package defpackage;

import android.util.Pair;
import com.google.android.gms.chimera.modules.fido.AppContextProvider;
import com.google.android.gms.common.api.Status;
import com.google.android.gms.fido.fido2.api.common.AttestationConveyancePreference;
import com.google.android.gms.fido.fido2.api.common.AuthenticatorAttestationResponse;
import com.google.android.gms.fido.fido2.api.common.PublicKeyCredential;
import java.io.IOException;
import java.net.URI;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidAlgorithmParameterException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: :com.google.android.gms@243863108@24.38.63 (080406-682049625) */
/* loaded from: classes2.dex */
public final class adhm implements aees {
    public final adyc c;
    public final adyg d = new adye(AppContextProvider.a());
    public final ECPublicKey e;
    public final byte[] f;
    public aeer g;
    public acxu h;
    public volatile adhl i;
    public volatile adyp j;
    private final URI l;
    private final String m;
    private final Pair n;
    private final bxuu o;
    private final byte[] p;
    private final adhf q;
    private byte[] r;
    private byte[] s;
    private byte[] t;
    private acwz u;
    private volatile adym v;
    public static final ztl a = adxz.c("ClientTunnelTransport");
    private static final clia k = new clia(1);
    public static final bypd b = bypd.f;

    public adhm(adhf adhfVar, URI uri, adyc adycVar, Pair pair, adyp adypVar, String str, byte[] bArr, ECPublicKey eCPublicKey, bxuu bxuuVar, byte[] bArr2) {
        this.i = adhl.NONE;
        this.p = bArr2;
        this.q = adhfVar;
        this.n = pair;
        this.j = adypVar;
        this.m = str;
        this.f = bArr;
        this.e = eCPublicKey;
        this.l = uri;
        this.o = bxuuVar;
        this.c = adycVar;
        this.i = adhl.CONNECTING;
    }

    public static byte[] i(byte[] bArr, byte[] bArr2, adhg adhgVar, int i) {
        try {
            return clku.k(new SecretKeySpec(bArr, "HmacSHA256"), bArr2, new byte[]{adhgVar.g, 0, 0, 0}, i);
        } catch (Exception e) {
            throw new adhx("Unable to derive key", e);
        }
    }

    private final void j(byte[] bArr) {
        adyp adypVar;
        int length;
        ((bygb) a.h()).x("handshake response received");
        this.d.y(this.c, aced.TYPE_HYBRID_HANDSHAKE_RESPONSE_RECEIVED);
        try {
            adypVar = this.j;
            bxlx.a(adypVar.e != null);
            length = bArr.length;
        } catch (InvalidAlgorithmParameterException unused) {
            ((bygb) a.i()).x("Handshake failed.");
            this.q.c(adhi.HANDSHAKE_FAILED);
        }
        if (length <= 65) {
            throw new InvalidAlgorithmParameterException("handshake response too short");
        }
        byte[] copyOf = Arrays.copyOf(bArr, 65);
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 65, length);
        adypVar.d.c(copyOf);
        adypVar.d.e(copyOf);
        ECPublicKey b2 = adyp.b(copyOf);
        adypVar.d.e(adyp.c((ECPrivateKey) adypVar.e.second, b2));
        bxjy bxjyVar = adypVar.b;
        if (bxjyVar.h()) {
            adypVar.d.e(adyp.c((ECPrivateKey) ((Pair) bxjyVar.c()).second, b2));
        }
        bxjy b3 = adypVar.d.b(copyOfRange);
        if (!b3.h() || ((byte[]) b3.c()).length != 0) {
            throw new InvalidAlgorithmParameterException("bad ciphertext");
        }
        Pair a2 = adypVar.d.a();
        adyn adynVar = new adyn((byte[]) a2.first, (byte[]) a2.second, adypVar.d.a);
        this.t = adynVar.c;
        this.r = adynVar.a;
        this.s = adynVar.b;
        this.v = new adym(this.r, this.s);
        this.i = adhl.HANDSHAKE_COMPLETE;
    }

    public final void a() {
        ztl ztlVar = a;
        ((bygb) ztlVar.h()).x("shutdown(): Shutting down websocket");
        this.d.y(this.c, aced.TYPE_HYBRID_SENDING_SHUTDOWN_MESSAGE);
        if (cpwp.h()) {
            if (this.i != adhl.READY) {
                ((bygb) ztlVar.j()).B("Shutdown message sent when state was %s", this.i);
            }
            h(adhe.SHUTDOWN, null);
            this.g.b();
        } else if (this.i == adhl.READY) {
            h(adhe.SHUTDOWN, null);
            this.g.b();
        }
        this.i = adhl.CLOSE;
    }

