package androidx.security.identity;

import android.content.Context;
import android.icu.util.Calendar;
import android.security.keystore.KeyGenParameterSpec;
import android.util.AtomicFile;
import android.util.Pair;
import androidx.annotation.NonNull;
import androidx.security.app.authenticator.AppAuthenticator;
import androidx.security.identity.PersonalizationData;
import co.nstant.in.cbor.CborException;
import com.google.android.gms.stats.CodePackage;
import com.saudi.airline.utils.Constants;
import defpackage.d;
import f.a;
import f.c;
import g.b;
import j.e;
import j.i;
import j.k;
import j.q;
import j.r;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.AbstractList;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class CredentialData {
    private static final String TAG = "CredentialData";
    private AbstractMap<Integer, String> mAcpTimeoutKeyAliases;
    private Context mContext;
    private String mCredentialName;
    private String mDocType = "";
    private String mCredentialKeyAlias = "";
    private Collection<X509Certificate> mCertificateChain = null;
    private byte[] mProofOfProvisioningSha256 = null;
    private AbstractList<AccessControlProfile> mAccessControlProfiles = new ArrayList();
    private AbstractMap<Integer, AccessControlProfile> mProfileIdToAcpMap = new HashMap();
    private AbstractList<PersonalizationData.NamespaceData> mNamespaceDatas = new ArrayList();
    private int mAuthKeyCount = 0;
    private int mAuthMaxUsesPerKey = 1;
    private String mPerReaderSessionKeyAlias = "";
    private AbstractList<AuthKeyData> mAuthKeyDatas = new ArrayList();

    /* loaded from: classes2.dex */
    public static class AuthKeyData {
        public String mAlias = "";
        public byte[] mCertificate = new byte[0];
        public byte[] mStaticAuthenticationData = new byte[0];
        public int mUseCount = 0;
        public String mPendingAlias = "";
        public byte[] mPendingCertificate = new byte[0];
        public Calendar mExpirationDate = null;
    }

    private CredentialData(Context context, String str) {
        this.mContext = context;
        this.mCredentialName = str;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.util.List<j.e>, java.util.LinkedList] */
    public static byte[] buildProofOfDeletionSignature(String str, PrivateKey privateKey, byte[] bArr) {
        a aVar = new a();
        b<a> d = aVar.d();
        d.e("ProofOfDeletion");
        d.e(str);
        if (bArr != null) {
            d.f(bArr);
        }
        d.c();
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new c(byteArrayOutputStream).a((e) aVar.f12330b.get(0));
            return Util.cborEncode(Util.coseSign1Sign(privateKey, byteArrayOutputStream.toByteArray(), (byte[]) null, (Collection<X509Certificate>) null));
        } catch (CborException | InvalidKeyException | NoSuchAlgorithmException | CertificateEncodingException e) {
            throw new RuntimeException("Error building ProofOfDeletion", e);
        }
    }

    private boolean checkUserAuthenticationTimeout(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) keyStore.getEntry(str, null)).getSecretKey();
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKey);
            cipher.doFinal(new byte[]{1, 2});
            return true;
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException unused) {
            return false;
        }
    }

    public static CredentialData createCredentialData(Context context, String str, String str2, String str3, Collection<X509Certificate> collection, PersonalizationData personalizationData, byte[] bArr, boolean z7) {
        if (!z7 && credentialAlreadyExists(context, str2)) {
            throw new RuntimeException("Credential with given name already exists");
        }
        CredentialData credentialData = new CredentialData(context, str2);
        credentialData.mDocType = str;
        credentialData.mCredentialKeyAlias = str3;
        credentialData.mCertificateChain = collection;
        credentialData.mProofOfProvisioningSha256 = bArr;
        credentialData.mAccessControlProfiles = new ArrayList();
        credentialData.mProfileIdToAcpMap = new HashMap();
        for (AccessControlProfile accessControlProfile : personalizationData.getAccessControlProfiles()) {
            credentialData.mAccessControlProfiles.add(accessControlProfile);
            credentialData.mProfileIdToAcpMap.put(Integer.valueOf(accessControlProfile.getAccessControlProfileId().getId()), accessControlProfile);
        }
        ArrayList arrayList = new ArrayList();
        credentialData.mNamespaceDatas = arrayList;
        arrayList.addAll(personalizationData.getNamespaceDatas());
        credentialData.mAcpTimeoutKeyAliases = new HashMap();
        for (AccessControlProfile accessControlProfile2 : personalizationData.getAccessControlProfiles()) {
            boolean isUserAuthenticationRequired = accessControlProfile2.isUserAuthenticationRequired();
            long userAuthenticationTimeout = accessControlProfile2.getUserAuthenticationTimeout();
            if (isUserAuthenticationRequired) {
                ensurePerReaderSessionKey(str2, credentialData);
                ensureAcpTimoutKeyForProfile(str2, credentialData, accessControlProfile2, userAuthenticationTimeout);
            }
        }
        credentialData.createDataEncryptionKey();
        credentialData.saveToDisk();
        return credentialData;
    }

