package androidx.security.identity;

import android.icu.util.Calendar;
import android.os.Build;
import android.security.identity.IdentityCredential;
import android.security.identity.PersonalizationData;
import android.security.identity.ResultData;
import android.security.identity.SessionTranscriptMismatchException;
import androidx.annotation.o0;
import androidx.annotation.q0;
import androidx.annotation.u;
import androidx.annotation.w0;
import androidx.biometric.BiometricPrompt;
import androidx.security.identity.m;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Collection;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: HardwareIdentityCredential.java */
@w0(30)
/* loaded from: classes.dex */
class d extends g {

    /* renamed from: i, reason: collision with root package name */
    private static final String f11695i = "HardwareIdentityCredential";

    /* renamed from: a, reason: collision with root package name */
    private KeyPair f11696a = null;

    /* renamed from: b, reason: collision with root package name */
    private PublicKey f11697b = null;

    /* renamed from: c, reason: collision with root package name */
    private byte[] f11698c = null;

    /* renamed from: d, reason: collision with root package name */
    private SecretKey f11699d = null;

    /* renamed from: e, reason: collision with root package name */
    private SecretKey f11700e = null;

    /* renamed from: f, reason: collision with root package name */
    private int f11701f;

    /* renamed from: g, reason: collision with root package name */
    private int f11702g;

    /* renamed from: h, reason: collision with root package name */
    private IdentityCredential f11703h;

    /* compiled from: HardwareIdentityCredential.java */
    @w0(31)
    /* loaded from: classes.dex */
    private static class a {
        private a() {
        }

        @u
        @o0
        static byte[] a(@o0 IdentityCredential identityCredential, @o0 byte[] bArr) {
            return identityCredential.delete(bArr);
        }

        @u
        @o0
        static byte[] b(@o0 IdentityCredential identityCredential, @o0 byte[] bArr) {
            return identityCredential.proveOwnership(bArr);
        }

        @u
        static void c(@o0 IdentityCredential identityCredential, boolean z9) {
            identityCredential.setAllowUsingExpiredKeys(z9);
        }

        @u
        static void d(@o0 IdentityCredential identityCredential, @o0 X509Certificate x509Certificate, @o0 Instant instant, @o0 byte[] bArr) throws android.security.identity.UnknownAuthenticationKeyException {
            identityCredential.storeStaticAuthenticationData(x509Certificate, instant, bArr);
        }

        @u
        @o0
        static byte[] e(@o0 IdentityCredential identityCredential, @o0 PersonalizationData personalizationData) {
            return identityCredential.update(personalizationData);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public d(IdentityCredential identityCredential) {
        this.f11703h = identityCredential;
    }

    private void s() {
        if (this.f11699d != null) {
            return;
        }
        if (this.f11697b == null) {
            throw new RuntimeException("Reader ephemeral key not set");
        }
        if (this.f11698c == null) {
            throw new RuntimeException("Session transcript not set");
        }
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
            keyAgreement.init(this.f11696a.getPrivate());
            keyAgreement.doPhase(this.f11697b, true);
            byte[] generateSecret = keyAgreement.generateSecret();
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(q.o(q.h(this.f11698c)));
            this.f11699d = new SecretKeySpec(q.y("HmacSha256", generateSecret, digest, new byte[]{83, 75, 68, 101, 118, 105, 99, 101}, 32), "AES");
            this.f11700e = new SecretKeySpec(q.y("HmacSha256", generateSecret, digest, new byte[]{83, 75, 82, 101, 97, 100, 101, 114}, 32), "AES");
            this.f11701f = 1;
            this.f11702g = 1;
        } catch (InvalidKeyException | NoSuchAlgorithmException e10) {
            throw new RuntimeException("Error performing key agreement", e10);
        }
    }

    @Override // androidx.security.identity.g
    @o0
    public KeyPair a() {
        if (this.f11696a == null) {
            this.f11696a = this.f11703h.createEphemeralKeyPair();
        }
        return this.f11696a;
    }

    @Override // androidx.security.identity.g
    @o0
    public byte[] b(@o0 byte[] bArr) throws MessageDecryptionException {
        s();
        ByteBuffer allocate = ByteBuffer.allocate(12);
        allocate.putInt(0, 0);
        allocate.putInt(4, 0);
        allocate.putInt(8, this.f11702g);
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, this.f11700e, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.f11702g++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e10) {
            throw new MessageDecryptionException("Error decrypting message", e10);
        }
    }

    @Override // androidx.security.identity.g
    @o0
    public byte[] c(@o0 byte[] bArr) {
        if (Build.VERSION.SDK_INT >= 31) {
            return a.a(this.f11703h, bArr);
        }
        throw new UnsupportedOperationException();
    }

    @Override // androidx.security.identity.g
    @o0
    public byte[] d(@o0 byte[] bArr) {
        s();
        try {
            ByteBuffer allocate = ByteBuffer.allocate(12);
            allocate.putInt(0, 0);
            allocate.putInt(4, 1);
            allocate.putInt(8, this.f11701f);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, this.f11699d, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.f11701f++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e10) {
            throw new RuntimeException("Error encrypting message", e10);
        }
    }

