package com.google.commerce.tapandpay.android.security.storagekey;

import android.database.Cursor;
import android.database.sqlite.SQLiteDatabase;
import android.os.Build;
import android.util.Pair;
import com.google.commerce.tapandpay.android.accountscope.api.QualifierAnnotations;
import com.google.commerce.tapandpay.android.infrastructure.rpc.RpcCaller;
import com.google.commerce.tapandpay.android.infrastructure.rpc.ServerException;
import com.google.commerce.tapandpay.android.infrastructure.rpc.TapAndPayApiException;
import com.google.commerce.tapandpay.android.logging.CLog;
import com.google.commerce.tapandpay.android.security.DeviceAttestationClient;
import com.google.commerce.tapandpay.android.security.SecureHardwareEncryptionUtil;
import com.google.commerce.tapandpay.android.security.storagekey.StorageKeyCache;
import com.google.commerce.tapandpay.android.security.storagekey.nano.StorageKeyProto$EncryptedStorageKey;
import com.google.commerce.tapandpay.android.security.storagekey.nano.StorageKeyProto$StorageKey;
import com.google.commerce.tapandpay.android.serverlog.SLog;
import com.google.commerce.tapandpay.android.transit.transitbundle.datastore.TransitBundleDatastore;
import com.google.common.base.Preconditions;
import com.google.internal.tapandpay.v1.SecurityProto$ConfirmStorageKeyRotationRequest;
import com.google.internal.tapandpay.v1.SecurityProto$ConfirmStorageKeyRotationResponse;
import com.google.internal.tapandpay.v1.SecurityProto$GetStorageKeyRequest;
import com.google.internal.tapandpay.v1.SecurityProto$GetStorageKeyResponse;
import com.google.internal.tapandpay.v1.SecurityProto$StorageKey;
import com.google.protobuf.GeneratedMessageLite;
import com.google.protobuf.nano.MessageNano;
import java.io.IOException;
import javax.inject.Inject;

/* loaded from: classes.dex */
public class StorageKeyManager {
    private final String accountName;
    public final DeviceAttestationClient attestationClient;
    private final RpcCaller rpcCaller;
    private final StorageKeyCache storageKeyCache;
    private final TransitBundleDatastore transitBundleDatastore;

    @Inject
    public StorageKeyManager(DeviceAttestationClient deviceAttestationClient, StorageKeyCache storageKeyCache, @QualifierAnnotations.AccountName String str, RpcCaller rpcCaller, TransitBundleDatastore transitBundleDatastore) {
        this.attestationClient = deviceAttestationClient;
        this.accountName = str;
        this.storageKeyCache = storageKeyCache;
        this.rpcCaller = rpcCaller;
        this.transitBundleDatastore = transitBundleDatastore;
    }

    public final int fetchStorageKey() {
        CLog.d("StorageKeyManager", "Start fetching storage keys.");
        try {
            getStorageKey(this.attestationClient.getAttestationVerdict());
            return 1;
        } catch (RpcCaller.RpcAuthError e) {
            e = e;
            CLog.d("StorageKeyManager", "fetchStorageKey error", e);
            return 2;
        } catch (ServerException e2) {
            e = e2;
            CLog.d("StorageKeyManager", "fetchStorageKey error", e);
            return 2;
        } catch (TapAndPayApiException e3) {
            CLog.d("StorageKeyManager", "fetchStorageKey error", e3);
            return this.attestationClient.checkAndHandleAttestationFailure(e3) ? 3 : 2;
        } catch (IOException e4) {
            e = e4;
            CLog.d("StorageKeyManager", "fetchStorageKey error", e);
            return 2;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public final StorageKeyProto$StorageKey getStorageKey(String str) throws IOException, TapAndPayApiException, RpcCaller.RpcAuthError, ServerException {
        SQLiteDatabase sQLiteDatabase;
        Pair<byte[], byte[]> encryptInSecureHardware;
        try {
            return this.storageKeyCache.get(false);
        } catch (StorageKeyCache.StorageKeyException e) {
            CLog.dfmt("StorageKeyManager", "storage key missing for %s", this.accountName);
            SecurityProto$GetStorageKeyRequest.Builder createBuilder = SecurityProto$GetStorageKeyRequest.DEFAULT_INSTANCE.createBuilder();
            createBuilder.copyOnWrite();
            SecurityProto$GetStorageKeyRequest securityProto$GetStorageKeyRequest = (SecurityProto$GetStorageKeyRequest) createBuilder.instance;
            if (str == null) {
                throw new NullPointerException();
