package com.squareup.encryption;

import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.WrappedKeyEntry;
import com.squareup.encryption.ECRKeyProvider;
import com.squareup.logging.RemoteLog;
import com.squareup.ms.MinesweeperTicket;
import com.squareup.protos.client.flipper.SealedTicket;
import com.squareup.protos.hieroglyph.ClientPublicKey;
import com.squareup.protos.hieroglyph.KeyScope;
import com.squareup.protos.hieroglyph.RefreshKeyRequest;
import com.squareup.protos.hieroglyph.RefreshKeyResponse;
import com.squareup.protos.hieroglyph.WrappedKey;
import com.squareup.receiving.SuccessOrFailure;
import com.squareup.receiving.SuccessOrFailureLogger;
import com.squareup.wire.ProtoAdapter;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.crypto.SecretKey;
import javax.inject.Inject;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import logcat.LogPriority;
import logcat.LogcatKt;
import logcat.LogcatLogger;
import logcat.ThrowablesKt;
import okio.ByteString;

/* compiled from: RealECRKeyProvider.kt */
@Metadata(d1 = {"\u0000p\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010%\n\u0002\u0010\u000e\n\u0002\u0010\t\n\u0000\n\u0002\u0018\u0002\n\u0002\b\b\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\t\b\u0007\u0018\u0000 02\u00020\u0001:\u00070123456B/\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t\u0012\u0006\u0010\n\u001a\u00020\u000b¢\u0006\u0002\u0010\fJ\u0010\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u0010H\u0002J\u0010\u0010\u001e\u001a\u00020\u001c2\u0006\u0010\u001f\u001a\u00020 H\u0016J\u0010\u0010!\u001a\u00020\u001c2\u0006\u0010\u001f\u001a\u00020 H\u0016J\u0010\u0010\"\u001a\u00020\u00102\u0006\u0010\u001f\u001a\u00020 H\u0002J\u0017\u0010#\u001a\u0004\u0018\u00010\u00112\u0006\u0010\u001f\u001a\u00020 H\u0016¢\u0006\u0002\u0010$J\u0010\u0010%\u001a\u00020&2\u0006\u0010'\u001a\u00020(H\u0002J\u0010\u0010)\u001a\u00020*2\u0006\u0010\u001f\u001a\u00020 H\u0016J\u0010\u0010+\u001a\u00020,2\u0006\u0010-\u001a\u00020.H\u0002J\b\u0010/\u001a\u00020,H\u0016R\u000e\u0010\r\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u001c\u0010\u000e\u001a\u0010\u0012\u0004\u0012\u00020\u0010\u0012\u0006\u0012\u0004\u0018\u00010\u00110\u000fX\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R$\u0010\u0012\u001a\u00020\u00138\u0006@\u0006X\u0087.¢\u0006\u0014\n\u0000\u0012\u0004\b\u0014\u0010\u0015\u001a\u0004\b\u0016\u0010\u0017\"\u0004\b\u0018\u0010\u0019R\u000e\u0010\u001a\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u000bX\u0082\u0004¢\u0006\u0002\n\u0000¨\u00067"}, d2 = {"Lcom/squareup/encryption/RealECRKeyProvider;", "Lcom/squareup/encryption/ECRKeyProvider;", "hieroglyphService", "Lcom/squareup/encryption/HieroglyphService;", "msTicket", "Lcom/squareup/ms/MinesweeperTicket;", "keyPairGeneratorTestWrapper", "Lcom/squareup/encryption/RealECRKeyProvider$KeyPairGeneratorTestWrapper;", "keyGenAlgorithmParameterSpecTestWrapper", "Lcom/squareup/encryption/RealECRKeyProvider$KeyGenAlgorithmParameterSpecTestWrapper;", "wrappedKeyAlgorithmParameterSpecTestWrapper", "Lcom/squareup/encryption/RealECRKeyProvider$WrappedKeyAlgorithmParameterSpecTestWrapper;", "(Lcom/squareup/encryption/HieroglyphService;Lcom/squareup/ms/MinesweeperTicket;Lcom/squareup/encryption/RealECRKeyProvider$KeyPairGeneratorTestWrapper;Lcom/squareup/encryption/RealECRKeyProvider$KeyGenAlgorithmParameterSpecTestWrapper;Lcom/squareup/encryption/RealECRKeyProvider$WrappedKeyAlgorithmParameterSpecTestWrapper;)V", "hieroglyph", "keyExpirations", "", "", "", "keyStore", "Ljava/security/KeyStore;", "getKeyStore$annotations", "()V", "getKeyStore", "()Ljava/security/KeyStore;", "setKeyStore", "(Ljava/security/KeyStore;)V", "minesweeperTicket", "fetchIpekSecretKeyFromKeyStore", "Ljavax/crypto/SecretKey;", "ipekAlias", "getIpekKey", "keyType", "Lcom/squareup/encryption/ECRKeyProvider$KEY_TYPE;", "getIpekKeyWithoutProvisioning", "getKeyAliasFromType", "getKeyExpiration", "(Lcom/squareup/encryption/ECRKeyProvider$KEY_TYPE;)Ljava/lang/Long;", "getWrappingKeyPairCertificate", "Ljava/security/cert/Certificate;", "keySize", "", "hasValidKey", "", "importEncryptedHieroglyphKey", "", "response", "Lcom/squareup/protos/hieroglyph/RefreshKeyResponse;", "provisionIpekKey", "Companion", "KeyGenAlgorithmParameterSpecTestWrapper", "KeyNotPresentException", "KeyPairGeneratorTestWrapper", "RequestFailureException", "UnknownKeyTypeException", "WrappedKeyAlgorithmParameterSpecTestWrapper", "impl_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class RealECRKeyProvider implements ECRKeyProvider {

