package com.mysugr.logbook.common.rpc.key.storage;

import com.google.firebase.messaging.Constants;
import com.mysugr.logbook.common.crypto.AsymmetricKeyProvider;
import com.mysugr.logbook.common.crypto.CryptographicException;
import com.mysugr.logbook.common.crypto.RSACipher;
import com.mysugr.logbook.common.rpc.api.key.DeviceGroup;
import com.mysugr.logbook.common.rpc.api.utils.ByteArrayExtensionsKt;
import com.mysugr.logbook.common.rpc.key.crypto.hybrid.E2EEDecryptor;
import com.mysugr.logbook.common.rpc.key.crypto.hybrid.E2EEncryptedKey;
import com.mysugr.logbook.common.rpc.key.utils.RPCSHA256DigestGenerator;
import com.mysugr.logbook.common.rpc.key.utils.RPCStorageException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Arrays;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: RPCStorageService.kt */
@Metadata(d1 = {"\u0000`\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0010\u0012\n\u0002\b\u0006\u0018\u00002\u00020\u0001B7\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t\u0012\u0006\u0010\n\u001a\u00020\u000b\u0012\u0006\u0010\f\u001a\u00020\r¢\u0006\u0004\b\u000e\u0010\u000fJ\u0018\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u0015H\u0016J\u0010\u0010\u0016\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u0013H\u0016J\u0010\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0012\u001a\u00020\u0013H\u0016J\u0010\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u001cH\u0002J \u0010\u001d\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u001e\u001a\u00020\u001a2\u0006\u0010\u001f\u001a\u00020 H\u0002J \u0010!\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u001e\u001a\u00020\u001a2\u0006\u0010\"\u001a\u00020 H\u0002J\u0018\u0010#\u001a\u00020\u00112\u0006\u0010\"\u001a\u00020 2\u0006\u0010\u001e\u001a\u00020\u001aH\u0002J\u0018\u0010$\u001a\u00020 2\u0006\u0010\"\u001a\u00020 2\u0006\u0010\u001e\u001a\u00020\u001aH\u0002J\u0018\u0010%\u001a\u00020 2\u0006\u0010\"\u001a\u00020 2\u0006\u0010\u001e\u001a\u00020\u001aH\u0002R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u000bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\rX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006&"}, d2 = {"Lcom/mysugr/logbook/common/rpc/key/storage/RPCStorageService;", "Lcom/mysugr/logbook/common/rpc/key/storage/StorageService;", "decryptor", "Lcom/mysugr/logbook/common/rpc/key/crypto/hybrid/E2EEDecryptor;", "rpcDigestGenerator", "Lcom/mysugr/logbook/common/rpc/key/utils/RPCSHA256DigestGenerator;", "rsaCipher", "Lcom/mysugr/logbook/common/crypto/RSACipher;", "asymmetricKeyProvider", "Lcom/mysugr/logbook/common/crypto/AsymmetricKeyProvider;", "fileStorage", "Lcom/mysugr/logbook/common/rpc/key/storage/RPCFileStorage;", "checksumStorage", "Lcom/mysugr/logbook/common/rpc/key/storage/KeyChecksumStorage;", "<init>", "(Lcom/mysugr/logbook/common/rpc/key/crypto/hybrid/E2EEDecryptor;Lcom/mysugr/logbook/common/rpc/key/utils/RPCSHA256DigestGenerator;Lcom/mysugr/logbook/common/crypto/RSACipher;Lcom/mysugr/logbook/common/crypto/AsymmetricKeyProvider;Lcom/mysugr/logbook/common/rpc/key/storage/RPCFileStorage;Lcom/mysugr/logbook/common/rpc/key/storage/KeyChecksumStorage;)V", "persistKey", "", "deviceGroup", "Lcom/mysugr/logbook/common/rpc/api/key/DeviceGroup;", "encryptedKey", "Lcom/mysugr/logbook/common/rpc/key/crypto/hybrid/E2EEncryptedKey;", "removeKey", "hasKey", "", "getUserKeyPair", "Ljava/security/KeyPair;", "alias", "", "storeConfigData", "keyPair", "paddedCertificateData", "", "storeConfigChecksum", Constants.ScionAnalytics.MessageType.DATA_MESSAGE, "verifyIntegrity", "readData", "encryptData", "workspace.common.rpc.key_release"}, k = 1, mv = {2, 1, 0}, xi = 48)
/* loaded from: classes8.dex */
public final class RPCStorageService implements StorageService {
    private final AsymmetricKeyProvider asymmetricKeyProvider;
    private final KeyChecksumStorage checksumStorage;
    private final E2EEDecryptor decryptor;
    private final RPCFileStorage fileStorage;
    private final RPCSHA256DigestGenerator rpcDigestGenerator;
    private final RSACipher rsaCipher;

