package com.comcast.secclient.identity;

import android.util.Base64;
import com.comcast.secclient.analytics.RelatedSpanHelper;
import com.comcast.secclient.crypto.CryptoEngine;
import com.comcast.secclient.crypto.CryptoException;
import com.comcast.secclient.model.ApiResult;
import com.comcast.secclient.model.DeviceAuthenticationResult;
import com.comcast.secclient.model.KeyProvisionResult;
import com.comcast.secclient.model.ProvisionResponse;
import com.comcast.secclient.net.NetworkingEngine;
import com.comcast.secclient.net.SecClientNetworkException;
import com.comcast.secclient.net.SecClientNetworkResponse;
import com.comcast.secclient.util.MoneyTrace;
import com.comcast.secclient.util.MoneyTraceParseException;
import com.comcast.secclient.util.SecClientUrl;
import com.comcast.secclient.util.SerializationException;
import com.comcast.secclient.util.Utilities;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.android.exoplayer.C;
import com.google.android.gms.common.internal.ImagesContract;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;

/* loaded from: classes.dex */
public final class KeyProvisioner {
    private final CryptoEngine cryptoEngine;
    private final NetworkingEngine networkingEngine;
    private final List<RelatedSpanHelper> relatedSpans = new ArrayList();

    public KeyProvisioner(CryptoEngine cryptoEngine, NetworkingEngine networkingEngine) {
        this.cryptoEngine = cryptoEngine;
        this.networkingEngine = networkingEngine;
    }

    public final String generateRequestBody(KeyProvisionResult keyProvisionResult, DeviceAuthenticationResult deviceAuthenticationResult, String str) throws CryptoException, SerializationException {
        HashMap hashMap = new HashMap();
        if (deviceAuthenticationResult != null) {
            hashMap.put("deviceToken", deviceAuthenticationResult.getDeviceToken());
        } else if (str != null) {
            hashMap.put("deviceToken", str);
        }
        if (keyProvisionResult != null) {
            hashMap.put("packageManifest", keyProvisionResult.getPackageManifest());
        }
        hashMap.put("secApiVersion", this.cryptoEngine.getVersion());
        hashMap.put("socId", Utilities.byteToHexString(this.cryptoEngine.getDeviceId()));
        return Utilities.getJSONFromMap(hashMap);
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [com.comcast.secclient.identity.KeyProvisioner$1HeaderHelper] */
    public final Map<String, String> generateRequestHeaders(SecClientUrl secClientUrl, Map<String, String> map, String str) {
        String authorizationHeader = new Object() { // from class: com.comcast.secclient.identity.KeyProvisioner.1HeaderHelper
            /* JADX INFO: Access modifiers changed from: private */
            public String getAuthorizationHeader(SecClientUrl secClientUrl2, String str2) {
                try {
                    byte[] bytes = "hmacSha1".getBytes(Charset.forName(C.UTF8_NAME));
                    byte[] bytes2 = "concatKdfSha1".getBytes(Charset.forName(C.UTF8_NAME));
                    byte[] generateRandomBytes = KeyProvisioner.this.cryptoEngine.generateRandomBytes(20);
                    byte[] deviceId = KeyProvisioner.this.cryptoEngine.getDeviceId();
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(bytes);
                    arrayList.add(deviceId);
                    arrayList.add(generateRandomBytes);
                    arrayList.add(bytes2);
                    KeyProvisioner.this.cryptoEngine.deriveConcatKDF("socMacKeyId", "hmacSha1", "sha1", generateRandomBytes, Utilities.generateOtherInfo(arrayList));
                    return KeyProvisioner.this.cryptoEngine.generateMacHeader("socMacKeyId", "hmacSha1", "sha1", Base64.encodeToString(getMacId("sha1", true, "hmacSha1", KeyProvisioner.this.cryptoEngine.computeKeyDigest("socMacKeyId", "sha1"), generateRandomBytes), 2), generateRandomBytes, str2, secClientUrl2.getPath(), secClientUrl2.getHost(), secClientUrl2.getPort(), null);
                } catch (Exception unused) {
                    return null;
                }
            }

