package com.sap.cloud.mobile.foundation.safetynet;

import android.app.Application;
import android.content.SharedPreferences;
import android.util.Base64;
import androidx.media3.common.MimeTypes;
import androidx.security.crypto.EncryptedSharedPreferences;
import androidx.security.crypto.MasterKeys;
import com.sap.cloud.mobile.foundation.common.ClientProvider;
import com.sap.cloud.mobile.foundation.common.SettingsProvider;
import com.sap.cloud.mobile.foundation.mobileservices.ApplicationState;
import com.sap.cloud.mobile.foundation.mobileservices.MobileService;
import com.sap.cloud.mobile.foundation.mobileservices.ServiceResult;
import com.sap.cloud.mobile.foundation.networking.InterceptorProvider;
import com.sap.cloud.mobile.foundation.settings.SharedDeviceSettings;
import com.tom_roush.pdfbox.pdmodel.interactive.annotation.PDAnnotationFileAttachment;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.time.Duration;
import java.util.Date;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Deprecated;
import kotlin.Metadata;
import kotlin.ReplaceWith;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.coroutines.Continuation;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlinx.coroutines.BuildersKt;
import kotlinx.coroutines.BuildersKt__Builders_commonKt;
import kotlinx.coroutines.CoroutineScopeKt;
import kotlinx.coroutines.Deferred;
import kotlinx.coroutines.Dispatchers;
import okhttp3.HttpUrl;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okhttp3.ResponseBody;
import org.apache.commons.codec.digest.DigestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: AttestationService.kt */
@Deprecated(message = "Deprecated in SDK 7.0", replaceWith = @ReplaceWith(expression = "IntegrityService", imports = {}))
@Metadata(d1 = {"\u0000x\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\t\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u000b\b\u0007\u0018\u0000 92\u00020\u00012\u00020\u0002:\u00029:B\u0011\b\u0007\u0012\b\b\u0002\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005J\u001e\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\u000e0\r2\b\b\u0002\u0010\u0012\u001a\u00020\u0013H\u0086@¢\u0006\u0002\u0010\u0014J \u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u00162\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001a\u001a\u00020\u0019H\u0002J\u0014\u0010\u001b\u001a\b\u0012\u0004\u0012\u00020\u000e0\rH\u0082@¢\u0006\u0002\u0010\u001cJ\n\u0010\u001d\u001a\u0004\u0018\u00010\u001eH\u0002J\u0017\u0010\u001f\u001a\u0004\u0018\u00010\u000e2\u0006\u0010 \u001a\u00020\u0019H\u0000¢\u0006\u0002\b!J\u0006\u0010\"\u001a\u00020#J\b\u0010$\u001a\u0004\u0018\u00010\u0019J\n\u0010%\u001a\u0004\u0018\u00010\u0019H\u0002J\n\u0010&\u001a\u0004\u0018\u00010'H\u0016J\n\u0010(\u001a\u0004\u0018\u00010'H\u0016J\u001a\u0010)\u001a\u00020*2\u0006\u0010+\u001a\u00020,2\b\u0010-\u001a\u0004\u0018\u00010\u0019H\u0016J\u0010\u0010.\u001a\u00020*2\u0006\u0010/\u001a\u000200H\u0016J\u0010\u00101\u001a\u00020\u00162\u0006\u00102\u001a\u00020\u0019H\u0002J\b\u00103\u001a\u00020*H\u0016J\r\u00104\u001a\u00020*H\u0000¢\u0006\u0002\b5J\u0017\u00106\u001a\u00020*2\b\u00107\u001a\u0004\u0018\u00010\u0019H\u0000¢\u0006\u0002\b8R\u001a\u0010\u0003\u001a\u00020\u0004X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u0006\u0010\u0007\"\u0004\b\b\u0010\u0005R\u000e\u0010\t\u001a\u00020\nX\u0082\u0004¢\u0006\u0002\n\u0000R\u001a\u0010\u000b\u001a\u000e\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u000e0\r0\fX\u0082.¢\u0006\u0002\n\u0000R\u000e\u0010\u000f\u001a\u00020\u0010X\u0082.¢\u0006\u0002\n\u0000¨\u0006;"}, d2 = {"Lcom/sap/cloud/mobile/foundation/safetynet/AttestationService;", "Lcom/sap/cloud/mobile/foundation/mobileservices/MobileService;", "Lcom/sap/cloud/mobile/foundation/networking/InterceptorProvider;", "duration", "Ljava/time/Duration;", "(Ljava/time/Duration;)V", "getDuration", "()Ljava/time/Duration;", "setDuration", "lock", "", "runningAttest", "Lkotlinx/coroutines/Deferred;", "Lcom/sap/cloud/mobile/foundation/mobileservices/ServiceResult;", "Lcom/sap/cloud/mobile/foundation/safetynet/AttestationResult;", "sharedPreferences", "Landroid/content/SharedPreferences;", "attest", "force", "", "(ZLkotlin/coroutines/Continuation;)Ljava/lang/Object;", "decryptKey", "", SharedDeviceSettings.ENCRYPTION_KEY, "deviceId", "", "salt", "doAttest", "(Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "getAttestationNonce", "Lcom/sap/cloud/mobile/foundation/safetynet/AttestationNonce;", "getAttestationResult", "jwsResult", "getAttestationResult$foundation_release", "getAttestationTime", "", "getAttestationToken", "getGcpKey", "getInterceptor", "Lokhttp3/Interceptor;", "getNetworkInterceptor", "init", "", MimeTypes.BASE_TYPE_APPLICATION, "Landroid/app/Application;", "apiKey", "onStateChange", "state", "Lcom/sap/cloud/mobile/foundation/mobileservices/ApplicationState;", "randomNonce", "nonce", "reset", "sendQuotaExceed", "sendQuotaExceed$foundation_release", "setAttestationToken", "token", "setAttestationToken$foundation_release", "Companion", PDAnnotationFileAttachment.ATTACHMENT_NAME_TAG, "foundation_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes7.dex */
public final class AttestationService extends MobileService implements InterceptorProvider {
    private static final String ENCRYPTION_ALGORITHM = "AES/CTR/NoPadding";
    private static final String KEY_ATTESTATION_TIME = "attestation_time";
    private static final String KEY_ATTESTATION_TOKEN = "attestation_token";
    private static final String SHARED_PREFERENCES_SUFFIX = "_sharedPreference##";
    private Duration duration;
    private final Object lock;
    private Deferred<? extends ServiceResult<AttestationResult>> runningAttest;
    private SharedPreferences sharedPreferences;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AttestationService.class);

