package at.asit.webauthnclient.internal.drivers.libfido2;

import at.asit.webauthnclient.PublicKeyCredential;
import at.asit.webauthnclient.constants.AttestationConveyancePreference;
import at.asit.webauthnclient.constants.AuthenticatorAttachment;
import at.asit.webauthnclient.constants.ResidentKeyRequirement;
import at.asit.webauthnclient.constants.UserVerificationRequirement;
import at.asit.webauthnclient.exceptions.WebAuthNOperationFailed;
import at.asit.webauthnclient.exceptions.WebAuthNOperationTimeout;
import at.asit.webauthnclient.exceptions.WebAuthNUserCancelled;
import at.asit.webauthnclient.internal.drivers.libfido2.devices.Device;
import at.asit.webauthnclient.internal.drivers.libfido2.devices.DeviceInfo;
import at.asit.webauthnclient.internal.drivers.libfido2.devices.DeviceWatcher;
import at.asit.webauthnclient.internal.drivers.libfido2.operations.CreateCredentialOperation;
import at.asit.webauthnclient.internal.generic.AuthenticatorSelectionCriteria;
import at.asit.webauthnclient.internal.generic.CollectedClientData;
import at.asit.webauthnclient.internal.generic.PointerToBlob;
import at.asit.webauthnclient.internal.generic.PublicKeyCredentialDescriptor;
import at.asit.webauthnclient.internal.generic.Util;
import at.asit.webauthnclient.internal.ux.UXAccessor;
import at.asit.webauthnclient.options.PublicKeyCredentialRpEntity;
import at.asit.webauthnclient.options.PublicKeyCredentialUserEntity;
import at.asit.webauthnclient.responsefields.AuthenticatorAttestationResponse;
import at.asit.webauthnclient.ux.WebAuthNUXInterface;
import com.google.iot.cbor.CborByteString;
import com.google.iot.cbor.CborMap;
import com.google.iot.cbor.CborTextString;
import com.sun.jna.Pointer;
import com.sun.jna.ptr.PointerByReference;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.Future;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:at/asit/webauthnclient/internal/drivers/libfido2/WebAuthNCreateTask.class */
public class WebAuthNCreateTask extends CompletableFuture<PublicKeyCredential<AuthenticatorAttestationResponse>> implements Runnable {
    private static final Logger log = LoggerFactory.getLogger(WebAuthNCreateTask.class);
    private Thread thread;

    @Nonnull
    private PublicKeyCredentialRpEntity rp;

    @Nonnull
    private PublicKeyCredentialUserEntity user;

    @Nonnull
    private byte[] clientDataJSON;

    @Nonnull
    private List<Long> publicKeyAlgs;

    @Nonnull
    private List<PublicKeyCredentialDescriptor> excludeCredentials;

    @Nonnull
    private AuthenticatorSelectionCriteria authenticatorCriteria;

    @Nonnull
    private AttestationConveyancePreference attestationPreference;
    private long timeout;
    private Object cancelMutex = new Object();
    boolean shouldCancel = false;
    private boolean currentStatusHasDevice = false;
    private Future<Void> currentStatusDialog = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: at.asit.webauthnclient.internal.drivers.libfido2.WebAuthNCreateTask$1, reason: invalid class name */
    /* loaded from: input_file:at/asit/webauthnclient/internal/drivers/libfido2/WebAuthNCreateTask$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$at$asit$webauthnclient$constants$AuthenticatorAttachment;
        static final /* synthetic */ int[] $SwitchMap$at$asit$webauthnclient$constants$ResidentKeyRequirement;
        static final /* synthetic */ int[] $SwitchMap$at$asit$webauthnclient$constants$UserVerificationRequirement;
        static final /* synthetic */ int[] $SwitchMap$at$asit$webauthnclient$constants$AttestationConveyancePreference = new int[AttestationConveyancePreference.values().length];

