package de.cotech.hw.openpgp;

import de.cotech.hw.SecurityKey;
import de.cotech.hw.SecurityKeyAuthenticator;
import de.cotech.hw.SecurityKeyException;
import de.cotech.hw.SecurityKeyManagerConfig;
import de.cotech.hw.internal.transport.SecurityKeyInfo;
import de.cotech.hw.internal.transport.Transport;
import de.cotech.hw.internal.transport.usb.UsbSecurityKeyTypes;
import de.cotech.hw.openpgp.exceptions.OpenPgpPublicKeyUnavailableException;
import de.cotech.hw.openpgp.internal.OpenPgpAppletConnection;
import de.cotech.hw.openpgp.internal.openpgp.EcObjectIdentifiers;
import de.cotech.hw.openpgp.internal.openpgp.KeyType;
import de.cotech.hw.openpgp.internal.operations.ChangeKeyEccOp;
import de.cotech.hw.openpgp.internal.operations.ChangeKeyRsaOp;
import de.cotech.hw.openpgp.internal.operations.ModifyPinOp;
import de.cotech.hw.openpgp.internal.operations.ResetAndWipeOp;
import de.cotech.hw.openpgp.pairedkey.PairedSecurityKey;
import de.cotech.hw.openpgp.util.RsaEncryptionUtil;
import de.cotech.hw.secrets.ByteSecret;
import de.cotech.hw.secrets.PinProvider;
import java.io.IOException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.Date;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;

/* loaded from: classes.dex */
public class OpenPgpSecurityKey extends SecurityKey {
    private static final ByteSecret DEFAULT_PUK = ByteSecret.unsafeFromString("12345678");
    public final OpenPgpAppletConnection openPgpAppletConnection;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: de.cotech.hw.openpgp.OpenPgpSecurityKey$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$de$cotech$hw$openpgp$OpenPgpSecurityKey$AlgorithmConfig;

        static {
            int[] iArr = new int[AlgorithmConfig.values().length];
            $SwitchMap$de$cotech$hw$openpgp$OpenPgpSecurityKey$AlgorithmConfig = iArr;
            try {
                iArr[AlgorithmConfig.RSA_2048_UPLOAD.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$de$cotech$hw$openpgp$OpenPgpSecurityKey$AlgorithmConfig[AlgorithmConfig.RSA_2048_ONLY_ENCRYPTION_UPLOAD.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$de$cotech$hw$openpgp$OpenPgpSecurityKey$AlgorithmConfig[AlgorithmConfig.NIST_P256_GENERATE_ON_HARDWARE.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$de$cotech$hw$openpgp$OpenPgpSecurityKey$AlgorithmConfig[AlgorithmConfig.NIST_P384_GENERATE_ON_HARDWARE.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$de$cotech$hw$openpgp$OpenPgpSecurityKey$AlgorithmConfig[AlgorithmConfig.NIST_P521_GENERATE_ON_HARDWARE.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                $SwitchMap$de$cotech$hw$openpgp$OpenPgpSecurityKey$AlgorithmConfig[AlgorithmConfig.CURVE25519_GENERATE_ON_HARDWARE.ordinal()] = 6;
            } catch (NoSuchFieldError unused6) {
            }
        }
    }

    /* loaded from: classes.dex */
    public enum AlgorithmConfig {
        RSA_2048_UPLOAD,
        RSA_2048_ONLY_ENCRYPTION_UPLOAD,
        NIST_P256_GENERATE_ON_HARDWARE,
        NIST_P384_GENERATE_ON_HARDWARE,
        NIST_P521_GENERATE_ON_HARDWARE,
        CURVE25519_GENERATE_ON_HARDWARE
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenPgpSecurityKey(SecurityKeyManagerConfig securityKeyManagerConfig, Transport transport, OpenPgpAppletConnection openPgpAppletConnection) {
        super(securityKeyManagerConfig, transport);
        this.openPgpAppletConnection = openPgpAppletConnection;
    }

    private PairedSecurityKey generateEccKeys(ByteSecret byteSecret, ByteSecret byteSecret2, ASN1ObjectIdentifier aSN1ObjectIdentifier, Date date) throws IOException {
        return generateEccKeys(byteSecret, byteSecret2, aSN1ObjectIdentifier, aSN1ObjectIdentifier, aSN1ObjectIdentifier, date);
    }

