package org.sufficientlysecure.keychain.remote;

import android.app.PendingIntent;
import android.app.Service;
import android.content.Intent;
import android.os.IBinder;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import org.openintents.ssh.authentication.ISshAuthenticationService;
import org.openintents.ssh.authentication.SshAuthenticationApiError;
import org.openintents.ssh.authentication.response.KeySelectionResponse;
import org.openintents.ssh.authentication.response.PublicKeyResponse;
import org.openintents.ssh.authentication.response.SigningResponse;
import org.openintents.ssh.authentication.response.SshPublicKeyResponse;
import org.sufficientlysecure.keychain.daos.ApiAppDao;
import org.sufficientlysecure.keychain.daos.KeyRepository;
import org.sufficientlysecure.keychain.model.UnifiedKeyInfo;
import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKey;
import org.sufficientlysecure.keychain.pgp.SshPublicKey;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
import org.sufficientlysecure.keychain.ssh.AuthenticationData;
import org.sufficientlysecure.keychain.ssh.AuthenticationOperation;
import org.sufficientlysecure.keychain.ssh.AuthenticationParcel;
import org.sufficientlysecure.keychain.ssh.AuthenticationResult;
import org.sufficientlysecure.keychain.ssh.signature.SshSignatureConverter;
import timber.log.Timber;

/* loaded from: classes.dex */
public class SshAuthenticationService extends Service {
    private static final int HASHALGORITHM_NONE = -253;
    private static final int INVALID_API_VERSION = -1;
    private static final List<Integer> SUPPORTED_VERSIONS = Collections.unmodifiableList(Collections.singletonList(1));
    private ApiAppDao mApiAppDao;
    private ApiPendingIntentFactory mApiPendingIntentFactory;
    private ApiPermissionHelper mApiPermissionHelper;
    private KeyRepository mKeyRepository;
    private final ISshAuthenticationService.Stub mSSHAgent = new ISshAuthenticationService.Stub() { // from class: org.sufficientlysecure.keychain.remote.SshAuthenticationService.1
        @Override // org.openintents.ssh.authentication.ISshAuthenticationService
        public Intent execute(Intent intent) {
            return SshAuthenticationService.this.checkIntent(intent);
        }
    };

    private Intent authenticate(Intent intent) {
        byte[] sshSignatureRsa;
        Intent checkForKeyId = checkForKeyId(intent);
        if (checkForKeyId != null) {
            return checkForKeyId;
        }
        long longValue = Long.valueOf(intent.getStringExtra("key_id")).longValue();
        int hashAlgorithm = getHashAlgorithm(intent);
        if (hashAlgorithm == HASHALGORITHM_NONE) {
            return createErrorResult(0, "No valid hash algorithm!");
        }
        byte[] byteArrayExtra = intent.getByteArrayExtra("challenge");
        if (byteArrayExtra == null || byteArrayExtra.length == 0) {
            return createErrorResult(0, "No challenge given");
        }
        AuthenticationData.Builder builder = AuthenticationData.builder();
        builder.setAuthenticationMasterKeyId(longValue);
        try {
            long effectiveAuthenticationKeyId = this.mKeyRepository.getEffectiveAuthenticationKeyId(longValue);
            int algorithm = getPublicKey(longValue).getAlgorithm();
            String curveOid = algorithm == 19 ? getPublicKey(longValue).getCurveOid() : null;
            builder.setAuthenticationSubKeyId(Long.valueOf(effectiveAuthenticationKeyId));
            builder.setAllowedAuthenticationKeyIds(getAllowedKeyIds());
            builder.setHashAlgorithm(hashAlgorithm);
            CryptoInputParcel cryptoInputParcel = CryptoInputParcelCacheService.getCryptoInputParcel(this, intent);
            if (cryptoInputParcel == null) {
                cryptoInputParcel = CryptoInputParcel.createCryptoInputParcel(new Date());
            }
            AuthenticationResult execute = new AuthenticationOperation(this, this.mKeyRepository).execute(builder.build(), cryptoInputParcel, AuthenticationParcel.createAuthenticationParcel(builder.build(), byteArrayExtra));
            if (execute.isPending()) {
                return packagePendingIntent(this.mApiPendingIntentFactory.requiredInputPi(intent, execute.getRequiredInputParcel(), execute.mCryptoInputParcel));
            }
            if (!execute.success()) {
                return createErrorResult(2, getString(execute.getLog().getLast().mType.getMsgId()));
            }
            byte[] signature = execute.getSignature();
            try {
                if (algorithm == 1 || algorithm == 3) {
                    sshSignatureRsa = SshSignatureConverter.getSshSignatureRsa(signature, hashAlgorithm);
                } else if (algorithm == 17) {
                    sshSignatureRsa = SshSignatureConverter.getSshSignatureDsa(signature);
                } else if (algorithm == 19) {
                    sshSignatureRsa = SshSignatureConverter.getSshSignatureEcDsa(signature, curveOid);
                } else {
                    if (algorithm != 22) {
                        throw new NoSuchAlgorithmException("Unknown algorithm");
                    }
                    sshSignatureRsa = SshSignatureConverter.getSshSignatureEdDsa(signature);
                }
                return new SigningResponse(sshSignatureRsa).toIntent();
            } catch (NoSuchAlgorithmException e2) {
                return createExceptionErrorResult(2, "Error converting signature", e2);
            }
        } catch (KeyRepository.NotFoundException e3) {
            return createExceptionErrorResult(-130, "Key for master key id not found", e3);
        }
    }

