package com.squareup.posencryption;

import android.app.Application;
import android.content.SharedPreferences;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.WrappedKeyEntry;
import com.squareup.cryptoattestation.compatibilitycheck.AndroidKeyParameters;
import com.squareup.cryptoattestation.compatibilitycheck.KeyProvisionCompatibilityChecker;
import com.squareup.logging.RemoteLog;
import com.squareup.ms.MinesweeperTicket;
import com.squareup.ms.TicketWithNonce;
import com.squareup.posencryption.HieroglyphKeyProvider;
import com.squareup.protos.client.Status;
import com.squareup.protos.client.flipper.SealedTicket;
import com.squareup.protos.hieroglyph.AugmentedStatus;
import com.squareup.protos.hieroglyph.ClientPublicKey;
import com.squareup.protos.hieroglyph.KeyScope;
import com.squareup.protos.hieroglyph.RefreshKeyRequest;
import com.squareup.protos.hieroglyph.RefreshKeyResponse;
import com.squareup.protos.hieroglyph.WrappedKey;
import com.squareup.receiving.ReceivedResponse;
import com.squareup.receiving.SuccessOrFailure;
import com.squareup.receiving.SuccessOrFailureLogger;
import com.squareup.user.MaybeMerchantToken;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.crypto.SecretKey;
import javax.inject.Inject;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.time.Duration;
import kotlin.time.DurationKt;
import kotlin.time.DurationUnit;
import okio.ByteString;

/* compiled from: RealHieroglyphKeyProvider.kt */
@Metadata(d1 = {"\u0000\u0088\u0001\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\b\n\u0002\u0010\u0003\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\t\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\f\b\u0007\u0018\u0000 92\u00020\u0001:\u000b89:;<=>?@ABBK\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t\u0012\u0006\u0010\n\u001a\u00020\u000b\u0012\u0006\u0010\f\u001a\u00020\r\u0012\n\b\u0001\u0010\u000e\u001a\u0004\u0018\u00010\u000f\u0012\u0006\u0010\u0010\u001a\u00020\u0011¢\u0006\u0002\u0010\u0012J\u0010\u0010\u001d\u001a\u00020\u001e2\u0006\u0010\u001f\u001a\u00020 H\u0002J\u0010\u0010!\u001a\u00020\"2\u0006\u0010#\u001a\u00020\u000fH\u0002J\u0010\u0010$\u001a\u00020\"2\u0006\u0010%\u001a\u00020&H\u0016J\u0012\u0010'\u001a\u0004\u0018\u00010\"2\u0006\u0010%\u001a\u00020&H\u0016J\u0010\u0010(\u001a\u00020\u000f2\u0006\u0010%\u001a\u00020&H\u0002J\u0017\u0010)\u001a\u0004\u0018\u00010*2\u0006\u0010%\u001a\u00020&H\u0016¢\u0006\u0002\u0010+J\u0017\u0010)\u001a\u0004\u0018\u00010*2\u0006\u0010,\u001a\u00020\u000fH\u0002¢\u0006\u0002\u0010-J\u0010\u0010.\u001a\u00020/2\u0006\u00100\u001a\u000201H\u0002J\u0010\u00102\u001a\u0002032\u0006\u0010%\u001a\u00020&H\u0016J\u0010\u00104\u001a\u0002052\u0006\u0010\u001f\u001a\u00020 H\u0002J\b\u00106\u001a\u000207H\u0016R\u000e\u0010\u0013\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\rX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0010\u001a\u00020\u0011X\u0082\u0004¢\u0006\u0002\n\u0000R$\u0010\u0014\u001a\u00020\u00158\u0006@\u0006X\u0087.¢\u0006\u0014\n\u0000\u0012\u0004\b\u0016\u0010\u0017\u001a\u0004\b\u0018\u0010\u0019\"\u0004\b\u001a\u0010\u001bR\u0010\u0010\u000e\u001a\u0004\u0018\u00010\u000fX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u001c\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u000bX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006C"}, d2 = {"Lcom/squareup/posencryption/RealHieroglyphKeyProvider;", "Lcom/squareup/posencryption/HieroglyphKeyProvider;", "hieroglyphService", "Lcom/squareup/posencryption/HieroglyphService;", "msTicket", "Lcom/squareup/ms/MinesweeperTicket;", "keyPairGeneratorTestWrapper", "Lcom/squareup/posencryption/RealHieroglyphKeyProvider$KeyPairGeneratorTestWrapper;", "keyGenAlgorithmParameterSpecTestWrapper", "Lcom/squareup/posencryption/RealHieroglyphKeyProvider$KeyGenAlgorithmParameterSpecTestWrapper;", "wrappedKeyAlgorithmParameterSpecTestWrapper", "Lcom/squareup/posencryption/RealHieroglyphKeyProvider$WrappedKeyAlgorithmParameterSpecTestWrapper;", "keyExpirationCache", "Lcom/squareup/posencryption/RealHieroglyphKeyProvider$HieroglyphKeyExpirationCache;", "merchantId", "", "keyProvisionCompatibilityChecker", "Lcom/squareup/cryptoattestation/compatibilitycheck/KeyProvisionCompatibilityChecker;", "(Lcom/squareup/posencryption/HieroglyphService;Lcom/squareup/ms/MinesweeperTicket;Lcom/squareup/posencryption/RealHieroglyphKeyProvider$KeyPairGeneratorTestWrapper;Lcom/squareup/posencryption/RealHieroglyphKeyProvider$KeyGenAlgorithmParameterSpecTestWrapper;Lcom/squareup/posencryption/RealHieroglyphKeyProvider$WrappedKeyAlgorithmParameterSpecTestWrapper;Lcom/squareup/posencryption/RealHieroglyphKeyProvider$HieroglyphKeyExpirationCache;Ljava/lang/String;Lcom/squareup/cryptoattestation/compatibilitycheck/KeyProvisionCompatibilityChecker;)V", "hieroglyph", "keyStore", "Ljava/security/KeyStore;", "getKeyStore$annotations", "()V", "getKeyStore", "()Ljava/security/KeyStore;", "setKeyStore", "(Ljava/security/KeyStore;)V", "minesweeperTicket", "bestAvailableException", "", "response", "Lcom/squareup/protos/hieroglyph/RefreshKeyResponse;", "fetchIpekSecretKeyFromKeyStore", "Ljavax/crypto/SecretKey;", "ipekAlias", "getIpekKey", "keyType", "Lcom/squareup/posencryption/HieroglyphKeyProvider$KEY_TYPE;", "getIpekKeyWithoutProvisioning", "getKeyAliasFromType", "getKeyExpiration", "", "(Lcom/squareup/posencryption/HieroglyphKeyProvider$KEY_TYPE;)Ljava/lang/Long;", "keyAlias", "(Ljava/lang/String;)Ljava/lang/Long;", "getWrappingKeyPairCertificate", "Ljava/security/cert/Certificate;", "keySize", "", "hasValidKey", "", "importEncryptedHieroglyphKey", "Lcom/squareup/posencryption/RealHieroglyphKeyProvider$KeyImportResult;", "provisionIpekKey", "", "BackendDenyException", "Companion", "HieroglyphKeyExpirationCache", "KeyGenAlgorithmParameterSpecTestWrapper", "KeyImportFailureException", "KeyImportResult", "KeyNotPresentException", "KeyPairGeneratorTestWrapper", "RequestFailureException", "UnknownKeyTypeException", "WrappedKeyAlgorithmParameterSpecTestWrapper", "impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes4.dex */
public final class RealHieroglyphKeyProvider implements HieroglyphKeyProvider {