            private byte[] getMacId(String str2, Boolean bool, String str3, byte[] bArr, byte[] bArr2) throws Exception {
                byte[] cipherInfoTypeString = KeyProvisioner.this.cryptoEngine.getCipherInfoTypeString(str2, bool);
                byte[] cipherKeyTypeString = KeyProvisioner.this.cryptoEngine.getCipherKeyTypeString(str3);
                if (cipherInfoTypeString == null || cipherKeyTypeString == null) {
                    throw new Exception("Failure in getMacId");
                }
                LinkedHashSet linkedHashSet = new LinkedHashSet();
                linkedHashSet.add(bArr);
                linkedHashSet.add(cipherInfoTypeString);
                linkedHashSet.add(cipherKeyTypeString);
                linkedHashSet.add(bArr2);
                return KeyProvisioner.this.cryptoEngine.digest(str2, linkedHashSet);
            }
        }.getAuthorizationHeader(secClientUrl, str);
        if (authorizationHeader == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        hashMap.putAll(map);
        hashMap.put("Authorization", authorizationHeader);
        hashMap.put("Accept", "application/vnd.xcal.fkps.packages+json; version=2");
        hashMap.put("Content-Type", "application/vnd.xcal.fkps.deviceDataType3+json; version=1");
        return hashMap;
    }

    public final SecClientNetworkResponse getResponse(String str, Map<String, String> map, String str2) throws SecClientNetworkException {
        long nowInMicroSeconds = Utilities.nowInMicroSeconds();
        HashMap hashMap = new HashMap();
        if (map != null) {
            hashMap.putAll(map);
        }
        try {
            Map<String, String> updateMoneyTrace = Utilities.updateMoneyTrace(hashMap);
            MoneyTrace extractMoneyTrace = Utilities.extractMoneyTrace(updateMoneyTrace);
            SecClientNetworkResponse secClientNetworkResponse = new SecClientNetworkResponse(-1);
            try {
                try {
                    SecClientNetworkResponse doPost = this.networkingEngine.doPost(str, updateMoneyTrace, str2);
                    RelatedSpanHelper relatedSpanHelper = new RelatedSpanHelper("http request", extractMoneyTrace, nowInMicroSeconds);
                    if (doPost != null) {
                        relatedSpanHelper.setStatusCodes(doPost.getResponseExtendedCode(), doPost.getResponseBusinessStatus());
                        relatedSpanHelper.getMoneyTrace().closeSpan(doPost.getResponseExtendedCode() != null && doPost.getResponseExtendedCode().intValue() == 200);
                    } else {
                        relatedSpanHelper.setStatusCodes(-1);
                        relatedSpanHelper.getMoneyTrace().closeSpan(false);
                    }
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put(ImagesContract.URL, str);
                    hashMap2.put("headers", Utilities.getJSONFromMapOr(updateMoneyTrace, "Failed to serialize headers"));
                    hashMap2.put("body", str2);
                    relatedSpanHelper.setApiParameters(hashMap2);
                    this.relatedSpans.add(relatedSpanHelper);
                    return doPost;
                } catch (SecClientNetworkException e) {
                    SecClientNetworkResponse secClientNetworkResponse2 = new SecClientNetworkResponse(e);
                    try {
                        throw e;
                    } catch (Throwable th) {
                        th = th;
                        secClientNetworkResponse = secClientNetworkResponse2;
                        RelatedSpanHelper relatedSpanHelper2 = new RelatedSpanHelper("http request", extractMoneyTrace, nowInMicroSeconds);
                        relatedSpanHelper2.setStatusCodes(secClientNetworkResponse.getResponseExtendedCode(), secClientNetworkResponse.getResponseBusinessStatus());
                        relatedSpanHelper2.getMoneyTrace().closeSpan(secClientNetworkResponse.getResponseExtendedCode() == null && secClientNetworkResponse.getResponseExtendedCode().intValue() == 200);
                        HashMap hashMap3 = new HashMap();
                        hashMap3.put(ImagesContract.URL, str);
                        hashMap3.put("headers", Utilities.getJSONFromMapOr(updateMoneyTrace, "Failed to serialize headers"));
                        hashMap3.put("body", str2);
                        relatedSpanHelper2.setApiParameters(hashMap3);
                        this.relatedSpans.add(relatedSpanHelper2);
                        throw th;
                    }
                }
            } catch (Throwable th2) {
                th = th2;
                RelatedSpanHelper relatedSpanHelper22 = new RelatedSpanHelper("http request", extractMoneyTrace, nowInMicroSeconds);
                relatedSpanHelper22.setStatusCodes(secClientNetworkResponse.getResponseExtendedCode(), secClientNetworkResponse.getResponseBusinessStatus());
                relatedSpanHelper22.getMoneyTrace().closeSpan(secClientNetworkResponse.getResponseExtendedCode() == null && secClientNetworkResponse.getResponseExtendedCode().intValue() == 200);
                HashMap hashMap32 = new HashMap();
                hashMap32.put(ImagesContract.URL, str);
                hashMap32.put("headers", Utilities.getJSONFromMapOr(updateMoneyTrace, "Failed to serialize headers"));
                hashMap32.put("body", str2);
                relatedSpanHelper22.setApiParameters(hashMap32);
                this.relatedSpans.add(relatedSpanHelper22);
                throw th;
            }
        } catch (MoneyTraceParseException unused) {
            throw new SecClientNetworkException(-10);
        }
    }

