package com.microsoft.authenticator.rootdetection.businesslogic;

import com.google.android.gms.common.api.ApiException;
import com.google.android.gms.common.api.CommonStatusCodes;
import com.google.android.gms.safetynet.SafetyNetApi;
import com.google.android.gms.safetynet.SafetyNetClient;
import com.google.android.gms.tasks.OnFailureListener;
import com.google.android.gms.tasks.OnSuccessListener;
import com.google.android.gms.tasks.Task;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.firebase.messaging.Constants;
import com.microsoft.authenticator.core.logging.BaseLogger;
import com.microsoft.authenticator.rootdetection.BuildConfig;
import com.microsoft.authenticator.rootdetection.entities.AttestationVerificationResult;
import com.microsoft.authenticator.rootdetection.entities.DeviceAttestationPayload;
import com.microsoft.authenticator.rootdetection.entities.SafetyNetResult;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.SSLException;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.Result;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.coroutines.Continuation;
import kotlin.coroutines.SafeContinuation;
import kotlin.coroutines.intrinsics.IntrinsicsKt__IntrinsicsJvmKt;
import kotlin.coroutines.intrinsics.IntrinsicsKt__IntrinsicsKt;
import kotlin.coroutines.jvm.internal.DebugProbesKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.text.Charsets;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;

/* compiled from: SafetyNetUseCase.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000n\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0017\u0018\u0000 *2\u00020\u0001:\u0001*B'\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t¢\u0006\u0002\u0010\nJ\b\u0010\u000b\u001a\u00020\fH\u0002J\u0012\u0010\r\u001a\u0004\u0018\u00010\u000e2\u0006\u0010\u000f\u001a\u00020\fH\u0007J\"\u0010\u0010\u001a\u00020\u00112\n\u0010\u0012\u001a\u00060\u0013j\u0002`\u00142\f\u0010\u0015\u001a\b\u0012\u0004\u0012\u00020\u00170\u0016H\u0002J(\u0010\u0018\u001a\u00020\u00112\b\u0010\u0019\u001a\u0004\u0018\u00010\u001a2\u0006\u0010\u001b\u001a\u00020\u000e2\f\u0010\u0015\u001a\b\u0012\u0004\u0012\u00020\u00170\u0016H\u0002J\u000e\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\fJ\u0019\u0010\u001f\u001a\u00020\u00172\u0006\u0010 \u001a\u00020\fH\u0096@ø\u0001\u0000¢\u0006\u0002\u0010!J\u001d\u0010\"\u001a\u00020#2\u0006\u0010$\u001a\u00020\f2\u0006\u0010%\u001a\u00020&H\u0001¢\u0006\u0002\b'J\u0016\u0010(\u001a\u00020\u00172\u0006\u0010)\u001a\u00020\f2\u0006\u0010\u001b\u001a\u00020\u000eR\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000\u0082\u0002\u0004\n\u0002\b\u0019¨\u0006+"}, d2 = {"Lcom/microsoft/authenticator/rootdetection/businesslogic/SafetyNetUseCase;", "", "safetyNetClient", "Lcom/google/android/gms/safetynet/SafetyNetClient;", "defaultHostnameVerifier", "Lorg/apache/http/conn/ssl/DefaultHostnameVerifier;", "attestAndroidTrustManagerProvider", "Lcom/microsoft/authenticator/rootdetection/businesslogic/AttestAndroidTrustManagerProvider;", "jacksonFactory", "Lcom/google/api/client/json/jackson2/JacksonFactory;", "(Lcom/google/android/gms/safetynet/SafetyNetClient;Lorg/apache/http/conn/ssl/DefaultHostnameVerifier;Lcom/microsoft/authenticator/rootdetection/businesslogic/AttestAndroidTrustManagerProvider;Lcom/google/api/client/json/jackson2/JacksonFactory;)V", "getApkCertificateDigestSha256", "", "getRequestNonceLocally", "", Constants.ScionAnalytics.MessageType.DATA_MESSAGE, "handleSafetyNetAttestationFail", "", "e", "Ljava/lang/Exception;", "Lkotlin/Exception;", "continuation", "Lkotlin/coroutines/Continuation;", "Lcom/microsoft/authenticator/rootdetection/entities/SafetyNetResult;", "handleSafetyNetAttestationSuccess", "attestationResponse", "Lcom/google/android/gms/safetynet/SafetyNetApi$AttestationResponse;", "requestNonce", "parseAndVerify", "Lcom/microsoft/authenticator/rootdetection/entities/AttestationVerificationResult;", "signedAttestationStatement", "sendSafetyNetRequest", "nonceSeed", "(Ljava/lang/String;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "verifyHostname", "", "hostname", "leafCert", "Ljava/security/cert/X509Certificate;", "verifyHostname$RootDetectionLibrary_release", "verifyJwsResultLocally", "jwsResult", "Companion", "RootDetectionLibrary_release"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes2.dex */
public class SafetyNetUseCase {
    public static final String authenticatorAppPackageName = "com.azure.authenticator";
    public static final String debugBase64ApkCertificateDigestSha256 = "4ptCMWRR4uySLmKWzRwHZnhMosCDcg2P4CJSkfU877A=";
    public static final String releaseBase64ApkCertificateDigestSha256 = "7r0PFuYpr4uDgb/t/dZJYF/pD3Y/XLe6Rz657vlNmvE=";
    private final AttestAndroidTrustManagerProvider attestAndroidTrustManagerProvider;
    private final DefaultHostnameVerifier defaultHostnameVerifier;
    private final JacksonFactory jacksonFactory;
    private final SafetyNetClient safetyNetClient;

