package org.mozilla.gecko.util;

import android.util.Base64;
import android.util.Log;
import com.google.android.gms.fido.common.Transport;
import com.google.android.gms.fido.u2f.api.common.ClientData;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.List;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.mozilla.gecko.annotation.WrapForJNI;

/* loaded from: classes2.dex */
public class WebAuthnUtils {
    private static final byte AUTHENTICATOR_TRANSPORT_BLE = 4;
    private static final byte AUTHENTICATOR_TRANSPORT_INTERNAL = 8;
    private static final byte AUTHENTICATOR_TRANSPORT_NFC = 2;
    private static final byte AUTHENTICATOR_TRANSPORT_USB = 1;
    private static final boolean DEBUG = false;
    private static final String LOGTAG = "WebAuthnUtils";

    /* loaded from: classes2.dex */
    public enum AttestationPreference {
        NONE,
        INDIRECT,
        DIRECT
    }

    /* loaded from: classes2.dex */
    public static class Exception extends RuntimeException {
        public Exception(String str) {
            super(str);
        }
    }

    @WrapForJNI
    /* loaded from: classes2.dex */
    public static class GetAssertionResponse {
        public final byte[] authData;
        public final String authenticatorAttachment;
        public final byte[] clientDataJson;
        public final byte[] keyHandle;
        public final byte[] signature;
        public final byte[] userHandle;

        /* loaded from: classes2.dex */
        public static final class Builder {
            private byte[] mAuthData;
            private String mAuthenticatorAttachment;
            private byte[] mClientDataJson;
            private byte[] mKeyHandle;
            private byte[] mSignature;
            private byte[] mUserHandle;

            public GetAssertionResponse build() {
                return new GetAssertionResponse(this);
            }

            public Builder setAuthData(byte[] bArr) {
                this.mAuthData = bArr;
                return this;
            }

            public Builder setAuthenticatorAttachment(String str) {
                this.mAuthenticatorAttachment = str;
                return this;
            }

            public Builder setClientDataJson(byte[] bArr) {
                this.mClientDataJson = bArr;
                return this;
            }

            public Builder setKeyHandle(byte[] bArr) {
                this.mKeyHandle = bArr;
                return this;
            }

            public Builder setSignature(byte[] bArr) {
                this.mSignature = bArr;
                return this;
            }

            public Builder setUserHandle(byte[] bArr) {
                this.mUserHandle = bArr;
                return this;
            }
        }

        @WrapForJNI(skip = true)
        protected GetAssertionResponse(Builder builder) {
            this.clientDataJson = builder.mClientDataJson;
            this.keyHandle = builder.mKeyHandle;
            this.authData = builder.mAuthData;
            this.signature = builder.mSignature;
            if (builder.mUserHandle == null) {
                this.userHandle = new byte[0];
            } else {
                this.userHandle = builder.mUserHandle;
            }
            this.authenticatorAttachment = builder.mAuthenticatorAttachment;
        }

        @WrapForJNI(skip = true)
        public String toString() {
            StringBuilder sb = new StringBuilder("{");
            StringBuilder append = sb.append("clientDataJson=").append(Base64.encodeToString(this.clientDataJson, 11)).append(", keyHandle=").append(Base64.encodeToString(this.keyHandle, 11)).append(", authData=").append(Base64.encodeToString(this.authData, 11)).append(", signature=").append(Base64.encodeToString(this.signature, 11)).append(", userHandle=");
            byte[] bArr = this.userHandle;
            append.append(bArr.length > 0 ? Base64.encodeToString(bArr, 11) : "(empty)").append(", authenticatorAttachment=").append(this.authenticatorAttachment).append("}");
            return sb.toString();
        }
    }

    @WrapForJNI
    /* loaded from: classes2.dex */
    public static class MakeCredentialResponse {
        public final byte[] attestationObject;
        public final String authenticatorAttachment;
        public final byte[] clientDataJson;
        public final byte[] keyHandle;
        public final String[] transports;