    /* compiled from: AttestationService.kt */
    @Metadata(d1 = {"\u0000\f\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\b\u0000\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002¨\u0006\u0003"}, d2 = {"Lcom/sap/cloud/mobile/foundation/safetynet/AttestationService$Tag;", "", "()V", "foundation_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes7.dex */
    public static final class Tag {
    }

    /* JADX WARN: Multi-variable type inference failed */
    public AttestationService() {
        this(null, 1, 0 == true ? 1 : 0);
    }

    public AttestationService(Duration duration) {
        Intrinsics.checkNotNullParameter(duration, "duration");
        this.duration = duration;
        this.lock = new Object();
    }

    /* JADX WARN: Illegal instructions before constructor call */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public /* synthetic */ AttestationService(java.time.Duration r1, int r2, kotlin.jvm.internal.DefaultConstructorMarker r3) {
        /*
            r0 = this;
            r2 = r2 & 1
            if (r2 == 0) goto Lf
            r1 = 7
            java.time.Duration r1 = java.time.Duration.ofDays(r1)
            java.lang.String r2 = "ofDays(...)"
            kotlin.jvm.internal.Intrinsics.checkNotNullExpressionValue(r1, r2)
        Lf:
            r0.<init>(r1)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sap.cloud.mobile.foundation.safetynet.AttestationService.<init>(java.time.Duration, int, kotlin.jvm.internal.DefaultConstructorMarker):void");
    }

    public static /* synthetic */ Object attest$default(AttestationService attestationService, boolean z, Continuation continuation, int i, Object obj) {
        if ((i & 1) != 0) {
            z = false;
        }
        return attestationService.attest(z, continuation);
    }

