package androidx.security.identity;

import android.icu.util.Calendar;
import android.os.Build;
import android.security.identity.IdentityCredential;
import android.security.identity.PersonalizationData;
import android.security.identity.ResultData;
import android.security.identity.SessionTranscriptMismatchException;
import androidx.biometric.BiometricPrompt;
import androidx.security.identity.l1;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Collection;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: HardwareIdentityCredential.java */
@androidx.annotation.w0(30)
/* loaded from: classes.dex */
class j0 extends f1 {

    /* renamed from: i, reason: collision with root package name */
    private static final String f12157i = "HardwareIdentityCredential";

    /* renamed from: a, reason: collision with root package name */
    private KeyPair f12158a = null;

    /* renamed from: b, reason: collision with root package name */
    private PublicKey f12159b = null;

    /* renamed from: c, reason: collision with root package name */
    private byte[] f12160c = null;

    /* renamed from: d, reason: collision with root package name */
    private SecretKey f12161d = null;

    /* renamed from: e, reason: collision with root package name */
    private SecretKey f12162e = null;

    /* renamed from: f, reason: collision with root package name */
    private int f12163f;

    /* renamed from: g, reason: collision with root package name */
    private int f12164g;

    /* renamed from: h, reason: collision with root package name */
    private IdentityCredential f12165h;

    /* compiled from: HardwareIdentityCredential.java */
    @androidx.annotation.w0(31)
    /* loaded from: classes.dex */
    private static class a {
        private a() {
        }

        @androidx.annotation.u
        @androidx.annotation.o0
        static byte[] a(@androidx.annotation.o0 IdentityCredential identityCredential, @androidx.annotation.o0 byte[] bArr) {
            byte[] delete;
            delete = identityCredential.delete(bArr);
            return delete;
        }

        @androidx.annotation.u
        @androidx.annotation.o0
        static byte[] b(@androidx.annotation.o0 IdentityCredential identityCredential, @androidx.annotation.o0 byte[] bArr) {
            byte[] proveOwnership;
            proveOwnership = identityCredential.proveOwnership(bArr);
            return proveOwnership;
        }

        @androidx.annotation.u
        static void c(@androidx.annotation.o0 IdentityCredential identityCredential, boolean z10) {
            identityCredential.setAllowUsingExpiredKeys(z10);
        }

        @androidx.annotation.u
        static void d(@androidx.annotation.o0 IdentityCredential identityCredential, @androidx.annotation.o0 X509Certificate x509Certificate, @androidx.annotation.o0 Instant instant, @androidx.annotation.o0 byte[] bArr) throws android.security.identity.UnknownAuthenticationKeyException {
            identityCredential.storeStaticAuthenticationData(x509Certificate, instant, bArr);
        }

        @androidx.annotation.u
        @androidx.annotation.o0
        static byte[] e(@androidx.annotation.o0 IdentityCredential identityCredential, @androidx.annotation.o0 PersonalizationData personalizationData) {
            byte[] update;
            update = identityCredential.update(personalizationData);
            return update;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public j0(IdentityCredential identityCredential) {
        this.f12165h = identityCredential;
    }

