package androidx.security.identity;

import android.content.Context;
import android.icu.util.Calendar;
import android.security.keystore.KeyGenParameterSpec;
import android.util.AtomicFile;
import android.util.Log;
import android.util.Pair;
import androidx.annotation.o0;
import androidx.security.identity.j;
import co.nstant.in.cbor.CborException;
import co.nstant.in.cbor.model.w;
import co.nstant.in.cbor.model.x;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.AbstractList;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: CredentialData.java */
/* loaded from: classes.dex */
public class c {

    /* renamed from: o, reason: collision with root package name */
    private static final String f11935o = "CredentialData";

    /* renamed from: a, reason: collision with root package name */
    private Context f11936a;

    /* renamed from: b, reason: collision with root package name */
    private String f11937b;

    /* renamed from: m, reason: collision with root package name */
    private AbstractMap<Integer, String> f11948m;

    /* renamed from: c, reason: collision with root package name */
    private String f11938c = "";

    /* renamed from: d, reason: collision with root package name */
    private String f11939d = "";

    /* renamed from: e, reason: collision with root package name */
    private Collection<X509Certificate> f11940e = null;

    /* renamed from: f, reason: collision with root package name */
    private byte[] f11941f = null;

    /* renamed from: g, reason: collision with root package name */
    private AbstractList<androidx.security.identity.a> f11942g = new ArrayList();

    /* renamed from: h, reason: collision with root package name */
    private AbstractMap<Integer, androidx.security.identity.a> f11943h = new HashMap();

    /* renamed from: i, reason: collision with root package name */
    private AbstractList<j.c> f11944i = new ArrayList();

    /* renamed from: j, reason: collision with root package name */
    private int f11945j = 0;

    /* renamed from: k, reason: collision with root package name */
    private int f11946k = 1;

    /* renamed from: l, reason: collision with root package name */
    private String f11947l = "";

    /* renamed from: n, reason: collision with root package name */
    private AbstractList<a> f11949n = new ArrayList();

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: CredentialData.java */
    /* loaded from: classes.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        String f11950a = "";

        /* renamed from: b, reason: collision with root package name */
        byte[] f11951b = new byte[0];

        /* renamed from: c, reason: collision with root package name */
        byte[] f11952c = new byte[0];

        /* renamed from: d, reason: collision with root package name */
        int f11953d = 0;

        /* renamed from: e, reason: collision with root package name */
        String f11954e = "";

        /* renamed from: f, reason: collision with root package name */
        byte[] f11955f = new byte[0];

        /* renamed from: g, reason: collision with root package name */
        Calendar f11956g = null;

        a() {
        }
    }

    private c(Context context, String str) {
        this.f11936a = context;
        this.f11937b = str;
    }

    private void C(co.nstant.in.cbor.model.m mVar) {
        co.nstant.in.cbor.model.h j10 = mVar.j(new w("accessControlProfiles"));
        if (!(j10 instanceof co.nstant.in.cbor.model.d)) {
            throw new RuntimeException("accessControlProfiles not found or not array");
        }
        this.f11942g = new ArrayList();
        this.f11943h = new HashMap();
        Iterator<co.nstant.in.cbor.model.h> it = ((co.nstant.in.cbor.model.d) j10).k().iterator();
        while (it.hasNext()) {
            androidx.security.identity.a a10 = q.a(it.next());
            this.f11942g.add(a10);
            this.f11943h.put(Integer.valueOf(a10.a().a()), a10);
        }
    }

