package androidx.security.identity;

import android.content.Context;
import android.icu.util.Calendar;
import android.security.keystore.KeyGenParameterSpec;
import android.util.AtomicFile;
import android.util.Log;
import android.util.Pair;
import androidx.security.identity.i1;
import co.nstant.in.cbor.CborException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.AbstractList;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: CredentialData.java */
/* loaded from: classes.dex */
public class h {

    /* renamed from: o, reason: collision with root package name */
    private static final String f12126o = "CredentialData";

    /* renamed from: a, reason: collision with root package name */
    private Context f12127a;

    /* renamed from: b, reason: collision with root package name */
    private String f12128b;

    /* renamed from: m, reason: collision with root package name */
    private AbstractMap<Integer, String> f12139m;

    /* renamed from: c, reason: collision with root package name */
    private String f12129c = "";

    /* renamed from: d, reason: collision with root package name */
    private String f12130d = "";

    /* renamed from: e, reason: collision with root package name */
    private Collection<X509Certificate> f12131e = null;

    /* renamed from: f, reason: collision with root package name */
    private byte[] f12132f = null;

    /* renamed from: g, reason: collision with root package name */
    private AbstractList<androidx.security.identity.a> f12133g = new ArrayList();

    /* renamed from: h, reason: collision with root package name */
    private AbstractMap<Integer, androidx.security.identity.a> f12134h = new HashMap();

    /* renamed from: i, reason: collision with root package name */
    private AbstractList<i1.c> f12135i = new ArrayList();

    /* renamed from: j, reason: collision with root package name */
    private int f12136j = 0;

    /* renamed from: k, reason: collision with root package name */
    private int f12137k = 1;

    /* renamed from: l, reason: collision with root package name */
    private String f12138l = "";

    /* renamed from: n, reason: collision with root package name */
    private AbstractList<a> f12140n = new ArrayList();

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: CredentialData.java */
    /* loaded from: classes.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        String f12141a = "";

        /* renamed from: b, reason: collision with root package name */
        byte[] f12142b = new byte[0];

        /* renamed from: c, reason: collision with root package name */
        byte[] f12143c = new byte[0];

        /* renamed from: d, reason: collision with root package name */
        int f12144d = 0;

        /* renamed from: e, reason: collision with root package name */
        String f12145e = "";

        /* renamed from: f, reason: collision with root package name */
        byte[] f12146f = new byte[0];

        /* renamed from: g, reason: collision with root package name */
        Calendar f12147g = null;

        a() {
        }
    }

    private h(Context context, String str) {
        this.f12127a = context;
        this.f12128b = str;
    }

    private void C(co.nstant.in.cbor.model.k kVar) {
        co.nstant.in.cbor.model.f j10 = kVar.j(new co.nstant.in.cbor.model.u("accessControlProfiles"));
        if (!(j10 instanceof co.nstant.in.cbor.model.c)) {
            throw new RuntimeException("accessControlProfiles not found or not array");
        }
        this.f12133g = new ArrayList();
        this.f12134h = new HashMap();
        Iterator<co.nstant.in.cbor.model.f> it = ((co.nstant.in.cbor.model.c) j10).k().iterator();
        while (it.hasNext()) {
            androidx.security.identity.a a10 = a2.a(it.next());
            this.f12133g.add(a10);
            this.f12134h.put(Integer.valueOf(a10.a().a()), a10);
        }
    }

