package com.microsoft.intune.usercerts.workcomponent.scep.abstraction.handlers;

import com.microsoft.intune.cryptography.domain.EncryptedDataWithIv;
import com.microsoft.intune.cryptography.domain.IDeviceEncryptionApi;
import com.microsoft.intune.cryptography.domain.IMessageDigestFactory;
import com.microsoft.intune.cryptography.domain.IRsaPrivateKeyConverter;
import com.microsoft.intune.cryptography.domain.KeyFormat;
import com.microsoft.intune.usercerts.domain.scep.ScepEnrollmentResponse;
import com.microsoft.intune.usercerts.domain.scep.ScepFailureType;
import com.microsoft.intune.usercerts.workcomponent.scep.abstraction.ScepEvent;
import com.microsoft.intune.utils.CertificateExtensionsKt;
import io.reactivex.Single;
import io.reactivex.SingleSource;
import io.reactivex.functions.BiFunction;
import io.reactivex.functions.Consumer;
import io.reactivex.functions.Function;
import io.reactivex.functions.Function3;
import java.security.cert.Certificate;
import java.util.Collection;
import java.util.List;
import java.util.concurrent.Callable;
import java.util.logging.Level;
import java.util.logging.Logger;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: BaseScepClientHandler.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000@\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\b&\u0018\u00002\u00020\u0001B%\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t¢\u0006\u0002\u0010\nJ\u0016\u0010\u000b\u001a\b\u0012\u0004\u0012\u00020\r0\f2\u0006\u0010\u000e\u001a\u00020\u000fH\u0002J\u0016\u0010\u0010\u001a\b\u0012\u0004\u0012\u00020\r0\f2\u0006\u0010\u000e\u001a\u00020\u0011H\u0004J\u0016\u0010\u0012\u001a\b\u0012\u0004\u0012\u00020\r0\f2\u0006\u0010\u000e\u001a\u00020\u0013H\u0002R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u0014"}, d2 = {"Lcom/microsoft/intune/usercerts/workcomponent/scep/abstraction/handlers/BaseScepClientHandler;", "", "messageDigestFactory", "Lcom/microsoft/intune/cryptography/domain/IMessageDigestFactory;", "deviceEncryptionApi", "Lcom/microsoft/intune/cryptography/domain/IDeviceEncryptionApi;", "privateKeyConverter", "Lcom/microsoft/intune/cryptography/domain/IRsaPrivateKeyConverter;", "logger", "Ljava/util/logging/Logger;", "(Lcom/microsoft/intune/cryptography/domain/IMessageDigestFactory;Lcom/microsoft/intune/cryptography/domain/IDeviceEncryptionApi;Lcom/microsoft/intune/cryptography/domain/IRsaPrivateKeyConverter;Ljava/util/logging/Logger;)V", "handleEnrollmentPendingResponse", "Lio/reactivex/Single;", "Lcom/microsoft/intune/usercerts/workcomponent/scep/abstraction/ScepEvent;", "response", "Lcom/microsoft/intune/usercerts/domain/scep/ScepEnrollmentResponse$Pending;", "handleEnrollmentResponse", "Lcom/microsoft/intune/usercerts/domain/scep/ScepEnrollmentResponse;", "handleEnrollmentSuccessResponse", "Lcom/microsoft/intune/usercerts/domain/scep/ScepEnrollmentResponse$Success;", "policy_userOfficialRelease"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes2.dex */
public abstract class BaseScepClientHandler {
    public final IDeviceEncryptionApi deviceEncryptionApi;
    public final Logger logger;
    public final IMessageDigestFactory messageDigestFactory;
    public final IRsaPrivateKeyConverter privateKeyConverter;

    public BaseScepClientHandler(IMessageDigestFactory messageDigestFactory, IDeviceEncryptionApi deviceEncryptionApi, IRsaPrivateKeyConverter privateKeyConverter, Logger logger) {
        Intrinsics.checkNotNullParameter(messageDigestFactory, "messageDigestFactory");
        Intrinsics.checkNotNullParameter(deviceEncryptionApi, "deviceEncryptionApi");
        Intrinsics.checkNotNullParameter(privateKeyConverter, "privateKeyConverter");
        Intrinsics.checkNotNullParameter(logger, "logger");
        this.messageDigestFactory = messageDigestFactory;
        this.deviceEncryptionApi = deviceEncryptionApi;
        this.privateKeyConverter = privateKeyConverter;
        this.logger = logger;
    }

    private final Single<ScepEvent> handleEnrollmentPendingResponse(final ScepEnrollmentResponse.Pending response) {
        Single flatMap = Single.fromCallable(new Callable<byte[]>() { // from class: com.microsoft.intune.usercerts.workcomponent.scep.abstraction.handlers.BaseScepClientHandler$handleEnrollmentPendingResponse$privateKeySingle$1
            @Override // java.util.concurrent.Callable
