package com.offerup.android.attestation.google;

import android.text.TextUtils;
import android.util.Base64;
import com.google.android.gms.common.GoogleApiAvailability;
import com.google.android.gms.common.api.ApiException;
import com.google.android.gms.safetynet.SafetyNet;
import com.google.android.gms.safetynet.SafetyNetApi;
import com.google.android.gms.safetynet.SafetyNetClient;
import com.google.android.gms.tasks.OnFailureListener;
import com.google.android.gms.tasks.OnSuccessListener;
import com.google.gson.Gson;
import com.offerup.R;
import com.offerup.android.application.OfferUpApplication;
import com.offerup.android.attestation.DeviceAttestationCallback;
import com.offerup.android.attestation.DeviceAttestor;
import com.offerup.android.attestation.DeviceState;
import com.offerup.android.dagger.ApplicationScope;
import com.offerup.android.dto.ErrorResponse;
import com.offerup.android.gating.GateHelper;
import com.offerup.android.network.handler.ErrorHandler;
import com.offerup.android.network.handler.OfferUpNetworkErrorPolicy;
import com.offerup.android.network.observables.OfferUpNetworkObservable;
import com.offerup.android.network.observables.OfferUpNetworkSubscriber;
import com.offerup.android.utils.PlayServicesHelper;
import com.offerup.android.utils.ResourceProvider;
import com.pugetworks.android.utils.LogHelper;
import dagger.Provides;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import javax.inject.Named;
import retrofit2.Retrofit;
import retrofit2.http.Body;
import retrofit2.http.POST;
import retrofit2.http.Query;

/* loaded from: classes2.dex */
public class GoogleDeviceAttestor implements DeviceAttestor {
    private final GateHelper gateHelper;
    private final GoogleApiAvailability googleApiAvailability;
    private Gson mGson = new Gson();
    SafetyNetOnFailureListener mSafetyNetOnFailureListener;
    SafetyNetOnSuccessListener mSafetyNetOnSuccessListener;
    private OfferUpNetworkSubscriber<AttestationVerificationResponse> mSubscriber;
    private PlayServicesHelper playServicesHelper;
    private ResourceProvider resourceProvider;
    private final SafetyNetClient safetyNet;
    private final VerificationService verificationService;

    @dagger.Module
    /* loaded from: classes2.dex */
    public static class Module {
        /* JADX INFO: Access modifiers changed from: package-private */
        @Provides
        @ApplicationScope
        public VerificationService provideVerificationService(@Named("attestation") Retrofit retrofit) {
            return (VerificationService) retrofit.create(VerificationService.class);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Provides
        @ApplicationScope
        public DeviceAttestor providesDeviceAttestor(OfferUpApplication offerUpApplication, VerificationService verificationService, GateHelper gateHelper, ResourceProvider resourceProvider) {
            return new GoogleDeviceAttestor(new PlayServicesHelper(offerUpApplication), verificationService, GoogleApiAvailability.getInstance(), SafetyNet.getClient(offerUpApplication), gateHelper, resourceProvider);
        }
    }

    /* loaded from: classes2.dex */
    class SafetyNetOnFailureListener implements OnFailureListener {
        private DeviceAttestationCallback deviceAttestationCallback;

        SafetyNetOnFailureListener(DeviceAttestationCallback deviceAttestationCallback) {
            this.deviceAttestationCallback = deviceAttestationCallback;
        }

        @Override // com.google.android.gms.tasks.OnFailureListener
        public void onFailure(Exception exc) {
            if (exc instanceof ApiException) {
                ApiException apiException = (ApiException) exc;
                LogHelper.e(GoogleDeviceAttestor.class, String.format("Unable to attest device, code: %s, message: %s", Integer.valueOf(apiException.getStatusCode()), apiException.getStatusMessage()));
            } else {
                LogHelper.e(GoogleDeviceAttestor.class, exc);
            }
            GoogleDeviceAttestor.this.notifyCallback(this.deviceAttestationCallback, DeviceState.Integrity.UNKNOWN, false);
        }
    }

    /* loaded from: classes2.dex */
    class SafetyNetOnSuccessListener implements OnSuccessListener<SafetyNetApi.AttestationResponse> {
        private DeviceAttestationCallback deviceAttestationCallback;

        SafetyNetOnSuccessListener(DeviceAttestationCallback deviceAttestationCallback) {
            this.deviceAttestationCallback = deviceAttestationCallback;
        }

        @Override // com.google.android.gms.tasks.OnSuccessListener
        public void onSuccess(SafetyNetApi.AttestationResponse attestationResponse) {
            String jwsResult = attestationResponse.getJwsResult();
            if (TextUtils.isEmpty(jwsResult)) {
                GoogleDeviceAttestor.this.notifyCallback(this.deviceAttestationCallback, DeviceState.Integrity.UNKNOWN, false);
            } else if (GoogleDeviceAttestor.this.gateHelper.isAttestationOnlineVerificationEnabled()) {
                GoogleDeviceAttestor.this.verifyOnline(jwsResult, this.deviceAttestationCallback);
            } else {
                GoogleDeviceAttestor.this.decodeAndNotify(jwsResult, this.deviceAttestationCallback, false);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public interface VerificationService {
        @POST("verify")
        OfferUpNetworkObservable<AttestationVerificationResponse> verifyJWS(@Body JWSVerificationPayload jWSVerificationPayload, @Query("key") String str);
    }

