package com.microsoft.azure.sdk.iot.provisioning.device.internal.task;

import com.microsoft.azure.sdk.iot.provisioning.device.internal.ProvisioningDeviceClientConfig;
import com.microsoft.azure.sdk.iot.provisioning.device.internal.contract.ProvisioningDeviceClientContract;
import com.microsoft.azure.sdk.iot.provisioning.device.internal.contract.ResponseCallback;
import com.microsoft.azure.sdk.iot.provisioning.device.internal.contract.UrlPathBuilder;
import com.microsoft.azure.sdk.iot.provisioning.device.internal.exceptions.ProvisioningDeviceClientAuthenticationException;
import com.microsoft.azure.sdk.iot.provisioning.device.internal.exceptions.ProvisioningDeviceClientException;
import com.microsoft.azure.sdk.iot.provisioning.device.internal.exceptions.ProvisioningDeviceSecurityException;
import com.microsoft.azure.sdk.iot.provisioning.device.internal.parser.ProvisioningErrorParser;
import com.microsoft.azure.sdk.iot.provisioning.device.internal.parser.RegistrationOperationStatusParser;
import com.microsoft.azure.sdk.iot.provisioning.security.SecurityProvider;
import com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderSymmetricKey;
import com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderTpm;
import com.microsoft.azure.sdk.iot.provisioning.security.SecurityProviderX509;
import com.microsoft.azure.sdk.iot.provisioning.security.exceptions.SecurityProviderException;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.Callable;
import javax.net.ssl.SSLContext;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/microsoft/azure/sdk/iot/provisioning/device/internal/task/RegisterTask.class */
public class RegisterTask implements Callable<RegistrationOperationStatusParser> {
    private static final Logger log = LoggerFactory.getLogger(RegisterTask.class);
    private static final int MAX_WAIT_FOR_REGISTRATION_RESPONSE = 90000;
    private static final int SLEEP_INTERVAL_WHEN_WAITING_FOR_RESPONSE = 4000;
    private static final int DEFAULT_EXPIRY_TIME_IN_SECS = 3600;
    private static final String SASTOKEN_FORMAT = "SharedAccessSignature sr=%s&sig=%s&se=%s&skn=";
    private static final String THREAD_NAME = "azure-iot-sdk-RegisterTask";
    private final ResponseCallback responseCallback;
    private final ProvisioningDeviceClientContract provisioningDeviceClientContract;
    private final Authorization authorization;
    private final SecurityProvider securityProvider;
    private final ProvisioningDeviceClientConfig provisioningDeviceClientConfig;

    /* loaded from: input_file:com/microsoft/azure/sdk/iot/provisioning/device/internal/task/RegisterTask$ResponseCallbackImpl.class */
    private static class ResponseCallbackImpl implements ResponseCallback {
        private ResponseCallbackImpl() {
        }

        @Override // com.microsoft.azure.sdk.iot.provisioning.device.internal.contract.ResponseCallback
        public void run(ResponseData responseData, Object obj) throws ProvisioningDeviceClientException {
            if (!(obj instanceof ResponseData)) {
                throw new ProvisioningDeviceClientException(new IllegalArgumentException("Context mismatch for DPS registration"));
            }
            ResponseData responseData2 = (ResponseData) obj;
            responseData2.setResponseData(responseData.getResponseData());
            responseData2.setContractState(responseData.getContractState());
            responseData2.setWaitForStatusInMS(responseData.getWaitForStatusInMS());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RegisterTask(ProvisioningDeviceClientConfig provisioningDeviceClientConfig, SecurityProvider securityProvider, ProvisioningDeviceClientContract provisioningDeviceClientContract, Authorization authorization) throws ProvisioningDeviceClientException {
        if (provisioningDeviceClientContract == null) {
            throw new ProvisioningDeviceClientException(new IllegalArgumentException("provisioningDeviceClientContract cannot be null"));
        }
        if (securityProvider == null) {
            throw new ProvisioningDeviceClientException(new IllegalArgumentException("security client cannot be null"));
        }
        if (provisioningDeviceClientConfig == null) {
            throw new ProvisioningDeviceClientException(new IllegalArgumentException("provisioningDeviceClientConfig cannot be null"));
        }
        if (authorization == null) {
            throw new ProvisioningDeviceClientException(new IllegalArgumentException("authorization cannot be null"));
        }
        this.provisioningDeviceClientConfig = provisioningDeviceClientConfig;
        this.securityProvider = securityProvider;
        this.provisioningDeviceClientContract = provisioningDeviceClientContract;
        this.authorization = authorization;
        this.responseCallback = new ResponseCallbackImpl();
    }

