package com.microsoft.mmx.agents.ypp.authclient.auth;

import androidx.annotation.NonNull;
import androidx.annotation.VisibleForTesting;
import androidx.annotation.WorkerThread;
import com.microsoft.appmanager.Activity.p;
import com.microsoft.appmanager.telemetry.TraceContext;
import com.microsoft.appmanager.utils.AsyncOperation;
import com.microsoft.mmx.agents.di.AgentScope;
import com.microsoft.mmx.agents.e0;
import com.microsoft.mmx.agents.ypp.DcgClient;
import com.microsoft.mmx.agents.ypp.EnvironmentType;
import com.microsoft.mmx.agents.ypp.authclient.auth.VerifyNotificationResult;
import com.microsoft.mmx.agents.ypp.authclient.crypto.CryptoDataParser;
import com.microsoft.mmx.agents.ypp.authclient.crypto.CryptoPayloadResult;
import com.microsoft.mmx.agents.ypp.authclient.crypto.JwtHelper;
import com.microsoft.mmx.agents.ypp.authclient.trust.CryptoTrustRelationship;
import com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager;
import com.microsoft.mmx.agents.ypp.authclient.trust.TrustManagerUtils;
import com.microsoft.mmx.agents.ypp.configuration.EnvironmentMappingUtils;
import com.microsoft.mmx.agents.ypp.configuration.PlatformConfiguration;
import com.microsoft.mmx.agents.ypp.pairingproxyclient.auth.PairingProxyCertificateValidator;
import com.microsoft.mmx.agents.ypp.sidechannel.protocol.v1.SideChannelAuthorization;
import com.microsoft.mmx.agents.ypp.utils.AsyncOperationUtils;
import com.microsoft.mmx.agents.ypp.wake.CryptoSilentPairingWakeParams;
import com.microsoft.mmx.agents.ypp.wake.CryptoTrustWakeParams;
import com.microsoft.mmx.agents.ypp.wake.CryptoWakeRequestPayload;
import com.microsoft.mmx.agents.ypp.wake.DiagnosticWakeParams;
import com.microsoft.mmx.agents.ypp.wake.OpenConnectionWakeParams;
import com.microsoft.mmx.agents.ypp.wake.WakeParams;
import dagger.Lazy;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.inject.Inject;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.joda.time.DateTime;

@AgentScope
/* loaded from: classes3.dex */
public class AuthPairingValidation implements IAuthPairingValidation {
    private final Lazy<IAuthManager> authManager;
    private final JwtHelper jwtHelper;
    private final AuthPairingValidationLog log;
    private final PairingProxyCertificateValidator pairingProxyCertificateValidator;
    private final PlatformConfiguration platformConfiguration;

    @Inject
    public AuthPairingValidation(@NonNull Lazy<IAuthManager> lazy, @NonNull JwtHelper jwtHelper, @NonNull AuthPairingValidationLog authPairingValidationLog, @NonNull PairingProxyCertificateValidator pairingProxyCertificateValidator, @NonNull PlatformConfiguration platformConfiguration) {
        this.authManager = lazy;
        this.jwtHelper = jwtHelper;
        this.log = authPairingValidationLog;
        this.pairingProxyCertificateValidator = pairingProxyCertificateValidator;
        this.platformConfiguration = platformConfiguration;
    }

    @NonNull
    private AsyncOperation<CryptoPayloadResult> getTrustedPayloadInnerAsync(@NotNull String str, @NotNull String str2, @NotNull TraceContext traceContext, @NotNull ITrustManager iTrustManager) {
        String issFromJwt = this.jwtHelper.getIssFromJwt(str2, traceContext);
        if (issFromJwt != null) {
            return iTrustManager.isCryptoClientTrustedAsync(issFromJwt, traceContext).thenApply(new h(this, iTrustManager, issFromJwt, traceContext, str, str2, 0));
        }
        this.log.cryptoJwtUntrustedAnomaly(null, traceContext);
        return AsyncOperation.completedFuture(new CryptoPayloadResult(CryptoPayloadResult.Status.PARTNER_CLIENT_ID_MISSING));
    }

