ((bgjs) pgfVar.h()).x("handshake headers are retrieved");
        if (hashMap.containsKey("Sec-WebSocket-Protocol") && ((String) hashMap.get("Sec-WebSocket-Protocol")).equals("fido.cable")) {
            return;
        }
        ((bgjs) pgfVar.i()).x("Tunnel server didn't select cable protocol");
        this.f.d(3);
    }

    @Override // defpackage.vcb
    public final void e(byte[] bArr) {
        ujr ujrVar;
        int length;
        uka ukaVar = uka.SHUTDOWN;
        ujj ujjVar = ujj.NONE;
        switch (this.i.ordinal()) {
            case 2:
                try {
                    ujrVar = this.l;
                    bftz.b(ujrVar.e != null);
                    length = bArr.length;
                } catch (ujv e) {
                    ((bgjs) a.i()).x("Handshake failed.");
                    this.f.d(3);
                }
                if (length <= 65) {
                    throw new ujv("handshake response too short");
                }
                byte[] copyOf = Arrays.copyOf(bArr, 65);
                byte[] copyOfRange = Arrays.copyOfRange(bArr, 65, length);
                ujrVar.d.c(copyOf);
                ujrVar.d.e(copyOf);
                ECPublicKey b = ujq.b(copyOf);
                ujrVar.d.e(ujr.c((ECPrivateKey) ujrVar.e.second, b));
                bfsa bfsaVar = ujrVar.b;
                if (bfsaVar.g()) {
                    ujrVar.d.e(ujr.c((ECPrivateKey) ((Pair) bfsaVar.c()).second, b));
                }
                bfsa b2 = ujrVar.d.b(copyOfRange);
                if (!b2.g() || ((byte[]) b2.c()).length != 0) {
                    throw new ujv("bad ciphertext");
                }
                Pair a2 = ujrVar.d.a();
                byte[] bArr2 = (byte[]) a2.first;
                byte[] bArr3 = (byte[]) a2.second;
                byte[] bArr4 = ujrVar.d.a;
                ujp ujpVar = new ujp(bArr2, bArr3);
                this.g = ujpVar.a;
                this.h = ujpVar.b;
                this.j = new ujl(this.g, this.h);
                this.i = ujj.HANDSHAKE_COMPLETE;
                return;
            case 3:
                bfsa a3 = this.j.a(bArr);
                if (!a3.g()) {
                    ((bgjs) a.i()).x("failed to decrypt hybrid message");
                    this.f.d(4);
                    return;
                }
                byte[] bArr5 = (byte[]) a3.c();
                if (bArr5.length == 0) {
                    ((bgjs) a.i()).x("invalid empty message");
                    this.f.d(4);
                    return;
                }
                try {
                    bqwc bqwcVar = (bqwc) bqwc.s(bArr5).n().a.get(bqwc.m(1L));
                    if (bqwcVar == null) {
                        ((bgjs) a.i()).x("Post handshake missing getInfoResponse.");
                        this.f.d(6);
                        return;
                    }
                    bqwcVar.j();
                    this.i = ujj.READY;
                    uka ukaVar2 = uka.CTAP;
                    byte[] e2 = this.d.e();
                    bftz.b(this.i.equals(ujj.READY));
                    ByteBuffer allocate = ByteBuffer.allocate(e2.length + 1);
                    allocate.order(ByteOrder.LITTLE_ENDIAN);
                    allocate.put(ukaVar2.d).put(e2);
                    bfsa b3 = this.j.b(allocate.array());
                    if (b3.g()) {
                        this.c.e((byte[]) b3.c());
                        return;
                    } else {
                        ((bgjs) a.i()).x("Failed to encrypt response");
                        this.f.d(5);
                        return;
                    }
                } catch (bqvv e3) {
                    e = e3;
                    ((bgjs) ((bgjs) a.i()).s(e)).x("Invalid post handshake method.");
                    this.f.d(6);
                    return;
                } catch (bqvw e4) {
                    ((bgjs) ((bgjs) a.i()).s(e4)).x("Invalid Ctap2 command.");
                    this.f.d(7);
                    return;
                } catch (bqwb e5) {
                    e = e5;
                    ((bgjs) ((bgjs) a.i()).s(e)).x("Invalid post handshake method.");
                    this.f.d(6);
                    return;
                }
            case 4:
                bfsa a4 = this.j.a(bArr);
                if (!a4.g()) {
                    ((bgjs) a.i()).x("failed to decrypt hybrid message");
                    this.f.d(4);
                    return;
                }
                byte[] bArr6 = (byte[]) a4.c();
                int length2 = bArr6.length;
                if (length2 == 0) {
                    ((bgjs) a.i()).x("invalid empty message");
                    this.f.d(4);
                    return;
                }
                try {
                    uka a5 = uka.a(bArr6[0]);
                    byte[] copyOfRange2 = Arrays.copyOfRange(bArr6, 1, length2);
                    switch (a5.ordinal()) {
                        case 1:
                            ukb ukbVar = this.f;
                            ((bgjs) uin.a.h()).x("Parsing CTAP2 message.");
                            try {
                                uah a6 = ubb.a(copyOfRange2, ((uin) ukbVar).d);
                                uag uagVar = ((uin) ukbVar).d;
                                bfri tupVar = uagVar instanceof uap ? new tup(((uin) ukbVar).e) : uagVar instanceof uas ? new tun(AttestationConveyancePreference.NONE, ((uin) ukbVar).e, true) : null;
                                if (tupVar == null) {
                                    ((bgjs) uin.a.i()).x("Unrecognized CTAP2 command.");
                                    ((uin) ukbVar).c.l(urs.a());
                                    ((uin) ukbVar).h.f();
                                    return;
                                }
                                PublicKeyCredential publicKeyCredential = (PublicKeyCredential) tupVar.e(a6);
                                publicKeyCredential.getClass();
                                AuthenticatorResponse a7 = publicKeyCredential.a();
                                Status status = Status.b;
                                bfqe bfqeVar = bfqe.a;
                                ((uin) ukbVar).c.l(new urs(status, bfqeVar, bfqeVar, bfsa.i(a7)));
                                ((uin) ukbVar).h.f();
                                return;
                            } catch (IOException e6) {
                                ((bgjs) ((bgjs) uin.a.i()).s(e6)).x("Error parsing CTAP2 message.");
                                uin uinVar = (uin) ukbVar;
                                uinVar.c.l(urs.a());
                                uinVar.h.f();
                                return;
                            }
                        case 2:
                            try {
                                bqwc.s(copyOfRange2);
                                return;
                            } catch (bqvv e7) {
                                ((bgjs) a.i()).x("invalid CBOR payload in update message");
                                this.f.d(6);
                                return;
                            }
                        default:
                            return;
                    }
                } catch (IllegalArgumentException e8) {
                    this.f.d(9);
                    return;
                }
            default:
                this.f.d(8);
                ((bgjs) a.i()).B("Invalid state: %s to handle tunnel data.", this.i);
                return;
        }
    }

    public final void f() {
        ((bgjs) a.h()).x("Shutting down websocket");
        if (this.i == ujj.READY) {
            this.c.e(new byte[]{uka.SHUTDOWN.d});
            this.c.b();
        }
        this.i = ujj.CLOSE;
    }
}
