package com.squareup.cryptoattestation.compatibilitycheck;

import android.app.Application;
import android.os.Build;
import android.security.keystore.SecureKeyImportUnavailableException;
import com.google.gson.Gson;
import com.google.gson.JsonIOException;
import com.google.gson.JsonSyntaxException;
import com.squareup.cryptoattestation.compatibilitycheck.RealKeyProvisionCompatibilityChecker;
import com.squareup.cryptoattestation.compatibilitycheck.featureflags.UseCachedCompatibilityReportFeatureFlag;
import com.squareup.dagger.AppScope;
import com.squareup.dagger.ContributesMultibindingScoped;
import com.squareup.dagger.SingleIn;
import com.squareup.gson.SimpleGson;
import com.squareup.logging.RemoteLog;
import com.squareup.posencryption.HieroglyphKeyCompatibilityReport;
import com.squareup.protos.hieroglyph.RefreshKeyRequest;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.inject.Inject;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.io.CloseableKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.StringsKt;
import mortar.MortarScope;
import mortar.Scoped;
import shadow.com.squareup.anvil.annotations.ContributesBinding;

/* compiled from: RealKeyProvisionCompatibilityChecker.kt */
@ContributesMultibindingScoped(scope = AppScope.class)
@SingleIn(AppScope.class)
@Metadata(d1 = {"\u0000\u0092\u0001\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\t\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0010\u000e\n\u0002\b\n\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\b\u0004\b\u0007\u0018\u0000 V2\u00020\u00012\u00020\u0002:\u0002VWB)\b\u0007\u0012\u0006\u0010\u0003\u001a\u00020\u0004\u0012\u0006\u0010\u0005\u001a\u00020\u0006\u0012\u0006\u0010\u0007\u001a\u00020\b\u0012\b\b\u0001\u0010\t\u001a\u00020\n¢\u0006\u0002\u0010\u000bJ\b\u00103\u001a\u000204H\u0016J\b\u00105\u001a\u000206H\u0002J\b\u00107\u001a\u000206H\u0016J\r\u00108\u001a\u000206H\u0001¢\u0006\u0002\b9J\b\u0010:\u001a\u00020;H\u0016J\u0010\u0010<\u001a\u0002042\u0006\u0010=\u001a\u00020>H\u0016J\b\u0010?\u001a\u000204H\u0016J\r\u0010@\u001a\u000204H\u0001¢\u0006\u0002\bAJ\u0010\u0010B\u001a\u00020;2\u0006\u0010C\u001a\u000206H\u0002J(\u0010D\u001a\u00020;2\u0006\u0010C\u001a\u0002062\u0006\u0010E\u001a\u00020F2\u0006\u0010G\u001a\u00020;2\u0006\u0010H\u001a\u00020FH\u0002J\u0010\u0010I\u001a\u00020;2\u0006\u0010C\u001a\u000206H\u0003J\u0010\u0010J\u001a\u00020;2\u0006\u0010C\u001a\u000206H\u0003J\u0010\u0010K\u001a\u00020;2\u0006\u0010C\u001a\u000206H\u0003J\u0010\u0010L\u001a\u00020;2\u0006\u0010C\u001a\u000206H\u0002J\u0010\u0010M\u001a\u00020;2\u0006\u0010C\u001a\u000206H\u0003J\u0010\u0010N\u001a\u00020;2\u0006\u0010C\u001a\u000206H\u0003J(\u0010O\u001a\u00020;2\u0006\u0010C\u001a\u0002062\u0006\u0010P\u001a\u00020Q2\u0006\u0010R\u001a\u00020F2\u0006\u0010S\u001a\u00020TH\u0003J\u0010\u0010U\u001a\u00020;2\u0006\u0010C\u001a\u000206H\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n\u0000R!\u0010\f\u001a\u00020\r8@X\u0081\u0084\u0002¢\u0006\u0012\n\u0004\b\u0012\u0010\u0013\u0012\u0004\b\u000e\u0010\u000f\u001a\u0004\b\u0010\u0010\u0011R$\u0010\u0014\u001a\n \u0016*\u0004\u0018\u00010\u00150\u00158\u0000X\u0081\u0004¢\u0006\u000e\n\u0000\u0012\u0004\b\u0017\u0010\u000f\u001a\u0004\b\u0018\u0010\u0019R$\u0010\u001a\u001a\u00020\u001b8\u0000@\u0000X\u0081\u000e¢\u0006\u0014\n\u0000\u0012\u0004\b\u001c\u0010\u000f\u001a\u0004\b\u001d\u0010\u001e\"\u0004\b\u001f\u0010 R$\u0010!\u001a\u00020\"8\u0000@\u0000X\u0081\u000e¢\u0006\u0014\n\u0000\u0012\u0004\b#\u0010\u000f\u001a\u0004\b$\u0010%\"\u0004\b&\u0010'R\u000e\u0010(\u001a\u00020)X\u0082\u0004¢\u0006\u0002\n\u0000R$\u0010*\u001a\u00020+8\u0000@\u0000X\u0081\u000e¢\u0006\u0014\n\u0000\u0012\u0004\b,\u0010\u000f\u001a\u0004\b-\u0010.