    private RegistrationOperationStatusParser authenticateWithX509(RequestData requestData) throws ProvisioningDeviceClientException {
        try {
            ResponseData responseData = new ResponseData();
            this.provisioningDeviceClientContract.authenticateWithProvisioningService(requestData, this.responseCallback, responseData);
            waitForResponse(responseData);
            if (responseData.getResponseData() == null || responseData.getContractState() != ContractState.DPS_REGISTRATION_RECEIVED) {
                throw new ProvisioningDeviceClientException("Did not receive DPS registration successfully");
            }
            String str = new String(responseData.getResponseData(), StandardCharsets.UTF_8);
            try {
                return RegistrationOperationStatusParser.createFromJson(str);
            } catch (IllegalArgumentException e) {
                throw new ProvisioningDeviceClientException(ProvisioningErrorParser.createFromJson(str).getExceptionMessage());
            }
        } catch (InterruptedException e2) {
            throw new ProvisioningDeviceClientException(e2);
        }
    }

    private String constructSasToken() throws ProvisioningDeviceClientException, UnsupportedEncodingException, SecurityProviderException {
        String generateSasTokenUrl = new UrlPathBuilder(this.provisioningDeviceClientConfig.getIdScope()).generateSasTokenUrl(this.securityProvider.getRegistrationId());
        if (generateSasTokenUrl == null || generateSasTokenUrl.isEmpty()) {
            throw new ProvisioningDeviceClientException("Could not construct token scope");
        }
        Long valueOf = Long.valueOf((System.currentTimeMillis() / 1000) + 3600);
        String concat = generateSasTokenUrl.concat("\n" + valueOf);
        byte[] bArr = null;
        if (this.securityProvider instanceof SecurityProviderTpm) {
            bArr = this.securityProvider.signWithIdentity(concat.getBytes(StandardCharsets.UTF_8));
        } else if (this.securityProvider instanceof SecurityProviderSymmetricKey) {
            SecurityProviderSymmetricKey securityProviderSymmetricKey = this.securityProvider;
            bArr = securityProviderSymmetricKey.HMACSignData(concat.getBytes(StandardCharsets.UTF_8.displayName()), Base64.decodeBase64(securityProviderSymmetricKey.getSymmetricKey()));
        }
        if (bArr == null || bArr.length == 0) {
            throw new ProvisioningDeviceSecurityException("Security client could not sign data successfully");
        }
        return String.format(SASTOKEN_FORMAT, generateSasTokenUrl, URLEncoder.encode(new String(Base64.encodeBase64(bArr), StandardCharsets.UTF_8), StandardCharsets.UTF_8.displayName()), valueOf);
    }

    private RegistrationOperationStatusParser authenticateWithSasToken(RequestData requestData) throws IOException, InterruptedException, ProvisioningDeviceClientException, SecurityProviderException {
        String constructSasToken = constructSasToken();
        requestData.setSasToken(constructSasToken);
        ResponseData responseData = new ResponseData();
        this.provisioningDeviceClientContract.authenticateWithProvisioningService(requestData, this.responseCallback, responseData);
        waitForResponse(responseData);
        if (responseData.getResponseData() == null || responseData.getContractState() != ContractState.DPS_REGISTRATION_RECEIVED) {
            throw new ProvisioningDeviceClientAuthenticationException("Service did not authorize SasToken");
        }
        this.authorization.setSasToken(constructSasToken);
        String str = new String(responseData.getResponseData(), StandardCharsets.UTF_8);
        try {
            return RegistrationOperationStatusParser.createFromJson(str);
        } catch (IllegalArgumentException e) {
            throw new ProvisioningDeviceClientException(ProvisioningErrorParser.createFromJson(str).getExceptionMessage());
        }
    }

