package de.baimos;

import de.baimos.blueid.sdk.api.Channel;
import de.baimos.blueid.sdk.api.Command;
import de.baimos.blueid.sdk.conn.protocols.Protocol;
import de.baimos.core.util.filter.ConnectionFilterChain;
import de.baimos.core.util.filter.ConnectionParameters;
import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.ECKey;

/* loaded from: classes.dex */
public class af extends Protocol {

    /* renamed from: a, reason: collision with root package name */
    private static final dr f9431a = ds.a(af.class);

    public af(int i2) {
        super(4, "Micro1.0", i2, true);
    }

    private byte[] a(ConnectionParameters connectionParameters) {
        byte[] b2 = cs.b(((Command) connectionParameters.getParameter("command")).getId());
        if (b2.length == 4) {
            return b2;
        }
        throw new IllegalArgumentException("command must be 4 bytes but is " + b2.length);
    }

    @Override // de.baimos.blueid.sdk.conn.protocols.Protocol, de.baimos.core.util.filter.ConnectionFilter
    public void doFilter(InputStream inputStream, OutputStream outputStream, ConnectionParameters connectionParameters, ConnectionFilterChain connectionFilterChain) {
        ba baVar;
        String str;
        BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(outputStream);
        de.baimos.blueid.sdk.data.b bVar = (de.baimos.blueid.sdk.data.b) connectionParameters.getParameter("securedObject");
        Command command = (Command) connectionParameters.getParameter("command");
        Channel channel = (Channel) connectionParameters.getParameter("channel");
        de.baimos.blueid.sdk.data.a aVar = (de.baimos.blueid.sdk.data.a) connectionParameters.getParameter("commandExecutionResponse");
        de.baimos.blueid.sdk.data.c a2 = bVar.a(command, channel);
        if (a2 == null) {
            throw new RuntimeException("Failed to get valid token. Please make sure you have a valid token for chosen command and channel.");
        }
        PrivateKey a3 = ((an) connectionParameters.getParameter("keyStore")).a();
        String algorithm = a3.getAlgorithm();
        try {
            if ("RSA".equals(algorithm)) {
                baVar = ba.SHA256withRSA;
                str = "SHA256withRSA";
            } else {
                if (!"EC".equals(algorithm)) {
                    throw new RuntimeException("unknown key algorithm: " + algorithm);
                }
                baVar = ba.SHA256withECDSA;
                str = "SHA256withECDSA";
            }
            Signature signature = Signature.getInstance(str);
            try {
                signature.initSign(a3);
                cq.b(bufferedOutputStream, baVar.a());
                bb bbVar = new bb(bufferedOutputStream, signature);
                bbVar.write(a2.e());
                bbVar.write(a(connectionParameters));
                byte[] bArr = (byte[]) connectionParameters.getParameter("parameter");
                if (bArr != null && bArr.length > 0) {
                    new ag(ah.COMMAND_PARAMETER.a(), bArr.length).a(bbVar);
                    bbVar.write(bArr);
                }
                boolean z = true;
                if (((ao) connectionParameters.getParameter("revocationDatabase")).f().contains(bVar.getId())) {
                    new ag(ah.PROCESS_TICKET_REVOCATIONS.a(), 1).a(bbVar);
                    bbVar.write(0);
                }
                new ag(ah.NO_EXTENSION_LEFT.a(), 0).a(bbVar);
                bufferedOutputStream.flush();
                byte[] a4 = az.a(20);
                bufferedOutputStream.write(a4);
                byte[] bArr2 = new byte[20];
                cq.a(inputStream, bArr2);
                try {
                    signature.update(bArr2);
                    signature.update(a4);
                    signature.update(cs.b(bVar.getId()));
                    byte[] sign = signature.sign();
                    if ("EC".equals(algorithm)) {
                        sign = az.a(sign, ((ECKey) a3).getParams().getCurve().getField().getFieldSize() / 8);
                    }
                    bufferedOutputStream.write(sign);
                    bufferedOutputStream.flush();
                    f9431a.d("reading authorization and command execution results");
                    int c2 = cq.c(inputStream);
                    int c3 = cq.c(inputStream);
                    aVar.a(c2);
                    aVar.b(c3);
                    int i2 = 0;
                    while (true) {
                        if (i2 >= 10) {
                            z = false;
                            break;
                        }
                        ag a5 = ag.a(inputStream);
                        if (ai.NO_EXTENSION_LEFT.a() == a5.a()) {
                            f9431a.d("no extensions left!");
                            break;
                        }
                        if (ai.TICKET_REVOCATION_CONFIRMATION.a() == a5.a()) {
                            int c4 = cq.c(inputStream);
                            ba a6 = ba.a(c4);
                            if (a6 == null) {
                                throw new RuntimeException("no signature algorithm found with id " + c4);
                            }
                            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                            byte[] bArr3 = new byte[a5.b() - 1];
                            cq.a(inputStream, bArr3);
                            byteArrayOutputStream.write(bArr3);
                            cq.a(a6.name(), byteArrayOutputStream);
                            de.baimos.blueid.sdk.data.d dVar = (de.baimos.blueid.sdk.data.d) connectionParameters.getParameter("revocationDataListener");
                            if (dVar != null) {
                                dVar.a(byteArrayOutputStream.toByteArray(), bVar.getId());
                            }
                        } else if (ai.SIGNED_TRUST_CENTER_RESPONSE.a() == a5.a()) {
                            f9431a.c("found signed trust center response data, size=" + a5.b());
                            byte[] bArr4 = new byte[a5.b()];
                            cq.a(inputStream, bArr4);
                            de.baimos.blueid.sdk.data.d dVar2 = (de.baimos.blueid.sdk.data.d) connectionParameters.getParameter("revocationDataListener");
                            if (dVar2 != null) {
                                dVar2.a(bArr4, bVar.getId());
                            }
                        } else if (ai.OPERATOR_RESPONSE.a() == a5.a()) {
                            f9431a.c("found operator response data, size=" + a5.b());
                            byte[] bArr5 = new byte[a5.b()];
                            cq.a(inputStream, bArr5);
                            aVar.a(bArr5);
                        } else {
                            f9431a.c("found unknown extension, type=" + a5.a() + ", size=" + a5.b());
                            cq.a(inputStream, new byte[a5.b()]);
                        }
                        i2++;
                    }
                    if (!z) {
                        throw new RuntimeException("more response extensions than allowed");
                    }
                    f9431a.d("finished protocol");
                } catch (SignatureException e2) {
                    throw new RuntimeException("failed to create signature", e2);
                }
            } catch (InvalidKeyException e3) {
                throw new RuntimeException("failed to create signature", e3);
            }
        } catch (NoSuchAlgorithmException e4) {
            throw new RuntimeException("failed to create signature", e4);
        }
    }
}