\"\u0004\b/\u00100R\u0010\u00101\u001a\u0004\u0018\u000102X\u0082\u000e¢\u0006\u0002\n\u0000¨\u0006X"}, d2 = {"Lcom/squareup/cryptoattestation/compatibilitycheck/RealKeyProvisionCompatibilityChecker;", "Lcom/squareup/cryptoattestation/compatibilitycheck/KeyProvisionCompatibilityChecker;", "Lmortar/Scoped;", "blockedDevicesProvider", "Lcom/squareup/cryptoattestation/compatibilitycheck/BlockedDevicesProvider;", "useCachedReportFeatureFlag", "Lcom/squareup/cryptoattestation/compatibilitycheck/featureflags/UseCachedCompatibilityReportFeatureFlag;", "application", "Landroid/app/Application;", "gson", "Lcom/google/gson/Gson;", "(Lcom/squareup/cryptoattestation/compatibilitycheck/BlockedDevicesProvider;Lcom/squareup/cryptoattestation/compatibilitycheck/featureflags/UseCachedCompatibilityReportFeatureFlag;Landroid/app/Application;Lcom/google/gson/Gson;)V", "compatibilityReportCache", "Lcom/squareup/cryptoattestation/compatibilitycheck/RealKeyProvisionCompatibilityChecker$HieroglyphKeyCompatibilityReportCache;", "getCompatibilityReportCache$impl_release$annotations", "()V", "getCompatibilityReportCache$impl_release", "()Lcom/squareup/cryptoattestation/compatibilitycheck/RealKeyProvisionCompatibilityChecker$HieroglyphKeyCompatibilityReportCache;", "compatibilityReportCache$delegate", "Lkotlin/Lazy;", "keyStoreExecutor", "Ljava/util/concurrent/ExecutorService;", "kotlin.jvm.PlatformType", "getKeyStoreExecutor$impl_release$annotations", "getKeyStoreExecutor$impl_release", "()Ljava/util/concurrent/ExecutorService;", "keyStoreUtilities", "Lcom/squareup/cryptoattestation/compatibilitycheck/KeyStoreCipherUtilities;", "getKeyStoreUtilities$impl_release$annotations", "getKeyStoreUtilities$impl_release", "()Lcom/squareup/cryptoattestation/compatibilitycheck/KeyStoreCipherUtilities;", "setKeyStoreUtilities$impl_release", "(Lcom/squareup/cryptoattestation/compatibilitycheck/KeyStoreCipherUtilities;)V", "phoneProperties", "Lcom/squareup/cryptoattestation/compatibilitycheck/PhoneProperties;", "getPhoneProperties$impl_release$annotations", "getPhoneProperties$impl_release", "()Lcom/squareup/cryptoattestation/compatibilitycheck/PhoneProperties;", "setPhoneProperties$impl_release", "(Lcom/squareup/cryptoattestation/compatibilitycheck/PhoneProperties;)V", "reportLatch", "Ljava/util/concurrent/CountDownLatch;", "reportLoadingStartTime", "", "getReportLoadingStartTime$impl_release$annotations", "getReportLoadingStartTime$impl_release", "()J", "setReportLoadingStartTime$impl_release", "(J)V", "wrappingKeyPair", "Ljava/security/KeyPair;", "deleteReport", "", "generateReport", "Lcom/squareup/posencryption/HieroglyphKeyCompatibilityReport;", "getReport", "initializeReport", "initializeReport$impl_release", "meetsRequirement", "", "onEnterScope", "scope", "Lmortar/MortarScope;", "onExitScope", "prepareReport", "prepareReport$impl_release", "testAESKeyEncryption", "currentReport", "testAESKeyEncryptionImpl", "algorithm", "", "needsIV", "alias", "testAESKeyNoMinMACImport", "testAESKeyWithMinMACImport", "testHMACKeyNoMinMACImport", "testHMACKeySigning", "testHMACKeyWithMinMACImport", "testKeyGeneration", "testKeyImportImpl", "keyDescription", "Lcom/squareup/cryptoattestation/compatibilitycheck/AndroidKeyDescription;", "keyAlias", "realKeyBytes", "", "testOSAndModel", "Companion", "HieroglyphKeyCompatibilityReportCache", "impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
@ContributesBinding(boundType = KeyProvisionCompatibilityChecker.class, scope = AppScope.class)
/* loaded from: classes4.dex */
public final class RealKeyProvisionCompatibilityChecker implements KeyProvisionCompatibilityChecker, Scoped {
    public static final long GET_REPORT_TIMEOUT_S = 5;
    public static final long PREPARE_REPORT_TIMEOUT_S = 30;
    private static final String TEST_DATA = "0123456789abcdef";
    private final BlockedDevicesProvider blockedDevicesProvider;

    /* renamed from: compatibilityReportCache$delegate, reason: from kotlin metadata */
    private final Lazy compatibilityReportCache;
    private final ExecutorService keyStoreExecutor;
    private KeyStoreCipherUtilities keyStoreUtilities;
    private PhoneProperties phoneProperties;
    private final CountDownLatch reportLatch;
    private long reportLoadingStartTime;
    private KeyPair wrappingKeyPair;

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    private static final byte[] fakeTransportKeyBytes = new byte[32];
    private static final byte[] fakeAESKeyBytes = new byte[16];
    private static final byte[] fakeHMACKeyBytes = new byte[32];