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    public static final String IPEK_HMAC_PAN_ALIAS = "IPEK-hmac-pan-key";
    public static final String IPEK_HMAC_PIN_ALIAS = "IPEK-hmac-pin-key";
    public static final String IPEK_PAN_ALIAS = "IPEK-pan-key";
    public static final String IPEK_PIN_ALIAS = "IPEK-pin-key";
    public static final int MAX_RETRIES = 5;
    private static final KeyStore.ProtectionParameter NO_KEY_PROTECTION_SPEC = null;
    public static final int TIMEOUT_PERIOD_MILLIS = 5000;
    public static final String WRAPPING_KEY_ALIAS = "ECR-wrapping-key";
    public static final int WRAPPING_KEY_SIZE = 2048;
    private final HieroglyphService hieroglyph;
    private Map<String, Long> keyExpirations;
    private final KeyGenAlgorithmParameterSpecTestWrapper keyGenAlgorithmParameterSpecTestWrapper;
    private final KeyPairGeneratorTestWrapper keyPairGeneratorTestWrapper;
    public KeyStore keyStore;
    private final MinesweeperTicket minesweeperTicket;
    private final WrappedKeyAlgorithmParameterSpecTestWrapper wrappedKeyAlgorithmParameterSpecTestWrapper;

    /* compiled from: RealECRKeyProvider.kt */
    @Metadata(d1 = {"\u0000\"\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0010\b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0007\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0086T¢\u0006\u0002\n\u0000R\u001e\u0010\n\u001a\u0004\u0018\u00010\u000b8\u0006X\u0087\u0004¢\u0006\u000e\n\u0000\u0012\u0004\b\f\u0010\u0002\u001a\u0004\b\r\u0010\u000eR\u000e\u0010\u000f\u001a\u00020\tX\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0010\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0011\u001a\u00020\tX\u0086T¢\u0006\u0002\n\u0000¨\u0006\u0012"}, d2 = {"Lcom/squareup/encryption/RealECRKeyProvider$Companion;", "", "()V", "IPEK_HMAC_PAN_ALIAS", "", "IPEK_HMAC_PIN_ALIAS", "IPEK_PAN_ALIAS", "IPEK_PIN_ALIAS", "MAX_RETRIES", "", "NO_KEY_PROTECTION_SPEC", "Ljava/security/KeyStore$ProtectionParameter;", "getNO_KEY_PROTECTION_SPEC$annotations", "getNO_KEY_PROTECTION_SPEC", "()Ljava/security/KeyStore$ProtectionParameter;", "TIMEOUT_PERIOD_MILLIS", "WRAPPING_KEY_ALIAS", "WRAPPING_KEY_SIZE", "impl_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public static /* synthetic */ void getNO_KEY_PROTECTION_SPEC$annotations() {
        }

        public final KeyStore.ProtectionParameter getNO_KEY_PROTECTION_SPEC() {
            return RealECRKeyProvider.NO_KEY_PROTECTION_SPEC;
        }
    }

