package androidx.security.identity;

import android.content.Context;
import android.icu.util.Calendar;
import android.security.keystore.KeyGenParameterSpec;
import android.util.AtomicFile;
import android.util.Log;
import android.util.Pair;
import androidx.security.identity.q0;
import co.nstant.in.cbor.CborException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.AbstractList;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* renamed from: androidx.security.identity.k, reason: case insensitive filesystem */
/* loaded from: classes.dex */
public class C1686k {

    /* renamed from: o, reason: collision with root package name */
    private static final String f21653o = "CredentialData";

    /* renamed from: a, reason: collision with root package name */
    private Context f21654a;

    /* renamed from: b, reason: collision with root package name */
    private String f21655b;

    /* renamed from: m, reason: collision with root package name */
    private AbstractMap<Integer, String> f21666m;

    /* renamed from: c, reason: collision with root package name */
    private String f21656c = "";

    /* renamed from: d, reason: collision with root package name */
    private String f21657d = "";

    /* renamed from: e, reason: collision with root package name */
    private Collection<X509Certificate> f21658e = null;

    /* renamed from: f, reason: collision with root package name */
    private byte[] f21659f = null;

    /* renamed from: g, reason: collision with root package name */
    private AbstractList<C1666a> f21660g = new ArrayList();

    /* renamed from: h, reason: collision with root package name */
    private AbstractMap<Integer, C1666a> f21661h = new HashMap();

    /* renamed from: i, reason: collision with root package name */
    private AbstractList<q0.c> f21662i = new ArrayList();

    /* renamed from: j, reason: collision with root package name */
    private int f21663j = 0;

    /* renamed from: k, reason: collision with root package name */
    private int f21664k = 1;

    /* renamed from: l, reason: collision with root package name */
    private String f21665l = "";

    /* renamed from: n, reason: collision with root package name */
    private AbstractList<a> f21667n = new ArrayList();

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: androidx.security.identity.k$a */
    /* loaded from: classes.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        String f21668a = "";

        /* renamed from: b, reason: collision with root package name */
        byte[] f21669b = new byte[0];

        /* renamed from: c, reason: collision with root package name */
        byte[] f21670c = new byte[0];

        /* renamed from: d, reason: collision with root package name */
        int f21671d = 0;

        /* renamed from: e, reason: collision with root package name */
        String f21672e = "";

        /* renamed from: f, reason: collision with root package name */
        byte[] f21673f = new byte[0];

        /* renamed from: g, reason: collision with root package name */
        Calendar f21674g = null;

        a() {
        }
    }

    private C1686k(Context context, String str) {
        this.f21654a = context;
        this.f21655b = str;
    }

    private void C(co.nstant.in.cbor.model.k kVar) {
        co.nstant.in.cbor.model.f j5 = kVar.j(new co.nstant.in.cbor.model.u("accessControlProfiles"));
        if (!(j5 instanceof co.nstant.in.cbor.model.c)) {
            throw new RuntimeException("accessControlProfiles not found or not array");
        }
        this.f21660g = new ArrayList();
        this.f21661h = new HashMap();
        Iterator<co.nstant.in.cbor.model.f> it = ((co.nstant.in.cbor.model.c) j5).k().iterator();
        while (it.hasNext()) {
            C1666a a5 = K0.a(it.next());
            this.f21660g.add(a5);
            this.f21661h.put(Integer.valueOf(a5.a().a()), a5);
        }
    }

