package androidx.security.identity;

import android.icu.util.Calendar;
import android.os.Build;
import android.security.identity.SessionTranscriptMismatchException;
import androidx.annotation.DoNotInline;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.RequiresApi;
import androidx.biometric.BiometricPrompt;
import androidx.security.identity.SimpleResultData;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Collection;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

@RequiresApi(30)
/* loaded from: classes2.dex */
class HardwareIdentityCredential extends IdentityCredential {
    private static final String TAG = "HardwareIdentityCredential";
    private android.security.identity.IdentityCredential mCredential;
    private int mSKDeviceCounter;
    private int mSKReaderCounter;
    private KeyPair mEphemeralKeyPair = null;
    private PublicKey mReaderEphemeralPublicKey = null;
    private byte[] mSessionTranscript = null;
    private SecretKey mSKDevice = null;
    private SecretKey mSKReader = null;

    @RequiresApi(31)
    /* loaded from: classes2.dex */
    private static class ApiImplS {
        private ApiImplS() {
        }

        @NonNull
        @DoNotInline
        static byte[] callDelete(@NonNull android.security.identity.IdentityCredential identityCredential, @NonNull byte[] bArr) {
            byte[] delete;
            delete = identityCredential.delete(bArr);
            return delete;
        }

        @NonNull
        @DoNotInline
        static byte[] callProveOwnership(@NonNull android.security.identity.IdentityCredential identityCredential, @NonNull byte[] bArr) {
            byte[] proveOwnership;
            proveOwnership = identityCredential.proveOwnership(bArr);
            return proveOwnership;
        }

        @DoNotInline
        static void callSetAllowUsingExpiredKeys(@NonNull android.security.identity.IdentityCredential identityCredential, boolean z7) {
            identityCredential.setAllowUsingExpiredKeys(z7);
        }

        @DoNotInline
        static void callStoreStaticAuthenticationData(@NonNull android.security.identity.IdentityCredential identityCredential, @NonNull X509Certificate x509Certificate, @NonNull Instant instant, @NonNull byte[] bArr) throws android.security.identity.UnknownAuthenticationKeyException {
            identityCredential.storeStaticAuthenticationData(x509Certificate, instant, bArr);
        }

        @NonNull
        @DoNotInline
        static byte[] callUpdate(@NonNull android.security.identity.IdentityCredential identityCredential, @NonNull android.security.identity.PersonalizationData personalizationData) {
            byte[] update;
            update = identityCredential.update(personalizationData);
            return update;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HardwareIdentityCredential(android.security.identity.IdentityCredential identityCredential) {
        this.mCredential = identityCredential;
    }

    private void ensureSessionEncryptionKey() {
        if (this.mSKDevice != null) {
            return;
        }
        if (this.mReaderEphemeralPublicKey == null) {
            throw new RuntimeException("Reader ephemeral key not set");
        }
        if (this.mSessionTranscript == null) {
            throw new RuntimeException("Session transcript not set");
        }
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
            keyAgreement.init(this.mEphemeralKeyPair.getPrivate());
            keyAgreement.doPhase(this.mReaderEphemeralPublicKey, true);
            byte[] generateSecret = keyAgreement.generateSecret();
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(Util.cborEncode(Util.cborBuildTaggedByteString(this.mSessionTranscript)));
            this.mSKDevice = new SecretKeySpec(Util.computeHkdf("HmacSha256", generateSecret, digest, new byte[]{83, 75, 68, 101, 118, 105, 99, 101}, 32), "AES");
            this.mSKReader = new SecretKeySpec(Util.computeHkdf("HmacSha256", generateSecret, digest, new byte[]{83, 75, 82, 101, 97, 100, 101, 114}, 32), "AES");
            this.mSKDeviceCounter = 1;
            this.mSKReaderCounter = 1;
        } catch (InvalidKeyException | NoSuchAlgorithmException e8) {
            throw new RuntimeException("Error performing key agreement", e8);
        }
    }

    @Override // androidx.security.identity.IdentityCredential
    @NonNull
    public KeyPair createEphemeralKeyPair() {
        KeyPair createEphemeralKeyPair;
        if (this.mEphemeralKeyPair == null) {
            createEphemeralKeyPair = this.mCredential.createEphemeralKeyPair();
            this.mEphemeralKeyPair = createEphemeralKeyPair;
        }
        return this.mEphemeralKeyPair;
    }