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    private static final SealedTicket EMPTY_TICKET = new SealedTicket.Builder().ciphertext(ByteString.EMPTY).expiration(0L).creation(0L).build();
    public static final String IPEK_HMAC_PAN_ALIAS_PREFIX = "IPEK-hmac-pan-key-";
    public static final String IPEK_HMAC_PIN_ALIAS_PREFIX = "IPEK-hmac-pin-key-";
    public static final String IPEK_PAN_ALIAS_PREFIX = "IPEK-pan-key-";
    public static final String IPEK_PIN_ALIAS_PREFIX = "IPEK-pin-key-";
    private static final KeyStore.ProtectionParameter NO_KEY_PROTECTION_SPEC = null;
    public static final String WRAPPING_KEY_ALIAS = "ECR-wrapping-key";
    public static final int WRAPPING_KEY_SIZE = 2048;
    private final HieroglyphService hieroglyph;
    private final HieroglyphKeyExpirationCache keyExpirationCache;
    private final KeyGenAlgorithmParameterSpecTestWrapper keyGenAlgorithmParameterSpecTestWrapper;
    private final KeyPairGeneratorTestWrapper keyPairGeneratorTestWrapper;
    private final KeyProvisionCompatibilityChecker keyProvisionCompatibilityChecker;
    public KeyStore keyStore;
    private final String merchantId;
    private final MinesweeperTicket minesweeperTicket;
    private final WrappedKeyAlgorithmParameterSpecTestWrapper wrappedKeyAlgorithmParameterSpecTestWrapper;

    /* compiled from: RealHieroglyphKeyProvider.kt */
    @Metadata(d1 = {"\u0000\u001c\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\b\u0018\u00002\u00060\u0001j\u0002`\u0002B#\b\u0000\u0012\u0006\u0010\u0003\u001a\u00020\u0004\u0012\b\u0010\u0005\u001a\u0004\u0018\u00010\u0006\u0012\b\u0010\u0007\u001a\u0004\u0018\u00010\u0006¢\u0006\u0002\u0010\bR\u0013\u0010\u0007\u001a\u0004\u0018\u00010\u0006¢\u0006\b\n\u0000\u001a\u0004\b\t\u0010\nR\u0013\u0010\u0005\u001a\u0004\u0018\u00010\u0006¢\u0006\b\n\u0000\u001a\u0004\b\u000b\u0010\nR\u0011\u0010\u0003\u001a\u00020\u0004¢\u0006\b\n\u0000\u001a\u0004\b\f\u0010\r¨\u0006\u000e"}, d2 = {"Lcom/squareup/posencryption/RealHieroglyphKeyProvider$BackendDenyException;", "Ljava/lang/Exception;", "Lkotlin/Exception;", "uxHint", "Lcom/squareup/protos/hieroglyph/AugmentedStatus$UserExperienceHint;", "localizedTitle", "", "localizedDescription", "(Lcom/squareup/protos/hieroglyph/AugmentedStatus$UserExperienceHint;Ljava/lang/String;Ljava/lang/String;)V", "getLocalizedDescription", "()Ljava/lang/String;", "getLocalizedTitle", "getUxHint", "()Lcom/squareup/protos/hieroglyph/AugmentedStatus$UserExperienceHint;", "impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes4.dex */
    public static final class BackendDenyException extends Exception {
        private final String localizedDescription;
        private final String localizedTitle;
        private final AugmentedStatus.UserExperienceHint uxHint;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public BackendDenyException(AugmentedStatus.UserExperienceHint uxHint, String str, String str2) {
            super("ECR Key provisioning denied due to " + str);
            Intrinsics.checkNotNullParameter(uxHint, "uxHint");
            this.uxHint = uxHint;
            this.localizedTitle = str;
            this.localizedDescription = str2;
        }

        public final String getLocalizedDescription() {
            return this.localizedDescription;
        }

        public final String getLocalizedTitle() {
            return this.localizedTitle;
        }

        public final AugmentedStatus.UserExperienceHint getUxHint() {
            return this.uxHint;
        }
    }

    /* compiled from: RealHieroglyphKeyProvider.kt */
    @Metadata(d1 = {"\u0000(\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\b\n\u0000\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0006X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0006X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\u0006X\u0086T¢\u0006\u0002\n\u0000R\u001e\u0010\n\u001a\u0004\u0018\u00010\u000b8\u0006X\u0087\u0004¢\u0006\u000e\n\u0000\u0012\u0004\b\f\u0010\u0002\u001a\u0004\b\r\u0010\u000eR\u000e\u0010\u000f\u001a\u00020\u0006X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0010\u001a\u00020\u0011X\u0086T¢\u0006\u0002\n\u0000¨\u0006\u0012"}, d2 = {"Lcom/squareup/posencryption/RealHieroglyphKeyProvider$Companion;", "", "()V", "EMPTY_TICKET", "Lcom/squareup/protos/client/flipper/SealedTicket;", "IPEK_HMAC_PAN_ALIAS_PREFIX", "", "IPEK_HMAC_PIN_ALIAS_PREFIX", "IPEK_PAN_ALIAS_PREFIX", "IPEK_PIN_ALIAS_PREFIX", "NO_KEY_PROTECTION_SPEC", "Ljava/security/KeyStore$ProtectionParameter;", "getNO_KEY_PROTECTION_SPEC$annotations", "getNO_KEY_PROTECTION_SPEC", "()Ljava/security/KeyStore$ProtectionParameter;", "WRAPPING_KEY_ALIAS", "WRAPPING_KEY_SIZE", "", "impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes4.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public static /* synthetic */ void getNO_KEY_PROTECTION_SPEC$annotations() {
        }

        public final KeyStore.ProtectionParameter getNO_KEY_PROTECTION_SPEC() {
            return RealHieroglyphKeyProvider.NO_KEY_PROTECTION_SPEC;
        }
    }

