package androidx.security.identity;

import android.content.Context;
import android.icu.util.Calendar;
import android.util.Pair;
import androidx.biometric.BiometricPrompt;
import androidx.security.identity.i1;
import androidx.security.identity.l1;
import co.nstant.in.cbor.CborException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECPoint;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: SoftwareIdentityCredential.java */
/* loaded from: classes.dex */
class m1 extends f1 {

    /* renamed from: r, reason: collision with root package name */
    private static final String f12356r = "SWIdentityCredential";

    /* renamed from: a, reason: collision with root package name */
    private String f12357a;

    /* renamed from: b, reason: collision with root package name */
    private Context f12358b;

    /* renamed from: c, reason: collision with root package name */
    private h f12359c;

    /* renamed from: g, reason: collision with root package name */
    private int f12363g;

    /* renamed from: h, reason: collision with root package name */
    private int f12364h;

    /* renamed from: d, reason: collision with root package name */
    private KeyPair f12360d = null;

    /* renamed from: e, reason: collision with root package name */
    private SecretKey f12361e = null;

    /* renamed from: f, reason: collision with root package name */
    private SecretKey f12362f = null;

    /* renamed from: i, reason: collision with root package name */
    private byte[] f12365i = null;

    /* renamed from: j, reason: collision with root package name */
    private PrivateKey f12366j = null;

    /* renamed from: k, reason: collision with root package name */
    private BiometricPrompt.c f12367k = null;

    /* renamed from: l, reason: collision with root package name */
    private PublicKey f12368l = null;

    /* renamed from: m, reason: collision with root package name */
    private byte[] f12369m = null;

    /* renamed from: n, reason: collision with root package name */
    boolean f12370n = true;

    /* renamed from: o, reason: collision with root package name */
    boolean f12371o = false;

    /* renamed from: p, reason: collision with root package name */
    private boolean f12372p = false;

    /* renamed from: q, reason: collision with root package name */
    private boolean f12373q = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    public m1(Context context, String str, int i10) throws CipherSuiteNotSupportedException {
        if (i10 != 1) {
            throw new CipherSuiteNotSupportedException("Unsupported Cipher Suite");
        }
        this.f12358b = context;
        this.f12357a = str;
    }

    private boolean A(@androidx.annotation.o0 byte[] bArr) {
        KeyPair keyPair = this.f12360d;
        if (keyPair == null) {
            return false;
        }
        ECPoint w9 = ((ECPublicKey) keyPair.getPublic()).getW();
        return a2.P(bArr, a2.X(w9.getAffineX().toByteArray())) || a2.P(bArr, a2.X(w9.getAffineY().toByteArray()));
    }

    private static HashMap<String, Collection<String>> C(@androidx.annotation.q0 byte[] bArr) {
        HashMap<String, Collection<String>> hashMap = new HashMap<>();
        if (bArr == null) {
            return hashMap;
        }
        try {
            List<co.nstant.in.cbor.model.f> a10 = new co.nstant.in.cbor.b(new ByteArrayInputStream(bArr)).a();
            if (a10.size() != 1) {
                throw new RuntimeException("Expected 1 item, found " + a10.size());
            }
            if (!(a10.get(0) instanceof co.nstant.in.cbor.model.k)) {
                throw new RuntimeException("Item is not a map");
            }
            co.nstant.in.cbor.model.f j10 = ((co.nstant.in.cbor.model.k) a10.get(0)).j(new co.nstant.in.cbor.model.u("nameSpaces"));
            if (!(j10 instanceof co.nstant.in.cbor.model.k)) {
                throw new RuntimeException("nameSpaces entry not found or not map");
            }
            for (co.nstant.in.cbor.model.f fVar : ((co.nstant.in.cbor.model.k) j10).k()) {
                if (!(fVar instanceof co.nstant.in.cbor.model.u)) {
                    throw new RuntimeException("Key item in NameSpaces map not UnicodeString");
                }
                String j11 = ((co.nstant.in.cbor.model.u) fVar).j();
                ArrayList arrayList = new ArrayList();
                co.nstant.in.cbor.model.f j12 = ((co.nstant.in.cbor.model.k) j10).j(fVar);
                if (!(j12 instanceof co.nstant.in.cbor.model.k)) {
                    throw new RuntimeException("Value item in NameSpaces map not Map");
                }
                for (co.nstant.in.cbor.model.f fVar2 : ((co.nstant.in.cbor.model.k) j12).k()) {
                    if (!(fVar2 instanceof co.nstant.in.cbor.model.u)) {
                        throw new RuntimeException("Item in nameSpaces array not UnicodeString");
                    }
                    arrayList.add(((co.nstant.in.cbor.model.u) fVar2).j());
                }
                hashMap.put(j11, arrayList);
            }
            return hashMap;
        } catch (CborException e10) {
            throw new RuntimeException("Error decoding request message", e10);
        }
    }