    @NonNull
    private AsyncOperation<CryptoPayloadResult> getTrustedPayloadWithScopeAsync(@NotNull String str, @NotNull String str2, @NotNull TraceContext traceContext, @NotNull GetTrustManagerResult getTrustManagerResult) {
        if (!getTrustManagerResult.isSuccess()) {
            this.log.trustManagerMissingAnomaly(getTrustManagerResult.getStatus().toString(), traceContext);
            return AsyncOperation.completedFuture(new CryptoPayloadResult(CryptoPayloadResult.Status.GET_TRUST_MANAGER_FAILED));
        }
        if (!str2.equals(this.jwtHelper.getScopeFromJwt(str, traceContext))) {
            this.log.cryptoJwtScopeMismatchedAnomaly(traceContext);
            return AsyncOperation.completedFuture(new CryptoPayloadResult(CryptoPayloadResult.Status.SCOPE_MISMATCH));
        }
        String sourceIdFromJwt = this.jwtHelper.getSourceIdFromJwt(str, traceContext);
        if (sourceIdFromJwt != null) {
            return getTrustedPayloadInnerAsync(sourceIdFromJwt, str, traceContext, getTrustManagerResult.getTrustManager());
        }
        this.log.cryptoTrustDcgClientIdMissingAnomaly(traceContext);
        return AsyncOperation.completedFuture(new CryptoPayloadResult(CryptoPayloadResult.Status.DCG_CLIENT_ID_MISSING));
    }

    @WorkerThread
    @Nullable
    private AsyncOperation<CryptoWakeRequestPayload> getTrustedSilentPairingPayloadInnerAsync(@NonNull String str, @NonNull String str2, @NonNull TraceContext traceContext) {
        this.log.silentPairingWakeNotificationReceived(traceContext);
        return this.platformConfiguration.isCryptoTrustHierarchyEnabled() ? this.authManager.get().getTrustManagerAsync(traceContext).thenCompose(new g(this, traceContext, str, str2, 0)).thenApply(i.f6030c).thenApply(new f(this, traceContext, str2, 1)) : AsyncOperation.completedFuture(validateAndGetDataWithStaticCert(str2, traceContext));
    }

    private AsyncOperation<Boolean> isDeviceTrustedInAnyEnvironmentAsync(@NotNull String str, @NotNull TraceContext traceContext) {
        return this.authManager.get().getTrustManagerAsync(traceContext).thenApply(new f(this, traceContext, str, 0));
    }

    public /* synthetic */ AsyncOperation lambda$getTrustedPayloadAsync$7(TraceContext traceContext, String str, String str2, GetTrustManagerResult getTrustManagerResult) throws Throwable {
        if (getTrustManagerResult.isSuccess()) {
            return getTrustedPayloadInnerAsync(str, str2, traceContext, getTrustManagerResult.getTrustManager());
        }
        this.log.trustManagerMissingAnomaly(getTrustManagerResult.getStatus().toString(), traceContext);
        return AsyncOperation.completedFuture(new CryptoPayloadResult(CryptoPayloadResult.Status.GET_TRUST_MANAGER_FAILED));
    }

    public static /* synthetic */ CryptoWakeRequestPayload lambda$getTrustedPayloadAsync$8(CryptoPayloadResult cryptoPayloadResult) throws Throwable {
        if (!cryptoPayloadResult.isSuccess() || cryptoPayloadResult.getData() == null) {
            return null;
        }
        return new CryptoWakeRequestPayload(cryptoPayloadResult.getData());
    }

    public /* synthetic */ CryptoPayloadResult lambda$getTrustedPayloadInnerAsync$9(ITrustManager iTrustManager, String str, TraceContext traceContext, String str2, String str3, Boolean bool) throws Throwable {
        if (!bool.booleanValue()) {
            this.log.cryptoJwtUntrustedAnomaly(str, traceContext);
            return new CryptoPayloadResult(CryptoPayloadResult.Status.UNTRUSTED);
        }
        CryptoTrustRelationship trustedCryptoTrustRelationship = iTrustManager.getTrustedCryptoTrustRelationship(str, traceContext);
        if (!TrustManagerUtils.doesMatchAnyDcgId(trustedCryptoTrustRelationship, str2)) {
            this.log.cryptoTrustDcgClientIdMismatchedAnomaly(str, traceContext);
            return new CryptoPayloadResult(CryptoPayloadResult.Status.DCG_CLIENT_ID_MISMATCH);
        }
        X509Certificate partnerCert = trustedCryptoTrustRelationship.getPartnerCert();
        Map<String, String> map = null;
        if (partnerCert != null && trustedCryptoTrustRelationship.getPartnerKeyExpirationTime() > DateTime.now().getMillis()) {
            String verifyAndGetDataFromJwt = this.jwtHelper.verifyAndGetDataFromJwt(str3, partnerCert, traceContext);
            this.log.jwtVerifiedByPartnerCert(partnerCert, traceContext);
            return (verifyAndGetDataFromJwt == null || (map = new CryptoDataParser(this.jwtHelper).fromJwt(str3, traceContext)) != null) ? new CryptoPayloadResult(str, str2, map) : new CryptoPayloadResult(CryptoPayloadResult.Status.DATA_PARSING_FAILED);
        }
        X509Certificate partnerTempCert = trustedCryptoTrustRelationship.getPartnerTempCert();
        if (partnerTempCert == null || trustedCryptoTrustRelationship.getPartnerTempKeyExpirationTime() <= DateTime.now().getMillis()) {
            this.log.cryptoJwtVerificationFailedAnomaly(str, traceContext);
            return new CryptoPayloadResult(CryptoPayloadResult.Status.TRUST_VERIFICATION_FAILED);
        }
        String verifyAndGetDataFromJwt2 = this.jwtHelper.verifyAndGetDataFromJwt(str3, partnerTempCert, traceContext);
        this.log.jwtVerifiedByPartnerTempCert(partnerTempCert, traceContext);
        return (verifyAndGetDataFromJwt2 == null || (map = new CryptoDataParser(this.jwtHelper).fromJwt(str3, traceContext)) != null) ? new CryptoPayloadResult(str, str2, map) : new CryptoPayloadResult(CryptoPayloadResult.Status.DATA_PARSING_FAILED);
    }