    public RPCStorageService(E2EEDecryptor decryptor, RPCSHA256DigestGenerator rpcDigestGenerator, RSACipher rsaCipher, AsymmetricKeyProvider asymmetricKeyProvider, RPCFileStorage fileStorage, KeyChecksumStorage checksumStorage) {
        Intrinsics.checkNotNullParameter(decryptor, "decryptor");
        Intrinsics.checkNotNullParameter(rpcDigestGenerator, "rpcDigestGenerator");
        Intrinsics.checkNotNullParameter(rsaCipher, "rsaCipher");
        Intrinsics.checkNotNullParameter(asymmetricKeyProvider, "asymmetricKeyProvider");
        Intrinsics.checkNotNullParameter(fileStorage, "fileStorage");
        Intrinsics.checkNotNullParameter(checksumStorage, "checksumStorage");
        this.decryptor = decryptor;
        this.rpcDigestGenerator = rpcDigestGenerator;
        this.rsaCipher = rsaCipher;
        this.asymmetricKeyProvider = asymmetricKeyProvider;
        this.fileStorage = fileStorage;
        this.checksumStorage = checksumStorage;
    }

    private final byte[] encryptData(byte[] data, KeyPair keyPair) {
        byte[] readData = readData(data, keyPair);
        try {
            try {
                RSACipher rSACipher = this.rsaCipher;
                PublicKey publicKey = keyPair.getPublic();
                Intrinsics.checkNotNullExpressionValue(publicKey, "getPublic(...)");
                return rSACipher.encrypt(readData, publicKey);
            } catch (CryptographicException e) {
                throw new RPCStorageException("Encryption failed", e);
            }
        } finally {
            ByteArrayExtensionsKt.clear(readData);
        }
    }

    private final KeyPair getUserKeyPair(String alias) {
        return this.asymmetricKeyProvider.getKeyPair(alias);
    }

    private final byte[] readData(byte[] data, KeyPair keyPair) {
        try {
            E2EEDecryptor e2EEDecryptor = this.decryptor;
            PrivateKey privateKey = keyPair.getPrivate();
            Intrinsics.checkNotNullExpressionValue(privateKey, "getPrivate(...)");
            return e2EEDecryptor.decrypt(data, privateKey);
        } catch (CryptographicException e) {
            throw new RPCStorageException("Payload integrity could not be verified", e);
        }
    }

    private final void storeConfigChecksum(DeviceGroup deviceGroup, KeyPair keyPair, byte[] data) {
        byte[] encryptData = encryptData(data, keyPair);
        RPCDigest digestSHA256 = this.rpcDigestGenerator.digestSHA256(deviceGroup.getConfig().getUserData().getUuid(), encryptData);
        ByteArrayExtensionsKt.clear(encryptData);
        if (digestSHA256.getChecksums().isEmpty()) {
            throw new RPCStorageException("Data hashing failed");
        }
        this.checksumStorage.storeChecksums(deviceGroup, digestSHA256);
    }

    private final void storeConfigData(DeviceGroup deviceGroup, KeyPair keyPair, byte[] paddedCertificateData) {
        try {
            byte[] copyOf = Arrays.copyOf(paddedCertificateData, paddedCertificateData.length);
            Intrinsics.checkNotNullExpressionValue(copyOf, "copyOf(...)");
            verifyIntegrity(copyOf, keyPair);
            this.fileStorage.storeConfig(deviceGroup, paddedCertificateData);
        } catch (CryptographicException e) {
            throw new RPCStorageException("Data integrity could not be verified.", e);
        }
    }

    private final void verifyIntegrity(byte[] data, KeyPair keyPair) {
        E2EEDecryptor e2EEDecryptor = this.decryptor;
        PrivateKey privateKey = keyPair.getPrivate();
        Intrinsics.checkNotNullExpressionValue(privateKey, "getPrivate(...)");
        ByteArrayExtensionsKt.clear(e2EEDecryptor.decrypt(data, privateKey));
    }

    @Override // com.mysugr.logbook.common.rpc.key.storage.StorageService
    public boolean hasKey(DeviceGroup deviceGroup) {
        Intrinsics.checkNotNullParameter(deviceGroup, "deviceGroup");
        return this.checksumStorage.hasChecksums(deviceGroup) && this.fileStorage.hasConfig(deviceGroup);
    }

    @Override // com.mysugr.logbook.common.rpc.key.storage.StorageService
    public void persistKey(DeviceGroup deviceGroup, E2EEncryptedKey encryptedKey) {
        Intrinsics.checkNotNullParameter(deviceGroup, "deviceGroup");
        Intrinsics.checkNotNullParameter(encryptedKey, "encryptedKey");
        try {
            try {
                KeyPair userKeyPair = getUserKeyPair(deviceGroup.getConfig().getKeyPairGenConfig().getAlias());
                storeConfigData(deviceGroup, userKeyPair, encryptedKey.getPaddedCertificateData());
                storeConfigChecksum(deviceGroup, userKeyPair, encryptedKey.getPaddedPassphraseData());
            } catch (Exception e) {
                removeKey(deviceGroup);
                throw new RPCStorageException(e);
            }
        } finally {
            ByteArrayExtensionsKt.clear(encryptedKey.getPaddedCertificateData());
            ByteArrayExtensionsKt.clear(encryptedKey.getPaddedPassphraseData());
        }
    }

    @Override // com.mysugr.logbook.common.rpc.key.storage.StorageService
    public void removeKey(DeviceGroup deviceGroup) {
        Intrinsics.checkNotNullParameter(deviceGroup, "deviceGroup");
        this.fileStorage.removeConfig(deviceGroup);
        this.checksumStorage.clear(deviceGroup);
        this.asymmetricKeyProvider.removeKeyPair(deviceGroup.getConfig().getKeyPairGenConfig().getAlias());
    }
}
