package androidx.security.identity;

import android.security.identity.IdentityCredential;
import android.security.identity.ResultData;
import android.security.identity.SessionTranscriptMismatchException;
import androidx.annotation.h0;
import androidx.annotation.i0;
import androidx.annotation.m0;
import androidx.security.identity.k;
import g.c.g;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: HardwareIdentityCredential.java */
@m0(30)
/* loaded from: classes.dex */
class d extends g {

    /* renamed from: i, reason: collision with root package name */
    private static final String f1053i = "HardwareIdentityCredential";
    private KeyPair a = null;
    private PublicKey b = null;
    private byte[] c = null;
    private SecretKey d = null;
    private SecretKey e = null;

    /* renamed from: f, reason: collision with root package name */
    private int f1054f;

    /* renamed from: g, reason: collision with root package name */
    private int f1055g;

    /* renamed from: h, reason: collision with root package name */
    private IdentityCredential f1056h;

    /* JADX INFO: Access modifiers changed from: package-private */
    public d(IdentityCredential identityCredential) {
        this.f1056h = null;
        this.f1056h = identityCredential;
    }

    private void n() {
        if (this.d != null) {
            return;
        }
        if (this.b == null) {
            throw new RuntimeException("Reader ephemeral key not set");
        }
        if (this.c == null) {
            throw new RuntimeException("Session transcript not set");
        }
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
            keyAgreement.init(this.a.getPrivate());
            keyAgreement.doPhase(this.b, true);
            byte[] r = o.r(keyAgreement.generateSecret(), o.E(this.c));
            byte[] bArr = new byte[0];
            byte[] bArr2 = {1};
            this.d = new SecretKeySpec(o.q("HmacSha256", r, bArr2, bArr, 32), "AES");
            bArr2[0] = 0;
            this.e = new SecretKeySpec(o.q("HmacSha256", r, bArr2, bArr, 32), "AES");
            this.f1054f = 1;
            this.f1055g = 1;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new RuntimeException("Error performing key agreement", e);
        }
    }

    @Override // androidx.security.identity.g
    @h0
    public KeyPair a() {
        if (this.a == null) {
            this.a = this.f1056h.createEphemeralKeyPair();
        }
        return this.a;
    }

    @Override // androidx.security.identity.g
    @h0
    public byte[] b(@h0 byte[] bArr) throws MessageDecryptionException {
        n();
        ByteBuffer allocate = ByteBuffer.allocate(12);
        allocate.putInt(0, 0);
        allocate.putInt(4, 0);
        allocate.putInt(8, this.f1055g);
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, this.e, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.f1055g++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new MessageDecryptionException("Error decrypting message", e);
        }
    }

    @Override // androidx.security.identity.g
    @h0
    public byte[] c(@h0 byte[] bArr) {
        n();
        try {
            ByteBuffer allocate = ByteBuffer.allocate(12);
            allocate.putInt(0, 0);
            allocate.putInt(4, 1);
            allocate.putInt(8, this.f1054f);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, this.d, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.f1054f++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new RuntimeException("Error encrypting message", e);
        }
    }

    @Override // androidx.security.identity.g
    @h0
    public Collection<X509Certificate> d() {
        return this.f1056h.getAuthKeysNeedingCertification();
    }

    @Override // androidx.security.identity.g
    @h0
    public int[] e() {
        return this.f1056h.getAuthenticationDataUsageCount();
    }

    @Override // androidx.security.identity.g
    @h0
    public Collection<X509Certificate> f() {
        return this.f1056h.getCredentialKeyCertificateChain();
    }

    @Override // androidx.security.identity.g
    @i0
    public g.c g() {
        return new g.c(this.f1056h);
    }

    @Override // androidx.security.identity.g
    @h0
    public j h(@i0 byte[] bArr, @h0 Map<String, Collection<String>> map, @i0 byte[] bArr2) throws NoAuthenticationKeyAvailableException, InvalidReaderSignatureException, InvalidRequestMessageException, EphemeralPublicKeyNotFoundException {
        try {
            ResultData entries = this.f1056h.getEntries(bArr, map, this.c, bArr2);
            k.a aVar = new k.a();
            aVar.g(entries.getMessageAuthenticationCode());
            aVar.e(entries.getAuthenticatedData());
            aVar.h(entries.getStaticAuthenticationData());
            for (String str : entries.getNamespaces()) {
                for (String str2 : entries.getEntryNames(str)) {
                    int status = entries.getStatus(str, str2);
                    if (status == 0) {
                        aVar.a(str, str2, entries.getEntry(str, str2));
                    } else {
                        aVar.b(str, str2, status);
                    }
                }
            }
            return aVar.c();
        } catch (android.security.identity.EphemeralPublicKeyNotFoundException e) {
            throw new EphemeralPublicKeyNotFoundException(e.getMessage(), e);
        } catch (android.security.identity.InvalidReaderSignatureException e2) {
            throw new InvalidReaderSignatureException(e2.getMessage(), e2);
        } catch (android.security.identity.InvalidRequestMessageException e3) {
            throw new InvalidRequestMessageException(e3.getMessage(), e3);
        } catch (android.security.identity.NoAuthenticationKeyAvailableException e4) {
            throw new NoAuthenticationKeyAvailableException(e4.getMessage(), e4);
        } catch (SessionTranscriptMismatchException e5) {
            throw new RuntimeException("Unexpected SessionMismatchException", e5);
        }
    }

    @Override // androidx.security.identity.g
    public void i(boolean z) {
        this.f1056h.setAllowUsingExhaustedKeys(z);
    }

    @Override // androidx.security.identity.g
    public void j(int i2, int i3) {
        this.f1056h.setAvailableAuthenticationKeys(i2, i3);
    }

    @Override // androidx.security.identity.g
    public void k(@h0 PublicKey publicKey) throws InvalidKeyException {
        this.b = publicKey;
        this.f1056h.setReaderEphemeralPublicKey(publicKey);
    }

    @Override // androidx.security.identity.g
    public void l(@h0 byte[] bArr) {
        if (this.c != null) {
            throw new RuntimeException("SessionTranscript already set");
        }
        this.c = (byte[]) bArr.clone();
    }

    @Override // androidx.security.identity.g
    public void m(@h0 X509Certificate x509Certificate, @h0 byte[] bArr) throws UnknownAuthenticationKeyException {
        try {
            this.f1056h.storeStaticAuthenticationData(x509Certificate, bArr);
        } catch (android.security.identity.UnknownAuthenticationKeyException e) {
            throw new UnknownAuthenticationKeyException(e.getMessage(), e);
        }
    }
}
