package J4;

import J4.h0;
import J4.k0;
import android.content.Context;
import android.icu.util.Calendar;
import android.util.Pair;
import androidx.biometric.d;
import androidx.security.identity.CipherSuiteNotSupportedException;
import androidx.security.identity.EphemeralPublicKeyNotFoundException;
import androidx.security.identity.InvalidReaderSignatureException;
import androidx.security.identity.InvalidRequestMessageException;
import androidx.security.identity.MessageDecryptionException;
import androidx.security.identity.NoAuthenticationKeyAvailableException;
import androidx.security.identity.UnknownAuthenticationKeyException;
import co.nstant.in.cbor.CborException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECPoint;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import jc.C6982b;
import q5.C8166a;
import q5.C8167b;
import q5.C8168c;
import s3.C8493o;

/* loaded from: classes3.dex */
public class l0 extends e0 {

    /* renamed from: r, reason: collision with root package name */
    public static final String f14569r = "SWIdentityCredential";

    /* renamed from: a, reason: collision with root package name */
    public String f14570a;

    /* renamed from: b, reason: collision with root package name */
    public Context f14571b;

    /* renamed from: c, reason: collision with root package name */
    public C1516d f14572c;

    /* renamed from: g, reason: collision with root package name */
    public int f14576g;

    /* renamed from: h, reason: collision with root package name */
    public int f14577h;

    /* renamed from: d, reason: collision with root package name */
    public KeyPair f14573d = null;

    /* renamed from: e, reason: collision with root package name */
    public SecretKey f14574e = null;

    /* renamed from: f, reason: collision with root package name */
    public SecretKey f14575f = null;

    /* renamed from: i, reason: collision with root package name */
    public byte[] f14578i = null;

    /* renamed from: j, reason: collision with root package name */
    public PrivateKey f14579j = null;

    /* renamed from: k, reason: collision with root package name */
    public d.c f14580k = null;

    /* renamed from: l, reason: collision with root package name */
    public PublicKey f14581l = null;

    /* renamed from: m, reason: collision with root package name */
    public byte[] f14582m = null;

    /* renamed from: n, reason: collision with root package name */
    public boolean f14583n = true;

    /* renamed from: o, reason: collision with root package name */
    public boolean f14584o = false;

    /* renamed from: p, reason: collision with root package name */
    public boolean f14585p = false;

    /* renamed from: q, reason: collision with root package name */
    public boolean f14586q = false;

    public l0(Context context, String str, int i10) throws CipherSuiteNotSupportedException {
        if (i10 != 1) {
            throw new Exception("Unsupported Cipher Suite");
        }
        this.f14571b = context;
        this.f14570a = str;
    }

    public static HashMap<String, Collection<String>> C(@j.P byte[] bArr) {
        HashMap<String, Collection<String>> hashMap = new HashMap<>();
        if (bArr == null) {
            return hashMap;
        }
        try {
            LinkedList linkedList = (LinkedList) new C8167b(new ByteArrayInputStream(bArr)).a();
            if (linkedList.size() != 1) {
                throw new RuntimeException("Expected 1 item, found " + linkedList.size());
            }
            if (!(linkedList.get(0) instanceof u5.i)) {
                throw new RuntimeException("Item is not a map");
            }
            u5.e j10 = ((u5.i) linkedList.get(0)).j(new u5.q("nameSpaces"));
            if (!(j10 instanceof u5.i)) {
                throw new RuntimeException("nameSpaces entry not found or not map");
            }
            for (u5.e eVar : ((u5.i) j10).k()) {
                if (!(eVar instanceof u5.q)) {
                    throw new RuntimeException("Key item in NameSpaces map not UnicodeString");
                }
                String j11 = ((u5.q) eVar).j();
                ArrayList arrayList = new ArrayList();
                u5.e j12 = ((u5.i) j10).j(eVar);
                if (!(j12 instanceof u5.i)) {
                    throw new RuntimeException("Value item in NameSpaces map not Map");
                }
                for (u5.e eVar2 : ((u5.i) j12).k()) {
                    if (!(eVar2 instanceof u5.q)) {
                        throw new RuntimeException("Item in nameSpaces array not UnicodeString");
                    }
                    arrayList.add(((u5.q) eVar2).j());
                }
                hashMap.put(j11, arrayList);
            }
            return hashMap;
        } catch (CborException e10) {
            throw new RuntimeException("Error decoding request message", e10);
        }
    }