    private void createDataEncryptionKey() {
        try {
            String dataKeyAliasFromCredentialName = getDataKeyAliasFromCredentialName(this.mCredentialName);
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(new KeyGenParameterSpec.Builder(dataKeyAliasFromCredentialName, 3).setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding").setKeySize(128).build());
            keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new RuntimeException("Error creating data encryption key", e);
        }
    }

    public static boolean credentialAlreadyExists(Context context, String str) {
        try {
            new AtomicFile(context.getFileStreamPath(getFilenameForCredentialData(str))).openRead();
            return true;
        } catch (FileNotFoundException unused) {
            return false;
        }
    }

    public static byte[] delete(Context context, String str, byte[] bArr) {
        AtomicFile atomicFile = new AtomicFile(context.getFileStreamPath(getFilenameForCredentialData(str)));
        try {
            atomicFile.openRead();
            CredentialData credentialData = new CredentialData(context, str);
            try {
                credentialData.loadFromDisk(getDataKeyAliasFromCredentialName(str));
                try {
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    keyStore.load(null);
                    byte[] buildProofOfDeletionSignature = buildProofOfDeletionSignature(credentialData.mDocType, ((KeyStore.PrivateKeyEntry) keyStore.getEntry(credentialData.mCredentialKeyAlias, null)).getPrivateKey(), bArr);
                    atomicFile.delete();
                    try {
                        keyStore.deleteEntry(credentialData.mCredentialKeyAlias);
                        if (!credentialData.mPerReaderSessionKeyAlias.isEmpty()) {
                            keyStore.deleteEntry(credentialData.mPerReaderSessionKeyAlias);
                        }
                        Iterator<String> it = credentialData.mAcpTimeoutKeyAliases.values().iterator();
                        while (it.hasNext()) {
                            keyStore.deleteEntry(it.next());
                        }
                        Iterator<AuthKeyData> it2 = credentialData.mAuthKeyDatas.iterator();
                        while (it2.hasNext()) {
                            AuthKeyData next = it2.next();
                            if (!next.mAlias.isEmpty()) {
                                keyStore.deleteEntry(next.mAlias);
                            }
                            if (!next.mPendingAlias.isEmpty()) {
                                keyStore.deleteEntry(next.mPendingAlias);
                            }
                        }
                        return buildProofOfDeletionSignature;
                    } catch (KeyStoreException e) {
                        throw new RuntimeException("Error deleting key", e);
                    }
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e8) {
                    throw new RuntimeException("Error loading keystore", e8);
                }
            } catch (RuntimeException unused) {
                atomicFile.delete();
                return null;
            }
        } catch (FileNotFoundException unused2) {
        }
    }

    private static void ensureAcpTimoutKeyForProfile(String str, CredentialData credentialData, AccessControlProfile accessControlProfile, long j7) {
        if (j7 > 0) {
            int id = accessControlProfile.getAccessControlProfileId().getId();
            String acpTimeoutKeyAliasFromCredentialName = getAcpTimeoutKeyAliasFromCredentialName(str, id);
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                keyGenerator.init(new KeyGenParameterSpec.Builder(acpTimeoutKeyAliasFromCredentialName, 3).setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding").setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds((int) (j7 / 1000)).setKeySize(128).build());
                keyGenerator.generateKey();
                credentialData.mAcpTimeoutKeyAliases.put(Integer.valueOf(id), acpTimeoutKeyAliasFromCredentialName);
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
                throw new RuntimeException("Error creating ACP auth-bound timeout key", e);
            }
        }
    }