    public SafetyNetUseCase(SafetyNetClient safetyNetClient, DefaultHostnameVerifier defaultHostnameVerifier, AttestAndroidTrustManagerProvider attestAndroidTrustManagerProvider, JacksonFactory jacksonFactory) {
        Intrinsics.checkNotNullParameter(safetyNetClient, "safetyNetClient");
        Intrinsics.checkNotNullParameter(defaultHostnameVerifier, "defaultHostnameVerifier");
        Intrinsics.checkNotNullParameter(attestAndroidTrustManagerProvider, "attestAndroidTrustManagerProvider");
        Intrinsics.checkNotNullParameter(jacksonFactory, "jacksonFactory");
        this.safetyNetClient = safetyNetClient;
        this.defaultHostnameVerifier = defaultHostnameVerifier;
        this.attestAndroidTrustManagerProvider = attestAndroidTrustManagerProvider;
        this.jacksonFactory = jacksonFactory;
    }

    private final String getApkCertificateDigestSha256() {
        return releaseBase64ApkCertificateDigestSha256;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void handleSafetyNetAttestationFail(Exception e, Continuation<? super SafetyNetResult> continuation) {
        if (e instanceof ApiException) {
            BaseLogger.e("Error during SafetyNet call. Details: " + CommonStatusCodes.getStatusCodeString(((ApiException) e).getStatusCode()), e);
        } else {
            BaseLogger.e("Unknown error during SafetyNet call", e);
        }
        SafetyNetResult.UnknownError unknownError = new SafetyNetResult.UnknownError(e);
        Result.Companion companion = Result.INSTANCE;
        Result.m162constructorimpl(unknownError);
        continuation.resumeWith(unknownError);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void handleSafetyNetAttestationSuccess(SafetyNetApi.AttestationResponse attestationResponse, byte[] requestNonce, Continuation<? super SafetyNetResult> continuation) {
        if (attestationResponse == null) {
            BaseLogger.e("SafetyNet attestationResponse is null.");
            SafetyNetResult.UnknownError unknownError = new SafetyNetResult.UnknownError(new Exception("SafetyNet attestationResponse is null"));
            Result.Companion companion = Result.INSTANCE;
            Result.m162constructorimpl(unknownError);
            continuation.resumeWith(unknownError);
            return;
        }
        BaseLogger.i("Handling successful SafetyNet result.");
        String jwsResult = attestationResponse.getJwsResult();
        Intrinsics.checkNotNullExpressionValue(jwsResult, "attestationResponse.jwsResult");
        SafetyNetResult verifyJwsResultLocally = verifyJwsResultLocally(jwsResult, requestNonce);
        Result.Companion companion2 = Result.INSTANCE;
        Result.m162constructorimpl(verifyJwsResultLocally);
        continuation.resumeWith(verifyJwsResultLocally);
    }