    /* compiled from: RealKeyProvisionCompatibilityChecker.kt */
    @Metadata(d1 = {"\u0000\"\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\t\n\u0002\b\u0004\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u0012\n\u0002\b\n\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u0016\u0010\u0003\u001a\u00020\u00048\u0000X\u0081T¢\u0006\b\n\u0000\u0012\u0004\b\u0005\u0010\u0002R\u0016\u0010\u0006\u001a\u00020\u00048\u0000X\u0081T¢\u0006\b\n\u0000\u0012\u0004\b\u0007\u0010\u0002R\u000e\u0010\b\u001a\u00020\tX\u0082T¢\u0006\u0002\n\u0000R\u001c\u0010\n\u001a\u00020\u000b8\u0000X\u0081\u0004¢\u0006\u000e\n\u0000\u0012\u0004\b\f\u0010\u0002\u001a\u0004\b\r\u0010\u000eR\u001c\u0010\u000f\u001a\u00020\u000b8\u0000X\u0081\u0004¢\u0006\u000e\n\u0000\u0012\u0004\b\u0010\u0010\u0002\u001a\u0004\b\u0011\u0010\u000eR\u001c\u0010\u0012\u001a\u00020\u000b8\u0000X\u0081\u0004¢\u0006\u000e\n\u0000\u0012\u0004\b\u0013\u0010\u0002\u001a\u0004\b\u0014\u0010\u000e¨\u0006\u0015"}, d2 = {"Lcom/squareup/cryptoattestation/compatibilitycheck/RealKeyProvisionCompatibilityChecker$Companion;", "", "()V", "GET_REPORT_TIMEOUT_S", "", "getGET_REPORT_TIMEOUT_S$impl_release$annotations", "PREPARE_REPORT_TIMEOUT_S", "getPREPARE_REPORT_TIMEOUT_S$impl_release$annotations", "TEST_DATA", "", "fakeAESKeyBytes", "", "getFakeAESKeyBytes$impl_release$annotations", "getFakeAESKeyBytes$impl_release", "()[B", "fakeHMACKeyBytes", "getFakeHMACKeyBytes$impl_release$annotations", "getFakeHMACKeyBytes$impl_release", "fakeTransportKeyBytes", "getFakeTransportKeyBytes$impl_release$annotations", "getFakeTransportKeyBytes$impl_release", "impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes4.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public static /* synthetic */ void getFakeAESKeyBytes$impl_release$annotations() {
        }

        public static /* synthetic */ void getFakeHMACKeyBytes$impl_release$annotations() {
        }

        public static /* synthetic */ void getFakeTransportKeyBytes$impl_release$annotations() {
        }

        public static /* synthetic */ void getGET_REPORT_TIMEOUT_S$impl_release$annotations() {
        }

        public static /* synthetic */ void getPREPARE_REPORT_TIMEOUT_S$impl_release$annotations() {
        }

        public final byte[] getFakeAESKeyBytes$impl_release() {
            return RealKeyProvisionCompatibilityChecker.fakeAESKeyBytes;
        }

        public final byte[] getFakeHMACKeyBytes$impl_release() {
            return RealKeyProvisionCompatibilityChecker.fakeHMACKeyBytes;
        }

        public final byte[] getFakeTransportKeyBytes$impl_release() {
            return RealKeyProvisionCompatibilityChecker.fakeTransportKeyBytes;
        }
    }

    /* compiled from: RealKeyProvisionCompatibilityChecker.kt */
    @Metadata(d1 = {"\u0000>\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0010\u0002\n\u0002\b\u0007\u0018\u0000 %2\u00020\u0001:\u0001%B\u001d\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007¢\u0006\u0002\u0010\bJ\u0006\u0010\u001e\u001a\u00020\u001fJ\b\u0010 \u001a\u0004\u0018\u00010\nJ\r\u0010!\u001a\u00020\u001fH\u0001¢\u0006\u0002\b\"J\u0010\u0010#\u001a\u00020\u001f2\b\u0010$\u001a\u0004\u0018\u00010\nR\u001c\u0010\t\u001a\u0004\u0018\u00010\nX\u0080\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u000b\u0010\f\"\u0004\b\r\u0010\u000eR$\u0010\u000f\u001a\u00020\u00108\u0000@\u0000X\u0081\u000e¢\u0006\u0014\n\u0000\u0012\u0004\b\u0011\u0010\u0012\u001a\u0004\b\u0013\u0010\u0014\"\u0004\b\u0015\u0010\u0016R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R$\u0010\u0017\u001a\u00020\u00188\u0000@\u0000X\u0081\u000e¢\u0006\u0014\n\u0000\u0012\u0004\b\u0019\u0010\u0012\u001a\u0004\b\u001a\u0010\u001b\"\u0004\b\u001c\u0010\u001d¨\u0006&"}, d2 = {"Lcom/squareup/cryptoattestation/compatibilitycheck/RealKeyProvisionCompatibilityChecker$HieroglyphKeyCompatibilityReportCache;", "", "useCachedReportFeatureFlag", "Lcom/squareup/cryptoattestation/compatibilitycheck/featureflags/UseCachedCompatibilityReportFeatureFlag;", "application", "Landroid/app/Application;", "gson", "Lcom/google/gson/Gson;", "(Lcom/squareup/cryptoattestation/compatibilitycheck/featureflags/UseCachedCompatibilityReportFeatureFlag;Landroid/app/Application;Lcom/google/gson/Gson;)V", "cachedReport", "Lcom/squareup/posencryption/HieroglyphKeyCompatibilityReport;", "getCachedReport$impl_release", "()Lcom/squareup/posencryption/HieroglyphKeyCompatibilityReport;", "setCachedReport$impl_release", "(Lcom/squareup/posencryption/HieroglyphKeyCompatibilityReport;)V", "file", "Ljava/io/File;", "getFile$impl_release$annotations", "()V", "getFile$impl_release", "()Ljava/io/File;", "setFile$impl_release", "(Ljava/io/File;)V", "phoneProperties", "Lcom/squareup/cryptoattestation/compatibilitycheck/PhoneProperties;", "getPhoneProperties$impl_release$annotations", "getPhoneProperties$impl_release", "()Lcom/squareup/cryptoattestation/compatibilitycheck/PhoneProperties;", "setPhoneProperties$impl_release", "(Lcom/squareup/cryptoattestation/compatibilitycheck/PhoneProperties;)V", "deleteCompatibilityReport", "", "getCompatibilityReport", "loadReportFromStorage", "loadReportFromStorage$impl_release", "setCompatibilityReport", "newReport", "Companion", "impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes4.dex */
    public static final class HieroglyphKeyCompatibilityReportCache {
        public static final String fileName = "ecr_key_compatibility_report";
        private HieroglyphKeyCompatibilityReport cachedReport;
        private File file;
        private final Gson gson;
        private PhoneProperties phoneProperties;

