package com.ring.halo.security.session.core.secure;

import com.android.tools.r8.GeneratedOutlineSupport;
import com.ring.halo.ExtensionsKt;
import com.ring.halo.commands.ids.Security;
import com.ring.halo.security.RnetLog;
import com.ring.halo.security.session.Configuration;
import com.ring.halo.security.session.core.DeviceCommunicator;
import com.ring.halo.security.session.core.RnetCryptoException;
import com.ring.halo.security.session.core.RnetSession;
import com.ring.halo.security.session.core.SessionEstablisher;
import com.ring.halo.security.session.core.secure.crypto.CounterCryptoEngine;
import com.ring.halo.security.session.core.secure.crypto.CryptoEngineProvider;
import com.ring.halo.security.session.core.secure.crypto.KeyExchange;
import com.ring.halo.security.session.core.secure.crypto.RnetPublicKey;
import com.ring.halo.security.session.core.secure.crypto.SignatureHelper;
import com.ring.halo.security.session.core.secure.hkdf.RnetHKDF;
import com.ring.halo.security.session.helper.Mapper;
import com.ring.halo.v1.HaloConfiguration;
import com.ring.halo.v1.ParserProvider;
import com.ring.halo.v1.data.HaloFrame;
import com.ring.halo.v1.data.HaloRawFrame;
import com.ring.halo.v1.data.SecurityData;
import com.ring.halo.v1.parsers.HaloParser;
import io.reactivex.plugins.RxJavaPlugins;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.collections.ArraysKt___ArraysJvmKt;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: SecureSessionEstablisher.kt */
@Metadata(bv = {1, 0, 2}, d1 = {"\u0000T\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010$\n\u0000\n\u0002\u0010 \n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\u0018\u0000 \u001a2\u00020\u0001:\u0002\u001a\u001bB-\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t\u0012\u0006\u0010\n\u001a\u00020\u000b¢\u0006\u0002\u0010\fJ\u0010\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u0013H\u0002J*\u0010\u0014\u001a\u000e\u0012\u0004\u0012\u00020\u0013\u0012\u0004\u0012\u00020\u00130\u00152\u0006\u0010\u0004\u001a\u00020\u00052\f\u0010\u0016\u001a\b\u0012\u0004\u0012\u00020\u00130\u0017H\u0002J\u0010\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u0012\u001a\u00020\u0013H\u0016R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u0014\u0010\r\u001a\b\u0012\u0004\u0012\u00020\u000f0\u000eX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u001c"}, d2 = {"Lcom/ring/halo/security/session/core/secure/SecureSessionEstablisher;", "Lcom/ring/halo/security/session/core/SessionEstablisher;", "authorityRepository", "Lcom/ring/halo/security/session/core/secure/AuthorityRepository;", "deviceCommunicator", "Lcom/ring/halo/security/session/core/DeviceCommunicator;", "cryptoEngineProvider", "Lcom/ring/halo/security/session/core/secure/crypto/CryptoEngineProvider;", "logger", "Lcom/ring/halo/security/RnetLog;", "configuration", "Lcom/ring/halo/v1/HaloConfiguration;", "(Lcom/ring/halo/security/session/core/secure/AuthorityRepository;Lcom/ring/halo/security/session/core/DeviceCommunicator;Lcom/ring/halo/security/session/core/secure/crypto/CryptoEngineProvider;Lcom/ring/halo/security/RnetLog;Lcom/ring/halo/v1/HaloConfiguration;)V", "haloParser", "Lcom/ring/halo/v1/parsers/HaloParser;", "Lcom/ring/halo/v1/data/HaloFrame;", "createCryptoEngine", "Lcom/ring/halo/security/session/core/secure/crypto/CounterCryptoEngine;", "rnetDeviceId", "", "dispatchCommands", "", "commands", "", "getSession", "Lcom/ring/halo/security/session/core/RnetSession;", "Companion", "Mode", "halo-v0.3.0-33-gf691963_release"}, k = 1, mv = {1, 1, 11})
/* loaded from: classes.dex */
public final class SecureSessionEstablisher implements SessionEstablisher {
    public static final byte BLE_BYTE_VALUE = 1;
    public static final byte MANUFACTURE_BYTE_VALUE = 2;
    public final AuthorityRepository authorityRepository;
    public final CryptoEngineProvider cryptoEngineProvider;
    public final DeviceCommunicator deviceCommunicator;
    public final HaloParser<HaloFrame> haloParser;
    public final RnetLog logger;