    /* compiled from: RealHieroglyphKeyProvider.kt */
    @Metadata(d1 = {"\u00002\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010%\n\u0002\u0010\t\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u0002\n\u0002\b\u0003\b\u0007\u0018\u00002\u00020\u0001B\u0017\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\b\u0010\u0004\u001a\u0004\u0018\u00010\u0005¢\u0006\u0002\u0010\u0006J\u0015\u0010\f\u001a\u0004\u0018\u00010\t2\u0006\u0010\r\u001a\u00020\u0005¢\u0006\u0002\u0010\u000eJ\u0010\u0010\u000f\u001a\u00020\u00102\u0006\u0010\r\u001a\u00020\u0005H\u0002J\u0016\u0010\u0011\u001a\u00020\u00102\u0006\u0010\r\u001a\u00020\u00052\u0006\u0010\u0012\u001a\u00020\tR\u001c\u0010\u0007\u001a\u0010\u0012\u0004\u0012\u00020\u0005\u0012\u0006\u0012\u0004\u0018\u00010\t0\bX\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u000bX\u0082\u000e¢\u0006\u0002\n\u0000¨\u0006\u0013"}, d2 = {"Lcom/squareup/posencryption/RealHieroglyphKeyProvider$HieroglyphKeyExpirationCache;", "", "application", "Landroid/app/Application;", "merchantId", "", "(Landroid/app/Application;Ljava/lang/String;)V", "keyExpirationsMemCache", "", "", "keyExpirationsStorage", "Landroid/content/SharedPreferences;", "getExpiration", "keyAlias", "(Ljava/lang/String;)Ljava/lang/Long;", "loadExpiration", "", "setExpiration", "expiration", "impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes4.dex */
    public static final class HieroglyphKeyExpirationCache {
        private Map<String, Long> keyExpirationsMemCache;
        private SharedPreferences keyExpirationsStorage;

        public HieroglyphKeyExpirationCache(Application application, String str) {
            Intrinsics.checkNotNullParameter(application, "application");
            SharedPreferences sharedPreferences = application.getSharedPreferences("ipek_key_expirations", 0);
            Intrinsics.checkNotNullExpressionValue(sharedPreferences, "getSharedPreferences(...)");
            this.keyExpirationsStorage = sharedPreferences;
            this.keyExpirationsMemCache = new LinkedHashMap();
            loadExpiration(RealHieroglyphKeyProvider.IPEK_PAN_ALIAS_PREFIX + (str == null ? "" : str));
            loadExpiration(RealHieroglyphKeyProvider.IPEK_PIN_ALIAS_PREFIX + (str == null ? "" : str));
            loadExpiration(RealHieroglyphKeyProvider.IPEK_HMAC_PAN_ALIAS_PREFIX + (str == null ? "" : str));
            loadExpiration(RealHieroglyphKeyProvider.IPEK_HMAC_PIN_ALIAS_PREFIX + (str == null ? "" : str));
        }

        private final void loadExpiration(String keyAlias) {
            if (this.keyExpirationsStorage.contains(keyAlias)) {
                this.keyExpirationsMemCache.put(keyAlias, Long.valueOf(this.keyExpirationsStorage.getLong(keyAlias, 0L)));
            } else {
                this.keyExpirationsMemCache.put(keyAlias, null);
            }
        }

        public final Long getExpiration(String keyAlias) {
            Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
            return this.keyExpirationsMemCache.get(keyAlias);
        }

        public final void setExpiration(String keyAlias, long expiration) {
            Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
            SharedPreferences.Editor edit = this.keyExpirationsStorage.edit();
            edit.putLong(keyAlias, expiration);
            edit.commit();
            loadExpiration(keyAlias);
        }
    }

    /* compiled from: RealHieroglyphKeyProvider.kt */
    @Metadata(d1 = {"\u0000&\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\b\n\u0000\n\u0002\u0010\u000e\n\u0000\b\u0007\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J&\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\u00062\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b¨\u0006\f"}, d2 = {"Lcom/squareup/posencryption/RealHieroglyphKeyProvider$KeyGenAlgorithmParameterSpecTestWrapper;", "", "()V", "getKeyPairAlgorithmParameterSpec", "Landroid/security/keystore/KeyGenParameterSpec;", "start", "Ljava/util/Date;", "end", "keySize", "", "keyAlias", "", "impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes4.dex */
    public static final class KeyGenAlgorithmParameterSpecTestWrapper {
        public final KeyGenParameterSpec getKeyPairAlgorithmParameterSpec(Date start, Date end, int keySize, String keyAlias) {
            Intrinsics.checkNotNullParameter(start, "start");
            Intrinsics.checkNotNullParameter(end, "end");
            Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
            KeyGenParameterSpec.Builder keyValidityEnd = new KeyGenParameterSpec.Builder(keyAlias, 32).setDigests("SHA-256").setEncryptionPaddings("OAEPPadding").setBlockModes("ECB").setIsStrongBoxBacked(false).setKeySize(keySize).setKeyValidityStart(start).setKeyValidityEnd(end);
            String date = start.toString();
            Intrinsics.checkNotNullExpressionValue(date, "toString(...)");
            byte[] bytes = date.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
            KeyGenParameterSpec build = keyValidityEnd.setAttestationChallenge(bytes).build();
            Intrinsics.checkNotNullExpressionValue(build, "build(...)");
            return build;
        }
    }