    static /* synthetic */ Object sendSafetyNetRequest$suspendImpl(final SafetyNetUseCase safetyNetUseCase, String str, Continuation continuation) {
        Continuation intercepted;
        Object coroutine_suspended;
        BaseLogger.i("Sending SafetyNet API request. Preparing the nonce.");
        final byte[] requestNonceLocally = safetyNetUseCase.getRequestNonceLocally(str);
        if (requestNonceLocally == null) {
            BaseLogger.e("Could not generate a nonce for SafetyNet request.");
            return SafetyNetResult.NonceGenerationFailure.INSTANCE;
        }
        BaseLogger.i("Call the SafetyNet API asynchronously.");
        intercepted = IntrinsicsKt__IntrinsicsJvmKt.intercepted(continuation);
        final SafeContinuation safeContinuation = new SafeContinuation(intercepted);
        Task<SafetyNetApi.AttestationResponse> attest = safetyNetUseCase.safetyNetClient.attest(requestNonceLocally, BuildConfig.GOOGLE_SAFETY_NET_API_KEY);
        Intrinsics.checkNotNullExpressionValue(attest, "safetyNetClient.attest(r…OOGLE_SAFETY_NET_API_KEY)");
        attest.addOnSuccessListener(new OnSuccessListener<SafetyNetApi.AttestationResponse>() { // from class: com.microsoft.authenticator.rootdetection.businesslogic.SafetyNetUseCase$sendSafetyNetRequest$$inlined$suspendCoroutine$lambda$1
            @Override // com.google.android.gms.tasks.OnSuccessListener
            public final void onSuccess(SafetyNetApi.AttestationResponse attestationResponse) {
                safetyNetUseCase.handleSafetyNetAttestationSuccess(attestationResponse, requestNonceLocally, Continuation.this);
            }
        }).addOnFailureListener(new OnFailureListener() { // from class: com.microsoft.authenticator.rootdetection.businesslogic.SafetyNetUseCase$sendSafetyNetRequest$$inlined$suspendCoroutine$lambda$2
            @Override // com.google.android.gms.tasks.OnFailureListener
            public final void onFailure(Exception e) {
                Intrinsics.checkNotNullParameter(e, "e");
                safetyNetUseCase.handleSafetyNetAttestationFail(e, Continuation.this);
            }
        });
        Object orThrow = safeContinuation.getOrThrow();
        coroutine_suspended = IntrinsicsKt__IntrinsicsKt.getCOROUTINE_SUSPENDED();
        if (orThrow == coroutine_suspended) {
            DebugProbesKt.probeCoroutineSuspended(continuation);
        }
        return orThrow;
    }

    public final byte[] getRequestNonceLocally(String data) {
        Intrinsics.checkNotNullParameter(data, "data");
        String str = data + System.currentTimeMillis();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[24];
        new SecureRandom().nextBytes(bArr);
        try {
            byteArrayOutputStream.write(bArr);
            Charset charset = Charsets.UTF_8;
            if (str == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
            }
            byte[] bytes = str.getBytes(charset);
            Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
            byteArrayOutputStream.write(bytes);
            return byteArrayOutputStream.toByteArray();
        } catch (IOException unused) {
            return null;
        }
    }

    public final AttestationVerificationResult parseAndVerify(String signedAttestationStatement) {
        Intrinsics.checkNotNullParameter(signedAttestationStatement, "signedAttestationStatement");
        BaseLogger.i("Parse JSON Web Signature format.");
        try {
            JsonWebSignature.Parser parser = JsonWebSignature.parser(this.jacksonFactory);
            parser.setPayloadClass(DeviceAttestationPayload.class);
            JsonWebSignature parse = parser.parse(signedAttestationStatement);
            Intrinsics.checkNotNullExpressionValue(parse, "JsonWebSignature.parser(…gnedAttestationStatement)");
            X509TrustManager trustManager = this.attestAndroidTrustManagerProvider.getTrustManager();
            if (trustManager == null) {
                return AttestationVerificationResult.TrustManagerNotDefined.INSTANCE;
            }
            BaseLogger.i("Verify the signature of the JWS and retrieve the signature certificate.");
            try {
                X509Certificate verifySignature = parse.verifySignature(trustManager);
                if (verifySignature == null) {
                    BaseLogger.e("Failure: Signature verification failed.");
                    return AttestationVerificationResult.JwsSignatureVerificationFailed.INSTANCE;
                }
                BaseLogger.i("Verify the hostname of the certificate.");
                if (!verifyHostname$RootDetectionLibrary_release(AttestAndroidTrustManagerProvider.attestAndroidHostname, verifySignature)) {
                    BaseLogger.e("Failure: Certificate isn't issued for the hostname attest.android.com");
                    return AttestationVerificationResult.WrongHost.INSTANCE;
                }
                BaseLogger.i("Extract and use the payload data.");
                JsonWebToken.Payload payload = parse.getPayload();
                if (payload != null) {
                    return new AttestationVerificationResult.Success((DeviceAttestationPayload) payload);
                }
                throw new NullPointerException("null cannot be cast to non-null type com.microsoft.authenticator.rootdetection.entities.DeviceAttestationPayload");
            } catch (GeneralSecurityException e) {
                BaseLogger.e("Failure: Error during cryptographic verification of the JWS signature.", e);
                return AttestationVerificationResult.JwsSignatureVerificationCryptoError.INSTANCE;
            }
        } catch (IOException e2) {
            BaseLogger.e("Failure: signedAttestationStatement is not valid JWS format.", e2);
            return AttestationVerificationResult.NotValidJwsFormat.INSTANCE;
        } catch (IllegalArgumentException e3) {
            BaseLogger.e("Failure: signedAttestationStatement has unexpected JWS format.", e3);
            return AttestationVerificationResult.UnexpectedArgumentInJws.INSTANCE;
        }
    }