    @Override // androidx.security.identity.IdentityCredential
    @NonNull
    public byte[] decryptMessageFromReader(@NonNull byte[] bArr) throws MessageDecryptionException {
        ensureSessionEncryptionKey();
        ByteBuffer allocate = ByteBuffer.allocate(12);
        allocate.putInt(0, 0);
        allocate.putInt(4, 0);
        allocate.putInt(8, this.mSKReaderCounter);
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, this.mSKReader, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.mSKReaderCounter++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e8) {
            throw new MessageDecryptionException("Error decrypting message", e8);
        }
    }

    @Override // androidx.security.identity.IdentityCredential
    @NonNull
    public byte[] delete(@NonNull byte[] bArr) {
        if (Build.VERSION.SDK_INT >= 31) {
            return ApiImplS.callDelete(this.mCredential, bArr);
        }
        throw new UnsupportedOperationException();
    }

    @Override // androidx.security.identity.IdentityCredential
    @NonNull
    public byte[] encryptMessageToReader(@NonNull byte[] bArr) {
        ensureSessionEncryptionKey();
        try {
            ByteBuffer allocate = ByteBuffer.allocate(12);
            allocate.putInt(0, 0);
            allocate.putInt(4, 1);
            allocate.putInt(8, this.mSKDeviceCounter);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, this.mSKDevice, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.mSKDeviceCounter++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e8) {
            throw new RuntimeException("Error encrypting message", e8);
        }
    }

    @Override // androidx.security.identity.IdentityCredential
    @NonNull
    public Collection<X509Certificate> getAuthKeysNeedingCertification() {
        Collection<X509Certificate> authKeysNeedingCertification;
        authKeysNeedingCertification = this.mCredential.getAuthKeysNeedingCertification();
        return authKeysNeedingCertification;
    }

    @Override // androidx.security.identity.IdentityCredential
    @NonNull
    public int[] getAuthenticationDataUsageCount() {
        int[] authenticationDataUsageCount;
        authenticationDataUsageCount = this.mCredential.getAuthenticationDataUsageCount();
        return authenticationDataUsageCount;
    }

    @Override // androidx.security.identity.IdentityCredential
    @NonNull
    public Collection<X509Certificate> getCredentialKeyCertificateChain() {
        Collection<X509Certificate> credentialKeyCertificateChain;
        credentialKeyCertificateChain = this.mCredential.getCredentialKeyCertificateChain();
        return credentialKeyCertificateChain;
    }

    @Override // androidx.security.identity.IdentityCredential
    @Nullable
    public BiometricPrompt.CryptoObject getCryptoObject() {
        return new BiometricPrompt.CryptoObject(this.mCredential);
    }

    @Override // androidx.security.identity.IdentityCredential
    @NonNull
    public ResultData getEntries(@Nullable byte[] bArr, @NonNull Map<String, Collection<String>> map, @Nullable byte[] bArr2) throws NoAuthenticationKeyAvailableException, InvalidReaderSignatureException, InvalidRequestMessageException, EphemeralPublicKeyNotFoundException {
        String message;
        String message2;
        String message3;
        String message4;
        android.security.identity.ResultData entries;
        byte[] messageAuthenticationCode;
        byte[] authenticatedData;
        byte[] staticAuthenticationData;
        Collection<String> namespaces;
        Collection<String> entryNames;
        int status;
        byte[] entry;
        try {
            entries = this.mCredential.getEntries(bArr, map, this.mSessionTranscript, bArr2);
            SimpleResultData.Builder builder = new SimpleResultData.Builder();
            messageAuthenticationCode = entries.getMessageAuthenticationCode();
            builder.setMessageAuthenticationCode(messageAuthenticationCode);
            authenticatedData = entries.getAuthenticatedData();
            builder.setAuthenticatedData(authenticatedData);
            staticAuthenticationData = entries.getStaticAuthenticationData();
            builder.setStaticAuthenticationData(staticAuthenticationData);
            namespaces = entries.getNamespaces();
            for (String str : namespaces) {
                entryNames = entries.getEntryNames(str);
                for (String str2 : entryNames) {
                    status = entries.getStatus(str, str2);
                    if (status == 0) {
                        entry = entries.getEntry(str, str2);
                        builder.addEntry(str, str2, entry);
                    } else {
                        builder.addErrorStatus(str, str2, status);
                    }
                }
            }
            return builder.build();
        } catch (android.security.identity.EphemeralPublicKeyNotFoundException e8) {
            message4 = e8.getMessage();
            throw new EphemeralPublicKeyNotFoundException(message4, e8);
        } catch (android.security.identity.InvalidReaderSignatureException e9) {
            message3 = e9.getMessage();
            throw new InvalidReaderSignatureException(message3, e9);
        } catch (android.security.identity.InvalidRequestMessageException e10) {
            message2 = e10.getMessage();
            throw new InvalidRequestMessageException(message2, e10);
        } catch (android.security.identity.NoAuthenticationKeyAvailableException e11) {
            message = e11.getMessage();
            throw new NoAuthenticationKeyAvailableException(message, e11);
        } catch (SessionTranscriptMismatchException e12) {
            throw new RuntimeException("Unexpected SessionMismatchException", e12);
        }
    }