    @Override // defpackage.aees
    public final void b() {
        ztl ztlVar = a;
        ((bygb) ztlVar.h()).x("websocket connected");
        this.i = adhl.CONNECTED;
        if (this.j != null) {
            ((bygb) ztlVar.h()).x("Handshake message sent after websocket is connected.");
            this.d.y(this.c, aced.TYPE_HYBRID_SENDING_HANDSHAKE);
            this.g.e(this.j.d());
        }
    }

    @Override // defpackage.aees
    public final void c() {
        ((bygb) a.h()).x("tunnel disconnected");
        ((bygb) adgo.b.h()).x("Disconnected from Tunnel Server.");
        adgo adgoVar = (adgo) this.q;
        if (adgoVar.l) {
            return;
        }
        adgoVar.d.o(new adup(Status.f, bxhz.a));
    }

    @Override // defpackage.aees
    public final void d(aeet aeetVar) {
        byte[] bArr;
        zck.i();
        if (aeetVar.a == 410 && (bArr = this.p) != null && !adhw.f(bArr)) {
            ((bygb) a.j()).x("Failed to remove link data from HybridDataStore.");
        }
        ((bygb) ((bygb) a.i()).s(aeetVar)).x("errors from websocket");
        this.q.c(adhi.TUNNEL_SERVER_CONNECT_FAILED);
    }

    @Override // defpackage.aees
    public final void e(Map map) {
        ztl ztlVar = a;
        ((bygb) ztlVar.h()).B("handshake headers are retrieved: %s", map);
        if (map.containsKey("sec-websocket-protocol") && ((String) map.get("sec-websocket-protocol")).equals("fido.cable")) {
            return;
        }
        ((bygb) ztlVar.i()).x("Tunnel server didn't select cable protocol");
        this.q.c(adhi.HANDSHAKE_FAILED);
    }