    @Override // androidx.security.identity.g
    @o0
    public Collection<X509Certificate> e() {
        return this.f11703h.getAuthKeysNeedingCertification();
    }

    @Override // androidx.security.identity.g
    @o0
    public int[] f() {
        return this.f11703h.getAuthenticationDataUsageCount();
    }

    @Override // androidx.security.identity.g
    @o0
    public Collection<X509Certificate> g() {
        return this.f11703h.getCredentialKeyCertificateChain();
    }

    @Override // androidx.security.identity.g
    @q0
    public BiometricPrompt.c h() {
        return new BiometricPrompt.c(this.f11703h);
    }

    @Override // androidx.security.identity.g
    @o0
    public k i(@q0 byte[] bArr, @o0 Map<String, Collection<String>> map, @q0 byte[] bArr2) throws NoAuthenticationKeyAvailableException, InvalidReaderSignatureException, InvalidRequestMessageException, EphemeralPublicKeyNotFoundException {
        try {
            ResultData entries = this.f11703h.getEntries(bArr, map, this.f11698c, bArr2);
            m.a aVar = new m.a();
            aVar.g(entries.getMessageAuthenticationCode());
            aVar.e(entries.getAuthenticatedData());
            aVar.h(entries.getStaticAuthenticationData());
            for (String str : entries.getNamespaces()) {
                for (String str2 : entries.getEntryNames(str)) {
                    int status = entries.getStatus(str, str2);
                    if (status == 0) {
                        aVar.a(str, str2, entries.getEntry(str, str2));
                    } else {
                        aVar.b(str, str2, status);
                    }
                }
            }
            return aVar.c();
        } catch (android.security.identity.EphemeralPublicKeyNotFoundException e10) {
            throw new EphemeralPublicKeyNotFoundException(e10.getMessage(), e10);
        } catch (android.security.identity.InvalidReaderSignatureException e11) {
            throw new InvalidReaderSignatureException(e11.getMessage(), e11);
        } catch (android.security.identity.InvalidRequestMessageException e12) {
            throw new InvalidRequestMessageException(e12.getMessage(), e12);
        } catch (android.security.identity.NoAuthenticationKeyAvailableException e13) {
            throw new NoAuthenticationKeyAvailableException(e13.getMessage(), e13);
        } catch (SessionTranscriptMismatchException e14) {
            throw new RuntimeException("Unexpected SessionMismatchException", e14);
        }
    }

    @Override // androidx.security.identity.g
    @o0
    public byte[] j(@o0 byte[] bArr) {
        if (Build.VERSION.SDK_INT >= 31) {
            return a.b(this.f11703h, bArr);
        }
        throw new UnsupportedOperationException();
    }

    @Override // androidx.security.identity.g
    public void k(boolean z9) {
        this.f11703h.setAllowUsingExhaustedKeys(z9);
    }

    @Override // androidx.security.identity.g
    public void l(boolean z9) {
        if (Build.VERSION.SDK_INT < 31) {
            throw new UnsupportedOperationException();
        }
        a.c(this.f11703h, z9);
    }

    @Override // androidx.security.identity.g
    public void m(int i10, int i11) {
        this.f11703h.setAvailableAuthenticationKeys(i10, i11);
    }

    @Override // androidx.security.identity.g
    public void n(@o0 PublicKey publicKey) throws InvalidKeyException {
        this.f11697b = publicKey;
        this.f11703h.setReaderEphemeralPublicKey(publicKey);
    }

    @Override // androidx.security.identity.g
    public void o(@o0 byte[] bArr) {
        if (this.f11698c != null) {
            throw new RuntimeException("SessionTranscript already set");
        }
        this.f11698c = (byte[]) bArr.clone();
    }

    @Override // androidx.security.identity.g
    public void p(@o0 X509Certificate x509Certificate, @o0 Calendar calendar, @o0 byte[] bArr) throws UnknownAuthenticationKeyException {
        if (Build.VERSION.SDK_INT < 31) {
            throw new UnsupportedOperationException();
        }
        try {
            a.d(this.f11703h, x509Certificate, Instant.ofEpochMilli(calendar.getTimeInMillis()), bArr);
        } catch (android.security.identity.UnknownAuthenticationKeyException e10) {
            throw new UnknownAuthenticationKeyException(e10.getMessage(), e10);
        }
    }

    @Override // androidx.security.identity.g
    public void q(@o0 X509Certificate x509Certificate, @o0 byte[] bArr) throws UnknownAuthenticationKeyException {
        try {
            this.f11703h.storeStaticAuthenticationData(x509Certificate, bArr);
        } catch (android.security.identity.UnknownAuthenticationKeyException e10) {
            throw new UnknownAuthenticationKeyException(e10.getMessage(), e10);
        }
    }

    @Override // androidx.security.identity.g
    @o0
    public byte[] r(@o0 j jVar) {
        if (Build.VERSION.SDK_INT >= 31) {
            return a.e(this.f11703h, f.c(jVar));
        }
        throw new UnsupportedOperationException();
    }
}