        public HieroglyphKeyCompatibilityReportCache(UseCachedCompatibilityReportFeatureFlag useCachedReportFeatureFlag, Application application, Gson gson) {
            Intrinsics.checkNotNullParameter(useCachedReportFeatureFlag, "useCachedReportFeatureFlag");
            Intrinsics.checkNotNullParameter(application, "application");
            Intrinsics.checkNotNullParameter(gson, "gson");
            this.gson = gson;
            this.file = new File(application.getFilesDir(), fileName);
            this.phoneProperties = PhoneProperties.INSTANCE;
            if (useCachedReportFeatureFlag.enabled()) {
                loadReportFromStorage$impl_release();
            }
        }

        public static /* synthetic */ void getFile$impl_release$annotations() {
        }

        public static /* synthetic */ void getPhoneProperties$impl_release$annotations() {
        }

        public final void deleteCompatibilityReport() {
            this.cachedReport = null;
            this.file.delete();
        }

        /* renamed from: getCachedReport$impl_release, reason: from getter */
        public final HieroglyphKeyCompatibilityReport getCachedReport() {
            return this.cachedReport;
        }

        public final HieroglyphKeyCompatibilityReport getCompatibilityReport() {
            HieroglyphKeyCompatibilityReport hieroglyphKeyCompatibilityReport = this.cachedReport;
            if (hieroglyphKeyCompatibilityReport == null) {
                return null;
            }
            if (Intrinsics.areEqual(this.phoneProperties.getOSFingerprint(), hieroglyphKeyCompatibilityReport.getFingerprint()) && Intrinsics.areEqual(this.phoneProperties.getOSSecurityPatchLevel(), hieroglyphKeyCompatibilityReport.getSecurityPatchLevel())) {
                return this.cachedReport;
            }
            deleteCompatibilityReport();
            return null;
        }

        /* renamed from: getFile$impl_release, reason: from getter */
        public final File getFile() {
            return this.file;
        }

        /* renamed from: getPhoneProperties$impl_release, reason: from getter */
        public final PhoneProperties getPhoneProperties() {
            return this.phoneProperties;
        }

        public final void loadReportFromStorage$impl_release() {
            if (this.file.exists()) {
                try {
                    FileReader fileReader = new FileReader(this.file);
                    try {
                        this.cachedReport = HieroglyphKeyCompatibilityReport.INSTANCE.deserialize(this.gson, fileReader);
                        Unit unit = Unit.INSTANCE;
                        CloseableKt.closeFinally(fileReader, null);
                    } catch (Throwable th) {
                        try {
                            throw th;
                        } catch (Throwable th2) {
                            CloseableKt.closeFinally(fileReader, th);
                            throw th2;
                        }
                    }
                } catch (JsonIOException e) {
                    RemoteLog.w$default(e, null, 2, null);
                    deleteCompatibilityReport();
                } catch (JsonSyntaxException e2) {
                    RemoteLog.w$default(e2, null, 2, null);
                    deleteCompatibilityReport();
                } catch (IOException e3) {
                    RemoteLog.w$default(e3, null, 2, null);
                    deleteCompatibilityReport();
                }
            }
        }

        public final void setCachedReport$impl_release(HieroglyphKeyCompatibilityReport hieroglyphKeyCompatibilityReport) {
            this.cachedReport = hieroglyphKeyCompatibilityReport;
        }

        public final void setCompatibilityReport(HieroglyphKeyCompatibilityReport newReport) {
            if (newReport == null) {
                deleteCompatibilityReport();
                return;
            }
            this.cachedReport = newReport;
            try {
                FileWriter fileWriter = new FileWriter(this.file);
                try {
                    newReport.serialize(this.gson, fileWriter);
                    Unit unit = Unit.INSTANCE;
                    CloseableKt.closeFinally(fileWriter, null);
                } finally {
                }
            } catch (JsonIOException e) {
                RemoteLog.w$default(e, null, 2, null);
                deleteCompatibilityReport();
            } catch (IOException e2) {
                RemoteLog.w$default(e2, null, 2, null);
                deleteCompatibilityReport();
            }
        }

        public final void setFile$impl_release(File file) {
            Intrinsics.checkNotNullParameter(file, "<set-?>");
            this.file = file;
        }

        public final void setPhoneProperties$impl_release(PhoneProperties phoneProperties) {
            Intrinsics.checkNotNullParameter(phoneProperties, "<set-?>");
            this.phoneProperties = phoneProperties;
        }
    }