    private void D(co.nstant.in.cbor.model.m mVar) {
        this.f11947l = ((w) mVar.j(new w("perReaderSessionKeyAlias"))).j();
        co.nstant.in.cbor.model.h j10 = mVar.j(new w("acpTimeoutKeyMap"));
        if (!(j10 instanceof co.nstant.in.cbor.model.m)) {
            throw new RuntimeException("acpTimeoutKeyMap not found or not map");
        }
        this.f11948m = new HashMap();
        co.nstant.in.cbor.model.m mVar2 = (co.nstant.in.cbor.model.m) j10;
        for (co.nstant.in.cbor.model.h hVar : mVar2.k()) {
            if (!(hVar instanceof x)) {
                throw new RuntimeException("Key in acpTimeoutKeyMap is not an integer");
            }
            int intValue = ((x) hVar).h().intValue();
            co.nstant.in.cbor.model.h j11 = mVar2.j(hVar);
            if (!(j11 instanceof w)) {
                throw new RuntimeException("Item in acpTimeoutKeyMap is not a string");
            }
            this.f11948m.put(Integer.valueOf(intValue), ((w) j11).j());
        }
        this.f11945j = ((co.nstant.in.cbor.model.o) mVar.j(new w("authKeyCount"))).h().intValue();
        this.f11946k = ((co.nstant.in.cbor.model.o) mVar.j(new w("authKeyMaxUses"))).h().intValue();
        co.nstant.in.cbor.model.h j12 = mVar.j(new w("authKeyDatas"));
        if (!(j12 instanceof co.nstant.in.cbor.model.d)) {
            throw new RuntimeException("authKeyDatas not found or not array");
        }
        this.f11949n = new ArrayList();
        for (co.nstant.in.cbor.model.h hVar2 : ((co.nstant.in.cbor.model.d) j12).k()) {
            a aVar = new a();
            co.nstant.in.cbor.model.m mVar3 = (co.nstant.in.cbor.model.m) hVar2;
            aVar.f11950a = ((w) mVar3.j(new w("alias"))).j();
            aVar.f11953d = ((co.nstant.in.cbor.model.o) mVar3.j(new w("useCount"))).h().intValue();
            aVar.f11951b = ((co.nstant.in.cbor.model.e) mVar3.j(new w("certificate"))).j();
            aVar.f11952c = ((co.nstant.in.cbor.model.e) mVar3.j(new w("staticAuthenticationData"))).j();
            aVar.f11954e = ((w) mVar3.j(new w("pendingAlias"))).j();
            aVar.f11955f = ((co.nstant.in.cbor.model.e) mVar3.j(new w("pendingCertificate"))).j();
            long j13 = Long.MAX_VALUE;
            co.nstant.in.cbor.model.h j14 = mVar3.j(new w("expirationDateMillis"));
            if (j14 != null) {
                if (!(j14 instanceof co.nstant.in.cbor.model.o)) {
                    throw new RuntimeException("expirationDateMillis not a number");
                }
                j13 = ((co.nstant.in.cbor.model.o) j14).h().longValue();
            }
            Calendar calendar = Calendar.getInstance();
            calendar.setTimeInMillis(j13);
            aVar.f11956g = calendar;
            this.f11949n.add(aVar);
        }
    }

    private void E(co.nstant.in.cbor.model.m mVar) {
        this.f11938c = ((w) mVar.j(new w("docType"))).j();
        this.f11939d = ((w) mVar.j(new w("credentialKeyAlias"))).j();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static c F(Context context, String str) {
        c cVar = new c(context, str);
        if (cVar.H(x(str))) {
            return cVar;
        }
        return null;
    }

    private void G(co.nstant.in.cbor.model.m mVar) {
        co.nstant.in.cbor.model.h j10 = mVar.j(new w("credentialKeyCertChain"));
        if (!(j10 instanceof co.nstant.in.cbor.model.d)) {
            throw new RuntimeException("credentialKeyCertChain not found or not array");
        }
        this.f11940e = new ArrayList();
        Iterator<co.nstant.in.cbor.model.h> it = ((co.nstant.in.cbor.model.d) j10).k().iterator();
        while (it.hasNext()) {
            byte[] j11 = ((co.nstant.in.cbor.model.e) it.next()).j();
            try {
                this.f11940e.add((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(j11)));
            } catch (CertificateException e10) {
                throw new RuntimeException("Error decoding certificate blob", e10);
            }
        }
    }

    private boolean H(String str) {
        try {
            try {
                List<co.nstant.in.cbor.model.h> a10 = new co.nstant.in.cbor.b(new ByteArrayInputStream(I(str, new AtomicFile(this.f11936a.getFileStreamPath(z(this.f11937b))).readFully()))).a();
                if (a10.size() != 1) {
                    throw new RuntimeException("Expected 1 item, found " + a10.size());
                }
                if (!(a10.get(0) instanceof co.nstant.in.cbor.model.m)) {
                    throw new RuntimeException("Item is not a map");
                }
                co.nstant.in.cbor.model.m mVar = (co.nstant.in.cbor.model.m) a10.get(0);
                E(mVar);
                G(mVar);
                K(mVar);
                C(mVar);
                J(mVar);
                D(mVar);
                return true;
            } catch (CborException e10) {
                throw new RuntimeException("Error decoding data", e10);
            }
        } catch (Exception unused) {
            return false;
        }
    }