    private void D(byte[] bArr, HashMap<String, Collection<String>> hashMap, Collection<X509Certificate> collection, Map<String, Collection<String>> map, l1.a aVar, co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> dVar) {
        for (String str : map.keySet()) {
            E(aVar, dVar, map.get(str), bArr, hashMap.get(str), collection, str, this.f12359c.L(str));
        }
    }

    private void E(l1.a aVar, co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> dVar, Collection<String> collection, byte[] bArr, Collection<String> collection2, Collection<X509Certificate> collection3, String str, i1.c cVar) {
        co.nstant.in.cbor.builder.d<co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a>> dVar2 = null;
        for (String str2 : collection) {
            byte[] c10 = cVar != null ? cVar.c(str2) : null;
            if (c10 == null) {
                aVar.b(str, str2, 1);
            } else if (bArr == null || (collection2 != null && collection2.contains(str2))) {
                int s10 = s(cVar.a(str2), collection3);
                if (s10 != 0) {
                    aVar.b(str, str2, s10);
                } else {
                    aVar.a(str, str2, c10);
                    if (dVar2 == null) {
                        dVar2 = dVar.G(str);
                    }
                    dVar2.u(new co.nstant.in.cbor.model.u(str2), a2.i(c10));
                }
            } else {
                aVar.b(str, str2, 3);
            }
        }
    }

    private int s(Collection<b> collection, Collection<X509Certificate> collection2) {
        Iterator<b> it = collection.iterator();
        int i10 = 6;
        while (it.hasNext()) {
            i10 = t(this.f12359c.l(it.next()), collection2);
            if (i10 == 0) {
                break;
            }
        }
        return i10;
    }

    private int t(a aVar, Collection<X509Certificate> collection) {
        boolean z9;
        if (aVar.d() && !this.f12359c.b(aVar.a(), v())) {
            return 4;
        }
        X509Certificate b10 = aVar.b();
        if (b10 != null) {
            if (collection == null) {
                return 5;
            }
            byte[] encoded = b10.getPublicKey().getEncoded();
            Iterator<X509Certificate> it = collection.iterator();
            while (true) {
                if (!it.hasNext()) {
                    z9 = false;
                    break;
                }
                if (Arrays.equals(encoded, it.next().getPublicKey().getEncoded())) {
                    z9 = true;
                    break;
                }
            }
            if (!z9) {
                return 5;
            }
        }
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] u(Context context, String str) {
        return h.g(context, str, null);
    }

    private boolean v() {
        if (!this.f12373q) {
            this.f12372p = w();
            this.f12373q = true;
        }
        return this.f12372p;
    }

    private boolean w() {
        BiometricPrompt.c cVar = this.f12367k;
        if (cVar == null) {
            return false;
        }
        try {
            cVar.a().doFinal(new byte[16]);
            return true;
        } catch (BadPaddingException | IllegalBlockSizeException unused) {
            return false;
        }
    }

    private void x() throws NoAuthenticationKeyAvailableException {
        if (this.f12366j != null) {
            return;
        }
        Pair<PrivateKey, byte[]> V = this.f12359c.V(this.f12370n, this.f12371o);
        if (V == null) {
            throw new NoAuthenticationKeyAvailableException("No authentication key available for signing");
        }
        this.f12366j = (PrivateKey) V.first;
        this.f12365i = (byte[]) V.second;
    }

