package androidx.security.identity;

import android.icu.util.Calendar;
import android.os.Build;
import android.security.identity.IdentityCredential;
import android.security.identity.PersonalizationData;
import android.security.identity.ResultData;
import android.security.identity.SessionTranscriptMismatchException;
import androidx.annotation.InterfaceC1166u;
import androidx.biometric.BiometricPrompt;
import androidx.security.identity.t0;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Collection;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

@androidx.annotation.Y(30)
/* loaded from: classes.dex */
class M extends n0 {

    /* renamed from: i, reason: collision with root package name */
    private static final String f21633i = "HardwareIdentityCredential";

    /* renamed from: a, reason: collision with root package name */
    private KeyPair f21634a = null;

    /* renamed from: b, reason: collision with root package name */
    private PublicKey f21635b = null;

    /* renamed from: c, reason: collision with root package name */
    private byte[] f21636c = null;

    /* renamed from: d, reason: collision with root package name */
    private SecretKey f21637d = null;

    /* renamed from: e, reason: collision with root package name */
    private SecretKey f21638e = null;

    /* renamed from: f, reason: collision with root package name */
    private int f21639f;

    /* renamed from: g, reason: collision with root package name */
    private int f21640g;

    /* renamed from: h, reason: collision with root package name */
    private IdentityCredential f21641h;

    @androidx.annotation.Y(31)
    /* loaded from: classes.dex */
    private static class a {
        private a() {
        }

        @InterfaceC1166u
        @androidx.annotation.O
        static byte[] a(@androidx.annotation.O IdentityCredential identityCredential, @androidx.annotation.O byte[] bArr) {
            byte[] delete;
            delete = identityCredential.delete(bArr);
            return delete;
        }

        @InterfaceC1166u
        @androidx.annotation.O
        static byte[] b(@androidx.annotation.O IdentityCredential identityCredential, @androidx.annotation.O byte[] bArr) {
            byte[] proveOwnership;
            proveOwnership = identityCredential.proveOwnership(bArr);
            return proveOwnership;
        }

        @InterfaceC1166u
        static void c(@androidx.annotation.O IdentityCredential identityCredential, boolean z5) {
            identityCredential.setAllowUsingExpiredKeys(z5);
        }

        @InterfaceC1166u
        static void d(@androidx.annotation.O IdentityCredential identityCredential, @androidx.annotation.O X509Certificate x509Certificate, @androidx.annotation.O Instant instant, @androidx.annotation.O byte[] bArr) throws android.security.identity.UnknownAuthenticationKeyException {
            identityCredential.storeStaticAuthenticationData(x509Certificate, instant, bArr);
        }

        @InterfaceC1166u
        @androidx.annotation.O
        static byte[] e(@androidx.annotation.O IdentityCredential identityCredential, @androidx.annotation.O PersonalizationData personalizationData) {
            byte[] update;
            update = identityCredential.update(personalizationData);
            return update;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public M(IdentityCredential identityCredential) {
        this.f21641h = identityCredential;
    }

    private void s() {
        if (this.f21637d != null) {
            return;
        }
        if (this.f21635b == null) {
            throw new RuntimeException("Reader ephemeral key not set");
        }
        if (this.f21636c == null) {
            throw new RuntimeException("Session transcript not set");
        }
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
            keyAgreement.init(this.f21634a.getPrivate());
            keyAgreement.doPhase(this.f21635b, true);
            byte[] generateSecret = keyAgreement.generateSecret();
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(K0.o(K0.h(this.f21636c)));
            this.f21637d = new SecretKeySpec(K0.y("HmacSha256", generateSecret, digest, new byte[]{83, 75, 68, 101, 118, 105, 99, 101}, 32), "AES");
            this.f21638e = new SecretKeySpec(K0.y("HmacSha256", generateSecret, digest, new byte[]{83, 75, 82, 101, 97, 100, 101, 114}, 32), "AES");
            this.f21639f = 1;
            this.f21640g = 1;
        } catch (InvalidKeyException | NoSuchAlgorithmException e5) {
            throw new RuntimeException("Error performing key agreement", e5);
        }
    }