    private byte[] I(String str, byte[] bArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f35258b);
            keyStore.load(null);
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) keyStore.getEntry(str, null)).getSecretKey();
            if (bArr.length < 12) {
                throw new RuntimeException("Encrypted CBOR on disk is too small");
            }
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            byte[] bArr2 = new byte[12];
            wrap.get(bArr2);
            byte[] bArr3 = new byte[bArr.length - 12];
            wrap.get(bArr3);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, secretKey, new GCMParameterSpec(128, bArr2));
            return cipher.doFinal(bArr3);
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e10) {
            throw new RuntimeException("Error decrypting CBOR", e10);
        }
    }

    private void J(co.nstant.in.cbor.model.m mVar) {
        co.nstant.in.cbor.model.h j10 = mVar.j(new w("namespaceDatas"));
        if (!(j10 instanceof co.nstant.in.cbor.model.m)) {
            throw new RuntimeException("namespaceDatas not found or not map");
        }
        this.f11944i = new ArrayList();
        co.nstant.in.cbor.model.m mVar2 = (co.nstant.in.cbor.model.m) j10;
        for (co.nstant.in.cbor.model.h hVar : mVar2.k()) {
            if (!(hVar instanceof w)) {
                throw new RuntimeException("Key in namespaceDatas is not a string");
            }
            this.f11944i.add(q.R(((w) hVar).j(), mVar2.j(hVar)));
        }
    }

    private void K(co.nstant.in.cbor.model.m mVar) {
        co.nstant.in.cbor.model.h j10 = mVar.j(new w("proofOfProvisioningSha256"));
        if (!(j10 instanceof co.nstant.in.cbor.model.e)) {
            throw new RuntimeException("proofOfProvisioningSha256 not found or not bstr");
        }
        this.f11941f = ((co.nstant.in.cbor.model.e) j10).j();
    }

    private void N() {
        FileOutputStream fileOutputStream;
        co.nstant.in.cbor.a aVar = new co.nstant.in.cbor.a();
        co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> w9 = aVar.w();
        R(w9);
        P(w9);
        O(w9);
        U(w9);
        Q(w9);
        byte[] T = T(S(aVar));
        AtomicFile atomicFile = new AtomicFile(this.f11936a.getFileStreamPath(z(this.f11937b)));
        try {
            fileOutputStream = atomicFile.startWrite();
        } catch (IOException e10) {
            e = e10;
            fileOutputStream = null;
        }
        try {
            fileOutputStream.write(T);
            fileOutputStream.close();
            atomicFile.finishWrite(fileOutputStream);
        } catch (IOException e11) {
            e = e11;
            if (fileOutputStream != null) {
                atomicFile.failWrite(fileOutputStream);
            }
            throw new RuntimeException("Error writing data", e);
        }
    }

    private void O(co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> dVar) {
        co.nstant.in.cbor.builder.b<co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a>> D = dVar.D("accessControlProfiles");
        Iterator<androidx.security.identity.a> it = this.f11942g.iterator();
        while (it.hasNext()) {
            D.q(q.b(it.next()));
        }
    }

    private void P(co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> dVar) {
        co.nstant.in.cbor.builder.b<co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a>> D = dVar.D("authKeyDatas");
        Iterator<a> it = this.f11949n.iterator();
        while (it.hasNext()) {
            a next = it.next();
            long j10 = Long.MAX_VALUE;
            Calendar calendar = next.f11956g;
            if (calendar != null) {
                j10 = calendar.getTimeInMillis();
            }
            D.v().y("alias", next.f11950a).x("useCount", next.f11953d).A("certificate", next.f11951b).A("staticAuthenticationData", next.f11952c).y("pendingAlias", next.f11954e).A("pendingCertificate", next.f11955f).x("expirationDateMillis", j10).n();
        }
    }

    private void Q(co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> dVar) {
        dVar.y("perReaderSessionKeyAlias", this.f11947l);
        co.nstant.in.cbor.builder.d<co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a>> G = dVar.G("acpTimeoutKeyMap");
        Iterator<Map.Entry<Integer, String>> it = this.f11948m.entrySet().iterator();
        while (it.hasNext()) {
            G.u(new x(r1.getKey().intValue()), new w(it.next().getValue()));
        }
    }