    /* compiled from: RealECRKeyProvider.kt */
    @Metadata(d1 = {"\u0000&\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\b\n\u0000\n\u0002\u0010\u000e\n\u0000\b\u0007\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J&\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\u00062\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b¨\u0006\f"}, d2 = {"Lcom/squareup/encryption/RealECRKeyProvider$KeyGenAlgorithmParameterSpecTestWrapper;", "", "()V", "getKeyPairAlgorithmParameterSpec", "Landroid/security/keystore/KeyGenParameterSpec;", "start", "Ljava/util/Date;", "end", "keySize", "", "keyAlias", "", "impl_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
    /* loaded from: classes3.dex */
    public static final class KeyGenAlgorithmParameterSpecTestWrapper {
        public final KeyGenParameterSpec getKeyPairAlgorithmParameterSpec(Date start, Date end, int keySize, String keyAlias) {
            Intrinsics.checkNotNullParameter(start, "start");
            Intrinsics.checkNotNullParameter(end, "end");
            Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
            KeyGenParameterSpec.Builder certificateNotAfter = new KeyGenParameterSpec.Builder(keyAlias, 32).setDigests("SHA-256").setEncryptionPaddings("OAEPPadding").setBlockModes("ECB").setIsStrongBoxBacked(false).setKeySize(keySize).setCertificateNotBefore(start).setCertificateNotAfter(end);
            String date = start.toString();
            Intrinsics.checkNotNullExpressionValue(date, "start.toString()");
            byte[] bytes = date.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
            KeyGenParameterSpec build = certificateNotAfter.setAttestationChallenge(bytes).build();
            Intrinsics.checkNotNullExpressionValue(build, "Builder(keyAlias, KeyPro…teArray())\n      .build()");
            return build;
        }
    }

    /* compiled from: RealECRKeyProvider.kt */
    @Metadata(d1 = {"\u0000\u0016\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\b\u0086\u0004\u0018\u00002\u00060\u0001j\u0002`\u0002B\u000f\b\u0000\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005¨\u0006\u0006"}, d2 = {"Lcom/squareup/encryption/RealECRKeyProvider$KeyNotPresentException;", "Ljava/lang/Exception;", "Lkotlin/Exception;", "keyAlias", "", "(Lcom/squareup/encryption/RealECRKeyProvider;Ljava/lang/String;)V", "impl_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
    /* loaded from: classes3.dex */
    public final class KeyNotPresentException extends Exception {
        final /* synthetic */ RealECRKeyProvider this$0;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public KeyNotPresentException(RealECRKeyProvider this$0, String keyAlias) {
            super("Key not present for alias " + keyAlias + " after re-provisioning");
            Intrinsics.checkNotNullParameter(this$0, "this$0");
            Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
            this.this$0 = this$0;
        }
    }

    /* compiled from: RealECRKeyProvider.kt */
    @Metadata(d1 = {"\u0000\u001e\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\b\u0007\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\u0018\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\b\u0010\u0007\u001a\u0004\u0018\u00010\b¨\u0006\t"}, d2 = {"Lcom/squareup/encryption/RealECRKeyProvider$KeyPairGeneratorTestWrapper;", "", "()V", "getInstance", "Ljava/security/KeyPairGenerator;", "algorithm", "", "keystoreProvider", "Ljava/security/Provider;", "impl_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
    /* loaded from: classes3.dex */
    public static final class KeyPairGeneratorTestWrapper {
        public final KeyPairGenerator getInstance(String algorithm, Provider keystoreProvider) throws NoSuchAlgorithmException {
            Intrinsics.checkNotNullParameter(algorithm, "algorithm");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(algorithm, keystoreProvider);
            Intrinsics.checkNotNullExpressionValue(keyPairGenerator, "getInstance(algorithm, keystoreProvider)");
            return keyPairGenerator;
        }
    }

    /* compiled from: RealECRKeyProvider.kt */
    @Metadata(d1 = {"\u0000\u0016\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\b\u0086\u0004\u0018\u00002\u00060\u0001j\u0002`\u0002B\u000f\b\u0000\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005¨\u0006\u0006"}, d2 = {"Lcom/squareup/encryption/RealECRKeyProvider$RequestFailureException;", "Ljava/lang/Exception;", "Lkotlin/Exception;", "keyTypeName", "", "(Lcom/squareup/encryption/RealECRKeyProvider;Ljava/lang/String;)V", "impl_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
    /* loaded from: classes3.dex */
    public final class RequestFailureException extends Exception {
        final /* synthetic */ RealECRKeyProvider this$0;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public RequestFailureException(RealECRKeyProvider this$0, String keyTypeName) {
            super(Intrinsics.stringPlus("Couldn't provision key material from backend: ", keyTypeName));
            Intrinsics.checkNotNullParameter(this$0, "this$0");
            Intrinsics.checkNotNullParameter(keyTypeName, "keyTypeName");
            this.this$0 = this$0;
        }
    }