    @Override // androidx.security.identity.n0
    @androidx.annotation.O
    public KeyPair a() {
        KeyPair createEphemeralKeyPair;
        if (this.f21634a == null) {
            createEphemeralKeyPair = this.f21641h.createEphemeralKeyPair();
            this.f21634a = createEphemeralKeyPair;
        }
        return this.f21634a;
    }

    @Override // androidx.security.identity.n0
    @androidx.annotation.O
    public byte[] b(@androidx.annotation.O byte[] bArr) throws MessageDecryptionException {
        s();
        ByteBuffer allocate = ByteBuffer.allocate(12);
        allocate.putInt(0, 0);
        allocate.putInt(4, 0);
        allocate.putInt(8, this.f21640g);
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, this.f21638e, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.f21640g++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e5) {
            throw new MessageDecryptionException("Error decrypting message", e5);
        }
    }

    @Override // androidx.security.identity.n0
    @androidx.annotation.O
    public byte[] c(@androidx.annotation.O byte[] bArr) {
        if (Build.VERSION.SDK_INT >= 31) {
            return a.a(this.f21641h, bArr);
        }
        throw new UnsupportedOperationException();
    }

    @Override // androidx.security.identity.n0
    @androidx.annotation.O
    public byte[] d(@androidx.annotation.O byte[] bArr) {
        s();
        try {
            ByteBuffer allocate = ByteBuffer.allocate(12);
            allocate.putInt(0, 0);
            allocate.putInt(4, 1);
            allocate.putInt(8, this.f21639f);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, this.f21637d, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.f21639f++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e5) {
            throw new RuntimeException("Error encrypting message", e5);
        }
    }

    @Override // androidx.security.identity.n0
    @androidx.annotation.O
    public Collection<X509Certificate> e() {
        Collection<X509Certificate> authKeysNeedingCertification;
        authKeysNeedingCertification = this.f21641h.getAuthKeysNeedingCertification();
        return authKeysNeedingCertification;
    }

    @Override // androidx.security.identity.n0
    @androidx.annotation.O
    public int[] f() {
        int[] authenticationDataUsageCount;
        authenticationDataUsageCount = this.f21641h.getAuthenticationDataUsageCount();
        return authenticationDataUsageCount;
    }

    @Override // androidx.security.identity.n0
    @androidx.annotation.O
    public Collection<X509Certificate> g() {
        Collection<X509Certificate> credentialKeyCertificateChain;
        credentialKeyCertificateChain = this.f21641h.getCredentialKeyCertificateChain();
        return credentialKeyCertificateChain;
    }

    @Override // androidx.security.identity.n0
    @androidx.annotation.Q
    public BiometricPrompt.c h() {
        return new BiometricPrompt.c(this.f21641h);
    }

    @Override // androidx.security.identity.n0
    @androidx.annotation.O
    public r0 i(@androidx.annotation.Q byte[] bArr, @androidx.annotation.O Map<String, Collection<String>> map, @androidx.annotation.Q byte[] bArr2) throws NoAuthenticationKeyAvailableException, InvalidReaderSignatureException, InvalidRequestMessageException, EphemeralPublicKeyNotFoundException {
        String message;
        String message2;
        String message3;
        String message4;
        ResultData entries;
        byte[] messageAuthenticationCode;
        byte[] authenticatedData;
        byte[] staticAuthenticationData;
        Collection<String> namespaces;
        Collection<String> entryNames;
        int status;
        byte[] entry;
        try {
            entries = this.f21641h.getEntries(bArr, map, this.f21636c, bArr2);
            t0.a aVar = new t0.a();
            messageAuthenticationCode = entries.getMessageAuthenticationCode();
            aVar.g(messageAuthenticationCode);
            authenticatedData = entries.getAuthenticatedData();
            aVar.e(authenticatedData);
            staticAuthenticationData = entries.getStaticAuthenticationData();
            aVar.h(staticAuthenticationData);
            namespaces = entries.getNamespaces();
            for (String str : namespaces) {
                entryNames = entries.getEntryNames(str);
                for (String str2 : entryNames) {
                    status = entries.getStatus(str, str2);
                    if (status == 0) {
                        entry = entries.getEntry(str, str2);
                        aVar.a(str, str2, entry);
                    } else {
                        aVar.b(str, str2, status);
                    }
                }
            }
            return aVar.c();
        } catch (android.security.identity.EphemeralPublicKeyNotFoundException e5) {
            message4 = e5.getMessage();
            throw new EphemeralPublicKeyNotFoundException(message4, e5);
        } catch (android.security.identity.InvalidReaderSignatureException e6) {
            message3 = e6.getMessage();
            throw new InvalidReaderSignatureException(message3, e6);
        } catch (android.security.identity.InvalidRequestMessageException e7) {
            message2 = e7.getMessage();
            throw new InvalidRequestMessageException(message2, e7);
        } catch (android.security.identity.NoAuthenticationKeyAvailableException e8) {
            message = e8.getMessage();
            throw new NoAuthenticationKeyAvailableException(message, e8);
        } catch (SessionTranscriptMismatchException e9) {
            throw new RuntimeException("Unexpected SessionMismatchException", e9);
        }
    }