    private void D(co.nstant.in.cbor.model.k kVar) {
        long j5;
        Calendar calendar;
        this.f21665l = ((co.nstant.in.cbor.model.u) kVar.j(new co.nstant.in.cbor.model.u("perReaderSessionKeyAlias"))).j();
        co.nstant.in.cbor.model.f j6 = kVar.j(new co.nstant.in.cbor.model.u("acpTimeoutKeyMap"));
        if (!(j6 instanceof co.nstant.in.cbor.model.k)) {
            throw new RuntimeException("acpTimeoutKeyMap not found or not map");
        }
        this.f21666m = new HashMap();
        co.nstant.in.cbor.model.k kVar2 = (co.nstant.in.cbor.model.k) j6;
        for (co.nstant.in.cbor.model.f fVar : kVar2.k()) {
            if (!(fVar instanceof co.nstant.in.cbor.model.v)) {
                throw new RuntimeException("Key in acpTimeoutKeyMap is not an integer");
            }
            int intValue = ((co.nstant.in.cbor.model.v) fVar).h().intValue();
            co.nstant.in.cbor.model.f j7 = kVar2.j(fVar);
            if (!(j7 instanceof co.nstant.in.cbor.model.u)) {
                throw new RuntimeException("Item in acpTimeoutKeyMap is not a string");
            }
            this.f21666m.put(Integer.valueOf(intValue), ((co.nstant.in.cbor.model.u) j7).j());
        }
        this.f21663j = ((co.nstant.in.cbor.model.m) kVar.j(new co.nstant.in.cbor.model.u("authKeyCount"))).h().intValue();
        this.f21664k = ((co.nstant.in.cbor.model.m) kVar.j(new co.nstant.in.cbor.model.u("authKeyMaxUses"))).h().intValue();
        co.nstant.in.cbor.model.f j8 = kVar.j(new co.nstant.in.cbor.model.u("authKeyDatas"));
        if (!(j8 instanceof co.nstant.in.cbor.model.c)) {
            throw new RuntimeException("authKeyDatas not found or not array");
        }
        this.f21667n = new ArrayList();
        for (co.nstant.in.cbor.model.f fVar2 : ((co.nstant.in.cbor.model.c) j8).k()) {
            a aVar = new a();
            co.nstant.in.cbor.model.k kVar3 = (co.nstant.in.cbor.model.k) fVar2;
            aVar.f21668a = ((co.nstant.in.cbor.model.u) kVar3.j(new co.nstant.in.cbor.model.u("alias"))).j();
            aVar.f21671d = ((co.nstant.in.cbor.model.m) kVar3.j(new co.nstant.in.cbor.model.u("useCount"))).h().intValue();
            aVar.f21669b = ((co.nstant.in.cbor.model.d) kVar3.j(new co.nstant.in.cbor.model.u("certificate"))).j();
            aVar.f21670c = ((co.nstant.in.cbor.model.d) kVar3.j(new co.nstant.in.cbor.model.u("staticAuthenticationData"))).j();
            aVar.f21672e = ((co.nstant.in.cbor.model.u) kVar3.j(new co.nstant.in.cbor.model.u("pendingAlias"))).j();
            aVar.f21673f = ((co.nstant.in.cbor.model.d) kVar3.j(new co.nstant.in.cbor.model.u("pendingCertificate"))).j();
            co.nstant.in.cbor.model.f j9 = kVar3.j(new co.nstant.in.cbor.model.u("expirationDateMillis"));
            if (j9 == null) {
                j5 = Long.MAX_VALUE;
            } else {
                if (!(j9 instanceof co.nstant.in.cbor.model.m)) {
                    throw new RuntimeException("expirationDateMillis not a number");
                }
                j5 = ((co.nstant.in.cbor.model.m) j9).h().longValue();
            }
            calendar = Calendar.getInstance();
            calendar.setTimeInMillis(j5);
            aVar.f21674g = calendar;
            this.f21667n.add(aVar);
        }
    }

    private void E(co.nstant.in.cbor.model.k kVar) {
        this.f21656c = ((co.nstant.in.cbor.model.u) kVar.j(new co.nstant.in.cbor.model.u("docType"))).j();
        this.f21657d = ((co.nstant.in.cbor.model.u) kVar.j(new co.nstant.in.cbor.model.u("credentialKeyAlias"))).j();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static C1686k F(Context context, String str) {
        C1686k c1686k = new C1686k(context, str);
        if (c1686k.H(x(str))) {
            return c1686k;
        }
        return null;
    }

    private void G(co.nstant.in.cbor.model.k kVar) {
        co.nstant.in.cbor.model.f j5 = kVar.j(new co.nstant.in.cbor.model.u("credentialKeyCertChain"));
        if (!(j5 instanceof co.nstant.in.cbor.model.c)) {
            throw new RuntimeException("credentialKeyCertChain not found or not array");
        }
        this.f21658e = new ArrayList();
        Iterator<co.nstant.in.cbor.model.f> it = ((co.nstant.in.cbor.model.c) j5).k().iterator();
        while (it.hasNext()) {
            byte[] j6 = ((co.nstant.in.cbor.model.d) it.next()).j();
            try {
                this.f21658e.add((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(j6)));
            } catch (CertificateException e5) {
                throw new RuntimeException("Error decoding certificate blob", e5);
            }
        }
    }

