package com.microsoft.intune.wifi.domain;

import com.microsoft.intune.cryptography.domain.IDeviceEncryptionApi;
import com.microsoft.intune.cryptography.domain.IRsaPrivateKeyConverter;
import com.microsoft.intune.cryptography.domain.IX509CertificateFactory;
import com.microsoft.intune.usercerts.domain.derivedcreds.DerivedCredCertState;
import com.microsoft.intune.usercerts.domain.derivedcreds.IDerivedCredCertStateRepo;
import com.microsoft.intune.usercerts.domain.pfx.DecryptPkcs7PrivateKeyUseCase;
import com.microsoft.intune.usercerts.domain.pfx.DecryptPrivateKeyResult;
import com.microsoft.intune.usercerts.domain.pfx.IPfxCreateConfigItemRepo;
import com.microsoft.intune.usercerts.domain.pfx.IPfxCreateStateRepo;
import com.microsoft.intune.usercerts.domain.pfx.PfxCreateConfigItem;
import com.microsoft.intune.usercerts.domain.pfx.PfxCreateState;
import com.microsoft.intune.usercerts.domain.scep.IScepCertConfigItemRepo;
import com.microsoft.intune.usercerts.domain.scep.IScepCertStateRepo;
import com.microsoft.intune.usercerts.domain.shared.UserCertState;
import com.microsoft.intune.utils.LoggingExtensionsKt;
import com.microsoft.intune.utils.Mockable;
import io.reactivex.Maybe;
import io.reactivex.MaybeSource;
import io.reactivex.Single;
import io.reactivex.SingleSource;
import io.reactivex.functions.BiFunction;
import io.reactivex.functions.Consumer;
import io.reactivex.functions.Function;
import java.security.cert.X509Certificate;
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.reflect.KClass;

/* compiled from: GetUserCertAndPrivateKeyUseCase.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000b\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0017\u0018\u0000  2\u00020\u0001:\u0001 BO\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t\u0012\u0006\u0010\n\u001a\u00020\u000b\u0012\u0006\u0010\f\u001a\u00020\r\u0012\u0006\u0010\u000e\u001a\u00020\u000f\u0012\u0006\u0010\u0010\u001a\u00020\u0011\u0012\u0006\u0010\u0012\u001a\u00020\u0013¢\u0006\u0002\u0010\u0014J\u0016\u0010\u0015\u001a\b\u0012\u0004\u0012\u00020\u00170\u00162\u0006\u0010\u0018\u001a\u00020\u0019H\u0016J\u0016\u0010\u001a\u001a\b\u0012\u0004\u0012\u00020\u00170\u00162\u0006\u0010\u001b\u001a\u00020\u001cH\u0016J\u0016\u0010\u001d\u001a\b\u0012\u0004\u0012\u00020\u00170\u001e2\u0006\u0010\u0018\u001a\u00020\u0019H\u0012J\u0016\u0010\u001f\u001a\b\u0012\u0004\u0012\u00020\u00170\u001e2\u0006\u0010\u0018\u001a\u00020\u0019H\u0012R\u000e\u0010\u0012\u001a\u00020\u0013X\u0092\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\rX\u0092\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u000e\u001a\u00020\u000fX\u0092\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0092\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0092\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u000bX\u0092\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0010\u001a\u00020\u0011X\u0092\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0092\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0092\u0004¢\u0006\u0002\n\u0000¨\u0006!"}, d2 = {"Lcom/microsoft/intune/wifi/domain/GetUserCertAndPrivateKeyUseCase;", "", "scepConfigItemRepo", "Lcom/microsoft/intune/usercerts/domain/scep/IScepCertConfigItemRepo;", "scepCertStateRepo", "Lcom/microsoft/intune/usercerts/domain/scep/IScepCertStateRepo;", "derivedCredCertStateRepo", "Lcom/microsoft/intune/usercerts/domain/derivedcreds/IDerivedCredCertStateRepo;", "pfxCreateConfigItemRepo", "Lcom/microsoft/intune/usercerts/domain/pfx/IPfxCreateConfigItemRepo;", "pfxCreateStateRepo", "Lcom/microsoft/intune/usercerts/domain/pfx/IPfxCreateStateRepo;", "decryptPkcs7PrivateKeyUseCase", "Lcom/microsoft/intune/usercerts/domain/pfx/DecryptPkcs7PrivateKeyUseCase;", "decryptor", "Lcom/microsoft/intune/cryptography/domain/IDeviceEncryptionApi;", "privateKeyConverter", "Lcom/microsoft/intune/cryptography/domain/IRsaPrivateKeyConverter;", "certGenerator", "Lcom/microsoft/intune/cryptography/domain/IX509CertificateFactory;", "(Lcom/microsoft/intune/usercerts/domain/scep/IScepCertConfigItemRepo;Lcom/microsoft/intune/usercerts/domain/scep/IScepCertStateRepo;Lcom/microsoft/intune/usercerts/domain/derivedcreds/IDerivedCredCertStateRepo;Lcom/microsoft/intune/usercerts/domain/pfx/IPfxCreateConfigItemRepo;Lcom/microsoft/intune/usercerts/domain/pfx/IPfxCreateStateRepo;Lcom/microsoft/intune/usercerts/domain/pfx/DecryptPkcs7PrivateKeyUseCase;Lcom/microsoft/intune/cryptography/domain/IDeviceEncryptionApi;Lcom/microsoft/intune/cryptography/domain/IRsaPrivateKeyConverter;Lcom/microsoft/intune/cryptography/domain/IX509CertificateFactory;)V", "getEncryptedCertAndPrivateKey", "Lio/reactivex/Single;", "Lcom/microsoft/intune/wifi/domain/WifiUserCertInfo;", "certGuid", "Ljava/util/UUID;", "getEncryptedDerivedCredCertAndPrivateKey", "derivedCredAlias", "", "getPfxCertInfo", "Lio/reactivex/Maybe;", "getScepCertInfo", "Companion", "policy_userOfficialRelease"}, k = 1, mv = {1, 4, 0})
@Mockable
/* loaded from: classes2.dex */
public class GetUserCertAndPrivateKeyUseCase {
    public static final Logger LOGGER = LoggingExtensionsKt.logger((KClass<?>) Reflection.getOrCreateKotlinClass(GetUserCertAndPrivateKeyUseCase.class));
    public final IX509CertificateFactory certGenerator;
    public final DecryptPkcs7PrivateKeyUseCase decryptPkcs7PrivateKeyUseCase;
    public final IDeviceEncryptionApi decryptor;
    public final IDerivedCredCertStateRepo derivedCredCertStateRepo;
    public final IPfxCreateConfigItemRepo pfxCreateConfigItemRepo;
    public final IPfxCreateStateRepo pfxCreateStateRepo;
    public final IRsaPrivateKeyConverter privateKeyConverter;
    public final IScepCertStateRepo scepCertStateRepo;
    public final IScepCertConfigItemRepo scepConfigItemRepo;

