package android.security.keystore2;

import android.app.ActivityThread;
import android.app.AppGlobals;
import android.hardware.security.keymint.KeyParameter;
import android.hardware.security.keymint.Tag;
import android.os.Build;
import android.os.RemoteException;
import android.security.GenerateRkpKey;
import android.security.KeyPairGeneratorSpec;
import android.security.KeyStore2;
import android.security.KeyStoreException;
import android.security.keymaster.KeymasterArguments;
import android.security.keystore.ArrayUtils;
import android.security.keystore.DeviceIdAttestationException;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProperties;
import android.system.keystore2.Authorization;
import android.system.keystore2.KeyDescriptor;
import android.system.keystore2.KeyEntryResponse;
import android.telephony.TelephonyManager;
import android.util.ArraySet;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGeneratorSpi;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.NamedParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.function.Consumer;
import java.util.function.Predicate;
import libcore.util.EmptyArray;

/* loaded from: classes11.dex */
public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGeneratorSpi {
    private static final String CURVE_ED_25519;
    private static final String CURVE_X_25519;
    private static final int EC_DEFAULT_KEY_SIZE = 256;
    private static final int RSA_DEFAULT_KEY_SIZE = 2048;
    private static final int RSA_MAX_KEY_SIZE = 8192;
    private static final int RSA_MIN_KEY_SIZE = 512;
    private static final List<String> SUPPORTED_EC_CURVE_NAMES;
    private static final Map<String, Integer> SUPPORTED_EC_CURVE_NAME_TO_SIZE;
    private static final List<Integer> SUPPORTED_EC_CURVE_SIZES;
    private static final String TAG = "AndroidKeyStoreKeyPairGeneratorSpi";
    private KeyDescriptor mAttestKeyDescriptor;
    private String mEcCurveName;
    private String mEntryAlias;
    private int mEntryNamespace;
    private String mJcaKeyAlgorithm;
    private int mKeySizeBits;
    private KeyStore2 mKeyStore;
    private int mKeymasterAlgorithm = -1;
    private int[] mKeymasterBlockModes;
    private int[] mKeymasterDigests;
    private int[] mKeymasterEncryptionPaddings;
    private int[] mKeymasterPurposes;
    private int[] mKeymasterSignaturePaddings;
    private final int mOriginalKeymasterAlgorithm;
    private Long mRSAPublicExponent;
    private SecureRandom mRng;
    private KeyGenParameterSpec mSpec;

    /* loaded from: classes11.dex */
    public static class EC extends AndroidKeyStoreKeyPairGeneratorSpi {
        public EC() {
            super(3);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes11.dex */
    public static class GenerateKeyPairHelperResult {
        public final KeyPair keyPair;
        public final int rkpStatus;

        private GenerateKeyPairHelperResult(int i, KeyPair keyPair) {
            this.rkpStatus = i;
            this.keyPair = keyPair;
        }
    }

    /* loaded from: classes11.dex */
    public static class RSA extends AndroidKeyStoreKeyPairGeneratorSpi {
        public RSA() {
            super(1);
        }
    }

    /* loaded from: classes11.dex */
    public static class XDH extends AndroidKeyStoreKeyPairGeneratorSpi {
        public XDH() {
            super(3);
        }
    }

    static {
        HashMap hashMap = new HashMap();
        SUPPORTED_EC_CURVE_NAME_TO_SIZE = hashMap;
        ArrayList arrayList = new ArrayList();
        SUPPORTED_EC_CURVE_NAMES = arrayList;
        ArrayList arrayList2 = new ArrayList();
        SUPPORTED_EC_CURVE_SIZES = arrayList2;
        String name = NamedParameterSpec.X25519.getName();
        CURVE_X_25519 = name;
        String name2 = NamedParameterSpec.ED25519.getName();
        CURVE_ED_25519 = name2;
        hashMap.put("p-224", 224);
        hashMap.put("secp224r1", 224);
        hashMap.put("p-256", 256);
        hashMap.put("secp256r1", 256);
        hashMap.put("prime256v1", 256);
        hashMap.put(name.toLowerCase(Locale.US), 256);
        hashMap.put(name2.toLowerCase(Locale.US), 256);
        hashMap.put("p-384", 384);
        hashMap.put("secp384r1", 384);
        hashMap.put("p-521", 521);
        hashMap.put("secp521r1", 521);
        arrayList.addAll(hashMap.keySet());
        Collections.sort(arrayList);
        arrayList2.addAll(new HashSet(hashMap.values()));
        Collections.sort(arrayList2);
    }

    protected AndroidKeyStoreKeyPairGeneratorSpi(int i) {
        this.mOriginalKeymasterAlgorithm = i;
    }