    @Override // defpackage.aees
    public final void f(byte[] bArr) {
        acxu acxuVar;
        Pair pair;
        ztl ztlVar = a;
        ((bygb) ztlVar.h()).B("onMessage() with state: %s", this.i);
        int ordinal = this.i.ordinal();
        if (ordinal == 2) {
            j(bArr);
            return;
        }
        bxjg bxjgVar = null;
        r6 = null;
        List list = null;
        if (ordinal == 3) {
            ((bygb) ztlVar.h()).x("post handshake message received");
            this.d.y(this.c, aced.TYPE_HYBRID_POST_HANDSHAKE_RESPONSE_RECEIVED);
            if (this.v == null) {
                ((bygb) ztlVar.i()).x("crypter is null");
                this.q.c(adhi.DECRYPT_FAILURE);
                return;
            }
            bxjy a2 = this.v.a(bArr);
            if (!a2.h()) {
                ((bygb) ztlVar.i()).x("failed to decrypt hybrid message");
                this.q.c(adhi.DECRYPT_FAILURE);
                return;
            }
            Object c = a2.c();
            if (((byte[]) c).length == 0) {
                ((bygb) ztlVar.i()).x("invalid empty message");
                this.q.c(adhi.DECRYPT_FAILURE);
                return;
            }
            try {
                clif clifVar = (clif) clic.q((byte[]) c).m().a.get(new clia(1L));
                if (clifVar == null) {
                    ((bygb) ztlVar.i()).x("Post handshake missing getInfoResponse.");
                    this.q.c(adhi.INVALID_CBOR);
                    return;
                }
                if (cpwp.j()) {
                    this.h = acxu.b(clic.q(clifVar.j().d()).m());
                } else {
                    this.h = null;
                    clifVar.j();
                }
                this.i = adhl.READY;
                ((bygb) ztlVar.h()).B("CTAP message sent :%s", this.u);
                this.d.y(this.c, aced.TYPE_HYBRID_SENDING_CTAP_MESSAGE);
                h(adhe.CTAP, this.u.e());
                return;
            } catch (acxe e) {
                e = e;
                ((bygb) ((bygb) a.i()).s(e)).x("Invalid post handshake method.");
                this.q.c(adhi.INVALID_CBOR);
                return;
            } catch (clhy e2) {
                e = e2;
                ((bygb) ((bygb) a.i()).s(e)).x("Invalid post handshake method.");
                this.q.c(adhi.INVALID_CBOR);
                return;
            } catch (clhz e3) {
                ((bygb) ((bygb) a.i()).s(e3)).x("Invalid Ctap2 command.");
                this.q.c(adhi.INVALID_CTAP);
                return;
            } catch (clie e4) {
                e = e4;
                ((bygb) ((bygb) a.i()).s(e)).x("Invalid post handshake method.");
                this.q.c(adhi.INVALID_CBOR);
                return;
            }
        }
        if (ordinal != 4) {
            this.q.c(adhi.INTERNAL_ERROR);
            ((bygb) ztlVar.i()).B("Invalid state: %s to handle tunnel data.", this.i);
            return;
        }
        ((bygb) ztlVar.h()).x("CTAP messages received");
        this.d.y(this.c, aced.TYPE_HYBRID_CTAP_MESSAGE_RECEIVED);
        bxjy a3 = this.v.a(bArr);
        if (!a3.h()) {
            ((bygb) ztlVar.i()).x("failed to decrypt hybrid message");
            this.q.c(adhi.DECRYPT_FAILURE);
            return;
        }
        Object c2 = a3.c();
        byte[] bArr2 = (byte[]) c2;
        int length = bArr2.length;
        if (length == 0) {
            ((bygb) ztlVar.i()).x("invalid empty message");
            this.q.c(adhi.DECRYPT_FAILURE);
            return;
        }
        try {
            adhe a4 = adhe.a(((byte[]) c2)[0]);
            ((bygb) ztlVar.h()).B("Message received with type: %s", a4);
            byte[] copyOfRange = Arrays.copyOfRange(bArr2, 1, length);
            int ordinal2 = a4.ordinal();
            if (ordinal2 == 1) {
                adhf adhfVar = this.q;
                ((bygb) adgo.b.h()).x("Parsing CTAP2 message.");
                adgo adgoVar = (adgo) adhfVar;
                adgoVar.l = true;
                try {
                    acxa a5 = acxx.a(copyOfRange, ((adgo) adhfVar).e);
                    ((bygb) adgo.b.h()).B("Parsed ctap2Response: %s", a5);
                    acwz acwzVar = ((adgo) adhfVar).e;
                    if (acwzVar instanceof acxk) {
                        bxjgVar = new actx(((adgo) adhfVar).f, null);
                    } else if (acwzVar instanceof acxn) {
                        if (cpwp.j() && (acxuVar = ((adgo) adhfVar).k.h) != null) {
                            list = acxuVar.C;
                        }
                        bxjgVar = new actv(AttestationConveyancePreference.DIRECT, ((adgo) adhfVar).f, true, list, null);
                    }
                    if (bxjgVar == null) {
                        ((bygb) adgo.b.i()).x("Unrecognized CTAP2 command.");
                        ((adgo) adhfVar).d.g(aced.TYPE_HYBRID_GENERATE_CTAP_RESPONSE_ERROR);
                        ((adgo) adhfVar).d.o(new adup(Status.f, bxhz.a));
                        ((adgo) adhfVar).k.a();
                        return;
                    }
                    ((adgo) adhfVar).d.g(aced.TYPE_HYBRID_RECEIVED_SUCCESS_CTAP_RESPONSE);
                    PublicKeyCredential publicKeyCredential = (PublicKeyCredential) bxjgVar.e(a5);
                    AuthenticatorAttestationResponse authenticatorAttestationResponse = publicKeyCredential.e;
                    if (authenticatorAttestationResponse != null) {
                        addo addoVar = new addo();
                        addoVar.d(authenticatorAttestationResponse.d());
                        addoVar.c(authenticatorAttestationResponse.c());
                        addoVar.b(authenticatorAttestationResponse.b());
                        addoVar.e(adgo.a);
                        adet adetVar = new adet();
                        adetVar.c = addoVar.a();
                        adetVar.b(publicKeyCredential.f());
                        adetVar.a = publicKeyCredential.b;
                        adetVar.d = publicKeyCredential.h;
                        publicKeyCredential = adetVar.a();
                    }
                    ((bygb) adgo.b.h()).B("Received success CTAP2 response: %s", publicKeyCredential);
                    ((adgo) adhfVar).d.o(new adup(Status.b, bxjy.j(publicKeyCredential)));
                    ((adgo) adhfVar).k.a();
                    return;
                } catch (IOException | IllegalArgumentException e5) {
                    ((bygb) ((bygb) adgo.b.i()).s(e5)).x("Error parsing CTAP2 message.");
                    adgoVar.d.g(aced.TYPE_HYBRID_GENERATE_CTAP_RESPONSE_ERROR);
                    adgoVar.d.o(new adup(Status.f, bxhz.a));
                    adgoVar.k.a();
                    return;
                }
            }
            if (ordinal2 != 2) {
                return;
            }
            try {
                clif q = clif.q(copyOfRange);
                ((bygb) ztlVar.h()).x("handle link data message");
                try {
                    clif clifVar2 = (clif) q.m().a.get(k);
                    if (clifVar2 == null) {
                        ((bygb) ztlVar.h()).x("This update message doesn't contain the link message");
                        return;
                    }
                    this.d.y(this.c, aced.TYPE_HYBRID_LINK_DATA_RECEIVED);
                    try {
                        byte[] s = clifVar2.s();
                        String str = this.m;
                        if (str == null || (pair = this.n) == null) {
                            ((bygb) ztlVar.h()).x("Missing necessary data to parse the link data");
                            return;
                        }
                        try {
                            adhy b2 = adhy.b(s, str, (ECPrivateKey) pair.second, this.t);
                            zck.i();
                            if (b2.b != null && b2.c != null && b2.d != null && b2.e != null && b2.g.h()) {
                                bxul d = adhw.d();
                                int i = ((bycf) d).c;
                                for (int i2 = 0; i2 < i; i2++) {
                                    adhy adhyVar = (adhy) d.get(i2);
                                    if (adhyVar.d.equals(b2.d)) {
                                        adhw.f(adhyVar.b);
                                    }
                                }
                                String m = adhw.a.m(b2.b);
                                try {
                                    try {
                                        String m2 = adhw.a.m(clif.o(new clib(adhw.c, new clid(b2.a)), new clib(adhw.b, clif.k(adhy.f(b2.d))), new clib(adhw.d, clif.k(b2.c)), new clib(adhw.e, new clid(b2.e)), new clib(adhw.f, new clid((String) b2.g.c()))).s());
                                        aobc c3 = adhw.c("com.google.android.gms.fido.fido2.common.hybrid.HybridDataStore.Client").c();
                                        c3.g(m, m2);
                                        if (aobf.g(c3)) {
                                            ((bygb) a.h()).x("Successfully stored the link data");
                                            return;
                                        }
                                    } catch (clhu | clhz e6) {
                                        throw new adhx("Serializing the authenticator link data failed", e6);
                                    }
                                } catch (adhx unused) {
                                }
                            }
                            ((bygb) a.j()).x("Failed to store the link data");
                        } catch (adhx e7) {
                            ((bygb) ((bygb) a.h()).s(e7)).x("Invalid link data");
                        }
                    } catch (clhz e8) {
                        ((bygb) ((bygb) a.h()).s(e8)).x("Encoding the link data in CborValue to byte array failed");
                    }
                } catch (clie e9) {
                    ((bygb) ((bygb) a.h()).s(e9)).x("A possible link data with an unsupported type");
                }
            } catch (clhy unused2) {
                ((bygb) a.i()).x("invalid CBOR payload in update message");
                this.q.c(adhi.INVALID_CBOR);
            }
        } catch (IllegalArgumentException unused3) {
            this.q.c(adhi.INVALID_MESSAGE_TYPE_BYTE);
        }
    }

