package org.sufficientlysecure.keychain.ui;

import android.content.Intent;
import android.os.Bundle;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.Arrays;
import org.spongycastle.asn1.x509.DisplayText;
import org.spongycastle.crypto.tls.CipherSuite;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
import org.sufficientlysecure.keychain.provider.KeychainContract;
import org.sufficientlysecure.keychain.provider.ProviderHelper;
import org.sufficientlysecure.keychain.remote.CryptoInputParcelCacheService;
import org.sufficientlysecure.keychain.service.PassphraseCacheService;
import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
import org.sufficientlysecure.keychain.ui.base.BaseNfcActivity;
import org.sufficientlysecure.keychain.util.Log;
import org.sufficientlysecure.keychain.util.Passphrase;
import org.sufficientlysecure.keychain.util.Preferences;

/* loaded from: classes.dex */
public class NfcOperationActivity extends BaseNfcActivity {
    private static final byte[] BLANK_FINGERPRINT = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
    public static final String EXTRA_REQUIRED_INPUT = "required_input";
    public static final String EXTRA_SERVICE_INTENT = "data";
    public static final String RESULT_DATA = "result_data";
    private RequiredInputParcel mRequiredInput;
    private Intent mServiceIntent;

    private boolean shouldPutKey(byte[] bArr, int i) throws IOException {
        byte[] nfcGetFingerprint = nfcGetFingerprint(i);
        return Arrays.equals(nfcGetFingerprint, BLANK_FINGERPRINT) || Arrays.equals(nfcGetFingerprint, bArr);
    }

    @Override // org.sufficientlysecure.keychain.ui.base.BaseNfcActivity
    public void handlePinError() {
        if (!Preferences.getPreferences(this).useDefaultYubiKeyPin()) {
            PassphraseCacheService.clearCachedPassphrase(this, this.mRequiredInput.getMasterKeyId().longValue(), this.mRequiredInput.getSubKeyId().longValue());
            obtainYubiKeyPin(this.mRequiredInput);
        } else {
            toast(getString(R.string.error_pin_nodefault));
            setResult(0);
            finish();
        }
    }

    @Override // org.sufficientlysecure.keychain.ui.base.BaseActivity
    protected void initLayout() {
        setContentView(R.layout.nfc_activity);
    }

    @Override // org.sufficientlysecure.keychain.ui.base.BaseNfcActivity, org.sufficientlysecure.keychain.ui.base.BaseActivity, android.support.v7.app.AppCompatActivity, android.support.v4.app.FragmentActivity, android.app.Activity
    protected void onCreate(Bundle bundle) {
        super.onCreate(bundle);
        Log.d(Constants.TAG, "NfcOperationActivity.onCreate");
        getWindow().addFlags(128);
        Bundle extras = getIntent().getExtras();
        this.mRequiredInput = (RequiredInputParcel) extras.getParcelable("required_input");
        this.mServiceIntent = (Intent) extras.getParcelable("data");
        if (this.mRequiredInput.mType != RequiredInputParcel.RequiredInputType.NFC_KEYTOCARD) {
            obtainYubiKeyPin(this.mRequiredInput);
        }
    }

    @Override // org.sufficientlysecure.keychain.ui.base.BaseNfcActivity
    protected void onNfcPerform() throws IOException {
        CryptoInputParcel cryptoInputParcel = new CryptoInputParcel(this.mRequiredInput.mSignatureTime);
        switch (this.mRequiredInput.mType) {
            case NFC_DECRYPT:
                for (int i = 0; i < this.mRequiredInput.mInputHashes.length; i++) {
                    byte[] bArr = this.mRequiredInput.mInputHashes[i];
                    cryptoInputParcel.addCryptoData(bArr, nfcDecryptSessionKey(bArr));
                }
                break;
            case NFC_SIGN:
                for (int i2 = 0; i2 < this.mRequiredInput.mInputHashes.length; i2++) {
                    byte[] bArr2 = this.mRequiredInput.mInputHashes[i2];
                    cryptoInputParcel.addCryptoData(bArr2, nfcCalculateSignature(bArr2, this.mRequiredInput.mSignAlgos[i2]));
                }
                break;
            case NFC_KEYTOCARD:
                try {
                    CanonicalizedSecretKeyRing canonicalizedSecretKeyRing = new ProviderHelper(this).getCanonicalizedSecretKeyRing(KeychainContract.KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(this.mRequiredInput.getMasterKeyId().longValue()));
                    for (int i3 = 0; i3 < this.mRequiredInput.mInputHashes.length; i3++) {
                        byte[] bArr3 = this.mRequiredInput.mInputHashes[i3];
                        CanonicalizedSecretKey secretKey = canonicalizedSecretKeyRing.getSecretKey(ByteBuffer.wrap(bArr3).getLong());
                        byte[] array = ByteBuffer.allocate(4).putInt((int) (secretKey.getCreationTime().getTime() / 1000)).array();
                        byte[] copyOf = Arrays.copyOf(nfcGetAid(), 16);
                        try {
                            Passphrase cachedPassphrase = PassphraseCacheService.getCachedPassphrase(this, this.mRequiredInput.getMasterKeyId().longValue(), this.mRequiredInput.getSubKeyId().longValue());
                            if (secretKey.canSign() || secretKey.canCertify()) {
                                if (!shouldPutKey(secretKey.getFingerprint(), 0)) {
                                    throw new IOException("Key slot occupied; card must be reset to put new signature key.");
                                }
                                nfcPutKey(CipherSuite.TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, secretKey, cachedPassphrase);
                                nfcPutData(206, array);
                                nfcPutData(199, secretKey.getFingerprint());
                            } else if (secretKey.canEncrypt()) {
                                if (!shouldPutKey(secretKey.getFingerprint(), 1)) {
                                    throw new IOException("Key slot occupied; card must be reset to put new decryption key.");
                                }
                                nfcPutKey(CipherSuite.TLS_RSA_PSK_WITH_NULL_SHA256, secretKey, cachedPassphrase);
                                nfcPutData(207, array);
                                nfcPutData(DisplayText.DISPLAY_TEXT_MAXIMUM_SIZE, secretKey.getFingerprint());
                            } else {
                                if (!secretKey.canAuthenticate()) {
                                    throw new IOException("Inappropriate key flags for smart card key.");
                                }
                                if (!shouldPutKey(secretKey.getFingerprint(), 2)) {
                                    throw new IOException("Key slot occupied; card must be reset to put new authentication key.");
                                }
                                nfcPutKey(CipherSuite.TLS_DH_DSS_WITH_AES_128_GCM_SHA256, secretKey, cachedPassphrase);
                                nfcPutData(208, array);
                                nfcPutData(201, secretKey.getFingerprint());
                            }
                            cryptoInputParcel.addCryptoData(bArr3, copyOf);
                        } catch (PassphraseCacheService.KeyNotFoundException e) {
                            throw new IOException("Unable to get cached passphrase!");
                        }
                    }
                    break;
                } catch (ProviderHelper.NotFoundException e2) {
                    throw new IOException("Couldn't find subkey for key to card operation.");
                }
        }
        if (this.mServiceIntent != null) {
            CryptoInputParcelCacheService.addCryptoInputParcel(this, this.mServiceIntent, cryptoInputParcel);
            setResult(-1, this.mServiceIntent);
        } else {
            Intent intent = new Intent();
            intent.putExtra("result_data", cryptoInputParcel);
            setResult(-1, intent);
        }
        finish();
    }
}