    private void R(co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> dVar) {
        dVar.y("docType", this.f11938c);
        dVar.y("credentialKeyAlias", this.f11939d);
        co.nstant.in.cbor.builder.b<co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a>> D = dVar.D("credentialKeyCertChain");
        Iterator<X509Certificate> it = this.f11940e.iterator();
        while (it.hasNext()) {
            try {
                D.t(it.next().getEncoded());
            } catch (CertificateEncodingException e10) {
                throw new RuntimeException("Error encoding certificate", e10);
            }
        }
        dVar.A("proofOfProvisioningSha256", this.f11941f);
        dVar.x("authKeyCount", this.f11945j);
        dVar.x("authKeyMaxUses", this.f11946k);
    }

    private byte[] S(co.nstant.in.cbor.a aVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            new co.nstant.in.cbor.c(byteArrayOutputStream).b(aVar.y());
            return byteArrayOutputStream.toByteArray();
        } catch (CborException e10) {
            throw new RuntimeException("Error encoding data", e10);
        }
    }

    private byte[] T(byte[] bArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f35258b);
            keyStore.load(null);
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) keyStore.getEntry(x(this.f11937b), null)).getSecretKey();
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKey);
            byte[] doFinal = cipher.doFinal(bArr);
            ByteBuffer allocate = ByteBuffer.allocate(doFinal.length + 12);
            allocate.put(cipher.getIV());
            allocate.put(doFinal);
            return allocate.array();
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e10) {
            throw new RuntimeException("Error encrypting CBOR for saving to disk", e10);
        }
    }

    private void U(co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> dVar) {
        co.nstant.in.cbor.builder.d<co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a>> G = dVar.G("namespaceDatas");
        Iterator<j.c> it = this.f11944i.iterator();
        while (it.hasNext()) {
            j.c next = it.next();
            G.u(new w(next.d()), q.S(next));
        }
    }

    static byte[] a(String str, PrivateKey privateKey, byte[] bArr) {
        co.nstant.in.cbor.a aVar = new co.nstant.in.cbor.a();
        co.nstant.in.cbor.builder.b<co.nstant.in.cbor.a> v9 = aVar.v();
        v9.r("ProofOfDeletion").r(str);
        if (bArr != null) {
            v9.t(bArr);
        }
        v9.s(false);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new co.nstant.in.cbor.c(byteArrayOutputStream).a(aVar.y().get(0));
            return q.o(q.G(privateKey, byteArrayOutputStream.toByteArray(), null, null));
        } catch (CborException | InvalidKeyException | NoSuchAlgorithmException | CertificateEncodingException e10) {
            throw new RuntimeException("Error building ProofOfDeletion", e10);
        }
    }

    private boolean c(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f35258b);
            keyStore.load(null);
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) keyStore.getEntry(str, null)).getSecretKey();
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKey);
            cipher.doFinal(new byte[]{1, 2});
            return true;
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static c d(Context context, String str, String str2, String str3, Collection<X509Certificate> collection, j jVar, byte[] bArr, boolean z9) {
        if (!z9 && f(context, str2)) {
            throw new RuntimeException("Credential with given name already exists");
        }
        c cVar = new c(context, str2);
        cVar.f11938c = str;
        cVar.f11939d = str3;
        cVar.f11940e = collection;
        cVar.f11941f = bArr;
        cVar.f11942g = new ArrayList();
        cVar.f11943h = new HashMap();
        for (androidx.security.identity.a aVar : jVar.a()) {
            cVar.f11942g.add(aVar);
            cVar.f11943h.put(Integer.valueOf(aVar.a().a()), aVar);
        }
        ArrayList arrayList = new ArrayList();
        cVar.f11944i = arrayList;
        arrayList.addAll(jVar.c());
        cVar.f11948m = new HashMap();
        for (androidx.security.identity.a aVar2 : jVar.a()) {
            boolean d10 = aVar2.d();
            long c10 = aVar2.c();
            if (d10) {
                j(str2, cVar);
                i(str2, cVar, aVar2, c10);
            }
        }
        cVar.e();
        cVar.N();
        return cVar;
    }

