package com.meta.wearable.acdc.sdk.auth;

import com.facebook.wearable.airshield.security.PrivateKey;
import com.facebook.wearable.connectivity.security.linksetup.Challenges;
import com.facebook.wearable.connectivity.security.linksetup.ExtensionsKt;
import com.facebook.wearable.constellation.data.ConstellationManifest;
import com.facebook.wearable.constellation.data.ConstellationSignedContent;
import com.facebook.wearable.datax.Connection;
import com.facebook.wearable.datax.Error;
import com.facebook.wearable.datax.LocalChannel;
import com.facebook.wearable.datax.ProtocolException;
import com.facebook.wearable.datax.RemoteChannel;
import com.facebook.wearable.datax.Service;
import com.facebook.wearable.datax.TypedBuffer;
import com.facebook.wearable.datax.util.ByteBufferOutputStream;
import com.google.protobuf.InvalidProtocolBufferException;
import com.google.protobuf.h;
import com.meta.common.monad.railway.Result;
import com.meta.constellationauth.EnableTrust;
import com.meta.constellationauth.Errors;
import com.meta.constellationauth.MessageType;
import com.meta.wearable.acdc.sdk.api.ACDCReason;
import com.meta.wearable.acdc.sdk.api.ACDCResultCode;
import com.meta.wearable.acdc.sdk.api.ACDCSecureRegistrar;
import com.meta.wearable.acdc.sdk.log.ACDCLog;
import com.meta.wearable.acdc.sdk.store.ACDCStore;
import java.nio.ByteBuffer;
import java.util.UUID;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.i;
import org.jetbrains.annotations.NotNull;

@Metadata
/* loaded from: classes11.dex */
public final class ConstellationAuthentication extends Service {

    @NotNull
    public static final Companion Companion = new Companion(null);
    private static final int KEY_TAG_PREFIX_SIZE = 8;

    @NotNull
    private static final String TAG = "ConstellationAuthentication";
    private Challenges challenges;

    @NotNull
    private final Connection connection;
    private LocalChannel localChannel;
    private boolean okMessageReceived;
    private boolean okMessageSent;

    @NotNull
    private Function1<? super Result<Unit, ACDCReason>, Unit> onTrustEnabledCallback;

    @NotNull
    private ConstellationSignedContent parsedSignedContent;

    @NotNull
    private final ACDCSecureRegistrar registrar;

    @NotNull
    private final UUID session;

    @NotNull
    private final ACDCStore store;

    @Metadata
    /* loaded from: classes10.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public ConstellationAuthentication(@NotNull UUID session, @NotNull Connection connection, @NotNull ACDCStore store, @NotNull ACDCSecureRegistrar registrar) {
        super(79);
        Intrinsics.checkNotNullParameter(session, "session");
        Intrinsics.checkNotNullParameter(connection, "connection");
        Intrinsics.checkNotNullParameter(store, "store");
        Intrinsics.checkNotNullParameter(registrar, "registrar");
        this.session = session;
        this.connection = connection;
        this.store = store;
        this.registrar = registrar;
        this.onTrustEnabledCallback = ConstellationAuthentication$onTrustEnabledCallback$1.INSTANCE;
        this.parsedSignedContent = parseSignedContent(store.getManifestFile());
        connection.register(this);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final TypedBuffer createEnableTrustMessage(h hVar, h hVar2, long j11, String str) {
        EnableTrust build = EnableTrust.newBuilder().setKeyTag(hVar).setSignature(hVar2).setManifestVersion(j11).setClientVersion(str).build();
        ByteBuffer allocateDirect = ByteBuffer.allocateDirect(build.getSerializedSize());
        Intrinsics.e(allocateDirect);
        build.writeTo(new ByteBufferOutputStream(allocateDirect));
        allocateDirect.flip();
        int value = MessageType.ENABLE_TRUST.getValue();
        Intrinsics.e(allocateDirect);
        return new TypedBuffer(value, allocateDirect);
    }

