package org.sufficientlysecure.keychain.ssh;

import android.content.Context;
import java.util.List;
import org.bouncycastle.openpgp.AuthenticationSignatureGenerator;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.operator.jcajce.NfcSyncPGPContentSignerBuilder;
import org.sufficientlysecure.keychain.daos.KeyRepository;
import org.sufficientlysecure.keychain.operations.BaseOperation;
import org.sufficientlysecure.keychain.operations.results.OperationResult;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
import org.sufficientlysecure.keychain.pgp.PassphraseCacheInterface;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
import org.sufficientlysecure.keychain.util.Passphrase;
import timber.log.Timber;

/* loaded from: classes.dex */
public class AuthenticationOperation extends BaseOperation<AuthenticationParcel> {
    private static final String TAG = "AuthenticationOperation";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.sufficientlysecure.keychain.ssh.AuthenticationOperation$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$sufficientlysecure$keychain$pgp$CanonicalizedSecretKey$SecretKeyType;

        static {
            int[] iArr = new int[CanonicalizedSecretKey.SecretKeyType.values().length];
            $SwitchMap$org$sufficientlysecure$keychain$pgp$CanonicalizedSecretKey$SecretKeyType = iArr;
            try {
                iArr[CanonicalizedSecretKey.SecretKeyType.DIVERT_TO_CARD.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$sufficientlysecure$keychain$pgp$CanonicalizedSecretKey$SecretKeyType[CanonicalizedSecretKey.SecretKeyType.PASSPHRASE_EMPTY.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$sufficientlysecure$keychain$pgp$CanonicalizedSecretKey$SecretKeyType[CanonicalizedSecretKey.SecretKeyType.PASSPHRASE.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$org$sufficientlysecure$keychain$pgp$CanonicalizedSecretKey$SecretKeyType[CanonicalizedSecretKey.SecretKeyType.GNU_DUMMY.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    public AuthenticationOperation(Context context, KeyRepository keyRepository) {
        super(context, keyRepository, null);
    }