    private void s() {
        if (this.f12161d != null) {
            return;
        }
        if (this.f12159b == null) {
            throw new RuntimeException("Reader ephemeral key not set");
        }
        if (this.f12160c == null) {
            throw new RuntimeException("Session transcript not set");
        }
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
            keyAgreement.init(this.f12158a.getPrivate());
            keyAgreement.doPhase(this.f12159b, true);
            byte[] generateSecret = keyAgreement.generateSecret();
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(a2.o(a2.h(this.f12160c)));
            this.f12161d = new SecretKeySpec(a2.y("HmacSha256", generateSecret, digest, new byte[]{83, 75, 68, 101, 118, 105, 99, 101}, 32), "AES");
            this.f12162e = new SecretKeySpec(a2.y("HmacSha256", generateSecret, digest, new byte[]{83, 75, 82, 101, 97, 100, 101, 114}, 32), "AES");
            this.f12163f = 1;
            this.f12164g = 1;
        } catch (InvalidKeyException | NoSuchAlgorithmException e10) {
            throw new RuntimeException("Error performing key agreement", e10);
        }
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public KeyPair a() {
        KeyPair createEphemeralKeyPair;
        if (this.f12158a == null) {
            createEphemeralKeyPair = this.f12165h.createEphemeralKeyPair();
            this.f12158a = createEphemeralKeyPair;
        }
        return this.f12158a;
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public byte[] b(@androidx.annotation.o0 byte[] bArr) throws MessageDecryptionException {
        s();
        ByteBuffer allocate = ByteBuffer.allocate(12);
        allocate.putInt(0, 0);
        allocate.putInt(4, 0);
        allocate.putInt(8, this.f12164g);
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, this.f12162e, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.f12164g++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e10) {
            throw new MessageDecryptionException("Error decrypting message", e10);
        }
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public byte[] c(@androidx.annotation.o0 byte[] bArr) {
        if (Build.VERSION.SDK_INT >= 31) {
            return a.a(this.f12165h, bArr);
        }
        throw new UnsupportedOperationException();
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public byte[] d(@androidx.annotation.o0 byte[] bArr) {
        s();
        try {
            ByteBuffer allocate = ByteBuffer.allocate(12);
            allocate.putInt(0, 0);
            allocate.putInt(4, 1);
            allocate.putInt(8, this.f12163f);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, this.f12161d, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.f12163f++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e10) {
            throw new RuntimeException("Error encrypting message", e10);
        }
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public Collection<X509Certificate> e() {
        Collection<X509Certificate> authKeysNeedingCertification;
        authKeysNeedingCertification = this.f12165h.getAuthKeysNeedingCertification();
        return authKeysNeedingCertification;
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public int[] f() {
        int[] authenticationDataUsageCount;
        authenticationDataUsageCount = this.f12165h.getAuthenticationDataUsageCount();
        return authenticationDataUsageCount;
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public Collection<X509Certificate> g() {
        Collection<X509Certificate> credentialKeyCertificateChain;
        credentialKeyCertificateChain = this.f12165h.getCredentialKeyCertificateChain();
        return credentialKeyCertificateChain;
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.q0
    public BiometricPrompt.c h() {
        return new BiometricPrompt.c(this.f12165h);
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public j1 i(@androidx.annotation.q0 byte[] bArr, @androidx.annotation.o0 Map<String, Collection<String>> map, @androidx.annotation.q0 byte[] bArr2) throws NoAuthenticationKeyAvailableException, InvalidReaderSignatureException, InvalidRequestMessageException, EphemeralPublicKeyNotFoundException {
        String message;
        String message2;
        String message3;
        String message4;
        ResultData entries;
        byte[] messageAuthenticationCode;
        byte[] authenticatedData;
        byte[] staticAuthenticationData;
        Collection<String> namespaces;
        Collection<String> entryNames;
        int status;
        byte[] entry;
        try {
            entries = this.f12165h.getEntries(bArr, map, this.f12160c, bArr2);
            l1.a aVar = new l1.a();
            messageAuthenticationCode = entries.getMessageAuthenticationCode();
            aVar.g(messageAuthenticationCode);
            authenticatedData = entries.getAuthenticatedData();
            aVar.e(authenticatedData);
            staticAuthenticationData = entries.getStaticAuthenticationData();
            aVar.h(staticAuthenticationData);
            namespaces = entries.getNamespaces();
            for (String str : namespaces) {
                entryNames = entries.getEntryNames(str);
                for (String str2 : entryNames) {
                    status = entries.getStatus(str, str2);
                    if (status == 0) {
                        entry = entries.getEntry(str, str2);
                        aVar.a(str, str2, entry);
                    } else {
                        aVar.b(str, str2, status);
                    }
                }
            }
            return aVar.c();
        } catch (android.security.identity.EphemeralPublicKeyNotFoundException e10) {
            message4 = e10.getMessage();
            throw new EphemeralPublicKeyNotFoundException(message4, e10);
        } catch (android.security.identity.InvalidReaderSignatureException e11) {
            message3 = e11.getMessage();
            throw new InvalidReaderSignatureException(message3, e11);
        } catch (android.security.identity.InvalidRequestMessageException e12) {
            message2 = e12.getMessage();
            throw new InvalidRequestMessageException(message2, e12);
        } catch (android.security.identity.NoAuthenticationKeyAvailableException e13) {
            message = e13.getMessage();
            throw new NoAuthenticationKeyAvailableException(message, e13);
        } catch (SessionTranscriptMismatchException e14) {
            throw new RuntimeException("Unexpected SessionMismatchException", e14);
        }
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public byte[] j(@androidx.annotation.o0 byte[] bArr) {
        if (Build.VERSION.SDK_INT >= 31) {
            return a.b(this.f12165h, bArr);
        }
        throw new UnsupportedOperationException();
    }

