package com.android.identity;

import androidx.core.app.NotificationCompat;
import androidx.core.util.Pair;
import co.nstant.in.cbor.CborBuilder;
import co.nstant.in.cbor.CborDecoder;
import co.nstant.in.cbor.CborException;
import co.nstant.in.cbor.builder.MapBuilder;
import co.nstant.in.cbor.model.ByteString;
import co.nstant.in.cbor.model.DataItem;
import co.nstant.in.cbor.model.Map;
import co.nstant.in.cbor.model.Number;
import co.nstant.in.cbor.model.UnicodeString;
import com.stripe.android.stripe3ds2.transactions.MessageExtension;
import java.io.ByteArrayInputStream;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.List;
import java.util.OptionalLong;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public final class SessionEncryptionReader {
    private static final String TAG = "SessionEncryptionReader";
    private final PublicKey mEDeviceKeyPublic;
    private final PrivateKey mEReaderKeyPrivate;
    private final PublicKey mEReaderKeyPublic;
    private SecretKeySpec mSKDevice;
    private SecretKeySpec mSKReader;
    private boolean mSessionEstablishmentSent;
    private int mSKDeviceCounter = 1;
    private int mSKReaderCounter = 1;
    private boolean mSendSessionEstablishment = true;

    public SessionEncryptionReader(PrivateKey privateKey, PublicKey publicKey, PublicKey publicKey2, byte[] bArr) {
        this.mEReaderKeyPrivate = privateKey;
        this.mEReaderKeyPublic = publicKey;
        this.mEDeviceKeyPublic = publicKey2;
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
            keyAgreement.init(privateKey);
            keyAgreement.doPhase(publicKey2, true);
            byte[] generateSecret = keyAgreement.generateSecret();
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(Util.cborEncode(Util.cborBuildTaggedByteString(bArr)));
            this.mSKDevice = new SecretKeySpec(Util.computeHkdf("HmacSha256", generateSecret, digest, "SKDevice".getBytes(StandardCharsets.UTF_8), 32), "AES");
            this.mSKReader = new SecretKeySpec(Util.computeHkdf("HmacSha256", generateSecret, digest, "SKReader".getBytes(StandardCharsets.UTF_8), 32), "AES");
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new IllegalStateException("Error deriving keys", e);
        }
    }

    public Pair<byte[], OptionalLong> decryptMessageFromDevice(byte[] bArr) {
        byte[] bArr2;
        try {
            List<DataItem> decode = new CborDecoder(new ByteArrayInputStream(bArr)).decode();
            if (decode.size() != 1) {
                throw new IllegalArgumentException("Expected 1 item, found " + decode.size());
            }
            if (!(decode.get(0) instanceof Map)) {
                throw new IllegalArgumentException("Item is not a map");
            }
            Map map = (Map) decode.get(0);
            DataItem dataItem = map.get(new UnicodeString(MessageExtension.FIELD_DATA));
            byte[] bArr3 = null;
            if (dataItem == null) {
                bArr2 = null;
            } else {
                if (!(dataItem instanceof ByteString)) {
                    throw new IllegalArgumentException("data is not a bstr");
                }
                bArr2 = ((ByteString) dataItem).getBytes();
            }
            OptionalLong empty = OptionalLong.empty();
            DataItem dataItem2 = map.get(new UnicodeString(NotificationCompat.CATEGORY_STATUS));
            if (dataItem2 != null) {
                if (!(dataItem2 instanceof Number)) {
                    throw new IllegalArgumentException("status is not a number");
                }
                empty = OptionalLong.of(((Number) dataItem2).getValue().intValue());
            }
            if (bArr2 != null) {
                ByteBuffer allocate = ByteBuffer.allocate(12);
                allocate.putInt(0, 0);
                allocate.putInt(4, 1);
                allocate.putInt(8, this.mSKDeviceCounter);
                try {
                    Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                    cipher.init(2, this.mSKDevice, new GCMParameterSpec(128, allocate.array()));
                    bArr3 = cipher.doFinal(bArr2);
                    this.mSKDeviceCounter++;
                } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
                    throw new IllegalStateException("Error decrypting data", e);
                }
            }
            return new Pair<>(bArr3, empty);
        } catch (CborException e2) {
            throw new IllegalArgumentException("Data is not valid CBOR", e2);
        }
    }

    public byte[] encryptMessageToDevice(byte[] bArr, OptionalLong optionalLong) {
        byte[] bArr2;
        if (bArr != null) {
            try {
                ByteBuffer allocate = ByteBuffer.allocate(12);
                allocate.putInt(0, 0);
                allocate.putInt(4, 0);
                allocate.putInt(8, this.mSKReaderCounter);
                Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                cipher.init(1, this.mSKReader, new GCMParameterSpec(128, allocate.array()));
                bArr2 = cipher.doFinal(bArr);
                this.mSKReaderCounter++;
            } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
                throw new IllegalStateException("Error encrypting message", e);
            }
        } else {
            bArr2 = null;
        }
        CborBuilder cborBuilder = new CborBuilder();
        MapBuilder<CborBuilder> addMap = cborBuilder.addMap();
        if (!this.mSessionEstablishmentSent && this.mSendSessionEstablishment) {
            addMap.put(new UnicodeString("eReaderKey"), Util.cborBuildTaggedByteString(Util.cborEncode(Util.cborBuildCoseKey(this.mEReaderKeyPublic))));
            if (bArr2 == null) {
                throw new IllegalStateException("Data cannot be empty in initial message");
            }
        }
        if (bArr2 != null) {
            addMap.put(MessageExtension.FIELD_DATA, bArr2);
        }
        if (optionalLong.isPresent()) {
            addMap.put(NotificationCompat.CATEGORY_STATUS, optionalLong.getAsLong());
        }
        addMap.end();
        byte[] cborEncode = Util.cborEncode(cborBuilder.build().get(0));
        this.mSessionEstablishmentSent = true;
        return cborEncode;
    }

    public int getNumMessagesDecrypted() {
        return this.mSKDeviceCounter - 1;
    }

    public int getNumMessagesEncrypted() {
        return this.mSKReaderCounter - 1;
    }

    public byte[] getmSKDeviceEncoded() {
        return this.mSKDevice.getEncoded();
    }

    public byte[] getmSKReaderEncoded() {
        return this.mSKReader.getEncoded();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSendSessionEstablishment(boolean z) {
        this.mSendSessionEstablishment = z;
    }
}
