package androidx.security.identity;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.o0;
import androidx.security.identity.j;
import co.nstant.in.cbor.CborException;
import co.nstant.in.cbor.model.w;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;

/* compiled from: SoftwareWritableIdentityCredential.java */
/* loaded from: classes.dex */
class p extends r {

    /* renamed from: f, reason: collision with root package name */
    private static final String f11765f = "SoftwareWritableIdentityCredential";

    /* renamed from: a, reason: collision with root package name */
    private KeyPair f11766a = null;

    /* renamed from: b, reason: collision with root package name */
    private Collection<X509Certificate> f11767b = null;

    /* renamed from: c, reason: collision with root package name */
    private String f11768c;

    /* renamed from: d, reason: collision with root package name */
    private String f11769d;

    /* renamed from: e, reason: collision with root package name */
    private Context f11770e;

    /* JADX INFO: Access modifiers changed from: package-private */
    public p(Context context, @o0 String str, @o0 String str2) throws AlreadyPersonalizedException {
        this.f11770e = context;
        this.f11768c = str2;
        this.f11769d = str;
        if (c.f(context, str)) {
            throw new AlreadyPersonalizedException("Credential with given name already exists");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static co.nstant.in.cbor.model.h c(String str, j jVar, PrivateKey privateKey) {
        co.nstant.in.cbor.a aVar = new co.nstant.in.cbor.a();
        co.nstant.in.cbor.builder.b<co.nstant.in.cbor.a> v9 = aVar.v();
        Iterator<a> it = jVar.a().iterator();
        while (it.hasNext()) {
            v9.q(q.b(it.next()));
        }
        co.nstant.in.cbor.a aVar2 = new co.nstant.in.cbor.a();
        co.nstant.in.cbor.builder.d<co.nstant.in.cbor.a> w9 = aVar2.w();
        for (j.c cVar : jVar.c()) {
            w9.u(new w(cVar.d()), q.S(cVar));
        }
        co.nstant.in.cbor.a aVar3 = new co.nstant.in.cbor.a();
        aVar3.v().r("ProofOfProvisioning").r(str).q(aVar.y().get(0)).q(aVar2.y().get(0)).s(false);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new co.nstant.in.cbor.c(byteArrayOutputStream).a(aVar3.y().get(0));
            return q.G(privateKey, byteArrayOutputStream.toByteArray(), null, null);
        } catch (CborException | InvalidKeyException | NoSuchAlgorithmException | CertificateEncodingException e10) {
            throw new RuntimeException("Error building ProofOfProvisioning", e10);
        }
    }

    private Collection<X509Certificate> d(byte[] bArr) {
        if (this.f11766a != null) {
            return null;
        }
        String p9 = c.p(this.f11769d);
        try {
            KeyStore keyStore = KeyStore.getInstance(com.splashtop.remote.security.f.f36765b);
            keyStore.load(null);
            if (keyStore.containsAlias(p9)) {
                keyStore.deleteEntry(p9);
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", com.splashtop.remote.security.f.f36765b);
            KeyGenParameterSpec.Builder digests = new KeyGenParameterSpec.Builder(p9, 12).setDigests("SHA-256", "SHA-512");
            if (bArr == null) {
                bArr = new byte[0];
            }
            digests.setAttestationChallenge(bArr);
            keyPairGenerator.initialize(digests.build());
            this.f11766a = keyPairGenerator.generateKeyPair();
            Certificate[] certificateChain = keyStore.getCertificateChain(p9);
            this.f11767b = new ArrayList();
            for (Certificate certificate : certificateChain) {
                this.f11767b.add((X509Certificate) certificate);
            }
            return this.f11767b;
        } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e10) {
            throw new RuntimeException("Error creating CredentialKey", e10);
        }
    }

    @Override // androidx.security.identity.r
    @o0
    public Collection<X509Certificate> a(@o0 byte[] bArr) {
        Collection<X509Certificate> d10 = d(bArr);
        if (d10 != null) {
            return d10;
        }
        throw new RuntimeException("getCredentialKeyCertificateChain() must be called before personalize()");
    }

    @Override // androidx.security.identity.r
    @o0
    public byte[] b(@o0 j jVar) {
        try {
            d(null);
            co.nstant.in.cbor.model.h c10 = c(this.f11768c, jVar, this.f11766a.getPrivate());
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(q.E(c10));
            Context context = this.f11770e;
            String str = this.f11768c;
            String str2 = this.f11769d;
            c.d(context, str, str2, c.p(str2), this.f11767b, jVar, digest, false);
            return q.o(c10);
        } catch (NoSuchAlgorithmException e10) {
            throw new RuntimeException("Error digesting ProofOfProvisioning", e10);
        }
    }
}