    public /* synthetic */ AsyncOperation lambda$getTrustedSilentPairingPayloadInnerAsync$10(TraceContext traceContext, String str, String str2, GetTrustManagerResult getTrustManagerResult) throws Throwable {
        if (getTrustManagerResult.isSuccess()) {
            return getTrustedPayloadInnerAsync(str, str2, traceContext, getTrustManagerResult.getTrustManager());
        }
        this.log.trustManagerMissingAnomaly(getTrustManagerResult.getStatus().toString(), traceContext);
        return AsyncOperation.completedFuture(new CryptoPayloadResult(CryptoPayloadResult.Status.GET_TRUST_MANAGER_FAILED));
    }

    public static /* synthetic */ CryptoWakeRequestPayload lambda$getTrustedSilentPairingPayloadInnerAsync$11(CryptoPayloadResult cryptoPayloadResult) throws Throwable {
        if (!cryptoPayloadResult.isSuccess() || cryptoPayloadResult.getData() == null) {
            return null;
        }
        return new CryptoWakeRequestPayload(cryptoPayloadResult.getData());
    }

    public /* synthetic */ CryptoWakeRequestPayload lambda$getTrustedSilentPairingPayloadInnerAsync$12(TraceContext traceContext, String str, CryptoWakeRequestPayload cryptoWakeRequestPayload) throws Throwable {
        if (cryptoWakeRequestPayload == null) {
            this.log.silentPairingWakeNotificationValidationByCT(false, traceContext);
            return validateAndGetDataWithStaticCert(str, traceContext);
        }
        this.log.silentPairingWakeNotificationValidationByCT(true, traceContext);
        cryptoWakeRequestPayload.setValidatedByTrustManager(true);
        return cryptoWakeRequestPayload;
    }

    public /* synthetic */ Boolean lambda$isDeviceTrustedAsync$5(TraceContext traceContext, DcgClient dcgClient, GetTrustManagerResult getTrustManagerResult) throws Throwable {
        if (getTrustManagerResult.isSuccess()) {
            return Boolean.valueOf(getTrustManagerResult.getTrustManager().isDeviceTrusted(dcgClient, traceContext));
        }
        this.log.trustManagerMissingAnomaly(getTrustManagerResult.getStatus().toString(), traceContext);
        return Boolean.FALSE;
    }

    public /* synthetic */ Boolean lambda$isDeviceTrustedInAnyEnvironmentAsync$13(TraceContext traceContext, String str, GetTrustManagerResult getTrustManagerResult) throws Throwable {
        if (getTrustManagerResult.isSuccess()) {
            return Boolean.valueOf(TrustManagerUtils.doesTrustExistInAnyEnvironment(getTrustManagerResult.getTrustManager(), str, traceContext));
        }
        this.log.trustManagerMissingAnomaly(getTrustManagerResult.getStatus().toString(), traceContext);
        return Boolean.FALSE;
    }