    /* compiled from: SecureSessionEstablisher.kt */
    @Metadata(bv = {1, 0, 2}, d1 = {"\u0000\u0012\n\u0002\u0018\u0002\n\u0002\u0010\u0010\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0006\b\u0086\u0001\u0018\u00002\b\u0012\u0004\u0012\u00020\u00000\u0001B\u000f\b\u0002\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\u0005\u0010\u0006j\u0002\b\u0007j\u0002\b\b¨\u0006\t"}, d2 = {"Lcom/ring/halo/security/session/core/secure/SecureSessionEstablisher$Mode;", "", "mode", "", "(Ljava/lang/String;ILjava/lang/String;)V", "getMode", "()Ljava/lang/String;", "BLE", "CLOUD", "halo-v0.3.0-33-gf691963_release"}, k = 1, mv = {1, 1, 11})
    /* loaded from: classes.dex */
    public enum Mode {
        BLE("BLE"),
        CLOUD("CLOUD");

        public final String mode;

        Mode(String str) {
            if (str != null) {
                this.mode = str;
            } else {
                Intrinsics.throwParameterIsNullException("mode");
                throw null;
            }
        }

        public final String getMode() {
            return this.mode;
        }
    }

    public SecureSessionEstablisher(AuthorityRepository authorityRepository, DeviceCommunicator deviceCommunicator, CryptoEngineProvider cryptoEngineProvider, RnetLog rnetLog, HaloConfiguration haloConfiguration) {
        if (authorityRepository == null) {
            Intrinsics.throwParameterIsNullException("authorityRepository");
            throw null;
        }
        if (deviceCommunicator == null) {
            Intrinsics.throwParameterIsNullException("deviceCommunicator");
            throw null;
        }
        if (cryptoEngineProvider == null) {
            Intrinsics.throwParameterIsNullException("cryptoEngineProvider");
            throw null;
        }
        if (rnetLog == null) {
            Intrinsics.throwParameterIsNullException("logger");
            throw null;
        }
        if (haloConfiguration == null) {
            Intrinsics.throwParameterIsNullException("configuration");
            throw null;
        }
        this.authorityRepository = authorityRepository;
        this.deviceCommunicator = deviceCommunicator;
        this.cryptoEngineProvider = cryptoEngineProvider;
        this.logger = rnetLog;
        this.haloParser = ParserProvider.INSTANCE.haloFrameParser(haloConfiguration);
        this.logger.d(Configuration.SECURE_TAG, "secure session esteblisher created");
    }