    public GetUserCertAndPrivateKeyUseCase(IScepCertConfigItemRepo scepConfigItemRepo, IScepCertStateRepo scepCertStateRepo, IDerivedCredCertStateRepo derivedCredCertStateRepo, IPfxCreateConfigItemRepo pfxCreateConfigItemRepo, IPfxCreateStateRepo pfxCreateStateRepo, DecryptPkcs7PrivateKeyUseCase decryptPkcs7PrivateKeyUseCase, IDeviceEncryptionApi decryptor, IRsaPrivateKeyConverter privateKeyConverter, IX509CertificateFactory certGenerator) {
        Intrinsics.checkNotNullParameter(scepConfigItemRepo, "scepConfigItemRepo");
        Intrinsics.checkNotNullParameter(scepCertStateRepo, "scepCertStateRepo");
        Intrinsics.checkNotNullParameter(derivedCredCertStateRepo, "derivedCredCertStateRepo");
        Intrinsics.checkNotNullParameter(pfxCreateConfigItemRepo, "pfxCreateConfigItemRepo");
        Intrinsics.checkNotNullParameter(pfxCreateStateRepo, "pfxCreateStateRepo");
        Intrinsics.checkNotNullParameter(decryptPkcs7PrivateKeyUseCase, "decryptPkcs7PrivateKeyUseCase");
        Intrinsics.checkNotNullParameter(decryptor, "decryptor");
        Intrinsics.checkNotNullParameter(privateKeyConverter, "privateKeyConverter");
        Intrinsics.checkNotNullParameter(certGenerator, "certGenerator");
        this.scepConfigItemRepo = scepConfigItemRepo;
        this.scepCertStateRepo = scepCertStateRepo;
        this.derivedCredCertStateRepo = derivedCredCertStateRepo;
        this.pfxCreateConfigItemRepo = pfxCreateConfigItemRepo;
        this.pfxCreateStateRepo = pfxCreateStateRepo;
        this.decryptPkcs7PrivateKeyUseCase = decryptPkcs7PrivateKeyUseCase;
        this.decryptor = decryptor;
        this.privateKeyConverter = privateKeyConverter;
        this.certGenerator = certGenerator;
    }