    /* compiled from: RealHieroglyphKeyProvider.kt */
    @Metadata(d1 = {"\u0000\u0016\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\b\u0086\u0004\u0018\u00002\u00060\u0001j\u0002`\u0002B\u000f\b\u0000\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005¨\u0006\u0006"}, d2 = {"Lcom/squareup/posencryption/RealHieroglyphKeyProvider$KeyImportFailureException;", "Ljava/lang/Exception;", "Lkotlin/Exception;", "keyAlias", "", "(Lcom/squareup/posencryption/RealHieroglyphKeyProvider;Ljava/lang/String;)V", "impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes4.dex */
    public final class KeyImportFailureException extends Exception {
        final /* synthetic */ RealHieroglyphKeyProvider this$0;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public KeyImportFailureException(RealHieroglyphKeyProvider realHieroglyphKeyProvider, String keyAlias) {
            super("Client-side key import failed for alias " + keyAlias + " after server returned key successfully");
            Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
            this.this$0 = realHieroglyphKeyProvider;
        }
    }

    /* compiled from: RealHieroglyphKeyProvider.kt */
    @Metadata(d1 = {"\u0000\u0016\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\b6\u0018\u00002\u00020\u0001:\u0002\u0003\u0004B\u0007\b\u0004¢\u0006\u0002\u0010\u0002\u0082\u0001\u0002\u0005\u0006¨\u0006\u0007"}, d2 = {"Lcom/squareup/posencryption/RealHieroglyphKeyProvider$KeyImportResult;", "", "()V", "Failure", "Success", "Lcom/squareup/posencryption/RealHieroglyphKeyProvider$KeyImportResult$Failure;", "Lcom/squareup/posencryption/RealHieroglyphKeyProvider$KeyImportResult$Success;", "impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes4.dex */
    public static abstract class KeyImportResult {

        /* compiled from: RealHieroglyphKeyProvider.kt */
        @Metadata(d1 = {"\u0000&\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0006\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u0000\n\u0000\n\u0002\u0010\b\n\u0002\b\u0002\b\u0086\b\u0018\u00002\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\t\u0010\u0007\u001a\u00020\u0003HÆ\u0003J\u0013\u0010\b\u001a\u00020\u00002\b\b\u0002\u0010\u0002\u001a\u00020\u0003HÆ\u0001J\u0013\u0010\t\u001a\u00020\n2\b\u0010\u000b\u001a\u0004\u0018\u00010\fHÖ\u0003J\t\u0010\r\u001a\u00020\u000eHÖ\u0001J\t\u0010\u000f\u001a\u00020\u0003HÖ\u0001R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\u0005\u0010\u0006¨\u0006\u0010"}, d2 = {"Lcom/squareup/posencryption/RealHieroglyphKeyProvider$KeyImportResult$Failure;", "Lcom/squareup/posencryption/RealHieroglyphKeyProvider$KeyImportResult;", "keyAlias", "", "(Ljava/lang/String;)V", "getKeyAlias", "()Ljava/lang/String;", "component1", "copy", "equals", "", "other", "", "hashCode", "", "toString", "impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
        /* loaded from: classes4.dex */
        public static final /* data */ class Failure extends KeyImportResult {
            private final String keyAlias;

            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            public Failure(String keyAlias) {
                super(null);
                Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
                this.keyAlias = keyAlias;
            }

            public static /* synthetic */ Failure copy$default(Failure failure, String str, int i, Object obj) {
                if ((i & 1) != 0) {
                    str = failure.keyAlias;
                }
                return failure.copy(str);
            }

            /* renamed from: component1, reason: from getter */
            public final String getKeyAlias() {
                return this.keyAlias;
            }

            public final Failure copy(String keyAlias) {
                Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
                return new Failure(keyAlias);
            }

            public boolean equals(Object other) {
                if (this == other) {
                    return true;
                }
                return (other instanceof Failure) && Intrinsics.areEqual(this.keyAlias, ((Failure) other).keyAlias);
            }

            public final String getKeyAlias() {
                return this.keyAlias;
            }

            public int hashCode() {
                return this.keyAlias.hashCode();
            }

            public String toString() {
                return "Failure(keyAlias=" + this.keyAlias + ')';
            }
        }

        /* compiled from: RealHieroglyphKeyProvider.kt */
        @Metadata(d1 = {"\u0000\f\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\bÆ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002¨\u0006\u0003"}, d2 = {"Lcom/squareup/posencryption/RealHieroglyphKeyProvider$KeyImportResult$Success;", "Lcom/squareup/posencryption/RealHieroglyphKeyProvider$KeyImportResult;", "()V", "impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
        /* loaded from: classes4.dex */
        public static final class Success extends KeyImportResult {
            public static final Success INSTANCE = new Success();

            private Success() {
                super(null);
            }
        }

        private KeyImportResult() {
        }

        public /* synthetic */ KeyImportResult(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: RealHieroglyphKeyProvider.kt */
    @Metadata(d1 = {"\u0000\u0016\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\b\u0086\u0004\u0018\u00002\u00060\u0001j\u0002`\u0002B\u000f\b\u0000\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005¨\u0006\u0006"}, d2 = {"Lcom/squareup/posencryption/RealHieroglyphKeyProvider$KeyNotPresentException;", "Ljava/lang/Exception;", "Lkotlin/Exception;", "keyAlias", "", "(Lcom/squareup/posencryption/RealHieroglyphKeyProvider;Ljava/lang/String;)V", "impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes4.dex */
    public final class KeyNotPresentException extends Exception {
        final /* synthetic */ RealHieroglyphKeyProvider this$0;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public KeyNotPresentException(RealHieroglyphKeyProvider realHieroglyphKeyProvider, String keyAlias) {
            super("Key not present for alias " + keyAlias + " after re-provisioning");
            Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
            this.this$0 = realHieroglyphKeyProvider;
        }
    }

