package androidx.security.identity;

import android.security.identity.SessionTranscriptMismatchException;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.RequiresApi;
import androidx.biometric.BiometricPrompt;
import androidx.security.identity.SimpleResultData;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.simalliance.openmobileapi.util.ISO7816;

@RequiresApi(30)
/* loaded from: classes.dex */
public class HardwareIdentityCredential extends IdentityCredential {
    private static final String TAG = "HardwareIdentityCredential";
    private android.security.identity.IdentityCredential mCredential;
    private int mSKDeviceCounter;
    private int mSKReaderCounter;
    private KeyPair mEphemeralKeyPair = null;
    private PublicKey mReaderEphemeralPublicKey = null;
    private byte[] mSessionTranscript = null;
    private SecretKey mSKDevice = null;
    private SecretKey mSKReader = null;

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public HardwareIdentityCredential(android.security.identity.IdentityCredential identityCredential) {
        this.mCredential = null;
        this.mCredential = identityCredential;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void ensureSessionEncryptionKey() {
        if (this.mSKDevice != null) {
            return;
        }
        if (this.mReaderEphemeralPublicKey == null) {
            throw new RuntimeException("Reader ephemeral key not set");
        }
        if (this.mSessionTranscript == null) {
            throw new RuntimeException("Session transcript not set");
        }
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
            keyAgreement.init(this.mEphemeralKeyPair.getPrivate());
            keyAgreement.doPhase(this.mReaderEphemeralPublicKey, true);
            byte[] generateSecret = keyAgreement.generateSecret();
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(Util.prependSemanticTagForEncodedCbor(this.mSessionTranscript));
            this.mSKDevice = new SecretKeySpec(Util.computeHkdf("HmacSha256", generateSecret, digest, new byte[]{83, 75, 68, 101, 118, 105, ISO7816.SW1_63, 101}, 32), "AES");
            this.mSKReader = new SecretKeySpec(Util.computeHkdf("HmacSha256", generateSecret, digest, new byte[]{83, 75, 82, 101, 97, 100, 101, 114}, 32), "AES");
            this.mSKDeviceCounter = 1;
            this.mSKReaderCounter = 1;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new RuntimeException("Error performing key agreement", e);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // androidx.security.identity.IdentityCredential
    @NonNull
    public KeyPair createEphemeralKeyPair() {
        if (this.mEphemeralKeyPair == null) {
            this.mEphemeralKeyPair = this.mCredential.createEphemeralKeyPair();
        }
        return this.mEphemeralKeyPair;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // androidx.security.identity.IdentityCredential
    @NonNull
    public byte[] decryptMessageFromReader(@NonNull byte[] bArr) throws MessageDecryptionException {
        ensureSessionEncryptionKey();
        ByteBuffer allocate = ByteBuffer.allocate(12);
        allocate.putInt(0, 0);
        allocate.putInt(4, 0);
        allocate.putInt(8, this.mSKReaderCounter);
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, this.mSKReader, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.mSKReaderCounter++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new MessageDecryptionException("Error decrypting message", e);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // androidx.security.identity.IdentityCredential
    @NonNull
    public byte[] encryptMessageToReader(@NonNull byte[] bArr) {
        ensureSessionEncryptionKey();
        try {
            ByteBuffer allocate = ByteBuffer.allocate(12);
            allocate.putInt(0, 0);
            allocate.putInt(4, 1);
            allocate.putInt(8, this.mSKDeviceCounter);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, this.mSKDevice, new GCMParameterSpec(128, allocate.array()));
            byte[] doFinal = cipher.doFinal(bArr);
            this.mSKDeviceCounter++;
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new RuntimeException("Error encrypting message", e);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // androidx.security.identity.IdentityCredential
    @NonNull
    public Collection<X509Certificate> getAuthKeysNeedingCertification() {
        return this.mCredential.getAuthKeysNeedingCertification();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // androidx.security.identity.IdentityCredential