    private static void ensurePerReaderSessionKey(String str, CredentialData credentialData) {
        if (credentialData.mPerReaderSessionKeyAlias.isEmpty()) {
            credentialData.mPerReaderSessionKeyAlias = getAcpKeyAliasFromCredentialName(str);
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                keyGenerator.init(new KeyGenParameterSpec.Builder(credentialData.mPerReaderSessionKeyAlias, 3).setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding").setKeySize(128).setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(-1).build());
                keyGenerator.generateKey();
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
                throw new RuntimeException("Error creating ACP auth-bound key", e);
            }
        }
    }

    public static String escapeCredentialName(String str, String str2) {
        try {
            return "identity_credential_" + str + Constants.UNDER_SCORE + URLEncoder.encode(str2, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("Unexpected UnsupportedEncodingException", e);
        }
    }

    public static String getAcpKeyAliasFromCredentialName(String str) {
        return escapeCredentialName("acp", str);
    }

    public static String getAcpTimeoutKeyAliasFromCredentialName(String str, int i7) {
        return escapeCredentialName(d.j("acp_timeout_for_id", i7), str);
    }

    public static String getAliasFromCredentialName(String str) {
        return escapeCredentialName("credkey", str);
    }

    public static String getDataKeyAliasFromCredentialName(String str) {
        return escapeCredentialName("datakey", str);
    }

    public static String getFilenameForCredentialData(String str) {
        return escapeCredentialName("data", str);
    }

    private void loadAccessControlProfiles(i iVar) {
        e h8 = defpackage.a.h("accessControlProfiles", iVar);
        if (!(h8 instanceof j.b)) {
            throw new RuntimeException("accessControlProfiles not found or not array");
        }
        this.mAccessControlProfiles = new ArrayList();
        this.mProfileIdToAcpMap = new HashMap();
        Iterator<e> it = ((j.b) h8).d.iterator();
        while (it.hasNext()) {
            AccessControlProfile accessControlProfileFromCbor = Util.accessControlProfileFromCbor(it.next());
            this.mAccessControlProfiles.add(accessControlProfileFromCbor);
            this.mProfileIdToAcpMap.put(Integer.valueOf(accessControlProfileFromCbor.getAccessControlProfileId().getId()), accessControlProfileFromCbor);
        }
    }

    private void loadAuthKey(i iVar) {
        this.mPerReaderSessionKeyAlias = ((q) defpackage.a.h("perReaderSessionKeyAlias", iVar)).d;
        e h8 = defpackage.a.h("acpTimeoutKeyMap", iVar);
        if (!(h8 instanceof i)) {
            throw new RuntimeException("acpTimeoutKeyMap not found or not map");
        }
        this.mAcpTimeoutKeyAliases = new HashMap();
        i iVar2 = (i) h8;
        for (e eVar : iVar2.e) {
            if (!(eVar instanceof r)) {
                throw new RuntimeException("Key in acpTimeoutKeyMap is not an integer");
            }
            int intValue = ((r) eVar).f14490c.intValue();
            e c8 = iVar2.c(eVar);
            if (!(c8 instanceof q)) {
                throw new RuntimeException("Item in acpTimeoutKeyMap is not a string");
            }
            this.mAcpTimeoutKeyAliases.put(Integer.valueOf(intValue), ((q) c8).d);
        }
        this.mAuthKeyCount = ((k) defpackage.a.h("authKeyCount", iVar)).f14490c.intValue();
        this.mAuthMaxUsesPerKey = ((k) defpackage.a.h("authKeyMaxUses", iVar)).f14490c.intValue();
        e h9 = defpackage.a.h("authKeyDatas", iVar);
        if (!(h9 instanceof j.b)) {
            throw new RuntimeException("authKeyDatas not found or not array");
        }
        this.mAuthKeyDatas = new ArrayList();
        Iterator<e> it = ((j.b) h9).d.iterator();
        while (it.hasNext()) {
            e next = it.next();
            AuthKeyData authKeyData = new AuthKeyData();
            i iVar3 = (i) next;
            authKeyData.mAlias = ((q) defpackage.a.h("alias", iVar3)).d;
            authKeyData.mUseCount = ((k) defpackage.a.h("useCount", iVar3)).f14490c.intValue();
            byte[] bArr = ((j.c) defpackage.a.h("certificate", iVar3)).d;
            if (bArr == null) {
                bArr = null;
            }
            authKeyData.mCertificate = bArr;
            byte[] bArr2 = ((j.c) defpackage.a.h("staticAuthenticationData", iVar3)).d;
            if (bArr2 == null) {
                bArr2 = null;
            }
            authKeyData.mStaticAuthenticationData = bArr2;
            authKeyData.mPendingAlias = ((q) defpackage.a.h("pendingAlias", iVar3)).d;
            byte[] bArr3 = ((j.c) defpackage.a.h("pendingCertificate", iVar3)).d;
            authKeyData.mPendingCertificate = bArr3 != null ? bArr3 : null;
            long j7 = Long.MAX_VALUE;
            e h10 = defpackage.a.h("expirationDateMillis", iVar3);
            if (h10 != null) {
                if (!(h10 instanceof k)) {
                    throw new RuntimeException("expirationDateMillis not a number");
                }
                j7 = ((k) h10).f14490c.longValue();
            }
            Calendar calendar = Calendar.getInstance();
            calendar.setTimeInMillis(j7);
            authKeyData.mExpirationDate = calendar;
            this.mAuthKeyDatas.add(authKeyData);
        }
    }