    @Override // androidx.security.identity.IdentityCredential
    @NonNull
    public byte[] proveOwnership(@NonNull byte[] bArr) {
        if (Build.VERSION.SDK_INT >= 31) {
            return ApiImplS.callProveOwnership(this.mCredential, bArr);
        }
        throw new UnsupportedOperationException();
    }

    @Override // androidx.security.identity.IdentityCredential
    public void setAllowUsingExhaustedKeys(boolean z7) {
        this.mCredential.setAllowUsingExhaustedKeys(z7);
    }

    @Override // androidx.security.identity.IdentityCredential
    public void setAllowUsingExpiredKeys(boolean z7) {
        if (Build.VERSION.SDK_INT < 31) {
            throw new UnsupportedOperationException();
        }
        ApiImplS.callSetAllowUsingExpiredKeys(this.mCredential, z7);
    }

    @Override // androidx.security.identity.IdentityCredential
    public void setAvailableAuthenticationKeys(int i8, int i9) {
        this.mCredential.setAvailableAuthenticationKeys(i8, i9);
    }

    @Override // androidx.security.identity.IdentityCredential
    public void setReaderEphemeralPublicKey(@NonNull PublicKey publicKey) throws InvalidKeyException {
        this.mReaderEphemeralPublicKey = publicKey;
        this.mCredential.setReaderEphemeralPublicKey(publicKey);
    }

    @Override // androidx.security.identity.IdentityCredential
    public void setSessionTranscript(@NonNull byte[] bArr) {
        if (this.mSessionTranscript != null) {
            throw new RuntimeException("SessionTranscript already set");
        }
        this.mSessionTranscript = (byte[]) bArr.clone();
    }

    @Override // androidx.security.identity.IdentityCredential
    public void storeStaticAuthenticationData(@NonNull X509Certificate x509Certificate, @NonNull Calendar calendar, @NonNull byte[] bArr) throws UnknownAuthenticationKeyException {
        String message;
        if (Build.VERSION.SDK_INT < 31) {
            throw new UnsupportedOperationException();
        }
        try {
            ApiImplS.callStoreStaticAuthenticationData(this.mCredential, x509Certificate, Instant.ofEpochMilli(calendar.getTimeInMillis()), bArr);
        } catch (android.security.identity.UnknownAuthenticationKeyException e8) {
            message = e8.getMessage();
            throw new UnknownAuthenticationKeyException(message, e8);
        }
    }

    @Override // androidx.security.identity.IdentityCredential
    public void storeStaticAuthenticationData(@NonNull X509Certificate x509Certificate, @NonNull byte[] bArr) throws UnknownAuthenticationKeyException {
        String message;
        try {
            this.mCredential.storeStaticAuthenticationData(x509Certificate, bArr);
        } catch (android.security.identity.UnknownAuthenticationKeyException e8) {
            message = e8.getMessage();
            throw new UnknownAuthenticationKeyException(message, e8);
        }
    }

    @Override // androidx.security.identity.IdentityCredential
    @NonNull
    public byte[] update(@NonNull PersonalizationData personalizationData) {
        if (Build.VERSION.SDK_INT >= 31) {
            return ApiImplS.callUpdate(this.mCredential, HardwareWritableIdentityCredential.convertPDFromJetpack(personalizationData));
        }
        throw new UnsupportedOperationException();
    }
}