    public static byte[] u(Context context, String str) {
        return C1516d.g(context, str, null);
    }

    private void z() {
        if (this.f14574e != null) {
            return;
        }
        if (this.f14581l == null) {
            throw new RuntimeException("Reader ephemeral key not set");
        }
        if (this.f14582m == null) {
            throw new RuntimeException("Session transcript not set");
        }
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
            keyAgreement.init(this.f14573d.getPrivate());
            keyAgreement.doPhase(this.f14581l, true);
            byte[] generateSecret = keyAgreement.generateSecret();
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(o0.o(o0.h(this.f14582m)));
            this.f14574e = new SecretKeySpec(o0.y("HmacSha256", generateSecret, digest, new byte[]{83, 75, 68, 101, 118, 105, 99, 101}, 32), C6982b.f184023f);
            this.f14575f = new SecretKeySpec(o0.y("HmacSha256", generateSecret, digest, new byte[]{83, 75, 82, 101, 97, C8493o.f204624w, 101, 114}, 32), C6982b.f184023f);
            this.f14576g = 1;
            this.f14577h = 1;
        } catch (InvalidKeyException | NoSuchAlgorithmException e10) {
            throw new RuntimeException("Error performing key agreement", e10);
        }
    }

    public final boolean A(@j.N byte[] bArr) {
        KeyPair keyPair = this.f14573d;
        if (keyPair == null) {
            return false;
        }
        ECPoint w10 = ((ECPublicKey) keyPair.getPublic()).getW();
        return o0.P(bArr, o0.X(w10.getAffineX().toByteArray())) || o0.P(bArr, o0.X(w10.getAffineY().toByteArray()));
    }

    public boolean B() {
        C1516d F10 = C1516d.F(this.f14571b, this.f14570a);
        this.f14572c = F10;
        return F10 != null;
    }

    public final void D(byte[] bArr, HashMap<String, Collection<String>> hashMap, Collection<X509Certificate> collection, Map<String, Collection<String>> map, k0.a aVar, r5.d<C8166a> dVar) {
        for (String str : map.keySet()) {
            E(aVar, dVar, map.get(str), bArr, hashMap.get(str), collection, str, this.f14572c.L(str));
        }
    }

    public final void E(k0.a aVar, r5.d<C8166a> dVar, Collection<String> collection, byte[] bArr, Collection<String> collection2, Collection<X509Certificate> collection3, String str, h0.c cVar) {
        r5.d<r5.d<C8166a>> dVar2 = null;
        for (String str2 : collection) {
            byte[] c10 = cVar != null ? cVar.c(str2) : null;
            if (c10 == null) {
                aVar.b(str, str2, 1);
            } else if (bArr == null || (collection2 != null && collection2.contains(str2))) {
                int s10 = s(cVar.a(str2), collection3);
                if (s10 != 0) {
                    aVar.b(str, str2, s10);
                } else {
                    aVar.a(str, str2, c10);
                    if (dVar2 == null) {
                        dVar2 = dVar.F(str);
                    }
                    dVar2.A(new u5.q(str2), o0.i(c10));
                }
            } else {
                aVar.b(str, str2, 3);
            }
        }
    }

    @Override // J4.e0
    @j.N
    public KeyPair a() {
        if (this.f14573d == null) {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
                keyPairGenerator.initialize(new ECGenParameterSpec("prime256v1"));
                this.f14573d = keyPairGenerator.generateKeyPair();
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e10) {
                throw new RuntimeException("Error generating ephemeral key", e10);
            }
        }
        return this.f14573d;
    }

    @Override // J4.e0
    @j.N
    public byte[] b(@j.N byte[] bArr) throws MessageDecryptionException {
        z();
        ByteBuffer allocate = ByteBuffer.allocate(12);
        allocate.putInt(0, 0);
        allocate.putInt(4, 0);
        allocate.putInt(8, this.f14577h);
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, this.f14575f, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.f14577h++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e10) {
            throw new Exception("Error decrypting message", e10);
        }
    }

