package com.android.identity;

import android.icu.util.Calendar;
import android.util.Log;
import androidx.core.util.Pair;
import co.nstant.in.cbor.CborBuilder;
import co.nstant.in.cbor.builder.ArrayBuilder;
import co.nstant.in.cbor.builder.MapBuilder;
import co.nstant.in.cbor.model.Array;
import co.nstant.in.cbor.model.ByteString;
import co.nstant.in.cbor.model.DataItem;
import co.nstant.in.cbor.model.SimpleValue;
import co.nstant.in.cbor.model.SimpleValueType;
import co.nstant.in.cbor.model.UnicodeString;
import com.android.identity.CredentialDataResult;
import com.android.identity.PersonalizationData;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;

/* loaded from: classes4.dex */
public class Utility {
    private static final String TAG = "Utility";

    private Utility() {
    }

    public static Pair<Map<String, List<byte[]>>, byte[]> decodeStaticAuthData(byte[] bArr) {
        DataItem cborDecode = Util.cborDecode(bArr);
        if (!(cborDecode instanceof co.nstant.in.cbor.model.Map)) {
            throw new IllegalArgumentException("Top-level is not a map");
        }
        co.nstant.in.cbor.model.Map map = (co.nstant.in.cbor.model.Map) cborDecode;
        DataItem dataItem = map.get(new UnicodeString("issuerAuth"));
        if (dataItem == null) {
            throw new IllegalArgumentException("issuerAuth item does not exist");
        }
        byte[] cborEncode = Util.cborEncode(dataItem);
        HashMap hashMap = new HashMap();
        DataItem dataItem2 = map.get(new UnicodeString("digestIdMapping"));
        if (!(dataItem2 instanceof co.nstant.in.cbor.model.Map)) {
            throw new IllegalArgumentException("digestIdMapping value is not a map or does not exist");
        }
        co.nstant.in.cbor.model.Map map2 = (co.nstant.in.cbor.model.Map) dataItem2;
        for (DataItem dataItem3 : map2.getKeys()) {
            if (!(dataItem3 instanceof UnicodeString)) {
                throw new IllegalArgumentException("Outer key is not a string");
            }
            String string = ((UnicodeString) dataItem3).getString();
            ArrayList arrayList = new ArrayList();
            hashMap.put(string, arrayList);
            DataItem dataItem4 = map2.get(dataItem3);
            if (!(dataItem4 instanceof Array)) {
                throw new IllegalArgumentException("Outer value is not an array");
            }
            for (DataItem dataItem5 : ((Array) dataItem4).getDataItems()) {
                if (!(dataItem5 instanceof ByteString)) {
                    throw new IllegalArgumentException("Inner key is not a bstr");
                }
                if (dataItem5.getTag().getValue() != 24) {
                    throw new IllegalArgumentException("Inner key does not have tag 24");
                }
                byte[] bytes = ((ByteString) dataItem5).getBytes();
                DataItem cborExtractTaggedAndEncodedCbor = Util.cborExtractTaggedAndEncodedCbor(dataItem5);
                DataItem cborMapExtract = Util.cborMapExtract(cborExtractTaggedAndEncodedCbor, "elementValue");
                if (!(cborMapExtract instanceof SimpleValue) || ((SimpleValue) cborMapExtract).getSimpleValueType() != SimpleValueType.NULL) {
                    throw new IllegalArgumentException("elementValue for nameSpace " + string + " elementName " + Util.cborMapExtractString(cborExtractTaggedAndEncodedCbor, "elementIdentifier") + " is not NULL");
                }
                arrayList.add(bytes);
            }
        }
        return new Pair<>(hashMap, cborEncode);
    }

    public static byte[] encodeStaticAuthData(Map<String, List<byte[]>> map, byte[] bArr) {
        CborBuilder cborBuilder = new CborBuilder();
        MapBuilder<CborBuilder> addMap = cborBuilder.addMap();
        for (Map.Entry<String, List<byte[]>> entry : map.entrySet()) {
            String key = entry.getKey();
            ArrayBuilder<MapBuilder<CborBuilder>> putArray = addMap.putArray(key);
            for (byte[] bArr2 : entry.getValue()) {
                DataItem cborDecode = Util.cborDecode(bArr2);
                DataItem cborMapExtract = Util.cborMapExtract(cborDecode, "elementValue");
                if (!(cborMapExtract instanceof SimpleValue) || ((SimpleValue) cborMapExtract).getSimpleValueType() != SimpleValueType.NULL) {
                    throw new IllegalArgumentException("elementValue for nameSpace " + key + " elementName " + Util.cborMapExtractString(cborDecode, "elementIdentifier") + " is not NULL");
                }
                putArray.add(Util.cborBuildTaggedByteString(bArr2));
            }
        }
        return Util.cborEncode(new CborBuilder().addMap().put(new UnicodeString("digestIdMapping"), cborBuilder.build().get(0)).put(new UnicodeString("issuerAuth"), Util.cborDecode(bArr)).end().build().get(0));
    }