    private void y() {
        String B = this.f12359c.B();
        if (B.isEmpty()) {
            return;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f39613b);
            keyStore.load(null);
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) keyStore.getEntry(B, null)).getSecretKey();
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKey);
            this.f12367k = new BiometricPrompt.c(cipher);
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | NoSuchPaddingException e10) {
            throw new RuntimeException("Error creating Cipher for perReaderSessionKey", e10);
        }
    }

    private void z() {
        if (this.f12361e != null) {
            return;
        }
        if (this.f12368l == null) {
            throw new RuntimeException("Reader ephemeral key not set");
        }
        if (this.f12369m == null) {
            throw new RuntimeException("Session transcript not set");
        }
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
            keyAgreement.init(this.f12360d.getPrivate());
            keyAgreement.doPhase(this.f12368l, true);
            byte[] generateSecret = keyAgreement.generateSecret();
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(a2.o(a2.h(this.f12369m)));
            this.f12361e = new SecretKeySpec(a2.y("HmacSha256", generateSecret, digest, new byte[]{83, 75, 68, 101, 118, 105, 99, 101}, 32), "AES");
            this.f12362f = new SecretKeySpec(a2.y("HmacSha256", generateSecret, digest, new byte[]{83, 75, 82, 101, 97, 100, 101, 114}, 32), "AES");
            this.f12363g = 1;
            this.f12364h = 1;
        } catch (InvalidKeyException | NoSuchAlgorithmException e10) {
            throw new RuntimeException("Error performing key agreement", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean B() {
        h F = h.F(this.f12358b, this.f12357a);
        this.f12359c = F;
        return F != null;
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public KeyPair a() {
        if (this.f12360d == null) {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
                keyPairGenerator.initialize(new ECGenParameterSpec("prime256v1"));
                this.f12360d = keyPairGenerator.generateKeyPair();
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e10) {
                throw new RuntimeException("Error generating ephemeral key", e10);
            }
        }
        return this.f12360d;
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public byte[] b(@androidx.annotation.o0 byte[] bArr) throws MessageDecryptionException {
        z();
        ByteBuffer allocate = ByteBuffer.allocate(12);
        allocate.putInt(0, 0);
        allocate.putInt(4, 0);
        allocate.putInt(8, this.f12364h);
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, this.f12362f, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.f12364h++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e10) {
            throw new MessageDecryptionException("Error decrypting message", e10);
        }
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public byte[] c(@androidx.annotation.o0 byte[] bArr) {
        return h.g(this.f12358b, this.f12357a, bArr);
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public byte[] d(@androidx.annotation.o0 byte[] bArr) {
        z();
        try {
            ByteBuffer allocate = ByteBuffer.allocate(12);
            allocate.putInt(0, 0);
            allocate.putInt(4, 1);
            allocate.putInt(8, this.f12363g);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, this.f12361e, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.f12363g++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e10) {
            throw new RuntimeException("Error encrypting message", e10);
        }
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public Collection<X509Certificate> e() {
        return this.f12359c.s();
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public int[] f() {
        return this.f12359c.r();
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public Collection<X509Certificate> g() {
        return this.f12359c.v();
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.q0
    public BiometricPrompt.c h() {
        y();
        return this.f12367k;
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public j1 i(@androidx.annotation.q0 byte[] bArr, @androidx.annotation.o0 Map<String, Collection<String>> map, @androidx.annotation.q0 byte[] bArr2) throws NoAuthenticationKeyAvailableException, InvalidReaderSignatureException, InvalidRequestMessageException, EphemeralPublicKeyNotFoundException {
        Collection<X509Certificate> collection;
        byte[] bArr3 = this.f12369m;
        if (bArr3 != null && !A(bArr3)) {
            throw new EphemeralPublicKeyNotFoundException("Did not find ephemeral public key X and Y coordinates in SessionTranscript (make sure leading zeroes are not used)");
        }
        HashMap<String, Collection<String>> C = C(bArr);
        if (bArr2 == null) {
            collection = null;
        } else {
            if (this.f12369m == null) {
                throw new InvalidReaderSignatureException("readerSignature non-null but sessionTranscript was null");
            }
            if (bArr == null) {
                throw new InvalidReaderSignatureException("readerSignature non-null but requestMessage was null");
            }
            Collection<X509Certificate> F = a2.F(a2.i(bArr2));
            if (F.size() < 1) {
                throw new InvalidReaderSignatureException("No x5chain element in reader signature");
            }
            if (!a2.Z(F)) {
                throw new InvalidReaderSignatureException("Error validating certificate chain");
            }
            if (!a2.D(a2.i(bArr2), a2.o(a2.h(a2.o(new co.nstant.in.cbor.a().v().r("ReaderAuthentication").q(a2.i(this.f12369m)).q(a2.h(bArr)).w().y().get(0)))), F.iterator().next().getPublicKey())) {
                throw new InvalidReaderSignatureException("Reader signature check failed");
            }
            collection = F;
        }
        l1.a aVar = new l1.a();
        co.nstant.in.cbor.a aVar2 = new co.nstant.in.cbor.a();
        D(bArr, C, collection, map, aVar, aVar2.w());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            new co.nstant.in.cbor.c(byteArrayOutputStream).a(aVar2.y().get(0));
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            aVar.e(byteArray);
            if (this.f12369m != null) {
                x();
                aVar.h(this.f12365i);
                byte[] o10 = a2.o(a2.h(a2.o(new co.nstant.in.cbor.a().v().r("DeviceAuthentication").q(a2.i(this.f12369m)).r(this.f12359c.y()).q(a2.h(byteArray)).w().y().get(0))));
                try {
                    Signature signature = Signature.getInstance("SHA256withECDSA");
                    signature.initSign(this.f12366j);
                    aVar.f(a2.o(a2.H(signature, null, o10, null)));
                } catch (InvalidKeyException | NoSuchAlgorithmException | CertificateEncodingException e10) {
                    throw new RuntimeException("Error signing DeviceAuthentication CBOR", e10);
                }
            }
            return aVar.c();
        } catch (CborException e11) {
            throw new RuntimeException("Error encoding deviceNameSpace", e11);
        }
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public byte[] j(@androidx.annotation.o0 byte[] bArr) {
        return this.f12359c.M(bArr);
    }

