package com.amazon.accesspoint.security.statemachine.states;

import com.amazon.accesspoint.security.commons.databinder.NetworkContext;
import com.amazon.accesspoint.security.commons.utils.AuthenticationUtils;
import com.amazon.accesspoint.security.commons.utils.LoggerUtil;
import com.amazon.accesspoint.security.cryptography.AsymmetricCryptographyUtils;
import com.amazon.accesspoint.security.exception.AuthenticationCoreException;
import com.amazon.accesspoint.security.exception.IOTDeviceException;
import com.amazon.accesspoint.security.message.SecurityMessageType;
import com.amazon.accesspoint.security.message.security.model.ChallengeResponseFromDevice;
import com.amazon.accesspoint.security.message.security.model.CreateSessionRequestForDevice;
import com.amazon.accesspoint.security.message.security.model.SecurityMessage;
import com.amazon.accesspoint.security.network.exception.NetworkSendException;
import com.amazon.accesspoint.security.serializers.exception.SecuritySerializationException;
import com.amazon.accesspoint.security.session.model.SessionCredentials;
import com.amazon.accesspoint.security.statemachine.AuthenticationConnectionFSM;
import com.amazon.rabbit.android.log.crash.CrashDetailKeys;
import com.google.common.util.concurrent.FutureCallback;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
import com.google.common.util.concurrent.SettableFuture;
import java.security.GeneralSecurityException;
import lombok.Generated;
import lombok.NonNull;

/* loaded from: classes.dex */
public class PendingChallengeResponse extends AbstractDataHandler {
    private static LoggerUtil log = LoggerUtil.getInstance();
    private final AuthenticationConnectionFSM authenticationConnectionFSM;
    private final NetworkContext networkContext;

    @Generated
    /* loaded from: classes.dex */
    public static class PendingChallengeResponseBuilder {

        @Generated
        private AuthenticationConnectionFSM authenticationConnectionFSM;

        @Generated
        private NetworkContext networkContext;

        @Generated
        PendingChallengeResponseBuilder() {
        }

        @Generated
        public PendingChallengeResponseBuilder authenticationConnectionFSM(@NonNull AuthenticationConnectionFSM authenticationConnectionFSM) {
            if (authenticationConnectionFSM == null) {
                throw new NullPointerException("authenticationConnectionFSM is marked non-null but is null");
            }
            this.authenticationConnectionFSM = authenticationConnectionFSM;
            return this;
        }

        @Generated
        public PendingChallengeResponse build() {
            return new PendingChallengeResponse(this.networkContext, this.authenticationConnectionFSM);
        }

        @Generated
        public PendingChallengeResponseBuilder networkContext(@NonNull NetworkContext networkContext) {
            if (networkContext == null) {
                throw new NullPointerException("networkContext is marked non-null but is null");
            }
            this.networkContext = networkContext;
            return this;
        }

        @Generated
        public String toString() {
            return "PendingChallengeResponse.PendingChallengeResponseBuilder(networkContext=" + this.networkContext + ", authenticationConnectionFSM=" + this.authenticationConnectionFSM + CrashDetailKeys.CLOSED_PARENTHESIS;
        }
    }

    public PendingChallengeResponse(@NonNull NetworkContext networkContext, @NonNull AuthenticationConnectionFSM authenticationConnectionFSM) {
        super(networkContext);
        if (networkContext == null) {
            throw new NullPointerException("networkContext is marked non-null but is null");
        }
        if (authenticationConnectionFSM == null) {
            throw new NullPointerException("authenticationConnectionFSM is marked non-null but is null");
        }
        this.networkContext = networkContext;
        this.authenticationConnectionFSM = authenticationConnectionFSM;
    }

    @Generated
    public static PendingChallengeResponseBuilder builder() {
        return new PendingChallengeResponseBuilder();
    }

    private byte[] createSessionRequest() throws SecuritySerializationException {
        SessionCredentials sessionCredentials = this.networkContext.getSessionCredentialsWrapper().getSessionCredentials();
        return this.networkContext.getSecuritySerializer().serialize(CreateSessionRequestForDevice.builder().type(SecurityMessageType.CREATE_SESSION_REQUEST_FROM_MOBILE).version(1).encryptedCloudEncryptionKey(sessionCredentials.getEncryptedCloudEncryptionKey()).encryptedLocalEncryptionKey(sessionCredentials.getEncryptedLocalEncryptionKey()).sessionExpirationTimestamp(sessionCredentials.getSessionExpirationTimestamp()).cloudSessionId(sessionCredentials.getCloudSessionId()).cloudDigitalSignature(sessionCredentials.getCloudDigitialSignature()).cipherSuiteId(sessionCredentials.getCipherSuiteId()).build());
    }

    private FutureCallback<Void> getNetworkSendCallBack(final SettableFuture<Void> settableFuture) {
        return new FutureCallback<Void>() { // from class: com.amazon.accesspoint.security.statemachine.states.PendingChallengeResponse.1
            @Override // com.google.common.util.concurrent.FutureCallback
            public void onFailure(Throwable th) {
                settableFuture.setException(new IOTDeviceException("Unable to send Message", th));
            }

            @Override // com.google.common.util.concurrent.FutureCallback
            public void onSuccess(Void r2) {
                PendingChallengeResponse.this.transitionToPendingSessionResponse();
                settableFuture.set(null);
            }
        };
    }

    private ListenableFuture<Void> sendSessionKey() throws SecuritySerializationException, NetworkSendException {
        return this.networkContext.getNetworkConnection().send(AuthenticationUtils.createSecurityMessage(createSessionRequest(), 1, this.networkContext.getSecuritySerializer()));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void transitionToPendingSessionResponse() {
        this.authenticationConnectionFSM.moveToState(StateEnum.PENDINGSESSIONRESPONSE);
    }

    private void validateSignedNonce(@NonNull byte[] bArr) throws GeneralSecurityException, AuthenticationCoreException {
        if (bArr == null) {
            throw new NullPointerException("signedNonce is marked non-null but is null");
        }
        log.info("Validating Nonce");
        if (AsymmetricCryptographyUtils.verify(this.networkContext.getSessionCredentialsWrapper().getTargetPublicKey(), bArr, this.authenticationConnectionFSM.getRandomNonce())) {
            return;
        }
        log.debug("Nonce Does not Match");
        throw new AuthenticationCoreException("Nonce Does not Match");
    }

    @Override // com.amazon.accesspoint.security.statemachine.states.AbstractDataHandler
    public ListenableFuture<Void> handleSecurityMessage(SecurityMessage securityMessage) throws AuthenticationCoreException, IOTDeviceException {
        try {
            log.info("Validating Challenge Response");
            SettableFuture<Void> create = SettableFuture.create();
            AuthenticationUtils.validateSecurityMessageType(SecurityMessageType.CHALLENGE_RESPONSE_FROM_DEVICE, securityMessage.getSecurityMessageType());
            validateSignedNonce(((ChallengeResponseFromDevice) securityMessage).getSignedNonce());
            Futures.addCallback(sendSessionKey(), getNetworkSendCallBack(create));
            return create;
        } catch (NetworkSendException e) {
            throw new IOTDeviceException("Unable to send to device", e);
        } catch (SecuritySerializationException e2) {
            throw new AuthenticationCoreException("Unable to parse Challenge Response", e2);
        } catch (GeneralSecurityException e3) {
            throw new AuthenticationCoreException("Unable to Verify digital Signature", e3);
        }
    }
}