    public static Map<String, List<byte[]>> mergeIssuerSigned(Map<String, List<byte[]>> map, CredentialDataResult.Entries entries) {
        byte[] entry;
        HashMap hashMap = new HashMap();
        for (String str : entries.getNamespaces()) {
            ArrayList arrayList = new ArrayList();
            List<byte[]> list = map.get(str);
            if (list == null) {
                Log.w(TAG, "Skipping namespace " + str + " which is not in issuerSignedMapping");
            } else {
                Collection<String> entryNames = entries.getEntryNames(str);
                for (byte[] bArr : list) {
                    String cborMapExtractString = Util.cborMapExtractString(Util.cborDecode(bArr), "elementIdentifier");
                    if (entryNames.contains(cborMapExtractString) && (entry = entries.getEntry(str, cborMapExtractString)) != null) {
                        arrayList.add(Util.issuerSignedItemSetValue(bArr, entry));
                    }
                }
            }
            if (arrayList.size() > 0) {
                hashMap.put(str, arrayList);
            }
        }
        return hashMap;
    }

    public static byte[] provisionSelfSignedCredential(IdentityCredentialStore identityCredentialStore, String str, PrivateKey privateKey, X509Certificate x509Certificate, String str2, PersonalizationData personalizationData, int i, int i2) throws IdentityCredentialException {
        Iterator<X509Certificate> it2;
        Locale locale;
        Object[] objArr;
        int i3;
        byte[] bytes = "dummyChallenge".getBytes(StandardCharsets.UTF_8);
        identityCredentialStore.deleteCredentialByName(str);
        WritableIdentityCredential createCredential = identityCredentialStore.createCredential(str, str2);
        Collection<X509Certificate> credentialKeyCertificateChain = createCredential.getCredentialKeyCertificateChain(bytes);
        Log.i(TAG, String.format(Locale.US, "Cert chain for self-signed credential '%s' has %d elements", str, Integer.valueOf(credentialKeyCertificateChain.size())));
        int i4 = 0;
        int i5 = 0;
        for (X509Certificate x509Certificate2 : credentialKeyCertificateChain) {
            try {
                locale = Locale.US;
                objArr = new Object[2];
                i3 = i5 + 1;
            } catch (CertificateEncodingException e) {
                e = e;
            }
            try {
                objArr[0] = Integer.valueOf(i5);
                objArr[1] = Util.toHex(x509Certificate2.getEncoded());
                Log.i(TAG, String.format(locale, "Certificate %d: %s", objArr));
                i5 = i3;
            } catch (CertificateEncodingException e2) {
                e = e2;
                i5 = i3;
                e.printStackTrace();
            }
        }
        byte[] personalize = createCredential.personalize(personalizationData);
        IdentityCredential credentialByName = identityCredentialStore.getCredentialByName(str, 1);
        credentialByName.setAvailableAuthenticationKeys(i, i2);
        Collection<X509Certificate> authKeysNeedingCertification = credentialByName.getAuthKeysNeedingCertification();
        Timestamp now = Timestamp.now();
        Timestamp now2 = Timestamp.now();
        Calendar calendar = Calendar.getInstance();
        calendar.add(2, 12);
        Timestamp ofEpochMilli = Timestamp.ofEpochMilli(calendar.getTimeInMillis());
        Iterator<X509Certificate> it3 = authKeysNeedingCertification.iterator();
        while (it3.hasNext()) {
            X509Certificate next = it3.next();
            PublicKey publicKey = next.getPublicKey();
            SecureRandom secureRandom = new SecureRandom();
            Iterator<PersonalizationData.NamespaceData> it4 = personalizationData.getNamespaceDatas().iterator();
            int i6 = i4;
            while (it4.hasNext()) {
                i6 += it4.next().getEntryNames().size();
            }
            ArrayList arrayList = new ArrayList();
            for (int i7 = i4; i7 < i6; i7++) {
                arrayList.add(Integer.valueOf(i7));
            }
            Collections.shuffle(arrayList);
            HashMap hashMap = new HashMap();
            CborBuilder cborBuilder = new CborBuilder();
            MapBuilder<CborBuilder> addMap = cborBuilder.addMap();
            Iterator it5 = arrayList.iterator();