    @Override // androidx.security.identity.f1
    public void k(boolean z9) {
        this.f12370n = z9;
    }

    @Override // androidx.security.identity.f1
    public void l(boolean z9) {
        this.f12371o = z9;
    }

    @Override // androidx.security.identity.f1
    public void m(int i10, int i11) {
        this.f12359c.X(i10, i11);
    }

    @Override // androidx.security.identity.f1
    public void n(@androidx.annotation.o0 PublicKey publicKey) {
        this.f12368l = publicKey;
    }

    @Override // androidx.security.identity.f1
    public void o(@androidx.annotation.o0 byte[] bArr) {
        if (this.f12369m != null) {
            throw new RuntimeException("SessionTranscript already set");
        }
        this.f12369m = (byte[]) bArr.clone();
    }

    @Override // androidx.security.identity.f1
    public void p(@androidx.annotation.o0 X509Certificate x509Certificate, @androidx.annotation.o0 Calendar calendar, @androidx.annotation.o0 byte[] bArr) throws UnknownAuthenticationKeyException {
        this.f12359c.Y(x509Certificate, calendar, bArr);
    }

    @Override // androidx.security.identity.f1
    public void q(@androidx.annotation.o0 X509Certificate x509Certificate, @androidx.annotation.o0 byte[] bArr) throws UnknownAuthenticationKeyException {
        this.f12359c.Y(x509Certificate, null, bArr);
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public byte[] r(@androidx.annotation.o0 i1 i1Var) {
        try {
            String y9 = this.f12359c.y();
            Collection<X509Certificate> v9 = this.f12359c.v();
            PrivateKey w9 = this.f12359c.w();
            int q10 = this.f12359c.q();
            int t9 = this.f12359c.t();
            co.nstant.in.cbor.model.f c10 = p1.c(y9, i1Var, w9);
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(a2.E(c10));
            this.f12359c.h();
            Context context = this.f12358b;
            String str = this.f12357a;
            h d10 = h.d(context, y9, str, h.p(str), v9, i1Var, digest, true);
            this.f12359c = d10;
            d10.X(q10, t9);
            return a2.o(c10);
        } catch (NoSuchAlgorithmException e10) {
            throw new RuntimeException("Error digesting ProofOfProvisioning", e10);
        }
    }
}
