package com.amazon.enterprise.access.android.data.pdm;

import com.amazon.enterprise.access.android.net.BinaryRequestHelper;
import com.amazon.enterprise.access.android.net.ServerErrorException;
import com.amazon.enterprise.access.android.shared.data.preferences.PreferencesHelper;
import com.amazon.enterprise.access.android.shared.utils.Logger;
import com.amazon.enterprise.access.android.shared.utils.NtpClientWrapper;
import com.amazon.enterprise.access.android.utils.CertificateUtils;
import com.amazon.enterprise.access.android.utils.Constants;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Security;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.Set;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.SetsKt__SetsJVMKt;
import kotlin.collections.SetsKt__SetsKt;
import kotlin.coroutines.Continuation;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.MediaType;
import okhttp3.RequestBody;
import okhttp3.ResponseBody;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import retrofit2.Call;
import retrofit2.http.Body;
import retrofit2.http.GET;
import retrofit2.http.Headers;
import retrofit2.http.POST;

/* compiled from: ScepClientImpl.kt */
@Metadata(d1 = {"\u0000\u0086\u0001\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010!\n\u0002\b\b\n\u0002\u0010\u0002\n\u0002\b\n\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\t\n\u0002\u0010\t\n\u0002\b\u0002\n\u0002\u0010\u0006\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\t\u0018\u00002\u00020\u0001:\u0001JB%\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t¢\u0006\u0002\u0010\nJ\u0016\u0010\u0015\u001a\u00020\u00122\u0006\u0010\u0016\u001a\u00020\u0017H\u0082@¢\u0006\u0002\u0010\u0018J\u0016\u0010\u0019\u001a\u00020\u001a2\f\u0010\u001b\u001a\b\u0012\u0004\u0012\u00020\u00120\u001cH\u0002J\u001e\u0010\u001d\u001a\u00020\u00172\u0006\u0010\u001e\u001a\u00020\f2\u0006\u0010\u001f\u001a\u00020\u0012H\u0096@¢\u0006\u0002\u0010 J\u001c\u0010!\u001a\b\u0012\u0004\u0012\u00020\u00120\u001c2\u0006\u0010\"\u001a\u00020\u0017H\u0082@¢\u0006\u0002\u0010\u0018J\u0016\u0010#\u001a\u00020\u00122\u0006\u0010\"\u001a\u00020\u0017H\u0082@¢\u0006\u0002\u0010\u0018J\u0016\u0010$\u001a\u00020%2\u0006\u0010&\u001a\u00020\fH\u0082@¢\u0006\u0002\u0010'J\u0016\u0010(\u001a\u00020\u001a2\u0006\u0010)\u001a\u00020\fH\u0096@¢\u0006\u0002\u0010'J&\u0010*\u001a\u00020\u00122\u0006\u0010+\u001a\u00020\u00172\u0006\u0010,\u001a\u00020\u001a2\u0006\u0010)\u001a\u00020\fH\u0096@¢\u0006\u0002\u0010-J\u0014\u0010.\u001a\u00020%2\n\u0010/\u001a\u000600j\u0002`1H\u0002J\u0016\u00102\u001a\u00020\u001a2\f\u0010\u001b\u001a\b\u0012\u0004\u0012\u00020\u00120\u001cH\u0002J\u0016\u00103\u001a\u00020\u00172\u0006\u0010)\u001a\u00020\fH\u0082@¢\u0006\u0002\u0010'J\u001e\u00104\u001a\u00020\u00172\u0006\u0010+\u001a\u00020\u00172\u0006\u0010)\u001a\u00020\fH\u0082@¢\u0006\u0002\u00105J\u001e\u00106\u001a\u00020\u00172\u0006\u00107\u001a\u00020\u00172\u0006\u0010&\u001a\u00020\fH\u0096@¢\u0006\u0002\u00105JT\u00108\u001a\u00020\u00172\b\b\u0002\u00109\u001a\u00020\u00102\b\b\u0002\u0010:\u001a\u00020;2\b\b\u0002\u0010<\u001a\u00020;2\b\b\u0002\u0010=\u001a\u00020>2\u001c\u0010?\u001a\u0018\b\u0001\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00170A\u0012\u0006\u0012\u0004\u0018\u00010B0@H\u0082@¢\u0006\u0002\u0010CJ\u0016\u0010D\u001a\u00020%2\f\u0010\u001b\u001a\b\u0012\u0004\u0012\u00020\u00120\u001cH\u0002J\u001e\u0010E\u001a\u00020%2\u0006\u0010F\u001a\u00020\u00122\u0006\u0010,\u001a\u00020\u001aH\u0082@¢\u0006\u0002\u0010GJ\u001e\u0010H\u001a\u00020%2\u0006\u0010\"\u001a\u00020\u00172\u0006\u0010\u001f\u001a\u00020\u0012H\u0082@¢\u0006\u0002\u0010IR\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u000b\u001a\u00020\fX\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\r\u001a\u00020\u000eX\u0082.¢\u0006\u0002\n\u0000R\u000e\u0010\u000f\u001a\u00020\u0010X\u0082D¢\u0006\u0002\n\u0000R\u000e\u0010\u0011\u001a\u00020\u0012X\u0082.¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u0016\u0010\u0013\u001a\n \u0014*\u0004\u0018\u00010\f0\fX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006K"}, d2 = {"Lcom/amazon/enterprise/access/android/data/pdm/ScepClientImpl;", "Lcom/amazon/enterprise/access/android/data/pdm/ScepClient;", "binaryRequestHelper", "Lcom/amazon/enterprise/access/android/net/BinaryRequestHelper;", "certificateConverter", "Lcom/amazon/enterprise/access/android/data/pdm/CertificateConverter;", "scepService", "Lcom/amazon/enterprise/access/android/data/pdm/ScepClientImpl$ScepService;", "preferencesHelper", "Lcom/amazon/enterprise/access/android/shared/data/preferences/PreferencesHelper;", "(Lcom/amazon/enterprise/access/android/net/BinaryRequestHelper;Lcom/amazon/enterprise/access/android/data/pdm/CertificateConverter;Lcom/amazon/enterprise/access/android/data/pdm/ScepClientImpl$ScepService;Lcom/amazon/enterprise/access/android/shared/data/preferences/PreferencesHelper;)V", "csrSignatureAlgorithm", "", "pdmCommKeyPair", "Ljava/security/KeyPair;", "pdmCommKeySize", "", "pdmCommSelfSigningCert", "Ljava/security/cert/X509Certificate;", "tag", "kotlin.jvm.PlatformType", "decryptContainer", "data", "", "([BLkotlin/coroutines/Continuation;)Ljava/lang/Object;", "dissectCaraCerts", "Lcom/amazon/enterprise/access/android/data/pdm/CaraCertificatesWrapper;", "certs", "", "encryptCsr", "scepCsr", "cert", "(Ljava/lang/String;Ljava/security/cert/X509Certificate;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "extractCertificates", "certContainer", "extractDeviceIdentityCertificates", "generatePdmCommKeypair", "", "uuid", "(Ljava/lang/String;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "getCaraCert", "scepBaseUrl", "getDeviceIdentityCert", "requestBody", "caraCertWrapper", "([BLcom/amazon/enterprise/access/android/data/pdm/CaraCertificatesWrapper;Ljava/lang/String;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "handleCaraCertRequestExceptions", "ex", "Ljava/lang/Exception;", "Lkotlin/Exception;", "identifyCaraCert", "requestCaraCert", "requestDeviceIdentityCert", "([BLjava/lang/String;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "signCsr", "encryptedCsr", "tryRequestCaraCert", "times", "initialDelay", "", "maxDelay", "factor", "", "makeRequest", "Lkotlin/Function1;", "Lkotlin/coroutines/Continuation;", "", "(IJJDLkotlin/jvm/functions/Function1;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "validateCertsCount", "verifyCertificateChain", "deviceIdCert", "(Ljava/security/cert/X509Certificate;Lcom/amazon/enterprise/access/android/data/pdm/CaraCertificatesWrapper;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "verifySignature", "([BLjava/security/cert/X509Certificate;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "ScepService", "ForesAndroid_prodRelease"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes.dex */
public final class ScepClientImpl implements ScepClient {
    private final BinaryRequestHelper binaryRequestHelper;
    private final CertificateConverter certificateConverter;
    private final String csrSignatureAlgorithm;
    private KeyPair pdmCommKeyPair;
    private final int pdmCommKeySize;
    private X509Certificate pdmCommSelfSigningCert;
    private final PreferencesHelper preferencesHelper;
    private final ScepService scepService;
    private final String tag;

    /* compiled from: ScepClientImpl.kt */
    @Metadata(d1 = {"\u0000\u001c\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\bf\u0018\u00002\u00020\u0001J\u000e\u0010\u0002\u001a\b\u0012\u0004\u0012\u00020\u00040\u0003H'J\u0018\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00040\u00032\b\b\u0001\u0010\u0006\u001a\u00020\u0007H'¨\u0006\b"}, d2 = {"Lcom/amazon/enterprise/access/android/data/pdm/ScepClientImpl$ScepService;", "", "getCaCert", "Lretrofit2/Call;", "Lokhttp3/ResponseBody;", "postDeviceIdCert", "body", "Lokhttp3/RequestBody;", "ForesAndroid_prodRelease"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes.dex */
    public interface ScepService {
        @GET("profile/scep?operation=GetCACert")
        Call<ResponseBody> getCaCert();

        @Headers({"Content-Type:application/x-pki-message"})
        @POST("profile/scep?operation=PKIOperation")
        Call<ResponseBody> postDeviceIdCert(@Body RequestBody body);
    }

    public ScepClientImpl(BinaryRequestHelper binaryRequestHelper, CertificateConverter certificateConverter, ScepService scepService, PreferencesHelper preferencesHelper) {