    private void D(co.nstant.in.cbor.model.k kVar) {
        long j10;
        Calendar calendar;
        this.f12138l = ((co.nstant.in.cbor.model.u) kVar.j(new co.nstant.in.cbor.model.u("perReaderSessionKeyAlias"))).j();
        co.nstant.in.cbor.model.f j11 = kVar.j(new co.nstant.in.cbor.model.u("acpTimeoutKeyMap"));
        if (!(j11 instanceof co.nstant.in.cbor.model.k)) {
            throw new RuntimeException("acpTimeoutKeyMap not found or not map");
        }
        this.f12139m = new HashMap();
        co.nstant.in.cbor.model.k kVar2 = (co.nstant.in.cbor.model.k) j11;
        for (co.nstant.in.cbor.model.f fVar : kVar2.k()) {
            if (!(fVar instanceof co.nstant.in.cbor.model.v)) {
                throw new RuntimeException("Key in acpTimeoutKeyMap is not an integer");
            }
            int intValue = ((co.nstant.in.cbor.model.v) fVar).h().intValue();
            co.nstant.in.cbor.model.f j12 = kVar2.j(fVar);
            if (!(j12 instanceof co.nstant.in.cbor.model.u)) {
                throw new RuntimeException("Item in acpTimeoutKeyMap is not a string");
            }
            this.f12139m.put(Integer.valueOf(intValue), ((co.nstant.in.cbor.model.u) j12).j());
        }
        this.f12136j = ((co.nstant.in.cbor.model.m) kVar.j(new co.nstant.in.cbor.model.u("authKeyCount"))).h().intValue();
        this.f12137k = ((co.nstant.in.cbor.model.m) kVar.j(new co.nstant.in.cbor.model.u("authKeyMaxUses"))).h().intValue();
        co.nstant.in.cbor.model.f j13 = kVar.j(new co.nstant.in.cbor.model.u("authKeyDatas"));
        if (!(j13 instanceof co.nstant.in.cbor.model.c)) {
            throw new RuntimeException("authKeyDatas not found or not array");
        }
        this.f12140n = new ArrayList();
        for (co.nstant.in.cbor.model.f fVar2 : ((co.nstant.in.cbor.model.c) j13).k()) {
            a aVar = new a();
            co.nstant.in.cbor.model.k kVar3 = (co.nstant.in.cbor.model.k) fVar2;
            aVar.f12141a = ((co.nstant.in.cbor.model.u) kVar3.j(new co.nstant.in.cbor.model.u("alias"))).j();
            aVar.f12144d = ((co.nstant.in.cbor.model.m) kVar3.j(new co.nstant.in.cbor.model.u("useCount"))).h().intValue();
            aVar.f12142b = ((co.nstant.in.cbor.model.d) kVar3.j(new co.nstant.in.cbor.model.u("certificate"))).j();
            aVar.f12143c = ((co.nstant.in.cbor.model.d) kVar3.j(new co.nstant.in.cbor.model.u("staticAuthenticationData"))).j();
            aVar.f12145e = ((co.nstant.in.cbor.model.u) kVar3.j(new co.nstant.in.cbor.model.u("pendingAlias"))).j();
            aVar.f12146f = ((co.nstant.in.cbor.model.d) kVar3.j(new co.nstant.in.cbor.model.u("pendingCertificate"))).j();
            co.nstant.in.cbor.model.f j14 = kVar3.j(new co.nstant.in.cbor.model.u("expirationDateMillis"));
            if (j14 == null) {
                j10 = Long.MAX_VALUE;
            } else {
                if (!(j14 instanceof co.nstant.in.cbor.model.m)) {
                    throw new RuntimeException("expirationDateMillis not a number");
                }
                j10 = ((co.nstant.in.cbor.model.m) j14).h().longValue();
            }
            calendar = Calendar.getInstance();
            calendar.setTimeInMillis(j10);
            aVar.f12147g = calendar;
            this.f12140n.add(aVar);
        }
    }

    private void E(co.nstant.in.cbor.model.k kVar) {
        this.f12129c = ((co.nstant.in.cbor.model.u) kVar.j(new co.nstant.in.cbor.model.u("docType"))).j();
        this.f12130d = ((co.nstant.in.cbor.model.u) kVar.j(new co.nstant.in.cbor.model.u("credentialKeyAlias"))).j();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static h F(Context context, String str) {
        h hVar = new h(context, str);
        if (hVar.H(x(str))) {
            return hVar;
        }
        return null;
    }

