package com.android.remoteprovisioner;

import android.hardware.security.keymint.DeviceInfo;
import android.hardware.security.keymint.ProtectedData;
import android.os.RemoteException;
import android.os.ServiceSpecificException;
import android.security.remoteprovisioning.AttestationPoolStatus;
import android.security.remoteprovisioning.IRemoteProvisioning;
import android.util.Log;
import co.nstant.in.cbor.CborBuilder;
import co.nstant.in.cbor.CborDecoder;
import co.nstant.in.cbor.CborEncoder;
import co.nstant.in.cbor.CborException;
import co.nstant.in.cbor.builder.ArrayBuilder;
import co.nstant.in.cbor.model.Array;
import co.nstant.in.cbor.model.DataItem;
import com.android.remoteprovisioner.ProvisionerMetrics;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.util.List;

/* loaded from: classes.dex */
public class SystemInterface {
    private static byte[] encodePayload(List<DataItem> list) throws CborException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ArrayBuilder<CborBuilder> addArray = new CborBuilder().addArray();
        for (int i = 1; i < list.size(); i++) {
            addArray = addArray.add(list.get(i));
        }
        new CborEncoder(byteArrayOutputStream).encode(addArray.end().build());
        return byteArrayOutputStream.toByteArray();
    }

    public static byte[] generateCsr(boolean z, int i, int i2, byte[] bArr, byte[] bArr2, ProtectedData protectedData, DeviceInfo deviceInfo, IRemoteProvisioning iRemoteProvisioning, ProvisionerMetrics provisionerMetrics) {
        try {
            Log.i("RemoteProvisioner", "Packaging " + i + " keys into a CSR. Test: " + z);
            new ProtectedData();
            ProvisionerMetrics.StopWatch startBinderWait = provisionerMetrics.startBinderWait();
            try {
                byte[] generateCsr = iRemoteProvisioning.generateCsr(z, i, bArr, bArr2, i2, protectedData, deviceInfo);
                if (startBinderWait != null) {
                    startBinderWait.close();
                }
                if (generateCsr == null) {
                    Log.e("RemoteProvisioner", "Keystore didn't generate a CSR successfully.");
                    provisionerMetrics.setStatus(ProvisionerMetrics.Status.GENERATE_CSR_FAILED);
                    return null;
                }
                List<DataItem> dataItems = ((Array) new CborDecoder(new ByteArrayInputStream(generateCsr)).decode().get(0)).getDataItems();
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                new CborEncoder(byteArrayOutputStream).encode(new CborBuilder().addArray().add(makeProtectedHeaders()).addMap().end().add(encodePayload(dataItems)).add(dataItems.get(0)).end().build());
                return byteArrayOutputStream.toByteArray();
            } finally {
            }
        } catch (RemoteException e) {
            Log.e("RemoteProvisioner", "Failed to generate CSR blob", e);
            provisionerMetrics.setStatus(ProvisionerMetrics.Status.GENERATE_CSR_FAILED);
            return null;
        } catch (ServiceSpecificException e2) {
            Log.e("RemoteProvisioner", "Failure in Keystore or Keymint to facilitate blob generation.", e2);
            provisionerMetrics.setStatus(ProvisionerMetrics.Status.GENERATE_CSR_FAILED);
            return null;
        } catch (CborException e3) {
            Log.e("RemoteProvisioner", "Failed to parse/build CBOR", e3);
            provisionerMetrics.setStatus(ProvisionerMetrics.Status.GENERATE_CSR_FAILED);
            return null;
        }
    }

    public static void generateKeyPair(boolean z, int i, IRemoteProvisioning iRemoteProvisioning, ProvisionerMetrics provisionerMetrics) throws RemoteException {
        try {
            ProvisionerMetrics.StopWatch startBinderWait = provisionerMetrics.startBinderWait();
            try {
                iRemoteProvisioning.generateKeyPair(z, i);
                if (startBinderWait != null) {
                    startBinderWait.close();
                }
            } finally {
            }
        } catch (ServiceSpecificException e) {
            Log.e("RemoteProvisioner", "Failure in Keystore or KeyMint.", e);
            provisionerMetrics.setStatus(ProvisionerMetrics.Status.GENERATE_KEYPAIR_FAILED);
            throw new RemoteException((Throwable) e);
        }
    }

    public static AttestationPoolStatus getPoolStatus(long j, int i, IRemoteProvisioning iRemoteProvisioning, ProvisionerMetrics provisionerMetrics) throws RemoteException {
        try {
            ProvisionerMetrics.StopWatch startBinderWait = provisionerMetrics.startBinderWait();
            try {
                AttestationPoolStatus poolStatus = iRemoteProvisioning.getPoolStatus(j, i);
                Log.i("RemoteProvisioner", "Pool status " + poolStatus.attested + ", " + poolStatus.unassigned + ", " + poolStatus.expiring + ", " + poolStatus.total);
                provisionerMetrics.setIsKeyPoolEmpty(poolStatus.unassigned == 0);
                if (startBinderWait != null) {
                    startBinderWait.close();
                }
                return poolStatus;
            } finally {
            }
        } catch (ServiceSpecificException e) {
            Log.e("RemoteProvisioner", "Failure in Keystore", e);
            provisionerMetrics.setStatus(ProvisionerMetrics.Status.GET_POOL_STATUS_FAILED);
            throw new RemoteException((Throwable) e);
        }
    }

    private static byte[] makeProtectedHeaders() throws CborException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new CborEncoder(byteArrayOutputStream).encode(new CborBuilder().addMap().put(1L, 5L).end().build());
        return byteArrayOutputStream.toByteArray();
    }

    public static boolean provisionCertChain(byte[] bArr, byte[] bArr2, byte[] bArr3, long j, int i, IRemoteProvisioning iRemoteProvisioning, ProvisionerMetrics provisionerMetrics) {
        try {
            ProvisionerMetrics.StopWatch startBinderWait = provisionerMetrics.startBinderWait();
            try {
                iRemoteProvisioning.provisionCertChain(bArr, bArr2, bArr3, j, i);
                if (startBinderWait != null) {
                    startBinderWait.close();
                }
                return true;
            } finally {
            }
        } catch (ServiceSpecificException e) {
            Log.e("RemoteProvisioner", "Error on the Keystore side", e);
            provisionerMetrics.setStatus(ProvisionerMetrics.Status.INSERT_CHAIN_INTO_POOL_FAILED);
            return false;
        } catch (RemoteException e2) {
            Log.e("RemoteProvisioner", "Error on the binder side when attempting to provision the signed chain", e2);
            provisionerMetrics.setStatus(ProvisionerMetrics.Status.INSERT_CHAIN_INTO_POOL_FAILED);
            return false;
        }
    }
}