    private PairedSecurityKey generateEccKeys(ByteSecret byteSecret, ByteSecret byteSecret2, ASN1ObjectIdentifier aSN1ObjectIdentifier, ASN1ObjectIdentifier aSN1ObjectIdentifier2, ASN1ObjectIdentifier aSN1ObjectIdentifier3, Date date) throws IOException {
        ChangeKeyEccOp create = ChangeKeyEccOp.create(this.openPgpAppletConnection);
        PublicKey generateKey = create.generateKey(KeyType.ENCRYPT, aSN1ObjectIdentifier, date);
        PublicKey generateKey2 = create.generateKey(KeyType.SIGN, aSN1ObjectIdentifier2, date);
        PublicKey generateKey3 = create.generateKey(KeyType.AUTH, aSN1ObjectIdentifier3, date);
        updatePinAndPukUsingDefaultPuk(byteSecret, byteSecret2);
        this.openPgpAppletConnection.refreshConnectionCapabilities();
        return new PairedSecurityKey(getOpenPgpInstanceAid(), this.openPgpAppletConnection.getOpenPgpCapabilities().getFingerprintEncrypt(), generateKey, this.openPgpAppletConnection.getOpenPgpCapabilities().getFingerprintSign(), generateKey2, this.openPgpAppletConnection.getOpenPgpCapabilities().getFingerprintAuth(), generateKey3);
    }

    private boolean isInFactoryDefaultState() throws IOException {
        if (isSecurityKeyEmpty()) {
            try {
                this.openPgpAppletConnection.verifyPuk(DEFAULT_PUK);
                return true;
            } catch (SecurityKeyException unused) {
            }
        }
        return false;
    }

    public SecurityKeyAuthenticator createSecurityKeyAuthenticator(PinProvider pinProvider) {
        return new OpenPgpSecurityKeyAuthenticator(this, pinProvider);
    }

    public byte[] getOpenPgpInstanceAid() {
        return this.openPgpAppletConnection.getOpenPgpCapabilities().getAid();
    }

    public String getSecurityKeyName() {
        SecurityKeyInfo.SecurityKeyType securityKeyTypeIfAvailable = this.transport.getSecurityKeyTypeIfAvailable();
        String securityKeyName = securityKeyTypeIfAvailable != null ? UsbSecurityKeyTypes.getSecurityKeyName(securityKeyTypeIfAvailable) : null;
        if (securityKeyName == null) {
            securityKeyName = this.openPgpAppletConnection.getOpenPgpCapabilities().getOpenPgpAid().getSecurityKeyName();
        }
        return securityKeyName == null ? "Security Key" : securityKeyName;
    }

    public String getSerialNumber() {
        return this.openPgpAppletConnection.getOpenPgpCapabilities().getOpenPgpAid().getSerialNumberString();
    }

    public boolean isSecurityKeyEmpty() {
        return (this.openPgpAppletConnection.getOpenPgpCapabilities().hasSignKey() || this.openPgpAppletConnection.getOpenPgpCapabilities().hasEncryptKey() || this.openPgpAppletConnection.getOpenPgpCapabilities().hasAuthKey()) ? false : true;
    }

    public PublicKey retrieveAuthenticationPublicKey() throws IOException {
        if (this.openPgpAppletConnection.getOpenPgpCapabilities().hasAuthKey()) {
            return retrievePublicKey(KeyType.AUTH);
        }
        throw new OpenPgpPublicKeyUnavailableException("No authentication key available!");
    }

    public PublicKey retrievePublicKey(KeyType keyType) throws IOException {
        return this.openPgpAppletConnection.getOpenPgpCapabilities().getFormatForKeyType(keyType).getKeyFormatParser().parseKey(this.openPgpAppletConnection.retrievePublicKey(keyType.getSlot()));
    }