            }
            securityProto$GetStorageKeyRequest.attestationVerdict_ = str;
            SecurityProto$GetStorageKeyResponse securityProto$GetStorageKeyResponse = (SecurityProto$GetStorageKeyResponse) this.rpcCaller.blockingCallTapAndPay("t/security/getstoragekey", (SecurityProto$GetStorageKeyRequest) ((GeneratedMessageLite) createBuilder.build()), SecurityProto$GetStorageKeyResponse.DEFAULT_INSTANCE);
            SecurityProto$StorageKey securityProto$StorageKey = securityProto$GetStorageKeyResponse.key_;
            if (securityProto$StorageKey == null) {
                securityProto$StorageKey = SecurityProto$StorageKey.DEFAULT_INSTANCE;
            }
            Preconditions.checkArgument(securityProto$StorageKey.value_.size() == 32);
            StorageKeyProto$StorageKey storageKeyProto$StorageKey = new StorageKeyProto$StorageKey();
            SecurityProto$StorageKey securityProto$StorageKey2 = securityProto$GetStorageKeyResponse.key_;
            if (securityProto$StorageKey2 == null) {
                securityProto$StorageKey2 = SecurityProto$StorageKey.DEFAULT_INSTANCE;
            }
            storageKeyProto$StorageKey.id = securityProto$StorageKey2.id_;
            SecurityProto$StorageKey securityProto$StorageKey3 = securityProto$GetStorageKeyResponse.key_;
            if (securityProto$StorageKey3 == null) {
                securityProto$StorageKey3 = SecurityProto$StorageKey.DEFAULT_INSTANCE;
            }
            storageKeyProto$StorageKey.value = securityProto$StorageKey3.value_.toByteArray();
            StorageKeyProto$EncryptedStorageKey storageKeyProto$EncryptedStorageKey = null;
            if (securityProto$GetStorageKeyResponse.newKey_ == null) {
                CLog.dfmt("StorageKeyManager", "Retrieved storage key for %s", this.accountName);
            } else {
                try {
                    StorageKeyProto$StorageKey storageKeyProto$StorageKey2 = new StorageKeyProto$StorageKey();
                    SecurityProto$StorageKey securityProto$StorageKey4 = securityProto$GetStorageKeyResponse.newKey_;
                    if (securityProto$StorageKey4 == null) {
                        securityProto$StorageKey4 = SecurityProto$StorageKey.DEFAULT_INSTANCE;
                    }
                    storageKeyProto$StorageKey2.id = securityProto$StorageKey4.id_;
                    SecurityProto$StorageKey securityProto$StorageKey5 = securityProto$GetStorageKeyResponse.newKey_;
                    if (securityProto$StorageKey5 == null) {
                        securityProto$StorageKey5 = SecurityProto$StorageKey.DEFAULT_INSTANCE;
                    }
                    storageKeyProto$StorageKey2.value = securityProto$StorageKey5.value_.toByteArray();
                    TransitBundleDatastore transitBundleDatastore = this.transitBundleDatastore;
                    SQLiteDatabase writableDb = transitBundleDatastore.getWritableDb();
                    writableDb.beginTransaction();
                    try {
                        SQLiteDatabase sQLiteDatabase2 = writableDb;
                        try {
                            Cursor query = writableDb.query("transit_bundles", new String[]{"bundle_card_id"}, "key_id=?", new String[]{storageKeyProto$StorageKey.id}, null, null, null);
                            while (query.moveToNext()) {
                                try {
                                    sQLiteDatabase = sQLiteDatabase2;
                                    try {
                                        TransitBundleDatastore.updateBundleInTransaction(transitBundleDatastore.readBundleByCardId(query.getLong(0), sQLiteDatabase, storageKeyProto$StorageKey), sQLiteDatabase, storageKeyProto$StorageKey2);
                                        sQLiteDatabase2 = sQLiteDatabase;
                                    } catch (Throwable th) {
                                        th = th;
                                        Throwable th2 = th;
                                        try {
                                            throw th2;
                                        } catch (Throwable th3) {
                                            if (query == null) {
                                                throw th3;
                                            }
                                            try {
