package com.android.server.security.rkp;

import android.content.Context;
import android.hardware.security.keymint.DeviceInfo;
import android.hardware.security.keymint.IRemotelyProvisionedComponent;
import android.hardware.security.keymint.MacedPublicKey;
import android.hardware.security.keymint.ProtectedData;
import android.hardware.security.keymint.RpcHardwareInfo;
import android.os.CancellationSignal;
import android.os.OutcomeReceiver;
import android.os.ServiceManager;
import android.os.ShellCommand;
import android.security.rkp.service.RegistrationProxy;
import android.security.rkp.service.RemotelyProvisionedKey;
import android.util.IndentingPrintWriter;
import co.nstant.in.cbor.CborDecoder;
import co.nstant.in.cbor.CborEncoder;
import co.nstant.in.cbor.model.Array;
import co.nstant.in.cbor.model.ByteString;
import co.nstant.in.cbor.model.DataItem;
import co.nstant.in.cbor.model.Map;
import co.nstant.in.cbor.model.SimpleValue;
import co.nstant.in.cbor.model.UnsignedInteger;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.PrintWriter;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.time.Duration;
import java.util.Base64;
import java.util.Iterator;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.Executor;

/* loaded from: classes2.dex */
public class RemoteProvisioningShellCommand extends ShellCommand {
    public static final Duration BIND_TIMEOUT = Duration.ofSeconds(10);
    public final int mCallerUid;
    public final Context mContext;
    public final Injector mInjector;

    /* loaded from: classes2.dex */
    public class Injector {
        public IRemotelyProvisionedComponent getIrpcBinder(String str) {
            String str2 = IRemotelyProvisionedComponent.DESCRIPTOR + "/" + str;
            IRemotelyProvisionedComponent asInterface = IRemotelyProvisionedComponent.Stub.asInterface(ServiceManager.waitForDeclaredService(str2));
            if (asInterface != null) {
                return asInterface;
            }
            throw new IllegalArgumentException("failed to find " + str2);
        }

        public String[] getIrpcNames() {
            return ServiceManager.getDeclaredInstances(IRemotelyProvisionedComponent.DESCRIPTOR);
        }

        public RegistrationProxy getRegistrationProxy(Context context, int i, String str, Executor executor) {
            String str2 = IRemotelyProvisionedComponent.DESCRIPTOR + "/" + str;
            OutcomeFuture outcomeFuture = new OutcomeFuture();
            RegistrationProxy.createAsync(context, i, str2, RemoteProvisioningShellCommand.BIND_TIMEOUT, executor, outcomeFuture);
            return (RegistrationProxy) outcomeFuture.join();
        }
    }

    /* loaded from: classes2.dex */
    public class OutcomeFuture implements OutcomeReceiver {
        public CompletableFuture mFuture;

        public OutcomeFuture() {
            this.mFuture = new CompletableFuture();
        }

        public Object join() {
            return this.mFuture.join();
        }

        @Override // android.os.OutcomeReceiver
        public void onError(Exception exc) {
            this.mFuture.completeExceptionally(exc);
        }

        @Override // android.os.OutcomeReceiver
        public void onResult(Object obj) {
            this.mFuture.complete(obj);
        }
    }

    public RemoteProvisioningShellCommand(Context context, int i) {
        this(context, i, new Injector());
    }

    public RemoteProvisioningShellCommand(Context context, int i, Injector injector) {
        this.mContext = context;
        this.mCallerUid = i;
        this.mInjector = injector;
    }

    public final int certify() {
        String nextArgRequired = getNextArgRequired();
        Executor mainExecutor = this.mContext.getMainExecutor();
        CancellationSignal cancellationSignal = new CancellationSignal();
        OutcomeFuture outcomeFuture = new OutcomeFuture();
        this.mInjector.getRegistrationProxy(this.mContext, this.mCallerUid, nextArgRequired, mainExecutor).getKeyAsync(452436, cancellationSignal, mainExecutor, outcomeFuture);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(((RemotelyProvisionedKey) outcomeFuture.join()).getEncodedCertChain());
        PrintWriter outPrintWriter = getOutPrintWriter();
        Iterator<? extends Certificate> it = CertificateFactory.getInstance("X.509").generateCertificates(byteArrayInputStream).iterator();
        while (it.hasNext()) {
            String encodeToString = Base64.getEncoder().encodeToString(it.next().getEncoded());
            outPrintWriter.println("-----BEGIN CERTIFICATE-----");
            outPrintWriter.println(encodeToString.replaceAll("(.{64})", "$1\n").stripTrailing());
            outPrintWriter.println("-----END CERTIFICATE-----");
        }
        return 0;
    }