    private boolean H(String str) {
        try {
            try {
                List<co.nstant.in.cbor.model.f> a5 = new co.nstant.in.cbor.b(new ByteArrayInputStream(I(str, new AtomicFile(this.f21654a.getFileStreamPath(z(this.f21655b))).readFully()))).a();
                if (a5.size() != 1) {
                    throw new RuntimeException("Expected 1 item, found " + a5.size());
                }
                if (!(a5.get(0) instanceof co.nstant.in.cbor.model.k)) {
                    throw new RuntimeException("Item is not a map");
                }
                co.nstant.in.cbor.model.k kVar = (co.nstant.in.cbor.model.k) a5.get(0);
                E(kVar);
                G(kVar);
                K(kVar);
                C(kVar);
                J(kVar);
                D(kVar);
                return true;
            } catch (CborException e5) {
                throw new RuntimeException("Error decoding data", e5);
            }
        } catch (Exception unused) {
            return false;
        }
    }

    private byte[] I(String str, byte[] bArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f49962b);
            keyStore.load(null);
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) keyStore.getEntry(str, null)).getSecretKey();
            if (bArr.length < 12) {
                throw new RuntimeException("Encrypted CBOR on disk is too small");
            }
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            byte[] bArr2 = new byte[12];
            wrap.get(bArr2);
            byte[] bArr3 = new byte[bArr.length - 12];
            wrap.get(bArr3);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, secretKey, new GCMParameterSpec(128, bArr2));
            return cipher.doFinal(bArr3);
        } catch (IOException e5) {
            e = e5;
            throw new RuntimeException("Error decrypting CBOR", e);
        } catch (InvalidAlgorithmParameterException e6) {
            e = e6;
            throw new RuntimeException("Error decrypting CBOR", e);
        } catch (InvalidKeyException e7) {
            e = e7;
            throw new RuntimeException("Error decrypting CBOR", e);
        } catch (KeyStoreException e8) {
            e = e8;
            throw new RuntimeException("Error decrypting CBOR", e);
        } catch (NoSuchAlgorithmException e9) {
            e = e9;
            throw new RuntimeException("Error decrypting CBOR", e);
        } catch (UnrecoverableEntryException e10) {
            e = e10;
            throw new RuntimeException("Error decrypting CBOR", e);
        } catch (CertificateException e11) {
            e = e11;
            throw new RuntimeException("Error decrypting CBOR", e);
        } catch (BadPaddingException e12) {
            e = e12;
            throw new RuntimeException("Error decrypting CBOR", e);
        } catch (IllegalBlockSizeException e13) {
            e = e13;
            throw new RuntimeException("Error decrypting CBOR", e);
        } catch (NoSuchPaddingException e14) {
            e = e14;
            throw new RuntimeException("Error decrypting CBOR", e);
        }
    }

    private void J(co.nstant.in.cbor.model.k kVar) {
        co.nstant.in.cbor.model.f j5 = kVar.j(new co.nstant.in.cbor.model.u("namespaceDatas"));
        if (!(j5 instanceof co.nstant.in.cbor.model.k)) {
            throw new RuntimeException("namespaceDatas not found or not map");
        }
        this.f21662i = new ArrayList();
        co.nstant.in.cbor.model.k kVar2 = (co.nstant.in.cbor.model.k) j5;
        for (co.nstant.in.cbor.model.f fVar : kVar2.k()) {
            if (!(fVar instanceof co.nstant.in.cbor.model.u)) {
                throw new RuntimeException("Key in namespaceDatas is not a string");
            }
            this.f21662i.add(K0.R(((co.nstant.in.cbor.model.u) fVar).j(), kVar2.j(fVar)));
        }
    }

    private void K(co.nstant.in.cbor.model.k kVar) {
        co.nstant.in.cbor.model.f j5 = kVar.j(new co.nstant.in.cbor.model.u("proofOfProvisioningSha256"));
        if (!(j5 instanceof co.nstant.in.cbor.model.d)) {
            throw new RuntimeException("proofOfProvisioningSha256 not found or not bstr");
        }
        this.f21659f = ((co.nstant.in.cbor.model.d) j5).j();
    }