    private Intent checkForKeyId(Intent intent) {
        if (getKeyId(intent) == 0) {
            return createErrorResult(-129, "No key id in request");
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Intent checkIntent(Intent intent) {
        Intent checkRequirements = checkRequirements(intent);
        return checkRequirements == null ? executeInternal(intent) : checkRequirements;
    }

    private Intent checkRequirements(Intent intent) {
        if (intent == null) {
            return createErrorResult(0, "No parameter bundle");
        }
        int intExtra = intent.getIntExtra("api_version", -1);
        List<Integer> list = SUPPORTED_VERSIONS;
        if (list.contains(Integer.valueOf(intExtra))) {
            Intent isAllowedOrReturnIntent = this.mApiPermissionHelper.isAllowedOrReturnIntent(intent);
            if (isAllowedOrReturnIntent != null) {
                return isAllowedOrReturnIntent;
            }
            return null;
        }
        return createErrorResult(1, "Incompatible API versions:\nused : " + intent.getIntExtra("api_version", -1) + "\nsupported : " + list);
    }

    private Intent createErrorResult(int i2, String str) {
        Timber.e(str, new Object[0]);
        Intent intent = new Intent();
        intent.putExtra("error", new SshAuthenticationApiError(i2, str));
        intent.putExtra("result_code", 0);
        return intent;
    }

    private Intent createExceptionErrorResult(int i2, String str, Exception exc) {
        return createErrorResult(i2, str + " : " + exc.getMessage());
    }

    private Intent executeInternal(Intent intent) {
        String action = intent.getAction();
        action.hashCode();
        char c2 = 65535;
        switch (action.hashCode()) {
            case -1923618567:
                if (action.equals("org.openintents.ssh.action.GET_PUBLIC_KEY")) {
                    c2 = 0;
                    break;
                }
                break;
            case -454938397:
                if (action.equals("org.openintents.ssh.action.SELECT_KEY")) {
                    c2 = 1;
                    break;
                }
                break;
            case 1547993956:
                if (action.equals("org.openintents.ssh.action.SIGN")) {
                    c2 = 2;
                    break;
                }
                break;
            case 1905193904:
                if (action.equals("org.openintents.ssh.action.GET_SSH_PUBLIC_KEY")) {
                    c2 = 3;
                    break;
                }
                break;
        }
        switch (c2) {
            case 0:
                return getAuthenticationPublicKey(intent, false);
            case 1:
                return getAuthenticationKey(intent);
            case 2:
                return authenticate(intent);
            case 3:
                return getAuthenticationPublicKey(intent, true);
            default:
                return createErrorResult(-128, "Unknown action");
        }
    }

    private HashSet<Long> getAllowedKeyIds() {
        return this.mApiAppDao.getAllowedKeyIdsForApp(this.mApiPermissionHelper.getCurrentCallingPackage());
    }

    private Intent getAuthenticationKey(Intent intent) {
        long keyId = getKeyId(intent);
        if (keyId == 0) {
            return redirectToKeySelection(intent);
        }
        try {
            return new KeySelectionResponse(String.valueOf(keyId), getDescription(keyId)).toIntent();
        } catch (KeyRepository.NotFoundException e2) {
            return createExceptionErrorResult(-130, "Could not create description", e2);
        }
    }

    private Intent getAuthenticationPublicKey(Intent intent, boolean z2) {
        long keyId = getKeyId(intent);
        if (keyId == 0) {
            return createErrorResult(-129, "No key id in request");
        }
        try {
            return z2 ? getSSHPublicKey(keyId) : getX509PublicKey(keyId);
        } catch (NoSuchAlgorithmException e2) {
            return createExceptionErrorResult(-254, "Algorithm not supported", e2);
        } catch (KeyRepository.NotFoundException e3) {
            return createExceptionErrorResult(-130, "Key for master key id not found", e3);
        } catch (PgpKeyNotFoundException e4) {
            return createExceptionErrorResult(-131, "Authentication key for master key id not found in keychain", e4);
        }
    }

