package org.sufficientlysecure.keychain.securitytoken.operations;

import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.interfaces.RSAPrivateCrtKey;
import java.util.Arrays;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.securitytoken.CardException;
import org.sufficientlysecure.keychain.securitytoken.EcKeyFormat;
import org.sufficientlysecure.keychain.securitytoken.KeyFormat;
import org.sufficientlysecure.keychain.securitytoken.KeyType;
import org.sufficientlysecure.keychain.securitytoken.ResponseApdu;
import org.sufficientlysecure.keychain.securitytoken.RsaKeyFormat;
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenConnection;
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenUtils;
import org.sufficientlysecure.keychain.util.Passphrase;

/* loaded from: classes.dex */
public class SecurityTokenChangeKeyTokenOp {
    private static final byte[] BLANK_FINGERPRINT = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
    private final SecurityTokenConnection connection;

    private SecurityTokenChangeKeyTokenOp(SecurityTokenConnection securityTokenConnection) {
        this.connection = securityTokenConnection;
    }

    public static SecurityTokenChangeKeyTokenOp create(SecurityTokenConnection securityTokenConnection) {
        return new SecurityTokenChangeKeyTokenOp(securityTokenConnection);
    }

    private byte[] createAttributesForSecretKey(KeyType keyType, CanonicalizedSecretKey canonicalizedSecretKey) throws IOException {
        return SecurityTokenUtils.attributesFromSecretKey(keyType, canonicalizedSecretKey, this.connection.getOpenPgpCapabilities().getFormatForKeyType(keyType));
    }

    private boolean isSlotEmpty(KeyType keyType) throws IOException {
        if (this.connection.getOpenPgpCapabilities().getKeyFingerprint(keyType) == null) {
            return true;
        }
        return keyMatchesFingerPrint(keyType, BLANK_FINGERPRINT);
    }

    private boolean keyMatchesFingerPrint(KeyType keyType, byte[] bArr) throws IOException {
        return Arrays.equals(this.connection.getOpenPgpCapabilities().getKeyFingerprint(keyType), bArr);
    }

    private void putData(Passphrase passphrase, int i2, byte[] bArr) throws IOException {
        if (bArr.length > 254) {
            throw new IOException("Cannot PUT DATA with length > 254");
        }
        if (i2 == 257 || i2 == 259) {
            this.connection.verifyPinForOther();
        } else {
            this.connection.verifyAdminPin(passphrase);
        }
        ResponseApdu communicate = this.connection.communicate(this.connection.getCommandFactory().createPutDataCommand(i2, bArr));
        if (!communicate.isSuccess()) {
            throw new CardException("Failed to put data.", communicate.getSw());
        }
    }

    private void setKeyAttributes(Passphrase passphrase, KeyType keyType, byte[] bArr) throws IOException {
        if (this.connection.getOpenPgpCapabilities().isAttributesChangable()) {
            putData(passphrase, keyType.getAlgoAttributeSlot(), bArr);
            this.connection.refreshConnectionCapabilities();
        }
    }

    public void changeKey(CanonicalizedSecretKey canonicalizedSecretKey, Passphrase passphrase, Passphrase passphrase2) throws IOException {
        byte[] array = ByteBuffer.allocate(4).putInt((int) (canonicalizedSecretKey.getCreationTime().getTime() / 1000)).array();
        KeyType from = KeyType.from(canonicalizedSecretKey);
        if (from == null) {
            throw new IOException("Inappropriate key flags for smart card key.");
        }
        if (!(isSlotEmpty(from) || keyMatchesFingerPrint(from, canonicalizedSecretKey.getFingerprint()))) {
            throw new IOException(String.format("Key slot occupied; card must be reset to put new %s key.", from.toString()));
        }
        putKey(from, canonicalizedSecretKey, passphrase, passphrase2);
        putData(passphrase2, from.getFingerprintObjectId(), canonicalizedSecretKey.getFingerprint());
        putData(passphrase2, from.getTimestampObjectId(), array);
    }

    void putKey(KeyType keyType, CanonicalizedSecretKey canonicalizedSecretKey, Passphrase passphrase, Passphrase passphrase2) throws IOException {
        byte[] createECPrivKeyTemplate;
        this.connection.verifyAdminPin(passphrase2);
        try {
            canonicalizedSecretKey.unlock(passphrase);
            setKeyAttributes(passphrase2, keyType, createAttributesForSecretKey(keyType, canonicalizedSecretKey));
            KeyFormat formatForKeyType = this.connection.getOpenPgpCapabilities().getFormatForKeyType(keyType);
            if (formatForKeyType instanceof RsaKeyFormat) {
                if (!canonicalizedSecretKey.isRSA()) {
                    throw new IOException("Security Token not configured for RSA key.");
                }
                RSAPrivateCrtKey securityTokenRSASecretKey = canonicalizedSecretKey.getSecurityTokenRSASecretKey();
                if (!securityTokenRSASecretKey.getPublicExponent().equals(new BigInteger("65537"))) {
                    throw new IOException("Invalid public exponent for smart Security Token.");
                }
                createECPrivKeyTemplate = SecurityTokenUtils.createRSAPrivKeyTemplate(securityTokenRSASecretKey, keyType, (RsaKeyFormat) formatForKeyType);
            } else {
                if (!(formatForKeyType instanceof EcKeyFormat)) {
                    throw new IOException("Key type unsupported by security token.");
                }
                if (!canonicalizedSecretKey.isEC()) {
                    throw new IOException("Security Token not configured for EC key.");
                }
                canonicalizedSecretKey.unlock(passphrase);
                createECPrivKeyTemplate = SecurityTokenUtils.createECPrivKeyTemplate(canonicalizedSecretKey.getSecurityTokenECSecretKey(), canonicalizedSecretKey.getSecurityTokenECPublicKey(), keyType, (EcKeyFormat) formatForKeyType);
            }
            ResponseApdu communicate = this.connection.communicate(this.connection.getCommandFactory().createPutKeyCommand(createECPrivKeyTemplate));
            if (!communicate.isSuccess()) {
                throw new CardException("Key export to Security Token failed", communicate.getSw());
            }
        } catch (PgpGeneralException e2) {
            throw new IOException(e2.getMessage());
        }
    }
}