    GoogleDeviceAttestor(PlayServicesHelper playServicesHelper, VerificationService verificationService, GoogleApiAvailability googleApiAvailability, SafetyNetClient safetyNetClient, GateHelper gateHelper, ResourceProvider resourceProvider) {
        this.playServicesHelper = playServicesHelper;
        this.verificationService = verificationService;
        this.googleApiAvailability = googleApiAvailability;
        this.safetyNet = safetyNetClient;
        this.gateHelper = gateHelper;
        this.resourceProvider = resourceProvider;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void decodeAndNotify(String str, DeviceAttestationCallback deviceAttestationCallback, boolean z) {
        notifyCallback(deviceAttestationCallback, disambiguateIntegrity(decodeJWS(str)), z);
    }

    private JWSResponse decodeJWS(String str) {
        return (JWSResponse) this.mGson.fromJson(new String(Base64.decode(str.split("[.]")[1], 0), StandardCharsets.UTF_8), JWSResponse.class);
    }

    private DeviceState.Integrity disambiguateIntegrity(JWSResponse jWSResponse) {
        if (jWSResponse == null) {
            return DeviceState.Integrity.UNKNOWN;
        }
        boolean isBasicIntegrity = jWSResponse.isBasicIntegrity();
        boolean isCtsProfileMatch = jWSResponse.isCtsProfileMatch();
        return (isCtsProfileMatch && isBasicIntegrity) ? DeviceState.Integrity.GENUINE_CERTIFIED : isCtsProfileMatch ? DeviceState.Integrity.INGENUINE_CERTIFIED : isBasicIntegrity ? DeviceState.Integrity.GENUINE_UNCERTIFIED : DeviceState.Integrity.INGENUINE_UNCERTIFIED;
    }

    private byte[] generateNonce() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void notifyCallback(DeviceAttestationCallback deviceAttestationCallback, DeviceState.Integrity integrity, boolean z) {
        deviceAttestationCallback.onAttestation(DeviceState.create(integrity, z));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void verifyOnline(final String str, final DeviceAttestationCallback deviceAttestationCallback) {
        JWSVerificationPayload jWSVerificationPayload = new JWSVerificationPayload();
        jWSVerificationPayload.setSignedAttestation(str);
        OfferUpNetworkErrorPolicy build = new OfferUpNetworkErrorPolicy.Builder().setDefaultThrowableErrorHandler(new ErrorHandler() { // from class: com.offerup.android.attestation.google.-$$Lambda$GoogleDeviceAttestor$EonOgui_jjrbPYwkm5UXUjztYgQ
            @Override // com.offerup.android.network.handler.ErrorHandler
            public final void onErrorResponse(Object obj) {
                GoogleDeviceAttestor.this.lambda$verifyOnline$0$GoogleDeviceAttestor(str, deviceAttestationCallback, (Throwable) obj);
            }
        }).setDefaultResponseErrorHandler(new ErrorHandler() { // from class: com.offerup.android.attestation.google.-$$Lambda$GoogleDeviceAttestor$T1WwNlx13nQ-_AGS3lWzHx3DNTQ
            @Override // com.offerup.android.network.handler.ErrorHandler
            public final void onErrorResponse(Object obj) {
                GoogleDeviceAttestor.this.lambda$verifyOnline$1$GoogleDeviceAttestor(str, deviceAttestationCallback, (ErrorResponse) obj);
            }
        }).build();
        OfferUpNetworkSubscriber<AttestationVerificationResponse> offerUpNetworkSubscriber = this.mSubscriber;
        if (offerUpNetworkSubscriber != null) {
            offerUpNetworkSubscriber.unsubscribe();
        }
        this.mSubscriber = new OfferUpNetworkSubscriber<AttestationVerificationResponse>(build) { // from class: com.offerup.android.attestation.google.GoogleDeviceAttestor.1
            @Override // com.offerup.android.network.observables.OfferUpNetworkSubscriber, com.offerup.android.network.observables.INetworkSubscriber
            public void onCompleted() {
            }

            @Override // com.offerup.android.network.calls.INetworkCallback
            public void onSuccess(AttestationVerificationResponse attestationVerificationResponse) {
                GoogleDeviceAttestor.this.decodeAndNotify(str, deviceAttestationCallback, attestationVerificationResponse.isValidSignature());
            }
        };
        this.verificationService.verifyJWS(jWSVerificationPayload, this.resourceProvider.getString(R.string.safety_net_api_key)).async().subscribe(this.mSubscriber);
    }

    @Override // com.offerup.android.attestation.DeviceAttestor
    public void attestDevice(DeviceAttestationCallback deviceAttestationCallback) {
        if (this.playServicesHelper.isGooglePlayServicesAvailable() != 0) {
            notifyCallback(deviceAttestationCallback, DeviceState.Integrity.UNKNOWN, false);
            return;
        }
        if (this.mSafetyNetOnSuccessListener == null) {
            this.mSafetyNetOnSuccessListener = new SafetyNetOnSuccessListener(deviceAttestationCallback);
        }
        if (this.mSafetyNetOnFailureListener == null) {
            this.mSafetyNetOnFailureListener = new SafetyNetOnFailureListener(deviceAttestationCallback);
        }
        this.safetyNet.attest(generateNonce(), this.resourceProvider.getString(R.string.safety_net_api_key)).addOnSuccessListener(this.mSafetyNetOnSuccessListener).addOnFailureListener(this.mSafetyNetOnFailureListener);
    }

    public /* synthetic */ void lambda$verifyOnline$0$GoogleDeviceAttestor(String str, DeviceAttestationCallback deviceAttestationCallback, Throwable th) {
        LogHelper.e(GoogleDeviceAttestor.class, th);
        decodeAndNotify(str, deviceAttestationCallback, false);
    }

    public /* synthetic */ void lambda$verifyOnline$1$GoogleDeviceAttestor(String str, DeviceAttestationCallback deviceAttestationCallback, ErrorResponse errorResponse) {
        decodeAndNotify(str, deviceAttestationCallback, false);
    }
}