    private String getDescription(long j2) throws KeyRepository.NotFoundException {
        UnifiedKeyInfo unifiedKeyInfo = this.mKeyRepository.getUnifiedKeyInfo(j2);
        long effectiveAuthenticationKeyId = this.mKeyRepository.getEffectiveAuthenticationKeyId(j2);
        return ("" + unifiedKeyInfo.user_id()) + " (" + Long.toHexString(effectiveAuthenticationKeyId) + ")";
    }

    private int getHashAlgorithm(Intent intent) {
        int intExtra = intent.getIntExtra("hash_algorithm", HASHALGORITHM_NONE);
        if (intExtra == 0) {
            return 2;
        }
        if (intExtra == 1) {
            return 11;
        }
        if (intExtra == 2) {
            return 8;
        }
        if (intExtra == 3) {
            return 9;
        }
        if (intExtra == 4) {
            return 10;
        }
        if (intExtra != 5) {
            return HASHALGORITHM_NONE;
        }
        return 3;
    }

    private long getKeyId(Intent intent) {
        String stringExtra = intent.getStringExtra("key_id");
        if (stringExtra == null) {
            return 0L;
        }
        try {
            return Long.valueOf(stringExtra).longValue();
        } catch (NumberFormatException unused) {
            return 0L;
        }
    }

    private CanonicalizedPublicKey getPublicKey(long j2) throws KeyRepository.NotFoundException {
        KeyRepository create = KeyRepository.create(getApplicationContext());
        return create.getCanonicalizedPublicKeyRing(j2).getPublicKey(create.getEffectiveAuthenticationKeyId(j2));
    }

    private Intent getSSHPublicKey(long j2) throws KeyRepository.NotFoundException {
        try {
            return new SshPublicKeyResponse(new SshPublicKey(getPublicKey(j2)).getEncodedKey()).toIntent();
        } catch (NoSuchAlgorithmException | PgpGeneralException e2) {
            return createExceptionErrorResult(0, "Error converting public key to SSH format", e2);
        }
    }

    private Intent getX509PublicKey(long j2) throws KeyRepository.NotFoundException, PgpKeyNotFoundException, NoSuchAlgorithmException {
        try {
            PublicKey jcaPublicKey = getPublicKey(j2).getJcaPublicKey();
            return new PublicKeyResponse(jcaPublicKey.getEncoded(), translateAlgorithm(jcaPublicKey.getAlgorithm())).toIntent();
        } catch (PgpGeneralException e2) {
            return createExceptionErrorResult(0, "Error converting public key", e2);
        }
    }

    private Intent packagePendingIntent(PendingIntent pendingIntent) {
        Intent intent = new Intent();
        intent.putExtra("result_code", 2);
        intent.putExtra("intent", pendingIntent);
        return intent;
    }

    private Intent redirectToKeySelection(Intent intent) {
        return packagePendingIntent(this.mApiPendingIntentFactory.createSelectAuthenticationKeyIdPendingIntent(intent, this.mApiPermissionHelper.getCurrentCallingPackage()));
    }

    private int translateAlgorithm(String str) throws NoSuchAlgorithmException {
        str.hashCode();
        char c2 = 65535;
        switch (str.hashCode()) {
            case 67986:
                if (str.equals("DSA")) {
                    c2 = 0;
                    break;
                }
                break;
            case 81440:
                if (str.equals("RSA")) {
                    c2 = 1;
                    break;
                }
                break;
            case 65786932:
                if (str.equals("ECDSA")) {
                    c2 = 2;
                    break;
                }
                break;
            case 66770035:
                if (str.equals("EdDSA")) {
                    c2 = 3;
                    break;
                }
                break;
        }
        switch (c2) {
            case 0:
                return 3;
            case 1:
                return 0;
            case 2:
                return 1;
            case 3:
                return 2;
            default:
                throw new NoSuchAlgorithmException("Error matching key algorithm to API supported algorithm: " + str);
        }
    }

    @Override // android.app.Service
    public IBinder onBind(Intent intent) {
        return this.mSSHAgent;
    }

    @Override // android.app.Service
    public void onCreate() {
        super.onCreate();
        this.mApiPermissionHelper = new ApiPermissionHelper(this, ApiAppDao.getInstance(this));
        this.mKeyRepository = KeyRepository.create(this);
        this.mApiAppDao = ApiAppDao.getInstance(this);
        this.mApiPendingIntentFactory = new ApiPendingIntentFactory(getBaseContext());
    }
}