    public /* synthetic */ Boolean lambda$isDeviceUsingCryptoTrustAsync$6(TraceContext traceContext, DcgClient dcgClient, GetTrustManagerResult getTrustManagerResult) throws Throwable {
        if (getTrustManagerResult.isSuccess()) {
            return Boolean.valueOf(getTrustManagerResult.getTrustManager().getTrustedPartnerClientIdByDcgClientInfo(dcgClient, traceContext) != null);
        }
        this.log.trustManagerMissingAnomaly(getTrustManagerResult.getStatus().toString(), traceContext);
        return Boolean.FALSE;
    }

    public /* synthetic */ EnvironmentType lambda$resolveEnvironmentForTrustedPartnerAsync$14(TraceContext traceContext, DcgClient dcgClient, GetTrustManagerResult getTrustManagerResult) throws Throwable {
        if (getTrustManagerResult.isSuccess()) {
            return EnvironmentMappingUtils.resolveEnvironment(getTrustManagerResult.getTrustManager().trySelectEnvironmentForDcgId(dcgClient.getDcgClientId(), traceContext));
        }
        this.log.trustManagerMissingAnomaly(getTrustManagerResult.getStatus().toString(), traceContext);
        return EnvironmentMappingUtils.inferEnvironmentFromBuild();
    }

    public /* synthetic */ VerifyNotificationResult lambda$verifyNotificationAsync$0(CryptoTrustWakeParams cryptoTrustWakeParams, WakeParams wakeParams, CryptoWakeRequestPayload cryptoWakeRequestPayload) throws Throwable {
        boolean z = true;
        boolean z2 = cryptoWakeRequestPayload != null;
        VerifyNotificationResult.AuthenticationType authenticationType = z2 ? VerifyNotificationResult.AuthenticationType.CRYPTO : VerifyNotificationResult.AuthenticationType.TRUSTED_ID;
        DcgClient dcgClient = new DcgClient(cryptoTrustWakeParams.getSourceId(), cryptoTrustWakeParams.getEnvironment());
        if (!z2 && !isDeviceTrustedAsync(dcgClient, cryptoTrustWakeParams.getTraceContext()).get().booleanValue()) {
            z = false;
        }
        this.log.cryptoTrustWakeVerifiedResult(z, z2, ((CryptoTrustWakeParams) wakeParams).getTraceContext());
        return new VerifyNotificationResult(z, authenticationType, cryptoWakeRequestPayload);
    }

    public static /* synthetic */ VerifyNotificationResult lambda$verifyNotificationAsync$1(CryptoWakeRequestPayload cryptoWakeRequestPayload) throws Throwable {
        return new VerifyNotificationResult(cryptoWakeRequestPayload != null, VerifyNotificationResult.AuthenticationType.CRYPTO, cryptoWakeRequestPayload);
    }

    public static /* synthetic */ VerifyNotificationResult lambda$verifyNotificationAsync$2(Boolean bool) throws Throwable {
        return new VerifyNotificationResult(bool.booleanValue(), VerifyNotificationResult.AuthenticationType.TRUSTED_ID);
    }

    public static /* synthetic */ VerifyNotificationResult lambda$verifyNotificationAsync$3(Boolean bool) throws Throwable {
        return new VerifyNotificationResult(bool.booleanValue(), VerifyNotificationResult.AuthenticationType.TRUSTED_ID);
    }

    public /* synthetic */ AsyncOperation lambda$verifySideChannelAuthorizationAsync$4(SideChannelAuthorization sideChannelAuthorization, String str, TraceContext traceContext, GetTrustManagerResult getTrustManagerResult) throws Throwable {
        return getTrustedPayloadWithScopeAsync(sideChannelAuthorization.getSignedJwtPayload(), str, traceContext, getTrustManagerResult);
    }

    @Nullable
    private CryptoWakeRequestPayload validateAndGetDataWithStaticCert(@NonNull String str, @NonNull TraceContext traceContext) {
        boolean z;
        String validateAndGetDataWithStaticCertificate = this.pairingProxyCertificateValidator.validateAndGetDataWithStaticCertificate(str, traceContext);
        if (validateAndGetDataWithStaticCertificate == null) {
            validateAndGetDataWithStaticCertificate = this.pairingProxyCertificateValidator.validateAndGetDataWithStaticCertificateSecondary(str, traceContext);
            z = false;
        } else {
            z = true;
        }
        if (validateAndGetDataWithStaticCertificate == null) {
            this.log.silentPairingWakeNotificationValidation(false, z, traceContext);
            return null;
        }
        this.log.silentPairingWakeNotificationValidation(true, z, traceContext);
        Map<String, String> fromJwt = new CryptoDataParser(this.jwtHelper).fromJwt(str, traceContext);
        if (fromJwt != null) {
            return new CryptoWakeRequestPayload(fromJwt);
        }
        return null;
    }