    /* compiled from: RealHieroglyphKeyProvider.kt */
    @Metadata(d1 = {"\u0000\u001e\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\b\u0007\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\u0018\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\b\u0010\u0007\u001a\u0004\u0018\u00010\b¨\u0006\t"}, d2 = {"Lcom/squareup/posencryption/RealHieroglyphKeyProvider$KeyPairGeneratorTestWrapper;", "", "()V", "getInstance", "Ljava/security/KeyPairGenerator;", "algorithm", "", "keystoreProvider", "Ljava/security/Provider;", "impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes4.dex */
    public static final class KeyPairGeneratorTestWrapper {
        public final KeyPairGenerator getInstance(String algorithm, Provider keystoreProvider) throws NoSuchAlgorithmException {
            Intrinsics.checkNotNullParameter(algorithm, "algorithm");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(algorithm, keystoreProvider);
            Intrinsics.checkNotNullExpressionValue(keyPairGenerator, "getInstance(...)");
            return keyPairGenerator;
        }
    }

    /* compiled from: RealHieroglyphKeyProvider.kt */
    @Metadata(d1 = {"\u0000\u0016\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\b\u0086\u0004\u0018\u00002\u00060\u0001j\u0002`\u0002B\u000f\b\u0000\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005¨\u0006\u0006"}, d2 = {"Lcom/squareup/posencryption/RealHieroglyphKeyProvider$RequestFailureException;", "Ljava/lang/Exception;", "Lkotlin/Exception;", "keyTypeName", "", "(Lcom/squareup/posencryption/RealHieroglyphKeyProvider;Ljava/lang/String;)V", "impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes4.dex */
    public final class RequestFailureException extends Exception {
        final /* synthetic */ RealHieroglyphKeyProvider this$0;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public RequestFailureException(RealHieroglyphKeyProvider realHieroglyphKeyProvider, String keyTypeName) {
            super("Couldn't provision key material from backend: " + keyTypeName);
            Intrinsics.checkNotNullParameter(keyTypeName, "keyTypeName");
            this.this$0 = realHieroglyphKeyProvider;
        }
    }

    /* compiled from: RealHieroglyphKeyProvider.kt */
    @Metadata(d1 = {"\u0000\u0016\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\b\u0086\u0004\u0018\u00002\u00060\u0001j\u0002`\u0002B\u000f\b\u0000\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005¨\u0006\u0006"}, d2 = {"Lcom/squareup/posencryption/RealHieroglyphKeyProvider$UnknownKeyTypeException;", "Ljava/lang/Exception;", "Lkotlin/Exception;", "keyTypeName", "", "(Lcom/squareup/posencryption/RealHieroglyphKeyProvider;Ljava/lang/String;)V", "impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes4.dex */
    public final class UnknownKeyTypeException extends Exception {
        final /* synthetic */ RealHieroglyphKeyProvider this$0;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public UnknownKeyTypeException(RealHieroglyphKeyProvider realHieroglyphKeyProvider, String keyTypeName) {
            super("Unhandled key type: " + keyTypeName);
            Intrinsics.checkNotNullParameter(keyTypeName, "keyTypeName");
            this.this$0 = realHieroglyphKeyProvider;
        }
    }

    /* compiled from: RealHieroglyphKeyProvider.kt */
    @Metadata(k = 3, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes4.dex */
    public /* synthetic */ class WhenMappings {
        public static final /* synthetic */ int[] $EnumSwitchMapping$0;
        public static final /* synthetic */ int[] $EnumSwitchMapping$1;

        static {
            int[] iArr = new int[KeyScope.values().length];
            try {
                iArr[KeyScope.ECR_PAN.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                iArr[KeyScope.ECR_PIN.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                iArr[KeyScope.ECR_PAN_HMAC.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                iArr[KeyScope.ECR_PIN_HMAC.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            $EnumSwitchMapping$0 = iArr;
            int[] iArr2 = new int[HieroglyphKeyProvider.KEY_TYPE.values().length];
            try {
                iArr2[HieroglyphKeyProvider.KEY_TYPE.PAN_KEY.ordinal()] = 1;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                iArr2[HieroglyphKeyProvider.KEY_TYPE.PIN_KEY.ordinal()] = 2;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                iArr2[HieroglyphKeyProvider.KEY_TYPE.HMAC_PAN_KEY.ordinal()] = 3;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                iArr2[HieroglyphKeyProvider.KEY_TYPE.HMAC_PIN_KEY.ordinal()] = 4;
            } catch (NoSuchFieldError unused8) {
            }
            $EnumSwitchMapping$1 = iArr2;
        }
    }

    /* compiled from: RealHieroglyphKeyProvider.kt */
    @Metadata(d1 = {"\u0000\u001e\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0000\n\u0002\u0010\u000e\n\u0000\b\u0007\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\u0018\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\b\u0010\u0007\u001a\u0004\u0018\u00010\b¨\u0006\t"}, d2 = {"Lcom/squareup/posencryption/RealHieroglyphKeyProvider$WrappedKeyAlgorithmParameterSpecTestWrapper;", "", "()V", "getWrappedKeyAlgorithmParameterSpec", "Landroid/security/keystore/KeyGenParameterSpec;", "keySize", "", "keyAlias", "", "impl_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes4.dex */
    public static final class WrappedKeyAlgorithmParameterSpecTestWrapper {
        public final KeyGenParameterSpec getWrappedKeyAlgorithmParameterSpec(int keySize, String keyAlias) {
            Intrinsics.checkNotNull(keyAlias);
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(keyAlias, 32).setDigests("SHA-256").setKeySize(keySize).build();
            Intrinsics.checkNotNullExpressionValue(build, "build(...)");
            return build;
        }
    }