    public Object sendSafetyNetRequest(String str, Continuation<? super SafetyNetResult> continuation) {
        return sendSafetyNetRequest$suspendImpl(this, str, continuation);
    }

    public final boolean verifyHostname$RootDetectionLibrary_release(String hostname, X509Certificate leafCert) {
        Intrinsics.checkNotNullParameter(hostname, "hostname");
        Intrinsics.checkNotNullParameter(leafCert, "leafCert");
        try {
            BaseLogger.i("Check that the hostname matches the certificate.");
            this.defaultHostnameVerifier.verify(hostname, leafCert);
            return true;
        } catch (SSLException e) {
            BaseLogger.e("Cert could not be verified.", e);
            return false;
        }
    }

    public final SafetyNetResult verifyJwsResultLocally(String jwsResult, byte[] requestNonce) {
        boolean contains;
        Intrinsics.checkNotNullParameter(jwsResult, "jwsResult");
        Intrinsics.checkNotNullParameter(requestNonce, "requestNonce");
        AttestationVerificationResult parseAndVerify = parseAndVerify(jwsResult);
        if (!(parseAndVerify instanceof AttestationVerificationResult.Success)) {
            BaseLogger.e("Failure: Failed to parse and verify the attestation statement. " + Reflection.getOrCreateKotlinClass(parseAndVerify.getClass()).getSimpleName());
            return new SafetyNetResult.VerificationError(parseAndVerify);
        }
        BaseLogger.i("Successfully verified the attestation statement.");
        DeviceAttestationPayload deviceAttestationPayload = ((AttestationVerificationResult.Success) parseAndVerify).getDeviceAttestationPayload();
        if (!Arrays.equals(requestNonce, deviceAttestationPayload.getNonce())) {
            BaseLogger.e("Original nonce does not match the once received from SafetyNet service.");
            return new SafetyNetResult.VerificationError(AttestationVerificationResult.NonceDoesNotMatch.INSTANCE);
        }
        if (!Intrinsics.areEqual("com.azure.authenticator", deviceAttestationPayload.getApkPackageName())) {
            BaseLogger.e("Unexpected package name.");
            return new SafetyNetResult.VerificationError(AttestationVerificationResult.UnexpectedPackageName.INSTANCE);
        }
        String[] apkCertificateDigestSha256 = deviceAttestationPayload.getApkCertificateDigestSha256();
        if (apkCertificateDigestSha256 != null) {
            contains = ArraysKt___ArraysKt.contains(apkCertificateDigestSha256, getApkCertificateDigestSha256());
            if (contains) {
                BaseLogger.i("API verdict: attestationStatement.basicIntegrity = " + deviceAttestationPayload.getBasicIntegrity());
                if (deviceAttestationPayload.getBasicIntegrity()) {
                    return SafetyNetResult.DeviceNotRooted.INSTANCE;
                }
                String error = deviceAttestationPayload.getError();
                if (error == null) {
                    error = "" + deviceAttestationPayload.getAdvice();
                }
                return new SafetyNetResult.DeviceRooted(error);
            }
        }
        BaseLogger.e("apk certificate digest SHA 256 does not match.");
        return new SafetyNetResult.VerificationError(AttestationVerificationResult.ApkCertDigestDoesNotMatch.INSTANCE);
    }
}