    private void loadBasic(i iVar) {
        this.mDocType = ((q) defpackage.a.h("docType", iVar)).d;
        this.mCredentialKeyAlias = ((q) defpackage.a.h("credentialKeyAlias", iVar)).d;
    }

    public static CredentialData loadCredentialData(Context context, String str) {
        CredentialData credentialData = new CredentialData(context, str);
        if (credentialData.loadFromDisk(getDataKeyAliasFromCredentialName(str))) {
            return credentialData;
        }
        return null;
    }

    private void loadCredentialKeyCertChain(i iVar) {
        e h8 = defpackage.a.h("credentialKeyCertChain", iVar);
        if (!(h8 instanceof j.b)) {
            throw new RuntimeException("credentialKeyCertChain not found or not array");
        }
        this.mCertificateChain = new ArrayList();
        Iterator<e> it = ((j.b) h8).d.iterator();
        while (it.hasNext()) {
            byte[] bArr = ((j.c) it.next()).d;
            if (bArr == null) {
                bArr = null;
            }
            try {
                this.mCertificateChain.add((X509Certificate) CertificateFactory.getInstance(com.huawei.hms.feature.dynamic.f.e.f3569b).generateCertificate(new ByteArrayInputStream(bArr)));
            } catch (CertificateException e) {
                throw new RuntimeException("Error decoding certificate blob", e);
            }
        }
    }

    private boolean loadFromDisk(String str) {
        try {
            try {
                LinkedList linkedList = (LinkedList) new f.b(new ByteArrayInputStream(loadFromDiskDecrypt(str, new AtomicFile(this.mContext.getFileStreamPath(getFilenameForCredentialData(this.mCredentialName))).readFully()))).a();
                if (linkedList.size() != 1) {
                    throw new RuntimeException("Expected 1 item, found " + linkedList.size());
                }
                if (!(linkedList.get(0) instanceof i)) {
                    throw new RuntimeException("Item is not a map");
                }
                i iVar = (i) linkedList.get(0);
                loadBasic(iVar);
                loadCredentialKeyCertChain(iVar);
                loadProofOfProvisioningSha256(iVar);
                loadAccessControlProfiles(iVar);
                loadNamespaceDatas(iVar);
                loadAuthKey(iVar);
                return true;
            } catch (CborException e) {
                throw new RuntimeException("Error decoding data", e);
            }
        } catch (Exception unused) {
            return false;
        }
    }

    private byte[] loadFromDiskDecrypt(String str, byte[] bArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) keyStore.getEntry(str, null)).getSecretKey();
            if (bArr.length < 12) {
                throw new RuntimeException("Encrypted CBOR on disk is too small");
            }
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            byte[] bArr2 = new byte[12];
            wrap.get(bArr2);
            byte[] bArr3 = new byte[bArr.length - 12];
            wrap.get(bArr3);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, secretKey, new GCMParameterSpec(128, bArr2));
            return cipher.doFinal(bArr3);
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new RuntimeException("Error decrypting CBOR", e);
        }
    }

    private void loadNamespaceDatas(i iVar) {
        e h8 = defpackage.a.h("namespaceDatas", iVar);
        if (!(h8 instanceof i)) {
            throw new RuntimeException("namespaceDatas not found or not map");
        }
        this.mNamespaceDatas = new ArrayList();
        i iVar2 = (i) h8;
        for (e eVar : iVar2.e) {
            if (!(eVar instanceof q)) {
                throw new RuntimeException("Key in namespaceDatas is not a string");
            }
            this.mNamespaceDatas.add(Util.namespaceDataFromCbor(((q) eVar).d, iVar2.c(eVar)));
        }
    }