    private void addAlgorithmSpecificParameters(List<KeyParameter> list) {
        switch (this.mKeymasterAlgorithm) {
            case 1:
                list.add(KeyStore2ParameterUtils.makeLong(1342177480, this.mRSAPublicExponent.longValue()));
                return;
            case 2:
            default:
                throw new ProviderException("Unsupported algorithm: " + this.mKeymasterAlgorithm);
            case 3:
                return;
        }
    }

    private void addAttestationParameters(List<KeyParameter> list) throws ProviderException, IllegalArgumentException, DeviceIdAttestationException {
        byte[] attestationChallenge = this.mSpec.getAttestationChallenge();
        if (attestationChallenge != null) {
            list.add(KeyStore2ParameterUtils.makeBytes(-1879047484, attestationChallenge));
            if (this.mSpec.isDevicePropertiesAttestationIncluded()) {
                list.add(KeyStore2ParameterUtils.makeBytes(-1879047482, Build.BRAND.getBytes(StandardCharsets.UTF_8)));
                list.add(KeyStore2ParameterUtils.makeBytes(-1879047481, Build.DEVICE.getBytes(StandardCharsets.UTF_8)));
                list.add(KeyStore2ParameterUtils.makeBytes(-1879047480, Build.PRODUCT.getBytes(StandardCharsets.UTF_8)));
                list.add(KeyStore2ParameterUtils.makeBytes(-1879047476, Build.MANUFACTURER.getBytes(StandardCharsets.UTF_8)));
                list.add(KeyStore2ParameterUtils.makeBytes(-1879047475, Build.MODEL.getBytes(StandardCharsets.UTF_8)));
            }
            int[] attestationIds = this.mSpec.getAttestationIds();
            if (attestationIds.length == 0) {
                return;
            }
            ArraySet<Integer> arraySet = new ArraySet(attestationIds.length);
            for (int i : attestationIds) {
                arraySet.add(Integer.valueOf(i));
            }
            TelephonyManager telephonyManager = null;
            if ((arraySet.contains(2) || arraySet.contains(3)) && (telephonyManager = (TelephonyManager) AppGlobals.getInitialApplication().getSystemService("phone")) == null) {
                throw new DeviceIdAttestationException("Unable to access telephony service");
            }
            for (Integer num : arraySet) {
                switch (num.intValue()) {
                    case 1:
                        list.add(KeyStore2ParameterUtils.makeBytes(-1879047479, Build.getSerial().getBytes(StandardCharsets.UTF_8)));
                        break;
                    case 2:
                        String imei = telephonyManager.getImei(0);
                        if (imei == null) {
                            throw new DeviceIdAttestationException("Unable to retrieve IMEI");
                        }
                        list.add(KeyStore2ParameterUtils.makeBytes(-1879047478, imei.getBytes(StandardCharsets.UTF_8)));
                        break;
                    case 3:
                        String meid = telephonyManager.getMeid(0);
                        if (meid == null) {
                            throw new DeviceIdAttestationException("Unable to retrieve MEID");
                        }
                        list.add(KeyStore2ParameterUtils.makeBytes(-1879047477, meid.getBytes(StandardCharsets.UTF_8)));
                        break;
                    case 4:
                        list.add(KeyStore2ParameterUtils.makeBool(1879048912));
                        break;
                    default:
                        throw new IllegalArgumentException("Unknown device ID type " + ((Object) num));
                }
            }
        }
    }

    private KeyDescriptor buildAndCheckAttestKeyDescriptor(KeyGenParameterSpec keyGenParameterSpec) throws InvalidAlgorithmParameterException {
        if (keyGenParameterSpec.getAttestKeyAlias() == null) {
            return null;
        }
        KeyDescriptor keyDescriptor = new KeyDescriptor();
        keyDescriptor.domain = 0;
        keyDescriptor.alias = keyGenParameterSpec.getAttestKeyAlias();
        try {
            KeyEntryResponse keyEntry = this.mKeyStore.getKeyEntry(keyDescriptor);
            checkAttestKeyChallenge(keyGenParameterSpec);
            checkAttestKeyPurpose(keyEntry.metadata.authorizations);
            checkAttestKeySecurityLevel(keyGenParameterSpec, keyEntry);
            return keyDescriptor;
        } catch (KeyStoreException e) {
            throw new InvalidAlgorithmParameterException("Invalid attestKeyAlias", e);
        }
    }