    private final TypedBuffer createManifestFileTransferCompleteMessage() {
        ConstellationSignedContent parseSignedContent = parseSignedContent(this.store.getManifestFile());
        ByteBuffer allocateDirect = ByteBuffer.allocateDirect(parseSignedContent.getSerializedSize());
        Intrinsics.e(allocateDirect);
        parseSignedContent.writeTo(new ByteBufferOutputStream(allocateDirect));
        allocateDirect.flip();
        int value = MessageType.MANIFEST_FILE_TRANSFER_COMPLETE.getValue();
        Intrinsics.e(allocateDirect);
        return new TypedBuffer(value, allocateDirect);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final synchronized LocalChannel getChannel() {
        LocalChannel localChannel = this.localChannel;
        if (localChannel != null && !localChannel.getClosed()) {
            return localChannel;
        }
        LocalChannel openChannel = this.connection.openChannel(79);
        openChannel.setOnError(new ConstellationAuthentication$getChannel$newChannel$1$1(this));
        this.localChannel = openChannel;
        return openChannel;
    }

    private final void handleEnableTrustReceived(RemoteChannel remoteChannel, TypedBuffer typedBuffer) {
        EnableTrust enableTrust;
        ACDCLog.INSTANCE.i(TAG, "[session=" + this.session + "] handleEnableTrustReceived(): Received enable trust message from peer");
        try {
            enableTrust = EnableTrust.parseFrom(typedBuffer.getBytes());
            Intrinsics.e(enableTrust);
        } catch (InvalidProtocolBufferException e11) {
            ACDCLog.INSTANCE.e(TAG, "[session=" + this.session + "] handleEnableTrustReceived(): Error while parsing enable trust message received", e11);
            EnableTrust build = EnableTrust.newBuilder().setManifestVersion(0L).build();
            Intrinsics.e(build);
            enableTrust = build;
        }
        long manifestVersion = enableTrust.getManifestVersion();
        long intValue = ((Number) this.store.loadManifest().fold(ConstellationAuthentication$handleEnableTrustReceived$selfVersion$1.INSTANCE, ConstellationAuthentication$handleEnableTrustReceived$selfVersion$2.INSTANCE)).intValue();
        if (manifestVersion == intValue) {
            ACDCLog aCDCLog = ACDCLog.INSTANCE;
            aCDCLog.i(TAG, "[session=" + this.session + "] handleEnableTrustReceived(): [peerVersion=" + manifestVersion + ", selfVersion=" + intValue + "] Peer has same manifest version");
            if (((int) manifestVersion) != 0) {
                verifySignature(enableTrust).onSuccess(new ConstellationAuthentication$handleEnableTrustReceived$1(this, remoteChannel)).onFailure(new ConstellationAuthentication$handleEnableTrustReceived$2(remoteChannel, this));
                return;
            }
            aCDCLog.e(TAG, "[session=" + this.session + "] handleEnableTrustReceived(): Manifest not found in both peers");
            try {
                remoteChannel.send(new Error(Errors.FAILURE.getValue()));
                this.onTrustEnabledCallback.invoke(Result.Companion.failure(new ACDCReason(ACDCResultCode.AUTH_RECEIVED_ENABLE_TRUST_BUT_BOTH_PEERS_HAVE_NO_MANIFEST, "ACDC received an enable trust message from the wearable during authentication,\nbut the enable trust message didn't have a manifest and neither does this app.")));
                return;
            } catch (ProtocolException e12) {
                ACDCLog.INSTANCE.e(TAG, "[session=" + this.session + "] handleEnableTrustReceived(): Failed to send enable trust failure message", e12);
                this.onTrustEnabledCallback.invoke(Result.Companion.failure(new ACDCReason(ACDCResultCode.AUTH_RECEIVED_ENABLE_TRUST_WITHOUT_MANIFEST_AND_FAILED_TO_SEND_FAILURE_IN_RESPONSE, i.g("\n                      ACDC received an enable trust message from the wearable during authentication,\n                      but the enable trust message didn't have a manifest, so ACDC tried to send a\n                      `Failure` error back to the wearable. However, that failed to send due to a\n                      DataX Protocol Exception: " + e12 + "\n                      "))));
                return;
            }
        }
        if (manifestVersion > intValue) {
            ACDCLog.INSTANCE.i(TAG, "[session=" + this.session + "] handleEnableTrustReceived(): [peerVersion=" + manifestVersion + ", selfVersion=" + intValue + "] Peer has newer manifest version, sending NEED_MANIFEST");
            try {
                remoteChannel.send(new Error(Errors.NEED_MANIFEST.getValue()));
                return;
            } catch (ProtocolException e13) {
                ACDCLog.INSTANCE.e(TAG, "[session=" + this.session + "] handleEnableTrustReceived(): Failed to send need manifest message", e13);
                this.onTrustEnabledCallback.invoke(Result.Companion.failure(new ACDCReason(ACDCResultCode.AUTH_RECEIVED_ENABLE_TRUST_FAILED_TO_SEND_NEED_MANIFEST, i.g("\n                    ACDC received an enable trust message from the wearable during authentication,\n                    and the wearable has a higher manifest version (" + manifestVersion + ") than this app's\n                    manifest (" + intValue + "). So ACDC tried to send a NEED_MANIFEST message to the\n                    wearable, but that message failed to send due to a DataX Protocol Exception: " + e13 + "\n                    "))));
                return;
            }
        }
        ACDCLog.INSTANCE.i(TAG, "[session=" + this.session + "] handleEnableTrustReceived(): [peerVersion=" + manifestVersion + ", selfVersion=" + intValue + "] Peer has older manifest version, sending MANIFEST_OUT_OF_DATE");
        try {
            remoteChannel.send(new Error(Errors.MANIFEST_OUT_OF_DATE.getValue()));
        } catch (ProtocolException e14) {
            ACDCLog.INSTANCE.e(TAG, "[session=" + this.session + "] handleEnableTrustReceived(): Failed to send invalid manifest message", e14);
            this.onTrustEnabledCallback.invoke(Result.Companion.failure(new ACDCReason(ACDCResultCode.AUTH_RECEIVED_ENABLE_TRUST_FAILED_TO_SEND_MANIFEST_OUT_OF_DATE, i.g("\n                    ACDC received an enable trust message from the wearable during authentication,\n                    and the wearable has a lower manifest version (" + manifestVersion + ") than this app's\n                    manifest (" + intValue + "). So ACDC tried to send a MANIFEST_OUT_OF_DATE message\n                    to the wearable, but that message failed to send due to a DataX Protocol Exception: " + e14 + "\n                    "))));
        }
    }

