package J4;

import J4.k0;
import android.icu.util.Calendar;
import android.os.Build;
import android.security.identity.IdentityCredential;
import android.security.identity.PersonalizationData;
import android.security.identity.ResultData;
import android.security.identity.SessionTranscriptMismatchException;
import android.security.identity.UnknownAuthenticationKeyException;
import androidx.biometric.d;
import androidx.security.identity.EphemeralPublicKeyNotFoundException;
import androidx.security.identity.InvalidReaderSignatureException;
import androidx.security.identity.InvalidRequestMessageException;
import androidx.security.identity.MessageDecryptionException;
import androidx.security.identity.NoAuthenticationKeyAvailableException;
import j.InterfaceC6934u;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Collection;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import jc.C6982b;
import s3.C8493o;

@j.X(30)
/* loaded from: classes3.dex */
public class E extends e0 {

    /* renamed from: i, reason: collision with root package name */
    public static final String f14492i = "HardwareIdentityCredential";

    /* renamed from: a, reason: collision with root package name */
    public KeyPair f14493a = null;

    /* renamed from: b, reason: collision with root package name */
    public PublicKey f14494b = null;

    /* renamed from: c, reason: collision with root package name */
    public byte[] f14495c = null;

    /* renamed from: d, reason: collision with root package name */
    public SecretKey f14496d = null;

    /* renamed from: e, reason: collision with root package name */
    public SecretKey f14497e = null;

    /* renamed from: f, reason: collision with root package name */
    public int f14498f;

    /* renamed from: g, reason: collision with root package name */
    public int f14499g;

    /* renamed from: h, reason: collision with root package name */
    public IdentityCredential f14500h;

    @j.X(31)
    /* loaded from: classes3.dex */
    public static class a {
        @InterfaceC6934u
        @j.N
        public static byte[] a(@j.N IdentityCredential identityCredential, @j.N byte[] bArr) {
            byte[] delete;
            delete = identityCredential.delete(bArr);
            return delete;
        }

        @InterfaceC6934u
        @j.N
        public static byte[] b(@j.N IdentityCredential identityCredential, @j.N byte[] bArr) {
            byte[] proveOwnership;
            proveOwnership = identityCredential.proveOwnership(bArr);
            return proveOwnership;
        }

        @InterfaceC6934u
        public static void c(@j.N IdentityCredential identityCredential, boolean z10) {
            identityCredential.setAllowUsingExpiredKeys(z10);
        }

        @InterfaceC6934u
        public static void d(@j.N IdentityCredential identityCredential, @j.N X509Certificate x509Certificate, @j.N Instant instant, @j.N byte[] bArr) throws UnknownAuthenticationKeyException {
            identityCredential.storeStaticAuthenticationData(x509Certificate, instant, bArr);
        }

        @InterfaceC6934u
        @j.N
        public static byte[] e(@j.N IdentityCredential identityCredential, @j.N PersonalizationData personalizationData) {
            byte[] update;
            update = identityCredential.update(personalizationData);
            return update;
        }
    }

    public E(IdentityCredential identityCredential) {
        this.f14500h = identityCredential;
    }

    @Override // J4.e0
    @j.N
    public KeyPair a() {
        KeyPair createEphemeralKeyPair;
        if (this.f14493a == null) {
            createEphemeralKeyPair = this.f14500h.createEphemeralKeyPair();
            this.f14493a = createEphemeralKeyPair;
        }
        return this.f14493a;
    }

    @Override // J4.e0
    @j.N
    public byte[] b(@j.N byte[] bArr) throws MessageDecryptionException {
        s();
        ByteBuffer allocate = ByteBuffer.allocate(12);
        allocate.putInt(0, 0);
        allocate.putInt(4, 0);
        allocate.putInt(8, this.f14499g);
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, this.f14497e, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.f14499g++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e10) {
            throw new Exception("Error decrypting message", e10);
        }
    }

    @Override // J4.e0
    @j.N
    public byte[] c(@j.N byte[] bArr) {
        if (Build.VERSION.SDK_INT >= 31) {
            return a.a(this.f14500h, bArr);
        }
        throw new UnsupportedOperationException();
    }

    @Override // J4.e0
    @j.N
    public byte[] d(@j.N byte[] bArr) {
        s();
        try {
            ByteBuffer allocate = ByteBuffer.allocate(12);
            allocate.putInt(0, 0);
            allocate.putInt(4, 1);
            allocate.putInt(8, this.f14498f);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, this.f14496d, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.f14498f++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e10) {
            throw new RuntimeException("Error encrypting message", e10);
        }
    }

    @Override // J4.e0
    @j.N
    public Collection<X509Certificate> e() {
        Collection<X509Certificate> authKeysNeedingCertification;
        authKeysNeedingCertification = this.f14500h.getAuthKeysNeedingCertification();
        return authKeysNeedingCertification;
    }

    @Override // J4.e0
    @j.N
    public int[] f() {
        int[] authenticationDataUsageCount;
        authenticationDataUsageCount = this.f14500h.getAuthenticationDataUsageCount();
        return authenticationDataUsageCount;
    }

    @Override // J4.e0
    @j.N
    public Collection<X509Certificate> g() {
        Collection<X509Certificate> credentialKeyCertificateChain;
        credentialKeyCertificateChain = this.f14500h.getCredentialKeyCertificateChain();
        return credentialKeyCertificateChain;
    }

    @Override // J4.e0
    @j.P
    public d.c h() {
        return new d.c(this.f14500h);
    }