    private KeyGenParameterSpec buildKeyGenParameterSpecFromLegacy(KeyPairGeneratorSpec keyPairGeneratorSpec, int i) {
        KeyGenParameterSpec.Builder builder;
        switch (i) {
            case 1:
                builder = new KeyGenParameterSpec.Builder(keyPairGeneratorSpec.getKeystoreAlias(), 15);
                builder.setDigests(KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_MD5, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, "SHA-256", KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512);
                builder.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE, KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1, KeyProperties.ENCRYPTION_PADDING_RSA_OAEP);
                builder.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1, KeyProperties.SIGNATURE_PADDING_RSA_PSS);
                builder.setRandomizedEncryptionRequired(false);
                break;
            case 2:
            default:
                throw new ProviderException("Unsupported algorithm: " + this.mKeymasterAlgorithm);
            case 3:
                builder = new KeyGenParameterSpec.Builder(keyPairGeneratorSpec.getKeystoreAlias(), 12);
                builder.setDigests(KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, "SHA-256", KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512);
                break;
        }
        if (keyPairGeneratorSpec.getKeySize() != -1) {
            builder.setKeySize(keyPairGeneratorSpec.getKeySize());
        }
        if (keyPairGeneratorSpec.getAlgorithmParameterSpec() != null) {
            builder.setAlgorithmParameterSpec(keyPairGeneratorSpec.getAlgorithmParameterSpec());
        }
        builder.setCertificateSubject(keyPairGeneratorSpec.getSubjectDN());
        builder.setCertificateSerialNumber(keyPairGeneratorSpec.getSerialNumber());
        builder.setCertificateNotBefore(keyPairGeneratorSpec.getStartDate());
        builder.setCertificateNotAfter(keyPairGeneratorSpec.getEndDate());
        builder.setUserAuthenticationRequired(false);
        return builder.build();
    }

    private void checkAttestKeyChallenge(KeyGenParameterSpec keyGenParameterSpec) throws InvalidAlgorithmParameterException {
        if (keyGenParameterSpec.getAttestationChallenge() == null) {
            throw new InvalidAlgorithmParameterException("AttestKey specified but no attestation challenge provided");
        }
    }

    private void checkAttestKeyPurpose(KeyGenParameterSpec keyGenParameterSpec) throws InvalidAlgorithmParameterException {
        if ((keyGenParameterSpec.getPurposes() & 128) != 0 && keyGenParameterSpec.getPurposes() != 128) {
            throw new InvalidAlgorithmParameterException("PURPOSE_ATTEST_KEY may not be specified with any other purposes");
        }
    }

    private void checkAttestKeyPurpose(Authorization[] authorizationArr) throws InvalidAlgorithmParameterException {
        if (Arrays.stream(authorizationArr).noneMatch(new Predicate() { // from class: android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi$$ExternalSyntheticLambda0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                return AndroidKeyStoreKeyPairGeneratorSpi.lambda$checkAttestKeyPurpose$0((Authorization) obj);
            }
        })) {
            throw new InvalidAlgorithmParameterException("Invalid attestKey, does not have PURPOSE_ATTEST_KEY");
        }
    }

    private void checkAttestKeySecurityLevel(KeyGenParameterSpec keyGenParameterSpec, KeyEntryResponse keyEntryResponse) throws InvalidAlgorithmParameterException {
        boolean z = keyEntryResponse.metadata.keySecurityLevel == 2;
        if (keyGenParameterSpec.isStrongBoxBacked() != z) {
            if (!z) {
                throw new InvalidAlgorithmParameterException("Invalid security level: Cannot sign StrongBox key with non-StrongBox attestKey");
            }
            throw new InvalidAlgorithmParameterException("Invalid security level: Cannot sign non-StrongBox key with StrongBox attestKey");
        }
    }

    private void checkCorrectKeyPurposeForCurve(KeyGenParameterSpec keyGenParameterSpec) throws InvalidAlgorithmParameterException {
        if (isCurve25519(this.mEcCurveName)) {
            if (this.mEcCurveName.equalsIgnoreCase(CURVE_X_25519) && keyGenParameterSpec.getPurposes() != 64) {
                throw new InvalidAlgorithmParameterException("x25519 may only be used for key agreement.");
            }
            if (this.mEcCurveName.equalsIgnoreCase(CURVE_ED_25519) && !hasOnlyAllowedPurposeForEd25519(keyGenParameterSpec.getPurposes())) {
                throw new InvalidAlgorithmParameterException("ed25519 may not be used for key agreement.");
            }
        }
    }

