package com.google.commerce.tapandpay.android.security.storagekey;

import android.app.Application;
import android.util.Pair;
import com.felicanetworks.mfc.mfi.MfiClientException;
import com.google.android.libraries.tapandpay.proto.StorageKeyProto$EncryptedStorageKey;
import com.google.android.libraries.tapandpay.proto.StorageKeyProto$StorageKey;
import com.google.commerce.tapandpay.android.accountscope.api.QualifierAnnotations;
import com.google.commerce.tapandpay.android.attestation.DeviceAttestationClient;
import com.google.commerce.tapandpay.android.infrastructure.rpc.RpcCaller;
import com.google.commerce.tapandpay.android.infrastructure.rpc.ServerException;
import com.google.commerce.tapandpay.android.infrastructure.rpc.TapAndPayApiException;
import com.google.commerce.tapandpay.android.migration.state.MigrationStateManager;
import com.google.commerce.tapandpay.android.security.SecureHardwareEncryptionUtil;
import com.google.commerce.tapandpay.android.security.storagekey.StorageKeyCache;
import com.google.commerce.tapandpay.android.transit.transitbundle.datastore.TransitBundleDatastore;
import com.google.common.flogger.GoogleLogger;
import com.google.internal.tapandpay.v1.Attestation$AttestationSignal;
import com.google.internal.tapandpay.v1.SecurityProto$ConfirmStorageKeyRotationRequest;
import com.google.internal.tapandpay.v1.SecurityProto$ConfirmStorageKeyRotationResponse;
import com.google.internal.tapandpay.v1.SecurityProto$GetStorageKeyRequest;
import com.google.internal.tapandpay.v1.SecurityProto$GetStorageKeyResponse;
import com.google.internal.tapandpay.v1.SecurityProto$StorageKey;
import com.google.protobuf.ByteString;
import googledata.experiments.mobile.tapandpay.features.gp2.DeviceAttestation;
import java.io.IOException;
import javax.inject.Inject;

/* loaded from: classes2.dex */
public class StorageKeyManager {
    public static final GoogleLogger logger = GoogleLogger.forInjectedClassName("com/google/commerce/tapandpay/android/security/storagekey/StorageKeyManager");
    public final DeviceAttestationClient attestationClient;
    private final Application context;
    private final RpcCaller rpcCaller;
    private final StorageKeyCache storageKeyCache;
    private final TransitBundleDatastore transitBundleDatastore;

    @Inject
    public StorageKeyManager(DeviceAttestationClient deviceAttestationClient, StorageKeyCache storageKeyCache, @QualifierAnnotations.AccountName String str, Application application, RpcCaller rpcCaller, TransitBundleDatastore transitBundleDatastore) {
        this.attestationClient = deviceAttestationClient;
        this.storageKeyCache = storageKeyCache;
        this.context = application;
        this.rpcCaller = rpcCaller;
        this.transitBundleDatastore = transitBundleDatastore;
    }

    private final void getStorageKey$ar$ds(Attestation$AttestationSignal attestation$AttestationSignal) {
        try {
            this.storageKeyCache.get(false);
        } catch (StorageKeyCache.StorageKeyException e) {
            SecurityProto$GetStorageKeyRequest.Builder builder = (SecurityProto$GetStorageKeyRequest.Builder) SecurityProto$GetStorageKeyRequest.DEFAULT_INSTANCE.createBuilder();
            if (!builder.instance.isMutable()) {
                builder.copyOnWriteInternal();
            }
            SecurityProto$GetStorageKeyRequest securityProto$GetStorageKeyRequest = (SecurityProto$GetStorageKeyRequest) builder.instance;
            attestation$AttestationSignal.getClass();
            securityProto$GetStorageKeyRequest.attestationSignal_ = attestation$AttestationSignal;
            SecurityProto$GetStorageKeyResponse securityProto$GetStorageKeyResponse = (SecurityProto$GetStorageKeyResponse) this.rpcCaller.blockingCallTapAndPay("t/security/getstoragekey", (SecurityProto$GetStorageKeyRequest) builder.build(), SecurityProto$GetStorageKeyResponse.DEFAULT_INSTANCE);
            SecurityProto$StorageKey securityProto$StorageKey = securityProto$GetStorageKeyResponse.key_;
            if (securityProto$StorageKey == null) {
                securityProto$StorageKey = SecurityProto$StorageKey.DEFAULT_INSTANCE;
            }
            if (securityProto$StorageKey.value_.size() != 32) {
                throw new IOException("received a storage key with a length not equal to 32.");
            }
            StorageKeyProto$StorageKey.Builder builder2 = (StorageKeyProto$StorageKey.Builder) StorageKeyProto$StorageKey.DEFAULT_INSTANCE.createBuilder();