    @Override // androidx.security.identity.n0
    @androidx.annotation.O
    public byte[] j(@androidx.annotation.O byte[] bArr) {
        if (Build.VERSION.SDK_INT >= 31) {
            return a.b(this.f21641h, bArr);
        }
        throw new UnsupportedOperationException();
    }

    @Override // androidx.security.identity.n0
    public void k(boolean z5) {
        this.f21641h.setAllowUsingExhaustedKeys(z5);
    }

    @Override // androidx.security.identity.n0
    public void l(boolean z5) {
        if (Build.VERSION.SDK_INT < 31) {
            throw new UnsupportedOperationException();
        }
        a.c(this.f21641h, z5);
    }

    @Override // androidx.security.identity.n0
    public void m(int i5, int i6) {
        this.f21641h.setAvailableAuthenticationKeys(i5, i6);
    }

    @Override // androidx.security.identity.n0
    public void n(@androidx.annotation.O PublicKey publicKey) throws InvalidKeyException {
        this.f21635b = publicKey;
        this.f21641h.setReaderEphemeralPublicKey(publicKey);
    }

    @Override // androidx.security.identity.n0
    public void o(@androidx.annotation.O byte[] bArr) {
        if (this.f21636c != null) {
            throw new RuntimeException("SessionTranscript already set");
        }
        this.f21636c = (byte[]) bArr.clone();
    }

    @Override // androidx.security.identity.n0
    public void p(@androidx.annotation.O X509Certificate x509Certificate, @androidx.annotation.O Calendar calendar, @androidx.annotation.O byte[] bArr) throws UnknownAuthenticationKeyException {
        String message;
        long timeInMillis;
        Instant ofEpochMilli;
        if (Build.VERSION.SDK_INT < 31) {
            throw new UnsupportedOperationException();
        }
        try {
            timeInMillis = calendar.getTimeInMillis();
            ofEpochMilli = Instant.ofEpochMilli(timeInMillis);
            a.d(this.f21641h, x509Certificate, ofEpochMilli, bArr);
        } catch (android.security.identity.UnknownAuthenticationKeyException e5) {
            message = e5.getMessage();
            throw new UnknownAuthenticationKeyException(message, e5);
        }
    }

    @Override // androidx.security.identity.n0
    public void q(@androidx.annotation.O X509Certificate x509Certificate, @androidx.annotation.O byte[] bArr) throws UnknownAuthenticationKeyException {
        String message;
        try {
            this.f21641h.storeStaticAuthenticationData(x509Certificate, bArr);
        } catch (android.security.identity.UnknownAuthenticationKeyException e5) {
            message = e5.getMessage();
            throw new UnknownAuthenticationKeyException(message, e5);
        }
    }

    @Override // androidx.security.identity.n0
    @androidx.annotation.O
    public byte[] r(@androidx.annotation.O q0 q0Var) {
        if (Build.VERSION.SDK_INT >= 31) {
            return a.e(this.f21641h, m0.c(q0Var));
        }
        throw new UnsupportedOperationException();
    }
}
