package com.unwire.ssg.signer.provider;

import com.squareup.moshi.Moshi;
import com.unwire.ssg.signer.common.util.Validation;
import com.unwire.ssg.signer.core.AuthenticationMethod;
import com.unwire.ssg.signer.core.Credential;
import com.unwire.ssg.signer.core.CredentialProvider;
import com.unwire.ssg.signer.core.TransformerFactory;
import com.unwire.ssg.signer.provider.api.RegistrationService;
import com.unwire.ssg.signer.provider.api.model.AppInstanceRequest;
import com.unwire.ssg.signer.provider.api.model.AppInstanceResponse;
import dm.a;
import dm.b;
import dm.c;
import java.io.IOException;
import java.security.InvalidKeyException;
import okhttp3.OkHttpClient;
import okhttp3.logging.HttpLoggingInterceptor;
import retrofit2.Call;
import retrofit2.Response;
import retrofit2.Retrofit;
import retrofit2.converter.moshi.MoshiConverterFactory;

/* loaded from: classes4.dex */
public class RegistrationCredentialProvider implements CredentialProvider {
    private static final String SIGNATURE_SEPARATOR = ":";
    private Call<AppInstanceResponse> appInstanceResponseCall;
    private final CredentialStore credentialStore;
    private final a encryptionHelper;
    private final a.b keys;
    private Registration registration;
    private final RegistrationService registrationService;

    /* loaded from: classes4.dex */
    public static final class Builder {
        private final String baseUrl;
        private CredentialStore credentialStore;
        private boolean debug;
        private final Registration registration;

        public Builder(Registration registration, String str) {
            Validation.checkNotNull("Registration data cannot be null", registration);
            checkBaseUrl(str);
            this.registration = registration;
            this.baseUrl = str;
        }

        private void checkBaseUrl(String str) {
            Validation.checkNotNullOrEmpty("Base URL must be set", str);
            if (!str.endsWith("/")) {
                throw new IllegalArgumentException("Base URL must end with a /");
            }
        }

        public RegistrationCredentialProvider build() {
            TransformerInterceptor transformerInterceptor = new TransformerInterceptor(TransformerFactory.createContentSha256Transformer());
            OkHttpClient.Builder builder = new OkHttpClient.Builder();
            builder.addInterceptor(transformerInterceptor);
            if (this.debug) {
                builder.addInterceptor(new HttpLoggingInterceptor().setLevel(HttpLoggingInterceptor.Level.BODY));
            }
            RegistrationService registrationService = (RegistrationService) new Retrofit.Builder().baseUrl(this.baseUrl).addConverterFactory(MoshiConverterFactory.create(new Moshi.Builder().build())).client(builder.build()).build().create(RegistrationService.class);
            CredentialStore credentialStore = this.credentialStore;
            if (credentialStore == null) {
                this.credentialStore = new MemoryStore();
            } else {
                this.credentialStore = new CredentialMemoryCache(credentialStore);
            }
            return new RegistrationCredentialProvider(this.registration, registrationService, this.credentialStore);
        }

        public Builder debug(boolean z11) {
            this.debug = z11;
            return this;
        }

        public Builder store(CredentialStore credentialStore) {
            this.credentialStore = credentialStore;
            return this;
        }
    }

    private RegistrationCredentialProvider(Registration registration, RegistrationService registrationService, CredentialStore credentialStore) {
        this.registration = registration;
        this.registrationService = registrationService;
        this.credentialStore = credentialStore;
        a aVar = new a(a.EnumC0701a.RSA);
        this.encryptionHelper = aVar;
        this.keys = aVar.c(1024);
    }

    private String calcBase64HmacSha256(String str, String str2) {
        byte[] bArr;
        try {
            bArr = c.a(str, str2);
        } catch (InvalidKeyException e11) {
            e11.printStackTrace();
            bArr = null;
        }
        return b.c(bArr, false);
    }

    private String composeApiDevKeyHeader(String str, String str2) {
        String calcBase64HmacSha256 = calcBase64HmacSha256(str2, this.keys.d());
        StringBuilder sb2 = new StringBuilder(str.length() + 1 + calcBase64HmacSha256.length());
        sb2.append(str);
        sb2.append(SIGNATURE_SEPARATOR);
        sb2.append(calcBase64HmacSha256);
        return sb2.toString();
    }

    private Call<AppInstanceResponse> createAuthCall(Registration registration) {
        AppInstanceRequest build = new AppInstanceRequest.Builder().setTenantId(registration.getTenantIdentifier()).setOsType(registration.getOsType()).setPublicKeyBase64(this.keys.d()).setHardwareId(registration.getHardwareDescription()).build();
        return this.registrationService.createAppInstanceId(composeApiDevKeyHeader(registration.getDeveloperKey(), registration.getDeveloperSecret()), build);
    }

    private Credential fromNetworkSync() throws IOException {
        try {
            if (this.appInstanceResponseCall == null) {
                this.appInstanceResponseCall = createAuthCall(this.registration);
                this.registration = null;
            }
            Response<AppInstanceResponse> execute = (this.appInstanceResponseCall.isExecuted() ? this.appInstanceResponseCall.clone() : this.appInstanceResponseCall).execute();
            if (!execute.isSuccessful()) {
                return null;
            }
            AppInstanceResponse.AppInstance appInstance = execute.body().getAppInstance();
            return new Credential(appInstance.getAppInstanceId(), this.encryptionHelper.b(this.keys.c(), appInstance.getEncryptedSecret()));
        } catch (IOException e11) {
            throw new IOException("Could not retrieve credentials from " + this.appInstanceResponseCall.request().url().host(), e11);
        }
    }

    @Override // com.unwire.ssg.signer.core.CredentialProvider
    public Credential fetchCredentials() throws IOException {
        Credential load;
        Credential load2 = this.credentialStore.load();
        if (load2 != null) {
            return load2;
        }
        synchronized (this.credentialStore) {
            load = this.credentialStore.load();
            if (load == null && (load = fromNetworkSync()) != null) {
                this.credentialStore.save(load);
            }
        }
        return load;
    }

    @Override // com.unwire.ssg.signer.core.CredentialProvider
    public AuthenticationMethod getAuthenticationMethod() {
        return AuthenticationMethod.APP_INSTANCE;
    }

    @Override // com.unwire.ssg.signer.core.CredentialInvalidator
    public void invalidateCredentials() {
        synchronized (this.credentialStore) {
            this.credentialStore.clear();
        }
    }
}