        /* loaded from: classes2.dex */
        public static final class Builder {
            private byte[] mAttestationObject;
            private String mAuthenticatorAttachment;
            private byte[] mClientDataJson;
            private byte[] mKeyHandle;
            private String[] mTransports;

            public MakeCredentialResponse build() {
                return new MakeCredentialResponse(this);
            }

            public Builder setAttestationObject(byte[] bArr) {
                this.mAttestationObject = bArr;
                return this;
            }

            public Builder setAuthenticatorAttachment(String str) {
                this.mAuthenticatorAttachment = str;
                return this;
            }

            public Builder setClientDataJson(byte[] bArr) {
                this.mClientDataJson = bArr;
                return this;
            }

            public Builder setKeyHandle(byte[] bArr) {
                this.mKeyHandle = bArr;
                return this;
            }

            public Builder setTransports(String[] strArr) {
                this.mTransports = strArr;
                return this;
            }
        }

        @WrapForJNI(skip = true)
        protected MakeCredentialResponse(Builder builder) {
            this.clientDataJson = builder.mClientDataJson;
            this.keyHandle = builder.mKeyHandle;
            this.attestationObject = builder.mAttestationObject;
            this.transports = builder.mTransports;
            this.authenticatorAttachment = builder.mAuthenticatorAttachment;
        }

        @WrapForJNI(skip = true)
        public String toString() {
            StringBuilder sb = new StringBuilder("{");
            sb.append("clientDataJson=").append(Base64.encodeToString(this.clientDataJson, 11)).append(", keyHandle=").append(Base64.encodeToString(this.keyHandle, 11)).append(", attestationObject=").append(Base64.encodeToString(this.attestationObject, 11)).append(", transports=").append(WebAuthnUtils$MakeCredentialResponse$$ExternalSyntheticBackport0.m(", ", this.transports)).append(", authenticatorAttachment=").append(this.authenticatorAttachment).append("}");
            return sb.toString();
        }
    }

    /* loaded from: classes2.dex */
    public static class WebAuthnPublicCredential {
        public final byte[] id;
        public final byte transports;

        public WebAuthnPublicCredential(byte[] bArr, byte b) {
            this.id = bArr;
            this.transports = b;
        }

        public static ArrayList<WebAuthnPublicCredential> CombineBuffers(Object[] objArr, ByteBuffer byteBuffer) {
            if (objArr.length != byteBuffer.remaining()) {
                throw new RuntimeException("Couldn't extract allowed list!");
            }
            ArrayList<WebAuthnPublicCredential> arrayList = new ArrayList<>();
            byte[] bArr = new byte[byteBuffer.remaining()];
            byteBuffer.get(bArr);
            for (int i = 0; i < objArr.length; i++) {
                ByteBuffer byteBuffer2 = (ByteBuffer) objArr[i];
                byte[] bArr2 = new byte[byteBuffer2.remaining()];
                byteBuffer2.get(bArr2);
                arrayList.add(new WebAuthnPublicCredential(bArr2, bArr[i]));
            }
            return arrayList;
        }

        public JSONObject toJSONObject() {
            JSONObject jSONObject = new JSONObject();
            try {
                jSONObject.put("type", "public-key");
                jSONObject.put("id", Base64.encodeToString(this.id, 11));
                jSONObject.put("transports", WebAuthnUtils.getJSONTransportsForByte(this.transports));
            } catch (JSONException e) {
                Log.e(WebAuthnUtils.LOGTAG, "Couldn't set JSON data", e);
            }
            return jSONObject;
        }
    }

    public static GetAssertionResponse getGetAssertionResponse(String str) throws JSONException, IllegalArgumentException {
        JSONObject jSONObject = new JSONObject(str);
        JSONObject jSONObject2 = jSONObject.getJSONObject("response");
        GetAssertionResponse.Builder builder = new GetAssertionResponse.Builder();
        try {
            builder.setUserHandle(Base64.decode(jSONObject2.getString("userHandle"), 8));
        } catch (JSONException e) {
        }
        return builder.setKeyHandle(Base64.decode(jSONObject.getString("rawId"), 8)).setAuthenticatorAttachment(jSONObject.getString("authenticatorAttachment")).setAuthData(Base64.decode(jSONObject2.getString("authenticatorData"), 8)).setSignature(Base64.decode(jSONObject2.getString("signature"), 8)).build();
    }