            SecurityProto$StorageKey securityProto$StorageKey2 = securityProto$GetStorageKeyResponse.key_;
            if (securityProto$StorageKey2 == null) {
                securityProto$StorageKey2 = SecurityProto$StorageKey.DEFAULT_INSTANCE;
            }
            String str = securityProto$StorageKey2.id_;
            if (!builder2.instance.isMutable()) {
                builder2.copyOnWriteInternal();
            }
            StorageKeyProto$StorageKey storageKeyProto$StorageKey = (StorageKeyProto$StorageKey) builder2.instance;
            str.getClass();
            storageKeyProto$StorageKey.id_ = str;
            SecurityProto$StorageKey securityProto$StorageKey3 = securityProto$GetStorageKeyResponse.key_;
            if (securityProto$StorageKey3 == null) {
                securityProto$StorageKey3 = SecurityProto$StorageKey.DEFAULT_INSTANCE;
            }
            ByteString byteString = securityProto$StorageKey3.value_;
            if (!builder2.instance.isMutable()) {
                builder2.copyOnWriteInternal();
            }
            StorageKeyProto$StorageKey storageKeyProto$StorageKey2 = (StorageKeyProto$StorageKey) builder2.instance;
            byteString.getClass();
            storageKeyProto$StorageKey2.value_ = byteString;
            StorageKeyProto$StorageKey storageKeyProto$StorageKey3 = (StorageKeyProto$StorageKey) builder2.build();
            if (securityProto$GetStorageKeyResponse.newKey_ != null) {
                if (MigrationStateManager.hasClosedLoopHceMigrationStarted(this.context)) {
                    ((GoogleLogger.Api) ((GoogleLogger.Api) logger.atWarning()).withInjectedLogSite("com/google/commerce/tapandpay/android/security/storagekey/StorageKeyManager", "fetchStorageKey", 108, "StorageKeyManager.java")).log("Tried to rotate storage keys mid-migration");
                } else {
                    try {
                        StorageKeyProto$StorageKey.Builder builder3 = (StorageKeyProto$StorageKey.Builder) StorageKeyProto$StorageKey.DEFAULT_INSTANCE.createBuilder();
                        SecurityProto$StorageKey securityProto$StorageKey4 = securityProto$GetStorageKeyResponse.newKey_;
                        if (securityProto$StorageKey4 == null) {
                            securityProto$StorageKey4 = SecurityProto$StorageKey.DEFAULT_INSTANCE;
                        }
                        String str2 = securityProto$StorageKey4.id_;
                        if (!builder3.instance.isMutable()) {
                            builder3.copyOnWriteInternal();
                        }
                        StorageKeyProto$StorageKey storageKeyProto$StorageKey4 = (StorageKeyProto$StorageKey) builder3.instance;
                        str2.getClass();
                        storageKeyProto$StorageKey4.id_ = str2;
                        SecurityProto$StorageKey securityProto$StorageKey5 = securityProto$GetStorageKeyResponse.newKey_;
                        if (securityProto$StorageKey5 == null) {
                            securityProto$StorageKey5 = SecurityProto$StorageKey.DEFAULT_INSTANCE;
                        }
                        ByteString byteString2 = securityProto$StorageKey5.value_;
                        if (!builder3.instance.isMutable()) {
                            builder3.copyOnWriteInternal();
                        }
                        StorageKeyProto$StorageKey storageKeyProto$StorageKey5 = (StorageKeyProto$StorageKey) builder3.instance;
                        byteString2.getClass();
                        storageKeyProto$StorageKey5.value_ = byteString2;
                        StorageKeyProto$StorageKey storageKeyProto$StorageKey6 = (StorageKeyProto$StorageKey) builder3.build();
                        this.transitBundleDatastore.rotateStorageKey(storageKeyProto$StorageKey3, storageKeyProto$StorageKey6);
                        SecurityProto$ConfirmStorageKeyRotationRequest.Builder builder4 = (SecurityProto$ConfirmStorageKeyRotationRequest.Builder) SecurityProto$ConfirmStorageKeyRotationRequest.DEFAULT_INSTANCE.createBuilder();
                        SecurityProto$StorageKey securityProto$StorageKey6 = securityProto$GetStorageKeyResponse.newKey_;
                        if (securityProto$StorageKey6 == null) {
                            securityProto$StorageKey6 = SecurityProto$StorageKey.DEFAULT_INSTANCE;
