package com.webauthn4j.ctap.authenticator.execution;

import com.fasterxml.jackson.core.type.TypeReference;
import com.webauthn4j.ctap.authenticator.ClientPINService;
import com.webauthn4j.ctap.authenticator.CtapAuthenticatorSession;
import com.webauthn4j.ctap.authenticator.GetAssertionSession;
import com.webauthn4j.ctap.authenticator.SignatureCalculator;
import com.webauthn4j.ctap.authenticator.U2FKeyEnvelope;
import com.webauthn4j.ctap.authenticator.data.credential.Credential;
import com.webauthn4j.ctap.authenticator.data.credential.NonResidentCredentialKey;
import com.webauthn4j.ctap.authenticator.data.credential.NonResidentUserCredential;
import com.webauthn4j.ctap.authenticator.data.credential.NonResidentUserCredentialSource;
import com.webauthn4j.ctap.authenticator.data.credential.ResidentUserCredential;
import com.webauthn4j.ctap.authenticator.data.credential.U2FCredential;
import com.webauthn4j.ctap.authenticator.data.credential.UserCredential;
import com.webauthn4j.ctap.authenticator.data.settings.UserPresenceSetting;
import com.webauthn4j.ctap.authenticator.data.settings.UserVerificationSetting;
import com.webauthn4j.ctap.authenticator.extension.AuthenticationExtensionContext;
import com.webauthn4j.ctap.authenticator.extension.AuthenticationExtensionProcessor;
import com.webauthn4j.ctap.authenticator.extension.ExtensionProcessor;
import com.webauthn4j.ctap.authenticator.store.AuthenticatorPropertyStore;
import com.webauthn4j.ctap.authenticator.store.StoreFullException;
import com.webauthn4j.ctap.core.data.AuthenticatorGetAssertionRequest;
import com.webauthn4j.ctap.core.data.AuthenticatorGetAssertionResponse;
import com.webauthn4j.ctap.core.data.AuthenticatorGetAssertionResponseData;
import com.webauthn4j.ctap.core.data.CtapPublicKeyCredentialUserEntity;
import com.webauthn4j.ctap.core.data.CtapRequest;
import com.webauthn4j.ctap.core.data.CtapStatusCode;
import com.webauthn4j.ctap.core.data.PinProtocolVersion;
import com.webauthn4j.ctap.core.util.internal.BooleanUtil;
import com.webauthn4j.ctap.core.util.internal.CipherUtil;
import com.webauthn4j.ctap.core.util.internal.HexUtil;
import com.webauthn4j.ctap.core.validator.AuthenticatorGetAssertionRequestValidator;
import com.webauthn4j.data.PublicKeyCredentialDescriptor;
import com.webauthn4j.data.PublicKeyCredentialType;
import com.webauthn4j.data.SignatureAlgorithm;
import com.webauthn4j.data.attestation.authenticator.AuthenticatorData;
import com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorInput;
import com.webauthn4j.data.extension.authenticator.AuthenticationExtensionsAuthenticatorInputs;
import com.webauthn4j.data.extension.authenticator.AuthenticationExtensionsAuthenticatorOutputs;
import com.webauthn4j.util.MessageDigestUtil;
import java.nio.ByteBuffer;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.comparisons.ComparisonsKt;
import kotlin.coroutines.Continuation;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.text.Charsets;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: GetAssertionExecution.kt */
@Metadata(mv = {2, 1, 0}, k = 1, xi = 48, d1 = {"��\u008a\u0001\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000e\n\u0002\b\u0005\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n\u0002\b\u0004\n\u0002\u0010\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0010\b��\u0018��2\u000e\u0012\u0004\u0012\u00020\u0002\u0012\u0004\u0012\u00020\u00030\u0001B\u0019\b\u0016\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0002¢\u0006\u0004\b\u0007\u0010\bJ\u000e\u00100\u001a\u000201H\u0096@¢\u0006\u0002\u00102J\u000e\u00103\u001a\u00020\u0003H\u0094@¢\u0006\u0002\u00102J\u0015\u00104\u001a\u00020\u00032\u0006\u00105\u001a\u000206H\u0010¢\u0006\u0002\b7J\b\u00108\u001a\u000201H\u0002J\u0012\u00109\u001a\u0004\u0018\u00010&2\u0006\u0010:\u001a\u00020\u001cH\u0002J\b\u0010;\u001a\u000201H\u0002J\b\u0010<\u001a\u000201H\u0002J\b\u0010=\u001a\u000201H\u0002J\b\u0010>\u001a\u000201H\u0002J\b\u0010?\u001a\u000201H\u0002J\u000e\u0010@\u001a\u000201H\u0082@¢\u0006\u0002\u00102J\b\u0010A\u001a\u000201H\u0002J\b\u0010B\u001a\u000201H\u0002J\b\u0010C\u001a\u000201H\u0002J\u000e\u0010D\u001a\u000201H\u0082@¢\u0006\u0002\u00102J\b\u0010E\u001a\u00020\u0003H\u0002R\u0014\u0010\t\u001a\u00020\nX\u0094D¢\u0006\b\n��\u001a\u0004\b\u000b\u0010\fR\u0014\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\b\n��\u0012\u0004\b\r\u0010\u000eR\u000e\u0010\u000f\u001a\u00020\u0010X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0011\u001a\u00020\u0012X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0013\u001a\u00020\u0014X\u0082\u0004¢\u0006\u0002\n��R\u0014\u0010\u0006\u001a\u00020\u0002X\u0082\u0004¢\u0006\b\n��\u0012\u0004\b\u0015\u0010\u000eR\u000e\u0010\u0016\u001a\u00020\nX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0017\u001a\u00020\u0018X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0019\u001a\u00020\u0018X\u0082\u0004¢\u0006\u0002\n��R\u0016\u0010\u001a\u001a\n\u0012\u0004\u0012\u00020\u001c\u0018\u00010\u001bX\u0082\u0004¢\u0006\u0002\n��R\u0016\u0010\u001d\u001a\n\u0012\u0004\u0012\u00020\u001f\u0018\u00010\u001eX\u0082\u0004¢\u0006\u0002\n��R\u0010\u0010 \u001a\u0004\u0018\u00010!X\u0082\u0004¢\u0006\u0002\n��R\u0010\u0010\"\u001a\u0004\u0018\u00010\u0018X\u0082\u0004¢\u0006\u0002\n��R\u0010\u0010#\u001a\u0004\u0018\u00010$X\u0082\u0004¢\u0006\u0002\n��R\u0014\u0010%\u001a\b\u0012\u0004\u0012\u00020&0\u001bX\u0082.