package com.google.commerce.tapandpay.android.attestation;

import android.app.Application;
import android.content.pm.PackageManager;
import android.os.SystemClock;
import android.util.Base64;
import android.util.Pair;
import com.felicanetworks.mfc.Felica;
import com.google.android.gms.common.api.Response;
import com.google.android.gms.common.internal.PendingResultUtil;
import com.google.android.gms.droidguard.DroidGuardClient;
import com.google.android.gms.safetynet.SafetyNetApi$AttestationResponse;
import com.google.android.gms.safetynet.SafetyNetApi$AttestationResult;
import com.google.android.gms.safetynet.SafetyNetClient;
import com.google.android.gms.safetynet.internal.SafetyNetApiImpl;
import com.google.android.gms.tasks.Tasks;
import com.google.android.libraries.tapandpay.proto.StorageKeyProto$StorageKeyContainer;
import com.google.commerce.tapandpay.android.accountscope.api.QualifierAnnotations;
import com.google.commerce.tapandpay.android.infrastructure.rpc.ErrorDetailsUtils;
import com.google.commerce.tapandpay.android.infrastructure.rpc.RpcCaller;
import com.google.commerce.tapandpay.android.infrastructure.rpc.TapAndPayApiException;
import com.google.commerce.tapandpay.android.logging.CLog;
import com.google.commerce.tapandpay.android.security.storagekey.StorageKeyBundle;
import com.google.commerce.tapandpay.android.security.storagekey.StorageKeyCache;
import com.google.commerce.tapandpay.android.serverlog.SLog;
import com.google.internal.tapandpay.v1.Common$AttestationErrorDetails;
import com.google.internal.tapandpay.v1.Common$TapAndPayApiError;
import com.google.internal.tapandpay.v1.SecurityProto$GetNonceRequest;
import com.google.internal.tapandpay.v1.SecurityProto$GetNonceResponse;
import com.google.protobuf.GeneratedMessageLite;
import java.io.IOException;
import java.util.ArrayList;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.inject.Inject;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class DeviceAttestationClient {
    public final String accountName;
    private final Application application;
    public final DroidGuardClient droidGuardClient;
    private final RpcCaller rpcCaller;
    private final SafetyNetClient safetyNetClient;
    private final StorageKeyCache storageKeyCache;

    @Inject
    public DeviceAttestationClient(Application application, @QualifierAnnotations.AccountName String str, RpcCaller rpcCaller, StorageKeyCache storageKeyCache, SafetyNetClient safetyNetClient, DroidGuardClient droidGuardClient) {
        this.application = application;
        this.accountName = str;
        this.rpcCaller = rpcCaller;
        this.storageKeyCache = storageKeyCache;
        this.safetyNetClient = safetyNetClient;
        this.droidGuardClient = droidGuardClient;
    }

    public static final boolean checkRetryableAttestationFailure$ar$ds(Common$TapAndPayApiError common$TapAndPayApiError) {
        Common$AttestationErrorDetails common$AttestationErrorDetails;
        if (common$TapAndPayApiError == null || (common$AttestationErrorDetails = (Common$AttestationErrorDetails) ErrorDetailsUtils.getErrorDetailOfType(common$TapAndPayApiError, Common$AttestationErrorDetails.DEFAULT_INSTANCE, 2)) == null) {
            return false;
        }
        Common$AttestationErrorDetails.ErrorCode forNumber = Common$AttestationErrorDetails.ErrorCode.forNumber(common$AttestationErrorDetails.errorCode_);
        if (forNumber == null) {
            forNumber = Common$AttestationErrorDetails.ErrorCode.UNRECOGNIZED;
        }
        return forNumber == Common$AttestationErrorDetails.ErrorCode.ATTESTATION_EXPIRED || forNumber == Common$AttestationErrorDetails.ErrorCode.NONCE_EXPIRED;
    }

    private final Pair<String, byte[]> getAttestationVerdictOnceUsingSafetyNet() {
        byte[] decode;
        try {
            String string = this.application.getPackageManager().getApplicationInfo(this.application.getPackageName(), 128).metaData.getString("com.google.android.gms.safetynet.API_KEY");
            byte[] fetchNonce = fetchNonce();
            if (fetchNonce == null || fetchNonce.length == 0) {
                SLog.log("AppAttestationClient", "Received null nonce from crossbar.", this.accountName);
                throw new IOException("nonce for attestation verdict was null");
            }
            try {
                String jwsResult = ((SafetyNetApi$AttestationResult) ((SafetyNetApi$AttestationResponse) Tasks.await(PendingResultUtil.toResponseTask(SafetyNetApiImpl.attest(this.safetyNetClient.mWrapper, fetchNonce, string), new Response<SafetyNetApi$AttestationResult>() { // from class: com.google.android.gms.safetynet.SafetyNetApi$AttestationResponse
                }), 60L, TimeUnit.SECONDS)).mResult).getJwsResult();
                if (jwsResult == null) {
                    throw new IOException("null attestation verdict returned");
                }
                String[] split = jwsResult.split("\\.");
                int length = split.length;
                if (length != 3) {
                    StringBuilder sb = new StringBuilder(62);
                    sb.append("Wrong number of components in jwt, expected 3, got ");
                    sb.append(length);
                    throw new IOException(sb.toString());
                }
                String str = split[1];
                try {
                    decode = Base64.decode(str, 8);
                } catch (IllegalArgumentException e) {
                    CLog.d("AppAttestationClient", "JWT decoding failed using base64_urlsafe, trying base64_default");
                    decode = Base64.decode(str, 0);
                }
                try {
                    JSONObject jSONObject = new JSONObject(new String(decode));
                    if (jSONObject.has("error")) {
                        throw new IOException("Attestation had internal error");
                    }
                    if (jSONObject.has("nonce")) {
                        return new Pair<>(jwsResult, fetchNonce);
                    }
                    throw new IOException("Attestation result is missing nonce.");
                } catch (JSONException e2) {
                    throw new IOException("Unable to create json object from attestation verdict payload");
                }
            } catch (InterruptedException | ExecutionException | TimeoutException e3) {
                throw new IOException("Attestation failed to return a result", e3);
            }
        } catch (PackageManager.NameNotFoundException e4) {
            throw new RuntimeException(e4);
        }
    }

