package com.android.identity.android.legacy;

import android.content.Context;
import android.icu.util.Calendar;
import android.os.Build;
import android.security.keystore.KeyInfo;
import android.util.Log;
import co.nstant.in.cbor.CborBuilder;
import co.nstant.in.cbor.model.UnicodeString;
import com.android.identity.android.legacy.CredentialDataResult;
import com.android.identity.android.legacy.PersonalizationData;
import com.android.identity.android.securearea.AndroidKeystoreSecureArea;
import com.android.identity.internal.Util;
import com.android.identity.mdoc.mso.MobileSecurityObjectGenerator;
import com.android.identity.mdoc.mso.StaticAuthDataGenerator;
import com.android.identity.mdoc.response.DeviceResponseGenerator;
import com.android.identity.util.Timestamp;
import com.google.firebase.crashlytics.buildtools.reloc.com.google.common.base.Ascii;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;

/* loaded from: classes18.dex */
public class Utility {
    private static final String TAG = "Utility";

    private Utility() {
    }

    public static DeviceResponseGenerator addDocument(DeviceResponseGenerator deviceResponseGenerator, String str, CredentialDataResult credentialDataResult, Map<String, List<byte[]>> map, Map<String, Map<String, Long>> map2, byte[] bArr) {
        return deviceResponseGenerator.addDocument(str, credentialDataResult.getDeviceNameSpaces(), credentialDataResult.getDeviceSignature(), credentialDataResult.getDeviceMac(), mergeIssuerSigned(map, credentialDataResult.getIssuerSignedEntries()), map2, bArr);
    }

    private static int convertKeyPurpose(KeyInfo keyInfo) {
        int purposes = keyInfo.getPurposes();
        int i = (purposes & 64) == 64 ? 0 | 2 : 0;
        return (purposes & 4) == 4 ? i | 1 : i;
    }

    public static AndroidKeystoreSecureArea.CreateKeySettings.Builder extractKeySettings(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, null);
            try {
                KeyInfo keyInfo = (KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, KeyInfo.class);
                AndroidKeystoreSecureArea.CreateKeySettings.Builder builder = new AndroidKeystoreSecureArea.CreateKeySettings.Builder(new byte[]{10, Ascii.VT, Ascii.FF});
                builder.setExistingKeyAlias(str);
                builder.setKeyPurposes(convertKeyPurpose(keyInfo));
                if (keyInfo.isUserAuthenticationRequired()) {
                    builder.setUserAuthenticationRequired(true, keyInfo.getUserAuthenticationValidityDurationSeconds() * 1000, 1);
                }
                if (Build.VERSION.SDK_INT >= 31 && (keyInfo.getSecurityLevel() & 2) == 2) {
                    builder.setUseStrongBox(true);
                }
                if ((keyInfo.getKeyValidityStart() != null) & (keyInfo.getKeyValidityForOriginationEnd() != null)) {
                    builder.setValidityPeriod(Timestamp.ofEpochMilli(keyInfo.getKeyValidityStart().getTime()), Timestamp.ofEpochMilli(keyInfo.getKeyValidityForOriginationEnd().getTime()));
                }
                return builder;
            } catch (NoSuchAlgorithmException e) {
                e = e;
                throw new RuntimeException(e);
            } catch (NoSuchProviderException e2) {
                e = e2;
                throw new RuntimeException(e);
            } catch (InvalidKeySpecException e3) {
                throw new IllegalStateException("Unrecoverable Key: Not an Android KeyStore key", e3);
            }
        } catch (IOException e4) {
            e = e4;
            throw new IllegalStateException("Error generate certificate chain", e);
        } catch (KeyStoreException e5) {
            e = e5;
            throw new IllegalStateException("Error generate certificate chain", e);
        } catch (NoSuchAlgorithmException e6) {
            e = e6;
            throw new IllegalStateException("Error generate certificate chain", e);
        } catch (UnrecoverableKeyException e7) {
            throw new IllegalStateException("Error retrieving key", e7);
        } catch (CertificateException e8) {
            e = e8;
            throw new IllegalStateException("Error generate certificate chain", e);
        }
    }