    @VisibleForTesting
    public AsyncOperation<CryptoWakeRequestPayload> getTrustedPayloadAsync(@NotNull String str, @NotNull String str2, @NotNull TraceContext traceContext) {
        return this.authManager.get().getTrustManagerAsync(traceContext).thenCompose(new g(this, traceContext, str, str2, 1)).thenApply(i.d);
    }

    public AsyncOperation<CryptoWakeRequestPayload> getTrustedSilentPairingPayloadAsync(@NonNull String str, @NonNull String str2, @NonNull TraceContext traceContext) {
        return getTrustedSilentPairingPayloadInnerAsync(str, str2, traceContext);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthPairingValidation
    public AsyncOperation<Boolean> isDeviceTrustedAsync(@NotNull DcgClient dcgClient, @NotNull TraceContext traceContext) {
        return this.authManager.get().getTrustManagerAsync(traceContext).thenApply(new e(this, traceContext, dcgClient, 2));
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthPairingValidation
    public AsyncOperation<Boolean> isDeviceUsingCryptoTrustAsync(@NotNull DcgClient dcgClient, TraceContext traceContext) {
        return this.authManager.get().getTrustManagerAsync(traceContext).thenApply(new e(this, traceContext, dcgClient, 0));
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthPairingValidation
    public AsyncOperation<EnvironmentType> resolveEnvironmentForTrustedPartnerAsync(@NonNull DcgClient dcgClient, @NonNull TraceContext traceContext) {
        return dcgClient.getEnvironmentType() != EnvironmentType.Legacy ? AsyncOperation.completedFuture(EnvironmentMappingUtils.resolveEnvironment(dcgClient.getEnvironmentType())) : this.authManager.get().getTrustManagerAsync(traceContext).thenApply(new e(this, traceContext, dcgClient, 1));
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthPairingValidation
    public AsyncOperation<VerifyNotificationResult> verifyNotificationAsync(@NonNull WakeParams wakeParams) {
        if (!wakeParams.getIsYppMessage()) {
            return AsyncOperationUtils.failedFuture(new IllegalStateException("Notification is not a YPP notification"));
        }
        if (wakeParams instanceof CryptoTrustWakeParams) {
            CryptoTrustWakeParams cryptoTrustWakeParams = (CryptoTrustWakeParams) wakeParams;
            return getTrustedPayloadAsync(cryptoTrustWakeParams.getSourceId(), cryptoTrustWakeParams.getCryptoJwt(), cryptoTrustWakeParams.getTraceContext()).thenApplyAsync(new p(this, cryptoTrustWakeParams, wakeParams, 8));
        }
        if (wakeParams instanceof CryptoSilentPairingWakeParams) {
            CryptoSilentPairingWakeParams cryptoSilentPairingWakeParams = (CryptoSilentPairingWakeParams) wakeParams;
            return getTrustedSilentPairingPayloadAsync(cryptoSilentPairingWakeParams.getSourceId(), cryptoSilentPairingWakeParams.getCryptoJwt(), cryptoSilentPairingWakeParams.getTraceContext()).thenApply(i.e);
        }
        if (wakeParams instanceof OpenConnectionWakeParams) {
            OpenConnectionWakeParams openConnectionWakeParams = (OpenConnectionWakeParams) wakeParams;
            return isDeviceTrustedAsync(new DcgClient(openConnectionWakeParams.getSourceId(), openConnectionWakeParams.getEnvironment()), openConnectionWakeParams.getTraceContext()).thenApplyAsync(i.f);
        }
        if (!(wakeParams instanceof DiagnosticWakeParams)) {
            return AsyncOperationUtils.failedFuture(new IllegalStateException("Unknown Payload type"));
        }
        DiagnosticWakeParams diagnosticWakeParams = (DiagnosticWakeParams) wakeParams;
        return isDeviceTrustedInAnyEnvironmentAsync(diagnosticWakeParams.getSourceId(), diagnosticWakeParams.getTraceContext()).thenApplyAsync(i.g);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthPairingValidation
    public AsyncOperation<VerifySideChannelAuthorizationResult> verifySideChannelAuthorizationAsync(@NotNull SideChannelAuthorization sideChannelAuthorization, @NotNull String str, @NotNull TraceContext traceContext) {
        return this.authManager.get().getTrustManagerAsync(traceContext).thenCompose(new e0(this, sideChannelAuthorization, str, traceContext, 2)).thenApply(i.f6029b);
    }
}
