package defpackage;

import android.util.Pair;
import com.google.android.gms.chimera.modules.fido.AppContextProvider;
import com.google.android.gms.common.api.Status;
import com.google.android.gms.fido.fido2.api.common.AttestationConveyancePreference;
import com.google.android.gms.fido.fido2.api.common.AuthenticatorAttestationResponse;
import com.google.android.gms.fido.fido2.api.common.PublicKeyCredential;
import java.io.IOException;
import java.net.URI;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.StandardCharsets;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.util.Arrays;
import java.util.Map;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: :com.google.android.gms@232414109@23.24.14 (080306-544099984) */
/* loaded from: classes2.dex */
public final class urk implements vnh {
    public final ECPublicKey c;
    public final byte[] d;
    public vng e;
    public volatile urj f;
    public volatile urs g;
    private final URI i;
    private final vfe j;
    private final vfi k = vfh.c(AppContextProvider.a());
    private final String l;
    private final Pair m;
    private final bhzi n;
    private final byte[] o;
    private final usg p;
    private byte[] q;
    private byte[] r;
    private byte[] s;
    private ugt t;
    private volatile url u;
    public static final qqw a = vfc.c("ClientTunnelTransport");
    private static final btms h = btmx.n(1);
    public static final bisd b = bisd.f;

    public urk(usg usgVar, URI uri, vfe vfeVar, Pair pair, urs ursVar, String str, byte[] bArr, ECPublicKey eCPublicKey, bhzi bhziVar, byte[] bArr2) {
        this.f = urj.NONE;
        this.o = bArr2;
        this.p = usgVar;
        this.m = pair;
        this.g = ursVar;
        this.l = str;
        this.d = bArr;
        this.c = eCPublicKey;
        this.i = uri;
        this.n = bhziVar;
        this.j = vfeVar;
        this.f = urj.CONNECTING;
    }

    public static byte[] h(byte[] bArr, byte[] bArr2, ush ushVar, int i) {
        try {
            return btpn.k(new SecretKeySpec(bArr, "HmacSHA256"), bArr2, new byte[]{ushVar.g, 0, 0, 0}, i);
        } catch (Exception e) {
            throw new ury("Unable to derive key", e);
        }
    }

    @Override // defpackage.vnh
    public final void a() {
        ((bijy) a.h()).x("websocket connected");
        this.f = urj.CONNECTED;
        if (this.g != null) {
            this.e.e(this.g.d());
        }
    }

    @Override // defpackage.vnh
    public final void b() {
        ((bijy) a.h()).x("tunnel disconnected");
        ((bijy) uqn.b.h()).x("Disconnected from Tunnel Server.");
    }

    @Override // defpackage.vnh
    public final void c(vni vniVar) {
        byte[] bArr;
        qaj.i();
        if (vniVar.a == 410 && (bArr = this.o) != null && !urx.f(bArr)) {
            ((bijy) a.j()).x("Failed to remove link data from HybridDataStore.");
        }
        ((bijy) ((bijy) a.i()).s(vniVar)).x("errors from websocket");
        this.p.c(usj.TUNNEL_SERVER_CONNECT_FAILED);
    }

    @Override // defpackage.vnh
    public final void d(Map map) {
        qqw qqwVar = a;
        ((bijy) qqwVar.h()).x("handshake headers are retrieved");
        if (map.containsKey("sec-websocket-protocol") && ((String) map.get("sec-websocket-protocol")).equals("fido.cable")) {
            return;
        }
        ((bijy) qqwVar.i()).x("Tunnel server didn't select cable protocol");
        this.p.c(usj.HANDSHAKE_FAILED);
    }