    private void N() {
        FileOutputStream fileOutputStream;
        co.nstant.in.cbor.a aVar = new co.nstant.in.cbor.a();
        co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> w5 = aVar.w();
        R(w5);
        P(w5);
        O(w5);
        U(w5);
        Q(w5);
        byte[] T5 = T(S(aVar));
        AtomicFile atomicFile = new AtomicFile(this.f21654a.getFileStreamPath(z(this.f21655b)));
        try {
            fileOutputStream = atomicFile.startWrite();
        } catch (IOException e5) {
            e = e5;
            fileOutputStream = null;
        }
        try {
            fileOutputStream.write(T5);
            fileOutputStream.close();
            atomicFile.finishWrite(fileOutputStream);
        } catch (IOException e6) {
            e = e6;
            if (fileOutputStream != null) {
                atomicFile.failWrite(fileOutputStream);
            }
            throw new RuntimeException("Error writing data", e);
        }
    }

    private void O(co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> dVar) {
        co.nstant.in.cbor.builder.b<co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a>> D5 = dVar.D("accessControlProfiles");
        Iterator<C1666a> it = this.f21660g.iterator();
        while (it.hasNext()) {
            D5.q(K0.b(it.next()));
        }
    }

    private void P(co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> dVar) {
        co.nstant.in.cbor.builder.b<co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a>> D5 = dVar.D("authKeyDatas");
        Iterator<a> it = this.f21667n.iterator();
        while (it.hasNext()) {
            a next = it.next();
            Calendar calendar = next.f21674g;
            D5.v().y("alias", next.f21668a).x("useCount", next.f21671d).A("certificate", next.f21669b).A("staticAuthenticationData", next.f21670c).y("pendingAlias", next.f21672e).A("pendingCertificate", next.f21673f).x("expirationDateMillis", calendar != null ? calendar.getTimeInMillis() : Long.MAX_VALUE).n();
        }
    }

    private void Q(co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> dVar) {
        dVar.y("perReaderSessionKeyAlias", this.f21665l);
        co.nstant.in.cbor.builder.d<co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a>> G5 = dVar.G("acpTimeoutKeyMap");
        Iterator<Map.Entry<Integer, String>> it = this.f21666m.entrySet().iterator();
        while (it.hasNext()) {
            G5.u(new co.nstant.in.cbor.model.v(r1.getKey().intValue()), new co.nstant.in.cbor.model.u(it.next().getValue()));
        }
    }

    private void R(co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> dVar) {
        dVar.y("docType", this.f21656c);
        dVar.y("credentialKeyAlias", this.f21657d);
        co.nstant.in.cbor.builder.b<co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a>> D5 = dVar.D("credentialKeyCertChain");
        Iterator<X509Certificate> it = this.f21658e.iterator();
        while (it.hasNext()) {
            try {
                D5.t(it.next().getEncoded());
            } catch (CertificateEncodingException e5) {
                throw new RuntimeException("Error encoding certificate", e5);
            }
        }
        dVar.A("proofOfProvisioningSha256", this.f21659f);
        dVar.x("authKeyCount", this.f21663j);
        dVar.x("authKeyMaxUses", this.f21664k);
    }

    private byte[] S(co.nstant.in.cbor.a aVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            new co.nstant.in.cbor.c(byteArrayOutputStream).b(aVar.y());
            return byteArrayOutputStream.toByteArray();
        } catch (CborException e5) {
            throw new RuntimeException("Error encoding data", e5);
        }
    }

    private byte[] T(byte[] bArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f49962b);
            keyStore.load(null);
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) keyStore.getEntry(x(this.f21655b), null)).getSecretKey();
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKey);
            byte[] doFinal = cipher.doFinal(bArr);
            ByteBuffer allocate = ByteBuffer.allocate(doFinal.length + 12);
            allocate.put(cipher.getIV());
            allocate.put(doFinal);
            return allocate.array();
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e5) {
            throw new RuntimeException("Error encrypting CBOR for saving to disk", e5);
        }
    }

    private void U(co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> dVar) {
        co.nstant.in.cbor.builder.d<co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a>> G5 = dVar.G("namespaceDatas");
        Iterator<q0.c> it = this.f21662i.iterator();
        while (it.hasNext()) {
            q0.c next = it.next();
            G5.u(new co.nstant.in.cbor.model.u(next.d()), K0.S(next));
        }
    }