¢\u0006\u0002\n��R\u0014\u0010'\u001a\b\u0012\u0004\u0012\u00020(0\u001bX\u0082.¢\u0006\u0002\n��R\u000e\u0010)\u001a\u00020*X\u0082.¢\u0006\u0002\n��R\u000e\u0010+\u001a\u00020,X\u0082\u000e¢\u0006\u0002\n��R\u000e\u0010-\u001a\u00020,X\u0082\u000e¢\u0006\u0002\n��R\u000e\u0010.\u001a\u00020,X\u0082\u000e¢\u0006\u0002\n��R\u000e\u0010/\u001a\u00020,X\u0082\u000e¢\u0006\u0002\n��¨\u0006F"}, d2 = {"Lcom/webauthn4j/ctap/authenticator/execution/GetAssertionExecution;", "Lcom/webauthn4j/ctap/authenticator/execution/CtapCommandExecutionBase;", "Lcom/webauthn4j/ctap/core/data/AuthenticatorGetAssertionRequest;", "Lcom/webauthn4j/ctap/core/data/AuthenticatorGetAssertionResponse;", "ctapAuthenticatorSession", "Lcom/webauthn4j/ctap/authenticator/CtapAuthenticatorSession;", "authenticatorGetAssertionRequest", "<init>", "(Lcom/webauthn4j/ctap/authenticator/CtapAuthenticatorSession;Lcom/webauthn4j/ctap/core/data/AuthenticatorGetAssertionRequest;)V", "commandName", "", "getCommandName", "()Ljava/lang/String;", "getCtapAuthenticatorSession$annotations", "()V", "logger", "Lorg/slf4j/Logger;", "getAssertionRequestValidator", "Lcom/webauthn4j/ctap/core/validator/AuthenticatorGetAssertionRequestValidator;", "authenticatorPropertyStore", "Lcom/webauthn4j/ctap/authenticator/store/AuthenticatorPropertyStore;", "getAuthenticatorGetAssertionRequest$annotations", "rpId", "rpIdHash", "", "clientDataHash", "allowList", "", "Lcom/webauthn4j/data/PublicKeyCredentialDescriptor;", "authenticationExtensionsAuthenticatorInputs", "Lcom/webauthn4j/data/extension/authenticator/AuthenticationExtensionsAuthenticatorInputs;", "Lcom/webauthn4j/data/extension/authenticator/AuthenticationExtensionAuthenticatorInput;", "options", "Lcom/webauthn4j/ctap/core/data/AuthenticatorGetAssertionRequest$Options;", "pinAuth", "pinProtocol", "Lcom/webauthn4j/ctap/core/data/PinProtocolVersion;", "credentials", "Lcom/webauthn4j/ctap/authenticator/data/credential/Credential;", "assertionObjects", "Lcom/webauthn4j/ctap/authenticator/GetAssertionSession$AssertionObject;", "onGoingGetAssertionSession", "Lcom/webauthn4j/ctap/authenticator/GetAssertionSession;", "userVerificationPlan", "", "userPresencePlan", "userVerificationResult", "userPresenceResult", "validate", "", "(Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "doExecute", "createErrorResponse", "statusCode", "Lcom/webauthn4j/ctap/core/data/CtapStatusCode;", "createErrorResponse$webauthn4j_ctap_authenticator", "execStep1LoadEligibleUserCredentials", "deriveCredential", "descriptor", "execStep2VerifyClientPIN", "execStep3ValidatePinProtocol", "execStep4SetUVWhenClientPinHasBeenSet", "execStep5ProcessOptions", "execStep6ProcessExtensions", "execStep7RequestUserConsent", "execStep8CheckUserCredentialCandidatesExistence", "execStep9SortUserCredentials", "execStep10PrepareGetAssertionSession", "execStep11SelectUserCredentialIfCredentialSelectorIsAuthenticator", "execStep12SignClientDataHashAndAuthData", "webauthn4j-ctap-authenticator"})
@SourceDebugExtension({"SMAP\nGetAssertionExecution.kt\nKotlin\n*S Kotlin\n*F\n+ 1 GetAssertionExecution.kt\ncom/webauthn4j/ctap/authenticator/execution/GetAssertionExecution\n+ 2 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n+ 3 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,494:1\n1563#2:495\n1634#2,3:496\n1563#2:499\n1634#2,3:500\n774#2:503\n865#2:504\n1761#2,3:505\n866#2:508\n774#2:509\n865#2,2:510\n1617#2,9:512\n1869#2:521\n1870#2:523\n1626#2:524\n1563#2:525\n1634#2,2:526\n808#2,11:528\n1869#2,2:539\n1636#2:541\n1056#2:542\n1563#2:543\n1634#2,3:544\n1869#2,2:547\n1#3:522\n1#3:549\n*S KotlinDebug\n*F\n+ 1 GetAssertionExecution.kt\ncom/webauthn4j/ctap/authenticator/execution/GetAssertionExecution\n*L\n115#1:495\n115#1:496,3\n133#1:499\n133#1:500,3\n154#1:503\n154#1:504\n155#1:505,3\n154#1:508\n160#1:509\n160#1:510,2\n161#1:512,9\n161#1:521\n161#1:523\n161#1:524\n299#1:525\n299#1:526,2\n310#1:528,11\n311#1:539,2\n299#1:541\n360#1:542\n375#1:543\n375#1:544,3\n394#1:547,2\n161#1:522\n*E\n"})
/* loaded from: input_file:com/webauthn4j/ctap/authenticator/execution/GetAssertionExecution.class */
public final class GetAssertionExecution extends CtapCommandExecutionBase<AuthenticatorGetAssertionRequest, AuthenticatorGetAssertionResponse> {