        Intrinsics.checkNotNullParameter(binaryRequestHelper, "binaryRequestHelper");
        Intrinsics.checkNotNullParameter(certificateConverter, "certificateConverter");
        Intrinsics.checkNotNullParameter(scepService, "scepService");
        Intrinsics.checkNotNullParameter(preferencesHelper, "preferencesHelper");
        this.binaryRequestHelper = binaryRequestHelper;
        this.certificateConverter = certificateConverter;
        this.scepService = scepService;
        this.preferencesHelper = preferencesHelper;
        Security.addProvider(new BouncyCastleProvider());
        this.tag = ScepClientImpl.class.getSimpleName();
        this.csrSignatureAlgorithm = "SHA256withRSA";
        this.pdmCommKeySize = 4096;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Removed duplicated region for block: B:19:0x0106 A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:20:0x0107  */
    /* JADX WARN: Removed duplicated region for block: B:22:0x0055  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0027  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.lang.Object decryptContainer(byte[] r11, kotlin.coroutines.Continuation<? super java.security.cert.X509Certificate> r12) {
        /*
            Method dump skipped, instructions count: 265
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.enterprise.access.android.data.pdm.ScepClientImpl.decryptContainer(byte[], kotlin.coroutines.Continuation):java.lang.Object");
    }

    private final CaraCertificatesWrapper dissectCaraCerts(List<X509Certificate> certs) {
        validateCertsCount(certs);
        return identifyCaraCert(certs);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Object extractCertificates(byte[] bArr, Continuation<? super List<X509Certificate>> continuation) {
        ArrayList arrayList = new ArrayList();
        try {
            Collection<X509CertificateHolder> matches = new CMSSignedData(bArr).getCertificates().getMatches(null);
            Logger.Companion companion = Logger.f4347a;
            String tag = this.tag;
            Intrinsics.checkNotNullExpressionValue(tag, "tag");
            companion.c(tag, "Cert Container contains " + matches.size() + " certHolders");
            CertificateFactory certificateFactory = new CertificateFactory();
            String tag2 = this.tag;
            Intrinsics.checkNotNullExpressionValue(tag2, "tag");
            companion.c(tag2, "Extracting certs from certHolders");
            for (X509CertificateHolder x509CertificateHolder : matches) {
                Intrinsics.checkNotNull(x509CertificateHolder, "null cannot be cast to non-null type org.bouncycastle.cert.X509CertificateHolder");
                Certificate engineGenerateCertificate = certificateFactory.engineGenerateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()));
                Intrinsics.checkNotNull(engineGenerateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
                arrayList.add((X509Certificate) engineGenerateCertificate);
            }
            Logger.Companion companion2 = Logger.f4347a;
            String tag3 = this.tag;
            Intrinsics.checkNotNullExpressionValue(tag3, "tag");
            companion2.c(tag3, "Certificate extraction done");
        } catch (CMSException e2) {
            Logger.Companion companion3 = Logger.f4347a;
            String tag4 = this.tag;
            Intrinsics.checkNotNullExpressionValue(tag4, "tag");
            companion3.c(tag4, "Invalid certificate container found: " + e2);
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Object extractDeviceIdentityCertificates(byte[] bArr, Continuation<? super X509Certificate> continuation) {
        Object content = new CMSSignedData(bArr).getSignedContent().getContent();
        Intrinsics.checkNotNull(content, "null cannot be cast to non-null type kotlin.ByteArray");
        return decryptContainer((byte[]) content, continuation);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Object generatePdmCommKeypair(String str, Continuation<? super Unit> continuation) {
        Logger.Companion companion = Logger.f4347a;