    private static void checkValidKeySize(int i, int i2, boolean z, String str) throws InvalidAlgorithmParameterException {
        switch (i) {
            case 1:
                if (i2 < 512 || i2 > 8192) {
                    throw new InvalidAlgorithmParameterException("RSA key size must be >= 512 and <= 8192");
                }
                return;
            case 2:
            default:
                throw new ProviderException("Unsupported algorithm: " + i);
            case 3:
                if (z && i2 != 256) {
                    throw new InvalidAlgorithmParameterException("Unsupported StrongBox EC key size: " + i2 + " bits. Supported: 256");
                }
                if (z && isCurve25519(str)) {
                    throw new InvalidAlgorithmParameterException("Unsupported StrongBox EC: " + str);
                }
                List<Integer> list = SUPPORTED_EC_CURVE_SIZES;
                if (!list.contains(Integer.valueOf(i2))) {
                    throw new InvalidAlgorithmParameterException("Unsupported EC key size: " + i2 + " bits. Supported: " + ((Object) list));
                }
                return;
        }
    }

    private Collection<KeyParameter> constructKeyGenerationArguments() throws DeviceIdAttestationException, IllegalArgumentException, InvalidAlgorithmParameterException {
        final ArrayList arrayList = new ArrayList();
        arrayList.add(KeyStore2ParameterUtils.makeInt(805306371, this.mKeySizeBits));
        arrayList.add(KeyStore2ParameterUtils.makeEnum(268435458, this.mKeymasterAlgorithm));
        if (this.mKeymasterAlgorithm == 3) {
            arrayList.add(KeyStore2ParameterUtils.makeEnum(Tag.EC_CURVE, keySizeAndNameToEcCurve(this.mKeySizeBits, this.mEcCurveName)));
        }
        ArrayUtils.forEach(this.mKeymasterPurposes, new Consumer() { // from class: android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi$$ExternalSyntheticLambda1
            @Override // java.util.function.Consumer
            /* renamed from: accept */
            public final void q(Object obj) {
                List.this.add(KeyStore2ParameterUtils.makeEnum(536870913, ((Integer) obj).intValue()));
            }
        });
        ArrayUtils.forEach(this.mKeymasterBlockModes, new Consumer() { // from class: android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi$$ExternalSyntheticLambda2
            @Override // java.util.function.Consumer
            /* renamed from: accept */
            public final void q(Object obj) {
                List.this.add(KeyStore2ParameterUtils.makeEnum(536870916, ((Integer) obj).intValue()));
            }
        });
        ArrayUtils.forEach(this.mKeymasterEncryptionPaddings, new Consumer() { // from class: android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi$$ExternalSyntheticLambda3
            @Override // java.util.function.Consumer
            /* renamed from: accept */
            public final void q(Object obj) {
                List.this.add(KeyStore2ParameterUtils.makeEnum(536870918, ((Integer) obj).intValue()));
            }
        });
        ArrayUtils.forEach(this.mKeymasterSignaturePaddings, new Consumer() { // from class: android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi$$ExternalSyntheticLambda4
            @Override // java.util.function.Consumer
            /* renamed from: accept */
            public final void q(Object obj) {
                List.this.add(KeyStore2ParameterUtils.makeEnum(536870918, ((Integer) obj).intValue()));
            }
        });
        ArrayUtils.forEach(this.mKeymasterDigests, new Consumer() { // from class: android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi$$ExternalSyntheticLambda5
            @Override // java.util.function.Consumer
            /* renamed from: accept */
            public final void q(Object obj) {
                List.this.add(KeyStore2ParameterUtils.makeEnum(536870917, ((Integer) obj).intValue()));
            }
        });
        KeyStore2ParameterUtils.addUserAuthArgs(arrayList, this.mSpec);
        if (this.mSpec.getKeyValidityStart() != null) {
            arrayList.add(KeyStore2ParameterUtils.makeDate(1610613136, this.mSpec.getKeyValidityStart()));
        }
        if (this.mSpec.getKeyValidityForOriginationEnd() != null) {
            arrayList.add(KeyStore2ParameterUtils.makeDate(1610613137, this.mSpec.getKeyValidityForOriginationEnd()));
        }
        if (this.mSpec.getKeyValidityForConsumptionEnd() != null) {
            arrayList.add(KeyStore2ParameterUtils.makeDate(1610613138, this.mSpec.getKeyValidityForConsumptionEnd()));
        }
        if (this.mSpec.getCertificateNotAfter() != null) {
            arrayList.add(KeyStore2ParameterUtils.makeDate(1610613745, this.mSpec.getCertificateNotAfter()));
        }
        if (this.mSpec.getCertificateNotBefore() != null) {
            arrayList.add(KeyStore2ParameterUtils.makeDate(1610613744, this.mSpec.getCertificateNotBefore()));
        }
        if (this.mSpec.getCertificateSerialNumber() != null) {
            arrayList.add(KeyStore2ParameterUtils.makeBignum(-2147482642, this.mSpec.getCertificateSerialNumber()));
        }
        if (this.mSpec.getCertificateSubject() != null) {
            arrayList.add(KeyStore2ParameterUtils.makeBytes(-1879047185, this.mSpec.getCertificateSubject().getEncoded()));
        }
        if (this.mSpec.getMaxUsageCount() != -1) {
            arrayList.add(KeyStore2ParameterUtils.makeInt(805306773, this.mSpec.getMaxUsageCount()));
        }
        addAlgorithmSpecificParameters(arrayList);
        if (this.mSpec.isUniqueIdIncluded()) {
            arrayList.add(KeyStore2ParameterUtils.makeBool(1879048394));
        }
        addAttestationParameters(arrayList);
        return arrayList;
    }