    @Inject
    public RealKeyProvisionCompatibilityChecker(BlockedDevicesProvider blockedDevicesProvider, final UseCachedCompatibilityReportFeatureFlag useCachedReportFeatureFlag, final Application application, @SimpleGson final Gson gson) {
        Intrinsics.checkNotNullParameter(blockedDevicesProvider, "blockedDevicesProvider");
        Intrinsics.checkNotNullParameter(useCachedReportFeatureFlag, "useCachedReportFeatureFlag");
        Intrinsics.checkNotNullParameter(application, "application");
        Intrinsics.checkNotNullParameter(gson, "gson");
        this.blockedDevicesProvider = blockedDevicesProvider;
        this.keyStoreUtilities = KeyStoreCipherUtilities.INSTANCE;
        this.phoneProperties = PhoneProperties.INSTANCE;
        this.compatibilityReportCache = LazyKt.lazy(new Function0<HieroglyphKeyCompatibilityReportCache>() { // from class: com.squareup.cryptoattestation.compatibilitycheck.RealKeyProvisionCompatibilityChecker$compatibilityReportCache$2
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // kotlin.jvm.functions.Function0
            public final RealKeyProvisionCompatibilityChecker.HieroglyphKeyCompatibilityReportCache invoke() {
                return new RealKeyProvisionCompatibilityChecker.HieroglyphKeyCompatibilityReportCache(UseCachedCompatibilityReportFeatureFlag.this, application, gson);
            }
        });
        this.keyStoreExecutor = Executors.newFixedThreadPool(2);
        this.reportLatch = new CountDownLatch(1);
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.setSeed(System.currentTimeMillis());
        secureRandom.nextBytes(fakeAESKeyBytes);
        secureRandom.nextBytes(fakeTransportKeyBytes);
        secureRandom.nextBytes(fakeHMACKeyBytes);
    }

    private final HieroglyphKeyCompatibilityReport generateReport() {
        HieroglyphKeyCompatibilityReport initializeReport$impl_release = initializeReport$impl_release();
        long currentTimeMillis = System.currentTimeMillis();
        try {
            if (testOSAndModel(initializeReport$impl_release)) {
                if (Build.VERSION.SDK_INT < 28) {
                    initializeReport$impl_release.addException(new Exception("Unsupported OS: " + Build.VERSION.SDK_INT));
                } else if (testKeyGeneration(initializeReport$impl_release) && (testAESKeyWithMinMACImport(initializeReport$impl_release) | testAESKeyNoMinMACImport(initializeReport$impl_release)) && (testHMACKeyWithMinMACImport(initializeReport$impl_release) | testHMACKeyNoMinMACImport(initializeReport$impl_release)) && testAESKeyEncryption(initializeReport$impl_release) && testHMACKeySigning(initializeReport$impl_release)) {
                    initializeReport$impl_release.setPassedChecks(true);
                    return initializeReport$impl_release;
                }
            }
            return initializeReport$impl_release;
        } finally {
            initializeReport$impl_release.setTimeConsumption(System.currentTimeMillis() - currentTimeMillis);
        }
    }

    public static /* synthetic */ void getCompatibilityReportCache$impl_release$annotations() {
    }

    public static /* synthetic */ void getKeyStoreExecutor$impl_release$annotations() {
    }

    public static /* synthetic */ void getKeyStoreUtilities$impl_release$annotations() {
    }

    public static /* synthetic */ void getPhoneProperties$impl_release$annotations() {
    }

    public static /* synthetic */ void getReportLoadingStartTime$impl_release$annotations() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final void onEnterScope$lambda$0(RealKeyProvisionCompatibilityChecker this$0) {
        Intrinsics.checkNotNullParameter(this$0, "this$0");
        try {
            this$0.prepareReport$impl_release();
        } catch (InterruptedException unused) {
        } catch (Exception e) {
            RemoteLog.w$default(e, null, 2, null);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final void onEnterScope$lambda$1(Future future, Function0 shutdownExecutor) {
        Intrinsics.checkNotNullParameter(shutdownExecutor, "$shutdownExecutor");
        try {
            future.get(30L, TimeUnit.SECONDS);
        } catch (InterruptedException | ExecutionException | TimeoutException unused) {
        } catch (Throwable th) {
            shutdownExecutor.invoke();
            throw th;
        }
        shutdownExecutor.invoke();
    }

    private final boolean testAESKeyEncryption(HieroglyphKeyCompatibilityReport currentReport) {
        String str = currentReport.getSucceedCheck().contains(RefreshKeyRequest.CompatibilityTest.AES_KEY_IMPORT_WITH_MIN_MAC) ? AndroidKeyParameters.IMPORTED_AES_KEY_WITH_MIN_MAC_ALIAS : AndroidKeyParameters.IMPORTED_AES_KEY_NO_MIN_MAC_ALIAS;
        if (testAESKeyEncryptionImpl(currentReport, AndroidKeyParameters.AES_CBC_WITH_PADDING_ALGORITHM, true, str) && testAESKeyEncryptionImpl(currentReport, AndroidKeyParameters.AES_ECB_NO_PADDING_ALGORITHM, false, str)) {
            currentReport.addSucceedCheck(RefreshKeyRequest.CompatibilityTest.AES_KEY_ENCRYPTION);
            return true;
        }
        currentReport.addFailedCheck(RefreshKeyRequest.CompatibilityTest.AES_KEY_ENCRYPTION);
        return false;
    }