                                                TransitBundleDatastore.$closeResource(th2, query);
                                                throw th3;
                                            } catch (Throwable th4) {
                                                th = th4;
                                                sQLiteDatabase.endTransaction();
                                                throw th;
                                            }
                                        }
                                    }
                                } catch (Throwable th5) {
                                    th = th5;
                                    sQLiteDatabase = sQLiteDatabase2;
                                }
                            }
                            CLog.i("TransitBundleDB", "Successfully rotated keys");
                            sQLiteDatabase2.setTransactionSuccessful();
                            TransitBundleDatastore.$closeResource(null, query);
                            sQLiteDatabase2.endTransaction();
                            SecurityProto$ConfirmStorageKeyRotationRequest.Builder createBuilder2 = SecurityProto$ConfirmStorageKeyRotationRequest.DEFAULT_INSTANCE.createBuilder();
                            SecurityProto$StorageKey securityProto$StorageKey6 = securityProto$GetStorageKeyResponse.newKey_;
                            if (securityProto$StorageKey6 == null) {
                                securityProto$StorageKey6 = SecurityProto$StorageKey.DEFAULT_INSTANCE;
                            }
                            String str2 = securityProto$StorageKey6.id_;
                            createBuilder2.copyOnWrite();
                            SecurityProto$ConfirmStorageKeyRotationRequest securityProto$ConfirmStorageKeyRotationRequest = (SecurityProto$ConfirmStorageKeyRotationRequest) createBuilder2.instance;
                            if (str2 == null) {
                                throw new NullPointerException();
                            }
                            securityProto$ConfirmStorageKeyRotationRequest.newKeyId_ = str2;
                            this.rpcCaller.callTapAndPay("t/security/confirmstoragekeyrotation", (SecurityProto$ConfirmStorageKeyRotationRequest) ((GeneratedMessageLite) createBuilder2.build()), SecurityProto$ConfirmStorageKeyRotationResponse.DEFAULT_INSTANCE, new RpcCaller.NoOpCallback());
                            CLog.dfmt("StorageKeyManager", "Successfully retrieved and rotated storage key for %s", this.accountName);
                            storageKeyProto$StorageKey = storageKeyProto$StorageKey2;
                        } catch (Throwable th6) {
                            th = th6;
                            sQLiteDatabase = sQLiteDatabase2;
                        }
                    } catch (Throwable th7) {
                        th = th7;
                        sQLiteDatabase = writableDb;
                    }
                } catch (TransitBundleDatastore.UnexpectedDbStateException e2) {
                    SLog.log("StorageKeyManager", "rotateKeys error", e2, this.accountName);
                }
            }
            StorageKeyCache storageKeyCache = this.storageKeyCache;
            storageKeyCache.putInMemoryCache(storageKeyProto$StorageKey, false);
            if (Build.VERSION.SDK_INT >= 23 && (encryptInSecureHardware = SecureHardwareEncryptionUtil.encryptInSecureHardware("storage_key_alias", storageKeyProto$StorageKey.value)) != null) {
                storageKeyProto$EncryptedStorageKey = new StorageKeyProto$EncryptedStorageKey();
                storageKeyProto$EncryptedStorageKey.id = storageKeyProto$StorageKey.id;
                storageKeyProto$EncryptedStorageKey.ciphertext = (byte[]) encryptInSecureHardware.first;
                storageKeyProto$EncryptedStorageKey.iv = (byte[]) encryptInSecureHardware.second;
            }
            if (storageKeyProto$EncryptedStorageKey == null) {
                storageKeyCache.keyValueStore.remove(storageKeyCache.buildEncryptedStorageKeyKey());
            } else {
                storageKeyCache.keyValueStore.put(storageKeyCache.buildEncryptedStorageKeyKey(), MessageNano.toByteArray(storageKeyProto$EncryptedStorageKey));
            }
            return storageKeyProto$StorageKey;
        }
    }
}