    public final void g(acwz acwzVar) {
        zck.i();
        ztl ztlVar = a;
        ((bygb) ztlVar.h()).x("startConnecting(): start reading");
        this.u = acwzVar;
        ((bygb) ztlVar.h()).Q("starting websocket with URL: %s, headers: %s, protocol: %s", this.l, this.o, "fido.cable");
        this.d.y(this.c, aced.TYPE_HYBRID_WEBSOCKET_STARTED);
        bxuu bxuuVar = this.o;
        if (bxuuVar == null) {
            this.g = new aeer(this.l, this);
        } else {
            this.g = new aeer(this.l, this, bxuuVar);
        }
        this.g.d();
    }

    public final void h(adhe adheVar, byte[] bArr) {
        ztl ztlVar = a;
        ((bygb) ztlVar.h()).M("write() msgType: %s with state: %s", adheVar, this.i);
        if (!cpwp.h()) {
            bxlx.a(this.i.equals(adhl.READY));
        } else if (adheVar != adhe.SHUTDOWN) {
            bxlx.a(this.i.equals(adhl.READY));
        } else if (this.i.equals(adhl.CLOSE)) {
            return;
        }
        ByteBuffer allocate = ByteBuffer.allocate((bArr == null ? 0 : bArr.length) + 1);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.put(adheVar.d);
        if (bArr != null) {
            allocate.put(bArr);
        }
        bxjy b2 = this.v.b(allocate.array());
        if (b2.h()) {
            this.g.e((byte[]) b2.c());
        } else {
            ((bygb) ztlVar.i()).x("Failed to encrypt response");
            this.q.c(adhi.ENCRYPT_FAILURE);
        }
    }
}
