package com.microsoft.intune.usercerts.domain.pfx;

import com.microsoft.identity.client.claims.RequestedClaimAdditionalInformation;
import com.microsoft.intune.cryptography.domain.EncryptedPkcs7PrivateKey;
import com.microsoft.intune.cryptography.domain.IDeviceEncryptionApi;
import com.microsoft.intune.cryptography.domain.IRsaPrivateKeyConverter;
import com.microsoft.intune.cryptography.domain.Pkcs7FailureReason;
import com.microsoft.intune.cryptography.domain.Pkcs7UnwrappingResult;
import com.microsoft.intune.usercerts.domain.pfx.DecryptPrivateKeyResult;
import com.microsoft.intune.utils.LoggingExtensionsKt;
import com.microsoft.intune.utils.Mockable;
import io.reactivex.Single;
import io.reactivex.functions.Function;
import java.security.PrivateKey;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.reflect.KClass;

/* compiled from: DecryptPkcs7PrivateKeyUseCase.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000*\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0017\u0018\u0000 \f2\u00020\u0001:\u0001\fB\u0017\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u0016\u0010\u0007\u001a\b\u0012\u0004\u0012\u00020\t0\b2\u0006\u0010\n\u001a\u00020\u000bH\u0016R\u000e\u0010\u0002\u001a\u00020\u0003X\u0092\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0092\u0004¢\u0006\u0002\n\u0000¨\u0006\r"}, d2 = {"Lcom/microsoft/intune/usercerts/domain/pfx/DecryptPkcs7PrivateKeyUseCase;", "", "deviceEncryptionApi", "Lcom/microsoft/intune/cryptography/domain/IDeviceEncryptionApi;", "privateKeyConverter", "Lcom/microsoft/intune/cryptography/domain/IRsaPrivateKeyConverter;", "(Lcom/microsoft/intune/cryptography/domain/IDeviceEncryptionApi;Lcom/microsoft/intune/cryptography/domain/IRsaPrivateKeyConverter;)V", "decryptPkcs7PrivateKey", "Lio/reactivex/Single;", "Lcom/microsoft/intune/usercerts/domain/pfx/DecryptPrivateKeyResult;", RequestedClaimAdditionalInformation.SerializedNames.VALUE, "Lcom/microsoft/intune/cryptography/domain/EncryptedPkcs7PrivateKey;", "Companion", "policy_userOfficialRelease"}, k = 1, mv = {1, 4, 0})
@Mockable
/* loaded from: classes2.dex */
public class DecryptPkcs7PrivateKeyUseCase {
    public static final Logger LOGGER = LoggingExtensionsKt.logger((KClass<?>) Reflection.getOrCreateKotlinClass(DecryptPkcs7PrivateKeyUseCase.class));
    public final IDeviceEncryptionApi deviceEncryptionApi;
    public final IRsaPrivateKeyConverter privateKeyConverter;

    public DecryptPkcs7PrivateKeyUseCase(IDeviceEncryptionApi deviceEncryptionApi, IRsaPrivateKeyConverter privateKeyConverter) {
        Intrinsics.checkNotNullParameter(deviceEncryptionApi, "deviceEncryptionApi");
        Intrinsics.checkNotNullParameter(privateKeyConverter, "privateKeyConverter");
        this.deviceEncryptionApi = deviceEncryptionApi;
        this.privateKeyConverter = privateKeyConverter;
    }

    public Single<DecryptPrivateKeyResult> decryptPkcs7PrivateKey(EncryptedPkcs7PrivateKey value) {
        Intrinsics.checkNotNullParameter(value, "value");
        Single map = this.deviceEncryptionApi.decryptWithPrivateKey(value).map(new Function<Pkcs7UnwrappingResult, DecryptPrivateKeyResult>() { // from class: com.microsoft.intune.usercerts.domain.pfx.DecryptPkcs7PrivateKeyUseCase$decryptPkcs7PrivateKey$1
            @Override // io.reactivex.functions.Function
            public final DecryptPrivateKeyResult apply(Pkcs7UnwrappingResult unwrappingResult) {
                Logger logger;
                Logger logger2;
                Logger logger3;
                IRsaPrivateKeyConverter iRsaPrivateKeyConverter;
                Intrinsics.checkNotNullParameter(unwrappingResult, "unwrappingResult");
                if (unwrappingResult instanceof Pkcs7UnwrappingResult.Success) {
                    byte[] privateKeyBytes = ((Pkcs7UnwrappingResult.Success) unwrappingResult).getPrivateKeyBytes();
                    try {
                        iRsaPrivateKeyConverter = DecryptPkcs7PrivateKeyUseCase.this.privateKeyConverter;
                        PrivateKey generatePrivateKeyPkcs8 = iRsaPrivateKeyConverter.generatePrivateKeyPkcs8(privateKeyBytes);
                        Arrays.fill(privateKeyBytes, (byte) 0);
                        return new DecryptPrivateKeyResult.Success(generatePrivateKeyPkcs8);
                    } catch (Exception e) {
                        logger3 = DecryptPkcs7PrivateKeyUseCase.LOGGER;
                        logger3.log(Level.WARNING, "Could not generate private key from data in PKCS7 envelope", (Throwable) e);
                        return new DecryptPrivateKeyResult.Failure(e);
                    }
                }
                if (!(unwrappingResult instanceof Pkcs7UnwrappingResult.Failure)) {
                    throw new NoWhenBranchMatchedException();
                }
                Pkcs7UnwrappingResult.Failure failure = (Pkcs7UnwrappingResult.Failure) unwrappingResult;
                String componentName = failure.getComponentName();
                Pkcs7FailureReason failureReason = failure.getFailureReason();
                if (failureReason instanceof Pkcs7FailureReason.UnknownFailure) {
                    logger2 = DecryptPkcs7PrivateKeyUseCase.LOGGER;
                    Pkcs7FailureReason.UnknownFailure unknownFailure = (Pkcs7FailureReason.UnknownFailure) failureReason;
                    logger2.log(Level.WARNING, "Unknown PKCS7 unwrapping error: component = " + componentName, unknownFailure.getException());
                    return new DecryptPrivateKeyResult.Failure(unknownFailure.getException());
                }
                logger = DecryptPkcs7PrivateKeyUseCase.LOGGER;
                logger.warning("Invalid PKCS7 data: component = " + componentName + ", reason = " + failureReason);
                return new DecryptPrivateKeyResult.Failure(null, 1, null);
            }
        });
        Intrinsics.checkNotNullExpressionValue(map, "deviceEncryptionApi.decr…privateKey)\n            }");
        return map;
    }
}