    @Override // J4.e0
    @j.N
    public byte[] c(@j.N byte[] bArr) {
        return C1516d.g(this.f14571b, this.f14570a, bArr);
    }

    @Override // J4.e0
    @j.N
    public byte[] d(@j.N byte[] bArr) {
        z();
        try {
            ByteBuffer allocate = ByteBuffer.allocate(12);
            allocate.putInt(0, 0);
            allocate.putInt(4, 1);
            allocate.putInt(8, this.f14576g);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, this.f14574e, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.f14576g++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e10) {
            throw new RuntimeException("Error encrypting message", e10);
        }
    }

    @Override // J4.e0
    @j.N
    public Collection<X509Certificate> e() {
        return this.f14572c.s();
    }

    @Override // J4.e0
    @j.N
    public int[] f() {
        return this.f14572c.r();
    }

    @Override // J4.e0
    @j.N
    public Collection<X509Certificate> g() {
        return this.f14572c.v();
    }

    @Override // J4.e0
    @j.P
    public d.c h() {
        y();
        return this.f14580k;
    }

    @Override // J4.e0
    @j.N
    public i0 i(@j.P byte[] bArr, @j.N Map<String, Collection<String>> map, @j.P byte[] bArr2) throws NoAuthenticationKeyAvailableException, InvalidReaderSignatureException, InvalidRequestMessageException, EphemeralPublicKeyNotFoundException {
        Collection<X509Certificate> collection;
        byte[] bArr3 = this.f14582m;
        if (bArr3 != null && !A(bArr3)) {
            throw new Exception("Did not find ephemeral public key X and Y coordinates in SessionTranscript (make sure leading zeroes are not used)");
        }
        HashMap<String, Collection<String>> C10 = C(bArr);
        if (bArr2 == null) {
            collection = null;
        } else {
            if (this.f14582m == null) {
                throw new Exception("readerSignature non-null but sessionTranscript was null");
            }
            if (bArr == null) {
                throw new Exception("readerSignature non-null but requestMessage was null");
            }
            Collection<X509Certificate> F10 = o0.F(o0.i(bArr2));
            ArrayList arrayList = (ArrayList) F10;
            if (arrayList.size() < 1) {
                throw new Exception("No x5chain element in reader signature");
            }
            if (!o0.Z(F10)) {
                throw new Exception("Error validating certificate chain");
            }
            PublicKey publicKey = ((X509Certificate) arrayList.iterator().next()).getPublicKey();
            r5.b<C8166a> v10 = new C8166a().v();
            v10.q("ReaderAuthentication");
            v10.r(o0.i(this.f14582m));
            v10.r(o0.h(bArr));
            if (!o0.D(o0.i(bArr2), o0.o(o0.h(o0.o(v10.w().y().get(0)))), publicKey)) {
                throw new Exception("Reader signature check failed");
            }
            collection = F10;
        }
        k0.a aVar = new k0.a();
        C8166a c8166a = new C8166a();
        D(bArr, C10, collection, map, aVar, c8166a.w());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            new C8168c(byteArrayOutputStream).b(c8166a.f202969b.get(0));
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            aVar.f14566a.f14562i = byteArray;
            if (this.f14582m != null) {
                x();
                aVar.f14566a.f14561h = this.f14578i;
                r5.b<C8166a> v11 = new C8166a().v();
                v11.q("DeviceAuthentication");
                v11.r(o0.i(this.f14582m));
                v11.q(this.f14572c.y());
                v11.r(o0.h(byteArray));
                byte[] o10 = o0.o(o0.h(o0.o(v11.w().y().get(0))));
                try {
                    Signature signature = Signature.getInstance("SHA256withECDSA");
                    signature.initSign(this.f14579j);
                    aVar.f14566a.f14563j = o0.o(o0.H(signature, null, o10, null));
                } catch (InvalidKeyException | NoSuchAlgorithmException | CertificateEncodingException e10) {
                    throw new RuntimeException("Error signing DeviceAuthentication CBOR", e10);
                }
            }
            return aVar.f14566a;
        } catch (CborException e11) {
            throw new RuntimeException("Error encoding deviceNameSpace", e11);
        }
    }

    @Override // J4.e0
    @j.N
    public byte[] j(@j.N byte[] bArr) {
        return this.f14572c.M(bArr);
    }