    @Override // defpackage.vnh
    public final void e(byte[] bArr) {
        urs ursVar;
        int length;
        Pair pair;
        switch (this.f.ordinal()) {
            case 2:
                ((bijy) a.h()).x("handshake response received");
                this.k.u(this.j, tml.TYPE_HYBRID_HANDSHAKE_RESPONSE_RECEIVED);
                try {
                    ursVar = this.g;
                    bhry.a(ursVar.e != null);
                    length = bArr.length;
                } catch (ury e) {
                    ((bijy) a.i()).x("Handshake failed.");
                    this.p.c(usj.HANDSHAKE_FAILED);
                }
                if (length <= 65) {
                    throw new ury("handshake response too short");
                }
                byte[] copyOf = Arrays.copyOf(bArr, 65);
                byte[] copyOfRange = Arrays.copyOfRange(bArr, 65, length);
                ursVar.d.c(copyOf);
                ursVar.d.e(copyOf);
                ECPublicKey b2 = urr.b(copyOf);
                ursVar.d.e(urs.c((ECPrivateKey) ursVar.e.second, b2));
                bhqa bhqaVar = ursVar.b;
                if (bhqaVar.h()) {
                    ursVar.d.e(urs.c((ECPrivateKey) ((Pair) bhqaVar.c()).second, b2));
                }
                bhqa b3 = ursVar.d.b(copyOfRange);
                if (!b3.h() || ((byte[]) b3.c()).length != 0) {
                    throw new ury("bad ciphertext");
                }
                Pair a2 = ursVar.d.a();
                urq urqVar = new urq((byte[]) a2.first, (byte[]) a2.second, ursVar.d.a);
                this.s = urqVar.c;
                this.q = urqVar.a;
                this.r = urqVar.b;
                this.u = new url(this.q, this.r);
                this.f = urj.HANDSHAKE_COMPLETE;
                return;
            case 3:
                qqw qqwVar = a;
                ((bijy) qqwVar.h()).x("post handshake message received");
                this.k.u(this.j, tml.TYPE_HYBRID_POST_HANDSHAKE_RESPONSE_RECEIVED);
                bhqa a3 = this.u.a(bArr);
                if (!a3.h()) {
                    ((bijy) qqwVar.i()).x("failed to decrypt hybrid message");
                    this.p.c(usj.DECRYPT_FAILURE);
                    return;
                }
                Object c = a3.c();
                if (((byte[]) c).length == 0) {
                    ((bijy) qqwVar.i()).x("invalid empty message");
                    this.p.c(usj.DECRYPT_FAILURE);
                    return;
                }
                try {
                    btmx btmxVar = (btmx) btmx.t((byte[]) c).o().a.get(btmx.n(1L));
                    if (btmxVar == null) {
                        ((bijy) qqwVar.i()).x("Post handshake missing getInfoResponse.");
                        this.p.c(usj.INVALID_CBOR);
                        return;
                    }
                    btmxVar.k();
                    this.f = urj.READY;
                    ((bijy) qqwVar.h()).x("CTAP message sent");
                    usf usfVar = usf.CTAP;
                    byte[] e2 = this.t.e();
                    bhry.a(this.f.equals(urj.READY));
                    ByteBuffer allocate = ByteBuffer.allocate(e2.length + 1);
                    allocate.order(ByteOrder.LITTLE_ENDIAN);
                    allocate.put(usfVar.d).put(e2);
                    bhqa b4 = this.u.b(allocate.array());
                    if (b4.h()) {
                        this.e.e((byte[]) b4.c());
                        return;
                    } else {
                        ((bijy) qqwVar.i()).x("Failed to encrypt response");
                        this.p.c(usj.ENCRYPT_FAILURE);
                        return;
                    }
                } catch (btmq e3) {
                    e = e3;
                    ((bijy) ((bijy) a.i()).s(e)).x("Invalid post handshake method.");
                    this.p.c(usj.INVALID_CBOR);
                    return;
                } catch (btmr e4) {
                    ((bijy) ((bijy) a.i()).s(e4)).x("Invalid Ctap2 command.");
                    this.p.c(usj.INVALID_CTAP);
                    return;
                } catch (btmw e5) {
                    e = e5;
                    ((bijy) ((bijy) a.i()).s(e)).x("Invalid post handshake method.");
                    this.p.c(usj.INVALID_CBOR);
                    return;
                }
            case 4:
                qqw qqwVar2 = a;
                ((bijy) qqwVar2.h()).x("CTAP messages received");
                this.k.u(this.j, tml.TYPE_HYBRID_CTAP_MESSAGE_RECEIVED);
                bhqa a4 = this.u.a(bArr);
                if (!a4.h()) {
                    ((bijy) qqwVar2.i()).x("failed to decrypt hybrid message");
                    this.p.c(usj.DECRYPT_FAILURE);
                    return;
                }
                Object c2 = a4.c();
                byte[] bArr2 = (byte[]) c2;
                int length2 = bArr2.length;
                if (length2 == 0) {
                    ((bijy) qqwVar2.i()).x("invalid empty message");
                    this.p.c(usj.DECRYPT_FAILURE);
                    return;
                }
                try {
                    usf a5 = usf.a(((byte[]) c2)[0]);
                    ((bijy) qqwVar2.h()).B("Message received with type: %s", a5);
                    byte[] copyOfRange2 = Arrays.copyOfRange(bArr2, 1, length2);
                    switch (a5.ordinal()) {
                        case 1:
                            usg usgVar = this.p;