    private final byte[] decryptKey(byte[] encryptionKey, String deviceId, String salt) {
        MessageDigest sha256Digest = DigestUtils.getSha256Digest();
        byte[] bytes = (salt + deviceId).getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
        SecretKeySpec secretKeySpec = new SecretKeySpec(sha256Digest.digest(bytes), 0, 32, "AES");
        MessageDigest sha256Digest2 = DigestUtils.getSha256Digest();
        byte[] bytes2 = (deviceId + salt).getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes2, "getBytes(...)");
        byte[] digest = sha256Digest2.digest(bytes2);
        Cipher cipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
        cipher.init(2, secretKeySpec, new IvParameterSpec(digest, 0, 16));
        byte[] doFinal = cipher.doFinal(encryptionKey);
        Intrinsics.checkNotNullExpressionValue(doFinal, "doFinal(...)");
        return doFinal;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Object doAttest(Continuation<? super ServiceResult<AttestationResult>> continuation) {
        return BuildersKt.withContext(Dispatchers.getIO(), new AttestationService$doAttest$2(this, null), continuation);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final AttestationNonce getAttestationNonce() {
        ResponseBody body;
        HttpUrl.Companion companion = HttpUrl.INSTANCE;
        String backendUrl = SettingsProvider.get().getBackendUrl();
        Intrinsics.checkNotNullExpressionValue(backendUrl, "getBackendUrl(...)");
        Response execute = ClientProvider.get().newCall(new Request.Builder().url(companion.get(backendUrl).newBuilder().addPathSegments("mobileservices/attestation/android/getNonce").build()).tag(Tag.class, new Tag()).build()).execute();
        try {
            Response response = execute;
            if (!response.isSuccessful() || (body = response.body()) == null) {
                CloseableKt.closeFinally(execute, null);
                return null;
            }
            AttestationNonce createFromJsonString = AttestationNonce.INSTANCE.createFromJsonString(body.string());
            CloseableKt.closeFinally(execute, null);
            return createFromJsonString;
        } finally {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final String getGcpKey() {
        ResponseBody body;
        HttpUrl.Companion companion = HttpUrl.INSTANCE;
        String backendUrl = SettingsProvider.get().getBackendUrl();
        Intrinsics.checkNotNullExpressionValue(backendUrl, "getBackendUrl(...)");
        Response execute = ClientProvider.get().newCall(new Request.Builder().url(companion.get(backendUrl).newBuilder().addPathSegments("mobileservices/attestation/android/apiKey").build()).tag(Tag.class, new Tag()).build()).execute();
        try {
            Response response = execute;
            if (!response.isSuccessful() || (body = response.body()) == null) {
                CloseableKt.closeFinally(execute, null);
                return null;
            }
            byte[] decode = Base64.decode(body.string(), 0);
            String deviceId = SettingsProvider.get().getDeviceId();
            if (deviceId == null) {
                throw new IllegalStateException("device id is not set in settings parameters.".toString());
            }
            Intrinsics.checkNotNull(deviceId);
            String header$default = Response.header$default(response, ClientProvider.HTTP_HEADER_X_SMP_SALT_FACTOR, null, 2, null);
            if (header$default == null) {
                throw new IllegalStateException("X-SMP-SALT-FACTOR is not returned from server.".toString());
            }
            Intrinsics.checkNotNull(decode);
            String str = new String(decryptKey(decode, deviceId, header$default), Charsets.UTF_8);
            CloseableKt.closeFinally(execute, null);
            return str;
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                CloseableKt.closeFinally(execute, th);
                throw th2;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final byte[] randomNonce(String nonce) {
        byte[] bArr = new byte[24];
        new SecureRandom().nextBytes(bArr);
        byte[] bytes = nonce.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
        return ArraysKt.plus(bArr, bytes);
    }

    public final Object attest(boolean z, Continuation<? super ServiceResult<AttestationResult>> continuation) {
        return BuildersKt.withContext(Dispatchers.getIO(), new AttestationService$attest$2(this, z, null), continuation);
    }

    public final AttestationResult getAttestationResult$foundation_release(String jwsResult) {
        ResponseBody body;
        Intrinsics.checkNotNullParameter(jwsResult, "jwsResult");
        HttpUrl.Companion companion = HttpUrl.INSTANCE;
        String backendUrl = SettingsProvider.get().getBackendUrl();
        Intrinsics.checkNotNullExpressionValue(backendUrl, "getBackendUrl(...)");
        Response execute = ClientProvider.get().newCall(new Request.Builder().url(companion.get(backendUrl).newBuilder().addPathSegments("mobileservices/attestation/android/verify").build()).post(RequestBody.INSTANCE.create(jwsResult, MediaType.INSTANCE.parse("application/x-www-form-urlencoded"))).tag(Tag.class, new Tag()).build()).execute();
        try {
            Response response = execute;
            if (!response.isSuccessful() || (body = response.body()) == null) {
                CloseableKt.closeFinally(execute, null);
                return null;
            }
            AttestationResult createFromJsonString = AttestationResult.INSTANCE.createFromJsonString(body.string());
            CloseableKt.closeFinally(execute, null);
            return createFromJsonString;
        } finally {
        }
    }

    public final long getAttestationTime() {
        SharedPreferences sharedPreferences = this.sharedPreferences;
        if (sharedPreferences == null) {
            Intrinsics.throwUninitializedPropertyAccessException("sharedPreferences");
            sharedPreferences = null;
        }
        return sharedPreferences.getLong(KEY_ATTESTATION_TIME, -1L);
    }

    public final String getAttestationToken() {
        SharedPreferences sharedPreferences = this.sharedPreferences;
        if (sharedPreferences == null) {
            Intrinsics.throwUninitializedPropertyAccessException("sharedPreferences");
            sharedPreferences = null;
        }
        return sharedPreferences.getString(KEY_ATTESTATION_TOKEN, null);
    }

    public final Duration getDuration() {
        return this.duration;
    }

    @Override // com.sap.cloud.mobile.foundation.networking.InterceptorProvider
    public Interceptor getInterceptor() {
        return new AttestationInterceptor(this, false, 2, null);
    }