    public PairedSecurityKey setupPairedKey(ByteSecret byteSecret, ByteSecret byteSecret2, AlgorithmConfig algorithmConfig) throws IOException {
        if (!isInFactoryDefaultState()) {
            wipeAndVerify();
        }
        Date date = new Date();
        ChangeKeyRsaOp create = ChangeKeyRsaOp.create(this.openPgpAppletConnection);
        switch (AnonymousClass1.$SwitchMap$de$cotech$hw$openpgp$OpenPgpSecurityKey$AlgorithmConfig[algorithmConfig.ordinal()]) {
            case 1:
                RsaEncryptionUtil rsaEncryptionUtil = new RsaEncryptionUtil();
                KeyPair generateRsa2048KeyPair = rsaEncryptionUtil.generateRsa2048KeyPair();
                KeyPair generateRsa2048KeyPair2 = rsaEncryptionUtil.generateRsa2048KeyPair();
                KeyPair generateRsa2048KeyPair3 = rsaEncryptionUtil.generateRsa2048KeyPair();
                byte[] changeKey = create.changeKey(KeyType.ENCRYPT, generateRsa2048KeyPair, date);
                byte[] changeKey2 = create.changeKey(KeyType.SIGN, generateRsa2048KeyPair2, date);
                byte[] changeKey3 = create.changeKey(KeyType.AUTH, generateRsa2048KeyPair3, date);
                updatePinAndPukUsingDefaultPuk(byteSecret, byteSecret2);
                this.openPgpAppletConnection.refreshConnectionCapabilities();
                return new PairedSecurityKey(getOpenPgpInstanceAid(), changeKey, generateRsa2048KeyPair.getPublic(), changeKey2, generateRsa2048KeyPair2.getPublic(), changeKey3, generateRsa2048KeyPair3.getPublic());
            case 2:
                KeyPair generateRsa2048KeyPair4 = new RsaEncryptionUtil().generateRsa2048KeyPair();
                byte[] changeKey4 = create.changeKey(KeyType.ENCRYPT, generateRsa2048KeyPair4, date);
                updatePinAndPukUsingDefaultPuk(byteSecret, byteSecret2);
                this.openPgpAppletConnection.refreshConnectionCapabilities();
                return new PairedSecurityKey(getOpenPgpInstanceAid(), changeKey4, generateRsa2048KeyPair4.getPublic(), null, null, null, null);
            case 3:
                return generateEccKeys(byteSecret, byteSecret2, EcObjectIdentifiers.NIST_P_256, date);
            case 4:
                return generateEccKeys(byteSecret, byteSecret2, EcObjectIdentifiers.NIST_P_384, date);
            case 5:
                return generateEccKeys(byteSecret, byteSecret2, EcObjectIdentifiers.NIST_P_521, date);
            case 6:
                ASN1ObjectIdentifier aSN1ObjectIdentifier = EcObjectIdentifiers.X25519;
                ASN1ObjectIdentifier aSN1ObjectIdentifier2 = EcObjectIdentifiers.ED25519;
                return generateEccKeys(byteSecret, byteSecret2, aSN1ObjectIdentifier, aSN1ObjectIdentifier2, aSN1ObjectIdentifier2, date);
            default:
                throw new IOException("Unsupported AlgorithmConfig!");
        }
    }

    public PairedSecurityKey setupPairedKey(PinProvider pinProvider, AlgorithmConfig algorithmConfig) throws IOException {
        return setupPairedKey(pinProvider.getPin(getOpenPgpInstanceAid()), pinProvider.getPuk(getOpenPgpInstanceAid()), algorithmConfig);
    }

    public void updatePinAndPukUsingDefaultPuk(ByteSecret byteSecret, ByteSecret byteSecret2) throws IOException {
        ModifyPinOp.create(this.openPgpAppletConnection).modifyPw1AndPw3(DEFAULT_PUK, byteSecret, byteSecret2);
    }

    public void updatePinUsingPuk(ByteSecret byteSecret, ByteSecret byteSecret2) throws IOException {
        ModifyPinOp.create(this.openPgpAppletConnection).modifyPw1Pin(byteSecret, byteSecret2);
    }

    public void wipeAndVerify() throws IOException {
        ResetAndWipeOp.create(this.openPgpAppletConnection).resetAndWipeSecurityKey();
        this.openPgpAppletConnection.verifyPuk(DEFAULT_PUK);
    }
}