    @NotNull
    private final String commandName;

    @NotNull
    private final CtapAuthenticatorSession ctapAuthenticatorSession;

    @NotNull
    private final Logger logger;

    @NotNull
    private final AuthenticatorGetAssertionRequestValidator getAssertionRequestValidator;

    @NotNull
    private final AuthenticatorPropertyStore authenticatorPropertyStore;

    @NotNull
    private final AuthenticatorGetAssertionRequest authenticatorGetAssertionRequest;

    @NotNull
    private final String rpId;

    @NotNull
    private final byte[] rpIdHash;

    @NotNull
    private final byte[] clientDataHash;

    @Nullable
    private final List<PublicKeyCredentialDescriptor> allowList;

    @Nullable
    private final AuthenticationExtensionsAuthenticatorInputs<AuthenticationExtensionAuthenticatorInput> authenticationExtensionsAuthenticatorInputs;

    @Nullable
    private final AuthenticatorGetAssertionRequest.Options options;

    @Nullable
    private final byte[] pinAuth;

    @Nullable
    private final PinProtocolVersion pinProtocol;
    private List<? extends Credential> credentials;
    private List<GetAssertionSession.AssertionObject> assertionObjects;
    private GetAssertionSession onGoingGetAssertionSession;
    private boolean userVerificationPlan;
    private boolean userPresencePlan;
    private boolean userVerificationResult;
    private boolean userPresenceResult;

    /* compiled from: GetAssertionExecution.kt */
    @Metadata(mv = {2, 1, 0}, k = ClientPINService.MAX_VOLATILE_PIN_RETRIES, xi = 48)
    /* loaded from: input_file:com/webauthn4j/ctap/authenticator/execution/GetAssertionExecution$WhenMappings.class */
    public /* synthetic */ class WhenMappings {
        public static final /* synthetic */ int[] $EnumSwitchMapping$0;
        public static final /* synthetic */ int[] $EnumSwitchMapping$1;

        static {
            int[] iArr = new int[UserVerificationSetting.values().length];
            try {
                iArr[UserVerificationSetting.READY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            $EnumSwitchMapping$0 = iArr;
            int[] iArr2 = new int[UserPresenceSetting.values().length];
            try {
                iArr2[UserPresenceSetting.SUPPORTED.ordinal()] = 1;
            } catch (NoSuchFieldError e2) {
            }
            $EnumSwitchMapping$1 = iArr2;
        }
    }

    @Override // com.webauthn4j.ctap.authenticator.execution.CtapCommandExecutionBase
    @NotNull
    protected String getCommandName() {
        return this.commandName;
    }

    private static /* synthetic */ void getCtapAuthenticatorSession$annotations() {
    }

    private static /* synthetic */ void getAuthenticatorGetAssertionRequest$annotations() {
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public GetAssertionExecution(@NotNull CtapAuthenticatorSession ctapAuthenticatorSession, @NotNull AuthenticatorGetAssertionRequest authenticatorGetAssertionRequest) {
        super(ctapAuthenticatorSession, (CtapRequest) authenticatorGetAssertionRequest);
        Intrinsics.checkNotNullParameter(ctapAuthenticatorSession, "ctapAuthenticatorSession");
        Intrinsics.checkNotNullParameter(authenticatorGetAssertionRequest, "authenticatorGetAssertionRequest");
        this.commandName = "GetAssertion";
        Logger logger = LoggerFactory.getLogger(GetAssertionExecution.class);
        Intrinsics.checkNotNullExpressionValue(logger, "getLogger(...)");
        this.logger = logger;
        this.getAssertionRequestValidator = new AuthenticatorGetAssertionRequestValidator();
        this.authenticatorGetAssertionRequest = authenticatorGetAssertionRequest;
        this.ctapAuthenticatorSession = ctapAuthenticatorSession;
        this.authenticatorPropertyStore = ctapAuthenticatorSession.getAuthenticatorPropertyStore();
        this.rpId = authenticatorGetAssertionRequest.getRpId();
        MessageDigest createSHA256 = MessageDigestUtil.createSHA256();
        byte[] bytes = this.rpId.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
        byte[] digest = createSHA256.digest(bytes);
        Intrinsics.checkNotNullExpressionValue(digest, "digest(...)");
        this.rpIdHash = digest;
        this.clientDataHash = authenticatorGetAssertionRequest.getClientDataHash();
        this.allowList = authenticatorGetAssertionRequest.getAllowList();
        this.authenticationExtensionsAuthenticatorInputs = authenticatorGetAssertionRequest.getExtensions();
        this.options = authenticatorGetAssertionRequest.getOptions();
        this.pinAuth = authenticatorGetAssertionRequest.getPinAuth();
        this.pinProtocol = authenticatorGetAssertionRequest.getPinProtocol();
    }