    @Override // com.sap.cloud.mobile.foundation.networking.InterceptorProvider
    public Interceptor getNetworkInterceptor() {
        return null;
    }

    @Override // com.sap.cloud.mobile.foundation.mobileservices.MobileService
    public void init(Application application, String apiKey) {
        Intrinsics.checkNotNullParameter(application, "application");
        super.init(application, apiKey);
        String orCreate = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC);
        Intrinsics.checkNotNullExpressionValue(orCreate, "getOrCreate(...)");
        SharedPreferences create = EncryptedSharedPreferences.create(orCreate + SHARED_PREFERENCES_SUFFIX, orCreate, application, EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV, EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM);
        Intrinsics.checkNotNullExpressionValue(create, "create(...)");
        this.sharedPreferences = create;
    }

    @Override // com.sap.cloud.mobile.foundation.mobileservices.MobileService
    public void onStateChange(ApplicationState state) {
        Intrinsics.checkNotNullParameter(state, "state");
        SharedPreferences sharedPreferences = null;
        if (state instanceof ApplicationState.ClientPolicyRetrieved) {
            BuildersKt__Builders_commonKt.launch$default(CoroutineScopeKt.MainScope(), null, null, new AttestationService$onStateChange$1(this, null), 3, null);
            return;
        }
        if (!(state instanceof ApplicationState.UserLogoutEnded)) {
            super.onStateChange(state);
            return;
        }
        SharedPreferences sharedPreferences2 = this.sharedPreferences;
        if (sharedPreferences2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("sharedPreferences");
        } else {
            sharedPreferences = sharedPreferences2;
        }
        SharedPreferences.Editor edit = sharedPreferences.edit();
        edit.remove(KEY_ATTESTATION_TIME);
        edit.remove(KEY_ATTESTATION_TOKEN);
        edit.apply();
    }

    @Override // com.sap.cloud.mobile.foundation.mobileservices.MobileService
    public void reset() {
        super.reset();
        SharedPreferences sharedPreferences = this.sharedPreferences;
        if (sharedPreferences == null) {
            Intrinsics.throwUninitializedPropertyAccessException("sharedPreferences");
            sharedPreferences = null;
        }
        SharedPreferences.Editor edit = sharedPreferences.edit();
        edit.remove(KEY_ATTESTATION_TIME);
        edit.remove(KEY_ATTESTATION_TOKEN);
        edit.apply();
    }

    public final void sendQuotaExceed$foundation_release() {
        HttpUrl.Companion companion = HttpUrl.INSTANCE;
        String backendUrl = SettingsProvider.get().getBackendUrl();
        Intrinsics.checkNotNullExpressionValue(backendUrl, "getBackendUrl(...)");
        Response execute = ClientProvider.get().newCall(new Request.Builder().url(companion.get(backendUrl).newBuilder().addPathSegments("mobileservices/attestation/android/quota/exceeded").build()).post(RequestBody.Companion.create$default(RequestBody.INSTANCE, "", (MediaType) null, 1, (Object) null)).tag(Tag.class, new Tag()).build()).execute();
        try {
            logger.debug("send attestation quota exceed to server: " + (execute.isSuccessful() ? "successful" : "failed") + '.');
            Unit unit = Unit.INSTANCE;
            CloseableKt.closeFinally(execute, null);
        } finally {
        }
    }

    public final void setAttestationToken$foundation_release(String token) {
        SharedPreferences sharedPreferences = this.sharedPreferences;
        if (sharedPreferences == null) {
            Intrinsics.throwUninitializedPropertyAccessException("sharedPreferences");
            sharedPreferences = null;
        }
        SharedPreferences.Editor edit = sharedPreferences.edit();
        edit.putLong(KEY_ATTESTATION_TIME, new Date().getTime());
        edit.putString(KEY_ATTESTATION_TOKEN, token);
        edit.apply();
    }

    public final void setDuration(Duration duration) {
        Intrinsics.checkNotNullParameter(duration, "<set-?>");
        this.duration = duration;
    }
}