    static byte[] a(String str, PrivateKey privateKey, byte[] bArr) {
        co.nstant.in.cbor.a aVar = new co.nstant.in.cbor.a();
        co.nstant.in.cbor.builder.b<co.nstant.in.cbor.a> v5 = aVar.v();
        v5.r("ProofOfDeletion").r(str);
        if (bArr != null) {
            v5.t(bArr);
        }
        v5.s(false);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new co.nstant.in.cbor.c(byteArrayOutputStream).a(aVar.y().get(0));
            return K0.o(K0.G(privateKey, byteArrayOutputStream.toByteArray(), null, null));
        } catch (CborException | InvalidKeyException | NoSuchAlgorithmException | CertificateEncodingException e5) {
            throw new RuntimeException("Error building ProofOfDeletion", e5);
        }
    }

    private boolean c(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f49962b);
            keyStore.load(null);
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) keyStore.getEntry(str, null)).getSecretKey();
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKey);
            cipher.doFinal(new byte[]{1, 2});
            return true;
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static C1686k d(Context context, String str, String str2, String str3, Collection<X509Certificate> collection, q0 q0Var, byte[] bArr, boolean z5) {
        if (!z5 && f(context, str2)) {
            throw new RuntimeException("Credential with given name already exists");
        }
        C1686k c1686k = new C1686k(context, str2);
        c1686k.f21656c = str;
        c1686k.f21657d = str3;
        c1686k.f21658e = collection;
        c1686k.f21659f = bArr;
        c1686k.f21660g = new ArrayList();
        c1686k.f21661h = new HashMap();
        for (C1666a c1666a : q0Var.a()) {
            c1686k.f21660g.add(c1666a);
            c1686k.f21661h.put(Integer.valueOf(c1666a.a().a()), c1666a);
        }
        ArrayList arrayList = new ArrayList();
        c1686k.f21662i = arrayList;
        arrayList.addAll(q0Var.c());
        c1686k.f21666m = new HashMap();
        for (C1666a c1666a2 : q0Var.a()) {
            boolean d5 = c1666a2.d();
            long c5 = c1666a2.c();
            if (d5) {
                j(str2, c1686k);
                i(str2, c1686k, c1666a2, c5);
            }
        }
        c1686k.e();
        c1686k.N();
        return c1686k;
    }

    private void e() {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec build;
        try {
            String x5 = x(this.f21655b);
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", com.splashtop.remote.security.f.f49962b);
            C1684j.a();
            blockModes = androidx.security.crypto.i.a(x5, 3).setBlockModes("GCM");
            encryptionPaddings = blockModes.setEncryptionPaddings("NoPadding");
            keySize = encryptionPaddings.setKeySize(128);
            build = keySize.build();
            keyGenerator.init(build);
            keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e5) {
            throw new RuntimeException("Error creating data encryption key", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean f(Context context, String str) {
        try {
            new AtomicFile(context.getFileStreamPath(z(str))).openRead();
            return true;
        } catch (FileNotFoundException unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] g(Context context, String str, byte[] bArr) {
        AtomicFile atomicFile = new AtomicFile(context.getFileStreamPath(z(str)));
        try {
            atomicFile.openRead();
            C1686k c1686k = new C1686k(context, str);
            try {
                c1686k.H(x(str));
                try {
                    KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f49962b);
                    keyStore.load(null);
                    byte[] a5 = a(c1686k.f21656c, ((KeyStore.PrivateKeyEntry) keyStore.getEntry(c1686k.f21657d, null)).getPrivateKey(), bArr);
                    atomicFile.delete();
                    try {
                        keyStore.deleteEntry(c1686k.f21657d);
                        if (!c1686k.f21665l.isEmpty()) {
                            keyStore.deleteEntry(c1686k.f21665l);
                        }
                        Iterator<String> it = c1686k.f21666m.values().iterator();
                        while (it.hasNext()) {
                            keyStore.deleteEntry(it.next());
                        }
                        Iterator<a> it2 = c1686k.f21667n.iterator();
                        while (it2.hasNext()) {
                            a next = it2.next();
                            if (!next.f21668a.isEmpty()) {
                                keyStore.deleteEntry(next.f21668a);
                            }
                            if (!next.f21672e.isEmpty()) {
                                keyStore.deleteEntry(next.f21672e);
                            }
                        }
                        return a5;
                    } catch (KeyStoreException e5) {
                        throw new RuntimeException("Error deleting key", e5);
                    }
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e6) {
                    throw new RuntimeException("Error loading keystore", e6);
                }
            } catch (RuntimeException unused) {
                Log.e(f21653o, "Error parsing file on disk (old version?). Deleting anyway.");
                atomicFile.delete();
                return null;
            }
        } catch (FileNotFoundException unused2) {
        }
    }