    @Override // com.webauthn4j.ctap.authenticator.execution.CtapCommandExecutionBase
    @Nullable
    public Object validate(@NotNull Continuation<? super Unit> continuation) {
        this.getAssertionRequestValidator.validate(this.authenticatorGetAssertionRequest);
        return Unit.INSTANCE;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Failed to find 'out' block for switch in B:7:0x0043. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:15:0x00b4  */
    /* JADX WARN: Removed duplicated region for block: B:19:0x00cd  */
    /* JADX WARN: Removed duplicated region for block: B:23:0x010b  */
    /* JADX WARN: Removed duplicated region for block: B:33:0x0186  */
    /* JADX WARN: Removed duplicated region for block: B:37:0x01c4  */
    /* JADX WARN: Removed duplicated region for block: B:51:0x021e  */
    /* JADX WARN: Removed duplicated region for block: B:54:0x008e  */
    /* JADX WARN: Removed duplicated region for block: B:55:0x00b7  */
    /* JADX WARN: Removed duplicated region for block: B:56:0x024e  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x005c  */
    @Override // com.webauthn4j.ctap.authenticator.execution.CtapCommandExecutionBase
    @org.jetbrains.annotations.Nullable
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.Object doExecute(@org.jetbrains.annotations.NotNull kotlin.coroutines.Continuation<? super com.webauthn4j.ctap.core.data.AuthenticatorGetAssertionResponse> r9) {
        /*
            Method dump skipped, instructions count: 601
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.webauthn4j.ctap.authenticator.execution.GetAssertionExecution.doExecute(kotlin.coroutines.Continuation):java.lang.Object");
    }

    @Override // com.webauthn4j.ctap.authenticator.execution.CtapCommandExecutionBase
    @NotNull
    public AuthenticatorGetAssertionResponse createErrorResponse$webauthn4j_ctap_authenticator(@NotNull CtapStatusCode ctapStatusCode) {
        Intrinsics.checkNotNullParameter(ctapStatusCode, "statusCode");
        return new AuthenticatorGetAssertionResponse(ctapStatusCode);
    }

    private final void execStep1LoadEligibleUserCredentials() {
        ArrayList arrayList;
        boolean z;
        String str = this.rpId;
        GetAssertionExecution getAssertionExecution = this;
        if (this.allowList != null) {
            if (!this.allowList.isEmpty()) {
                List<ResidentUserCredential> loadUserCredentials = this.authenticatorPropertyStore.loadUserCredentials(str);
                ArrayList arrayList2 = new ArrayList();
                for (Object obj : loadUserCredentials) {
                    ResidentUserCredential residentUserCredential = (ResidentUserCredential) obj;
                    List<PublicKeyCredentialDescriptor> list = this.allowList;
                    if (!(list instanceof Collection) || !list.isEmpty()) {
                        Iterator<T> it = list.iterator();
                        while (true) {
                            if (it.hasNext()) {
                                if (Arrays.equals(residentUserCredential.getCredentialId(), ((PublicKeyCredentialDescriptor) it.next()).getId())) {
                                    z = true;
                                    break;
                                }
                            } else {
                                z = false;
                                break;
                            }
                        }
                    } else {
                        z = false;
                    }
                    if (z) {
                        arrayList2.add(obj);
                    }
                }
                ArrayList arrayList3 = arrayList2;
                ArrayList arrayList4 = new ArrayList();
                for (Object obj2 : arrayList3) {
                    if (Arrays.equals(((ResidentUserCredential) obj2).getRpIdHash(), this.rpIdHash)) {
                        arrayList4.add(obj2);
                    }
                }
                ArrayList arrayList5 = arrayList4;
                List<PublicKeyCredentialDescriptor> list2 = this.allowList;
                ArrayList arrayList6 = new ArrayList();
                Iterator<T> it2 = list2.iterator();
                while (it2.hasNext()) {
                    Credential deriveCredential = deriveCredential((PublicKeyCredentialDescriptor) it2.next());
                    if (deriveCredential != null) {
                        arrayList6.add(deriveCredential);
                    }
                }
                ArrayList arrayList7 = arrayList6;
                getAssertionExecution = getAssertionExecution;
                ArrayList arrayList8 = new ArrayList();
                arrayList8.addAll(arrayList5);
                arrayList8.addAll(arrayList7);
                arrayList = arrayList8;
                getAssertionExecution.credentials = arrayList;
            }
        }
        arrayList = new ArrayList(this.authenticatorPropertyStore.loadUserCredentials(str));
        getAssertionExecution.credentials = arrayList;
    }