    /* JADX WARN: Type inference failed for: r3v0, types: [com.comcast.secclient.identity.KeyProvisioner$1ResponseHelper] */
    public final ApiResult<KeyProvisionResult> handleResponse(SecClientNetworkResponse secClientNetworkResponse, KeyProvisionResult keyProvisionResult) {
        Integer responseExtendedCode = secClientNetworkResponse.getResponseExtendedCode();
        Integer responseBusinessStatus = secClientNetworkResponse.getResponseBusinessStatus();
        KeyProvisionResult.KeyProvisionResultBuilder keyProvisionResultBuilder = new KeyProvisionResult.KeyProvisionResultBuilder();
        ?? r3 = new Object() { // from class: com.comcast.secclient.identity.KeyProvisioner.1ResponseHelper
            private KeyProvisionResult.KeyProvisionResultBuilder exportProvisionedKeys(ProvisionResponse provisionResponse, String str) {
                KeyProvisionResult.KeyProvisionResultBuilder keyProvisionResultBuilder2 = new KeyProvisionResult.KeyProvisionResultBuilder(0);
                keyProvisionResultBuilder2.packageManifest(str);
                Iterator<String> it = provisionResponse.getProvisionObjects().keySet().iterator();
                while (it.hasNext()) {
                    byte[] decode = Base64.decode(provisionResponse.getProvisionObjects().get(it.next()), 2);
                    byte b = decode[0];
                    BigInteger extractDataTypeId = extractDataTypeId(decode);
                    String byteToHexString = Utilities.byteToHexString(extractDataTypeId.toByteArray());
                    switch (b) {
                        case 1:
                        case 2:
                        case 5:
                            int exportCertificateSize = KeyProvisioner.this.cryptoEngine.exportCertificateSize(extractDataTypeId);
                            if (exportCertificateSize <= 0) {
                                return new KeyProvisionResult.KeyProvisionResultBuilder(-100);
                            }
                            byte[] bArr = new byte[exportCertificateSize];
                            if (KeyProvisioner.this.cryptoEngine.exportCertificate(extractDataTypeId, bArr) <= 0) {
                                return new KeyProvisionResult.KeyProvisionResultBuilder(-100);
                            }
                            keyProvisionResultBuilder2.provisionObjectsAdd(byteToHexString + ".cert", Base64.encodeToString(bArr, 2));
                            break;
                        case 3:
                        case 7:
                            int exportKeySize = KeyProvisioner.this.cryptoEngine.exportKeySize(extractDataTypeId);
                            if (exportKeySize <= 0) {
                                return new KeyProvisionResult.KeyProvisionResultBuilder(-100);
                            }
                            byte[] bArr2 = new byte[exportKeySize];
                            if (KeyProvisioner.this.cryptoEngine.exportKey(extractDataTypeId, bArr2) <= 0) {
                                return new KeyProvisionResult.KeyProvisionResultBuilder(-100);
                            }
                            keyProvisionResultBuilder2.provisionObjectsAdd(byteToHexString + ".key", Base64.encodeToString(bArr2, 2));
                            break;
                        case 4:
                        case 6:
                            int exportBundleSize = KeyProvisioner.this.cryptoEngine.exportBundleSize(extractDataTypeId);
                            if (exportBundleSize <= 0) {
                                return new KeyProvisionResult.KeyProvisionResultBuilder(-100);
                            }
                            byte[] bArr3 = new byte[exportBundleSize];
                            if (KeyProvisioner.this.cryptoEngine.exportBundle(extractDataTypeId, bArr3) <= 0) {
                                return new KeyProvisionResult.KeyProvisionResultBuilder(-100);
                            }
                            keyProvisionResultBuilder2.provisionObjectsAdd(byteToHexString + ".bundle", Base64.encodeToString(bArr3, 2));
                            break;
                        default:
                            return new KeyProvisionResult.KeyProvisionResultBuilder(-100);
                    }
                }
                return keyProvisionResultBuilder2;
            }