                            ((bijy) uqn.b.h()).x("Parsing CTAP2 message.");
                            try {
                                ugu a6 = uhr.a(copyOfRange2, ((uqn) usgVar).e);
                                ugt ugtVar = ((uqn) usgVar).e;
                                bhpi uazVar = ugtVar instanceof uhe ? new uaz(((uqn) usgVar).f) : ugtVar instanceof uhh ? new uax(AttestationConveyancePreference.NONE, ((uqn) usgVar).f, true) : null;
                                if (uazVar == null) {
                                    ((bijy) uqn.b.i()).x("Unrecognized CTAP2 command.");
                                    ((uqn) usgVar).d.f(tml.TYPE_HYBRID_GENERATE_CTAP_RESPONSE_ERROR);
                                    ((uqn) usgVar).d.l(vch.a());
                                    ((uqn) usgVar).k.f();
                                    return;
                                }
                                PublicKeyCredential publicKeyCredential = (PublicKeyCredential) uazVar.e(a6);
                                AuthenticatorAttestationResponse authenticatorAttestationResponse = publicKeyCredential.e;
                                if (authenticatorAttestationResponse != null) {
                                    unk unkVar = new unk();
                                    unkVar.d(authenticatorAttestationResponse.a);
                                    unkVar.c(authenticatorAttestationResponse.b);
                                    unkVar.b(authenticatorAttestationResponse.c);
                                    unkVar.e(uqn.a);
                                    uom uomVar = new uom();
                                    uomVar.c = unkVar.a();
                                    uomVar.b = publicKeyCredential.d;
                                    uomVar.a = publicKeyCredential.b;
                                    uomVar.d = publicKeyCredential.h;
                                    publicKeyCredential = uomVar.a();
                                }
                                ((uqn) usgVar).d.l(new vch(Status.b, bhqa.j(publicKeyCredential)));
                                ((uqn) usgVar).k.f();
                                return;
                            } catch (IOException | IllegalArgumentException e6) {
                                ((bijy) ((bijy) uqn.b.i()).s(e6)).x("Error parsing CTAP2 message.");
                                uqn uqnVar = (uqn) usgVar;
                                uqnVar.d.f(tml.TYPE_HYBRID_GENERATE_CTAP_RESPONSE_ERROR);
                                uqnVar.d.l(vch.a());
                                uqnVar.k.f();
                                return;
                            }
                        case 2:
                            try {
                                btmx t = btmx.t(copyOfRange2);
                                ((bijy) qqwVar2.h()).x("handle link data message");
                                try {
                                    btmx btmxVar2 = (btmx) t.o().a.get(h);
                                    if (btmxVar2 == null) {
                                        ((bijy) qqwVar2.h()).x("This update message doesn't contain the link message");
                                        return;
                                    }
                                    this.k.u(this.j, tml.TYPE_HYBRID_LINK_DATA_RECEIVED);
                                    try {
                                        byte[] v = btmxVar2.v();
                                        String str = this.l;
                                        if (str == null || (pair = this.m) == null) {
                                            ((bijy) qqwVar2.h()).x("Missing necessary data to parse the link data");
                                            return;
                                        }
                                        try {
                                            ECPrivateKey eCPrivateKey = (ECPrivateKey) pair.second;
                                            byte[] bArr3 = this.s;
                                            try {
                                                biaq biaqVar = btmx.t(v).o().a;
                                                String str2 = new String(urz.f(biaqVar, urz.a), StandardCharsets.UTF_8);
                                                byte[] f = urz.f(biaqVar, urz.b);
                                                byte[] f2 = urz.f(biaqVar, urz.c);
                                                ECPublicKey b5 = urr.b(urz.f(biaqVar, urz.d));
                                                btms btmsVar = urz.e;
                                                if (!biaqVar.containsKey(btmsVar)) {
                                                    throw new ury("Key does not exist in the link data: ".concat(btmsVar.toString()));
                                                }
                                                try {
                                                    String str3 = ((btmx) biaqVar.get(btmsVar)).r().a;
                                                    byte[] f3 = urz.f(biaqVar, urz.f);
                                                    if (!Arrays.equals(f3, urz.c(eCPrivateKey, b5, bArr3))) {
                                                        throw new ury("Link signature verification failed");
                                                    }
                                                    urz urzVar = new urz(str2, f, f2, b5, str3, bhqa.j(f3), bhqa.j(str));