    private final Credential deriveCredential(PublicKeyCredentialDescriptor publicKeyCredentialDescriptor) {
        try {
            byte[] decryptWithAESCBCPKCS5Padding = CipherUtil.decryptWithAESCBCPKCS5Padding(publicKeyCredentialDescriptor.getId(), this.authenticatorPropertyStore.loadEncryptionKey(), this.authenticatorPropertyStore.loadEncryptionIV());
            Intrinsics.checkNotNull(decryptWithAESCBCPKCS5Padding);
            try {
                Object readValue = this.ctapAuthenticatorSession.getObjectConverter().getCborConverter().readValue(decryptWithAESCBCPKCS5Padding, new TypeReference<NonResidentUserCredentialSource>() { // from class: com.webauthn4j.ctap.authenticator.execution.GetAssertionExecution$deriveCredential$nonResidentUserCredentialEnvelope$1
                });
                Intrinsics.checkNotNull(readValue);
                NonResidentUserCredentialSource nonResidentUserCredentialSource = (NonResidentUserCredentialSource) readValue;
                byte[] id = publicKeyCredentialDescriptor.getId();
                Intrinsics.checkNotNullExpressionValue(id, "getId(...)");
                return new NonResidentUserCredential(id, nonResidentUserCredentialSource.getUserCredentialKey(), nonResidentUserCredentialSource.getUserHandle(), nonResidentUserCredentialSource.getUsername(), nonResidentUserCredentialSource.getDisplayName(), nonResidentUserCredentialSource.getIcon(), nonResidentUserCredentialSource.getRpId(), nonResidentUserCredentialSource.getRpName(), nonResidentUserCredentialSource.getRpIcon(), nonResidentUserCredentialSource.getCreatedAt(), nonResidentUserCredentialSource.getOtherUI(), nonResidentUserCredentialSource.getDetails());
            } catch (RuntimeException e) {
                this.logger.trace("Failed to load NonResidentUserCredentialSource from credentialId", e);
                try {
                    Object readValue2 = this.ctapAuthenticatorSession.getObjectConverter().getCborConverter().readValue(decryptWithAESCBCPKCS5Padding, new TypeReference<U2FKeyEnvelope>() { // from class: com.webauthn4j.ctap.authenticator.execution.GetAssertionExecution$deriveCredential$u2fKeyEnvelope$1
                    });
                    Intrinsics.checkNotNull(readValue2);
                    U2FKeyEnvelope u2FKeyEnvelope = (U2FKeyEnvelope) readValue2;
                    SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.ES256;
                    Intrinsics.checkNotNullExpressionValue(signatureAlgorithm, "ES256");
                    PublicKey publicKey = u2FKeyEnvelope.getKeyPair().getPublicKey();
                    Intrinsics.checkNotNull(publicKey);
                    PrivateKey privateKey = u2FKeyEnvelope.getKeyPair().getPrivateKey();
                    Intrinsics.checkNotNull(privateKey);
                    NonResidentCredentialKey nonResidentCredentialKey = new NonResidentCredentialKey(signatureAlgorithm, publicKey, privateKey);
                    byte[] id2 = publicKeyCredentialDescriptor.getId();
                    Intrinsics.checkNotNullExpressionValue(id2, "getId(...)");
                    return new U2FCredential(id2, u2FKeyEnvelope.getApplicationParameter(), nonResidentCredentialKey, 0L, u2FKeyEnvelope.getCreatedAt(), MapsKt.emptyMap());
                } catch (RuntimeException e2) {
                    this.logger.trace("Failed to load U2FKeyEnvelope from credentialId", e2);
                    return null;
                }
            }
        } catch (RuntimeException e3) {
            Logger logger = this.logger;
            Object[] objArr = {HexUtil.INSTANCE.encodeToString(publicKeyCredentialDescriptor.getId())};
            String format = String.format("Skipped credentialId: %s as it doesn't contain valid NonResidentUserCredentialSource.", Arrays.copyOf(objArr, objArr.length));
            Intrinsics.checkNotNullExpressionValue(format, "format(...)");
            logger.debug(format);
            return null;
        }
    }

    private final void execStep2VerifyClientPIN() {
        if (this.pinAuth == null || this.pinProtocol != PinProtocolVersion.VERSION_1) {
            return;
        }
        byte[] bArr = this.clientDataHash;
        this.ctapAuthenticatorSession.getClientPINService().validatePINAuth(this.pinAuth, bArr);
        this.userVerificationResult = true;
    }

    private final void execStep3ValidatePinProtocol() {
        if (this.pinAuth != null && this.pinProtocol != PinProtocolVersion.VERSION_1) {
            throw new CtapCommandExecutionException(CtapStatusCode.Companion.getCTAP2_ERR_PIN_AUTH_INVALID(), null, 2, null);
        }
    }

    private final void execStep4SetUVWhenClientPinHasBeenSet() {
        if (this.pinAuth == null && this.ctapAuthenticatorSession.getClientPINService().isClientPINReady()) {
            this.userVerificationResult = false;
        }
    }

    private final void execStep5ProcessOptions() {
        if (this.options != null) {
            if (BooleanUtil.isTrue(this.options.getUv())) {
                if (WhenMappings.$EnumSwitchMapping$0[this.ctapAuthenticatorSession.getUserVerification().ordinal()] != 1) {
                    throw new CtapCommandExecutionException(CtapStatusCode.Companion.getCTAP2_ERR_UNSUPPORTED_OPTION(), null, 2, null);
                }
                this.userVerificationPlan = true;
            }
            if (Intrinsics.areEqual(this.options.getUp(), false)) {
                return;
            }
            if (WhenMappings.$EnumSwitchMapping$1[this.ctapAuthenticatorSession.getUserPresence().ordinal()] != 1) {
                throw new CtapCommandExecutionException(CtapStatusCode.Companion.getCTAP2_ERR_UNSUPPORTED_OPTION(), null, 2, null);
            }
            this.userPresencePlan = true;
        }
    }

