package com.squareup.mri;

import com.squareup.metron.events.mri.AttestedKeyAction;
import com.squareup.metron.events.mri.AttestedKeyActionType;
import com.squareup.metron.events.mri.AttestedKeyError;
import com.squareup.metron.logger.MetronLogger;
import com.squareup.mri.KeyStoreProvider;
import com.squareup.protos.cash.security.mri.api.v1.AttestedKeySigningData;
import dagger.assisted.Assisted;
import dagger.assisted.AssistedFactory;
import dagger.assisted.AssistedInject;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import kotlin.Metadata;
import kotlin.Result;
import kotlin.ResultKt;
import kotlin.Unit;
import kotlin.collections.CollectionsKt__IterablesKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import okio.ByteString;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: AttestedKeyService.kt */
@Metadata
@SourceDebugExtension({"SMAP\nAttestedKeyService.kt\nKotlin\n*S Kotlin\n*F\n+ 1 AttestedKeyService.kt\ncom/squareup/mri/AttestedKeyService\n+ 2 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n+ 3 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,155:1\n1557#2:156\n1628#2,3:157\n1557#2:161\n1628#2,3:162\n1#3:160\n*S KotlinDebug\n*F\n+ 1 AttestedKeyService.kt\ncom/squareup/mri/AttestedKeyService\n*L\n67#1:156\n67#1:157,3\n141#1:161\n141#1:162,3\n*E\n"})
/* loaded from: classes6.dex */
public final class AttestedKeyService {

    @NotNull
    public final String keyAlias;

    @NotNull
    public final KeyStoreProvider keyStore;

    @NotNull
    public final MetronLogger metronLogger;

    @Nullable
    public KeyState state;

    /* compiled from: AttestedKeyService.kt */
    @AssistedFactory
    @Metadata
    /* loaded from: classes6.dex */
    public interface Factory {
        @NotNull
        AttestedKeyService create(@NotNull String str);
    }

    /* compiled from: AttestedKeyService.kt */
    @Metadata
    /* loaded from: classes6.dex */
    public static final class KeyState {

        @NotNull
        public final List<X509Certificate> certificateChain;

        @NotNull
        public final PrivateKey keyHandler;

        /* JADX WARN: Multi-variable type inference failed */
        public KeyState(@NotNull PrivateKey keyHandler, @NotNull List<? extends X509Certificate> certificateChain) {
            Intrinsics.checkNotNullParameter(keyHandler, "keyHandler");
            Intrinsics.checkNotNullParameter(certificateChain, "certificateChain");
            this.keyHandler = keyHandler;
            this.certificateChain = certificateChain;
        }

        @NotNull
        public final List<X509Certificate> getCertificateChain() {
            return this.certificateChain;
        }

        @NotNull
        public final PrivateKey getKeyHandler() {
            return this.keyHandler;
        }
    }

    /* compiled from: AttestedKeyService.kt */
    @Metadata
    /* loaded from: classes6.dex */
    public static final class ServiceNotAvailable extends RuntimeException {
        public ServiceNotAvailable() {
            super("Attested Key Service is not ready or is not available.");
        }
    }

    @AssistedInject
    public AttestedKeyService(@NotNull MetronLogger metronLogger, @NotNull KeyStoreProvider keyStore, @Assisted @NotNull String keyAlias) {
        Intrinsics.checkNotNullParameter(metronLogger, "metronLogger");
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        this.metronLogger = metronLogger;
        this.keyStore = keyStore;
        this.keyAlias = keyAlias;
    }

    public final void eraseKey() {
        this.metronLogger.log(new AttestedKeyAction(this.keyAlias, AttestedKeyActionType.ERASE_KEY));
        try {
            this.keyStore.deleteEntry(this.keyAlias);
        } catch (Exception e) {
            this.metronLogger.log(new AttestedKeyError(this.keyAlias, AttestedKeyActionType.ERASE_KEY, e));
            throw e;
        }
    }

    public final void fetchFromKeyStore() {
        this.metronLogger.log(new AttestedKeyAction(this.keyAlias, AttestedKeyActionType.KEYSTORE_FETCH));
        try {
            PrivateKey key = this.keyStore.getKey(this.keyAlias);
            List<X509Certificate> certificateChain = this.keyStore.getCertificateChain(this.keyAlias);
            if (key == null) {
                throw new IllegalStateException("Key was not fetched correctly.");
            }
            if (certificateChain == null) {
                throw new IllegalStateException("Certificate chain was not fetched correctly.");
            }
            this.state = new KeyState(key, certificateChain);
        } catch (Exception e) {
            this.metronLogger.log(new AttestedKeyError(this.keyAlias, AttestedKeyActionType.KEYSTORE_FETCH, e));
            throw e;
        }
    }