    public static IdentityCredentialStore getIdentityCredentialStore(Context context) {
        return IdentityCredentialStore.getKeystoreInstance(context, context.getNoBackupFilesDir());
    }

    public static Map<String, List<byte[]>> mergeIssuerSigned(Map<String, List<byte[]>> map, CredentialDataResult.Entries entries) {
        byte[] entry;
        HashMap hashMap = new HashMap();
        for (String str : entries.getNamespaces()) {
            ArrayList arrayList = new ArrayList();
            List<byte[]> list = map.get(str);
            if (list == null) {
                Log.w(TAG, "Skipping namespace " + str + " which is not in issuerSignedMapping");
            } else {
                Collection<String> entryNames = entries.getEntryNames(str);
                Iterator<byte[]> it = list.iterator();
                while (it.hasNext()) {
                    byte[] cborExtractTaggedCbor = Util.cborExtractTaggedCbor(it.next());
                    String cborMapExtractString = Util.cborMapExtractString(Util.cborDecode(cborExtractTaggedCbor), "elementIdentifier");
                    if (entryNames.contains(cborMapExtractString) && (entry = entries.getEntry(str, cborMapExtractString)) != null) {
                        arrayList.add(Util.cborEncode(Util.cborBuildTaggedByteString(Util.issuerSignedItemSetValue(cborExtractTaggedCbor, entry))));
                    }
                }
            }
            if (arrayList.size() > 0) {
                hashMap.put(str, arrayList);
            }
        }
        return hashMap;
    }