    public final boolean checkAndHandleAttestationFailure(TapAndPayApiException tapAndPayApiException) {
        Common$AttestationErrorDetails common$AttestationErrorDetails = (Common$AttestationErrorDetails) ErrorDetailsUtils.getErrorDetailOfType(tapAndPayApiException.tapAndPayApiError, Common$AttestationErrorDetails.DEFAULT_INSTANCE, 2);
        if (common$AttestationErrorDetails != null) {
            Common$AttestationErrorDetails.ErrorCode forNumber = Common$AttestationErrorDetails.ErrorCode.forNumber(common$AttestationErrorDetails.errorCode_);
            if (forNumber == null) {
                forNumber = Common$AttestationErrorDetails.ErrorCode.UNRECOGNIZED;
            }
            if (forNumber == Common$AttestationErrorDetails.ErrorCode.ATTESTATION_FAILED) {
                StorageKeyCache storageKeyCache = this.storageKeyCache;
                CLog.d("StorageKeyCache", "Removing storage key");
                StorageKeyBundle bundle = storageKeyCache.getBundle(false);
                String buildAliasForMemoryCache = storageKeyCache.buildAliasForMemoryCache();
                ArrayList arrayList = new ArrayList(bundle.container.storageKeys_);
                arrayList.remove(bundle.getStorageKey(buildAliasForMemoryCache));
                StorageKeyProto$StorageKeyContainer storageKeyProto$StorageKeyContainer = bundle.container;
                GeneratedMessageLite.Builder builder = (GeneratedMessageLite.Builder) storageKeyProto$StorageKeyContainer.dynamicMethod(GeneratedMessageLite.MethodToInvoke.NEW_BUILDER);
                builder.internalMergeFrom$ar$ds$1b16a77c_0(storageKeyProto$StorageKeyContainer);
                StorageKeyProto$StorageKeyContainer.Builder builder2 = (StorageKeyProto$StorageKeyContainer.Builder) builder;
                if (builder2.isBuilt) {
                    builder2.copyOnWriteInternal();
                    builder2.isBuilt = false;
                }
                StorageKeyProto$StorageKeyContainer storageKeyProto$StorageKeyContainer2 = (StorageKeyProto$StorageKeyContainer) builder2.instance;
                StorageKeyProto$StorageKeyContainer storageKeyProto$StorageKeyContainer3 = StorageKeyProto$StorageKeyContainer.DEFAULT_INSTANCE;
                storageKeyProto$StorageKeyContainer2.storageKeys_ = StorageKeyProto$StorageKeyContainer.emptyProtobufList();
                builder2.addAllStorageKeys$ar$ds(arrayList);
                bundle.container = builder2.build();
                storageKeyCache.putBundle(bundle);
                storageKeyCache.keyValueStore.remove(storageKeyCache.buildEncryptedStorageKeyKey());
                return true;
            }
        }
        return false;
    }

    public final byte[] fetchNonce() {
        return ((SecurityProto$GetNonceResponse) this.rpcCaller.blockingCallTapAndPay("t/security/getnonce", SecurityProto$GetNonceRequest.DEFAULT_INSTANCE, SecurityProto$GetNonceResponse.DEFAULT_INSTANCE)).nonce_.toByteArray();
    }

    @Deprecated
    public final String getAttestationVerdictUsingSafetyNet() {
        return (String) getAttestationVerdictWithNonceUsingSafetyNet().first;
    }

    @Deprecated
    public final Pair<String, byte[]> getAttestationVerdictWithNonceUsingSafetyNet() {
        long uptimeMillis = SystemClock.uptimeMillis();
        int i = Felica.DEFAULT_TIMEOUT;
        while (true) {
            try {
                CLog.d("AppAttestationClient", "Attempting attestation");
                Pair<String, byte[]> attestationVerdictOnceUsingSafetyNet = getAttestationVerdictOnceUsingSafetyNet();
                CLog.d("AppAttestationClient", "Attestation succeeded");
                return attestationVerdictOnceUsingSafetyNet;
            } catch (IOException e) {
                if (SystemClock.uptimeMillis() > 10000 + uptimeMillis) {
                    CLog.dfmt("AppAttestationClient", e, "Waiting for attestation failed, giving up: %sms", Integer.valueOf(i));
                    throw e;
                }
                CLog.dfmt("AppAttestationClient", e, "Waiting for attestation failed, sleeping: %sms", Integer.valueOf(i));
                SystemClock.sleep(i);
                i += i;
            }
        }
    }
}