    private final void execStep6ProcessExtensions() {
        AuthenticationExtensionsAuthenticatorInputs<AuthenticationExtensionAuthenticatorInput> authenticationExtensionsAuthenticatorInputs = this.authenticationExtensionsAuthenticatorInputs;
        List<? extends Credential> list = this.credentials;
        if (list == null) {
            Intrinsics.throwUninitializedPropertyAccessException("credentials");
            list = null;
        }
        List<? extends Credential> list2 = list;
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(list2, 10));
        for (Credential credential : list2) {
            AuthenticationExtensionsAuthenticatorOutputs.BuilderForAuthentication builderForAuthentication = new AuthenticationExtensionsAuthenticatorOutputs.BuilderForAuthentication();
            if (authenticationExtensionsAuthenticatorInputs != null) {
                AuthenticationExtensionContext authenticationExtensionContext = new AuthenticationExtensionContext(this.ctapAuthenticatorSession, this.authenticatorGetAssertionRequest, credential, this.userVerificationPlan, this.userPresencePlan);
                List<ExtensionProcessor> extensionProcessors = this.ctapAuthenticatorSession.getExtensionProcessors();
                ArrayList<AuthenticationExtensionProcessor> arrayList2 = new ArrayList();
                for (Object obj : extensionProcessors) {
                    if (obj instanceof AuthenticationExtensionProcessor) {
                        arrayList2.add(obj);
                    }
                }
                for (AuthenticationExtensionProcessor authenticationExtensionProcessor : arrayList2) {
                    if (authenticationExtensionProcessor.supportsAuthenticationExtension(authenticationExtensionsAuthenticatorInputs)) {
                        authenticationExtensionProcessor.processAuthenticationExtension(authenticationExtensionContext, builderForAuthentication);
                    }
                }
            }
            AuthenticationExtensionsAuthenticatorOutputs build = builderForAuthentication.build();
            Intrinsics.checkNotNullExpressionValue(build, "build(...)");
            arrayList.add(new GetAssertionSession.AssertionObject(credential, false, build, (byte) 0));
        }
        this.assertionObjects = arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Removed duplicated region for block: B:15:0x00a1  */
    /* JADX WARN: Removed duplicated region for block: B:23:0x00bc  */
    /* JADX WARN: Removed duplicated region for block: B:25:0x008f  */
    /* JADX WARN: Removed duplicated region for block: B:26:0x00d1  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0058  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.lang.Object execStep7RequestUserConsent(kotlin.coroutines.Continuation<? super kotlin.Unit> r8) {
        /*
            r7 = this;
            r0 = r8
            boolean r0 = r0 instanceof com.webauthn4j.ctap.authenticator.execution.GetAssertionExecution$execStep7RequestUserConsent$1
            if (r0 == 0) goto L27
            r0 = r8
            com.webauthn4j.ctap.authenticator.execution.GetAssertionExecution$execStep7RequestUserConsent$1 r0 = (com.webauthn4j.ctap.authenticator.execution.GetAssertionExecution$execStep7RequestUserConsent$1) r0
            r12 = r0
            r0 = r12
            int r0 = r0.label
            r1 = -2147483648(0xffffffff80000000, float:-0.0)
            r0 = r0 & r1
            if (r0 == 0) goto L27
            r0 = r12
            r1 = r0
            int r1 = r1.label
            r2 = -2147483648(0xffffffff80000000, float:-0.0)
            int r1 = r1 - r2
            r0.label = r1
            goto L32
        L27:
            com.webauthn4j.ctap.authenticator.execution.GetAssertionExecution$execStep7RequestUserConsent$1 r0 = new com.webauthn4j.ctap.authenticator.execution.GetAssertionExecution$execStep7RequestUserConsent$1
            r1 = r0
            r2 = r7
            r3 = r8
            r1.<init>(r2, r3)
            r12 = r0
        L32:
            r0 = r12
            java.lang.Object r0 = r0.result
            r11 = r0
            java.lang.Object r0 = kotlin.coroutines.intrinsics.IntrinsicsKt.getCOROUTINE_SUSPENDED()
            r13 = r0
            r0 = r12
            int r0 = r0.label
            switch(r0) {
                case 0: goto L58;
                case 1: goto L8f;
                default: goto Ld1;
            }
        L58:
            r0 = r11
            kotlin.ResultKt.throwOnFailure(r0)
            com.webauthn4j.ctap.authenticator.GetAssertionConsentRequest r0 = new com.webauthn4j.ctap.authenticator.GetAssertionConsentRequest
            r1 = r0
            r2 = r7
            java.lang.String r2 = r2.rpId
            r3 = r7
            boolean r3 = r3.userPresencePlan
            r4 = r7
            boolean r4 = r4.userVerificationPlan
            r1.<init>(r2, r3, r4)
            r9 = r0
            r0 = r7
            com.webauthn4j.ctap.authenticator.CtapAuthenticatorSession r0 = r0.ctapAuthenticatorSession
            com.webauthn4j.ctap.authenticator.UserVerificationHandler r0 = r0.getUserVerificationHandler()
            r1 = r9
            r2 = r12
            r3 = r12
            r4 = 1
            r3.label = r4
            java.lang.Object r0 = r0.onGetAssertionConsentRequested(r1, r2)
            r1 = r0
            r2 = r13
            if (r1 != r2) goto L96
            r1 = r13
            return r1
        L8f:
            r0 = r11
            kotlin.ResultKt.throwOnFailure(r0)
            r0 = r11
        L96:
            java.lang.Boolean r0 = (java.lang.Boolean) r0
            boolean r0 = r0.booleanValue()
            r10 = r0
            r0 = r10
            if (r0 == 0) goto Lbc
            r0 = r7
            boolean r0 = r0.userVerificationPlan
            if (r0 == 0) goto Lad
            r0 = r7
            r1 = 1
            r0.userVerificationResult = r1
        Lad:
            r0 = r7
            boolean r0 = r0.userPresencePlan
            if (r0 == 0) goto Lcd
            r0 = r7
            r1 = 1
            r0.userPresenceResult = r1
            goto Lcd
        Lbc:
            com.webauthn4j.ctap.authenticator.execution.CtapCommandExecutionException r0 = new com.webauthn4j.ctap.authenticator.execution.CtapCommandExecutionException
            r1 = r0
            com.webauthn4j.ctap.core.data.CtapStatusCode$Companion r2 = com.webauthn4j.ctap.core.data.CtapStatusCode.Companion
            com.webauthn4j.ctap.core.data.CtapStatusCode r2 = r2.getCTAP2_ERR_OPERATION_DENIED()
            r3 = 0
            r4 = 2
            r5 = 0
            r1.<init>(r2, r3, r4, r5)
            throw r0
        Lcd:
            kotlin.Unit r0 = kotlin.Unit.INSTANCE
            return r0
        Ld1:
            java.lang.IllegalStateException r0 = new java.lang.IllegalStateException
            r1 = r0
            java.lang.String r2 = "call to 'resume' before 'invoke' with coroutine"
            r1.<init>(r2)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.webauthn4j.ctap.authenticator.execution.GetAssertionExecution.execStep7RequestUserConsent(kotlin.coroutines.Continuation):java.lang.Object");
    }