                        }
                        String str3 = securityProto$StorageKey6.id_;
                        if (!builder4.instance.isMutable()) {
                            builder4.copyOnWriteInternal();
                        }
                        SecurityProto$ConfirmStorageKeyRotationRequest securityProto$ConfirmStorageKeyRotationRequest = (SecurityProto$ConfirmStorageKeyRotationRequest) builder4.instance;
                        str3.getClass();
                        securityProto$ConfirmStorageKeyRotationRequest.newKeyId_ = str3;
                        this.rpcCaller.callTapAndPay("t/security/confirmstoragekeyrotation", (SecurityProto$ConfirmStorageKeyRotationRequest) builder4.build(), SecurityProto$ConfirmStorageKeyRotationResponse.DEFAULT_INSTANCE, new RpcCaller.NoOpCallback());
                        storageKeyProto$StorageKey3 = storageKeyProto$StorageKey6;
                    } catch (TransitBundleDatastore.UnexpectedDbStateException e2) {
                        ((GoogleLogger.Api) ((GoogleLogger.Api) ((GoogleLogger.Api) logger.atWarning()).withCause(e2)).withInjectedLogSite("com/google/commerce/tapandpay/android/security/storagekey/StorageKeyManager", "fetchStorageKey", (char) 130, "StorageKeyManager.java")).log("rotateKeys error");
                    }
                }
            }
            upsertStorageKeyLocally(storageKeyProto$StorageKey3);
        }
    }

    private final void upsertStorageKeyLocally(StorageKeyProto$StorageKey storageKeyProto$StorageKey) {
        StorageKeyProto$EncryptedStorageKey storageKeyProto$EncryptedStorageKey;
        StorageKeyCache storageKeyCache = this.storageKeyCache;
        StorageKeyProto$StorageKey alias = storageKeyCache.setAlias(storageKeyProto$StorageKey);
        storageKeyCache.putInMemoryCache(alias, false);
        SecureHardwareEncryptionUtil secureHardwareEncryptionUtil = storageKeyCache.encryptionUtil;
        Pair encryptInSecureHardware$ar$ds$13677a2d_0 = SecureHardwareEncryptionUtil.encryptInSecureHardware$ar$ds$13677a2d_0(alias.value_.toByteArray());
        if (encryptInSecureHardware$ar$ds$13677a2d_0 == null) {
            storageKeyProto$EncryptedStorageKey = null;
        } else {
            StorageKeyProto$EncryptedStorageKey.Builder builder = (StorageKeyProto$EncryptedStorageKey.Builder) StorageKeyProto$EncryptedStorageKey.DEFAULT_INSTANCE.createBuilder();
            String str = alias.id_;
            if (!builder.instance.isMutable()) {
                builder.copyOnWriteInternal();
            }
            StorageKeyProto$EncryptedStorageKey storageKeyProto$EncryptedStorageKey2 = (StorageKeyProto$EncryptedStorageKey) builder.instance;
            str.getClass();
            storageKeyProto$EncryptedStorageKey2.id_ = str;
            ByteString copyFrom = ByteString.copyFrom((byte[]) encryptInSecureHardware$ar$ds$13677a2d_0.first);
            if (!builder.instance.isMutable()) {
                builder.copyOnWriteInternal();
            }
            ((StorageKeyProto$EncryptedStorageKey) builder.instance).ciphertext_ = copyFrom;
            ByteString copyFrom2 = ByteString.copyFrom((byte[]) encryptInSecureHardware$ar$ds$13677a2d_0.second);
            if (!builder.instance.isMutable()) {
                builder.copyOnWriteInternal();
            }
            ((StorageKeyProto$EncryptedStorageKey) builder.instance).iv_ = copyFrom2;
            storageKeyProto$EncryptedStorageKey = (StorageKeyProto$EncryptedStorageKey) builder.build();
        }
        if (storageKeyProto$EncryptedStorageKey != null) {
            storageKeyCache.keyValueStore.put(storageKeyCache.buildEncryptedStorageKeyKey(), storageKeyProto$EncryptedStorageKey.toByteArray());
        } else {
            storageKeyCache.keyValueStore.remove(storageKeyCache.buildEncryptedStorageKeyKey());
        }
    }

    public final void fetchStorageKey$ar$ds() {
        try {
            if (DeviceAttestation.useAttestationSignalWithoutSafetyNet()) {
                getStorageKey$ar$ds(this.attestationClient.getAttestationSignal());
            } else {
                getStorageKey$ar$ds$f34b01bc_0(this.attestationClient.getAttestationVerdictUsingSafetyNet());
            }
        } catch (RpcCaller.RpcAuthError e) {
        } catch (ServerException e2) {
        } catch (TapAndPayApiException e3) {
            this.attestationClient.checkAndHandleAttestationFailure(e3);