    /* compiled from: RealECRKeyProvider.kt */
    @Metadata(d1 = {"\u0000\u0016\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\b\u0086\u0004\u0018\u00002\u00060\u0001j\u0002`\u0002B\u000f\b\u0000\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005¨\u0006\u0006"}, d2 = {"Lcom/squareup/encryption/RealECRKeyProvider$UnknownKeyTypeException;", "Ljava/lang/Exception;", "Lkotlin/Exception;", "keyTypeName", "", "(Lcom/squareup/encryption/RealECRKeyProvider;Ljava/lang/String;)V", "impl_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
    /* loaded from: classes3.dex */
    public final class UnknownKeyTypeException extends Exception {
        final /* synthetic */ RealECRKeyProvider this$0;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public UnknownKeyTypeException(RealECRKeyProvider this$0, String keyTypeName) {
            super(Intrinsics.stringPlus("Unhandled key type: ", keyTypeName));
            Intrinsics.checkNotNullParameter(this$0, "this$0");
            Intrinsics.checkNotNullParameter(keyTypeName, "keyTypeName");
            this.this$0 = this$0;
        }
    }

    /* compiled from: RealECRKeyProvider.kt */
    @Metadata(k = 3, mv = {1, 6, 0}, xi = 48)
    /* loaded from: classes3.dex */
    public /* synthetic */ class WhenMappings {
        public static final /* synthetic */ int[] $EnumSwitchMapping$0;
        public static final /* synthetic */ int[] $EnumSwitchMapping$1;

        static {
            int[] iArr = new int[KeyScope.values().length];
            iArr[KeyScope.ECR_PAN.ordinal()] = 1;
            iArr[KeyScope.ECR_PIN.ordinal()] = 2;
            iArr[KeyScope.ECR_PAN_HMAC.ordinal()] = 3;
            iArr[KeyScope.ECR_PIN_HMAC.ordinal()] = 4;
            $EnumSwitchMapping$0 = iArr;
            int[] iArr2 = new int[ECRKeyProvider.KEY_TYPE.values().length];
            iArr2[ECRKeyProvider.KEY_TYPE.PAN_KEY.ordinal()] = 1;
            iArr2[ECRKeyProvider.KEY_TYPE.PIN_KEY.ordinal()] = 2;
            iArr2[ECRKeyProvider.KEY_TYPE.HMAC_PAN_KEY.ordinal()] = 3;
            iArr2[ECRKeyProvider.KEY_TYPE.HMAC_PIN_KEY.ordinal()] = 4;
            $EnumSwitchMapping$1 = iArr2;
        }
    }

    /* compiled from: RealECRKeyProvider.kt */
    @Metadata(d1 = {"\u0000\u001e\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0000\n\u0002\u0010\u000e\n\u0000\b\u0007\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\u0018\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\b\u0010\u0007\u001a\u0004\u0018\u00010\b¨\u0006\t"}, d2 = {"Lcom/squareup/encryption/RealECRKeyProvider$WrappedKeyAlgorithmParameterSpecTestWrapper;", "", "()V", "getWrappedKeyAlgorithmParameterSpec", "Landroid/security/keystore/KeyGenParameterSpec;", "keySize", "", "keyAlias", "", "impl_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
    /* loaded from: classes3.dex */
    public static final class WrappedKeyAlgorithmParameterSpecTestWrapper {
        public final KeyGenParameterSpec getWrappedKeyAlgorithmParameterSpec(int keySize, String keyAlias) {
            Intrinsics.checkNotNull(keyAlias);
            KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(keyAlias, 32).setDigests("SHA-256").setKeySize(keySize).build();
            Intrinsics.checkNotNullExpressionValue(build, "Builder(\n      keyAlias!…e(keySize)\n      .build()");
            return build;
        }
    }