    @Inject
    public RealHieroglyphKeyProvider(HieroglyphService hieroglyphService, MinesweeperTicket msTicket, KeyPairGeneratorTestWrapper keyPairGeneratorTestWrapper, KeyGenAlgorithmParameterSpecTestWrapper keyGenAlgorithmParameterSpecTestWrapper, WrappedKeyAlgorithmParameterSpecTestWrapper wrappedKeyAlgorithmParameterSpecTestWrapper, HieroglyphKeyExpirationCache keyExpirationCache, @MaybeMerchantToken String str, KeyProvisionCompatibilityChecker keyProvisionCompatibilityChecker) {
        Intrinsics.checkNotNullParameter(hieroglyphService, "hieroglyphService");
        Intrinsics.checkNotNullParameter(msTicket, "msTicket");
        Intrinsics.checkNotNullParameter(keyPairGeneratorTestWrapper, "keyPairGeneratorTestWrapper");
        Intrinsics.checkNotNullParameter(keyGenAlgorithmParameterSpecTestWrapper, "keyGenAlgorithmParameterSpecTestWrapper");
        Intrinsics.checkNotNullParameter(wrappedKeyAlgorithmParameterSpecTestWrapper, "wrappedKeyAlgorithmParameterSpecTestWrapper");
        Intrinsics.checkNotNullParameter(keyExpirationCache, "keyExpirationCache");
        Intrinsics.checkNotNullParameter(keyProvisionCompatibilityChecker, "keyProvisionCompatibilityChecker");
        this.keyPairGeneratorTestWrapper = keyPairGeneratorTestWrapper;
        this.keyGenAlgorithmParameterSpecTestWrapper = keyGenAlgorithmParameterSpecTestWrapper;
        this.wrappedKeyAlgorithmParameterSpecTestWrapper = wrappedKeyAlgorithmParameterSpecTestWrapper;
        this.keyExpirationCache = keyExpirationCache;
        this.merchantId = str;
        this.keyProvisionCompatibilityChecker = keyProvisionCompatibilityChecker;
        this.hieroglyph = hieroglyphService;
        this.minesweeperTicket = msTicket;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            Intrinsics.checkNotNullExpressionValue(keyStore, "getInstance(...)");
            setKeyStore(keyStore);
            getKeyStore().load(null);
        } catch (Exception e) {
            RemoteLog.w$default(e, null, 2, null);
            if (!(e instanceof KeyStoreException ? true : e instanceof CertificateException ? true : e instanceof IOException ? true : e instanceof NoSuchAlgorithmException)) {
                throw e;
            }
        }
    }

    private final Throwable bestAvailableException(RefreshKeyResponse response) {
        Object obj;
        AugmentedStatus augmentedStatus = response.status;
        if (augmentedStatus == null || augmentedStatus.ux_hint.isEmpty()) {
            return new RequestFailureException(this, "No keys present in response and no reason given.");
        }
        Iterator<T> it = augmentedStatus.ux_hint.iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            }
            obj = it.next();
            if (((AugmentedStatus.UserExperienceHint) obj) != AugmentedStatus.UserExperienceHint.NO_SUGGESTED_ACTION) {
                break;
            }
        }
        AugmentedStatus.UserExperienceHint userExperienceHint = (AugmentedStatus.UserExperienceHint) obj;
        if (userExperienceHint == null) {
            userExperienceHint = AugmentedStatus.UserExperienceHint.NO_SUGGESTED_ACTION;
        }
        Status status = augmentedStatus.status;
        String str = status != null ? status.localized_title : null;
        Status status2 = augmentedStatus.status;
        return new BackendDenyException(userExperienceHint, str, status2 != null ? status2.localized_description : null);
    }

    private final SecretKey fetchIpekSecretKeyFromKeyStore(String ipekAlias) throws UnrecoverableEntryException, NoSuchAlgorithmException, KeyStoreException {
        KeyStore.Entry entry = getKeyStore().getEntry(ipekAlias, NO_KEY_PROTECTION_SPEC);
        Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.SecretKeyEntry");
        SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
        Intrinsics.checkNotNullExpressionValue(secretKey, "getSecretKey(...)");
        return secretKey;
    }

    private final String getKeyAliasFromType(HieroglyphKeyProvider.KEY_TYPE keyType) {
        int i = WhenMappings.$EnumSwitchMapping$1[keyType.ordinal()];
        if (i == 1) {
            StringBuilder sb = new StringBuilder(IPEK_PAN_ALIAS_PREFIX);
            String str = this.merchantId;
            return sb.append(str != null ? str : "").toString();
        }
        if (i == 2) {
            StringBuilder sb2 = new StringBuilder(IPEK_PIN_ALIAS_PREFIX);
            String str2 = this.merchantId;
            return sb2.append(str2 != null ? str2 : "").toString();
        }
        if (i == 3) {
            StringBuilder sb3 = new StringBuilder(IPEK_HMAC_PAN_ALIAS_PREFIX);
            String str3 = this.merchantId;
            return sb3.append(str3 != null ? str3 : "").toString();
        }
        if (i != 4) {
            throw new NoWhenBranchMatchedException();
        }
        StringBuilder sb4 = new StringBuilder(IPEK_HMAC_PIN_ALIAS_PREFIX);
        String str4 = this.merchantId;
        return sb4.append(str4 != null ? str4 : "").toString();
    }

    private final Long getKeyExpiration(String keyAlias) {
        return this.keyExpirationCache.getExpiration(keyAlias);
    }

    public static /* synthetic */ void getKeyStore$annotations() {
    }

    private final Certificate getWrappingKeyPairCertificate(int keySize) throws KeyStoreException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        if (getKeyStore().containsAlias(WRAPPING_KEY_ALIAS)) {
            getKeyStore().deleteEntry(WRAPPING_KEY_ALIAS);
        }
        Calendar calendar = Calendar.getInstance();
        calendar.add(5, -7);
        Date time = calendar.getTime();
        calendar.add(5, 365);
        Date time2 = calendar.getTime();
        KeyPairGenerator keyPairGeneratorTestWrapper = this.keyPairGeneratorTestWrapper.getInstance("RSA", getKeyStore().getProvider());
        KeyGenAlgorithmParameterSpecTestWrapper keyGenAlgorithmParameterSpecTestWrapper = this.keyGenAlgorithmParameterSpecTestWrapper;
        Intrinsics.checkNotNull(time);
        Intrinsics.checkNotNull(time2);
        keyPairGeneratorTestWrapper.initialize(keyGenAlgorithmParameterSpecTestWrapper.getKeyPairAlgorithmParameterSpec(time, time2, keySize, WRAPPING_KEY_ALIAS));
        keyPairGeneratorTestWrapper.generateKeyPair();
        Certificate certificate = getKeyStore().getCertificate(WRAPPING_KEY_ALIAS);
        Intrinsics.checkNotNullExpressionValue(certificate, "getCertificate(...)");
        return certificate;
    }