            Iterator<PersonalizationData.NamespaceData> it6 = personalizationData.getNamespaceDatas().iterator();
            while (true) {
                it2 = it3;
                if (it6.hasNext()) {
                    PersonalizationData.NamespaceData next2 = it6.next();
                    byte[] bArr = personalize;
                    String namespaceName = next2.getNamespaceName();
                    IdentityCredential identityCredential = credentialByName;
                    ArrayList arrayList2 = new ArrayList();
                    Calendar calendar2 = calendar;
                    MapBuilder<MapBuilder<CborBuilder>> putMap = addMap.putMap(namespaceName);
                    for (String str3 : next2.getEntryNames()) {
                        X509Certificate x509Certificate3 = next;
                        byte[] entryValue = next2.getEntryValue(str3);
                        PersonalizationData.NamespaceData namespaceData = next2;
                        int intValue = ((Integer) it5.next()).intValue();
                        Iterator it7 = it5;
                        byte[] bArr2 = new byte[16];
                        secureRandom.nextBytes(bArr2);
                        SecureRandom secureRandom2 = secureRandom;
                        PublicKey publicKey2 = publicKey;
                        Timestamp timestamp = ofEpochMilli;
                        long j = intValue;
                        Timestamp timestamp2 = now2;
                        byte[] cborEncode = Util.cborEncode(new CborBuilder().addMap().put("digestID", j).put("random", bArr2).put("elementIdentifier", str3).put(new UnicodeString("elementValue"), Util.cborDecode(entryValue)).end().build().get(0));
                        try {
                            byte[] digest = MessageDigest.getInstance("SHA-256").digest(Util.cborEncode(Util.cborBuildTaggedByteString(cborEncode)));
                            arrayList2.add(Util.issuerSignedItemClearValue(cborEncode));
                            putMap.put(j, digest);
                            next = x509Certificate3;
                            ofEpochMilli = timestamp;
                            it5 = it7;
                            next2 = namespaceData;
                            secureRandom = secureRandom2;
                            publicKey = publicKey2;
                            now2 = timestamp2;
                        } catch (NoSuchAlgorithmException e3) {
                            throw new IllegalArgumentException("Failed creating digester", e3);
                        }
                    }
                    hashMap.put(namespaceName, arrayList2);
                    putMap.end();
                    it3 = it2;
                    credentialByName = identityCredential;
                    calendar = calendar2;
                    personalize = bArr;
                }
            }
            byte[] bArr3 = personalize;
            IdentityCredential identityCredential2 = credentialByName;
            Timestamp timestamp3 = now2;
            Timestamp timestamp4 = ofEpochMilli;
            addMap.end();
            byte[] cborEncode2 = Util.cborEncode(Util.cborBuildTaggedByteString(Util.cborEncode(new CborBuilder().addMap().put("version", "1.0").put("digestAlgorithm", "SHA-256").put(new UnicodeString("valueDigests"), cborBuilder.build().get(0)).put("docType", str2).putMap("validityInfo").put(new UnicodeString("signed"), Util.cborBuildDateTime(now)).put(new UnicodeString("validFrom"), Util.cborBuildDateTime(timestamp3)).put(new UnicodeString("validUntil"), Util.cborBuildDateTime(timestamp4)).end().putMap("deviceKeyInfo").put(new UnicodeString("deviceKey"), Util.cborBuildCoseKey(publicKey)).end().end().build().get(0))));
            ArrayList arrayList3 = new ArrayList();
            arrayList3.add(x509Certificate);
            calendar = calendar;
            identityCredential2.storeStaticAuthenticationData(next, calendar, encodeStaticAuthData(hashMap, Util.cborEncode(Util.coseSign1Sign(privateKey, "SHA256withECDSA", cborEncode2, null, arrayList3))));
            i4 = 0;
            credentialByName = identityCredential2;
            personalize = bArr3;
            ofEpochMilli = timestamp4;
            now2 = timestamp3;
            it3 = it2;
        }
        return personalize;
    }
}