        String tag = this.tag;
        Intrinsics.checkNotNullExpressionValue(tag, "tag");
        companion.c(tag, "Generating KeyMaterial for PDM SCEP Communication");
        Security.addProvider(new BouncyCastleProvider());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(this.pdmCommKeySize);
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        Intrinsics.checkNotNullExpressionValue(genKeyPair, "genKeyPair(...)");
        this.pdmCommKeyPair = genKeyPair;
        X500Name x500Name = new X500Name("CN=" + str + ",O=Amazon.com Inc.,L=Seattle,OU=AWS,ST=Washington,C=US");
        BigInteger valueOf = BigInteger.valueOf(1L);
        NtpClientWrapper.Companion companion2 = NtpClientWrapper.f4363a;
        Date date = new Date(companion2.b());
        Date date2 = new Date(companion2.b() + Constants.Pdm.TEN_MINUTES_IN_MILLISECONDS);
        KeyPair keyPair = this.pdmCommKeyPair;
        KeyPair keyPair2 = null;
        if (keyPair == null) {
            Intrinsics.throwUninitializedPropertyAccessException("pdmCommKeyPair");
            keyPair = null;
        }
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, valueOf, date, date2, x500Name, keyPair.getPublic());
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(this.csrSignatureAlgorithm);
        KeyPair keyPair3 = this.pdmCommKeyPair;
        if (keyPair3 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("pdmCommKeyPair");
        } else {
            keyPair2 = keyPair3;
        }
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(jcaContentSignerBuilder.build(keyPair2.getPrivate())));
        Intrinsics.checkNotNullExpressionValue(certificate, "getCertificate(...)");
        this.pdmCommSelfSigningCert = certificate;
        return Unit.INSTANCE;
    }

    private final void handleCaraCertRequestExceptions(Exception ex) {
        if (!(ex instanceof ServerErrorException)) {
            Logger.Companion companion = Logger.f4347a;
            String tag = this.tag;
            Intrinsics.checkNotNullExpressionValue(tag, "tag");
            companion.c(tag, "CA RA cert request failed with unrecoverable exception: " + ex.getMessage());
            throw new CaraCertRequestFailureException(ex.getMessage());
        }
        Logger.Companion companion2 = Logger.f4347a;
        String tag2 = this.tag;
        Intrinsics.checkNotNullExpressionValue(tag2, "tag");
        companion2.c(tag2, "CA RA cert request failed: " + ex.getMessage());
        String tag3 = this.tag;
        Intrinsics.checkNotNullExpressionValue(tag3, "tag");
        companion2.c(tag3, "Retrying");
    }

    private final CaraCertificatesWrapper identifyCaraCert(List<X509Certificate> certs) {
        X509Certificate x509Certificate = null;
        X509Certificate x509Certificate2 = null;
        X509Certificate x509Certificate3 = null;
        for (X509Certificate x509Certificate4 : certs) {
            if (x509Certificate4.getBasicConstraints() == 1) {
                x509Certificate = x509Certificate4;
            } else if (x509Certificate4.getBasicConstraints() == 0) {
                x509Certificate2 = x509Certificate4;
            } else {
                x509Certificate3 = x509Certificate4;
            }
        }
        if (x509Certificate == null || x509Certificate2 == null || x509Certificate3 == null) {
            throw new CertMissingException("Certificates received does not contain both CA, intermediate CA and RA cert");
        }
        return new CaraCertificatesWrapper(x509Certificate, x509Certificate2, x509Certificate3);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Object requestCaraCert(String str, Continuation<? super byte[]> continuation) {
        String format = String.format(Constants.Pdm.SCEP_GET_CA_CERT_URL, Arrays.copyOf(new Object[]{str}, 1));
        Intrinsics.checkNotNullExpressionValue(format, "format(...)");
        return tryRequestCaraCert$default(this, 0, 0L, 0L, 0.0d, new ScepClientImpl$requestCaraCert$2(this, format, null), continuation, 15, null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Object requestDeviceIdentityCert(byte[] bArr, String str, Continuation<? super byte[]> continuation) {