        } catch (IOException e4) {
        }
    }

    public final int fetchStorageKeyWithAttestationSignal(Attestation$AttestationSignal attestation$AttestationSignal) {
        try {
            getStorageKey$ar$ds(attestation$AttestationSignal);
            return 1;
        } catch (RpcCaller.RpcAuthError e) {
            return 2;
        } catch (ServerException e2) {
            return 2;
        } catch (TapAndPayApiException e3) {
            ((GoogleLogger.Api) ((GoogleLogger.Api) ((GoogleLogger.Api) logger.atSevere()).withCause(e3)).withInjectedLogSite("com/google/commerce/tapandpay/android/security/storagekey/StorageKeyManager", "fetchStorageKeyWithAttestationSignal", (char) 237, "StorageKeyManager.java")).log("fetchStorageKeyWithAttestationSignal error");
            if (!this.attestationClient.checkAndHandleAttestationFailure(e3)) {
                return this.attestationClient.checkRetryableAttestationFailure(e3.tapAndPayApiError) ? 4 : 2;
            }
            ((GoogleLogger.Api) ((GoogleLogger.Api) ((GoogleLogger.Api) logger.atSevere()).withCause(e3)).withInjectedLogSite("com/google/commerce/tapandpay/android/security/storagekey/StorageKeyManager", "fetchStorageKeyWithAttestationSignal", (char) 239, "StorageKeyManager.java")).log("Device fails attestation");
            return 3;
        } catch (IOException e4) {
            return 2;
        }
    }

    @Deprecated
    public final void getStorageKey$ar$ds$f34b01bc_0(String str) {
        try {
            this.storageKeyCache.get(false);
        } catch (StorageKeyCache.StorageKeyException e) {
            SecurityProto$GetStorageKeyRequest.Builder builder = (SecurityProto$GetStorageKeyRequest.Builder) SecurityProto$GetStorageKeyRequest.DEFAULT_INSTANCE.createBuilder();
            if (!builder.instance.isMutable()) {
                builder.copyOnWriteInternal();
            }
            SecurityProto$GetStorageKeyRequest securityProto$GetStorageKeyRequest = (SecurityProto$GetStorageKeyRequest) builder.instance;
            str.getClass();
            securityProto$GetStorageKeyRequest.attestationVerdict_ = str;
            SecurityProto$GetStorageKeyResponse securityProto$GetStorageKeyResponse = (SecurityProto$GetStorageKeyResponse) this.rpcCaller.blockingCallTapAndPay("t/security/getstoragekey", (SecurityProto$GetStorageKeyRequest) builder.build(), SecurityProto$GetStorageKeyResponse.DEFAULT_INSTANCE);
            SecurityProto$StorageKey securityProto$StorageKey = securityProto$GetStorageKeyResponse.key_;
            if (securityProto$StorageKey == null) {
                securityProto$StorageKey = SecurityProto$StorageKey.DEFAULT_INSTANCE;
            }
            if (securityProto$StorageKey.value_.size() != 32) {
                throw new IOException("received a storage key with a length not equal to 32.");
            }
            StorageKeyProto$StorageKey.Builder builder2 = (StorageKeyProto$StorageKey.Builder) StorageKeyProto$StorageKey.DEFAULT_INSTANCE.createBuilder();
            SecurityProto$StorageKey securityProto$StorageKey2 = securityProto$GetStorageKeyResponse.key_;
            if (securityProto$StorageKey2 == null) {
                securityProto$StorageKey2 = SecurityProto$StorageKey.DEFAULT_INSTANCE;
            }
            String str2 = securityProto$StorageKey2.id_;
            if (!builder2.instance.isMutable()) {
                builder2.copyOnWriteInternal();
            }
            StorageKeyProto$StorageKey storageKeyProto$StorageKey = (StorageKeyProto$StorageKey) builder2.instance;
            str2.getClass();
            storageKeyProto$StorageKey.id_ = str2;
            SecurityProto$StorageKey securityProto$StorageKey3 = securityProto$GetStorageKeyResponse.key_;
            if (securityProto$StorageKey3 == null) {
                securityProto$StorageKey3 = SecurityProto$StorageKey.DEFAULT_INSTANCE;
            }
            ByteString byteString = securityProto$StorageKey3.value_;
            if (!builder2.instance.isMutable()) {
                builder2.copyOnWriteInternal();
            }
            StorageKeyProto$StorageKey storageKeyProto$StorageKey2 = (StorageKeyProto$StorageKey) builder2.instance;
            byteString.getClass();
            storageKeyProto$StorageKey2.value_ = byteString;
            StorageKeyProto$StorageKey storageKeyProto$StorageKey3 = (StorageKeyProto$StorageKey) builder2.build();