    private void G(co.nstant.in.cbor.model.k kVar) {
        co.nstant.in.cbor.model.f j10 = kVar.j(new co.nstant.in.cbor.model.u("credentialKeyCertChain"));
        if (!(j10 instanceof co.nstant.in.cbor.model.c)) {
            throw new RuntimeException("credentialKeyCertChain not found or not array");
        }
        this.f12131e = new ArrayList();
        Iterator<co.nstant.in.cbor.model.f> it = ((co.nstant.in.cbor.model.c) j10).k().iterator();
        while (it.hasNext()) {
            byte[] j11 = ((co.nstant.in.cbor.model.d) it.next()).j();
            try {
                this.f12131e.add((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(j11)));
            } catch (CertificateException e10) {
                throw new RuntimeException("Error decoding certificate blob", e10);
            }
        }
    }

    private boolean H(String str) {
        try {
            try {
                List<co.nstant.in.cbor.model.f> a10 = new co.nstant.in.cbor.b(new ByteArrayInputStream(I(str, new AtomicFile(this.f12127a.getFileStreamPath(z(this.f12128b))).readFully()))).a();
                if (a10.size() != 1) {
                    throw new RuntimeException("Expected 1 item, found " + a10.size());
                }
                if (!(a10.get(0) instanceof co.nstant.in.cbor.model.k)) {
                    throw new RuntimeException("Item is not a map");
                }
                co.nstant.in.cbor.model.k kVar = (co.nstant.in.cbor.model.k) a10.get(0);
                E(kVar);
                G(kVar);
                K(kVar);
                C(kVar);
                J(kVar);
                D(kVar);
                return true;
            } catch (CborException e10) {
                throw new RuntimeException("Error decoding data", e10);
            }
        } catch (Exception unused) {
            return false;
        }
    }

    private byte[] I(String str, byte[] bArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f38680b);
            keyStore.load(null);
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) keyStore.getEntry(str, null)).getSecretKey();
            if (bArr.length < 12) {
                throw new RuntimeException("Encrypted CBOR on disk is too small");
            }
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            byte[] bArr2 = new byte[12];
            wrap.get(bArr2);
            byte[] bArr3 = new byte[bArr.length - 12];
            wrap.get(bArr3);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, secretKey, new GCMParameterSpec(128, bArr2));
            return cipher.doFinal(bArr3);
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e10) {
            throw new RuntimeException("Error decrypting CBOR", e10);
        }
    }

    private void J(co.nstant.in.cbor.model.k kVar) {
        co.nstant.in.cbor.model.f j10 = kVar.j(new co.nstant.in.cbor.model.u("namespaceDatas"));
        if (!(j10 instanceof co.nstant.in.cbor.model.k)) {
            throw new RuntimeException("namespaceDatas not found or not map");
        }
        this.f12135i = new ArrayList();
        co.nstant.in.cbor.model.k kVar2 = (co.nstant.in.cbor.model.k) j10;
        for (co.nstant.in.cbor.model.f fVar : kVar2.k()) {
            if (!(fVar instanceof co.nstant.in.cbor.model.u)) {
                throw new RuntimeException("Key in namespaceDatas is not a string");
            }
            this.f12135i.add(a2.R(((co.nstant.in.cbor.model.u) fVar).j(), kVar2.j(fVar)));
        }
    }

    private void K(co.nstant.in.cbor.model.k kVar) {
        co.nstant.in.cbor.model.f j10 = kVar.j(new co.nstant.in.cbor.model.u("proofOfProvisioningSha256"));
        if (!(j10 instanceof co.nstant.in.cbor.model.d)) {
            throw new RuntimeException("proofOfProvisioningSha256 not found or not bstr");
        }
        this.f12132f = ((co.nstant.in.cbor.model.d) j10).j();
    }

    private void N() {
        FileOutputStream fileOutputStream;
        co.nstant.in.cbor.a aVar = new co.nstant.in.cbor.a();
        co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> w10 = aVar.w();
        R(w10);
        P(w10);
        O(w10);
        U(w10);
        Q(w10);
        byte[] T = T(S(aVar));
        AtomicFile atomicFile = new AtomicFile(this.f12127a.getFileStreamPath(z(this.f12128b)));
        try {
            fileOutputStream = atomicFile.startWrite();
        } catch (IOException e10) {
            e = e10;
            fileOutputStream = null;
        }
        try {
            fileOutputStream.write(T);
            fileOutputStream.close();
            atomicFile.finishWrite(fileOutputStream);
        } catch (IOException e11) {
            e = e11;
            if (fileOutputStream != null) {
                atomicFile.failWrite(fileOutputStream);
            }
            throw new RuntimeException("Error writing data", e);
        }
    }