    /* JADX WARN: Removed duplicated region for block: B:57:0x00e4 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi.GenerateKeyPairHelperResult generateKeyPairHelper() {
        /*
            Method dump skipped, instructions count: 264
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPairHelper():android.security.keystore2.AndroidKeyStoreKeyPairGeneratorSpi$GenerateKeyPairHelperResult");
    }

    private static Set<Integer> getAvailableKeymasterSignatureDigests(String[] strArr, String[] strArr2) {
        HashSet hashSet = new HashSet();
        for (int i : KeyProperties.Digest.allToKeymaster(strArr)) {
            hashSet.add(Integer.valueOf(i));
        }
        HashSet hashSet2 = new HashSet();
        for (int i2 : KeyProperties.Digest.allToKeymaster(strArr2)) {
            hashSet2.add(Integer.valueOf(i2));
        }
        HashSet hashSet3 = new HashSet(hashSet2);
        hashSet3.retainAll(hashSet);
        return hashSet3;
    }

    private static String getCertificateSignatureAlgorithm(int i, int i2, KeyGenParameterSpec keyGenParameterSpec) {
        if ((keyGenParameterSpec.getPurposes() & 4) == 0 || keyGenParameterSpec.isUserAuthenticationRequired() || !keyGenParameterSpec.isDigestsSpecified()) {
            return null;
        }
        switch (i) {
            case 1:
                if (!com.android.internal.util.ArrayUtils.contains(KeyProperties.SignaturePadding.allToKeymaster(keyGenParameterSpec.getSignaturePaddings()), 5)) {
                    return null;
                }
                int i3 = i2 - 240;
                Iterator<Integer> listIterator = getAvailableKeymasterSignatureDigests(keyGenParameterSpec.getDigests(), AndroidKeyStoreBCWorkaroundProvider.getSupportedEcdsaSignatureDigests()).listIterator();
                int i4 = -1;
                int i5 = -1;
                while (listIterator.hasNext()) {
                    int intValue = listIterator.next().intValue();
                    int digestOutputSizeBits = KeymasterUtils.getDigestOutputSizeBits(intValue);
                    if (digestOutputSizeBits <= i3 && (i4 == -1 || digestOutputSizeBits > i5)) {
                        i4 = intValue;
                        i5 = digestOutputSizeBits;
                    }
                }
                if (i4 == -1) {
                    return null;
                }
                return KeyProperties.Digest.fromKeymasterToSignatureAlgorithmDigest(i4) + "WithRSA";
            case 2:
            default:
                throw new ProviderException("Unsupported algorithm: " + i);
            case 3:
                Iterator<Integer> listIterator2 = getAvailableKeymasterSignatureDigests(keyGenParameterSpec.getDigests(), AndroidKeyStoreBCWorkaroundProvider.getSupportedEcdsaSignatureDigests()).listIterator();
                int i6 = -1;
                int i7 = -1;
                while (true) {
                    if (listIterator2.hasNext()) {
                        int intValue2 = listIterator2.next().intValue();
                        int digestOutputSizeBits2 = KeymasterUtils.getDigestOutputSizeBits(intValue2);
                        if (digestOutputSizeBits2 == i2) {
                            i6 = intValue2;
                        } else {
                            if (i6 != -1) {
                                if (i7 < i2) {
                                    if (digestOutputSizeBits2 > i7) {
                                    }
                                } else if (digestOutputSizeBits2 < i7 && digestOutputSizeBits2 >= i2) {
                                }
                            }
                            i6 = intValue2;
                            i7 = digestOutputSizeBits2;
                        }
                    }
                }
                if (i6 == -1) {
                    return null;
                }
                return KeyProperties.Digest.fromKeymasterToSignatureAlgorithmDigest(i6) + "WithECDSA";
        }
    }