    public final void generateKey() {
        this.metronLogger.log(new AttestedKeyAction(this.keyAlias, AttestedKeyActionType.GENERATE_KEY));
        try {
            try {
                KeyStoreProvider keyStoreProvider = this.keyStore;
                keyStoreProvider.generateECKey(keyStoreProvider.getKeyParameterSpec(this.keyAlias, true));
            } catch (KeyStoreProvider.IdAttestationFailure unused) {
                KeyStoreProvider keyStoreProvider2 = this.keyStore;
                keyStoreProvider2.generateECKey(keyStoreProvider2.getKeyParameterSpec(this.keyAlias, false));
            }
        } catch (Exception e) {
            this.metronLogger.log(new AttestedKeyError(this.keyAlias, AttestedKeyActionType.GENERATE_KEY, e));
            throw e;
        }
    }

    public final List<byte[]> getDERCertificateChain() {
        KeyState keyState = this.state;
        if (keyState == null) {
            throw new IllegalStateException("Required value was null.");
        }
        List<X509Certificate> certificateChain = keyState.getCertificateChain();
        ArrayList arrayList = new ArrayList(CollectionsKt__IterablesKt.collectionSizeOrDefault(certificateChain, 10));
        Iterator<T> it = certificateChain.iterator();
        while (it.hasNext()) {
            arrayList.add(((X509Certificate) it.next()).getEncoded());
        }
        return arrayList;
    }

    public final boolean getReady() {
        return this.state != null;
    }

    public final void loadKeyStore() {
        try {
            this.keyStore.load();
        } catch (Exception e) {
            this.metronLogger.log(new AttestedKeyError(this.keyAlias, AttestedKeyActionType.KEYSTORE_LOAD, e));
            throw e;
        }
    }

    @NotNull
    /* renamed from: prepare-d1pmJ48, reason: not valid java name */
    public final Object m3212prepared1pmJ48() {
        if (!getReady()) {
            synchronized (this) {
                try {
                    try {
                        if (!getReady()) {
                            loadKeyStore();
                            if (this.keyStore.containsAlias(this.keyAlias)) {
                                eraseKey();
                            }
                            generateKey();
                            fetchFromKeyStore();
                        }
                        Unit unit = Unit.INSTANCE;
                    } catch (Exception e) {
                        Result.Companion companion = Result.Companion;
                        return Result.m4340constructorimpl(ResultKt.createFailure(e));
                    }
                } catch (Throwable th) {
                    throw th;
                }
            }
        }
        Result.Companion companion2 = Result.Companion;
        return Result.m4340constructorimpl(Unit.INSTANCE);
    }

    public final byte[] sign(byte[] bArr) {
        this.metronLogger.log(new AttestedKeyAction(this.keyAlias, AttestedKeyActionType.SIGN));
        try {
            Signature eCSignature = this.keyStore.getECSignature();
            KeyState keyState = this.state;
            if (keyState == null) {
                throw new IllegalStateException("Required value was null.");
            }
            eCSignature.initSign(keyState.getKeyHandler());
            eCSignature.update(bArr);
            byte[] sign = eCSignature.sign();
            Intrinsics.checkNotNullExpressionValue(sign, "run(...)");
            return sign;
        } catch (Exception e) {
            this.metronLogger.log(new AttestedKeyError(this.keyAlias, AttestedKeyActionType.SIGN, e));
            throw e;
        }
    }

    @NotNull
    /* renamed from: sign-IoAF18A, reason: not valid java name */
    public final Object m3213signIoAF18A(@NotNull byte[] data) {
        Intrinsics.checkNotNullParameter(data, "data");
        if (!getReady()) {
            Result.Companion companion = Result.Companion;
            return Result.m4340constructorimpl(ResultKt.createFailure(new ServiceNotAvailable()));
        }
        try {
            Result.Companion companion2 = Result.Companion;
            List<byte[]> dERCertificateChain = getDERCertificateChain();
            ArrayList arrayList = new ArrayList(CollectionsKt__IterablesKt.collectionSizeOrDefault(dERCertificateChain, 10));
            Iterator<T> it = dERCertificateChain.iterator();
            while (it.hasNext()) {
                arrayList.add(ByteString.Companion.of$default(ByteString.Companion, (byte[]) it.next(), 0, 0, 3, null));
            }
            return Result.m4340constructorimpl(new AttestedKeySigningData(arrayList, ByteString.Companion.of$default(ByteString.Companion, sign(data), 0, 0, 3, null), null, 4, null));
        } catch (Exception e) {
            Result.Companion companion3 = Result.Companion;
            return Result.m4340constructorimpl(ResultKt.createFailure(e));
        }
    }
}