        static {
            try {
                $SwitchMap$at$asit$webauthnclient$constants$AttestationConveyancePreference[AttestationConveyancePreference.ENTERPRISE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            $SwitchMap$at$asit$webauthnclient$constants$UserVerificationRequirement = new int[UserVerificationRequirement.values().length];
            try {
                $SwitchMap$at$asit$webauthnclient$constants$UserVerificationRequirement[UserVerificationRequirement.REQUIRED.ordinal()] = 1;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$at$asit$webauthnclient$constants$UserVerificationRequirement[UserVerificationRequirement.PREFERRED.ordinal()] = 2;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$at$asit$webauthnclient$constants$UserVerificationRequirement[UserVerificationRequirement.DISCOURAGED.ordinal()] = 3;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$at$asit$webauthnclient$constants$ResidentKeyRequirement = new int[ResidentKeyRequirement.values().length];
            try {
                $SwitchMap$at$asit$webauthnclient$constants$ResidentKeyRequirement[ResidentKeyRequirement.REQUIRED.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$at$asit$webauthnclient$constants$ResidentKeyRequirement[ResidentKeyRequirement.PREFERRED.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$at$asit$webauthnclient$constants$ResidentKeyRequirement[ResidentKeyRequirement.DISCOURAGED.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
            $SwitchMap$at$asit$webauthnclient$constants$AuthenticatorAttachment = new int[AuthenticatorAttachment.values().length];
            try {
                $SwitchMap$at$asit$webauthnclient$constants$AuthenticatorAttachment[AuthenticatorAttachment.PLATFORM.ordinal()] = 1;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$at$asit$webauthnclient$constants$AuthenticatorAttachment[AuthenticatorAttachment.CROSS_PLATFORM.ordinal()] = 2;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$at$asit$webauthnclient$constants$AuthenticatorAttachment[AuthenticatorAttachment.ANY.ordinal()] = 3;
            } catch (NoSuchFieldError e10) {
            }
        }
    }

    @Override // java.util.concurrent.CompletableFuture, java.util.concurrent.Future
    public boolean cancel(boolean z) {
        synchronized (this.cancelMutex) {
            if (isDone()) {
                return false;
            }
            this.shouldCancel = true;
            return true;
        }
    }

    private void checkCancellation() throws WebAuthNUserCancelled {
        synchronized (this.cancelMutex) {
            if (this.shouldCancel) {
                throw new WebAuthNUserCancelled("NotAllowedError", "Software-initiated cancellation");
            }
        }
    }

    private static boolean deviceMeetsCriteria(Device device, AuthenticatorSelectionCriteria authenticatorSelectionCriteria) {
        if (authenticatorSelectionCriteria.authenticatorAttachment != null) {
            switch (AnonymousClass1.$SwitchMap$at$asit$webauthnclient$constants$AuthenticatorAttachment[authenticatorSelectionCriteria.authenticatorAttachment.ordinal()]) {
                case libfido2.FIDO_OPT_FALSE /* 1 */:
                    if (!device.isPlatformAuthenticator()) {
                        return false;
                    }
                    break;
                case libfido2.FIDO_OPT_TRUE /* 2 */:
                    if (device.isPlatformAuthenticator()) {
                        return false;
                    }
                    break;
            }
        }
        if ((!ResidentKeyRequirement.REQUIRED.equals(authenticatorSelectionCriteria.residentKey) || device.isResidentKeyCapable()) && device.isUserPresenceCapable()) {
            return !UserVerificationRequirement.REQUIRED.equals(authenticatorSelectionCriteria.userVerification) || device.isNativeUVSupported() || device.isClientPINSupported();
        }
        return false;
    }

    private void updateStatusDialog(@Nonnull WebAuthNUXInterface.Context context, boolean z) throws Throwable {
        if (this.currentStatusDialog != null && this.currentStatusDialog.isDone()) {
            try {
                UXAccessor.unwrapBlocking(this.currentStatusDialog, () -> {
                    checkCancellation();
                    return false;
                });
            } catch (Throwable th) {
                if (!(th instanceof WebAuthNUXInterface.UserCancelled)) {
                    throw th;
                }
                throw new WebAuthNUserCancelled("NotAllowedError", "Software-initiated cancellation");
            }
        }
        if (this.currentStatusDialog == null || this.currentStatusHasDevice != z) {
            if (this.currentStatusDialog != null) {
                this.currentStatusDialog.cancel(true);
            }
            this.currentStatusHasDevice = z;
            if (this.currentStatusHasDevice) {
                this.currentStatusDialog = UXAccessor.get().RequestUserPresence(context, null);
            } else {
                this.currentStatusDialog = UXAccessor.get().NotifyNoDevicesAvailable(context);
            }
        }
    }