    private static int getDefaultKeySize(int i) {
        switch (i) {
            case 1:
                return 2048;
            case 2:
            default:
                throw new ProviderException("Unsupported algorithm: " + i);
            case 3:
                return 256;
        }
    }

    private int getKeymasterAlgorithmFromLegacy(int i, KeyPairGeneratorSpec keyPairGeneratorSpec) throws InvalidAlgorithmParameterException {
        String keyType = keyPairGeneratorSpec.getKeyType();
        if (keyType == null) {
            return i;
        }
        try {
            return KeyProperties.KeyAlgorithm.toKeymasterAsymmetricKeyAlgorithm(keyType);
        } catch (IllegalArgumentException e) {
            throw new InvalidAlgorithmParameterException("Invalid key type in parameters", e);
        }
    }

    private static boolean hasOnlyAllowedPurposeForEd25519(int i) {
        return ((i & 140) != 0) && !((i & (-141)) != 0);
    }

    private void initAlgorithmSpecificParameters() throws InvalidAlgorithmParameterException {
        AlgorithmParameterSpec algorithmParameterSpec = this.mSpec.getAlgorithmParameterSpec();
        switch (this.mKeymasterAlgorithm) {
            case 1:
                BigInteger bigInteger = null;
                if (algorithmParameterSpec instanceof RSAKeyGenParameterSpec) {
                    RSAKeyGenParameterSpec rSAKeyGenParameterSpec = (RSAKeyGenParameterSpec) algorithmParameterSpec;
                    int i = this.mKeySizeBits;
                    if (i == -1) {
                        this.mKeySizeBits = rSAKeyGenParameterSpec.getKeysize();
                    } else if (i != rSAKeyGenParameterSpec.getKeysize()) {
                        throw new InvalidAlgorithmParameterException("RSA key size must match  between " + ((Object) this.mSpec) + " and " + ((Object) algorithmParameterSpec) + ": " + this.mKeySizeBits + " vs " + rSAKeyGenParameterSpec.getKeysize());
                    }
                    bigInteger = rSAKeyGenParameterSpec.getPublicExponent();
                } else if (algorithmParameterSpec != null) {
                    throw new InvalidAlgorithmParameterException("RSA may only use RSAKeyGenParameterSpec");
                }
                if (bigInteger == null) {
                    bigInteger = RSAKeyGenParameterSpec.F4;
                }
                if (bigInteger.compareTo(BigInteger.ZERO) < 1) {
                    throw new InvalidAlgorithmParameterException("RSA public exponent must be positive: " + ((Object) bigInteger));
                }
                if (bigInteger.signum() == -1 || bigInteger.compareTo(KeymasterArguments.UINT64_MAX_VALUE) > 0) {
                    throw new InvalidAlgorithmParameterException("Unsupported RSA public exponent: " + ((Object) bigInteger) + ". Maximum supported value: " + ((Object) KeymasterArguments.UINT64_MAX_VALUE));
                }
                this.mRSAPublicExponent = Long.valueOf(bigInteger.longValue());
                return;
            case 2:
            default:
                throw new ProviderException("Unsupported algorithm: " + this.mKeymasterAlgorithm);
            case 3:
                if (!(algorithmParameterSpec instanceof ECGenParameterSpec)) {
                    if (algorithmParameterSpec != null) {
                        throw new InvalidAlgorithmParameterException("EC may only use ECGenParameterSpec");
                    }
                    return;
                }
                String name = ((ECGenParameterSpec) algorithmParameterSpec).getName();
                this.mEcCurveName = name;
                Integer num = SUPPORTED_EC_CURVE_NAME_TO_SIZE.get(name.toLowerCase(Locale.US));
                if (num == null) {
                    throw new InvalidAlgorithmParameterException("Unsupported EC curve name: " + this.mEcCurveName + ". Supported: " + ((Object) SUPPORTED_EC_CURVE_NAMES));
                }
                int i2 = this.mKeySizeBits;
                if (i2 == -1) {
                    this.mKeySizeBits = num.intValue();
                    return;
                } else {
                    if (i2 != num.intValue()) {
                        throw new InvalidAlgorithmParameterException("EC key size must match  between " + ((Object) this.mSpec) + " and " + ((Object) algorithmParameterSpec) + ": " + this.mKeySizeBits + " vs " + ((Object) num));
                    }
                    return;
                }
        }
    }

    private static boolean isCurve25519(String str) {
        if (str == null) {
            return false;
        }
        return str.equalsIgnoreCase(CURVE_X_25519) || str.equalsIgnoreCase(CURVE_ED_25519);
    }