            private BigInteger extractDataTypeId(byte[] bArr) {
                byte[] bArr2 = new byte[8];
                System.arraycopy(bArr, 1, bArr2, 0, 8);
                return new BigInteger(bArr2);
            }

            /* JADX INFO: Access modifiers changed from: private */
            public KeyProvisionResult.KeyProvisionResultBuilder nodeLockFromProvisioning(ProvisionResponse provisionResponse) {
                byte[] decode = Base64.decode(provisionResponse.getPackageManifest(), 2);
                Iterator<String> it = provisionResponse.getProvisionObjects().keySet().iterator();
                while (it.hasNext()) {
                    byte[] decode2 = Base64.decode(provisionResponse.getProvisionObjects().get(it.next()), 2);
                    byte b = decode2[0];
                    BigInteger extractDataTypeId = extractDataTypeId(decode2);
                    int byteToInt = Utilities.byteToInt(decode2, 9) + 17;
                    int byteToInt2 = Utilities.byteToInt(decode2, byteToInt - 4);
                    if (byteToInt + byteToInt2 != decode2.length) {
                        return new KeyProvisionResult.KeyProvisionResultBuilder(-12);
                    }
                    byte[] bArr = new byte[decode2.length - 9];
                    System.arraycopy(decode2, byteToInt, bArr, 0, byteToInt2);
                    if (bArr.length > 0) {
                        switch (b) {
                            case 1:
                            case 2:
                            case 5:
                                int provisionCertificate = KeyProvisioner.this.cryptoEngine.provisionCertificate(extractDataTypeId, "x509Der", bArr);
                                if (provisionCertificate == 0) {
                                    break;
                                } else {
                                    return new KeyProvisionResult.KeyProvisionResultBuilder(provisionCertificate);
                                }
                            case 3:
                            case 7:
                                int provisionKey = KeyProvisioner.this.cryptoEngine.provisionKey(extractDataTypeId, "keySoC", bArr);
                                if (provisionKey == 0) {
                                    break;
                                } else {
                                    return new KeyProvisionResult.KeyProvisionResultBuilder(provisionKey);
                                }
                            case 4:
                            case 6:
                                int provisionBundle = KeyProvisioner.this.cryptoEngine.provisionBundle(extractDataTypeId, bArr);
                                if (provisionBundle == 0) {
                                    break;
                                } else {
                                    return new KeyProvisionResult.KeyProvisionResultBuilder(provisionBundle);
                                }
                            default:
                                return new KeyProvisionResult.KeyProvisionResultBuilder(-12);
                        }
                    }
                }
                int provisionBundle2 = KeyProvisioner.this.cryptoEngine.provisionBundle("comcastfkpsrtmanifest", decode);
                if (provisionBundle2 != 0) {
                    return new KeyProvisionResult.KeyProvisionResultBuilder(provisionBundle2);
                }
                int exportBundleSize = KeyProvisioner.this.cryptoEngine.exportBundleSize("comcastfkpsrtmanifest");
                if (exportBundleSize <= 0) {
                    return new KeyProvisionResult.KeyProvisionResultBuilder(-100);
                }
                byte[] bArr2 = new byte[exportBundleSize];
                return KeyProvisioner.this.cryptoEngine.exportBundle("comcastfkpsrtmanifest", bArr2) > 0 ? exportProvisionedKeys(provisionResponse, Base64.encodeToString(bArr2, 2)) : new KeyProvisionResult.KeyProvisionResultBuilder(-100);
            }