    private void O(co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> dVar) {
        co.nstant.in.cbor.builder.b<co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a>> D = dVar.D("accessControlProfiles");
        Iterator<androidx.security.identity.a> it = this.f12133g.iterator();
        while (it.hasNext()) {
            D.q(a2.b(it.next()));
        }
    }

    private void P(co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> dVar) {
        co.nstant.in.cbor.builder.b<co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a>> D = dVar.D("authKeyDatas");
        Iterator<a> it = this.f12140n.iterator();
        while (it.hasNext()) {
            a next = it.next();
            Calendar calendar = next.f12147g;
            D.v().y("alias", next.f12141a).x("useCount", next.f12144d).A("certificate", next.f12142b).A("staticAuthenticationData", next.f12143c).y("pendingAlias", next.f12145e).A("pendingCertificate", next.f12146f).x("expirationDateMillis", calendar != null ? calendar.getTimeInMillis() : Long.MAX_VALUE).n();
        }
    }

    private void Q(co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> dVar) {
        dVar.y("perReaderSessionKeyAlias", this.f12138l);
        co.nstant.in.cbor.builder.d<co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a>> G = dVar.G("acpTimeoutKeyMap");
        Iterator<Map.Entry<Integer, String>> it = this.f12139m.entrySet().iterator();
        while (it.hasNext()) {
            G.u(new co.nstant.in.cbor.model.v(r1.getKey().intValue()), new co.nstant.in.cbor.model.u(it.next().getValue()));
        }
    }

    private void R(co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> dVar) {
        dVar.y("docType", this.f12129c);
        dVar.y("credentialKeyAlias", this.f12130d);
        co.nstant.in.cbor.builder.b<co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a>> D = dVar.D("credentialKeyCertChain");
        Iterator<X509Certificate> it = this.f12131e.iterator();
        while (it.hasNext()) {
            try {
                D.t(it.next().getEncoded());
            } catch (CertificateEncodingException e10) {
                throw new RuntimeException("Error encoding certificate", e10);
            }
        }
        dVar.A("proofOfProvisioningSha256", this.f12132f);
        dVar.x("authKeyCount", this.f12136j);
        dVar.x("authKeyMaxUses", this.f12137k);
    }

    private byte[] S(co.nstant.in.cbor.a aVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            new co.nstant.in.cbor.c(byteArrayOutputStream).b(aVar.y());
            return byteArrayOutputStream.toByteArray();
        } catch (CborException e10) {
            throw new RuntimeException("Error encoding data", e10);
        }
    }

    private byte[] T(byte[] bArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f38680b);
            keyStore.load(null);
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) keyStore.getEntry(x(this.f12128b), null)).getSecretKey();
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKey);
            byte[] doFinal = cipher.doFinal(bArr);
            ByteBuffer allocate = ByteBuffer.allocate(doFinal.length + 12);
            allocate.put(cipher.getIV());
            allocate.put(doFinal);
            return allocate.array();
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e10) {
            throw new RuntimeException("Error encrypting CBOR for saving to disk", e10);
        }
    }

    private void U(co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> dVar) {
        co.nstant.in.cbor.builder.d<co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a>> G = dVar.G("namespaceDatas");
        Iterator<i1.c> it = this.f12135i.iterator();
        while (it.hasNext()) {
            i1.c next = it.next();
            G.u(new co.nstant.in.cbor.model.u(next.d()), a2.S(next));
        }
    }

    static byte[] a(String str, PrivateKey privateKey, byte[] bArr) {
        co.nstant.in.cbor.a aVar = new co.nstant.in.cbor.a();
        co.nstant.in.cbor.builder.b<co.nstant.in.cbor.a> v10 = aVar.v();
        v10.r("ProofOfDeletion").r(str);
        if (bArr != null) {
            v10.t(bArr);
        }
        v10.s(false);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new co.nstant.in.cbor.c(byteArrayOutputStream).a(aVar.y().get(0));
            return a2.o(a2.G(privateKey, byteArrayOutputStream.toByteArray(), null, null));
        } catch (CborException | InvalidKeyException | NoSuchAlgorithmException | CertificateEncodingException e10) {
            throw new RuntimeException("Error building ProofOfDeletion", e10);
        }
    }