                                                    qaj.i();
                                                    if (urzVar.h != null && urzVar.i != null && urzVar.j != null && urzVar.k != null && urzVar.m.h()) {
                                                        bhzb d = urx.d();
                                                        int i = ((bigg) d).c;
                                                        for (int i2 = 0; i2 < i; i2++) {
                                                            urz urzVar2 = (urz) d.get(i2);
                                                            if (urzVar2.j.equals(urzVar.j)) {
                                                                urx.f(urzVar2.h);
                                                            }
                                                        }
                                                        String l = urx.a.l(urzVar.h);
                                                        try {
                                                            try {
                                                                String l2 = urx.a.l(btmx.q(new btmt(urx.c, btmx.s(urzVar.g)), new btmt(urx.b, btmx.l(urz.e(urzVar.j))), new btmt(urx.d, btmx.l(urzVar.i)), new btmt(urx.e, btmx.s(urzVar.k)), new btmt(urx.f, btmx.s((String) urzVar.m.c()))).v());
                                                                abrn c3 = urx.c("com.google.android.gms.fido.fido2.common.hybrid.HybridDataStore.Client").c();
                                                                c3.g(l, l2);
                                                                if (abrq.g(c3)) {
                                                                    ((bijy) a.h()).x("Successfully stored the link data");
                                                                    return;
                                                                }
                                                            } catch (btmm | btmr e7) {
                                                                throw new ury("Serializing the authenticator link data failed", e7);
                                                            }
                                                        } catch (ury e8) {
                                                        }
                                                    }
                                                    ((bijy) a.h()).x("Failed to store the link data");
                                                    return;
                                                } catch (btmw e9) {
                                                    throw new ury("Invalid data type from the link data", e9);
                                                }
                                            } catch (btmq e10) {
                                                e = e10;
                                                throw new ury("Link data is not a CBOR map", e);
                                            } catch (btmw e11) {
                                                e = e11;
                                                throw new ury("Link data is not a CBOR map", e);
                                            }
                                        } catch (ury e12) {
                                            ((bijy) ((bijy) a.h()).s(e12)).x("Invalid link data");
                                            return;
                                        }
                                    } catch (btmr e13) {
                                        ((bijy) ((bijy) a.h()).s(e13)).x("Encoding the link data in CborValue to byte array failed");
                                        return;
                                    }
                                } catch (btmw e14) {
                                    ((bijy) ((bijy) a.h()).s(e14)).x("A possible link data with an unsupported type");
                                    return;
                                }
                            } catch (btmq e15) {
                                ((bijy) a.i()).x("invalid CBOR payload in update message");
                                this.p.c(usj.INVALID_CBOR);
                                return;
                            }
                        default:
                            return;
                    }
                } catch (IllegalArgumentException e16) {
                    this.p.c(usj.INVALID_MESSAGE_TYPE_BYTE);
                    return;
                }
            default:
                this.p.c(usj.INTERNAL_ERROR);
                ((bijy) a.i()).B("Invalid state: %s to handle tunnel data.", this.f);
                return;
        }
    }

    public final void f() {
        ((bijy) a.h()).x("Shutting down websocket");
        if (this.f == urj.READY) {
            this.e.e(new byte[]{usf.SHUTDOWN.d});
            this.e.b();
        }
        this.f = urj.CLOSE;
    }

    public final void g(ugt ugtVar) {
        qaj.i();
        qqw qqwVar = a;
        ((bijy) qqwVar.h()).x("start reading");
        this.t = ugtVar;
        ((bijy) qqwVar.h()).B("starting websocket with URL: %s", this.i);
        this.k.u(this.j, tml.TYPE_HYBRID_WEBSOCKET_STARTED);
        if (this.n == null) {
            this.e = new vng(this.i, this);
        } else {
            this.e = new vng(this.i, this, this.n);
        }
        this.e.d();
    }
}