    public final byte[] composeCertificateRequestV1(DeviceInfo deviceInfo, byte[] bArr, ProtectedData protectedData, byte[] bArr2) {
        Array add = new Array().add(decode(deviceInfo.deviceInfo)).add(new Map());
        return encode(new Array().add(add).add(new ByteString(bArr)).add(decode(protectedData.protectedData)).add(new Array().add(new ByteString(encode(new Map().put(new UnsignedInteger(1L), new UnsignedInteger(5L))))).add(new Map()).add(SimpleValue.NULL).add(new ByteString(bArr2))));
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:5:0x0010. Please report as an issue. */
    public final int csr() {
        byte[] composeCertificateRequestV1;
        boolean z;
        byte[] bArr = new byte[0];
        while (true) {
            String nextOption = getNextOption();
            if (nextOption == null) {
                IRemotelyProvisionedComponent irpcBinder = this.mInjector.getIrpcBinder(getNextArgRequired());
                RpcHardwareInfo hardwareInfo = irpcBinder.getHardwareInfo();
                MacedPublicKey[] macedPublicKeyArr = new MacedPublicKey[0];
                switch (hardwareInfo.versionNumber) {
                    case 1:
                    case 2:
                        DeviceInfo deviceInfo = new DeviceInfo();
                        ProtectedData protectedData = new ProtectedData();
                        composeCertificateRequestV1 = composeCertificateRequestV1(deviceInfo, bArr, protectedData, irpcBinder.generateCertificateRequest(false, macedPublicKeyArr, getEekChain(hardwareInfo.supportedEekCurve), bArr, deviceInfo, protectedData));
                        break;
                    case 3:
                        composeCertificateRequestV1 = irpcBinder.generateCertificateRequestV2(macedPublicKeyArr, bArr);
                        break;
                    default:
                        getErrPrintWriter().println("error: unsupported hwVersion: " + hardwareInfo.versionNumber);
                        return -1;
                }
                getOutPrintWriter().println(Base64.getEncoder().encodeToString(composeCertificateRequestV1));
                return 0;
            }
            switch (nextOption.hashCode()) {
                case 1891027651:
                    if (nextOption.equals("--challenge")) {
                        z = false;
                        break;
                    }
                default:
                    z = -1;
                    break;
            }
            switch (z) {
                case false:
                    bArr = Base64.getDecoder().decode(getNextArgRequired());
                default:
                    getErrPrintWriter().println("error: unknown option " + nextOption);
                    return -1;
            }
        }
    }

    public final DataItem decode(byte[] bArr) {
        return new CborDecoder(new ByteArrayInputStream(bArr)).decodeNext();
    }

    public void dump(PrintWriter printWriter) {
        try {
            IndentingPrintWriter indentingPrintWriter = new IndentingPrintWriter(printWriter);
            for (String str : this.mInjector.getIrpcNames()) {
                indentingPrintWriter.println(str + ":");
                indentingPrintWriter.increaseIndent();
                dumpRpcInstance(indentingPrintWriter, str);
                indentingPrintWriter.decreaseIndent();
            }
        } catch (Exception e) {
            e.printStackTrace(printWriter);
        }
    }

    public final void dumpRpcInstance(PrintWriter printWriter, String str) {
        RpcHardwareInfo hardwareInfo = this.mInjector.getIrpcBinder(str).getHardwareInfo();
        printWriter.println("hwVersion=" + hardwareInfo.versionNumber);
        printWriter.println("rpcAuthorName=" + hardwareInfo.rpcAuthorName);
        if (hardwareInfo.versionNumber < 3) {
            printWriter.println("supportedEekCurve=" + hardwareInfo.supportedEekCurve);
        }
        printWriter.println("uniqueId=" + hardwareInfo.uniqueId);
        if (hardwareInfo.versionNumber >= 3) {
            printWriter.println("supportedNumKeysInCsr=" + hardwareInfo.supportedNumKeysInCsr);
        }
    }

