package com.android.remoteprovisioner;

import android.content.Context;
import android.hardware.security.keymint.DeviceInfo;
import android.hardware.security.keymint.ProtectedData;
import android.security.remoteprovisioning.IRemoteProvisioning;
import android.util.Log;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;

/* loaded from: classes.dex */
public class Provisioner {
    public static int provisionCerts(int i, int i2, byte[] bArr, byte[] bArr2, IRemoteProvisioning iRemoteProvisioning, Context context, ProvisionerMetrics provisionerMetrics) throws RemoteProvisioningException {
        byte[] bArr3;
        byte[] bArr4;
        Log.i("RemoteProvisioningService", "Request for " + i + " keys to be provisioned.");
        if (i < 1) {
            throw new RemoteProvisioningException(8, "Request at least 1 key to be signed. Num requested: " + i);
        }
        DeviceInfo deviceInfo = new DeviceInfo();
        ProtectedData protectedData = new ProtectedData();
        byte[] generateCsr = SystemInterface.generateCsr(SettingsManager.isTestMode(), i, i2, bArr, bArr2, protectedData, deviceInfo, iRemoteProvisioning, provisionerMetrics);
        if (generateCsr == null || (bArr3 = protectedData.protectedData) == null || (bArr4 = deviceInfo.deviceInfo) == null) {
            throw new RemoteProvisioningException(8, "Keystore failed to generate a payload");
        }
        byte[] buildCertificateRequest = CborUtils.buildCertificateRequest(bArr4, bArr2, bArr3, generateCsr, CborUtils.buildUnverifiedDeviceInfo());
        if (buildCertificateRequest == null) {
            throw new RemoteProvisioningException(8, "Failed to serialize the payload generated by keystore.");
        }
        List<byte[]> requestSignedCertificates = ServerInterface.requestSignedCertificates(context, buildCertificateRequest, bArr2, provisionerMetrics);
        if (requestSignedCertificates == null) {
            throw new RemoteProvisioningException(8, "Server response failed on provisioning attempt.");
        }
        Log.i("RemoteProvisioningService", "Received " + requestSignedCertificates.size() + " certificate chains from the server.");
        int i3 = 0;
        for (byte[] bArr5 : requestSignedCertificates) {
            try {
                X509Certificate x509Certificate = X509Utils.formatX509Certs(bArr5)[0];
                long time = x509Certificate.getNotAfter().getTime();
                byte[] andFormatRawPublicKey = X509Utils.getAndFormatRawPublicKey(x509Certificate);
                if (andFormatRawPublicKey == null) {
                    Log.e("RemoteProvisioningService", "Skipping malformed public key.");
                } else {
                    try {
                        if (SystemInterface.provisionCertChain(andFormatRawPublicKey, x509Certificate.getEncoded(), bArr5, time, i2, iRemoteProvisioning, provisionerMetrics)) {
                            i3++;
                        }
                    } catch (CertificateEncodingException e) {
                        throw new RemoteProvisioningException(8, "Error re-encoding the decoded batch cert", e);
                    }
                }
            } catch (CertificateException e2) {
                throw new RemoteProvisioningException(8, "Failed to interpret DER encoded certificate chain", e2);
            }
        }
        if (i3 < i / 2) {
            throw new RemoteProvisioningException(8, "Requested " + i + " keys, provisioned " + i3);
        }
        Log.i("RemoteProvisioningService", "In provisionCerts: Requested " + i + " keys. " + i3 + " were provisioned.");
        return i3;
    }
}