    private boolean c(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f38680b);
            keyStore.load(null);
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) keyStore.getEntry(str, null)).getSecretKey();
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKey);
            cipher.doFinal(new byte[]{1, 2});
            return true;
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static h d(Context context, String str, String str2, String str3, Collection<X509Certificate> collection, i1 i1Var, byte[] bArr, boolean z10) {
        if (!z10 && f(context, str2)) {
            throw new RuntimeException("Credential with given name already exists");
        }
        h hVar = new h(context, str2);
        hVar.f12129c = str;
        hVar.f12130d = str3;
        hVar.f12131e = collection;
        hVar.f12132f = bArr;
        hVar.f12133g = new ArrayList();
        hVar.f12134h = new HashMap();
        for (androidx.security.identity.a aVar : i1Var.a()) {
            hVar.f12133g.add(aVar);
            hVar.f12134h.put(Integer.valueOf(aVar.a().a()), aVar);
        }
        ArrayList arrayList = new ArrayList();
        hVar.f12135i = arrayList;
        arrayList.addAll(i1Var.c());
        hVar.f12139m = new HashMap();
        for (androidx.security.identity.a aVar2 : i1Var.a()) {
            boolean d10 = aVar2.d();
            long c10 = aVar2.c();
            if (d10) {
                j(str2, hVar);
                i(str2, hVar, aVar2, c10);
            }
        }
        hVar.e();
        hVar.N();
        return hVar;
    }

    private void e() {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec build;
        try {
            String x10 = x(this.f12128b);
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", com.splashtop.remote.security.f.f38680b);
            blockModes = new KeyGenParameterSpec.Builder(x10, 3).setBlockModes("GCM");
            encryptionPaddings = blockModes.setEncryptionPaddings("NoPadding");
            keySize = encryptionPaddings.setKeySize(128);
            build = keySize.build();
            keyGenerator.init(build);
            keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e10) {
            throw new RuntimeException("Error creating data encryption key", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean f(Context context, String str) {
        try {
            new AtomicFile(context.getFileStreamPath(z(str))).openRead();
            return true;
        } catch (FileNotFoundException unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] g(Context context, String str, byte[] bArr) {
        h hVar;
        AtomicFile atomicFile = new AtomicFile(context.getFileStreamPath(z(str)));
        try {
            atomicFile.openRead();
            hVar = new h(context, str);
        } catch (FileNotFoundException unused) {
        }
        try {
            hVar.H(x(str));
            try {
                KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f38680b);
                keyStore.load(null);
                byte[] a10 = a(hVar.f12129c, ((KeyStore.PrivateKeyEntry) keyStore.getEntry(hVar.f12130d, null)).getPrivateKey(), bArr);
                atomicFile.delete();
                try {
                    keyStore.deleteEntry(hVar.f12130d);
                    if (!hVar.f12138l.isEmpty()) {
                        keyStore.deleteEntry(hVar.f12138l);
                    }
                    Iterator<String> it = hVar.f12139m.values().iterator();
                    while (it.hasNext()) {
                        keyStore.deleteEntry(it.next());
                    }
                    Iterator<a> it2 = hVar.f12140n.iterator();
                    while (it2.hasNext()) {
                        a next = it2.next();
                        if (!next.f12141a.isEmpty()) {
                            keyStore.deleteEntry(next.f12141a);
                        }
                        if (!next.f12145e.isEmpty()) {
                            keyStore.deleteEntry(next.f12145e);
                        }
                    }
                    return a10;
                } catch (KeyStoreException e10) {
                    throw new RuntimeException("Error deleting key", e10);
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e11) {
                throw new RuntimeException("Error loading keystore", e11);
            }
        } catch (RuntimeException unused2) {
            Log.e(f12126o, "Error parsing file on disk (old version?). Deleting anyway.");
            atomicFile.delete();
            return null;
        }
    }

