package com.amazon.storm.lightning.client;

import android.util.Base64;
import com.amazon.bison.ALog;
import com.amazon.storm.lightning.common.security.LightningSecurity;
import com.amazon.storm.lightning.metrics.MetricsUtil;
import com.amazon.storm.lightning.services.Lightning;
import com.amazon.storm.lightning.services.LightningException;
import com.amazon.whisperlink.service.jpake.JPakeClientImpl;
import com.amazon.whisperlink.service.securekeyexchange.SecureKeyExchangeClient;
import com.amazon.whisperplay.ServiceEndpoint;
import com.amazon.whisperplay.hosting.ServiceDescription;
import com.amazon.whisperplay.thrift.TException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes2.dex */
public class LightningExchangeClientAuth implements ILightningClientAuth {
    private static final String JPAKE_SERVICE_ID = "amzn.jpake";
    private static final String TAG = "LighntingClientAuth";
    private final LightningSecurity mDeviceSecurityMgr;
    private final String mDeviceUUID;
    private boolean mHasValidPin;
    private final ServiceEndpoint mJpakeServiceEndpoint;
    private final Lightning mLightningService;
    private boolean mSecureExchangeStarted;
    private final SecureKeyExchangeClient mSecureKeyExchangeClient;

    public LightningExchangeClientAuth(Lightning lightning, ServiceEndpoint serviceEndpoint, LightningSecurity lightningSecurity) {
        this(lightning, serviceEndpoint, lightningSecurity, new JPakeClientImpl());
    }

    LightningExchangeClientAuth(Lightning lightning, ServiceEndpoint serviceEndpoint, LightningSecurity lightningSecurity, SecureKeyExchangeClient secureKeyExchangeClient) {
        this.mLightningService = lightning;
        this.mJpakeServiceEndpoint = serviceEndpoint.copy(new ServiceDescription.Builder().setServiceIdentifier("amzn.jpake").build());
        this.mDeviceSecurityMgr = lightningSecurity;
        this.mSecureKeyExchangeClient = secureKeyExchangeClient;
        this.mDeviceUUID = serviceEndpoint.getUuid();
    }

    private boolean validateSecureKey(byte[] bArr) {
        try {
            this.mDeviceSecurityMgr.init(bArr);
            byte[] generateSalt = LightningSecurity.generateSalt();
            if (this.mLightningService.checkKeyValidity(this.mDeviceUUID, generateSalt, LightningSecurity.hashWithSalt(bArr, generateSalt))) {
                ALog.d(TAG, "validateSecureKey() - Valid encryption key of size " + bArr.length);
                this.mDeviceSecurityMgr.setReady(true);
                this.mHasValidPin = true;
            } else {
                this.mDeviceSecurityMgr.clearKey();
            }
        } catch (TException e) {
            ALog.e(TAG, "FAILED validateSecureKey", e);
            MetricsUtil.getMetrics().recordCounterMetric(MetricsUtil.DeviceConnection.T_EXCEPTION_COUNT);
        } catch (InvalidAlgorithmParameterException e2) {
            e = e2;
            ALog.e(TAG, "FAILED validateSecureKey", e);
        } catch (InvalidKeyException e3) {
            e = e3;
            ALog.e(TAG, "FAILED validateSecureKey", e);
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            ALog.e(TAG, "FAILED validateSecureKey", e);
        } catch (InvalidKeySpecException e5) {
            e = e5;
            ALog.e(TAG, "FAILED validateSecureKey", e);
        } catch (NoSuchPaddingException e6) {
            e = e6;
            ALog.e(TAG, "FAILED validateSecureKey", e);
        }
        return this.mHasValidPin;
    }

    @Override // com.amazon.storm.lightning.client.ILightningClientAuth
    public boolean isReady() {
        return true;
    }

    @Override // com.amazon.storm.lightning.client.ILightningClientAuth
    public boolean requiresPinExchange() {
        if (this.mHasValidPin) {
            return false;
        }
        byte[] loadKeyForDevice = this.mDeviceSecurityMgr.loadKeyForDevice();
        if (loadKeyForDevice != null) {
            this.mHasValidPin = validateSecureKey(loadKeyForDevice);
        } else {
            this.mHasValidPin = false;
        }
        return !this.mHasValidPin;
    }

    public void resetSecureExchange() {
        this.mSecureExchangeStarted = false;
    }

    @Override // com.amazon.storm.lightning.client.ILightningClientAuth
    public boolean startExchange() {
        if (this.mSecureExchangeStarted) {
            return true;
        }
        try {
            this.mLightningService.startExchange();
            this.mSecureExchangeStarted = true;
            return true;
        } catch (LightningException e) {
            ALog.e(TAG, "FAILED startSecureKeyExchange", e);
            return false;
        } catch (TException e2) {
            ALog.e(TAG, "FAILED startSecureKeyExchange", e2);
            return false;
        }
    }

    @Override // com.amazon.storm.lightning.client.ILightningClientAuth
    public boolean stopExchange() {
        ALog.d(TAG, "stopExchange");
        if (!this.mSecureExchangeStarted) {
            return true;
        }
        try {
            this.mLightningService.stopExchange();
            this.mSecureExchangeStarted = false;
            return true;
        } catch (LightningException e) {
            ALog.e(TAG, "Exception during relay control ", e);
            return false;
        } catch (TException e2) {
            ALog.e(TAG, "Exception during relay control ", e2);
            MetricsUtil.getMetrics().recordCounterMetric(MetricsUtil.DeviceConnection.T_EXCEPTION_COUNT);
            return false;
        }
    }

    @Override // com.amazon.storm.lightning.client.ILightningClientAuth
    public boolean validatePin(String str) {
        if (!this.mSecureExchangeStarted) {
            return false;
        }
        try {
            ALog.d(TAG, "secureKeyExchange response " + validateSecureKey(Base64.decode(this.mSecureKeyExchangeClient.exchangeKey(null, this.mJpakeServiceEndpoint, str, this.mDeviceUUID), 0)) + " deviceId " + this.mDeviceUUID);
            return true;
        } catch (Exception e) {
            ALog.e(TAG, "FAILED completeSecureKeyExchange", e);
            return false;
        }
    }
}