    private final KeyImportResult importEncryptedHieroglyphKey(RefreshKeyResponse response) throws UnknownKeyTypeException {
        String keyAliasFromType;
        KeyGenParameterSpec wrappedKeyAlgorithmParameterSpec = this.wrappedKeyAlgorithmParameterSpecTestWrapper.getWrappedKeyAlgorithmParameterSpec(2048, WRAPPING_KEY_ALIAS);
        if (response.keys.isEmpty()) {
            throw bestAvailableException(response);
        }
        for (WrappedKey wrappedKey : response.keys) {
            ByteString byteString = wrappedKey.key_ciphertext;
            Intrinsics.checkNotNull(byteString);
            WrappedKeyEntry wrappedKeyEntry = new WrappedKeyEntry(byteString.toByteArray(), WRAPPING_KEY_ALIAS, AndroidKeyParameters.TRANSPORT_WRAPPING_ALGORITHM, wrappedKeyAlgorithmParameterSpec);
            KeyScope keyScope = wrappedKey.key_scope;
            int i = keyScope == null ? -1 : WhenMappings.$EnumSwitchMapping$0[keyScope.ordinal()];
            if (i == 1) {
                keyAliasFromType = getKeyAliasFromType(HieroglyphKeyProvider.KEY_TYPE.PAN_KEY);
            } else if (i == 2) {
                keyAliasFromType = getKeyAliasFromType(HieroglyphKeyProvider.KEY_TYPE.PIN_KEY);
            } else if (i == 3) {
                keyAliasFromType = getKeyAliasFromType(HieroglyphKeyProvider.KEY_TYPE.HMAC_PAN_KEY);
            } else {
                if (i != 4) {
                    KeyScope keyScope2 = wrappedKey.key_scope;
                    Intrinsics.checkNotNull(keyScope2);
                    throw new UnknownKeyTypeException(this, keyScope2.name());
                }
                keyAliasFromType = getKeyAliasFromType(HieroglyphKeyProvider.KEY_TYPE.HMAC_PIN_KEY);
            }
            try {
                getKeyStore().setEntry(keyAliasFromType, wrappedKeyEntry, null);
                Long l = wrappedKey.key_ttl_millis;
                if (l != null) {
                    this.keyExpirationCache.setExpiration(keyAliasFromType, l.longValue() + System.currentTimeMillis());
                }
            } catch (KeyStoreException e) {
                this.keyProvisionCompatibilityChecker.deleteReport();
                RemoteLog.w$default(e, null, 2, null);
                return new KeyImportResult.Failure(keyAliasFromType);
            }
        }
        return KeyImportResult.Success.INSTANCE;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final ByteString provisionIpekKey$lambda$1(Function1 tmp0, Object obj) {
        Intrinsics.checkNotNullParameter(tmp0, "$tmp0");
        return (ByteString) tmp0.invoke(obj);
    }

    @Override // com.squareup.posencryption.HieroglyphKeyProvider
    public SecretKey getIpekKey(HieroglyphKeyProvider.KEY_TYPE keyType) throws KeyStoreException, UnknownKeyTypeException, KeyNotPresentException {
        boolean z;
        Intrinsics.checkNotNullParameter(keyType, "keyType");
        String keyAliasFromType = getKeyAliasFromType(keyType);
        long currentTimeMillis = System.currentTimeMillis();
        Long keyExpiration = getKeyExpiration(keyAliasFromType);
        if (keyExpiration == null || currentTimeMillis <= keyExpiration.longValue()) {
            z = false;
        } else {
            if (getKeyStore().containsAlias(keyAliasFromType)) {
                getKeyStore().deleteEntry(keyAliasFromType);
            }
            z = true;
        }
        if (getKeyStore().containsAlias(keyAliasFromType) && !z) {
            try {
                return fetchIpekSecretKeyFromKeyStore(keyAliasFromType);
            } catch (Exception e) {
                RemoteLog.w$default(e, null, 2, null);
                if (!(e instanceof UnrecoverableEntryException ? true : e instanceof NoSuchAlgorithmException ? true : e instanceof KeyStoreException)) {
                    throw e;
                }
            }
        }
        try {
            provisionIpekKey();
        } catch (Exception e2) {
            RemoteLog.w$default(e2, null, 2, null);
            if (!(e2 instanceof InvalidAlgorithmParameterException ? true : e2 instanceof NoSuchAlgorithmException ? true : e2 instanceof KeyStoreException ? true : e2 instanceof KeyImportFailureException)) {
                throw e2;
            }
        }
        if (getKeyStore().containsAlias(keyAliasFromType)) {
            try {
                return fetchIpekSecretKeyFromKeyStore(keyAliasFromType);
            } catch (Exception e3) {
                RemoteLog.w$default(e3, null, 2, null);
                if (!(e3 instanceof UnrecoverableEntryException ? true : e3 instanceof NoSuchAlgorithmException ? true : e3 instanceof KeyStoreException)) {
                    throw e3;
                }
            }
        }
        throw new KeyNotPresentException(this, keyAliasFromType);
    }

    @Override // com.squareup.posencryption.HieroglyphKeyProvider
    public SecretKey getIpekKeyWithoutProvisioning(HieroglyphKeyProvider.KEY_TYPE keyType) throws KeyStoreException, UnknownKeyTypeException, KeyNotPresentException {
        Intrinsics.checkNotNullParameter(keyType, "keyType");
        String keyAliasFromType = getKeyAliasFromType(keyType);
        if (!hasValidKey(keyType)) {
            return null;
        }
        try {
            return fetchIpekSecretKeyFromKeyStore(keyAliasFromType);
        } catch (Exception e) {
            RemoteLog.w$default(e, null, 2, null);
            if (e instanceof UnrecoverableEntryException ? true : e instanceof NoSuchAlgorithmException ? true : e instanceof KeyStoreException) {
                throw e;
            }
            throw e;
        }
    }

    @Override // com.squareup.posencryption.HieroglyphKeyProvider
    public Long getKeyExpiration(HieroglyphKeyProvider.KEY_TYPE keyType) {
        Intrinsics.checkNotNullParameter(keyType, "keyType");
        return getKeyExpiration(getKeyAliasFromType(keyType));
    }

    public final KeyStore getKeyStore() {
        KeyStore keyStore = this.keyStore;
        if (keyStore != null) {
            return keyStore;
        }
        Intrinsics.throwUninitializedPropertyAccessException("keyStore");
        return null;
    }