    private void e() {
        try {
            String x9 = x(this.f11937b);
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", com.splashtop.remote.security.f.f35258b);
            keyGenerator.init(new KeyGenParameterSpec.Builder(x9, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(128).build());
            keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e10) {
            throw new RuntimeException("Error creating data encryption key", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean f(Context context, String str) {
        try {
            new AtomicFile(context.getFileStreamPath(z(str))).openRead();
            return true;
        } catch (FileNotFoundException unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] g(Context context, String str, byte[] bArr) {
        c cVar;
        AtomicFile atomicFile = new AtomicFile(context.getFileStreamPath(z(str)));
        try {
            atomicFile.openRead();
            cVar = new c(context, str);
        } catch (FileNotFoundException unused) {
        }
        try {
            cVar.H(x(str));
            try {
                KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f35258b);
                keyStore.load(null);
                byte[] a10 = a(cVar.f11938c, ((KeyStore.PrivateKeyEntry) keyStore.getEntry(cVar.f11939d, null)).getPrivateKey(), bArr);
                atomicFile.delete();
                try {
                    keyStore.deleteEntry(cVar.f11939d);
                    if (!cVar.f11947l.isEmpty()) {
                        keyStore.deleteEntry(cVar.f11947l);
                    }
                    Iterator<String> it = cVar.f11948m.values().iterator();
                    while (it.hasNext()) {
                        keyStore.deleteEntry(it.next());
                    }
                    Iterator<a> it2 = cVar.f11949n.iterator();
                    while (it2.hasNext()) {
                        a next = it2.next();
                        if (!next.f11950a.isEmpty()) {
                            keyStore.deleteEntry(next.f11950a);
                        }
                        if (!next.f11954e.isEmpty()) {
                            keyStore.deleteEntry(next.f11954e);
                        }
                    }
                    return a10;
                } catch (KeyStoreException e10) {
                    throw new RuntimeException("Error deleting key", e10);
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e11) {
                throw new RuntimeException("Error loading keystore", e11);
            }
        } catch (RuntimeException unused2) {
            Log.e(f11935o, "Error parsing file on disk (old version?). Deleting anyway.");
            atomicFile.delete();
            return null;
        }
    }

    private static void i(String str, c cVar, androidx.security.identity.a aVar, long j10) {
        if (j10 > 0) {
            int a10 = aVar.a().a();
            String o10 = o(str, a10);
            try {
                int i10 = (int) (j10 / 1000);
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", com.splashtop.remote.security.f.f35258b);
                keyGenerator.init(new KeyGenParameterSpec.Builder(o10, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(i10).setKeySize(128).build());
                keyGenerator.generateKey();
                cVar.f11948m.put(Integer.valueOf(a10), o10);
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e10) {
                throw new RuntimeException("Error creating ACP auth-bound timeout key", e10);
            }
        }
    }

    private static void j(String str, c cVar) {
        if (cVar.f11947l.isEmpty()) {
            cVar.f11947l = n(str);
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", com.splashtop.remote.security.f.f35258b);
                keyGenerator.init(new KeyGenParameterSpec.Builder(cVar.f11947l, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(128).setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(-1).build());
                keyGenerator.generateKey();
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e10) {
                throw new RuntimeException("Error creating ACP auth-bound key", e10);
            }
        }
    }

    static String k(String str, String str2) {
        try {
            return "identity_credential_" + str + "_" + URLEncoder.encode(str2, com.bumptech.glide.load.f.f15483a);
        } catch (UnsupportedEncodingException e10) {
            throw new RuntimeException("Unexpected UnsupportedEncodingException", e10);
        }
    }

    static String n(String str) {
        return k("acp", str);
    }

    static String o(String str, int i10) {
        return k("acp_timeout_for_id" + i10, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String p(String str) {
        return k("credkey", str);
    }