    public static JSONObject getJSONObjectForGetAssertion(byte[] bArr, WebAuthnPublicCredential[] webAuthnPublicCredentialArr, GeckoBundle geckoBundle, GeckoBundle geckoBundle2) throws JSONException {
        JSONObject jSONObject = geckoBundle.toJSONObject();
        jSONObject.remove(ClientData.KEY_ORIGIN);
        jSONObject.remove("isWebAuthn");
        jSONObject.put(ClientData.KEY_CHALLENGE, Base64.encodeToString(bArr, 11));
        JSONArray jSONArray = new JSONArray();
        for (WebAuthnPublicCredential webAuthnPublicCredential : webAuthnPublicCredentialArr) {
            jSONArray.put(webAuthnPublicCredential.toJSONObject());
        }
        jSONObject.put("allowCredentials", jSONArray);
        if (geckoBundle2.containsKey("fidoAppId")) {
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put("appid", geckoBundle2.getString("fidoAppId"));
            jSONObject.put("extensions", jSONObject2);
        }
        return jSONObject;
    }

    public static JSONObject getJSONObjectForMakeCredential(GeckoBundle geckoBundle, byte[] bArr, byte[] bArr2, int[] iArr, WebAuthnPublicCredential[] webAuthnPublicCredentialArr, GeckoBundle geckoBundle2) throws JSONException {
        JSONObject jSONObject = geckoBundle.toJSONObject();
        jSONObject.remove(ClientData.KEY_ORIGIN);
        jSONObject.remove("isWebAuthn");
        jSONObject.put(ClientData.KEY_CHALLENGE, Base64.encodeToString(bArr2, 11));
        jSONObject.getJSONObject("user").put("id", Base64.encodeToString(bArr, 11));
        JSONArray jSONArray = new JSONArray();
        for (int i : iArr) {
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put("alg", i);
            jSONObject2.put("type", "public-key");
            jSONArray.put(jSONObject2);
        }
        jSONObject.put("pubKeyCredParams", jSONArray);
        JSONArray jSONArray2 = new JSONArray();
        for (WebAuthnPublicCredential webAuthnPublicCredential : webAuthnPublicCredentialArr) {
            jSONArray2.put(webAuthnPublicCredential.toJSONObject());
        }
        jSONObject.put("excludeCredentials", jSONArray2);
        JSONObject jSONObject3 = geckoBundle2.toJSONObject();
        jSONObject3.put("requireResidentKey", true);
        jSONObject.put("authenticatorSelection", jSONObject3);
        JSONObject jSONObject4 = new JSONObject();
        jSONObject4.put("credProps", true);
        jSONObject.put("extensions", jSONObject4);
        return jSONObject;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static JSONArray getJSONTransportsForByte(byte b) {
        JSONArray jSONArray = new JSONArray();
        if ((b & AUTHENTICATOR_TRANSPORT_USB) == 1) {
            jSONArray.put("usb");
        }
        if ((b & AUTHENTICATOR_TRANSPORT_NFC) == 2) {
            jSONArray.put("nfc");
        }
        if ((b & AUTHENTICATOR_TRANSPORT_BLE) == 4) {
            jSONArray.put("ble");
        }
        if ((b & AUTHENTICATOR_TRANSPORT_INTERNAL) == 8) {
            jSONArray.put("internal");
        }
        return jSONArray;
    }

    public static MakeCredentialResponse getMakeCredentialResponse(String str) throws JSONException, IllegalArgumentException {
        JSONObject jSONObject = new JSONObject(str);
        JSONObject jSONObject2 = jSONObject.getJSONObject("response");
        JSONArray jSONArray = jSONObject2.getJSONArray("transports");
        String[] strArr = new String[jSONArray.length()];
        for (int i = 0; i < jSONArray.length(); i++) {
            strArr[i] = jSONArray.getString(i);
        }
        return new MakeCredentialResponse.Builder().setKeyHandle(Base64.decode(jSONObject.getString("rawId"), 8)).setAttestationObject(Base64.decode(jSONObject2.getString("attestationObject"), 8)).setTransports(strArr).setAuthenticatorAttachment(jSONObject.getString("authenticatorAttachment")).build();
    }

    public static List<Transport> getTransportsForByte(byte b) {
        ArrayList arrayList = new ArrayList();
        if ((b & AUTHENTICATOR_TRANSPORT_USB) == 1) {
            arrayList.add(Transport.USB);
        }
        if ((b & AUTHENTICATOR_TRANSPORT_NFC) == 2) {
            arrayList.add(Transport.NFC);
        }
        if ((b & AUTHENTICATOR_TRANSPORT_BLE) == 4) {
            arrayList.add(Transport.BLUETOOTH_LOW_ENERGY);
        }
        if ((b & AUTHENTICATOR_TRANSPORT_INTERNAL) == 8) {
            arrayList.add(Transport.INTERNAL);
        }
        return arrayList;
    }
}