        String format = String.format(Constants.Pdm.SCEP_GET_DEVICE_ID_CERT_URL, Arrays.copyOf(new Object[]{str}, 1));
        Intrinsics.checkNotNullExpressionValue(format, "format(...)");
        RequestBody create = RequestBody.create(MediaType.parse("application/octet-stream"), bArr);
        BinaryRequestHelper binaryRequestHelper = this.binaryRequestHelper;
        int value = Constants.HttpMethod.POST.getValue();
        ScepService scepService = this.scepService;
        Intrinsics.checkNotNull(create);
        return binaryRequestHelper.a(value, format, scepService.postDeviceIdCert(create), continuation);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Removed duplicated region for block: B:20:0x00f0  */
    /* JADX WARN: Removed duplicated region for block: B:23:0x0097 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:33:0x00dd A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:39:0x007b  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x002b  */
    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:32:0x00db -> B:17:0x0056). Please report as a decompilation issue!!! */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.lang.Object tryRequestCaraCert(int r20, long r21, long r23, double r25, kotlin.jvm.functions.Function1<? super kotlin.coroutines.Continuation<? super byte[]>, ? extends java.lang.Object> r27, kotlin.coroutines.Continuation<? super byte[]> r28) {
        /*
            Method dump skipped, instructions count: 258
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.enterprise.access.android.data.pdm.ScepClientImpl.tryRequestCaraCert(int, long, long, double, kotlin.jvm.functions.Function1, kotlin.coroutines.Continuation):java.lang.Object");
    }

    static /* synthetic */ Object tryRequestCaraCert$default(ScepClientImpl scepClientImpl, int i2, long j2, long j3, double d2, Function1 function1, Continuation continuation, int i3, Object obj) {
        return scepClientImpl.tryRequestCaraCert((i3 & 1) != 0 ? 3 : i2, (i3 & 2) != 0 ? 1000L : j2, (i3 & 4) != 0 ? 5000L : j3, (i3 & 8) != 0 ? 2.0d : d2, function1, continuation);
    }

    private final void validateCertsCount(List<X509Certificate> certs) {
        if (certs.size() != 3) {
            throw new CertMissingException("CA RA cert request did not return 3 certs");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Object verifyCertificateChain(X509Certificate x509Certificate, CaraCertificatesWrapper caraCertificatesWrapper, Continuation<? super Unit> continuation) {
        Set of;
        Set of2;
        try {
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(x509Certificate);
            of = SetsKt__SetsJVMKt.setOf(new TrustAnchor(caraCertificatesWrapper.getCaCert(), null));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters((Set<TrustAnchor>) of, x509CertSelector);
            of2 = SetsKt__SetsKt.setOf((Object[]) new X509Certificate[]{x509Certificate, caraCertificatesWrapper.getIntermediateCert()});
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(of2), BouncyCastleProvider.PROVIDER_NAME));
            pKIXBuilderParameters.setRevocationEnabled(false);
            CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME).build(pKIXBuilderParameters);
            Logger.Companion companion = Logger.f4347a;
            String tag = this.tag;
            Intrinsics.checkNotNullExpressionValue(tag, "tag");
            companion.c(tag, "Certificate chain verified successfully");
            return Unit.INSTANCE;
        } catch (CertPathBuilderException e2) {
            throw new InvalidDeviceCertificateException("Invalid deviceIdentity Certificate: Certificate chain verification failed: " + e2.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Object verifySignature(byte[] bArr, X509Certificate x509Certificate, Continuation<? super Unit> continuation) {
        Logger.Companion companion = Logger.f4347a;
        String tag = this.tag;
        Intrinsics.checkNotNullExpressionValue(tag, "tag");
        companion.c(tag, "Verifying signature for cert container");
        if (!new CMSSignedData(bArr).getSignerInfos().getSigners().iterator().next().verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(new BouncyCastleProvider()).build(x509Certificate)) || !CertificateUtils.INSTANCE.validateAlgorithmIdentifier(x509Certificate)) {