            /* JADX INFO: Access modifiers changed from: private */
            public ProvisionResponse parseResponse(String str) {
                ProvisionResponse.ProvisionResponseBuilder provisionResponseBuilder;
                ProvisionResponse.ProvisionResponseBuilder provisionResponseBuilder2 = new ProvisionResponse.ProvisionResponseBuilder();
                try {
                    provisionResponseBuilder = (ProvisionResponse.ProvisionResponseBuilder) new ObjectMapper().readValue(str, ProvisionResponse.ProvisionResponseBuilder.class);
                } catch (Exception unused) {
                    provisionResponseBuilder = provisionResponseBuilder2;
                }
                return provisionResponseBuilder.build();
            }

            /* JADX INFO: Access modifiers changed from: private */
            public Boolean verifyResponse(String str, String str2) {
                try {
                    byte[] digestOfMessage = KeyProvisioner.this.cryptoEngine.getDigestOfMessage("sha256", str);
                    if (digestOfMessage != null && Base64.encodeToString(digestOfMessage, 2).equals(str2.substring(8))) {
                        return true;
                    }
                    return false;
                } catch (Exception unused) {
                    return false;
                }
            }
        };
        int intValue = secClientNetworkResponse.getResponseExtendedCode().intValue();
        if (intValue == 200) {
            String responseBody = secClientNetworkResponse.getResponseBody();
            if (!r3.verifyResponse(responseBody, secClientNetworkResponse.getResponseHeaders().get("digest")).booleanValue()) {
                return responseWithError(-110, responseExtendedCode, responseBusinessStatus);
            }
            ProvisionResponse parseResponse = r3.parseResponse(responseBody);
            if (parseResponse != null && parseResponse.getRefreshDuration() != null) {
                keyProvisionResultBuilder.status(0);
                keyProvisionResultBuilder.refreshDuration(parseResponse.getRefreshDuration().intValue());
                if (keyProvisionResult == null && (parseResponse.getPackageManifest() == null || parseResponse.getProvisionObjects() == null)) {
                    return responseWithError(-12, responseExtendedCode, responseBusinessStatus);
                }
                if (parseResponse.getPackageManifest() != null && parseResponse.getProvisionObjects() != null) {
                    keyProvisionResultBuilder = r3.nodeLockFromProvisioning(parseResponse);
                    if (keyProvisionResultBuilder.getPackageManifest() == null) {
                        keyProvisionResultBuilder.packageManifest(keyProvisionResult != null ? keyProvisionResult.getPackageManifest() : null);
                    }
                    if (keyProvisionResultBuilder.getProvisionObjects() == null) {
                        keyProvisionResultBuilder.provisionObjects(keyProvisionResult != null ? keyProvisionResult.getProvisionObjects() : null);
                    }
                }
            }
            return responseWithError(-12, responseExtendedCode, responseBusinessStatus);
        }
        if (intValue != 204) {
            keyProvisionResultBuilder.status(-115);
        } else {
            keyProvisionResultBuilder.status(0);
            keyProvisionResultBuilder.refreshDuration(keyProvisionResult.getRefreshDuration());
            keyProvisionResultBuilder.packageManifest(keyProvisionResult.getPackageManifest());
            keyProvisionResultBuilder.provisionObjects(keyProvisionResult.getProvisionObjects());
        }
        keyProvisionResultBuilder.extendedStatus(responseExtendedCode);
        keyProvisionResultBuilder.businessStatus(responseBusinessStatus);
        ApiResult<KeyProvisionResult> apiResult = new ApiResult<>();
        apiResult.setResult(keyProvisionResultBuilder.build());
        apiResult.setAnalytics(this.relatedSpans);
        return apiResult;
    }

    public final ApiResult<KeyProvisionResult> responseWithError(int i, Integer num, Integer num2) {
        ApiResult<KeyProvisionResult> apiResult = new ApiResult<>();
        apiResult.setResult(new KeyProvisionResult.KeyProvisionResultBuilder(i).extendedStatus(num).businessStatus(num2).build());
        apiResult.setAnalytics(this.relatedSpans);
        return apiResult;
    }
}