    private static int keySizeAndNameToEcCurve(int i, String str) throws InvalidAlgorithmParameterException {
        switch (i) {
            case 224:
                return 0;
            case 256:
                return isCurve25519(str) ? 4 : 1;
            case 384:
                return 2;
            case 521:
                return 3;
            default:
                throw new InvalidAlgorithmParameterException("Unsupported EC curve keysize: " + i);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ boolean lambda$checkAttestKeyPurpose$0(Authorization authorization) {
        return authorization.keyParameter.tag == 536870913 && authorization.keyParameter.value.getKeyPurpose() == 7;
    }

    private void resetAll() {
        this.mEntryAlias = null;
        this.mEntryNamespace = -1;
        this.mJcaKeyAlgorithm = null;
        this.mKeymasterAlgorithm = -1;
        this.mKeymasterPurposes = null;
        this.mKeymasterBlockModes = null;
        this.mKeymasterEncryptionPaddings = null;
        this.mKeymasterSignaturePaddings = null;
        this.mKeymasterDigests = null;
        this.mKeySizeBits = 0;
        this.mSpec = null;
        this.mRSAPublicExponent = null;
        this.mRng = null;
        this.mKeyStore = null;
        this.mEcCurveName = null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    GenerateKeyPairHelperResult checkIfRetryableOrThrow(KeyStoreException keyStoreException, int i) {
        KeyStoreException keyStoreException2;
        int i2;
        int i3 = 1;
        try {
            int notifyEmpty = new GenerateRkpKey(ActivityThread.currentApplication()).notifyEmpty(i);
            switch (notifyEmpty) {
                case 0:
                    return new GenerateKeyPairHelperResult(i3, null);
                case 1:
                    i2 = 3;
                    break;
                case 2:
                case 3:
                default:
                    i2 = 1;
                    break;
                case 4:
                    i2 = 2;
                    break;
            }
            keyStoreException2 = new KeyStoreException(22, "Out of RKP keys due to IGenerateRkpKeyService status: " + notifyEmpty, i2);
        } catch (RemoteException e) {
            keyStoreException2 = new KeyStoreException(22, "Remote exception: " + e.getMessage(), 1);
        }
        keyStoreException2.initCause(keyStoreException);
        throw new ProviderException("Failed to provision new attestation keys.", keyStoreException2);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyPairGeneratorSpi
    public KeyPair generateKeyPair() {
        int i = 0;
        GenerateKeyPairHelperResult generateKeyPairHelperResult = new GenerateKeyPairHelperResult(i, null);
        while (i < 2) {
            generateKeyPairHelperResult = generateKeyPairHelper();
            if (generateKeyPairHelperResult.rkpStatus == 0 && generateKeyPairHelperResult.keyPair != null) {
                return generateKeyPairHelperResult.keyPair;
            }
            i++;
        }
        if (generateKeyPairHelperResult.rkpStatus == 0) {
            return generateKeyPairHelperResult.keyPair;
        }
        throw new ProviderException("Failed to provision new attestation keys.", new KeyStoreException(22, "Could not get RKP keys", generateKeyPairHelperResult.rkpStatus));
    }

    @Override // java.security.KeyPairGeneratorSpi
    public void initialize(int i, SecureRandom secureRandom) {
        throw new IllegalArgumentException(KeyGenParameterSpec.class.getName() + " or " + KeyPairGeneratorSpec.class.getName() + " required to initialize this KeyPairGenerator");
    }