            public final byte[] call() {
                IRsaPrivateKeyConverter iRsaPrivateKeyConverter;
                Logger logger;
                iRsaPrivateKeyConverter = BaseScepClientHandler.this.privateKeyConverter;
                byte[] encodePrivateKeyPkcs8 = iRsaPrivateKeyConverter.encodePrivateKeyPkcs8(response.getPrivateKey());
                logger = BaseScepClientHandler.this.logger;
                logger.info("Finished encoding private key");
                return encodePrivateKeyPkcs8;
            }
        }).flatMap(new Function<byte[], SingleSource<? extends EncryptedDataWithIv>>() { // from class: com.microsoft.intune.usercerts.workcomponent.scep.abstraction.handlers.BaseScepClientHandler$handleEnrollmentPendingResponse$privateKeySingle$2
            @Override // io.reactivex.functions.Function
            public final SingleSource<? extends EncryptedDataWithIv> apply(byte[] encodedPrivateKey) {
                IDeviceEncryptionApi iDeviceEncryptionApi;
                Intrinsics.checkNotNullParameter(encodedPrivateKey, "encodedPrivateKey");
                iDeviceEncryptionApi = BaseScepClientHandler.this.deviceEncryptionApi;
                return iDeviceEncryptionApi.encryptWithDeviceSecretKey(encodedPrivateKey);
            }
        });
        Intrinsics.checkNotNullExpressionValue(flatMap, "Single\n            .from…PrivateKey)\n            }");
        IDeviceEncryptionApi iDeviceEncryptionApi = this.deviceEncryptionApi;
        byte[] encoded = response.getIdentityCert().getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "response.identityCert.encoded");
        Single<ScepEvent> zip = Single.zip(flatMap, iDeviceEncryptionApi.encryptWithDeviceSecretKey(encoded), new BiFunction<EncryptedDataWithIv, EncryptedDataWithIv, ScepEvent>() { // from class: com.microsoft.intune.usercerts.workcomponent.scep.abstraction.handlers.BaseScepClientHandler$handleEnrollmentPendingResponse$1
            @Override // io.reactivex.functions.BiFunction
            public final ScepEvent apply(EncryptedDataWithIv encryptedPrivateKey, EncryptedDataWithIv encryptedIdentityCert) {
                Logger logger;
                Intrinsics.checkNotNullParameter(encryptedPrivateKey, "encryptedPrivateKey");
                Intrinsics.checkNotNullParameter(encryptedIdentityCert, "encryptedIdentityCert");
                logger = BaseScepClientHandler.this.logger;
                logger.info("Finished encrypting private key and certificate after receiving pending SCEP response");
                return new ScepEvent.CertPendingEvent(response.getUrl(), encryptedPrivateKey, KeyFormat.PKCS8, encryptedIdentityCert, response.getTransactionId(), response.getPollTime());
            }
        });
        Intrinsics.checkNotNullExpressionValue(zip, "Single.zip(\n            …)\n            }\n        )");
        return zip;
    }

    private final Single<ScepEvent> handleEnrollmentSuccessResponse(final ScepEnrollmentResponse.Success response) {
        Single onErrorReturnItem = Single.fromCallable(new Callable<byte[]>() { // from class: com.microsoft.intune.usercerts.workcomponent.scep.abstraction.handlers.BaseScepClientHandler$handleEnrollmentSuccessResponse$privateKeySingle$1
            @Override // java.util.concurrent.Callable
            public final byte[] call() {
                IRsaPrivateKeyConverter iRsaPrivateKeyConverter;
                Logger logger;
                iRsaPrivateKeyConverter = BaseScepClientHandler.this.privateKeyConverter;
                byte[] encodePrivateKeyPkcs8 = iRsaPrivateKeyConverter.encodePrivateKeyPkcs8(response.getPrivateKey());
                logger = BaseScepClientHandler.this.logger;
                logger.info("Finished encoding private key");
                return encodePrivateKeyPkcs8;
            }
        }).flatMap(new Function<byte[], SingleSource<? extends EncryptedDataWithIv>>() { // from class: com.microsoft.intune.usercerts.workcomponent.scep.abstraction.handlers.BaseScepClientHandler$handleEnrollmentSuccessResponse$privateKeySingle$2
            @Override // io.reactivex.functions.Function
            public final SingleSource<? extends EncryptedDataWithIv> apply(byte[] encodedPrivateKey) {
                IDeviceEncryptionApi iDeviceEncryptionApi;
                Intrinsics.checkNotNullParameter(encodedPrivateKey, "encodedPrivateKey");