    private void loadProofOfProvisioningSha256(i iVar) {
        e h8 = defpackage.a.h("proofOfProvisioningSha256", iVar);
        if (!(h8 instanceof j.c)) {
            throw new RuntimeException("proofOfProvisioningSha256 not found or not bstr");
        }
        byte[] bArr = ((j.c) h8).d;
        if (bArr == null) {
            bArr = null;
        }
        this.mProofOfProvisioningSha256 = bArr;
    }

    private void saveToDisk() {
        FileOutputStream fileOutputStream;
        a aVar = new a();
        g.c<a> e = aVar.e();
        saveToDiskBasic(e);
        saveToDiskAuthDatas(e);
        saveToDiskACPs(e);
        saveToDiskNamespaceDatas(e);
        saveToDiskAuthKeys(e);
        byte[] saveToDiskEncrypt = saveToDiskEncrypt(saveToDiskEncode(aVar));
        AtomicFile atomicFile = new AtomicFile(this.mContext.getFileStreamPath(getFilenameForCredentialData(this.mCredentialName)));
        try {
            fileOutputStream = atomicFile.startWrite();
        } catch (IOException e8) {
            e = e8;
            fileOutputStream = null;
        }
        try {
            fileOutputStream.write(saveToDiskEncrypt);
            fileOutputStream.close();
            atomicFile.finishWrite(fileOutputStream);
        } catch (IOException e9) {
            e = e9;
            if (fileOutputStream != null) {
                atomicFile.failWrite(fileOutputStream);
            }
            throw new RuntimeException("Error writing data", e);
        }
    }

    private void saveToDiskACPs(g.c<a> cVar) {
        b<g.c<a>> g8 = cVar.g("accessControlProfiles");
        Iterator<AccessControlProfile> it = this.mAccessControlProfiles.iterator();
        while (it.hasNext()) {
            g8.d(Util.accessControlProfileToCbor(it.next()));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void saveToDiskAuthDatas(g.c<a> cVar) {
        b<g.c<a>> g8 = cVar.g("authKeyDatas");
        Iterator<AuthKeyData> it = this.mAuthKeyDatas.iterator();
        while (it.hasNext()) {
            AuthKeyData next = it.next();
            long j7 = Long.MAX_VALUE;
            Calendar calendar = next.mExpirationDate;
            if (calendar != null) {
                j7 = calendar.getTimeInMillis();
            }
            g.c<b<g.c<a>>> g9 = g8.g();
            g9.e("alias", next.mAlias);
            g9.d("useCount", next.mUseCount);
            g9.f("certificate", next.mCertificate);
            g9.f("staticAuthenticationData", next.mStaticAuthenticationData);
            g9.e("pendingAlias", next.mPendingAlias);
            g9.f("pendingCertificate", next.mPendingCertificate);
            g9.d("expirationDateMillis", j7);
        }
    }

    private void saveToDiskAuthKeys(g.c<a> cVar) {
        cVar.e("perReaderSessionKeyAlias", this.mPerReaderSessionKeyAlias);
        g.c<g.c<a>> h8 = cVar.h("acpTimeoutKeyMap");
        Iterator<Map.Entry<Integer, String>> it = this.mAcpTimeoutKeyAliases.entrySet().iterator();
        while (it.hasNext()) {
            h8.c(new r(r0.getKey().intValue()), new q(it.next().getValue()));
        }
    }

    private void saveToDiskBasic(g.c<a> cVar) {
        cVar.e("docType", this.mDocType);
        cVar.e("credentialKeyAlias", this.mCredentialKeyAlias);
        b<g.c<a>> g8 = cVar.g("credentialKeyCertChain");
        Iterator<X509Certificate> it = this.mCertificateChain.iterator();
        while (it.hasNext()) {
            try {
                g8.f(it.next().getEncoded());
            } catch (CertificateEncodingException e) {
                throw new RuntimeException("Error encoding certificate", e);
            }
        }
        cVar.f("proofOfProvisioningSha256", this.mProofOfProvisioningSha256);
        cVar.d("authKeyCount", this.mAuthKeyCount);
        cVar.d("authKeyMaxUses", this.mAuthMaxUsesPerKey);
    }

    private byte[] saveToDiskEncode(a aVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            new c(byteArrayOutputStream).b(aVar.f12330b);
            return byteArrayOutputStream.toByteArray();
        } catch (CborException e) {
            throw new RuntimeException("Error encoding data", e);
        }
    }