    @Override // java.security.KeyPairGeneratorSpi
    public void initialize(AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        KeyGenParameterSpec buildKeyGenParameterSpecFromLegacy;
        resetAll();
        try {
            if (algorithmParameterSpec == null) {
                throw new InvalidAlgorithmParameterException("Must supply params of type " + KeyGenParameterSpec.class.getName() + " or " + KeyPairGeneratorSpec.class.getName());
            }
            int i = this.mOriginalKeymasterAlgorithm;
            if (algorithmParameterSpec instanceof KeyGenParameterSpec) {
                buildKeyGenParameterSpecFromLegacy = (KeyGenParameterSpec) algorithmParameterSpec;
            } else {
                if (!(algorithmParameterSpec instanceof KeyPairGeneratorSpec)) {
                    if (!(algorithmParameterSpec instanceof NamedParameterSpec)) {
                        throw new InvalidAlgorithmParameterException("Unsupported params class: " + algorithmParameterSpec.getClass().getName() + ". Supported: " + KeyGenParameterSpec.class.getName() + ", " + KeyPairGeneratorSpec.class.getName());
                    }
                    NamedParameterSpec namedParameterSpec = (NamedParameterSpec) algorithmParameterSpec;
                    if (!namedParameterSpec.getName().equalsIgnoreCase(NamedParameterSpec.X25519.getName()) && !namedParameterSpec.getName().equalsIgnoreCase(NamedParameterSpec.ED25519.getName())) {
                        throw new InvalidAlgorithmParameterException("Unsupported algorithm specified via NamedParameterSpec: " + namedParameterSpec.getName());
                    }
                    throw new IllegalArgumentException("This KeyPairGenerator cannot be initialized using NamedParameterSpec. use " + KeyGenParameterSpec.class.getName() + " or " + KeyPairGeneratorSpec.class.getName());
                }
                KeyPairGeneratorSpec keyPairGeneratorSpec = (KeyPairGeneratorSpec) algorithmParameterSpec;
                try {
                    i = getKeymasterAlgorithmFromLegacy(i, keyPairGeneratorSpec);
                    buildKeyGenParameterSpecFromLegacy = buildKeyGenParameterSpecFromLegacy(keyPairGeneratorSpec, i);
                } catch (IllegalArgumentException | NullPointerException e) {
                    throw new InvalidAlgorithmParameterException(e);
                }
            }
            this.mEntryAlias = buildKeyGenParameterSpecFromLegacy.getKeystoreAlias();
            this.mEntryNamespace = buildKeyGenParameterSpecFromLegacy.getNamespace();
            this.mSpec = buildKeyGenParameterSpecFromLegacy;
            this.mKeymasterAlgorithm = i;
            this.mKeySizeBits = buildKeyGenParameterSpecFromLegacy.getKeySize();
            initAlgorithmSpecificParameters();
            if (this.mKeySizeBits == -1) {
                this.mKeySizeBits = getDefaultKeySize(i);
            }
            checkValidKeySize(i, this.mKeySizeBits, this.mSpec.isStrongBoxBacked(), this.mEcCurveName);
            if (buildKeyGenParameterSpecFromLegacy.getKeystoreAlias() == null) {
                throw new InvalidAlgorithmParameterException("KeyStore entry alias not provided");
            }
            try {
                String fromKeymasterAsymmetricKeyAlgorithm = KeyProperties.KeyAlgorithm.fromKeymasterAsymmetricKeyAlgorithm(i);
                this.mKeymasterPurposes = KeyProperties.Purpose.allToKeymaster(buildKeyGenParameterSpecFromLegacy.getPurposes());
                this.mKeymasterBlockModes = KeyProperties.BlockMode.allToKeymaster(buildKeyGenParameterSpecFromLegacy.getBlockModes());
                this.mKeymasterEncryptionPaddings = KeyProperties.EncryptionPadding.allToKeymaster(buildKeyGenParameterSpecFromLegacy.getEncryptionPaddings());
                if ((buildKeyGenParameterSpecFromLegacy.getPurposes() & 1) != 0 && buildKeyGenParameterSpecFromLegacy.isRandomizedEncryptionRequired()) {
                    for (int i2 : this.mKeymasterEncryptionPaddings) {
                        if (!KeymasterUtils.isKeymasterPaddingSchemeIndCpaCompatibleWithAsymmetricCrypto(i2)) {
                            throw new InvalidAlgorithmParameterException("Randomized encryption (IND-CPA) required but may be violated by padding scheme: " + KeyProperties.EncryptionPadding.fromKeymaster(i2) + ". See " + KeyGenParameterSpec.class.getName() + " documentation.");
                        }
                    }
                }
                this.mKeymasterSignaturePaddings = KeyProperties.SignaturePadding.allToKeymaster(buildKeyGenParameterSpecFromLegacy.getSignaturePaddings());
                if (buildKeyGenParameterSpecFromLegacy.isDigestsSpecified()) {
                    this.mKeymasterDigests = KeyProperties.Digest.allToKeymaster(buildKeyGenParameterSpecFromLegacy.getDigests());
                } else {
                    this.mKeymasterDigests = EmptyArray.INT;
                }
                KeyStore2ParameterUtils.addUserAuthArgs(new ArrayList(), this.mSpec);
                this.mJcaKeyAlgorithm = fromKeymasterAsymmetricKeyAlgorithm;
                this.mRng = secureRandom;
                this.mKeyStore = KeyStore2.getInstance();
                this.mAttestKeyDescriptor = buildAndCheckAttestKeyDescriptor(buildKeyGenParameterSpecFromLegacy);
                checkAttestKeyPurpose(buildKeyGenParameterSpecFromLegacy);
                checkCorrectKeyPurposeForCurve(buildKeyGenParameterSpecFromLegacy);
            } catch (IllegalArgumentException | IllegalStateException e2) {
                throw new InvalidAlgorithmParameterException(e2);
            }
        } catch (Throwable th) {
            resetAll();
            throw th;
        }
    }
}
