package com.android.identity.mdoc.response;

import co.nstant.in.cbor.CborBuilder;
import co.nstant.in.cbor.builder.ArrayBuilder;
import co.nstant.in.cbor.builder.MapBuilder;
import co.nstant.in.cbor.model.DataItem;
import co.nstant.in.cbor.model.UnicodeString;
import com.android.identity.credential.NameSpacedData;
import com.android.identity.internal.Util;
import com.android.identity.securearea.SecureArea;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes18.dex */
public class DocumentGenerator {
    private static final String TAG = "DocumentGenerator";
    private DataItem mDeviceSigned;
    private final String mDocType;
    private final byte[] mEncodedIssuerAuth;
    private final byte[] mEncodedSessionTranscript;
    private Map<String, Map<String, Long>> mErrors;
    private Map<String, List<byte[]>> mIssuerNamespaces;

    public DocumentGenerator(String str, byte[] bArr, byte[] bArr2) {
        this.mDocType = str;
        this.mEncodedIssuerAuth = bArr;
        this.mEncodedSessionTranscript = bArr2;
    }

    private DocumentGenerator setDeviceNamespaces(NameSpacedData nameSpacedData, SecureArea secureArea, String str, SecureArea.KeyUnlockData keyUnlockData, int i, PublicKey publicKey) throws SecureArea.KeyLockedException {
        String str2;
        DataItem cborDecode;
        CborBuilder cborBuilder = new CborBuilder();
        MapBuilder<CborBuilder> addMap = cborBuilder.addMap();
        for (String str3 : nameSpacedData.getNameSpaceNames()) {
            MapBuilder<MapBuilder<CborBuilder>> putMap = addMap.putMap(str3);
            for (String str4 : nameSpacedData.getDataElementNames(str3)) {
                putMap.put(new UnicodeString(str4), Util.cborDecode(nameSpacedData.getDataElement(str3, str4)));
            }
        }
        addMap.end();
        byte[] cborEncode = Util.cborEncode(cborBuilder.build().get(0));
        byte[] cborEncode2 = Util.cborEncode(Util.cborBuildTaggedByteString(Util.cborEncode(new CborBuilder().addArray().add("DeviceAuthentication").add(Util.cborDecode(this.mEncodedSessionTranscript)).add(this.mDocType).add(Util.cborBuildTaggedByteString(cborEncode)).end().build().get(0))));
        byte[] bArr = null;
        byte[] bArr2 = null;
        if (i != Integer.MAX_VALUE) {
            bArr = Util.cborEncode(Util.coseSign1Sign(secureArea, str, i, keyUnlockData, null, cborEncode2, null));
        } else {
            try {
                bArr2 = Util.cborEncode(Util.coseMac0(new SecretKeySpec(Util.computeHkdf("HmacSha256", secureArea.keyAgreement(str, publicKey, keyUnlockData), MessageDigest.getInstance("SHA-256").digest(Util.cborEncode(Util.cborBuildTaggedByteString(this.mEncodedSessionTranscript))), "EMacKey".getBytes(StandardCharsets.UTF_8), 32), ""), new byte[0], cborEncode2));
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException("Unexpected exception", e);
            }
        }
        if (bArr != null) {
            str2 = "deviceSignature";
            cborDecode = Util.cborDecode(bArr);
        } else {
            str2 = "deviceMac";
            cborDecode = Util.cborDecode(bArr2);
        }
        this.mDeviceSigned = new CborBuilder().addMap().put(new UnicodeString("nameSpaces"), Util.cborBuildTaggedByteString(cborEncode)).putMap("deviceAuth").put(new UnicodeString(str2), cborDecode).end().end().build().get(0);
        return this;
    }

    public byte[] generate() {
        int i;
        if (this.mDeviceSigned == null) {
            throw new IllegalStateException("DeviceSigned isn't set");
        }
        CborBuilder cborBuilder = null;
        if (this.mIssuerNamespaces != null) {
            cborBuilder = new CborBuilder();
            MapBuilder<CborBuilder> addMap = cborBuilder.addMap();
            for (String str : this.mIssuerNamespaces.keySet()) {
                ArrayBuilder<MapBuilder<CborBuilder>> putArray = addMap.putArray(str);
                Iterator<byte[]> it = this.mIssuerNamespaces.get(str).iterator();
                while (it.hasNext()) {
                    putArray.add(Util.cborDecode(it.next()));
                }
                putArray.end();
            }
            addMap.end();
        }
        CborBuilder cborBuilder2 = new CborBuilder();
        MapBuilder<CborBuilder> addMap2 = cborBuilder2.addMap();
        if (cborBuilder != null) {
            addMap2.put(new UnicodeString("nameSpaces"), cborBuilder.build().get(0));
        }
        addMap2.put(new UnicodeString("issuerAuth"), Util.cborDecode(this.mEncodedIssuerAuth));
        addMap2.end();
        DataItem dataItem = cborBuilder2.build().get(0);
        CborBuilder cborBuilder3 = new CborBuilder();
        MapBuilder<CborBuilder> addMap3 = cborBuilder3.addMap();
        addMap3.put("docType", this.mDocType);
        addMap3.put(new UnicodeString("issuerSigned"), dataItem);
        addMap3.put(new UnicodeString("deviceSigned"), this.mDeviceSigned);
        if (this.mErrors != null) {
            CborBuilder cborBuilder4 = new CborBuilder();
            MapBuilder<CborBuilder> addMap4 = cborBuilder4.addMap();
            for (String str2 : this.mErrors.keySet()) {
                MapBuilder<MapBuilder<CborBuilder>> putMap = addMap4.putMap(str2);
                Map<String, Long> map = this.mErrors.get(str2);
                for (String str3 : map.keySet()) {
                    putMap.put(str3, map.get(str3).longValue());
                    dataItem = dataItem;
                }
            }
            i = 0;
            addMap3.put(new UnicodeString("errors"), cborBuilder4.build().get(0));
        } else {
            i = 0;
        }
        return Util.cborEncode(cborBuilder3.build().get(i));
    }

    public DocumentGenerator setDeviceNamespacesMac(NameSpacedData nameSpacedData, SecureArea secureArea, String str, SecureArea.KeyUnlockData keyUnlockData, PublicKey publicKey) throws SecureArea.KeyLockedException {
        return setDeviceNamespaces(nameSpacedData, secureArea, str, keyUnlockData, Integer.MAX_VALUE, publicKey);
    }

    public DocumentGenerator setDeviceNamespacesSignature(NameSpacedData nameSpacedData, SecureArea secureArea, String str, SecureArea.KeyUnlockData keyUnlockData, int i) throws SecureArea.KeyLockedException {
        return setDeviceNamespaces(nameSpacedData, secureArea, str, keyUnlockData, i, null);
    }

    public DocumentGenerator setErrors(Map<String, Map<String, Long>> map) {
        this.mErrors = map;
        return this;
    }

    public DocumentGenerator setIssuerNamespaces(Map<String, List<byte[]>> map) {
        this.mIssuerNamespaces = map;
        return this;
    }
}
