package com.android.identity.android.legacy;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import androidx.biometric.BiometricPrompt;
import com.google.android.gms.stats.CodePackage;
import java.io.File;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.ECGenParameterSpec;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes18.dex */
public class KeystorePresentationSession extends PresentationSession {
    private static final String KEY_FOR_AUTH_PER_PRESENTATION_ALIAS = "identity_credential_auth_per_presentation_key";
    private static final String TAG = "KSPresentationSession";
    private final int mCipherSuite;
    private final Context mContext;
    private KeyPair mEphemeralDeviceKeyPair;
    private BiometricPrompt.CryptoObject mLastCryptoObjectCreated;
    private PublicKey mReaderEphemeralPublicKey;
    private byte[] mSessionTranscript;
    private final File mStorageDirectory;
    private final Map<String, KeystoreIdentityCredential> mCredentialCache = new LinkedHashMap();
    private boolean mPerReaderSessionAuthSatisfied = false;
    private boolean mPerReaderSessionAuthSatisfiedCalculated = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeystorePresentationSession(Context context, File file, int i) {
        this.mContext = context;
        this.mStorageDirectory = file;
        this.mCipherSuite = i;
    }

    private boolean calculatePerReaderSessionAuthSatisfied() {
        if (this.mLastCryptoObjectCreated == null) {
            return false;
        }
        try {
            this.mLastCryptoObjectCreated.getCipher().doFinal(new byte[16]);
            return true;
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            return false;
        }
    }

    private SecretKey getAuthPerPresentationKey(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (entry != null) {
                return ((KeyStore.SecretKeyEntry) entry).getSecretKey();
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(new KeyGenParameterSpec.Builder(str, 3).setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding").setKeySize(128).setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(-1).build());
            keyGenerator.generateKey();
            KeyStore.Entry entry2 = keyStore.getEntry(str, null);
            if (entry2 == null) {
                throw new IllegalStateException("Error getting secretKey after creating it");
            }
            Log.d(TAG, "Created key with alias " + str);
            return ((KeyStore.SecretKeyEntry) entry2).getSecretKey();
        } catch (IOException e) {
            e = e;
            throw new IllegalStateException("Error ensuring authPerPresentationKey", e);
        } catch (InvalidAlgorithmParameterException e2) {
            return null;
        } catch (KeyStoreException e3) {
            e = e3;
            throw new IllegalStateException("Error ensuring authPerPresentationKey", e);
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            throw new IllegalStateException("Error ensuring authPerPresentationKey", e);
        } catch (NoSuchProviderException e5) {
            e = e5;
            throw new IllegalStateException("Error ensuring authPerPresentationKey", e);
        } catch (UnrecoverableEntryException e6) {
            e = e6;
            throw new IllegalStateException("Error ensuring authPerPresentationKey", e);
        } catch (CertificateException e7) {
            e = e7;
            throw new IllegalStateException("Error ensuring authPerPresentationKey", e);
        }
    }

    @Override // com.android.identity.android.legacy.PresentationSession
    public CredentialDataResult getCredentialData(String str, CredentialDataRequest credentialDataRequest) throws NoAuthenticationKeyAvailableException, InvalidReaderSignatureException, InvalidRequestMessageException, EphemeralPublicKeyNotFoundException {
        try {
            KeystoreIdentityCredential keystoreIdentityCredential = this.mCredentialCache.get(str);
            if (keystoreIdentityCredential == null) {
                keystoreIdentityCredential = new KeystoreIdentityCredential(this.mContext, this.mStorageDirectory, str, this.mCipherSuite, this);
                if (!keystoreIdentityCredential.loadData()) {
                    return null;
                }
                this.mCredentialCache.put(str, keystoreIdentityCredential);
                keystoreIdentityCredential.setAllowUsingExhaustedKeys(credentialDataRequest.isAllowUsingExhaustedKeys());
                keystoreIdentityCredential.setAllowUsingExpiredKeys(credentialDataRequest.isAllowUsingExpiredKeys());
                keystoreIdentityCredential.setIncrementKeyUsageCount(credentialDataRequest.isIncrementUseCount());
                if (this.mSessionTranscript != null) {
                    keystoreIdentityCredential.setSessionTranscript(this.mSessionTranscript);
                }
            }
            return new SimpleCredentialDataResult(keystoreIdentityCredential.getEntries(credentialDataRequest.getRequestMessage(), credentialDataRequest.getDeviceSignedEntriesToRequest(), credentialDataRequest.getReaderSignature()), keystoreIdentityCredential.getEntries(credentialDataRequest.getRequestMessage(), credentialDataRequest.getIssuerSignedEntriesToRequest(), credentialDataRequest.getReaderSignature()));
        } catch (CipherSuiteNotSupportedException e) {
            throw new IllegalStateException("Unexpected CipherSuiteNotSupportedException", e);
        }
    }

    @Override // com.android.identity.android.legacy.PresentationSession
    public BiometricPrompt.CryptoObject getCryptoObject() {
        try {
            SecretKey authPerPresentationKey = getAuthPerPresentationKey(KEY_FOR_AUTH_PER_PRESENTATION_ALIAS);
            if (authPerPresentationKey == null) {
                this.mLastCryptoObjectCreated = null;
            } else {
                Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                cipher.init(1, authPerPresentationKey);
                this.mLastCryptoObjectCreated = new BiometricPrompt.CryptoObject(cipher);
            }
            this.mPerReaderSessionAuthSatisfiedCalculated = false;
            return this.mLastCryptoObjectCreated;
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new IllegalStateException("Error creating Cipher for perReaderSessionKey", e);
        }
    }

    @Override // com.android.identity.android.legacy.PresentationSession
    public KeyPair getEphemeralKeyPair() {
        if (this.mEphemeralDeviceKeyPair == null) {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
                keyPairGenerator.initialize(new ECGenParameterSpec("prime256v1"));
                this.mEphemeralDeviceKeyPair = keyPairGenerator.generateKeyPair();
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
                throw new IllegalStateException("Error generating ephemeral key", e);
            }
        }
        return this.mEphemeralDeviceKeyPair;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isPerReaderSessionAuthSatisfied() {
        if (!this.mPerReaderSessionAuthSatisfiedCalculated) {
            this.mPerReaderSessionAuthSatisfied = calculatePerReaderSessionAuthSatisfied();
            this.mPerReaderSessionAuthSatisfiedCalculated = true;
        }
        return this.mPerReaderSessionAuthSatisfied;
    }

    @Override // com.android.identity.android.legacy.PresentationSession
    public void setReaderEphemeralPublicKey(PublicKey publicKey) throws InvalidKeyException {
        if (this.mReaderEphemeralPublicKey != null) {
            throw new IllegalStateException("Reader ephemeral key already set");
        }
        this.mReaderEphemeralPublicKey = publicKey;
    }

    @Override // com.android.identity.android.legacy.PresentationSession
    public void setSessionTranscript(byte[] bArr) {
        if (this.mSessionTranscript != null) {
            throw new IllegalStateException("SessionTranscript already set");
        }
        this.mSessionTranscript = (byte[]) bArr.clone();
    }
}