    @Override // com.squareup.posencryption.HieroglyphKeyProvider
    public boolean hasValidKey(HieroglyphKeyProvider.KEY_TYPE keyType) {
        Intrinsics.checkNotNullParameter(keyType, "keyType");
        String keyAliasFromType = getKeyAliasFromType(keyType);
        Long keyExpiration = getKeyExpiration(keyAliasFromType);
        return keyExpiration != null && keyExpiration.longValue() > System.currentTimeMillis() && getKeyStore().containsAlias(keyAliasFromType);
    }

    @Override // com.squareup.posencryption.HieroglyphKeyProvider
    public void provisionIpekKey() throws KeyStoreException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, UnknownKeyTypeException, RequestFailureException, BackendDenyException, KeyImportFailureException, InterruptedException {
        Certificate wrappingKeyPairCertificate = getWrappingKeyPairCertificate(2048);
        ByteString.Companion companion = ByteString.INSTANCE;
        byte[] encoded = wrappingKeyPairCertificate.getPublicKey().getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "getEncoded(...)");
        ByteString of = companion.of(Arrays.copyOf(encoded, encoded.length));
        Stream stream = Arrays.stream(getKeyStore().getCertificateChain(WRAPPING_KEY_ALIAS));
        final RealHieroglyphKeyProvider$provisionIpekKey$encodedPubKeyCertChain$1 realHieroglyphKeyProvider$provisionIpekKey$encodedPubKeyCertChain$1 = new Function1<Certificate, ByteString>() { // from class: com.squareup.posencryption.RealHieroglyphKeyProvider$provisionIpekKey$encodedPubKeyCertChain$1
            @Override // kotlin.jvm.functions.Function1
            public final ByteString invoke(Certificate certificate) {
                Intrinsics.checkNotNullParameter(certificate, "certificate");
                try {
                    ByteString.Companion companion2 = ByteString.INSTANCE;
                    byte[] encoded2 = certificate.getEncoded();
                    Intrinsics.checkNotNullExpressionValue(encoded2, "getEncoded(...)");
                    return companion2.of(Arrays.copyOf(encoded2, encoded2.length));
                } catch (CertificateEncodingException e) {
                    RemoteLog.w$default(e, null, 2, null);
                    return ByteString.EMPTY;
                }
            }
        };
        List<? extends ByteString> list = (List) stream.map(new Function() { // from class: com.squareup.posencryption.RealHieroglyphKeyProvider$$ExternalSyntheticLambda0
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                ByteString provisionIpekKey$lambda$1;
                provisionIpekKey$lambda$1 = RealHieroglyphKeyProvider.provisionIpekKey$lambda$1(Function1.this, obj);
                return provisionIpekKey$lambda$1;
            }
        }).collect(Collectors.toList());
        Duration.Companion companion2 = Duration.INSTANCE;
        TicketWithNonce freshTicketWithNonce = this.minesweeperTicket.getFreshTicketWithNonce((int) Duration.m7262getInWholeSecondsimpl(DurationKt.toDuration(2, DurationUnit.MINUTES)));
        if (freshTicketWithNonce == null) {
            freshTicketWithNonce = new TicketWithNonce(EMPTY_TICKET, 0L, 2, null);
        }
        HieroglyphKeyCompatibilityReport report = this.keyProvisionCompatibilityChecker.getReport();
        RefreshKeyRequest.EcrCompatibilityReport build = new RefreshKeyRequest.EcrCompatibilityReport.Builder().chipset(report.getChipSet()).keymaster_version(Long.valueOf(report.getKeymasterVersion())).succeeded_tests(CollectionsKt.toList(report.getSucceedCheck())).failed_tests(CollectionsKt.toList(report.getFailedCheck())).build();
        HieroglyphService hieroglyphService = this.hieroglyph;
        RefreshKeyRequest.Builder builder = new RefreshKeyRequest.Builder();
        ClientPublicKey.Builder public_key = new ClientPublicKey.Builder().public_key(of);
        Intrinsics.checkNotNull(list);
        SuccessOrFailure<RefreshKeyResponse> blockingSuccessOrFailure = hieroglyphService.refreshKey(builder.client_key(public_key.attestation_certs(list).build()).scopes(CollectionsKt.listOf((Object[]) new KeyScope[]{KeyScope.ECR_PAN, KeyScope.ECR_PIN, KeyScope.ECR_PAN_HMAC, KeyScope.ECR_PIN_HMAC})).ticket(freshTicketWithNonce.getTicket()).nonce(Long.valueOf(freshTicketWithNonce.getNonce())).compatibilityReport(build).build()).blockingSuccessOrFailure();
        if (blockingSuccessOrFailure instanceof SuccessOrFailure.HandleSuccess) {
            KeyImportResult importEncryptedHieroglyphKey = importEncryptedHieroglyphKey((RefreshKeyResponse) ((SuccessOrFailure.HandleSuccess) blockingSuccessOrFailure).getResponse());
            if (importEncryptedHieroglyphKey instanceof KeyImportResult.Success) {
                return;
            }
            if (!(importEncryptedHieroglyphKey instanceof KeyImportResult.Failure)) {
                throw new NoWhenBranchMatchedException();
            }
            throw new KeyImportFailureException(this, ((KeyImportResult.Failure) importEncryptedHieroglyphKey).getKeyAlias());
        }
        if (!(blockingSuccessOrFailure instanceof SuccessOrFailure.ShowFailure)) {
            throw new RequestFailureException(this, "Unknown response");
        }
        SuccessOrFailureLogger.logFailure(blockingSuccessOrFailure, "Provisioning IPEK keys");
        SuccessOrFailure.ShowFailure showFailure = (SuccessOrFailure.ShowFailure) blockingSuccessOrFailure;
        if (!(showFailure.getReceived() instanceof ReceivedResponse.Okay.Rejected)) {
            throw new RequestFailureException(this, "Couldn't get a successful response");
        }
        ReceivedResponse received = showFailure.getReceived();
        Intrinsics.checkNotNull(received, "null cannot be cast to non-null type com.squareup.receiving.ReceivedResponse.Okay.Rejected<com.squareup.protos.hieroglyph.RefreshKeyResponse>");
        throw bestAvailableException((RefreshKeyResponse) ((ReceivedResponse.Okay.Rejected) received).getResponse());
    }

    public final void setKeyStore(KeyStore keyStore) {
        Intrinsics.checkNotNullParameter(keyStore, "<set-?>");
        this.keyStore = keyStore;
    }
}