    static String x(String str) {
        return k("datakey", str);
    }

    static String z(String str) {
        return k("data", str);
    }

    Collection<j.c> A() {
        return this.f11944i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String B() {
        return this.f11947l;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public j.c L(String str) {
        Iterator<j.c> it = this.f11944i.iterator();
        while (it.hasNext()) {
            j.c next = it.next();
            if (next.d().equals(str)) {
                return next;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @o0
    public byte[] M(@o0 byte[] bArr) {
        PrivateKey w9 = w();
        co.nstant.in.cbor.a aVar = new co.nstant.in.cbor.a();
        aVar.v().r("ProofOfOwnership").r(this.f11938c).t(bArr).s(false);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new co.nstant.in.cbor.c(byteArrayOutputStream).a(aVar.y().get(0));
            return q.o(q.G(w9, byteArrayOutputStream.toByteArray(), null, null));
        } catch (CborException | InvalidKeyException | NoSuchAlgorithmException | CertificateEncodingException e10) {
            throw new RuntimeException("Error building ProofOfOwnership", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Pair<PrivateKey, byte[]> V(boolean z9, boolean z10) {
        Pair<PrivateKey, byte[]> W = W(z9, false);
        if (W != null) {
            return W;
        }
        if (z10) {
            return W(z9, true);
        }
        return null;
    }

    Pair<PrivateKey, byte[]> W(boolean z9, boolean z10) {
        Calendar calendar;
        Calendar calendar2 = Calendar.getInstance();
        a aVar = null;
        for (int i10 = 0; i10 < this.f11945j; i10++) {
            a aVar2 = this.f11949n.get(i10);
            if (!aVar2.f11950a.isEmpty() && (((calendar = aVar2.f11956g) == null || !calendar2.after(calendar) || z10) && (aVar == null || aVar2.f11953d < aVar.f11953d))) {
                aVar = aVar2;
            }
        }
        if (aVar == null) {
            return null;
        }
        if (aVar.f11953d >= this.f11946k && !z9) {
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f35258b);
            keyStore.load(null);
            Pair<PrivateKey, byte[]> pair = new Pair<>(((KeyStore.PrivateKeyEntry) keyStore.getEntry(aVar.f11950a, null)).getPrivateKey(), aVar.f11952c);
            aVar.f11953d++;
            N();
            return pair;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e10) {
            throw new RuntimeException("Error loading keystore", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void X(int i10, int i11) {
        int i12 = this.f11945j;
        this.f11945j = i10;
        this.f11946k = i11;
        if (i12 < i10) {
            while (i12 < this.f11945j) {
                this.f11949n.add(new a());
                i12++;
            }
        } else if (i12 > i10) {
            try {
                KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f35258b);
                keyStore.load(null);
                int i13 = i12 - this.f11945j;
                for (int i14 = 0; i14 < i13; i14++) {
                    a aVar = this.f11949n.get(0);
                    if (!aVar.f11950a.isEmpty()) {
                        try {
                            if (keyStore.containsAlias(aVar.f11950a)) {
                                keyStore.deleteEntry(aVar.f11950a);
                            }
                        } catch (KeyStoreException e10) {
                            throw new RuntimeException("Error deleting auth key with mAlias " + aVar.f11950a, e10);
                        }
                    }
                    if (!aVar.f11954e.isEmpty()) {
                        try {
                            if (keyStore.containsAlias(aVar.f11954e)) {
                                keyStore.deleteEntry(aVar.f11954e);
                            }
                        } catch (KeyStoreException e11) {
                            throw new RuntimeException("Error deleting auth key with mPendingAlias " + aVar.f11954e, e11);
                        }
                    }
                    this.f11949n.remove(0);
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e12) {
                throw new RuntimeException("Error loading keystore", e12);
            }
        }
        N();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void Y(X509Certificate x509Certificate, Calendar calendar, byte[] bArr) throws UnknownAuthenticationKeyException {
        a aVar;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            Iterator<a> it = this.f11949n.iterator();
            while (true) {
                if (!it.hasNext()) {
                    aVar = null;
                    break;
                }
                aVar = it.next();
                if (aVar.f11955f.length > 0 && ((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(aVar.f11955f))).equals(x509Certificate)) {
                    break;
                }
            }
            if (aVar == null) {
                throw new UnknownAuthenticationKeyException("No such authentication key");
            }
            if (!aVar.f11950a.isEmpty()) {
                try {
                    KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f35258b);
                    keyStore.load(null);
                    if (keyStore.containsAlias(aVar.f11950a)) {
                        keyStore.deleteEntry(aVar.f11950a);
                    }
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e10) {
                    throw new RuntimeException("Error deleting old authentication key", e10);
                }
            }
            aVar.f11950a = aVar.f11954e;
            aVar.f11951b = aVar.f11955f;
            aVar.f11952c = bArr;
            aVar.f11953d = 0;
            aVar.f11954e = "";
            aVar.f11955f = new byte[0];
            aVar.f11956g = calendar;
            N();
        } catch (CertificateException e11) {
            throw new RuntimeException("Error encoding certificate", e11);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean b(b bVar, boolean z9) {
        if (l(bVar).c() == 0) {
            return z9;
        }
        String str = this.f11948m.get(Integer.valueOf(bVar.a()));
        if (str != null) {
            return c(str);
        }
        throw new RuntimeException("No key alias for ACP with ID " + bVar.a());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void h() {
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f35258b);
            keyStore.load(null);
            try {
                if (!this.f11947l.isEmpty()) {
                    keyStore.deleteEntry(this.f11947l);
                }
                Iterator<String> it = this.f11948m.values().iterator();
                while (it.hasNext()) {
                    keyStore.deleteEntry(it.next());
                }
                Iterator<a> it2 = this.f11949n.iterator();
                while (it2.hasNext()) {
                    a next = it2.next();
                    if (!next.f11950a.isEmpty()) {
                        keyStore.deleteEntry(next.f11950a);
                    }
                    if (!next.f11954e.isEmpty()) {
                        keyStore.deleteEntry(next.f11954e);
                    }
                }
            } catch (KeyStoreException e10) {
                throw new RuntimeException("Error deleting key", e10);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e11) {
            throw new RuntimeException("Error loading keystore", e11);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public androidx.security.identity.a l(b bVar) {
        androidx.security.identity.a aVar = this.f11943h.get(Integer.valueOf(bVar.a()));
        if (aVar != null) {
            return aVar;
        }
        throw new RuntimeException("No profile with id " + bVar.a());
    }