    @Inject
    public RealECRKeyProvider(HieroglyphService hieroglyphService, MinesweeperTicket msTicket, KeyPairGeneratorTestWrapper keyPairGeneratorTestWrapper, KeyGenAlgorithmParameterSpecTestWrapper keyGenAlgorithmParameterSpecTestWrapper, WrappedKeyAlgorithmParameterSpecTestWrapper wrappedKeyAlgorithmParameterSpecTestWrapper) {
        Intrinsics.checkNotNullParameter(hieroglyphService, "hieroglyphService");
        Intrinsics.checkNotNullParameter(msTicket, "msTicket");
        Intrinsics.checkNotNullParameter(keyPairGeneratorTestWrapper, "keyPairGeneratorTestWrapper");
        Intrinsics.checkNotNullParameter(keyGenAlgorithmParameterSpecTestWrapper, "keyGenAlgorithmParameterSpecTestWrapper");
        Intrinsics.checkNotNullParameter(wrappedKeyAlgorithmParameterSpecTestWrapper, "wrappedKeyAlgorithmParameterSpecTestWrapper");
        this.keyPairGeneratorTestWrapper = keyPairGeneratorTestWrapper;
        this.keyGenAlgorithmParameterSpecTestWrapper = keyGenAlgorithmParameterSpecTestWrapper;
        this.wrappedKeyAlgorithmParameterSpecTestWrapper = wrappedKeyAlgorithmParameterSpecTestWrapper;
        this.keyExpirations = new LinkedHashMap();
        this.hieroglyph = hieroglyphService;
        this.minesweeperTicket = msTicket;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            Intrinsics.checkNotNullExpressionValue(keyStore, "getInstance(keystoreInstanceName)");
            setKeyStore(keyStore);
            getKeyStore().load(null);
        } catch (Exception e) {
            Exception exc = e;
            RemoteLog.w(exc);
            LogPriority logPriority = LogPriority.ERROR;
            LogcatLogger logger = LogcatLogger.INSTANCE.getLogger();
            if (logger.isLoggable(logPriority)) {
                logger.mo9091log(logPriority, LogcatKt.outerClassSimpleNameInternalOnlyDoNotUseKThxBye(this), ThrowablesKt.asLog(exc));
            }
            if (!(e instanceof KeyStoreException ? true : e instanceof CertificateException ? true : e instanceof IOException ? true : e instanceof NoSuchAlgorithmException)) {
                throw e;
            }
        }
    }

    private final SecretKey fetchIpekSecretKeyFromKeyStore(String ipekAlias) throws UnrecoverableEntryException, NoSuchAlgorithmException, KeyStoreException {
        KeyStore.Entry entry = getKeyStore().getEntry(ipekAlias, NO_KEY_PROTECTION_SPEC);
        if (entry == null) {
            throw new NullPointerException("null cannot be cast to non-null type java.security.KeyStore.SecretKeyEntry");
        }
        SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
        Intrinsics.checkNotNullExpressionValue(secretKey, "secretKeyEntry.secretKey");
        return secretKey;
    }

    private final String getKeyAliasFromType(ECRKeyProvider.KEY_TYPE keyType) {
        int i = WhenMappings.$EnumSwitchMapping$1[keyType.ordinal()];
        if (i == 1) {
            return IPEK_PAN_ALIAS;
        }
        if (i == 2) {
            return IPEK_PIN_ALIAS;
        }
        if (i == 3) {
            return IPEK_HMAC_PAN_ALIAS;
        }
        if (i == 4) {
            return IPEK_HMAC_PIN_ALIAS;
        }
        throw new NoWhenBranchMatchedException();
    }

    public static /* synthetic */ void getKeyStore$annotations() {
    }

    private final Certificate getWrappingKeyPairCertificate(int keySize) throws KeyStoreException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        if (getKeyStore().containsAlias(WRAPPING_KEY_ALIAS)) {
            Certificate certificate = getKeyStore().getCertificate(WRAPPING_KEY_ALIAS);
            Intrinsics.checkNotNullExpressionValue(certificate, "keyStore.getCertificate(WRAPPING_KEY_ALIAS)");
            return certificate;
        }
        Calendar calendar = Calendar.getInstance();
        Date start = calendar.getTime();
        calendar.add(5, 365);
        Date end = calendar.getTime();
        KeyPairGenerator keyPairGeneratorTestWrapper = this.keyPairGeneratorTestWrapper.getInstance("RSA", getKeyStore().getProvider());
        KeyGenAlgorithmParameterSpecTestWrapper keyGenAlgorithmParameterSpecTestWrapper = this.keyGenAlgorithmParameterSpecTestWrapper;
        Intrinsics.checkNotNullExpressionValue(start, "start");
        Intrinsics.checkNotNullExpressionValue(end, "end");
        keyPairGeneratorTestWrapper.initialize(keyGenAlgorithmParameterSpecTestWrapper.getKeyPairAlgorithmParameterSpec(start, end, keySize, WRAPPING_KEY_ALIAS));
        keyPairGeneratorTestWrapper.generateKeyPair();
        Certificate certificate2 = getKeyStore().getCertificate(WRAPPING_KEY_ALIAS);
        Intrinsics.checkNotNullExpressionValue(certificate2, "keyStore.getCertificate(WRAPPING_KEY_ALIAS)");
        return certificate2;
    }