                iDeviceEncryptionApi = BaseScepClientHandler.this.deviceEncryptionApi;
                return iDeviceEncryptionApi.encryptWithDeviceSecretKey(encodedPrivateKey).doOnSuccess(new Consumer<EncryptedDataWithIv>() { // from class: com.microsoft.intune.usercerts.workcomponent.scep.abstraction.handlers.BaseScepClientHandler$handleEnrollmentSuccessResponse$privateKeySingle$2.1
                    @Override // io.reactivex.functions.Consumer
                    public final void accept(EncryptedDataWithIv encryptedDataWithIv) {
                        Logger logger;
                        logger = BaseScepClientHandler.this.logger;
                        logger.info("Finished encrypting encoded private key");
                    }
                });
            }
        }).doOnError(new Consumer<Throwable>() { // from class: com.microsoft.intune.usercerts.workcomponent.scep.abstraction.handlers.BaseScepClientHandler$handleEnrollmentSuccessResponse$privateKeySingle$3
            @Override // io.reactivex.functions.Consumer
            public final void accept(Throwable th) {
                Logger logger;
                logger = BaseScepClientHandler.this.logger;
                logger.log(Level.WARNING, "Could not encrypt private key", th);
            }
        }).onErrorReturnItem(new EncryptedDataWithIv(null, null, 3, null));
        Intrinsics.checkNotNullExpressionValue(onErrorReturnItem, "Single\n                .…em(EncryptedDataWithIv())");
        Single fromCallable = Single.fromCallable(new Callable<Certificate>() { // from class: com.microsoft.intune.usercerts.workcomponent.scep.abstraction.handlers.BaseScepClientHandler$handleEnrollmentSuccessResponse$certificateSingle$1
            @Override // java.util.concurrent.Callable
            public final Certificate call() {
                Logger logger;
                try {
                    Collection<? extends Certificate> certificates = response.getCertStore().getCertificates(null);
                    Intrinsics.checkNotNullExpressionValue(certificates, "response.certStore\n     …   .getCertificates(null)");
                    List list = CollectionsKt___CollectionsKt.toList(certificates);
                    if (list.isEmpty()) {
                        throw new EmptyCertificateStoreException();
                    }
                    Certificate certificate = (Certificate) list.get(0);
                    logger = BaseScepClientHandler.this.logger;
                    logger.info("Retrieved certificate from success response");
                    return certificate;
                } catch (Exception e) {
                    throw new BadCertificateStoreException(e);
                }
            }
        });
        Intrinsics.checkNotNullExpressionValue(fromCallable, "Single.fromCallable {\n  …)\n            }\n        }");
        Single onErrorReturnItem2 = fromCallable.flatMap(new Function<Certificate, SingleSource<? extends EncryptedDataWithIv>>() { // from class: com.microsoft.intune.usercerts.workcomponent.scep.abstraction.handlers.BaseScepClientHandler$handleEnrollmentSuccessResponse$encryptedCertificateSingle$1
            @Override // io.reactivex.functions.Function
            public final SingleSource<? extends EncryptedDataWithIv> apply(Certificate certificate) {
                IDeviceEncryptionApi iDeviceEncryptionApi;
                Intrinsics.checkNotNullParameter(certificate, "certificate");
                iDeviceEncryptionApi = BaseScepClientHandler.this.deviceEncryptionApi;
                byte[] encoded = certificate.getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded, "certificate.encoded");
                return iDeviceEncryptionApi.encryptWithDeviceSecretKey(encoded).doOnSuccess(new Consumer<EncryptedDataWithIv>() { // from class: com.microsoft.intune.usercerts.workcomponent.scep.abstraction.handlers.BaseScepClientHandler$handleEnrollmentSuccessResponse$encryptedCertificateSingle$1.1
                    @Override // io.reactivex.functions.Consumer
                    public final void accept(EncryptedDataWithIv encryptedDataWithIv) {
                        Logger logger;
                        logger = BaseScepClientHandler.this.logger;
                        logger.info("Finished encrypting certificate");