            throw new InvalidSignatureException("Certificate signature not valid");
        }
        String tag2 = this.tag;
        Intrinsics.checkNotNullExpressionValue(tag2, "tag");
        companion.c(tag2, "Signature for device id cert container succeeded");
        return Unit.INSTANCE;
    }

    /* JADX WARN: Removed duplicated region for block: B:19:0x0087 A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:20:0x0088  */
    /* JADX WARN: Removed duplicated region for block: B:21:0x0057  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0026  */
    @Override // com.amazon.enterprise.access.android.data.pdm.ScepClient
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.Object encryptCsr(java.lang.String r7, java.security.cert.X509Certificate r8, kotlin.coroutines.Continuation<? super byte[]> r9) {
        /*
            Method dump skipped, instructions count: 261
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.enterprise.access.android.data.pdm.ScepClientImpl.encryptCsr(java.lang.String, java.security.cert.X509Certificate, kotlin.coroutines.Continuation):java.lang.Object");
    }

    /* JADX WARN: Removed duplicated region for block: B:19:0x005a A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:20:0x0040  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0024  */
    @Override // com.amazon.enterprise.access.android.data.pdm.ScepClient
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.Object getCaraCert(java.lang.String r6, kotlin.coroutines.Continuation<? super com.amazon.enterprise.access.android.data.pdm.CaraCertificatesWrapper> r7) {
        /*
            r5 = this;
            boolean r0 = r7 instanceof com.amazon.enterprise.access.android.data.pdm.ScepClientImpl$getCaraCert$1
            if (r0 == 0) goto L13
            r0 = r7
            com.amazon.enterprise.access.android.data.pdm.ScepClientImpl$getCaraCert$1 r0 = (com.amazon.enterprise.access.android.data.pdm.ScepClientImpl$getCaraCert$1) r0
            int r1 = r0.label
            r2 = -2147483648(0xffffffff80000000, float:-0.0)
            r3 = r1 & r2
            if (r3 == 0) goto L13
            int r1 = r1 - r2
            r0.label = r1
            goto L18
        L13:
            com.amazon.enterprise.access.android.data.pdm.ScepClientImpl$getCaraCert$1 r0 = new com.amazon.enterprise.access.android.data.pdm.ScepClientImpl$getCaraCert$1
            r0.<init>(r5, r7)
        L18:
            java.lang.Object r7 = r0.result
            java.lang.Object r1 = kotlin.coroutines.intrinsics.IntrinsicsKt.getCOROUTINE_SUSPENDED()
            int r2 = r0.label
            r3 = 2
            r4 = 1
            if (r2 == 0) goto L40
            if (r2 == r4) goto L38
            if (r2 != r3) goto L30
            java.lang.Object r5 = r0.L$0
            com.amazon.enterprise.access.android.data.pdm.ScepClientImpl r5 = (com.amazon.enterprise.access.android.data.pdm.ScepClientImpl) r5
            kotlin.ResultKt.throwOnFailure(r7)
            goto L5b
        L30:
            java.lang.IllegalStateException r5 = new java.lang.IllegalStateException
            java.lang.String r6 = "call to 'resume' before 'invoke' with coroutine"
            r5.<init>(r6)
            throw r5
        L38:
            java.lang.Object r5 = r0.L$0
            com.amazon.enterprise.access.android.data.pdm.ScepClientImpl r5 = (com.amazon.enterprise.access.android.data.pdm.ScepClientImpl) r5
            kotlin.ResultKt.throwOnFailure(r7)
            goto L4e
        L40:
            kotlin.ResultKt.throwOnFailure(r7)
            r0.L$0 = r5
            r0.label = r4
            java.lang.Object r7 = r5.requestCaraCert(r6, r0)
            if (r7 != r1) goto L4e
            return r1
        L4e:
            byte[] r7 = (byte[]) r7
            r0.L$0 = r5
            r0.label = r3
            java.lang.Object r7 = r5.extractCertificates(r7, r0)
            if (r7 != r1) goto L5b
            return r1
        L5b:
            java.util.List r7 = (java.util.List) r7
            com.amazon.enterprise.access.android.data.pdm.CaraCertificatesWrapper r5 = r5.dissectCaraCerts(r7)