    private final void importEncryptedHieroglyphKey(RefreshKeyResponse response) throws UnknownKeyTypeException {
        String str;
        KeyGenParameterSpec wrappedKeyAlgorithmParameterSpec = this.wrappedKeyAlgorithmParameterSpecTestWrapper.getWrappedKeyAlgorithmParameterSpec(2048, WRAPPING_KEY_ALIAS);
        for (WrappedKey wrappedKey : response.keys) {
            ByteString byteString = wrappedKey.key_ciphertext;
            Intrinsics.checkNotNull(byteString);
            WrappedKeyEntry wrappedKeyEntry = new WrappedKeyEntry(byteString.toByteArray(), WRAPPING_KEY_ALIAS, "RSA/ECB/OAEPPadding", wrappedKeyAlgorithmParameterSpec);
            KeyScope keyScope = wrappedKey.key_scope;
            int i = keyScope == null ? -1 : WhenMappings.$EnumSwitchMapping$0[keyScope.ordinal()];
            if (i == 1) {
                str = IPEK_PAN_ALIAS;
            } else if (i == 2) {
                str = IPEK_PIN_ALIAS;
            } else if (i == 3) {
                str = IPEK_HMAC_PAN_ALIAS;
            } else {
                if (i != 4) {
                    KeyScope keyScope2 = wrappedKey.key_scope;
                    Intrinsics.checkNotNull(keyScope2);
                    throw new UnknownKeyTypeException(this, keyScope2.name());
                }
                str = IPEK_HMAC_PIN_ALIAS;
            }
            Long l = null;
            try {
                getKeyStore().setEntry(str, wrappedKeyEntry, null);
            } catch (KeyStoreException e) {
                KeyStoreException keyStoreException = e;
                RemoteLog.w(keyStoreException);
                LogPriority logPriority = LogPriority.WARN;
                LogcatLogger logger = LogcatLogger.INSTANCE.getLogger();
                if (logger.isLoggable(logPriority)) {
                    logger.mo9091log(logPriority, LogcatKt.outerClassSimpleNameInternalOnlyDoNotUseKThxBye(this), Intrinsics.stringPlus("keystore import of wrapped key failed: ", ThrowablesKt.asLog(keyStoreException)));
                }
            }
            Map<String, Long> map = this.keyExpirations;
            Long l2 = wrappedKey.key_ttl_millis;
            if (l2 != null) {
                l = Long.valueOf(l2.longValue() + System.currentTimeMillis());
            }
            map.put(str, l);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: provisionIpekKey$lambda-4, reason: not valid java name */
    public static final ByteString m4212provisionIpekKey$lambda4(RealECRKeyProvider this$0, Certificate certificate) {
        Intrinsics.checkNotNullParameter(this$0, "this$0");
        Intrinsics.checkNotNullParameter(certificate, "certificate");
        try {
            ByteString.Companion companion = ByteString.INSTANCE;
            byte[] encoded = certificate.getEncoded();
            Intrinsics.checkNotNullExpressionValue(encoded, "certificate.encoded");
            return companion.of(Arrays.copyOf(encoded, encoded.length));
        } catch (CertificateEncodingException e) {
            CertificateEncodingException certificateEncodingException = e;
            RemoteLog.w(certificateEncodingException);
            LogPriority logPriority = LogPriority.ERROR;
            LogcatLogger logger = LogcatLogger.INSTANCE.getLogger();
            if (logger.isLoggable(logPriority)) {
                logger.mo9091log(logPriority, LogcatKt.outerClassSimpleNameInternalOnlyDoNotUseKThxBye(this$0), ThrowablesKt.asLog(certificateEncodingException));
            }
            return ByteString.EMPTY;
        }
    }