    private Maybe<WifiUserCertInfo> getPfxCertInfo(UUID certGuid) {
        Maybe flatMap = this.pfxCreateConfigItemRepo.get(certGuid).flatMap(new Function<PfxCreateConfigItem, MaybeSource<? extends WifiUserCertInfo>>() { // from class: com.microsoft.intune.wifi.domain.GetUserCertAndPrivateKeyUseCase$getPfxCertInfo$1
            @Override // io.reactivex.functions.Function
            public final MaybeSource<? extends WifiUserCertInfo> apply(final PfxCreateConfigItem pfxCreateConfigItem) {
                DecryptPkcs7PrivateKeyUseCase decryptPkcs7PrivateKeyUseCase;
                IPfxCreateStateRepo iPfxCreateStateRepo;
                Intrinsics.checkNotNullParameter(pfxCreateConfigItem, "pfxCreateConfigItem");
                if (pfxCreateConfigItem.getCertificate() != null) {
                    decryptPkcs7PrivateKeyUseCase = GetUserCertAndPrivateKeyUseCase.this.decryptPkcs7PrivateKeyUseCase;
                    Single<DecryptPrivateKeyResult> decryptPkcs7PrivateKey = decryptPkcs7PrivateKeyUseCase.decryptPkcs7PrivateKey(pfxCreateConfigItem.getCertificate().getEncryptedPrivateKey());
                    iPfxCreateStateRepo = GetUserCertAndPrivateKeyUseCase.this.pfxCreateStateRepo;
                    Maybe<T> maybe = Single.zip(decryptPkcs7PrivateKey, iPfxCreateStateRepo.get(pfxCreateConfigItem.getGuid()).toSingle(), new BiFunction<DecryptPrivateKeyResult, PfxCreateState, WifiUserCertInfo>() { // from class: com.microsoft.intune.wifi.domain.GetUserCertAndPrivateKeyUseCase$getPfxCertInfo$1$$special$$inlined$let$lambda$1
                        @Override // io.reactivex.functions.BiFunction
                        public final WifiUserCertInfo apply(DecryptPrivateKeyResult privateKeyResult, PfxCreateState state) {
                            Intrinsics.checkNotNullParameter(privateKeyResult, "privateKeyResult");
                            Intrinsics.checkNotNullParameter(state, "state");
                            if (privateKeyResult instanceof DecryptPrivateKeyResult.Success) {
                                pfxCreateConfigItem.getCertificate();
                                return new WifiUserCertInfo(pfxCreateConfigItem.getCertificate().getCertificate(), ((DecryptPrivateKeyResult.Success) privateKeyResult).getPrivateKey(), state.getCertificateState().getState(), pfxCreateConfigItem.getCertificate().getThumbprint());
                            }
                            if (privateKeyResult instanceof DecryptPrivateKeyResult.Failure) {
                                return new WifiUserCertInfo(null, null, UserCertState.Failed, "");
                            }
                            throw new NoWhenBranchMatchedException();
                        }
                    }).toMaybe();
                    if (maybe != null) {
                        return maybe;
                    }
                }
                return Maybe.just(new WifiUserCertInfo(null, null, UserCertState.CertPending, ""));
            }
        });
        Intrinsics.checkNotNullExpressionValue(flatMap, "pfxCreateConfigItemRepo.…nding, \"\"))\n            }");
        return flatMap;
    }

    private Maybe<WifiUserCertInfo> getScepCertInfo(UUID certGuid) {
        Maybe flatMap = this.scepConfigItemRepo.get(certGuid).flatMap(new GetUserCertAndPrivateKeyUseCase$getScepCertInfo$1(this));
        Intrinsics.checkNotNullExpressionValue(flatMap, "scepConfigItemRepo.get(c…          }\n            }");
        return flatMap;
    }

    public Single<WifiUserCertInfo> getEncryptedCertAndPrivateKey(final UUID certGuid) {
        Intrinsics.checkNotNullParameter(certGuid, "certGuid");
        Single<WifiUserCertInfo> onErrorReturn = Maybe.concat(getScepCertInfo(certGuid), getPfxCertInfo(certGuid)).firstOrError().doOnError(new Consumer<Throwable>() { // from class: com.microsoft.intune.wifi.domain.GetUserCertAndPrivateKeyUseCase$getEncryptedCertAndPrivateKey$1
            @Override // io.reactivex.functions.Consumer
            public final void accept(Throwable th) {
                Logger logger;
                logger = GetUserCertAndPrivateKeyUseCase.LOGGER;
                logger.log(Level.WARNING, "Error when trying to get Wifi UserCert Info for cert guid " + certGuid + ". Returning blank data.", th);
            }
        }).onErrorReturn(new Function<Throwable, WifiUserCertInfo>() { // from class: com.microsoft.intune.wifi.domain.GetUserCertAndPrivateKeyUseCase$getEncryptedCertAndPrivateKey$2
            @Override // io.reactivex.functions.Function
            public final WifiUserCertInfo apply(Throwable it) {
                Intrinsics.checkNotNullParameter(it, "it");
                return new WifiUserCertInfo(null, null, UserCertState.Failed, "");
            }
        });
        Intrinsics.checkNotNullExpressionValue(onErrorReturn, "Maybe.concat(getScepCert…          )\n            }");
        return onErrorReturn;
    }