    @Override // J4.e0
    @j.N
    public i0 i(@j.P byte[] bArr, @j.N Map<String, Collection<String>> map, @j.P byte[] bArr2) throws NoAuthenticationKeyAvailableException, InvalidReaderSignatureException, InvalidRequestMessageException, EphemeralPublicKeyNotFoundException {
        String message;
        String message2;
        String message3;
        String message4;
        ResultData entries;
        byte[] messageAuthenticationCode;
        byte[] authenticatedData;
        byte[] staticAuthenticationData;
        Collection<String> namespaces;
        Collection<String> entryNames;
        int status;
        byte[] entry;
        try {
            entries = this.f14500h.getEntries(bArr, map, this.f14495c, bArr2);
            k0.a aVar = new k0.a();
            messageAuthenticationCode = entries.getMessageAuthenticationCode();
            aVar.f14566a.f14564k = messageAuthenticationCode;
            authenticatedData = entries.getAuthenticatedData();
            aVar.f14566a.f14562i = authenticatedData;
            staticAuthenticationData = entries.getStaticAuthenticationData();
            aVar.f14566a.f14561h = staticAuthenticationData;
            namespaces = entries.getNamespaces();
            for (String str : namespaces) {
                entryNames = entries.getEntryNames(str);
                for (String str2 : entryNames) {
                    status = entries.getStatus(str, str2);
                    if (status == 0) {
                        entry = entries.getEntry(str, str2);
                        aVar.a(str, str2, entry);
                    } else {
                        aVar.b(str, str2, status);
                    }
                }
            }
            return aVar.f14566a;
        } catch (android.security.identity.EphemeralPublicKeyNotFoundException e10) {
            message4 = e10.getMessage();
            throw new Exception(message4, e10);
        } catch (android.security.identity.InvalidReaderSignatureException e11) {
            message3 = e11.getMessage();
            throw new Exception(message3, e11);
        } catch (android.security.identity.InvalidRequestMessageException e12) {
            message2 = e12.getMessage();
            throw new Exception(message2, e12);
        } catch (android.security.identity.NoAuthenticationKeyAvailableException e13) {
            message = e13.getMessage();
            throw new Exception(message, e13);
        } catch (SessionTranscriptMismatchException e14) {
            throw new RuntimeException("Unexpected SessionMismatchException", e14);
        }
    }

    @Override // J4.e0
    @j.N
    public byte[] j(@j.N byte[] bArr) {
        if (Build.VERSION.SDK_INT >= 31) {
            return a.b(this.f14500h, bArr);
        }
        throw new UnsupportedOperationException();
    }

    @Override // J4.e0
    public void k(boolean z10) {
        this.f14500h.setAllowUsingExhaustedKeys(z10);
    }

    @Override // J4.e0
    public void l(boolean z10) {
        if (Build.VERSION.SDK_INT < 31) {
            throw new UnsupportedOperationException();
        }
        a.c(this.f14500h, z10);
    }

    @Override // J4.e0
    public void m(int i10, int i11) {
        this.f14500h.setAvailableAuthenticationKeys(i10, i11);
    }

    @Override // J4.e0
    public void n(@j.N PublicKey publicKey) throws InvalidKeyException {
        this.f14494b = publicKey;
        this.f14500h.setReaderEphemeralPublicKey(publicKey);
    }

    @Override // J4.e0
    public void o(@j.N byte[] bArr) {
        if (this.f14495c != null) {
            throw new RuntimeException("SessionTranscript already set");
        }
        this.f14495c = (byte[]) bArr.clone();
    }

    @Override // J4.e0
    public void p(@j.N X509Certificate x509Certificate, @j.N Calendar calendar, @j.N byte[] bArr) throws androidx.security.identity.UnknownAuthenticationKeyException {
        String message;
        if (Build.VERSION.SDK_INT < 31) {
            throw new UnsupportedOperationException();
        }
        try {
            a.d(this.f14500h, x509Certificate, Instant.ofEpochMilli(calendar.getTimeInMillis()), bArr);
        } catch (UnknownAuthenticationKeyException e10) {
            message = e10.getMessage();
            throw new Exception(message, e10);
        }
    }

    @Override // J4.e0
    public void q(@j.N X509Certificate x509Certificate, @j.N byte[] bArr) throws androidx.security.identity.UnknownAuthenticationKeyException {
        String message;
        try {
            this.f14500h.storeStaticAuthenticationData(x509Certificate, bArr);
        } catch (UnknownAuthenticationKeyException e10) {
            message = e10.getMessage();
            throw new Exception(message, e10);
        }
    }

    @Override // J4.e0
    @j.N
    public byte[] r(@j.N h0 h0Var) {
        if (Build.VERSION.SDK_INT >= 31) {
            return a.e(this.f14500h, d0.c(h0Var));
        }
        throw new UnsupportedOperationException();
    }

    public final void s() {
        if (this.f14496d != null) {
            return;
        }
        if (this.f14494b == null) {
            throw new RuntimeException("Reader ephemeral key not set");
        }
        if (this.f14495c == null) {
            throw new RuntimeException("Session transcript not set");
        }
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
            keyAgreement.init(this.f14493a.getPrivate());
            keyAgreement.doPhase(this.f14494b, true);
            byte[] generateSecret = keyAgreement.generateSecret();
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(o0.o(o0.h(this.f14495c)));
            this.f14496d = new SecretKeySpec(o0.y("HmacSha256", generateSecret, digest, new byte[]{83, 75, 68, 101, 118, 105, 99, 101}, 32), C6982b.f184023f);
            this.f14497e = new SecretKeySpec(o0.y("HmacSha256", generateSecret, digest, new byte[]{83, 75, 82, 101, 97, C8493o.f204624w, 101, 114}, 32), C6982b.f184023f);
            this.f14498f = 1;
            this.f14499g = 1;
        } catch (InvalidKeyException | NoSuchAlgorithmException e10) {
            throw new RuntimeException("Error performing key agreement", e10);
        }
    }
}