    private static void i(String str, h hVar, androidx.security.identity.a aVar, long j10) {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder userAuthenticationRequired;
        KeyGenParameterSpec.Builder userAuthenticationValidityDurationSeconds;
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec build;
        if (j10 > 0) {
            int a10 = aVar.a().a();
            String o10 = o(str, a10);
            try {
                int i10 = (int) (j10 / 1000);
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", com.splashtop.remote.security.f.f38680b);
                blockModes = new KeyGenParameterSpec.Builder(o10, 3).setBlockModes("GCM");
                encryptionPaddings = blockModes.setEncryptionPaddings("NoPadding");
                userAuthenticationRequired = encryptionPaddings.setUserAuthenticationRequired(true);
                userAuthenticationValidityDurationSeconds = userAuthenticationRequired.setUserAuthenticationValidityDurationSeconds(i10);
                keySize = userAuthenticationValidityDurationSeconds.setKeySize(128);
                build = keySize.build();
                keyGenerator.init(build);
                keyGenerator.generateKey();
                hVar.f12139m.put(Integer.valueOf(a10), o10);
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e10) {
                throw new RuntimeException("Error creating ACP auth-bound timeout key", e10);
            }
        }
    }

    private static void j(String str, h hVar) {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec.Builder userAuthenticationRequired;
        KeyGenParameterSpec.Builder userAuthenticationValidityDurationSeconds;
        KeyGenParameterSpec build;
        if (hVar.f12138l.isEmpty()) {
            hVar.f12138l = n(str);
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", com.splashtop.remote.security.f.f38680b);
                blockModes = new KeyGenParameterSpec.Builder(hVar.f12138l, 3).setBlockModes("GCM");
                encryptionPaddings = blockModes.setEncryptionPaddings("NoPadding");
                keySize = encryptionPaddings.setKeySize(128);
                userAuthenticationRequired = keySize.setUserAuthenticationRequired(true);
                userAuthenticationValidityDurationSeconds = userAuthenticationRequired.setUserAuthenticationValidityDurationSeconds(-1);
                build = userAuthenticationValidityDurationSeconds.build();
                keyGenerator.init(build);
                keyGenerator.generateKey();
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e10) {
                throw new RuntimeException("Error creating ACP auth-bound key", e10);
            }
        }
    }

    static String k(String str, String str2) {
        try {
            return "identity_credential_" + str + "_" + URLEncoder.encode(str2, com.bumptech.glide.load.f.f15923a);
        } catch (UnsupportedEncodingException e10) {
            throw new RuntimeException("Unexpected UnsupportedEncodingException", e10);
        }
    }

    static String n(String str) {
        return k("acp", str);
    }

    static String o(String str, int i10) {
        return k("acp_timeout_for_id" + i10, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String p(String str) {
        return k("credkey", str);
    }

    static String x(String str) {
        return k("datakey", str);
    }

    static String z(String str) {
        return k("data", str);
    }

    Collection<i1.c> A() {
        return this.f12135i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String B() {
        return this.f12138l;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public i1.c L(String str) {
        Iterator<i1.c> it = this.f12135i.iterator();
        while (it.hasNext()) {
            i1.c next = it.next();
            if (next.d().equals(str)) {
                return next;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @androidx.annotation.o0
    public byte[] M(@androidx.annotation.o0 byte[] bArr) {
        PrivateKey w10 = w();
        co.nstant.in.cbor.a aVar = new co.nstant.in.cbor.a();
        aVar.v().r("ProofOfOwnership").r(this.f12129c).t(bArr).s(false);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new co.nstant.in.cbor.c(byteArrayOutputStream).a(aVar.y().get(0));
            return a2.o(a2.G(w10, byteArrayOutputStream.toByteArray(), null, null));
        } catch (CborException | InvalidKeyException | NoSuchAlgorithmException | CertificateEncodingException e10) {
            throw new RuntimeException("Error building ProofOfOwnership", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Pair<PrivateKey, byte[]> V(boolean z10, boolean z11) {
        Pair<PrivateKey, byte[]> W = W(z10, false);
        if (W != null) {
            return W;
        }
        if (z11) {
            return W(z10, true);
        }
        return null;
    }