    private AuthenticationResult executeInternal(AuthenticationData authenticationData, CryptoInputParcel cryptoInputParcel, AuthenticationParcel authenticationParcel) {
        OperationResult.OperationLog operationLog = new OperationResult.OperationLog();
        operationLog.add(OperationResult.LogType.MSG_AUTH, 0);
        Timber.d(authenticationData.toString(), new Object[0]);
        long currentTimeMillis = System.currentTimeMillis();
        byte[] challenge = authenticationParcel.getChallenge();
        int hashAlgorithm = authenticationData.getHashAlgorithm();
        long authenticationMasterKeyId = authenticationData.getAuthenticationMasterKeyId();
        Long authenticationSubKeyId = authenticationData.getAuthenticationSubKeyId();
        if (authenticationSubKeyId == null) {
            try {
                authenticationSubKeyId = Long.valueOf(this.mKeyRepository.getEffectiveAuthenticationKeyId(authenticationMasterKeyId));
            } catch (KeyRepository.NotFoundException unused) {
                operationLog.add(OperationResult.LogType.MSG_AUTH_ERROR_KEY_AUTH, 1);
                return new AuthenticationResult(1, operationLog);
            }
        }
        try {
            CanonicalizedSecretKeyRing canonicalizedSecretKeyRing = this.mKeyRepository.getCanonicalizedSecretKeyRing(authenticationMasterKeyId);
            CanonicalizedSecretKey secretKey = canonicalizedSecretKeyRing.getSecretKey(authenticationSubKeyId.longValue());
            List<Long> allowedAuthenticationKeyIds = authenticationData.getAllowedAuthenticationKeyIds();
            if (allowedAuthenticationKeyIds != null && !allowedAuthenticationKeyIds.contains(Long.valueOf(authenticationMasterKeyId))) {
                operationLog.add(OperationResult.LogType.MSG_AUTH_ERROR_KEY_NOT_ALLOWED, 2);
                return new AuthenticationResult(33, operationLog);
            }
            if (canonicalizedSecretKeyRing.isExpired() || canonicalizedSecretKeyRing.isRevoked() || secretKey.isExpired() || secretKey.isRevoked()) {
                operationLog.add(OperationResult.LogType.MSG_AUTH_ERROR_REVOKED_OR_EXPIRED, 1);
                return new AuthenticationResult(1, operationLog);
            }
            if (!secretKey.canAuthenticate()) {
                operationLog.add(OperationResult.LogType.MSG_AUTH_ERROR_KEY_AUTH, 1);
                return new AuthenticationResult(1, operationLog);
            }
            try {
                int i = AnonymousClass1.$SwitchMap$org$sufficientlysecure$keychain$pgp$CanonicalizedSecretKey$SecretKeyType[this.mKeyRepository.getSecretKeyType(authenticationSubKeyId.longValue()).ordinal()];
                if (i == 1 || i == 2) {
                    try {
                        if (!secretKey.unlock(new Passphrase())) {
                            throw new AssertionError("PASSPHRASE_EMPTY/DIVERT_TO_CARD keyphrase not unlocked with empty passphrase. This is a programming error!");
                        }
                    } catch (PgpGeneralException unused2) {
                        operationLog.add(OperationResult.LogType.MSG_AUTH_ERROR_UNLOCK, 1);
                        return new AuthenticationResult(1, operationLog);
                    }
                } else {
                    if (i != 3) {
                        if (i != 4) {
                            throw new AssertionError("Unhandled SecretKeyType! (should not happen)");
                        }
                        operationLog.add(OperationResult.LogType.MSG_AUTH_ERROR_UNLOCK, 1);
                        return new AuthenticationResult(1, operationLog);
                    }
                    Passphrase passphrase = cryptoInputParcel.getPassphrase();
                    if (passphrase == null) {
                        try {
                            passphrase = getCachedPassphrase(authenticationMasterKeyId, secretKey.getKeyId());
                        } catch (PassphraseCacheInterface.NoSecretKeyException unused3) {
                        }
                    }
                    if (passphrase == null) {
                        operationLog.add(OperationResult.LogType.MSG_AUTH_PENDING_PASSPHRASE, 2);
                        return new AuthenticationResult(operationLog, RequiredInputParcel.createRequiredAuthenticationPassphrase(authenticationMasterKeyId, secretKey.getKeyId()), cryptoInputParcel);
                    }
                    try {
                        if (!secretKey.unlock(passphrase)) {
                            operationLog.add(OperationResult.LogType.MSG_AUTH_ERROR_BAD_PASSPHRASE, 1);
                            return new AuthenticationResult(1, operationLog);
                        }
                    } catch (PgpGeneralException unused4) {
                        operationLog.add(OperationResult.LogType.MSG_AUTH_ERROR_UNLOCK, 1);
                        return new AuthenticationResult(1, operationLog);
                    }
                }
                try {
                    AuthenticationSignatureGenerator authenticationSignatureGenerator = secretKey.getAuthenticationSignatureGenerator(hashAlgorithm, cryptoInputParcel.getCryptoData());
                    authenticationSignatureGenerator.update(challenge, 0, challenge.length);
                    try {
                        byte[] signature = authenticationSignatureGenerator.getSignature();
                        long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
                        StringBuilder sb = new StringBuilder();
                        sb.append("Authentication operation duration : ");
                        double d = currentTimeMillis2;
                        Double.isNaN(d);
                        sb.append(String.format("%.2f", Double.valueOf(d / 1000.0d)));
                        sb.append("s");
                        Timber.d(sb.toString(), new Object[0]);
                        operationLog.add(OperationResult.LogType.MSG_AUTH_OK, 1);
                        AuthenticationResult authenticationResult = new AuthenticationResult(0, operationLog);
                        authenticationResult.setSignature(signature);
                        authenticationResult.mOperationTime = currentTimeMillis2;
                        return authenticationResult;
                    } catch (PGPException unused5) {
                        operationLog.add(OperationResult.LogType.MSG_AUTH_ERROR_SIG, 1);
                        return new AuthenticationResult(1, operationLog);
                    } catch (NfcSyncPGPContentSignerBuilder.NfcInteractionNeeded e) {
                        operationLog.add(OperationResult.LogType.MSG_AUTH_PENDING_NFC, 1);
                        return new AuthenticationResult(operationLog, RequiredInputParcel.createSecurityTokenAuthenticationOperation(secretKey.getRing().getMasterKeyId(), secretKey.getKeyId(), e.hashToSign, e.hashAlgo), cryptoInputParcel);
                    }
                } catch (PgpGeneralException unused6) {
                    operationLog.add(OperationResult.LogType.MSG_AUTH_ERROR_NFC, 1);
                    return new AuthenticationResult(1, operationLog);
                }
            } catch (KeyRepository.NotFoundException unused7) {
                operationLog.add(OperationResult.LogType.MSG_AUTH_ERROR_KEY_AUTH, 1);
                return new AuthenticationResult(1, operationLog);
            }
        } catch (KeyRepository.NotFoundException unused8) {
            operationLog.add(OperationResult.LogType.MSG_AUTH_ERROR_KEY_AUTH, 1);
            return new AuthenticationResult(1, operationLog);
        }
    }

    public AuthenticationResult execute(AuthenticationData authenticationData, CryptoInputParcel cryptoInputParcel, AuthenticationParcel authenticationParcel) {
        return executeInternal(authenticationData, cryptoInputParcel, authenticationParcel);
    }

    @Override // org.sufficientlysecure.keychain.operations.BaseOperation
    public AuthenticationResult execute(AuthenticationParcel authenticationParcel, CryptoInputParcel cryptoInputParcel) {
        return executeInternal(authenticationParcel.getAuthenticationData(), cryptoInputParcel, authenticationParcel);
    }
}