    /* JADX WARN: Finally extract failed */
    @Override // java.lang.Runnable
    public void run() {
        Object operationResult;
        boolean z;
        boolean z2;
        log.debug("attempting credential creation");
        try {
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(this.clientDataJSON);
            long nanoTime = System.nanoTime() + (this.timeout * 1000000);
            ArrayList arrayList = new ArrayList();
            WebAuthNUXInterface.Context ctx = UXAccessor.ctx(this.user, this.rp);
            try {
                DeviceWatcher deviceWatcher = new DeviceWatcher();
                while (System.nanoTime() < nanoTime) {
                    checkCancellation();
                    List<DeviceInfo> newDevices = deviceWatcher.newDevices();
                    updateStatusDialog(ctx, (arrayList.isEmpty() && newDevices.isEmpty()) ? false : true);
                    boolean z3 = arrayList.isEmpty() && newDevices.size() == 1;
                    for (DeviceInfo deviceInfo : newDevices) {
                        Device open = deviceInfo.open();
                        try {
                            AuthenticatorSelectionCriteria authenticatorSelectionCriteria = this.authenticatorCriteria;
                            if (deviceMeetsCriteria(open, authenticatorSelectionCriteria)) {
                                switch (AnonymousClass1.$SwitchMap$at$asit$webauthnclient$constants$ResidentKeyRequirement[authenticatorSelectionCriteria.residentKey.ordinal()]) {
                                    case libfido2.FIDO_OPT_FALSE /* 1 */:
                                        z = true;
                                        break;
                                    case libfido2.FIDO_OPT_TRUE /* 2 */:
                                        z = open.isResidentKeyCapable();
                                        break;
                                    case 3:
                                    default:
                                        z = false;
                                        break;
                                }
                                switch (AnonymousClass1.$SwitchMap$at$asit$webauthnclient$constants$UserVerificationRequirement[authenticatorSelectionCriteria.userVerification.ordinal()]) {
                                    case libfido2.FIDO_OPT_FALSE /* 1 */:
                                        z2 = true;
                                        break;
                                    case libfido2.FIDO_OPT_TRUE /* 2 */:
                                    default:
                                        z2 = open.isNativeUVSupported() || open.isClientPINSupported();
                                        break;
                                    case 3:
                                        z2 = false;
                                        break;
                                }
                                switch (AnonymousClass1.$SwitchMap$at$asit$webauthnclient$constants$AttestationConveyancePreference[this.attestationPreference.ordinal()]) {
                                    case libfido2.FIDO_OPT_FALSE /* 1 */:
                                        break;
                                }
                                ArrayList arrayList2 = new ArrayList();
                                if (AttestationConveyancePreference.NONE.equals(this.attestationPreference)) {
                                    arrayList2.clear();
                                    arrayList2.add("none");
                                }
                                CreateCredentialOperation createCredentialOperation = new CreateCredentialOperation();
                                createCredentialOperation.clientDataHash = digest;
                                createCredentialOperation.rp = this.rp;
                                createCredentialOperation.user = this.user;
                                createCredentialOperation.requireResidentKey = Boolean.valueOf(z);
                                createCredentialOperation.requireUserVerification = Boolean.valueOf(z2);
                                createCredentialOperation.publicKeyAlgs = this.publicKeyAlgs;
                                createCredentialOperation.excludeCredentials = this.excludeCredentials;
                                createCredentialOperation.isOnlyAvailableDevice = z3;
                                log.debug("Issuing create credential operation on {}", deviceInfo.descriptorString);
                                open.setCurrentOperation(createCredentialOperation);
                                arrayList.add(open);
                            } else {
                                log.debug("Discarding {} ({}), does not meet criteria", deviceInfo.descriptorString, deviceInfo.path);
                                open.close();
                            }
                        } catch (Throwable th) {
                            open.close();
                            throw th;
                        }
                    }
                    updateStatusDialog(ctx, !arrayList.isEmpty());
                    Iterator it = arrayList.iterator();
                    while (it.hasNext()) {
                        Device device = (Device) it.next();
                        if (device.isOperationDone()) {
                            it.remove();
                            try {
                                try {
                                    operationResult = device.getOperationResult();
                                } catch (Throwable th2) {
                                    device.close();
                                    throw th2;
                                }
                            } catch (Exception e) {
                                if (e instanceof WebAuthNOperationFailed) {
                                    throw e;
                                }