    Collection<androidx.security.identity.a> m() {
        return this.f11942g;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int q() {
        return this.f11945j;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int[] r() {
        int[] iArr = new int[this.f11945j];
        Iterator<a> it = this.f11949n.iterator();
        int i10 = 0;
        while (it.hasNext()) {
            iArr[i10] = it.next().f11953d;
            i10++;
        }
        return iArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<X509Certificate> s() {
        try {
            KeyStore.getInstance(com.splashtop.remote.security.f.f35258b).load(null);
            ArrayList arrayList = new ArrayList();
            Calendar calendar = Calendar.getInstance();
            for (int i10 = 0; i10 < this.f11945j; i10++) {
                a aVar = this.f11949n.get(i10);
                boolean z9 = true;
                boolean z10 = aVar.f11953d >= this.f11946k;
                Calendar calendar2 = aVar.f11956g;
                boolean z11 = aVar.f11950a.isEmpty() || z10 || (calendar2 != null ? calendar.after(calendar2) : false);
                boolean z12 = !aVar.f11954e.isEmpty();
                if (!z11 || z12) {
                    z9 = z12;
                } else {
                    try {
                        String str = this.f11939d + String.format("_auth_%d", Integer.valueOf(i10));
                        if (str.equals(aVar.f11950a)) {
                            str = str + "_";
                        }
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", com.splashtop.remote.security.f.f35258b);
                        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 12).setDigests("SHA-256", "SHA-512").build());
                        keyPairGenerator.generateKeyPair();
                        X509Certificate M = q.M(str, this.f11939d, this.f11941f);
                        aVar.f11954e = str;
                        aVar.f11955f = M.getEncoded();
                    } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException | CertificateEncodingException e10) {
                        throw new RuntimeException("Error creating auth key", e10);
                    }
                }
                if (z9) {
                    try {
                        arrayList.add((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(aVar.f11955f)));
                    } catch (CertificateException e11) {
                        throw new RuntimeException("Error creating certificate for auth key", e11);
                    }
                }
            }
            N();
            return arrayList;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e12) {
            throw new RuntimeException("Error loading keystore", e12);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int t() {
        return this.f11946k;
    }

    String u() {
        return this.f11939d;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<X509Certificate> v() {
        return this.f11940e;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivateKey w() {
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f35258b);
            keyStore.load(null);
            return ((KeyStore.PrivateKeyEntry) keyStore.getEntry(this.f11939d, null)).getPrivateKey();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e10) {
            throw new RuntimeException("Error loading keystore", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String y() {
        return this.f11938c;
    }
}