    public final byte[] encode(DataItem dataItem) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new CborEncoder(byteArrayOutputStream).encode(dataItem);
        return byteArrayOutputStream.toByteArray();
    }

    public final byte[] getEekChain(int i) {
        switch (i) {
            case 1:
                return Base64.getDecoder().decode("goRDoQEmoFhNpQECAyYgASFYIPcUituX9MxT79JkEcTjdR9mH6RxDGzP+glGgHSHVPKtIlggXn9b9uzk9hnM/xM3/Q+hyJPbGAZ2xF3m12p3hsMtr49YQC+XjkL7vgctlUeFR5NAsB/Um0ekxESp8qEHhxDHn8sR9L+f6Dvg5zRMFfx7w34zBfTRNDztAgRgehXgedOK/ySEQ6EBJqBYcaYBAgJYIDVztz+gioCJsSZn6ct8daGvAmH8bmUDkTvTS30UlD5GAzgYIAEhWCDgQc8vDzQPHDMsQbDP1wwwVTXSHmpHE0su0UiWfiScaCJYIB/ORcX7YbqBIfnlBZubOQ52hoZHuB4vRfHOr9o/gGjbWECMs7p+ID4ysGjfYNEdffCsOI5RvP9s4Wc7Snm8Vnizmdh8igfY2rW1f3H02GvfMyc0e2XRKuuGmZirOrSAqr1Q");
            case 2:
                return Base64.getDecoder().decode("goRDoQEnoFgqpAEBAycgBiFYIJm57t1e5FL2hcZMYtw+YatXSH11NymtdoAy0rPLY1jZWEAeIghLpLekyNdOAw7+uK8UTKc7b6XN3Np5xitk/pk5r3bngPpmAIUNB5gqrJFcpyUUSQY0dcqKJ3rZ41pJ6wIDhEOhASegWE6lAQECWCDQrsEVyirPc65rzMvRlh1l6LHd10oaN7lDOpfVmd+YCAM4GCAEIVggvoXnRsSjQlpA2TY6phXQLFh+PdwzAjLS/F4ehyVfcmBYQJvPkOIuS6vRGLEOjl0gJ0uEWP78MpB+cgWDvNeCvvpkeC1UEEvAMb9r6B414vAtzmwvT/L1T6XUg62WovGHWAQ=");
            default:
                throw new IllegalArgumentException("unsupported EEK curve: " + i);
        }
    }

    public final int list() {
        for (String str : this.mInjector.getIrpcNames()) {
            getOutPrintWriter().println(str);
        }
        return 0;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    public int onCommand(String str) {
        char c;
        if (str == null) {
            return handleDefaultCommands(str);
        }
        try {
            switch (str.hashCode()) {
                case 98818:
                    if (str.equals("csr")) {
                        c = 1;
                        break;
                    }
                    c = 65535;
                    break;
                case 3322014:
                    if (str.equals("list")) {
                        c = 0;
                        break;
                    }
                    c = 65535;
                    break;
                case 668936792:
                    if (str.equals("certify")) {
                        c = 2;
                        break;
                    }
                    c = 65535;
                    break;
                default:
                    c = 65535;
                    break;
            }
            switch (c) {
                case 0:
                    return list();
                case 1:
                    return csr();
                case 2:
                    return certify();
                default:
                    return handleDefaultCommands(str);
            }
        } catch (Exception e) {
            e.printStackTrace(getErrPrintWriter());
            return -1;
        }
    }

    public void onHelp() {
        getOutPrintWriter().print("usage: cmd remote_provisioning SUBCOMMAND [ARGS]\nhelp\n  Show this message.\ndump\n  Dump service diagnostics.\nlist\n  List the names of the IRemotelyProvisionedComponent instances.\ncsr [--challenge CHALLENGE] NAME\n  Generate and print a base64-encoded CSR from the named\n  IRemotelyProvisionedComponent. A base64-encoded challenge can be provided,\n  or else it defaults to an empty challenge.\ncertify NAME\n  Output the PEM-encoded certificate chain provisioned for the named\n  IRemotelyProvisionedComponent.\n");
    }
}