    private static void i(String str, C1686k c1686k, C1666a c1666a, long j5) {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder userAuthenticationRequired;
        KeyGenParameterSpec.Builder userAuthenticationValidityDurationSeconds;
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec build;
        if (j5 > 0) {
            int a5 = c1666a.a().a();
            String o5 = o(str, a5);
            try {
                int i5 = (int) (j5 / 1000);
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", com.splashtop.remote.security.f.f49962b);
                C1684j.a();
                blockModes = androidx.security.crypto.i.a(o5, 3).setBlockModes("GCM");
                encryptionPaddings = blockModes.setEncryptionPaddings("NoPadding");
                userAuthenticationRequired = encryptionPaddings.setUserAuthenticationRequired(true);
                userAuthenticationValidityDurationSeconds = userAuthenticationRequired.setUserAuthenticationValidityDurationSeconds(i5);
                keySize = userAuthenticationValidityDurationSeconds.setKeySize(128);
                build = keySize.build();
                keyGenerator.init(build);
                keyGenerator.generateKey();
                c1686k.f21666m.put(Integer.valueOf(a5), o5);
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e5) {
                throw new RuntimeException("Error creating ACP auth-bound timeout key", e5);
            }
        }
    }

    private static void j(String str, C1686k c1686k) {
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec.Builder userAuthenticationRequired;
        KeyGenParameterSpec.Builder userAuthenticationValidityDurationSeconds;
        KeyGenParameterSpec build;
        if (c1686k.f21665l.isEmpty()) {
            c1686k.f21665l = n(str);
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", com.splashtop.remote.security.f.f49962b);
                C1684j.a();
                blockModes = androidx.security.crypto.i.a(c1686k.f21665l, 3).setBlockModes("GCM");
                encryptionPaddings = blockModes.setEncryptionPaddings("NoPadding");
                keySize = encryptionPaddings.setKeySize(128);
                userAuthenticationRequired = keySize.setUserAuthenticationRequired(true);
                userAuthenticationValidityDurationSeconds = userAuthenticationRequired.setUserAuthenticationValidityDurationSeconds(-1);
                build = userAuthenticationValidityDurationSeconds.build();
                keyGenerator.init(build);
                keyGenerator.generateKey();
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e5) {
                throw new RuntimeException("Error creating ACP auth-bound key", e5);
            }
        }
    }

    static String k(String str, String str2) {
        try {
            return "identity_credential_" + str + "_" + URLEncoder.encode(str2, com.bumptech.glide.load.f.f26930a);
        } catch (UnsupportedEncodingException e5) {
            throw new RuntimeException("Unexpected UnsupportedEncodingException", e5);
        }
    }

    static String n(String str) {
        return k("acp", str);
    }

    static String o(String str, int i5) {
        return k("acp_timeout_for_id" + i5, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String p(String str) {
        return k("credkey", str);
    }

    static String x(String str) {
        return k("datakey", str);
    }

    static String z(String str) {
        return k("data", str);
    }

    Collection<q0.c> A() {
        return this.f21662i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String B() {
        return this.f21665l;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public q0.c L(String str) {
        Iterator<q0.c> it = this.f21662i.iterator();
        while (it.hasNext()) {
            q0.c next = it.next();
            if (next.d().equals(str)) {
                return next;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @androidx.annotation.O
    public byte[] M(@androidx.annotation.O byte[] bArr) {
        PrivateKey w5 = w();
        co.nstant.in.cbor.a aVar = new co.nstant.in.cbor.a();
        aVar.v().r("ProofOfOwnership").r(this.f21656c).t(bArr).s(false);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new co.nstant.in.cbor.c(byteArrayOutputStream).a(aVar.y().get(0));
            return K0.o(K0.G(w5, byteArrayOutputStream.toByteArray(), null, null));
        } catch (CborException | InvalidKeyException | NoSuchAlgorithmException | CertificateEncodingException e5) {
            throw new RuntimeException("Error building ProofOfOwnership", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Pair<PrivateKey, byte[]> V(boolean z5, boolean z6) {
        Pair<PrivateKey, byte[]> W5 = W(z5, false);
        if (W5 != null) {
            return W5;
        }
        if (z6) {
            return W(z5, true);
        }
        return null;
    }