    private final CounterCryptoEngine createCryptoEngine(String rnetDeviceId) {
        this.logger.d(Configuration.SECURE_TAG, "start session key negotiation");
        HaloFrame haloFrame = new HaloFrame(Security.GetEncryptionCapabilities, null, new SecurityData.SessionMode(1), 2, null);
        try {
            this.logger.d(Configuration.SECURE_TAG, "try to reset previous session on the device");
            this.deviceCommunicator.dispatchCommand(haloFrame);
        } catch (Exception e) {
            RnetLog rnetLog = this.logger;
            StringBuilder outline53 = GeneratedOutlineSupport.outline53("Clean device session: ");
            outline53.append(e.getMessage());
            rnetLog.d(Configuration.SECURE_TAG, outline53.toString());
        }
        List<String> startSecureChannelEstablishment = this.authorityRepository.startSecureChannelEstablishment(rnetDeviceId, Mode.BLE);
        RnetLog rnetLog2 = this.logger;
        StringBuilder outline532 = GeneratedOutlineSupport.outline53("start secure session cloud commands: ");
        outline532.append(ArraysKt___ArraysJvmKt.joinToString$default(startSecureChannelEstablishment, null, null, null, 0, null, null, 63));
        rnetLog2.d(Configuration.SECURE_TAG, outline532.toString());
        Map<String, String> dispatchCommands = dispatchCommands(this.deviceCommunicator, startSecureChannelEstablishment);
        this.logger.d(Configuration.SECURE_TAG, "start secure session commands response: " + dispatchCommands);
        KeyExchange keyExchange = new KeyExchange();
        GetRemoteSignedPukCloudData remoteSignedPuk = this.authorityRepository.getRemoteSignedPuk(rnetDeviceId, Mode.BLE, dispatchCommands, Mapper.INSTANCE.toHexString(keyExchange.getNonce()), KeyExchange.INSTANCE.keyToString(keyExchange.getKeyPair().getPublic()));
        RnetLog rnetLog3 = this.logger;
        StringBuilder outline533 = GeneratedOutlineSupport.outline53("deviceSecurityInfo cloud commands: ");
        outline533.append(ArraysKt___ArraysJvmKt.joinToString$default(remoteSignedPuk.getCommands(), null, null, null, 0, null, null, 63));
        rnetLog3.d(Configuration.SECURE_TAG, outline533.toString());
        Map<String, String> dispatchCommands2 = dispatchCommands(this.deviceCommunicator, remoteSignedPuk.getCommands());
        this.logger.d(Configuration.SECURE_TAG, "deviceSecurityInfo commands response: " + dispatchCommands2);
        RnetPublicKey rnetPublicKey = new RnetPublicKey(remoteSignedPuk.getDevicePublicKey());
        byte[] map = Mapper.INSTANCE.map(remoteSignedPuk.getDeviceNonce());
        this.logger.d(Configuration.SECURE_TAG, "device PuK and nonce initialized");
        HaloRawFrame rawFrame = this.deviceCommunicator.dispatchCommand(new HaloFrame(Security.GetDeviceEcdhPuk, null, null, 6, null)).getRawFrame();
        if (rawFrame == null) {
            Intrinsics.throwNpe();
            throw null;
        }
        byte[] byteArray = ArraysKt___ArraysJvmKt.toByteArray(RxJavaPlugins.takeLast(rawFrame.getRawBytes(), 32));
        RnetPublicKey rnetPublicKey2 = new RnetPublicKey(byteArray);
        this.logger.d(Configuration.SECURE_TAG, "device ECDH PuK received");
        HaloRawFrame rawFrame2 = this.deviceCommunicator.dispatchCommand(new HaloFrame(Security.GetDeviceEcdhSig, null, null, 6, null)).getRawFrame();
        if (rawFrame2 == null) {
            Intrinsics.throwNpe();
            throw null;
        }
        byte[] byteArray2 = ArraysKt___ArraysJvmKt.toByteArray(RxJavaPlugins.takeLast(rawFrame2.getRawBytes(), 64));
        byte[] plus = ArraysKt___ArraysJvmKt.plus(ArraysKt___ArraysJvmKt.plus(ArraysKt___ArraysJvmKt.plus(byteArray, keyExchange.getNonce()), (byte) 1), (byte) 2);
        this.logger.d(Configuration.SECURE_TAG, "device ECDH signature received");
        RnetLog rnetLog4 = this.logger;
        StringBuilder outline58 = GeneratedOutlineSupport.outline58("validate signature : \n", "deviceRawECDHPuk: ");
        outline58.append(ExtensionsKt.toHexString(byteArray));
        outline58.append(" \n");
        outline58.append("deviceEdDSAPuK: ");
        outline58.append(ExtensionsKt.toHexString(rnetPublicKey.getEncoded()));
        outline58.append(" \n");
        outline58.append("messageToVerify ");
        outline58.append(ExtensionsKt.toHexString(plus));
        rnetLog4.d(Configuration.TAG, outline58.toString());
        if (!SignatureHelper.INSTANCE.validate(byteArray2, rnetPublicKey, plus)) {
            this.logger.e(Configuration.SECURE_TAG, "signature verification failed");
            throw new RnetCryptoException("someone in the middle");
        }
        this.logger.d(Configuration.SECURE_TAG, "signature verified");
        byte[] generateSharedSecret = keyExchange.generateSharedSecret(rnetPublicKey2);
        this.logger.d(Configuration.SECURE_TAG, "shared secret generated");
        byte[] data = new RnetHKDF(keyExchange.getNonce(), keyExchange.getKeyPair().getPublic(), map, rnetPublicKey2, generateSharedSecret).getNext().getData();
        RnetLog rnetLog5 = this.logger;
        StringBuilder outline534 = GeneratedOutlineSupport.outline53("shared key value: ");
        outline534.append(ExtensionsKt.toHexString(generateSharedSecret));
        outline534.append('\n');
        outline534.append("sessionKey: ");
        outline534.append(ExtensionsKt.toHexString(data));
        rnetLog5.d(Configuration.SECURE_TAG, outline534.toString());
        return this.cryptoEngineProvider.getCryptoEngine(rnetDeviceId, data, keyExchange.getNonce());
    }