    Pair<PrivateKey, byte[]> W(boolean z10, boolean z11) {
        Calendar calendar;
        boolean after;
        calendar = Calendar.getInstance();
        a aVar = null;
        for (int i10 = 0; i10 < this.f12136j; i10++) {
            a aVar2 = this.f12140n.get(i10);
            if (!aVar2.f12141a.isEmpty()) {
                Calendar calendar2 = aVar2.f12147g;
                if (calendar2 != null) {
                    after = calendar.after(calendar2);
                    if (after && !z11) {
                    }
                }
                if (aVar == null || aVar2.f12144d < aVar.f12144d) {
                    aVar = aVar2;
                }
            }
        }
        if (aVar == null) {
            return null;
        }
        if (aVar.f12144d >= this.f12137k && !z10) {
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f38680b);
            keyStore.load(null);
            Pair<PrivateKey, byte[]> pair = new Pair<>(((KeyStore.PrivateKeyEntry) keyStore.getEntry(aVar.f12141a, null)).getPrivateKey(), aVar.f12143c);
            aVar.f12144d++;
            N();
            return pair;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e10) {
            throw new RuntimeException("Error loading keystore", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void X(int i10, int i11) {
        int i12 = this.f12136j;
        this.f12136j = i10;
        this.f12137k = i11;
        if (i12 < i10) {
            while (i12 < this.f12136j) {
                this.f12140n.add(new a());
                i12++;
            }
        } else if (i12 > i10) {
            try {
                KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f38680b);
                keyStore.load(null);
                int i13 = i12 - this.f12136j;
                for (int i14 = 0; i14 < i13; i14++) {
                    a aVar = this.f12140n.get(0);
                    if (!aVar.f12141a.isEmpty()) {
                        try {
                            if (keyStore.containsAlias(aVar.f12141a)) {
                                keyStore.deleteEntry(aVar.f12141a);
                            }
                        } catch (KeyStoreException e10) {
                            throw new RuntimeException("Error deleting auth key with mAlias " + aVar.f12141a, e10);
                        }
                    }
                    if (!aVar.f12145e.isEmpty()) {
                        try {
                            if (keyStore.containsAlias(aVar.f12145e)) {
                                keyStore.deleteEntry(aVar.f12145e);
                            }
                        } catch (KeyStoreException e11) {
                            throw new RuntimeException("Error deleting auth key with mPendingAlias " + aVar.f12145e, e11);
                        }
                    }
                    this.f12140n.remove(0);
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e12) {
                throw new RuntimeException("Error loading keystore", e12);
            }
        }
        N();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void Y(X509Certificate x509Certificate, Calendar calendar, byte[] bArr) throws UnknownAuthenticationKeyException {
        a aVar;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            Iterator<a> it = this.f12140n.iterator();
            while (true) {
                if (!it.hasNext()) {
                    aVar = null;
                    break;
                }
                aVar = it.next();
                if (aVar.f12146f.length > 0 && ((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(aVar.f12146f))).equals(x509Certificate)) {
                    break;
                }
            }
            if (aVar == null) {
                throw new UnknownAuthenticationKeyException("No such authentication key");
            }
            if (!aVar.f12141a.isEmpty()) {
                try {
                    KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f38680b);
                    keyStore.load(null);
                    if (keyStore.containsAlias(aVar.f12141a)) {
                        keyStore.deleteEntry(aVar.f12141a);
                    }
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e10) {
                    throw new RuntimeException("Error deleting old authentication key", e10);
                }
            }
            aVar.f12141a = aVar.f12145e;
            aVar.f12142b = aVar.f12146f;
            aVar.f12143c = bArr;
            aVar.f12144d = 0;
            aVar.f12145e = "";
            aVar.f12146f = new byte[0];
            aVar.f12147g = calendar;
            N();
        } catch (CertificateException e11) {
            throw new RuntimeException("Error encoding certificate", e11);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean b(b bVar, boolean z10) {
        if (l(bVar).c() == 0) {
            return z10;
        }
        String str = this.f12139m.get(Integer.valueOf(bVar.a()));
        if (str != null) {
            return c(str);
        }
        throw new RuntimeException("No key alias for ACP with ID " + bVar.a());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void h() {
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f38680b);
            keyStore.load(null);
            try {
                if (!this.f12138l.isEmpty()) {
                    keyStore.deleteEntry(this.f12138l);
                }
                Iterator<String> it = this.f12139m.values().iterator();
                while (it.hasNext()) {
                    keyStore.deleteEntry(it.next());
                }
                Iterator<a> it2 = this.f12140n.iterator();
                while (it2.hasNext()) {
                    a next = it2.next();
                    if (!next.f12141a.isEmpty()) {
                        keyStore.deleteEntry(next.f12141a);
                    }
                    if (!next.f12145e.isEmpty()) {
                        keyStore.deleteEntry(next.f12145e);
                    }
                }
            } catch (KeyStoreException e10) {
                throw new RuntimeException("Error deleting key", e10);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e11) {
            throw new RuntimeException("Error loading keystore", e11);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public androidx.security.identity.a l(b bVar) {
        androidx.security.identity.a aVar = this.f12134h.get(Integer.valueOf(bVar.a()));
        if (aVar != null) {
            return aVar;
        }
        throw new RuntimeException("No profile with id " + bVar.a());
    }