    @Override // J4.e0
    public void k(boolean z10) {
        this.f14583n = z10;
    }

    @Override // J4.e0
    public void l(boolean z10) {
        this.f14584o = z10;
    }

    @Override // J4.e0
    public void m(int i10, int i11) {
        this.f14572c.X(i10, i11);
    }

    @Override // J4.e0
    public void n(@j.N PublicKey publicKey) {
        this.f14581l = publicKey;
    }

    @Override // J4.e0
    public void o(@j.N byte[] bArr) {
        if (this.f14582m != null) {
            throw new RuntimeException("SessionTranscript already set");
        }
        this.f14582m = (byte[]) bArr.clone();
    }

    @Override // J4.e0
    public void p(@j.N X509Certificate x509Certificate, @j.N Calendar calendar, @j.N byte[] bArr) throws UnknownAuthenticationKeyException {
        this.f14572c.Y(x509Certificate, calendar, bArr);
    }

    @Override // J4.e0
    public void q(@j.N X509Certificate x509Certificate, @j.N byte[] bArr) throws UnknownAuthenticationKeyException {
        this.f14572c.Y(x509Certificate, null, bArr);
    }

    @Override // J4.e0
    @j.N
    public byte[] r(@j.N h0 h0Var) {
        try {
            String y10 = this.f14572c.y();
            Collection<X509Certificate> v10 = this.f14572c.v();
            PrivateKey w10 = this.f14572c.w();
            int q10 = this.f14572c.q();
            int t10 = this.f14572c.t();
            u5.e c10 = n0.c(y10, h0Var, w10);
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(o0.E(c10));
            this.f14572c.h();
            Context context = this.f14571b;
            String str = this.f14570a;
            C1516d d10 = C1516d.d(context, y10, str, C1516d.k("credkey", str), v10, h0Var, digest, true);
            this.f14572c = d10;
            d10.X(q10, t10);
            return o0.o(c10);
        } catch (NoSuchAlgorithmException e10) {
            throw new RuntimeException("Error digesting ProofOfProvisioning", e10);
        }
    }

    public final int s(Collection<C1514b> collection, Collection<X509Certificate> collection2) {
        Iterator<C1514b> it = collection.iterator();
        int i10 = 6;
        while (it.hasNext()) {
            i10 = t(this.f14572c.l(it.next()), collection2);
            if (i10 == 0) {
                break;
            }
        }
        return i10;
    }

    public final int t(C1513a c1513a, Collection<X509Certificate> collection) {
        if (c1513a.d() && !this.f14572c.b(c1513a.a(), v())) {
            return 4;
        }
        X509Certificate b10 = c1513a.b();
        if (b10 == null) {
            return 0;
        }
        if (collection == null) {
            return 5;
        }
        byte[] encoded = b10.getPublicKey().getEncoded();
        Iterator<X509Certificate> it = collection.iterator();
        while (it.hasNext()) {
            if (Arrays.equals(encoded, it.next().getPublicKey().getEncoded())) {
                return 0;
            }
        }
        return 5;
    }

    public final boolean v() {
        if (!this.f14586q) {
            this.f14585p = w();
            this.f14586q = true;
        }
        return this.f14585p;
    }

    public final boolean w() {
        d.c cVar = this.f14580k;
        if (cVar == null) {
            return false;
        }
        try {
            cVar.a().doFinal(new byte[16]);
            return true;
        } catch (BadPaddingException | IllegalBlockSizeException unused) {
            return false;
        }
    }

    public final void x() throws NoAuthenticationKeyAvailableException {
        if (this.f14579j != null) {
            return;
        }
        Pair<PrivateKey, byte[]> V10 = this.f14572c.V(this.f14583n, this.f14584o);
        if (V10 == null) {
            throw new Exception("No authentication key available for signing");
        }
        this.f14579j = (PrivateKey) V10.first;
        this.f14578i = (byte[]) V10.second;
    }

    public final void y() {
        String B10 = this.f14572c.B();
        if (B10.isEmpty()) {
            return;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) keyStore.getEntry(B10, null)).getSecretKey();
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKey);
            this.f14580k = new d.c(cipher);
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | NoSuchPaddingException e10) {
            throw new RuntimeException("Error creating Cipher for perReaderSessionKey", e10);
        }
    }
}