    @Override // com.squareup.encryption.ECRKeyProvider
    public SecretKey getIpekKey(ECRKeyProvider.KEY_TYPE keyType) throws KeyStoreException, UnknownKeyTypeException, KeyNotPresentException {
        Intrinsics.checkNotNullParameter(keyType, "keyType");
        String keyAliasFromType = getKeyAliasFromType(keyType);
        long currentTimeMillis = System.currentTimeMillis();
        Long l = this.keyExpirations.get(keyAliasFromType);
        boolean z = l != null && currentTimeMillis > l.longValue();
        if (getKeyStore().containsAlias(keyAliasFromType) && !z) {
            try {
                return fetchIpekSecretKeyFromKeyStore(keyAliasFromType);
            } catch (Exception e) {
                Exception exc = e;
                RemoteLog.w(exc);
                LogPriority logPriority = LogPriority.WARN;
                LogcatLogger logger = LogcatLogger.INSTANCE.getLogger();
                if (logger.isLoggable(logPriority)) {
                    logger.mo9091log(logPriority, LogcatKt.outerClassSimpleNameInternalOnlyDoNotUseKThxBye(this), Intrinsics.stringPlus("Failed to fetch existing key: ", ThrowablesKt.asLog(exc)));
                }
                if (!(e instanceof UnrecoverableEntryException ? true : e instanceof NoSuchAlgorithmException ? true : e instanceof KeyStoreException)) {
                    throw e;
                }
            }
        }
        try {
            provisionIpekKey();
        } catch (Exception e2) {
            Exception exc2 = e2;
            RemoteLog.w(exc2);
            LogPriority logPriority2 = LogPriority.WARN;
            LogcatLogger logger2 = LogcatLogger.INSTANCE.getLogger();
            if (logger2.isLoggable(logPriority2)) {
                logger2.mo9091log(logPriority2, LogcatKt.outerClassSimpleNameInternalOnlyDoNotUseKThxBye(this), Intrinsics.stringPlus("Failed to fetch existing key: ", ThrowablesKt.asLog(exc2)));
            }
            if (!(e2 instanceof InvalidAlgorithmParameterException ? true : e2 instanceof NoSuchAlgorithmException ? true : e2 instanceof KeyStoreException)) {
                throw e2;
            }
        }
        if (getKeyStore().containsAlias(keyAliasFromType)) {
            try {
                return fetchIpekSecretKeyFromKeyStore(keyAliasFromType);
            } catch (Exception e3) {
                Exception exc3 = e3;
                RemoteLog.w(exc3);
                LogPriority logPriority3 = LogPriority.WARN;
                LogcatLogger logger3 = LogcatLogger.INSTANCE.getLogger();
                if (logger3.isLoggable(logPriority3)) {
                    logger3.mo9091log(logPriority3, LogcatKt.outerClassSimpleNameInternalOnlyDoNotUseKThxBye(this), Intrinsics.stringPlus("Failed to fetch existing key: ", ThrowablesKt.asLog(exc3)));
                }
                if (!(e3 instanceof UnrecoverableEntryException ? true : e3 instanceof NoSuchAlgorithmException ? true : e3 instanceof KeyStoreException)) {
                    throw e3;
                }
            }
        }
        throw new KeyNotPresentException(this, keyAliasFromType);
    }

    @Override // com.squareup.encryption.ECRKeyProvider
    public SecretKey getIpekKeyWithoutProvisioning(ECRKeyProvider.KEY_TYPE keyType) throws KeyStoreException, UnknownKeyTypeException, KeyNotPresentException {
        Intrinsics.checkNotNullParameter(keyType, "keyType");
        try {
            return fetchIpekSecretKeyFromKeyStore(getKeyAliasFromType(keyType));
        } catch (Exception e) {
            Exception exc = e;
            RemoteLog.w(exc);
            LogPriority logPriority = LogPriority.WARN;
            LogcatLogger logger = LogcatLogger.INSTANCE.getLogger();
            if (logger.isLoggable(logPriority)) {
                logger.mo9091log(logPriority, LogcatKt.outerClassSimpleNameInternalOnlyDoNotUseKThxBye(this), Intrinsics.stringPlus("Failed to fetch existing key: ", ThrowablesKt.asLog(exc)));
            }
            if (e instanceof UnrecoverableEntryException ? true : e instanceof NoSuchAlgorithmException ? true : e instanceof KeyStoreException) {
                throw e;
            }
            throw e;
        }
    }

    @Override // com.squareup.encryption.ECRKeyProvider
    public Long getKeyExpiration(ECRKeyProvider.KEY_TYPE keyType) {
        Intrinsics.checkNotNullParameter(keyType, "keyType");
        return this.keyExpirations.get(getKeyAliasFromType(keyType));
    }

    public final KeyStore getKeyStore() {
        KeyStore keyStore = this.keyStore;
        if (keyStore != null) {
            return keyStore;
        }
        Intrinsics.throwUninitializedPropertyAccessException("keyStore");
        return null;
    }

    @Override // com.squareup.encryption.ECRKeyProvider
    public boolean hasValidKey(ECRKeyProvider.KEY_TYPE keyType) {
        Intrinsics.checkNotNullParameter(keyType, "keyType");
        String keyAliasFromType = getKeyAliasFromType(keyType);
        if (!this.keyExpirations.containsKey(keyAliasFromType)) {
            return false;
        }
        Long l = this.keyExpirations.get(keyAliasFromType);
        Intrinsics.checkNotNull(l);
        return l.longValue() < System.currentTimeMillis() && getKeyStore().containsAlias(keyAliasFromType);
    }