    Pair<PrivateKey, byte[]> W(boolean z5, boolean z6) {
        Calendar calendar;
        boolean after;
        calendar = Calendar.getInstance();
        a aVar = null;
        for (int i5 = 0; i5 < this.f21663j; i5++) {
            a aVar2 = this.f21667n.get(i5);
            if (!aVar2.f21668a.isEmpty()) {
                Calendar calendar2 = aVar2.f21674g;
                if (calendar2 != null) {
                    after = calendar.after(calendar2);
                    if (after && !z6) {
                    }
                }
                if (aVar == null || aVar2.f21671d < aVar.f21671d) {
                    aVar = aVar2;
                }
            }
        }
        if (aVar == null) {
            return null;
        }
        if (aVar.f21671d >= this.f21664k && !z5) {
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f49962b);
            keyStore.load(null);
            Pair<PrivateKey, byte[]> pair = new Pair<>(((KeyStore.PrivateKeyEntry) keyStore.getEntry(aVar.f21668a, null)).getPrivateKey(), aVar.f21670c);
            aVar.f21671d++;
            N();
            return pair;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e5) {
            throw new RuntimeException("Error loading keystore", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void X(int i5, int i6) {
        int i7 = this.f21663j;
        this.f21663j = i5;
        this.f21664k = i6;
        if (i7 < i5) {
            while (i7 < this.f21663j) {
                this.f21667n.add(new a());
                i7++;
            }
        } else if (i7 > i5) {
            try {
                KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f49962b);
                keyStore.load(null);
                int i8 = i7 - this.f21663j;
                for (int i9 = 0; i9 < i8; i9++) {
                    a aVar = this.f21667n.get(0);
                    if (!aVar.f21668a.isEmpty()) {
                        try {
                            if (keyStore.containsAlias(aVar.f21668a)) {
                                keyStore.deleteEntry(aVar.f21668a);
                            }
                        } catch (KeyStoreException e5) {
                            throw new RuntimeException("Error deleting auth key with mAlias " + aVar.f21668a, e5);
                        }
                    }
                    if (!aVar.f21672e.isEmpty()) {
                        try {
                            if (keyStore.containsAlias(aVar.f21672e)) {
                                keyStore.deleteEntry(aVar.f21672e);
                            }
                        } catch (KeyStoreException e6) {
                            throw new RuntimeException("Error deleting auth key with mPendingAlias " + aVar.f21672e, e6);
                        }
                    }
                    this.f21667n.remove(0);
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e7) {
                throw new RuntimeException("Error loading keystore", e7);
            }
        }
        N();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void Y(X509Certificate x509Certificate, Calendar calendar, byte[] bArr) throws UnknownAuthenticationKeyException {
        a aVar;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            Iterator<a> it = this.f21667n.iterator();
            while (true) {
                if (!it.hasNext()) {
                    aVar = null;
                    break;
                }
                aVar = it.next();
                if (aVar.f21673f.length > 0 && ((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(aVar.f21673f))).equals(x509Certificate)) {
                    break;
                }
            }
            if (aVar == null) {
                throw new UnknownAuthenticationKeyException("No such authentication key");
            }
            if (!aVar.f21668a.isEmpty()) {
                try {
                    KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f49962b);
                    keyStore.load(null);
                    if (keyStore.containsAlias(aVar.f21668a)) {
                        keyStore.deleteEntry(aVar.f21668a);
                    }
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e5) {
                    throw new RuntimeException("Error deleting old authentication key", e5);
                }
            }
            aVar.f21668a = aVar.f21672e;
            aVar.f21669b = aVar.f21673f;
            aVar.f21670c = bArr;
            aVar.f21671d = 0;
            aVar.f21672e = "";
            aVar.f21673f = new byte[0];
            aVar.f21674g = calendar;
            N();
        } catch (CertificateException e6) {
            throw new RuntimeException("Error encoding certificate", e6);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean b(C1668b c1668b, boolean z5) {
        if (l(c1668b).c() == 0) {
            return z5;
        }
        String str = this.f21666m.get(Integer.valueOf(c1668b.a()));
        if (str != null) {
            return c(str);
        }
        throw new RuntimeException("No key alias for ACP with ID " + c1668b.a());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void h() {
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f49962b);
            keyStore.load(null);
            try {
                if (!this.f21665l.isEmpty()) {
                    keyStore.deleteEntry(this.f21665l);
                }
                Iterator<String> it = this.f21666m.values().iterator();
                while (it.hasNext()) {
                    keyStore.deleteEntry(it.next());
                }
                Iterator<a> it2 = this.f21667n.iterator();
                while (it2.hasNext()) {
                    a next = it2.next();
                    if (!next.f21668a.isEmpty()) {
                        keyStore.deleteEntry(next.f21668a);
                    }
                    if (!next.f21672e.isEmpty()) {
                        keyStore.deleteEntry(next.f21672e);
                    }
                }
            } catch (KeyStoreException e5) {
                throw new RuntimeException("Error deleting key", e5);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e6) {
            throw new RuntimeException("Error loading keystore", e6);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public C1666a l(C1668b c1668b) {
        C1666a c1666a = this.f21661h.get(Integer.valueOf(c1668b.a()));
        if (c1666a != null) {
            return c1666a;
        }
        throw new RuntimeException("No profile with id " + c1668b.a());
    }