            return r5
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.enterprise.access.android.data.pdm.ScepClientImpl.getCaraCert(java.lang.String, kotlin.coroutines.Continuation):java.lang.Object");
    }

    /* JADX WARN: Can't wrap try/catch for region: R(10:1|(2:3|(8:5|6|(1:(1:(1:(1:(2:12|13)(2:15|16))(3:17|18|(1:20)(2:21|22)))(3:23|24|(1:26)(3:27|18|(0)(0))))(1:28))(2:38|(1:40))|29|30|31|32|(1:34)(3:35|24|(0)(0))))|41|6|(0)(0)|29|30|31|32|(0)(0)) */
    /* JADX WARN: Code restructure failed: missing block: B:37:0x00db, code lost:
    
        r6 = com.amazon.enterprise.access.android.shared.utils.Logger.f4347a;
        r10 = r0.tag;
        kotlin.jvm.internal.Intrinsics.checkNotNullExpressionValue(r10, "tag");
        r6.d(r10, "Failed to get cert container checksum.");
     */
    /* JADX WARN: Removed duplicated region for block: B:20:0x0122 A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:21:0x0123  */
    /* JADX WARN: Removed duplicated region for block: B:26:0x010d A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:27:0x010e  */
    /* JADX WARN: Removed duplicated region for block: B:34:0x00f9 A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:35:0x00fa  */
    /* JADX WARN: Removed duplicated region for block: B:38:0x0078  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x002d  */
    @Override // com.amazon.enterprise.access.android.data.pdm.ScepClient
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.Object getDeviceIdentityCert(byte[] r18, com.amazon.enterprise.access.android.data.pdm.CaraCertificatesWrapper r19, java.lang.String r20, kotlin.coroutines.Continuation<? super java.security.cert.X509Certificate> r21) {
        /*
            Method dump skipped, instructions count: 293
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.enterprise.access.android.data.pdm.ScepClientImpl.getDeviceIdentityCert(byte[], com.amazon.enterprise.access.android.data.pdm.CaraCertificatesWrapper, java.lang.String, kotlin.coroutines.Continuation):java.lang.Object");
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x0056  */
    /* JADX WARN: Removed duplicated region for block: B:15:0x0086  */
    /* JADX WARN: Removed duplicated region for block: B:18:0x0097  */
    /* JADX WARN: Removed duplicated region for block: B:22:0x009b  */
    /* JADX WARN: Removed duplicated region for block: B:25:0x003a  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0023  */
    @Override // com.amazon.enterprise.access.android.data.pdm.ScepClient
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.Object signCsr(byte[] r6, java.lang.String r7, kotlin.coroutines.Continuation<? super byte[]> r8) {
        /*
            r5 = this;
            boolean r0 = r8 instanceof com.amazon.enterprise.access.android.data.pdm.ScepClientImpl$signCsr$1
            if (r0 == 0) goto L13
            r0 = r8
            com.amazon.enterprise.access.android.data.pdm.ScepClientImpl$signCsr$1 r0 = (com.amazon.enterprise.access.android.data.pdm.ScepClientImpl$signCsr$1) r0
            int r1 = r0.label
            r2 = -2147483648(0xffffffff80000000, float:-0.0)
            r3 = r1 & r2
            if (r3 == 0) goto L13
            int r1 = r1 - r2
            r0.label = r1
            goto L18
        L13:
            com.amazon.enterprise.access.android.data.pdm.ScepClientImpl$signCsr$1 r0 = new com.amazon.enterprise.access.android.data.pdm.ScepClientImpl$signCsr$1
            r0.<init>(r5, r8)
        L18:
            java.lang.Object r8 = r0.result
            java.lang.Object r1 = kotlin.coroutines.intrinsics.IntrinsicsKt.getCOROUTINE_SUSPENDED()
            int r2 = r0.label
            r3 = 1
            if (r2 == 0) goto L3a
            if (r2 != r3) goto L32
            java.lang.Object r5 = r0.L$1
            r6 = r5
            byte[] r6 = (byte[]) r6
            java.lang.Object r5 = r0.L$0
            com.amazon.enterprise.access.android.data.pdm.ScepClientImpl r5 = (com.amazon.enterprise.access.android.data.pdm.ScepClientImpl) r5
            kotlin.ResultKt.throwOnFailure(r8)
            goto L4a
        L32:
            java.lang.IllegalStateException r5 = new java.lang.IllegalStateException
            java.lang.String r6 = "call to 'resume' before 'invoke' with coroutine"
            r5.<init>(r6)
            throw r5
        L3a:
            kotlin.ResultKt.throwOnFailure(r8)
            r0.L$0 = r5
            r0.L$1 = r6
            r0.label = r3
            java.lang.Object r7 = r5.generatePdmCommKeypair(r7, r0)
            if (r7 != r1) goto L4a
            return r1
        L4a:
            org.bouncycastle.operator.jcajce.JcaContentSignerBuilder r7 = new org.bouncycastle.operator.jcajce.JcaContentSignerBuilder
            java.lang.String r8 = r5.csrSignatureAlgorithm
            r7.<init>(r8)
            java.security.KeyPair r8 = r5.pdmCommKeyPair
            r0 = 0
            if (r8 != 0) goto L5c
            java.lang.String r8 = "pdmCommKeyPair"
            kotlin.jvm.internal.Intrinsics.throwUninitializedPropertyAccessException(r8)
            r8 = r0
        L5c:
            java.security.PrivateKey r8 = r8.getPrivate()
            org.bouncycastle.operator.ContentSigner r7 = r7.build(r8)
            org.bouncycastle.cms.CMSSignedDataGenerator r8 = new org.bouncycastle.cms.CMSSignedDataGenerator
            r8.<init>()
            org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder r1 = new org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder
            org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder r2 = new org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder
            r2.<init>()
            org.bouncycastle.jce.provider.BouncyCastleProvider r4 = new org.bouncycastle.jce.provider.BouncyCastleProvider
            r4.<init>()
            org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder r2 = r2.setProvider(r4)
            org.bouncycastle.operator.DigestCalculatorProvider r2 = r2.build()
            r1.<init>(r2)
            java.security.cert.X509Certificate r2 = r5.pdmCommSelfSigningCert
            java.lang.String r4 = "pdmCommSelfSigningCert"
            if (r2 != 0) goto L8a
            kotlin.jvm.internal.Intrinsics.throwUninitializedPropertyAccessException(r4)
            r2 = r0
        L8a:
            org.bouncycastle.cms.SignerInfoGenerator r7 = r1.build(r7, r2)
            r8.addSignerInfoGenerator(r7)
            org.bouncycastle.cert.X509CertificateHolder r7 = new org.bouncycastle.cert.X509CertificateHolder
            java.security.cert.X509Certificate r1 = r5.pdmCommSelfSigningCert
            if (r1 != 0) goto L9b
            kotlin.jvm.internal.Intrinsics.throwUninitializedPropertyAccessException(r4)
            goto L9c
        L9b:
            r0 = r1
        L9c:
            byte[] r0 = r0.getEncoded()
            r7.<init>(r0)
            r8.addCertificate(r7)
            org.bouncycastle.cms.CMSProcessableByteArray r7 = new org.bouncycastle.cms.CMSProcessableByteArray
            r7.<init>(r6)
            org.bouncycastle.cms.CMSSignedData r6 = r8.generate(r7, r3)
            com.amazon.enterprise.access.android.shared.utils.Logger$Companion r7 = com.amazon.enterprise.access.android.shared.utils.Logger.f4347a
            java.lang.String r5 = r5.tag
            java.lang.String r8 = "tag"
            kotlin.jvm.internal.Intrinsics.checkNotNullExpressionValue(r5, r8)
            byte[] r8 = r6.getEncoded()
            java.lang.String r0 = "getEncoded(...)"
            kotlin.jvm.internal.Intrinsics.checkNotNullExpressionValue(r8, r0)
            java.lang.String r8 = com.amazon.enterprise.access.android.utils.extensions.ByteArrayExtensionsKt.toBase64EncodedString(r8)
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r1.<init>()
            java.lang.String r2 = "The Base64 encoded string of the signed CSR is: "
            r1.append(r2)
            r1.append(r8)
            java.lang.String r8 = r1.toString()
            r7.c(r5, r8)
            byte[] r5 = r6.getEncoded()
            kotlin.jvm.internal.Intrinsics.checkNotNullExpressionValue(r5, r0)
            return r5
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.enterprise.access.android.data.pdm.ScepClientImpl.signCsr(byte[], java.lang.String, kotlin.coroutines.Continuation):java.lang.Object");
    }
}