            if (securityProto$GetStorageKeyResponse.newKey_ != null) {
                if (MigrationStateManager.hasClosedLoopHceMigrationStarted(this.context)) {
                    ((GoogleLogger.Api) ((GoogleLogger.Api) logger.atWarning()).withInjectedLogSite("com/google/commerce/tapandpay/android/security/storagekey/StorageKeyManager", "fetchStorageKey", MfiClientException.TYPE_NO_ACCOUNT_INFO, "StorageKeyManager.java")).log("Tried to rotate storage keys mid-migration");
                } else {
                    try {
                        StorageKeyProto$StorageKey.Builder builder3 = (StorageKeyProto$StorageKey.Builder) StorageKeyProto$StorageKey.DEFAULT_INSTANCE.createBuilder();
                        SecurityProto$StorageKey securityProto$StorageKey4 = securityProto$GetStorageKeyResponse.newKey_;
                        if (securityProto$StorageKey4 == null) {
                            securityProto$StorageKey4 = SecurityProto$StorageKey.DEFAULT_INSTANCE;
                        }
                        String str3 = securityProto$StorageKey4.id_;
                        if (!builder3.instance.isMutable()) {
                            builder3.copyOnWriteInternal();
                        }
                        StorageKeyProto$StorageKey storageKeyProto$StorageKey4 = (StorageKeyProto$StorageKey) builder3.instance;
                        str3.getClass();
                        storageKeyProto$StorageKey4.id_ = str3;
                        SecurityProto$StorageKey securityProto$StorageKey5 = securityProto$GetStorageKeyResponse.newKey_;
                        if (securityProto$StorageKey5 == null) {
                            securityProto$StorageKey5 = SecurityProto$StorageKey.DEFAULT_INSTANCE;
                        }
                        ByteString byteString2 = securityProto$StorageKey5.value_;
                        if (!builder3.instance.isMutable()) {
                            builder3.copyOnWriteInternal();
                        }
                        StorageKeyProto$StorageKey storageKeyProto$StorageKey5 = (StorageKeyProto$StorageKey) builder3.instance;
                        byteString2.getClass();
                        storageKeyProto$StorageKey5.value_ = byteString2;
                        StorageKeyProto$StorageKey storageKeyProto$StorageKey6 = (StorageKeyProto$StorageKey) builder3.build();
                        this.transitBundleDatastore.rotateStorageKey(storageKeyProto$StorageKey3, storageKeyProto$StorageKey6);
                        SecurityProto$ConfirmStorageKeyRotationRequest.Builder builder4 = (SecurityProto$ConfirmStorageKeyRotationRequest.Builder) SecurityProto$ConfirmStorageKeyRotationRequest.DEFAULT_INSTANCE.createBuilder();
                        SecurityProto$StorageKey securityProto$StorageKey6 = securityProto$GetStorageKeyResponse.newKey_;
                        if (securityProto$StorageKey6 == null) {
                            securityProto$StorageKey6 = SecurityProto$StorageKey.DEFAULT_INSTANCE;
                        }
                        String str4 = securityProto$StorageKey6.id_;
                        if (!builder4.instance.isMutable()) {
                            builder4.copyOnWriteInternal();
                        }
                        SecurityProto$ConfirmStorageKeyRotationRequest securityProto$ConfirmStorageKeyRotationRequest = (SecurityProto$ConfirmStorageKeyRotationRequest) builder4.instance;
                        str4.getClass();
                        securityProto$ConfirmStorageKeyRotationRequest.newKeyId_ = str4;
                        this.rpcCaller.callTapAndPay("t/security/confirmstoragekeyrotation", (SecurityProto$ConfirmStorageKeyRotationRequest) builder4.build(), SecurityProto$ConfirmStorageKeyRotationResponse.DEFAULT_INSTANCE, new RpcCaller.NoOpCallback());
                        storageKeyProto$StorageKey3 = storageKeyProto$StorageKey6;
                    } catch (TransitBundleDatastore.UnexpectedDbStateException e2) {
                        ((GoogleLogger.Api) ((GoogleLogger.Api) ((GoogleLogger.Api) logger.atWarning()).withCause(e2)).withInjectedLogSite("com/google/commerce/tapandpay/android/security/storagekey/StorageKeyManager", "fetchStorageKey", (char) 178, "StorageKeyManager.java")).log("rotateKeys error");
                    }
                }
            }
            upsertStorageKeyLocally(storageKeyProto$StorageKey3);
        }
    }
}