    private final boolean testAESKeyEncryptionImpl(HieroglyphKeyCompatibilityReport currentReport, String algorithm, boolean needsIV, String alias) {
        try {
            SecretKey secretKey = this.keyStoreUtilities.getSecretKey(alias);
            Cipher cipherInstance = this.keyStoreUtilities.getCipherInstance(algorithm);
            cipherInstance.init(1, secretKey);
            byte[] bytes = TEST_DATA.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
            byte[] doFinal = cipherInstance.doFinal(bytes);
            Cipher cipherInstance2 = this.keyStoreUtilities.getCipherInstance(algorithm);
            cipherInstance2.init(2, new SecretKeySpec(fakeAESKeyBytes, "AES"), needsIV ? new IvParameterSpec(cipherInstance.getIV()) : null);
            byte[] doFinal2 = cipherInstance2.doFinal(doFinal);
            Intrinsics.checkNotNull(doFinal2);
            if (Intrinsics.areEqual(new String(doFinal2, Charsets.UTF_8), TEST_DATA)) {
                return true;
            }
            throw new GeneralSecurityException("encryption and decryption inconsistent!");
        } catch (GeneralSecurityException e) {
            currentReport.addException(e);
            return false;
        }
    }

    private final boolean testAESKeyNoMinMACImport(HieroglyphKeyCompatibilityReport currentReport) {
        if (testKeyImportImpl(currentReport, new AndroidKeyDescription(EcrKeyType.AES_KEY_NO_MIN_MAC), AndroidKeyParameters.IMPORTED_AES_KEY_NO_MIN_MAC_ALIAS, fakeAESKeyBytes)) {
            currentReport.addSucceedCheck(RefreshKeyRequest.CompatibilityTest.AES_KEY_IMPORT_NO_MIN_MAC);
            return true;
        }
        currentReport.addFailedCheck(RefreshKeyRequest.CompatibilityTest.AES_KEY_IMPORT_NO_MIN_MAC);
        return false;
    }

    private final boolean testAESKeyWithMinMACImport(HieroglyphKeyCompatibilityReport currentReport) {
        if (testKeyImportImpl(currentReport, new AndroidKeyDescription(EcrKeyType.AES_KEY_WITH_MIN_MAC), AndroidKeyParameters.IMPORTED_AES_KEY_WITH_MIN_MAC_ALIAS, fakeAESKeyBytes)) {
            currentReport.addSucceedCheck(RefreshKeyRequest.CompatibilityTest.AES_KEY_IMPORT_WITH_MIN_MAC);
            return true;
        }
        currentReport.addFailedCheck(RefreshKeyRequest.CompatibilityTest.AES_KEY_IMPORT_WITH_MIN_MAC);
        return false;
    }

    private final boolean testHMACKeyNoMinMACImport(HieroglyphKeyCompatibilityReport currentReport) {
        if (testKeyImportImpl(currentReport, new AndroidKeyDescription(EcrKeyType.HMAC_KEY_NO_MIN_MAC), AndroidKeyParameters.IMPORTED_HMAC_KEY_NO_MIN_MAC_ALIAS, fakeHMACKeyBytes)) {
            currentReport.addSucceedCheck(RefreshKeyRequest.CompatibilityTest.HMAC_KEY_IMPORT_NO_MIN_MAC);
            return true;
        }
        currentReport.addFailedCheck(RefreshKeyRequest.CompatibilityTest.HMAC_KEY_IMPORT_NO_MIN_MAC);
        return false;
    }

    private final boolean testHMACKeySigning(HieroglyphKeyCompatibilityReport currentReport) {
        try {
            SecretKey secretKey = this.keyStoreUtilities.getSecretKey(currentReport.getSucceedCheck().contains(RefreshKeyRequest.CompatibilityTest.HMAC_KEY_IMPORT_WITH_MIN_MAC) ? AndroidKeyParameters.IMPORTED_HMAC_KEY_WITH_MIN_MAC_ALIAS : AndroidKeyParameters.IMPORTED_HMAC_KEY_NO_MIN_MAC_ALIAS);
            Mac mACInstance = this.keyStoreUtilities.getMACInstance(AndroidKeyParameters.HMAC_ALGORITHM);
            mACInstance.init(secretKey);
            byte[] bytes = TEST_DATA.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
            byte[] doFinal = mACInstance.doFinal(bytes);
            Mac mACInstance2 = this.keyStoreUtilities.getMACInstance(AndroidKeyParameters.HMAC_ALGORITHM);
            mACInstance2.init(new SecretKeySpec(fakeHMACKeyBytes, "HMAC"));
            byte[] bytes2 = TEST_DATA.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes2, "getBytes(...)");
            if (!Arrays.equals(doFinal, mACInstance2.doFinal(bytes2))) {
                throw new GeneralSecurityException("hardware and software HMAC data inconsistent!");
            }
            currentReport.addSucceedCheck(RefreshKeyRequest.CompatibilityTest.HMAC_KEY_SIGNING);
            return true;
        } catch (Exception e) {
            if (!(e instanceof GeneralSecurityException ? true : e instanceof IllegalStateException)) {
                throw e;
            }
            currentReport.addException(e);
            currentReport.addFailedCheck(RefreshKeyRequest.CompatibilityTest.HMAC_KEY_SIGNING);
            return false;
        }
    }