    private final Map<String, String> dispatchCommands(DeviceCommunicator deviceCommunicator, List<String> commands) {
        byte[] rawBytes;
        List<byte[]> map = Mapper.INSTANCE.map(commands);
        ArrayList arrayList = new ArrayList(RxJavaPlugins.collectionSizeOrDefault(map, 10));
        for (byte[] bArr : map) {
            HaloFrame fromBytes = this.haloParser.fromBytes(bArr);
            RnetLog rnetLog = this.logger;
            StringBuilder outline53 = GeneratedOutlineSupport.outline53("dispatch command ");
            outline53.append(ExtensionsKt.toHexNiceString(bArr));
            rnetLog.d(Configuration.SECURE_TAG, outline53.toString());
            HaloFrame dispatchCommand = deviceCommunicator.dispatchCommand(fromBytes);
            RnetLog rnetLog2 = this.logger;
            StringBuilder outline532 = GeneratedOutlineSupport.outline53("command response ");
            HaloRawFrame rawFrame = dispatchCommand.getRawFrame();
            byte[] bArr2 = null;
            outline532.append((rawFrame == null || (rawBytes = rawFrame.getRawBytes()) == null) ? null : ExtensionsKt.toHexNiceString(rawBytes));
            rnetLog2.d(Configuration.SECURE_TAG, outline532.toString());
            String hexString = Mapper.INSTANCE.toHexString(bArr);
            Mapper mapper = Mapper.INSTANCE;
            HaloRawFrame rawFrame2 = dispatchCommand.getRawFrame();
            if (rawFrame2 != null) {
                bArr2 = rawFrame2.getRawBytes();
            }
            arrayList.add(new Pair(hexString, mapper.toHexString(bArr2)));
        }
        return ArraysKt___ArraysJvmKt.toMap(arrayList);
    }

    @Override // com.ring.halo.security.session.core.SessionEstablisher
    public RnetSession getSession(String rnetDeviceId) {
        if (rnetDeviceId == null) {
            Intrinsics.throwParameterIsNullException("rnetDeviceId");
            throw null;
        }
        try {
            this.deviceCommunicator.connect();
            CounterCryptoEngine createCryptoEngine = createCryptoEngine(rnetDeviceId);
            this.logger.d(Configuration.SECURE_TAG, "crypto engine initialized");
            SecureHaloSession secureHaloSession = new SecureHaloSession(new SecureSession(this.deviceCommunicator, createCryptoEngine, this.logger), this.haloParser);
            if (new SecureSessionHandShaker(this.deviceCommunicator, createCryptoEngine, this.logger).performHandshake()) {
                this.logger.d(Configuration.SECURE_TAG, "secure session established");
                return secureHaloSession;
            }
            this.logger.d(Configuration.SECURE_TAG, "secure session establishment failed");
            throw new RnetCryptoException("Unable to establish handshake");
        } catch (Throwable th) {
            this.logger.d(Configuration.SECURE_TAG, "secure session establishment failed");
            this.deviceCommunicator.disconnect();
            throw th;
        }
    }
}