                                log.warn("createCredentialOperation failed unexpectedly", e);
                            }
                            if (operationResult instanceof Pointer) {
                                Pointer pointer = (Pointer) operationResult;
                                try {
                                    log.debug("createCredentialOperation reports success!");
                                    byte[] stripCBOR = Util.stripCBOR(PointerToBlob.readFrom(libfido2.INSTANCE.fido_cred_authdata_len(pointer), libfido2.INSTANCE.fido_cred_authdata_ptr(pointer)));
                                    CborMap createFromCborByteArray = CborMap.createFromCborByteArray(PointerToBlob.readFrom(libfido2.INSTANCE.fido_cred_attstmt_len(pointer), libfido2.INSTANCE.fido_cred_attstmt_ptr(pointer)));
                                    String fido_cred_fmt = libfido2.INSTANCE.fido_cred_fmt(pointer);
                                    if (AttestationConveyancePreference.NONE.equals(this.attestationPreference)) {
                                        if (0 == (stripCBOR[32] & 64)) {
                                            throw new RuntimeException("Created assertion does not include attestation object?");
                                        }
                                        if (!"packed".equals(fido_cred_fmt) || createFromCborByteArray.containsKey("x5c") || !Util.all(Arrays.copyOfRange(stripCBOR, 37, 53), b -> {
                                            return b.byteValue() == 0;
                                        })) {
                                            Arrays.fill(stripCBOR, 37, 53, (byte) 0);
                                            fido_cred_fmt = "none";
                                            createFromCborByteArray.clear();
                                        }
                                    }
                                    CborMap create = CborMap.create();
                                    create.put("authData", CborByteString.create(stripCBOR));
                                    create.put("fmt", CborTextString.create(fido_cred_fmt));
                                    create.put("attStmt", createFromCborByteArray);
                                    complete(new PublicKeyCredential(PointerToBlob.readFrom(libfido2.INSTANCE.fido_cred_id_len(pointer), libfido2.INSTANCE.fido_cred_id_ptr(pointer)), new AuthenticatorAttestationResponse(this.clientDataJSON, create.toCborByteArray(), Collections.singletonList(device.isPlatformAuthenticator() ? "internal" : "usb")), device.isPlatformAuthenticator() ? "platform" : "cross-platform"));
                                    libfido2.INSTANCE.fido_cred_free(new PointerByReference(pointer));
                                    device.close();
                                    arrayList.forEach((v0) -> {
                                        v0.close();
                                    });
                                    if (this.currentStatusDialog != null) {
                                        this.currentStatusDialog.cancel(true);
                                        return;
                                    }
                                    return;
                                } catch (Throwable th3) {
                                    libfido2.INSTANCE.fido_cred_free(new PointerByReference(pointer));
                                    throw th3;
                                }
                            }
                            Integer num = (Integer) operationResult;
                            log.debug("createCredentialOperation reports failure with 0x{}", Integer.toHexString(num.intValue()));
                            if (libfido2.IsUserInitiatedCancellation(num.intValue())) {
                                throw new WebAuthNUserCancelled("NotAllowedError", "User cancelled operation");
                            }
                            device.close();
                        }
                    }
                    Thread.sleep(50L);
                }
                throw new WebAuthNOperationTimeout("NotAllowedError", "Operation timed out");
            } catch (Throwable th4) {
                arrayList.forEach((v0) -> {
                    v0.close();
                });
                if (this.currentStatusDialog != null) {
                    this.currentStatusDialog.cancel(true);
                }
                throw th4;
            }
        } catch (Throwable th5) {
            th = th5;
            if (!(th instanceof WebAuthNOperationFailed)) {
                th = new WebAuthNOperationFailed(th);
            }
            completeExceptionally(th);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public WebAuthNCreateTask(@Nonnull PublicKeyCredentialRpEntity publicKeyCredentialRpEntity, @Nonnull PublicKeyCredentialUserEntity publicKeyCredentialUserEntity, @Nonnull byte[] bArr, @Nonnull List<Long> list, long j, @Nonnull List<PublicKeyCredentialDescriptor> list2, @Nonnull AuthenticatorSelectionCriteria authenticatorSelectionCriteria, @Nonnull AttestationConveyancePreference attestationConveyancePreference, @Nonnull String str) {
        this.rp = publicKeyCredentialRpEntity;
        this.user = publicKeyCredentialUserEntity;
        this.publicKeyAlgs = list;
        CollectedClientData collectedClientData = new CollectedClientData();
        collectedClientData.type = "webauthn.create";
        collectedClientData.challenge = bArr;
        collectedClientData.origin = str;
        collectedClientData.crossOrigin = false;
        this.clientDataJSON = collectedClientData.serialize();
        this.timeout = j;
        this.excludeCredentials = list2;
        this.authenticatorCriteria = authenticatorSelectionCriteria;
        this.attestationPreference = attestationConveyancePreference;
        this.thread = new Thread(this, "Linux::WebAuthNCreateTask");
        this.thread.start();
    }
}