    @NonNull
    public int[] getAuthenticationDataUsageCount() {
        return this.mCredential.getAuthenticationDataUsageCount();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // androidx.security.identity.IdentityCredential
    @NonNull
    public Collection<X509Certificate> getCredentialKeyCertificateChain() {
        return this.mCredential.getCredentialKeyCertificateChain();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // androidx.security.identity.IdentityCredential
    @Nullable
    public BiometricPrompt.CryptoObject getCryptoObject() {
        return new BiometricPrompt.CryptoObject(this.mCredential);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // androidx.security.identity.IdentityCredential
    @NonNull
    public ResultData getEntries(@Nullable byte[] bArr, @NonNull Map<String, Collection<String>> map, @Nullable byte[] bArr2) throws NoAuthenticationKeyAvailableException, InvalidReaderSignatureException, InvalidRequestMessageException, EphemeralPublicKeyNotFoundException {
        try {
            android.security.identity.ResultData entries = this.mCredential.getEntries(bArr, map, this.mSessionTranscript, bArr2);
            SimpleResultData.Builder builder = new SimpleResultData.Builder();
            builder.setMessageAuthenticationCode(entries.getMessageAuthenticationCode());
            builder.setAuthenticatedData(entries.getAuthenticatedData());
            builder.setStaticAuthenticationData(entries.getStaticAuthenticationData());
            for (String str : entries.getNamespaces()) {
                for (String str2 : entries.getEntryNames(str)) {
                    int status = entries.getStatus(str, str2);
                    if (status == 0) {
                        builder.addEntry(str, str2, entries.getEntry(str, str2));
                    } else {
                        builder.addErrorStatus(str, str2, status);
                    }
                }
            }
            return builder.build();
        } catch (android.security.identity.EphemeralPublicKeyNotFoundException e) {
            throw new EphemeralPublicKeyNotFoundException(e.getMessage(), e);
        } catch (android.security.identity.InvalidReaderSignatureException e2) {
            throw new InvalidReaderSignatureException(e2.getMessage(), e2);
        } catch (android.security.identity.InvalidRequestMessageException e3) {
            throw new InvalidRequestMessageException(e3.getMessage(), e3);
        } catch (android.security.identity.NoAuthenticationKeyAvailableException e4) {
            throw new NoAuthenticationKeyAvailableException(e4.getMessage(), e4);
        } catch (SessionTranscriptMismatchException e5) {
            throw new RuntimeException("Unexpected SessionMismatchException", e5);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // androidx.security.identity.IdentityCredential
    public void setAllowUsingExhaustedKeys(boolean z) {
        this.mCredential.setAllowUsingExhaustedKeys(z);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // androidx.security.identity.IdentityCredential
    public void setAvailableAuthenticationKeys(int i, int i2) {
        this.mCredential.setAvailableAuthenticationKeys(i, i2);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // androidx.security.identity.IdentityCredential
    public void setReaderEphemeralPublicKey(@NonNull PublicKey publicKey) throws InvalidKeyException {
        this.mReaderEphemeralPublicKey = publicKey;
        this.mCredential.setReaderEphemeralPublicKey(publicKey);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // androidx.security.identity.IdentityCredential
    public void setSessionTranscript(@NonNull byte[] bArr) {
        if (this.mSessionTranscript != null) {
            throw new RuntimeException("SessionTranscript already set");
        }
        this.mSessionTranscript = (byte[]) bArr.clone();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // androidx.security.identity.IdentityCredential
    public void storeStaticAuthenticationData(@NonNull X509Certificate x509Certificate, @NonNull byte[] bArr) throws UnknownAuthenticationKeyException {
        try {
            this.mCredential.storeStaticAuthenticationData(x509Certificate, bArr);
        } catch (android.security.identity.UnknownAuthenticationKeyException e) {
            throw new UnknownAuthenticationKeyException(e.getMessage(), e);
        }
    }
}