    private byte[] saveToDiskEncrypt(byte[] bArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) keyStore.getEntry(getDataKeyAliasFromCredentialName(this.mCredentialName), null)).getSecretKey();
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKey);
            byte[] doFinal = cipher.doFinal(bArr);
            ByteBuffer allocate = ByteBuffer.allocate(doFinal.length + 12);
            allocate.put(cipher.getIV());
            allocate.put(doFinal);
            return allocate.array();
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new RuntimeException("Error encrypting CBOR for saving to disk", e);
        }
    }

    private void saveToDiskNamespaceDatas(g.c<a> cVar) {
        g.c<g.c<a>> h8 = cVar.h("namespaceDatas");
        Iterator<PersonalizationData.NamespaceData> it = this.mNamespaceDatas.iterator();
        while (it.hasNext()) {
            PersonalizationData.NamespaceData next = it.next();
            h8.c(new q(next.getNamespaceName()), Util.namespaceDataToCbor(next));
        }
    }

    public boolean checkUserAuthentication(AccessControlProfileId accessControlProfileId, boolean z7) {
        if (getAccessControlProfile(accessControlProfileId).getUserAuthenticationTimeout() == 0) {
            return z7;
        }
        String str = this.mAcpTimeoutKeyAliases.get(Integer.valueOf(accessControlProfileId.getId()));
        if (str != null) {
            return checkUserAuthenticationTimeout(str);
        }
        StringBuilder j7 = defpackage.c.j("No key alias for ACP with ID ");
        j7.append(accessControlProfileId.getId());
        throw new RuntimeException(j7.toString());
    }

    public void deleteKeysForReplacement() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            try {
                if (!this.mPerReaderSessionKeyAlias.isEmpty()) {
                    keyStore.deleteEntry(this.mPerReaderSessionKeyAlias);
                }
                Iterator<String> it = this.mAcpTimeoutKeyAliases.values().iterator();
                while (it.hasNext()) {
                    keyStore.deleteEntry(it.next());
                }
                Iterator<AuthKeyData> it2 = this.mAuthKeyDatas.iterator();
                while (it2.hasNext()) {
                    AuthKeyData next = it2.next();
                    if (!next.mAlias.isEmpty()) {
                        keyStore.deleteEntry(next.mAlias);
                    }
                    if (!next.mPendingAlias.isEmpty()) {
                        keyStore.deleteEntry(next.mPendingAlias);
                    }
                }
            } catch (KeyStoreException e) {
                throw new RuntimeException("Error deleting key", e);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e8) {
            throw new RuntimeException("Error loading keystore", e8);
        }
    }

    public AccessControlProfile getAccessControlProfile(AccessControlProfileId accessControlProfileId) {
        AccessControlProfile accessControlProfile = this.mProfileIdToAcpMap.get(Integer.valueOf(accessControlProfileId.getId()));
        if (accessControlProfile != null) {
            return accessControlProfile;
        }
        StringBuilder j7 = defpackage.c.j("No profile with id ");
        j7.append(accessControlProfileId.getId());
        throw new RuntimeException(j7.toString());
    }

    public Collection<AccessControlProfile> getAccessControlProfiles() {
        return this.mAccessControlProfiles;
    }

    public int getAuthKeyCount() {
        return this.mAuthKeyCount;
    }

    public int[] getAuthKeyUseCounts() {
        int[] iArr = new int[this.mAuthKeyCount];
        Iterator<AuthKeyData> it = this.mAuthKeyDatas.iterator();
        int i7 = 0;
        while (it.hasNext()) {
            iArr[i7] = it.next().mUseCount;
            i7++;
        }
        return iArr;
    }