                    }
                });
            }
        }).doOnError(new Consumer<Throwable>() { // from class: com.microsoft.intune.usercerts.workcomponent.scep.abstraction.handlers.BaseScepClientHandler$handleEnrollmentSuccessResponse$encryptedCertificateSingle$2
            @Override // io.reactivex.functions.Consumer
            public final void accept(Throwable th) {
                Logger logger;
                logger = BaseScepClientHandler.this.logger;
                logger.log(Level.WARNING, "Could not encrypt certificate", th);
            }
        }).onErrorReturnItem(new EncryptedDataWithIv(null, null, 3, null));
        Intrinsics.checkNotNullExpressionValue(onErrorReturnItem2, "certificateSingle\n      …em(EncryptedDataWithIv())");
        Single<ScepEvent> onErrorReturn = Single.zip(onErrorReturnItem, fromCallable, onErrorReturnItem2, new Function3<EncryptedDataWithIv, Certificate, EncryptedDataWithIv, ScepEvent>() { // from class: com.microsoft.intune.usercerts.workcomponent.scep.abstraction.handlers.BaseScepClientHandler$handleEnrollmentSuccessResponse$1
            @Override // io.reactivex.functions.Function3
            public final ScepEvent apply(EncryptedDataWithIv encryptedPrivateKey, Certificate certificate, EncryptedDataWithIv encryptedCertificate) {
                IMessageDigestFactory iMessageDigestFactory;
                Logger logger;
                Intrinsics.checkNotNullParameter(encryptedPrivateKey, "encryptedPrivateKey");
                Intrinsics.checkNotNullParameter(certificate, "certificate");
                Intrinsics.checkNotNullParameter(encryptedCertificate, "encryptedCertificate");
                iMessageDigestFactory = BaseScepClientHandler.this.messageDigestFactory;
                String sha1Thumbprint = CertificateExtensionsKt.getSha1Thumbprint(certificate, iMessageDigestFactory);
                logger = BaseScepClientHandler.this.logger;
                logger.info("Finished encrypting private key and certificate after acquiring SCEP certificate");
                return new ScepEvent.CertAcquiredEvent(sha1Thumbprint, response.getPrivateKey(), encryptedPrivateKey, KeyFormat.PKCS8, certificate, encryptedCertificate);
            }
        }).onErrorReturn(new Function<Throwable, ScepEvent>() { // from class: com.microsoft.intune.usercerts.workcomponent.scep.abstraction.handlers.BaseScepClientHandler$handleEnrollmentSuccessResponse$2
            @Override // io.reactivex.functions.Function
            public final ScepEvent apply(Throwable exception) {
                Intrinsics.checkNotNullParameter(exception, "exception");
                return exception instanceof EmptyCertificateStoreException ? new ScepEvent.CertAcquireFailedEvent(false, null, ScepFailureType.EmptyCertStore) : exception instanceof BadCertificateStoreException ? new ScepEvent.CertAcquireFailedEvent(false, exception.getCause(), ScepFailureType.BadCertStore) : new ScepEvent.CertAcquireFailedEvent(false, exception, ScepFailureType.Unknown);
            }
        });
        Intrinsics.checkNotNullExpressionValue(onErrorReturn, "Single\n            .zip(…          }\n            }");
        return onErrorReturn;
    }

    public final Single<ScepEvent> handleEnrollmentResponse(ScepEnrollmentResponse response) {
        Intrinsics.checkNotNullParameter(response, "response");
        this.logger.info("Handling a ScepEnrollmentResponse: " + response);
        if (response instanceof ScepEnrollmentResponse.Success) {
            return handleEnrollmentSuccessResponse((ScepEnrollmentResponse.Success) response);
        }
        if (response instanceof ScepEnrollmentResponse.Pending) {
            return handleEnrollmentPendingResponse((ScepEnrollmentResponse.Pending) response);
        }
        if (!(response instanceof ScepEnrollmentResponse.Failure)) {
            throw new NoWhenBranchMatchedException();
        }
        ScepEnrollmentResponse.Failure failure = (ScepEnrollmentResponse.Failure) response;
        Single<ScepEvent> just = Single.just(new ScepEvent.CertAcquireFailedEvent(failure.getType() == ScepFailureType.Network, failure.getException(), failure.getType()));
        Intrinsics.checkNotNullExpressionValue(just, "Single.just(\n           …      )\n                )");
        return just;
    }
}