    @Override // androidx.security.identity.f1
    public void k(boolean z10) {
        this.f12165h.setAllowUsingExhaustedKeys(z10);
    }

    @Override // androidx.security.identity.f1
    public void l(boolean z10) {
        if (Build.VERSION.SDK_INT < 31) {
            throw new UnsupportedOperationException();
        }
        a.c(this.f12165h, z10);
    }

    @Override // androidx.security.identity.f1
    public void m(int i10, int i11) {
        this.f12165h.setAvailableAuthenticationKeys(i10, i11);
    }

    @Override // androidx.security.identity.f1
    public void n(@androidx.annotation.o0 PublicKey publicKey) throws InvalidKeyException {
        this.f12159b = publicKey;
        this.f12165h.setReaderEphemeralPublicKey(publicKey);
    }

    @Override // androidx.security.identity.f1
    public void o(@androidx.annotation.o0 byte[] bArr) {
        if (this.f12160c != null) {
            throw new RuntimeException("SessionTranscript already set");
        }
        this.f12160c = (byte[]) bArr.clone();
    }

    @Override // androidx.security.identity.f1
    public void p(@androidx.annotation.o0 X509Certificate x509Certificate, @androidx.annotation.o0 Calendar calendar, @androidx.annotation.o0 byte[] bArr) throws UnknownAuthenticationKeyException {
        String message;
        long timeInMillis;
        Instant ofEpochMilli;
        if (Build.VERSION.SDK_INT < 31) {
            throw new UnsupportedOperationException();
        }
        try {
            timeInMillis = calendar.getTimeInMillis();
            ofEpochMilli = Instant.ofEpochMilli(timeInMillis);
            a.d(this.f12165h, x509Certificate, ofEpochMilli, bArr);
        } catch (android.security.identity.UnknownAuthenticationKeyException e10) {
            message = e10.getMessage();
            throw new UnknownAuthenticationKeyException(message, e10);
        }
    }

    @Override // androidx.security.identity.f1
    public void q(@androidx.annotation.o0 X509Certificate x509Certificate, @androidx.annotation.o0 byte[] bArr) throws UnknownAuthenticationKeyException {
        String message;
        try {
            this.f12165h.storeStaticAuthenticationData(x509Certificate, bArr);
        } catch (android.security.identity.UnknownAuthenticationKeyException e10) {
            message = e10.getMessage();
            throw new UnknownAuthenticationKeyException(message, e10);
        }
    }

    @Override // androidx.security.identity.f1
    @androidx.annotation.o0
    public byte[] r(@androidx.annotation.o0 i1 i1Var) {
        if (Build.VERSION.SDK_INT >= 31) {
            return a.e(this.f12165h, e1.c(i1Var));
        }
        throw new UnsupportedOperationException();
    }
}