    public Collection<X509Certificate> getAuthKeysNeedingCertification() {
        try {
            KeyStore.getInstance("AndroidKeyStore").load(null);
            ArrayList arrayList = new ArrayList();
            Calendar calendar = Calendar.getInstance();
            for (int i7 = 0; i7 < this.mAuthKeyCount; i7++) {
                AuthKeyData authKeyData = this.mAuthKeyDatas.get(i7);
                boolean z7 = true;
                boolean z8 = authKeyData.mUseCount >= this.mAuthMaxUsesPerKey;
                Calendar calendar2 = authKeyData.mExpirationDate;
                boolean z9 = authKeyData.mAlias.isEmpty() || z8 || (calendar2 != null ? calendar.after(calendar2) : false);
                boolean z10 = !authKeyData.mPendingAlias.isEmpty();
                if (!z9 || z10) {
                    z7 = z10;
                } else {
                    try {
                        String str = this.mCredentialKeyAlias + String.format("_auth_%d", Integer.valueOf(i7));
                        if (str.equals(authKeyData.mAlias)) {
                            str = str + Constants.UNDER_SCORE;
                        }
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
                        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 12).setDigests(AppAuthenticator.DEFAULT_DIGEST_ALGORITHM, "SHA-512").build());
                        keyPairGenerator.generateKeyPair();
                        X509Certificate generateAuthenticationKeyCert = Util.generateAuthenticationKeyCert(str, this.mCredentialKeyAlias, this.mProofOfProvisioningSha256);
                        authKeyData.mPendingAlias = str;
                        authKeyData.mPendingCertificate = generateAuthenticationKeyCert.getEncoded();
                    } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException | CertificateEncodingException e) {
                        throw new RuntimeException("Error creating auth key", e);
                    }
                }
                if (z7) {
                    try {
                        arrayList.add((X509Certificate) CertificateFactory.getInstance(com.huawei.hms.feature.dynamic.f.e.f3569b).generateCertificate(new ByteArrayInputStream(authKeyData.mPendingCertificate)));
                    } catch (CertificateException e8) {
                        throw new RuntimeException("Error creating certificate for auth key", e8);
                    }
                }
            }
            saveToDisk();
            return arrayList;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e9) {
            throw new RuntimeException("Error loading keystore", e9);
        }
    }

    public int getAuthMaxUsesPerKey() {
        return this.mAuthMaxUsesPerKey;
    }

    public String getCredentialKeyAlias() {
        return this.mCredentialKeyAlias;
    }

    public Collection<X509Certificate> getCredentialKeyCertificateChain() {
        return this.mCertificateChain;
    }

    public PrivateKey getCredentialKeyPrivate() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return ((KeyStore.PrivateKeyEntry) keyStore.getEntry(this.mCredentialKeyAlias, null)).getPrivateKey();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            throw new RuntimeException("Error loading keystore", e);
        }
    }

    public String getDocType() {
        return this.mDocType;
    }

    public Collection<PersonalizationData.NamespaceData> getNamespaceDatas() {
        return this.mNamespaceDatas;
    }

    public String getPerReaderSessionKeyAlias() {
        return this.mPerReaderSessionKeyAlias;
    }

    public PersonalizationData.NamespaceData lookupNamespaceData(String str) {
        Iterator<PersonalizationData.NamespaceData> it = this.mNamespaceDatas.iterator();
        while (it.hasNext()) {
            PersonalizationData.NamespaceData next = it.next();
            if (next.getNamespaceName().equals(str)) {
                return next;
            }
        }
        return null;
    }

    /* JADX WARN: Type inference failed for: r1v1, types: [java.util.List<j.e>, java.util.LinkedList] */
    @NonNull
    public byte[] proveOwnership(@NonNull byte[] bArr) {
        PrivateKey credentialKeyPrivate = getCredentialKeyPrivate();
        a aVar = new a();
        b<a> d = aVar.d();
        d.e("ProofOfOwnership");
        d.e(this.mDocType);
        d.f(bArr);
        d.c();
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new c(byteArrayOutputStream).a((e) aVar.f12330b.get(0));
            return Util.cborEncode(Util.coseSign1Sign(credentialKeyPrivate, byteArrayOutputStream.toByteArray(), (byte[]) null, (Collection<X509Certificate>) null));
        } catch (CborException | InvalidKeyException | NoSuchAlgorithmException | CertificateEncodingException e) {
            throw new RuntimeException("Error building ProofOfOwnership", e);
        }
    }

    public Pair<PrivateKey, byte[]> selectAuthenticationKey(boolean z7, boolean z8) {
        Pair<PrivateKey, byte[]> selectAuthenticationKeyHelper = selectAuthenticationKeyHelper(z7, false);
        if (selectAuthenticationKeyHelper != null) {
            return selectAuthenticationKeyHelper;
        }
        if (z8) {
            return selectAuthenticationKeyHelper(z7, true);
        }
        return null;
    }