    public Single<WifiUserCertInfo> getEncryptedDerivedCredCertAndPrivateKey(final String derivedCredAlias) {
        Intrinsics.checkNotNullParameter(derivedCredAlias, "derivedCredAlias");
        if (!Intrinsics.areEqual(derivedCredAlias, "")) {
            Single<WifiUserCertInfo> onErrorReturn = this.derivedCredCertStateRepo.getCertByAlias(derivedCredAlias).flatMapSingle(new Function<DerivedCredCertState, SingleSource<? extends WifiUserCertInfo>>() { // from class: com.microsoft.intune.wifi.domain.GetUserCertAndPrivateKeyUseCase$getEncryptedDerivedCredCertAndPrivateKey$1
                @Override // io.reactivex.functions.Function
                public final SingleSource<? extends WifiUserCertInfo> apply(final DerivedCredCertState it) {
                    IDeviceEncryptionApi iDeviceEncryptionApi;
                    IDeviceEncryptionApi iDeviceEncryptionApi2;
                    Intrinsics.checkNotNullParameter(it, "it");
                    iDeviceEncryptionApi = GetUserCertAndPrivateKeyUseCase.this.decryptor;
                    Single<byte[]> decryptWithDeviceSecretKey = iDeviceEncryptionApi.decryptWithDeviceSecretKey(it.getEncryptedCertificate());
                    iDeviceEncryptionApi2 = GetUserCertAndPrivateKeyUseCase.this.decryptor;
                    return Single.zip(decryptWithDeviceSecretKey, iDeviceEncryptionApi2.decryptWithDeviceSecretKey(it.getEncryptedPrivateKey()), new BiFunction<byte[], byte[], WifiUserCertInfo>() { // from class: com.microsoft.intune.wifi.domain.GetUserCertAndPrivateKeyUseCase$getEncryptedDerivedCredCertAndPrivateKey$1.1
                        @Override // io.reactivex.functions.BiFunction
                        public final WifiUserCertInfo apply(byte[] cert, byte[] privateKey) {
                            IX509CertificateFactory iX509CertificateFactory;
                            IRsaPrivateKeyConverter iRsaPrivateKeyConverter;
                            Intrinsics.checkNotNullParameter(cert, "cert");
                            Intrinsics.checkNotNullParameter(privateKey, "privateKey");
                            iX509CertificateFactory = GetUserCertAndPrivateKeyUseCase.this.certGenerator;
                            X509Certificate generateCertificate = iX509CertificateFactory.generateCertificate(cert);
                            iRsaPrivateKeyConverter = GetUserCertAndPrivateKeyUseCase.this.privateKeyConverter;
                            return new WifiUserCertInfo(generateCertificate, iRsaPrivateKeyConverter.generatePrivateKeyPkcs8(privateKey), it.getState(), it.getThumbprint());
                        }
                    });
                }
            }).doOnError(new Consumer<Throwable>() { // from class: com.microsoft.intune.wifi.domain.GetUserCertAndPrivateKeyUseCase$getEncryptedDerivedCredCertAndPrivateKey$2
                @Override // io.reactivex.functions.Consumer
                public final void accept(Throwable th) {
                    Logger logger;
                    logger = GetUserCertAndPrivateKeyUseCase.LOGGER;
                    logger.log(Level.WARNING, "Error while constructing wifi profile from derived credential with alias " + derivedCredAlias + ". Reporting as failed", th);
                }
            }).onErrorReturn(new Function<Throwable, WifiUserCertInfo>() { // from class: com.microsoft.intune.wifi.domain.GetUserCertAndPrivateKeyUseCase$getEncryptedDerivedCredCertAndPrivateKey$3
                @Override // io.reactivex.functions.Function
                public final WifiUserCertInfo apply(Throwable it) {
                    Intrinsics.checkNotNullParameter(it, "it");
                    return new WifiUserCertInfo(null, null, UserCertState.Failed, "");
                }
            });
            Intrinsics.checkNotNullExpressionValue(onErrorReturn, "derivedCredCertStateRepo…          )\n            }");
            return onErrorReturn;
        }
        LOGGER.info("Derived Cred wifi profile has placeholder alias. Reporting state as NotStarted so the profile appears as Pending.");
        Single<WifiUserCertInfo> just = Single.just(new WifiUserCertInfo(null, null, UserCertState.NotStarted, ""));
        Intrinsics.checkNotNullExpressionValue(just, "Single.just(\n           …          )\n            )");
        return just;
    }
}