    private RegistrationOperationStatusParser authenticateWithTPM(RequestData requestData) throws ProvisioningDeviceClientException, SecurityProviderException {
        try {
            if (!(this.securityProvider instanceof SecurityProviderTpm)) {
                throw new ProvisioningDeviceClientException("could not identify security provider");
            }
            SecurityProviderTpm securityProviderTpm = this.securityProvider;
            ResponseData responseData = new ResponseData();
            log.debug("Requesting service nonce for tpm authentication");
            this.provisioningDeviceClientContract.requestNonceForTPM(requestData, this.responseCallback, responseData);
            waitForResponse(responseData);
            if (responseData.getContractState() != ContractState.DPS_REGISTRATION_RECEIVED) {
                throw new ProvisioningDeviceClientException("Did not receive DPS registration nonce successfully");
            }
            if (responseData.getResponseData() == null) {
                throw new ProvisioningDeviceClientAuthenticationException("Service did not send authentication key");
            }
            log.debug("Received service nonce, activating tpm identity key with it");
            securityProviderTpm.activateIdentityKey(responseData.getResponseData());
            log.debug("Authenticating with device provisioning service using the activated tpm identity key");
            return authenticateWithSasToken(requestData);
        } catch (IOException | InterruptedException e) {
            throw new ProvisioningDeviceClientException(e);
        }
    }

    private RegistrationOperationStatusParser authenticateWithDPS() throws ProvisioningDeviceClientException, SecurityProviderException {
        if (this.securityProvider.getRegistrationId() == null) {
            throw new ProvisioningDeviceClientException(new IllegalArgumentException("registration id cannot be null"));
        }
        try {
            SSLContext sSLContext = this.securityProvider.getSSLContext();
            if (sSLContext == null) {
                throw new ProvisioningDeviceSecurityException("Null SSL Context received from security client");
            }
            this.authorization.setSslContext(sSLContext);
            if (this.securityProvider instanceof SecurityProviderX509) {
                RequestData requestData = new RequestData(this.securityProvider.getRegistrationId(), sSLContext, true, this.provisioningDeviceClientConfig.getPayload());
                log.info("Authenticating with device provisioning service using x509 certificates");
                return authenticateWithX509(requestData);
            }
            if (!(this.securityProvider instanceof SecurityProviderTpm)) {
                if (!(this.securityProvider instanceof SecurityProviderSymmetricKey)) {
                    throw new ProvisioningDeviceSecurityException("Unknown Security client received");
                }
                RequestData requestData2 = new RequestData(this.securityProvider.getRegistrationId(), sSLContext, (String) null, this.provisioningDeviceClientConfig.getPayload());
                log.info("Authenticating with device provisioning service using symmetric key");
                return authenticateWithSasToken(requestData2);
            }
            SecurityProviderTpm securityProviderTpm = this.securityProvider;
            if (securityProviderTpm.getEndorsementKey() == null || securityProviderTpm.getStorageRootKey() == null) {
                throw new ProvisioningDeviceSecurityException(new IllegalArgumentException("Ek or SRK cannot be null"));
            }
            RequestData requestData3 = new RequestData(securityProviderTpm.getEndorsementKey(), securityProviderTpm.getStorageRootKey(), this.securityProvider.getRegistrationId(), sSLContext, null, this.provisioningDeviceClientConfig.getPayload());
            log.info("Authenticating with device provisioning service using tpm");
            return authenticateWithTPM(requestData3);
        } catch (SecurityProviderException | IOException | InterruptedException e) {
            throw new ProvisioningDeviceSecurityException((Throwable) e);
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.util.concurrent.Callable
    public RegistrationOperationStatusParser call() throws Exception {
        String uniqueIdentifier = this.provisioningDeviceClientConfig.getUniqueIdentifier();
        if (uniqueIdentifier == null) {
            uniqueIdentifier = "PendingConnectionId";
        }
        Thread.currentThread().setName(this.provisioningDeviceClientContract.getHostName() + "-" + this.provisioningDeviceClientConfig.getUniqueIdentifier() + "-Cxn" + uniqueIdentifier + "-" + THREAD_NAME);
        return authenticateWithDPS();
    }

    private void waitForResponse(ResponseData responseData) throws InterruptedException {
        long currentTimeMillis = System.currentTimeMillis();
        for (long j = 0; responseData.getContractState() != ContractState.DPS_REGISTRATION_RECEIVED && j < 90000; j = System.currentTimeMillis() - currentTimeMillis) {
            Thread.sleep(4000L);
        }
    }
}