    public Pair<PrivateKey, byte[]> selectAuthenticationKeyHelper(boolean z7, boolean z8) {
        Calendar calendar;
        Calendar calendar2 = Calendar.getInstance();
        AuthKeyData authKeyData = null;
        for (int i7 = 0; i7 < this.mAuthKeyCount; i7++) {
            AuthKeyData authKeyData2 = this.mAuthKeyDatas.get(i7);
            if (!authKeyData2.mAlias.isEmpty() && (((calendar = authKeyData2.mExpirationDate) == null || !calendar2.after(calendar) || z8) && (authKeyData == null || authKeyData2.mUseCount < authKeyData.mUseCount))) {
                authKeyData = authKeyData2;
            }
        }
        if (authKeyData == null) {
            return null;
        }
        if (authKeyData.mUseCount >= this.mAuthMaxUsesPerKey && !z7) {
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Pair<PrivateKey, byte[]> pair = new Pair<>(((KeyStore.PrivateKeyEntry) keyStore.getEntry(authKeyData.mAlias, null)).getPrivateKey(), authKeyData.mStaticAuthenticationData);
            authKeyData.mUseCount++;
            saveToDisk();
            return pair;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            throw new RuntimeException("Error loading keystore", e);
        }
    }

    public void setAvailableAuthenticationKeys(int i7, int i8) {
        int i9 = this.mAuthKeyCount;
        this.mAuthKeyCount = i7;
        this.mAuthMaxUsesPerKey = i8;
        if (i9 < i7) {
            while (i9 < this.mAuthKeyCount) {
                this.mAuthKeyDatas.add(new AuthKeyData());
                i9++;
            }
        } else if (i9 > i7) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                int i10 = i9 - this.mAuthKeyCount;
                for (int i11 = 0; i11 < i10; i11++) {
                    AuthKeyData authKeyData = this.mAuthKeyDatas.get(0);
                    if (!authKeyData.mAlias.isEmpty()) {
                        try {
                            if (keyStore.containsAlias(authKeyData.mAlias)) {
                                keyStore.deleteEntry(authKeyData.mAlias);
                            }
                        } catch (KeyStoreException e) {
                            StringBuilder j7 = defpackage.c.j("Error deleting auth key with mAlias ");
                            j7.append(authKeyData.mAlias);
                            throw new RuntimeException(j7.toString(), e);
                        }
                    }
                    if (!authKeyData.mPendingAlias.isEmpty()) {
                        try {
                            if (keyStore.containsAlias(authKeyData.mPendingAlias)) {
                                keyStore.deleteEntry(authKeyData.mPendingAlias);
                            }
                        } catch (KeyStoreException e8) {
                            StringBuilder j8 = defpackage.c.j("Error deleting auth key with mPendingAlias ");
                            j8.append(authKeyData.mPendingAlias);
                            throw new RuntimeException(j8.toString(), e8);
                        }
                    }
                    this.mAuthKeyDatas.remove(0);
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e9) {
                throw new RuntimeException("Error loading keystore", e9);
            }
        }
        saveToDisk();
    }

    public void storeStaticAuthenticationData(X509Certificate x509Certificate, Calendar calendar, byte[] bArr) throws UnknownAuthenticationKeyException {
        AuthKeyData authKeyData;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance(com.huawei.hms.feature.dynamic.f.e.f3569b);
            Iterator<AuthKeyData> it = this.mAuthKeyDatas.iterator();
            while (true) {
                if (!it.hasNext()) {
                    authKeyData = null;
                    break;
                }
                authKeyData = it.next();
                if (authKeyData.mPendingCertificate.length > 0 && ((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(authKeyData.mPendingCertificate))).equals(x509Certificate)) {
                    break;
                }
            }
            if (authKeyData == null) {
                throw new UnknownAuthenticationKeyException("No such authentication key");
            }
            if (!authKeyData.mAlias.isEmpty()) {
                try {
                    KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                    keyStore.load(null);
                    if (keyStore.containsAlias(authKeyData.mAlias)) {
                        keyStore.deleteEntry(authKeyData.mAlias);
                    }
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                    throw new RuntimeException("Error deleting old authentication key", e);
                }
            }
            authKeyData.mAlias = authKeyData.mPendingAlias;
            authKeyData.mCertificate = authKeyData.mPendingCertificate;
            authKeyData.mStaticAuthenticationData = bArr;
            authKeyData.mUseCount = 0;
            authKeyData.mPendingAlias = "";
            authKeyData.mPendingCertificate = new byte[0];
            authKeyData.mExpirationDate = calendar;
            saveToDisk();
        } catch (CertificateException e8) {
            throw new RuntimeException("Error encoding certificate", e8);
        }
    }
}