    private final boolean testHMACKeyWithMinMACImport(HieroglyphKeyCompatibilityReport currentReport) {
        if (testKeyImportImpl(currentReport, new AndroidKeyDescription(EcrKeyType.HMAC_KEY_WITH_MIN_MAC), AndroidKeyParameters.IMPORTED_HMAC_KEY_WITH_MIN_MAC_ALIAS, fakeHMACKeyBytes)) {
            currentReport.addSucceedCheck(RefreshKeyRequest.CompatibilityTest.HMAC_KEY_IMPORT_WITH_MIN_MAC);
            return true;
        }
        currentReport.addFailedCheck(RefreshKeyRequest.CompatibilityTest.HMAC_KEY_IMPORT_WITH_MIN_MAC);
        return false;
    }

    private final boolean testKeyGeneration(HieroglyphKeyCompatibilityReport currentReport) {
        try {
            this.wrappingKeyPair = this.keyStoreUtilities.generateKey();
            currentReport.addSucceedCheck(RefreshKeyRequest.CompatibilityTest.KEY_GENERATION);
            int keyMasterVersion = this.keyStoreUtilities.getKeyMasterVersion();
            currentReport.setKeymasterVersion(keyMasterVersion);
            if (keyMasterVersion < 4) {
                currentReport.addFailedCheck(RefreshKeyRequest.CompatibilityTest.KEYMASTER_VERSION);
                return false;
            }
            currentReport.addSucceedCheck(RefreshKeyRequest.CompatibilityTest.KEYMASTER_VERSION);
            return true;
        } catch (Exception e) {
            if (!(e instanceof GeneralSecurityException ? true : e instanceof SecureKeyImportUnavailableException)) {
                throw e;
            }
            currentReport.addException(e);
            currentReport.addFailedCheck(RefreshKeyRequest.CompatibilityTest.KEY_GENERATION);
            return false;
        }
    }

    private final boolean testKeyImportImpl(HieroglyphKeyCompatibilityReport currentReport, AndroidKeyDescription keyDescription, String keyAlias, byte[] realKeyBytes) {
        try {
            KeyStoreCipherUtilities keyStoreCipherUtilities = this.keyStoreUtilities;
            KeyPair keyPair = this.wrappingKeyPair;
            if (keyPair == null) {
                throw new GeneralSecurityException("Key pair missing");
            }
            this.keyStoreUtilities.importKey(keyStoreCipherUtilities.wrapKey(keyPair, keyDescription, fakeTransportKeyBytes, realKeyBytes), keyAlias);
            return true;
        } catch (Exception e) {
            if (!(e instanceof GeneralSecurityException ? true : e instanceof IOException ? true : e instanceof SecureKeyImportUnavailableException)) {
                throw e;
            }
            currentReport.addException(e);
            return false;
        }
    }

    private final boolean testOSAndModel(HieroglyphKeyCompatibilityReport currentReport) {
        String obj = StringsKt.trim((CharSequence) this.phoneProperties.getPhoneModel()).toString();
        List split$default = StringsKt.split$default((CharSequence) this.blockedDevicesProvider.getKeystoreIncompatibleDevices().getValue(), new String[]{","}, false, 0, 6, (Object) null);
        List split$default2 = StringsKt.split$default((CharSequence) this.blockedDevicesProvider.getNfcIncompatibleDevices().getValue(), new String[]{","}, false, 0, 6, (Object) null);
        Iterator it = split$default.iterator();
        while (it.hasNext()) {
            if (StringsKt.equals((String) it.next(), obj, true)) {
                currentReport.addFailedCheck(RefreshKeyRequest.CompatibilityTest.PHONE_MODEL);
                return false;
            }
        }
        Iterator it2 = split$default2.iterator();
        while (it2.hasNext()) {
            if (StringsKt.equals((String) it2.next(), obj, true)) {
                currentReport.addFailedCheck(RefreshKeyRequest.CompatibilityTest.PHONE_MODEL);
                return false;
            }
        }
        currentReport.addSucceedCheck(RefreshKeyRequest.CompatibilityTest.PHONE_MODEL);
        if (this.phoneProperties.getSDKVersion() < 28) {
            currentReport.addFailedCheck(RefreshKeyRequest.CompatibilityTest.OS_VERSION);
            return false;
        }
        currentReport.addSucceedCheck(RefreshKeyRequest.CompatibilityTest.OS_VERSION);
        return true;
    }

    @Override // com.squareup.cryptoattestation.compatibilitycheck.KeyProvisionCompatibilityChecker
    public void deleteReport() {
        getCompatibilityReportCache$impl_release().deleteCompatibilityReport();
    }

    public final HieroglyphKeyCompatibilityReportCache getCompatibilityReportCache$impl_release() {
        return (HieroglyphKeyCompatibilityReportCache) this.compatibilityReportCache.getValue();
    }

    /* renamed from: getKeyStoreExecutor$impl_release, reason: from getter */
    public final ExecutorService getKeyStoreExecutor() {
        return this.keyStoreExecutor;
    }