    private final void execStep8CheckUserCredentialCandidatesExistence() {
        List<GetAssertionSession.AssertionObject> list = this.assertionObjects;
        if (list == null) {
            Intrinsics.throwUninitializedPropertyAccessException("assertionObjects");
            list = null;
        }
        if (list.isEmpty()) {
            throw new CtapCommandExecutionException(CtapStatusCode.Companion.getCTAP2_ERR_NO_CREDENTIALS(), null, 2, null);
        }
    }

    private final void execStep9SortUserCredentials() {
        List<GetAssertionSession.AssertionObject> list = this.assertionObjects;
        if (list == null) {
            Intrinsics.throwUninitializedPropertyAccessException("assertionObjects");
            list = null;
        }
        CollectionsKt.sortedWith(list, new Comparator() { // from class: com.webauthn4j.ctap.authenticator.execution.GetAssertionExecution$execStep9SortUserCredentials$$inlined$sortedBy$1
            /* JADX WARN: Multi-variable type inference failed */
            @Override // java.util.Comparator
            public final int compare(T t, T t2) {
                return ComparisonsKt.compareValues(Long.valueOf(((GetAssertionSession.AssertionObject) t).getCredential().getCreatedAt().getEpochSecond()), Long.valueOf(((GetAssertionSession.AssertionObject) t2).getCredential().getCreatedAt().getEpochSecond()));
            }
        });
    }

    private final void execStep10PrepareGetAssertionSession() {
        if (!this.userVerificationPlan && this.authenticatorGetAssertionRequest.getPinAuth() == null) {
            List<GetAssertionSession.AssertionObject> list = this.assertionObjects;
            if (list == null) {
                Intrinsics.throwUninitializedPropertyAccessException("assertionObjects");
                list = null;
            }
            List<GetAssertionSession.AssertionObject> list2 = list;
            ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(list2, 10));
            Iterator<T> it = list2.iterator();
            while (it.hasNext()) {
                ((GetAssertionSession.AssertionObject) it.next()).setMaskUserIdentifiableInfo(true);
                arrayList.add(Unit.INSTANCE);
            }
        }
        byte b = this.userVerificationResult ? (byte) (0 | 4) : (byte) 0;
        if (this.userPresenceResult) {
            b = (byte) (b | 1);
        }
        List<GetAssertionSession.AssertionObject> list3 = this.assertionObjects;
        if (list3 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("assertionObjects");
            list3 = null;
        }
        for (GetAssertionSession.AssertionObject assertionObject : list3) {
            assertionObject.setFlags(b);
            Set keys = assertionObject.getExtensions().getKeys();
            Intrinsics.checkNotNullExpressionValue(keys, "getKeys(...)");
            if (!keys.isEmpty()) {
                assertionObject.setFlags((byte) (assertionObject.getFlags() | Byte.MIN_VALUE));
            }
        }
        List<GetAssertionSession.AssertionObject> list4 = this.assertionObjects;
        if (list4 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("assertionObjects");
            list4 = null;
        }
        this.onGoingGetAssertionSession = new GetAssertionSession(list4, this.clientDataHash);
        CtapAuthenticatorSession ctapAuthenticatorSession = this.ctapAuthenticatorSession;
        GetAssertionSession getAssertionSession = this.onGoingGetAssertionSession;
        if (getAssertionSession == null) {
            Intrinsics.throwUninitializedPropertyAccessException("onGoingGetAssertionSession");
            getAssertionSession = null;
        }
        ctapAuthenticatorSession.setOnGoingGetAssertionSession(getAssertionSession);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Failed to find 'out' block for switch in B:7:0x0043. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:20:0x00ab  */
    /* JADX WARN: Removed duplicated region for block: B:24:0x00ca  */
    /* JADX WARN: Removed duplicated region for block: B:30:0x0102  */
    /* JADX WARN: Removed duplicated region for block: B:32:0x010d  */
    /* JADX WARN: Removed duplicated region for block: B:40:0x00f9 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:44:0x0097  */
    /* JADX WARN: Removed duplicated region for block: B:45:0x0142  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0058  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.lang.Object execStep11SelectUserCredentialIfCredentialSelectorIsAuthenticator(kotlin.coroutines.Continuation<? super kotlin.Unit> r7) {
        /*
            Method dump skipped, instructions count: 333
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.webauthn4j.ctap.authenticator.execution.GetAssertionExecution.execStep11SelectUserCredentialIfCredentialSelectorIsAuthenticator(kotlin.coroutines.Continuation):java.lang.Object");
    }