    Collection<androidx.security.identity.a> m() {
        return this.f12133g;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int q() {
        return this.f12136j;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int[] r() {
        int[] iArr = new int[this.f12136j];
        Iterator<a> it = this.f12140n.iterator();
        int i10 = 0;
        while (it.hasNext()) {
            iArr[i10] = it.next().f12144d;
            i10++;
        }
        return iArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<X509Certificate> s() {
        Calendar calendar;
        KeyGenParameterSpec.Builder digests;
        KeyGenParameterSpec build;
        try {
            KeyStore.getInstance(com.splashtop.remote.security.f.f38680b).load(null);
            ArrayList arrayList = new ArrayList();
            calendar = Calendar.getInstance();
            for (int i10 = 0; i10 < this.f12136j; i10++) {
                a aVar = this.f12140n.get(i10);
                boolean z10 = true;
                boolean z11 = aVar.f12144d >= this.f12137k;
                Calendar calendar2 = aVar.f12147g;
                boolean z12 = aVar.f12141a.isEmpty() || z11 || (calendar2 != null ? calendar.after(calendar2) : false);
                boolean z13 = !aVar.f12145e.isEmpty();
                if (!z12 || z13) {
                    z10 = z13;
                } else {
                    try {
                        String str = this.f12130d + String.format("_auth_%d", Integer.valueOf(i10));
                        if (str.equals(aVar.f12141a)) {
                            str = str + "_";
                        }
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", com.splashtop.remote.security.f.f38680b);
                        digests = new KeyGenParameterSpec.Builder(str, 12).setDigests("SHA-256", "SHA-512");
                        build = digests.build();
                        keyPairGenerator.initialize(build);
                        keyPairGenerator.generateKeyPair();
                        X509Certificate M = a2.M(str, this.f12130d, this.f12132f);
                        aVar.f12145e = str;
                        aVar.f12146f = M.getEncoded();
                    } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException | CertificateEncodingException e10) {
                        throw new RuntimeException("Error creating auth key", e10);
                    }
                }
                if (z10) {
                    try {
                        arrayList.add((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(aVar.f12146f)));
                    } catch (CertificateException e11) {
                        throw new RuntimeException("Error creating certificate for auth key", e11);
                    }
                }
            }
            N();
            return arrayList;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e12) {
            throw new RuntimeException("Error loading keystore", e12);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int t() {
        return this.f12137k;
    }

    String u() {
        return this.f12130d;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<X509Certificate> v() {
        return this.f12131e;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivateKey w() {
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f38680b);
            keyStore.load(null);
            return ((KeyStore.PrivateKeyEntry) keyStore.getEntry(this.f12130d, null)).getPrivateKey();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e10) {
            throw new RuntimeException("Error loading keystore", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String y() {
        return this.f12129c;
    }
}