    Collection<C1666a> m() {
        return this.f21660g;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int q() {
        return this.f21663j;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int[] r() {
        int[] iArr = new int[this.f21663j];
        Iterator<a> it = this.f21667n.iterator();
        int i5 = 0;
        while (it.hasNext()) {
            iArr[i5] = it.next().f21671d;
            i5++;
        }
        return iArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<X509Certificate> s() {
        Calendar calendar;
        KeyGenParameterSpec.Builder digests;
        KeyGenParameterSpec build;
        try {
            KeyStore.getInstance(com.splashtop.remote.security.f.f49962b).load(null);
            ArrayList arrayList = new ArrayList();
            calendar = Calendar.getInstance();
            for (int i5 = 0; i5 < this.f21663j; i5++) {
                a aVar = this.f21667n.get(i5);
                boolean z5 = aVar.f21671d >= this.f21664k;
                Calendar calendar2 = aVar.f21674g;
                boolean z6 = aVar.f21668a.isEmpty() || z5 || (calendar2 != null ? calendar.after(calendar2) : false);
                boolean z7 = !aVar.f21672e.isEmpty();
                try {
                    if (z6 && !z7) {
                        try {
                            String str = this.f21657d + String.format("_auth_%d", Integer.valueOf(i5));
                            if (str.equals(aVar.f21668a)) {
                                str = str + "_";
                            }
                            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", com.splashtop.remote.security.f.f49962b);
                            C1684j.a();
                            digests = androidx.security.crypto.i.a(str, 12).setDigests("SHA-256", "SHA-512");
                            build = digests.build();
                            keyPairGenerator.initialize(build);
                            keyPairGenerator.generateKeyPair();
                            X509Certificate M5 = K0.M(str, this.f21657d, this.f21659f);
                            aVar.f21672e = str;
                            aVar.f21673f = M5.getEncoded();
                        } catch (InvalidAlgorithmParameterException e5) {
                            e = e5;
                            throw new RuntimeException("Error creating auth key", e);
                        } catch (NoSuchAlgorithmException e6) {
                            e = e6;
                            throw new RuntimeException("Error creating auth key", e);
                        } catch (NoSuchProviderException e7) {
                            e = e7;
                            throw new RuntimeException("Error creating auth key", e);
                        } catch (CertificateEncodingException e8) {
                            e = e8;
                            throw new RuntimeException("Error creating auth key", e);
                        }
                    } else if (!z7) {
                        continue;
                    }
                    arrayList.add((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(aVar.f21673f)));
                } catch (CertificateException e9) {
                    throw new RuntimeException("Error creating certificate for auth key", e9);
                }
            }
            N();
            return arrayList;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e10) {
            throw new RuntimeException("Error loading keystore", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int t() {
        return this.f21664k;
    }

    String u() {
        return this.f21657d;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<X509Certificate> v() {
        return this.f21658e;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivateKey w() {
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f49962b);
            keyStore.load(null);
            return ((KeyStore.PrivateKeyEntry) keyStore.getEntry(this.f21657d, null)).getPrivateKey();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e5) {
            throw new RuntimeException("Error loading keystore", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String y() {
        return this.f21656c;
    }
}