    private final AuthenticatorGetAssertionResponse execStep12SignClientDataHashAndAuthData() {
        CtapPublicKeyCredentialUserEntity ctapPublicKeyCredentialUserEntity;
        GetAssertionSession getAssertionSession = this.onGoingGetAssertionSession;
        if (getAssertionSession == null) {
            Intrinsics.throwUninitializedPropertyAccessException("onGoingGetAssertionSession");
            getAssertionSession = null;
        }
        GetAssertionSession.AssertionObject nextAssertionObject = getAssertionSession.nextAssertionObject();
        Credential credential = nextAssertionObject.getCredential();
        PublicKeyCredentialDescriptor publicKeyCredentialDescriptor = new PublicKeyCredentialDescriptor(PublicKeyCredentialType.PUBLIC_KEY, credential.getCredentialId(), this.ctapAuthenticatorSession.getTransports());
        long counter = credential.getCounter();
        byte[] convert = this.ctapAuthenticatorSession.getAuthenticatorDataConverter().convert(new AuthenticatorData(nextAssertionObject.getCredential().getRpIdHash(), nextAssertionObject.getFlags(), counter, nextAssertionObject.getExtensions()));
        GetAssertionSession getAssertionSession2 = this.onGoingGetAssertionSession;
        if (getAssertionSession2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("onGoingGetAssertionSession");
            getAssertionSession2 = null;
        }
        byte[] clientDataHash = getAssertionSession2.getClientDataHash();
        byte[] array = ByteBuffer.allocate(convert.length + clientDataHash.length).put(convert).put(clientDataHash).array();
        SignatureAlgorithm alg = credential.getCredentialKey().getAlg();
        Intrinsics.checkNotNull(alg);
        KeyPair keyPair = credential.getCredentialKey().getKeyPair();
        Intrinsics.checkNotNull(keyPair);
        PrivateKey privateKey = keyPair.getPrivate();
        Intrinsics.checkNotNullExpressionValue(privateKey, "getPrivate(...)");
        Intrinsics.checkNotNull(array);
        byte[] calculate = SignatureCalculator.calculate(alg, privateKey, array);
        if (credential instanceof UserCredential) {
            boolean maskUserIdentifiableInfo = nextAssertionObject.getMaskUserIdentifiableInfo();
            if (maskUserIdentifiableInfo) {
                ctapPublicKeyCredentialUserEntity = new CtapPublicKeyCredentialUserEntity(((UserCredential) credential).getUserHandle(), (String) null, (String) null, (String) null);
            } else {
                if (maskUserIdentifiableInfo) {
                    throw new NoWhenBranchMatchedException();
                }
                ctapPublicKeyCredentialUserEntity = new CtapPublicKeyCredentialUserEntity(((UserCredential) credential).getUserHandle(), ((UserCredential) credential).getUsername(), ((UserCredential) credential).getDisplayName(), ((UserCredential) credential).getIcon());
            }
        } else {
            ctapPublicKeyCredentialUserEntity = null;
        }
        CtapPublicKeyCredentialUserEntity ctapPublicKeyCredentialUserEntity2 = ctapPublicKeyCredentialUserEntity;
        GetAssertionSession getAssertionSession3 = this.onGoingGetAssertionSession;
        if (getAssertionSession3 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("onGoingGetAssertionSession");
            getAssertionSession3 = null;
        }
        int numberOfAssertionObjects = getAssertionSession3.getNumberOfAssertionObjects();
        Intrinsics.checkNotNull(convert);
        AuthenticatorGetAssertionResponseData authenticatorGetAssertionResponseData = new AuthenticatorGetAssertionResponseData(publicKeyCredentialDescriptor, convert, calculate, ctapPublicKeyCredentialUserEntity2, Integer.valueOf(numberOfAssertionObjects));
        if (credential instanceof ResidentUserCredential) {
            ((ResidentUserCredential) credential).setCounter(counter + 1);
            try {
                this.authenticatorPropertyStore.saveUserCredential((ResidentUserCredential) credential);
            } catch (StoreFullException e) {
                throw new CtapCommandExecutionException(CtapStatusCode.Companion.getCTAP2_ERR_KEY_STORE_FULL(), null, 2, null);
            }
        }
        return new AuthenticatorGetAssertionResponse(CtapStatusCode.Companion.getCTAP2_OK(), authenticatorGetAssertionResponseData);
    }
}