    @Override // com.squareup.encryption.ECRKeyProvider
    public void provisionIpekKey() throws KeyStoreException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, UnknownKeyTypeException {
        SealedTicket build;
        Certificate wrappingKeyPairCertificate = getWrappingKeyPairCertificate(2048);
        ByteString.Companion companion = ByteString.INSTANCE;
        byte[] encoded = wrappingKeyPairCertificate.getPublicKey().getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "pubKeyCert.publicKey.encoded");
        ByteString of = companion.of(Arrays.copyOf(encoded, encoded.length));
        List<? extends ByteString> encodedPubKeyCertChain = (List) Arrays.stream(getKeyStore().getCertificateChain(WRAPPING_KEY_ALIAS)).map(new Function() { // from class: com.squareup.encryption.RealECRKeyProvider$$ExternalSyntheticLambda0
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                ByteString m4212provisionIpekKey$lambda4;
                m4212provisionIpekKey$lambda4 = RealECRKeyProvider.m4212provisionIpekKey$lambda4(RealECRKeyProvider.this, (Certificate) obj);
                return m4212provisionIpekKey$lambda4;
            }
        }).collect(Collectors.toList());
        try {
            byte[] ticketBytes = this.minesweeperTicket.getFreshTicket();
            ProtoAdapter<SealedTicket> protoAdapter = SealedTicket.ADAPTER;
            Intrinsics.checkNotNullExpressionValue(ticketBytes, "ticketBytes");
            SealedTicket decode = protoAdapter.decode(ticketBytes);
            Intrinsics.checkNotNullExpressionValue(decode, "{\n      val ticketBytes …decode(ticketBytes)\n    }");
            build = decode;
        } catch (Exception e) {
            Exception exc = e;
            RemoteLog.w(exc);
            LogPriority logPriority = LogPriority.ERROR;
            LogcatLogger logger = LogcatLogger.INSTANCE.getLogger();
            if (logger.isLoggable(logPriority)) {
                logger.mo9091log(logPriority, LogcatKt.outerClassSimpleNameInternalOnlyDoNotUseKThxBye(this), ThrowablesKt.asLog(exc));
            }
            if (!(e instanceof IOException) && !(e instanceof InterruptedException)) {
                throw e;
            }
            build = new SealedTicket.Builder().ciphertext(ByteString.EMPTY).expiration(0L).creation(0L).build();
            Intrinsics.checkNotNullExpressionValue(build, "{\n      RemoteLog.w(e)\n …L)\n        .build()\n    }");
        }
        HieroglyphService hieroglyphService = this.hieroglyph;
        RefreshKeyRequest.Builder builder = new RefreshKeyRequest.Builder();
        ClientPublicKey.Builder public_key = new ClientPublicKey.Builder().public_key(of);
        Intrinsics.checkNotNullExpressionValue(encodedPubKeyCertChain, "encodedPubKeyCertChain");
        HieroglyphRefreshKeyResponse refreshKey = hieroglyphService.refreshKey(builder.client_key(public_key.attestation_certs(encodedPubKeyCertChain).build()).scopes(CollectionsKt.listOf((Object[]) new KeyScope[]{KeyScope.ECR_PAN, KeyScope.ECR_PIN, KeyScope.ECR_PAN_HMAC, KeyScope.ECR_PIN_HMAC})).ticket(build).nonce(Long.valueOf(this.minesweeperTicket.getNonce())).build());
        long currentTimeMillis = System.currentTimeMillis();
        for (int i = 0; System.currentTimeMillis() - currentTimeMillis < 5000 && i < 5; i++) {
            SuccessOrFailure<RefreshKeyResponse> blockingSuccessOrFailure = refreshKey.blockingSuccessOrFailure();
            if (blockingSuccessOrFailure instanceof SuccessOrFailure.HandleSuccess) {
                importEncryptedHieroglyphKey((RefreshKeyResponse) ((SuccessOrFailure.HandleSuccess) blockingSuccessOrFailure).getResponse());
                return;
            } else {
                if (!(blockingSuccessOrFailure instanceof SuccessOrFailure.ShowFailure)) {
                    throw new RequestFailureException(this, "Unknown response");
                }
                SuccessOrFailureLogger.logFailure(blockingSuccessOrFailure, "Provisioning IPEK keys");
            }
        }
        throw new RequestFailureException(this, "Couldn't get a successful response");
    }

    public final void setKeyStore(KeyStore keyStore) {
        Intrinsics.checkNotNullParameter(keyStore, "<set-?>");
        this.keyStore = keyStore;
    }
}