    /* renamed from: getKeyStoreUtilities$impl_release, reason: from getter */
    public final KeyStoreCipherUtilities getKeyStoreUtilities() {
        return this.keyStoreUtilities;
    }

    /* renamed from: getPhoneProperties$impl_release, reason: from getter */
    public final PhoneProperties getPhoneProperties() {
        return this.phoneProperties;
    }

    @Override // com.squareup.cryptoattestation.compatibilitycheck.KeyProvisionCompatibilityChecker
    public HieroglyphKeyCompatibilityReport getReport() {
        HieroglyphKeyCompatibilityReport compatibilityReport = getCompatibilityReportCache$impl_release().getCompatibilityReport();
        if (compatibilityReport != null) {
            compatibilityReport.setFromCache(true);
            return compatibilityReport;
        }
        if (!this.reportLatch.await(this.reportLoadingStartTime == 0 ? TimeUnit.SECONDS.toNanos(5L) : TimeUnit.SECONDS.toNanos(5L) - (System.nanoTime() - this.reportLoadingStartTime), TimeUnit.NANOSECONDS)) {
            HieroglyphKeyCompatibilityReport initializeReport$impl_release = initializeReport$impl_release();
            initializeReport$impl_release.setTimeout(true);
            return initializeReport$impl_release;
        }
        HieroglyphKeyCompatibilityReport compatibilityReport2 = getCompatibilityReportCache$impl_release().getCompatibilityReport();
        if (compatibilityReport2 != null) {
            return compatibilityReport2;
        }
        throw new GeneralSecurityException("Report missing");
    }

    /* renamed from: getReportLoadingStartTime$impl_release, reason: from getter */
    public final long getReportLoadingStartTime() {
        return this.reportLoadingStartTime;
    }

    public final HieroglyphKeyCompatibilityReport initializeReport$impl_release() {
        HieroglyphKeyCompatibilityReport hieroglyphKeyCompatibilityReport = new HieroglyphKeyCompatibilityReport();
        hieroglyphKeyCompatibilityReport.setChipSet(this.phoneProperties.getPhoneHardware());
        hieroglyphKeyCompatibilityReport.setFingerprint(this.phoneProperties.getOSFingerprint());
        hieroglyphKeyCompatibilityReport.setSecurityPatchLevel(this.phoneProperties.getOSSecurityPatchLevel());
        hieroglyphKeyCompatibilityReport.setPassedChecks(false);
        return hieroglyphKeyCompatibilityReport;
    }

    @Override // com.squareup.cryptoattestation.compatibilitycheck.KeyProvisionCompatibilityChecker
    public boolean meetsRequirement() {
        return getReport().getPassedChecks();
    }

    @Override // mortar.Scoped
    public void onEnterScope(MortarScope scope) {
        Intrinsics.checkNotNullParameter(scope, "scope");
        final Function0<Unit> function0 = new Function0<Unit>() { // from class: com.squareup.cryptoattestation.compatibilitycheck.RealKeyProvisionCompatibilityChecker$onEnterScope$shutdownExecutor$1
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public /* bridge */ /* synthetic */ Unit invoke() {
                invoke2();
                return Unit.INSTANCE;
            }

            /* renamed from: invoke, reason: avoid collision after fix types in other method */
            public final void invoke2() {
                if (RealKeyProvisionCompatibilityChecker.this.getKeyStoreExecutor().isShutdown()) {
                    return;
                }
                RealKeyProvisionCompatibilityChecker.this.getKeyStoreExecutor().shutdownNow();
            }
        };
        final Future<?> submit = this.keyStoreExecutor.submit(new Runnable() { // from class: com.squareup.cryptoattestation.compatibilitycheck.RealKeyProvisionCompatibilityChecker$$ExternalSyntheticLambda0
            @Override // java.lang.Runnable
            public final void run() {
                RealKeyProvisionCompatibilityChecker.onEnterScope$lambda$0(RealKeyProvisionCompatibilityChecker.this);
            }
        });
        this.keyStoreExecutor.submit(new Runnable() { // from class: com.squareup.cryptoattestation.compatibilitycheck.RealKeyProvisionCompatibilityChecker$$ExternalSyntheticLambda1
            @Override // java.lang.Runnable
            public final void run() {
                RealKeyProvisionCompatibilityChecker.onEnterScope$lambda$1(submit, function0);
            }
        });
    }

    @Override // mortar.Scoped
    public void onExitScope() {
    }

    public final void prepareReport$impl_release() {
        this.reportLoadingStartTime = System.nanoTime();
        if (getCompatibilityReportCache$impl_release().getCompatibilityReport() == null) {
            getCompatibilityReportCache$impl_release().setCompatibilityReport(generateReport());
        }
        this.reportLatch.countDown();
    }

    public final void setKeyStoreUtilities$impl_release(KeyStoreCipherUtilities keyStoreCipherUtilities) {
        Intrinsics.checkNotNullParameter(keyStoreCipherUtilities, "<set-?>");
        this.keyStoreUtilities = keyStoreCipherUtilities;
    }

    public final void setPhoneProperties$impl_release(PhoneProperties phoneProperties) {
        Intrinsics.checkNotNullParameter(phoneProperties, "<set-?>");
        this.phoneProperties = phoneProperties;
    }

    public final void setReportLoadingStartTime$impl_release(long j) {
        this.reportLoadingStartTime = j;
    }
}