    public static byte[] provisionSelfSignedCredential(IdentityCredentialStore identityCredentialStore, String str, PrivateKey privateKey, X509Certificate x509Certificate, String str2, PersonalizationData personalizationData, int i, int i2) throws IdentityCredentialException {
        String str3 = str2;
        byte[] bytes = "dummyChallenge".getBytes(StandardCharsets.UTF_8);
        identityCredentialStore.deleteCredentialByName(str);
        WritableIdentityCredential createCredential = identityCredentialStore.createCredential(str, str3);
        Collection<X509Certificate> credentialKeyCertificateChain = createCredential.getCredentialKeyCertificateChain(bytes);
        Log.i(TAG, String.format(Locale.US, "Cert chain for self-signed credential '%s' has %d elements", str, Integer.valueOf(credentialKeyCertificateChain.size())));
        Iterator<X509Certificate> it = credentialKeyCertificateChain.iterator();
        int i3 = 0;
        while (it.hasNext()) {
            try {
                int i4 = i3 + 1;
                try {
                    Log.i(TAG, String.format(Locale.US, "Certificate %d: %s", Integer.valueOf(i3), Util.toHex(it.next().getEncoded())));
                    i3 = i4;
                } catch (CertificateEncodingException e) {
                    e = e;
                    i3 = i4;
                    e.printStackTrace();
                }
            } catch (CertificateEncodingException e2) {
                e = e2;
            }
        }
        byte[] personalize = createCredential.personalize(personalizationData);
        IdentityCredential credentialByName = identityCredentialStore.getCredentialByName(str, 1);
        credentialByName.setAvailableAuthenticationKeys(i, i2);
        Collection<X509Certificate> authKeysNeedingCertification = credentialByName.getAuthKeysNeedingCertification();
        Timestamp now = Timestamp.now();
        Timestamp now2 = Timestamp.now();
        Calendar calendar = Calendar.getInstance();
        calendar.add(2, 12);
        Timestamp ofEpochMilli = Timestamp.ofEpochMilli(calendar.getTimeInMillis());
        Iterator<X509Certificate> it2 = authKeysNeedingCertification.iterator();
        while (it2.hasNext()) {
            byte[] bArr = bytes;
            X509Certificate next = it2.next();
            WritableIdentityCredential writableIdentityCredential = createCredential;
            Iterator<X509Certificate> it3 = it2;
            Collection<X509Certificate> collection = credentialKeyCertificateChain;
            String str4 = "SHA-256";
            MobileSecurityObjectGenerator validityInfo = new MobileSecurityObjectGenerator("SHA-256", str3, next.getPublicKey()).setValidityInfo(now, now2, ofEpochMilli, null);
            SecureRandom secureRandom = new SecureRandom();
            Iterator<PersonalizationData.NamespaceData> it4 = personalizationData.getNamespaceDatas().iterator();
            int i5 = 0;
            while (it4.hasNext()) {
                i5 += it4.next().getEntryNames().size();
            }
            ArrayList arrayList = new ArrayList();
            for (Long l = 0L; l.longValue() < i5; l = Long.valueOf(l.longValue() + 1)) {
                arrayList.add(l);
            }
            ArrayList arrayList2 = arrayList;
            Collections.shuffle(arrayList2);
            HashMap hashMap = new HashMap();
            Iterator it5 = arrayList2.iterator();
            Iterator<PersonalizationData.NamespaceData> it6 = personalizationData.getNamespaceDatas().iterator();
            while (it6.hasNext()) {
                Timestamp timestamp = ofEpochMilli;
                PersonalizationData.NamespaceData next2 = it6.next();
                int i6 = i5;
                String namespaceName = next2.getNamespaceName();
                ArrayList arrayList3 = new ArrayList();
                HashMap hashMap2 = new HashMap();
                for (String str5 : next2.getEntryNames()) {
                    byte[] entryValue = next2.getEntryValue(str5);
                    PersonalizationData.NamespaceData namespaceData = next2;
                    Long l2 = (Long) it5.next();
                    Iterator<PersonalizationData.NamespaceData> it7 = it6;
                    int i7 = i3;
                    byte[] bArr2 = new byte[16];
                    ArrayList arrayList4 = arrayList2;
                    secureRandom.nextBytes(bArr2);
                    Collection<X509Certificate> collection2 = authKeysNeedingCertification;
                    Timestamp timestamp2 = now;
                    Timestamp timestamp3 = now2;
                    byte[] cborEncode = Util.cborEncode(new CborBuilder().addMap().put("digestID", l2.longValue()).put("random", bArr2).put("elementIdentifier", str5).put(new UnicodeString("elementValue"), Util.cborDecode(entryValue)).end().build().get(0));
                    try {
                        try {
                            byte[] digest = MessageDigest.getInstance(str4).digest(Util.cborEncode(Util.cborBuildTaggedByteString(cborEncode)));
                            arrayList3.add(Util.cborEncode(Util.cborBuildTaggedByteString(Util.issuerSignedItemClearValue(cborEncode))));
                            hashMap2.put(l2, digest);
                            it6 = it7;
                            next2 = namespaceData;
                            i3 = i7;
                            arrayList2 = arrayList4;
                            authKeysNeedingCertification = collection2;
                            now = timestamp2;
                            now2 = timestamp3;
                            str4 = str4;
                        } catch (NoSuchAlgorithmException e3) {
                            e = e3;
                            throw new IllegalArgumentException("Failed creating digester", e);
                        }
                    } catch (NoSuchAlgorithmException e4) {
                        e = e4;
                    }
                }
                hashMap.put(namespaceName, arrayList3);
                validityInfo.addDigestIdsForNamespace(namespaceName, hashMap2);
                i5 = i6;
                ofEpochMilli = timestamp;
                str4 = str4;
            }
            Timestamp timestamp4 = ofEpochMilli;
            byte[] cborEncode2 = Util.cborEncode(Util.cborBuildTaggedByteString(validityInfo.generate()));
            ArrayList arrayList5 = new ArrayList();
            arrayList5.add(x509Certificate);
            credentialByName.storeStaticAuthenticationData(next, calendar, new StaticAuthDataGenerator(hashMap, Util.cborEncode(Util.coseSign1Sign(privateKey, "SHA256withECDSA", cborEncode2, null, arrayList5))).generate());
            str3 = str2;
            createCredential = writableIdentityCredential;
            bytes = bArr;
            it2 = it3;
            credentialKeyCertificateChain = collection;
            ofEpochMilli = timestamp4;
            i3 = i3;
        }
        return personalize;
    }
}