    private final void handleManifestFileTransferComplete(RemoteChannel remoteChannel, TypedBuffer typedBuffer) {
        try {
            ConstellationSignedContent parseFrom = ConstellationSignedContent.parseFrom(typedBuffer.getBytes());
            Intrinsics.e(parseFrom);
            setParsedSignedContent(parseFrom);
        } catch (InvalidProtocolBufferException e11) {
            ACDCLog.INSTANCE.e(TAG, "[session=" + this.session + "] Failed to parse manifest file complete");
            this.onTrustEnabledCallback.invoke(Result.Companion.failure(new ACDCReason(ACDCResultCode.AUTH_RECEIVED_MANIFEST_FILE_TRANSFER_COMPLETE_FAILED_TO_PARSE_MANIFEST, "\n                  ACDC failed to parse the last chunk of the manifest file received from the wearable during authentication due to an InvalidProtocolBufferException: " + e11 + "\n                  ")));
        }
        ACDCStore aCDCStore = this.store;
        byte[] byteArray = this.parsedSignedContent.toByteArray();
        Intrinsics.checkNotNullExpressionValue(byteArray, "toByteArray(...)");
        aCDCStore.storeManifestFile(byteArray).onSuccess(new ConstellationAuthentication$handleManifestFileTransferComplete$1(this)).onFailure(new ConstellationAuthentication$handleManifestFileTransferComplete$2(this, remoteChannel));
    }

    private final void handleManifestFileTransferData(RemoteChannel remoteChannel, TypedBuffer typedBuffer) {
        ACDCLog.INSTANCE.i(TAG, "[session=" + this.session + "] Received manifest file transfer data message from peer");
        try {
            ConstellationSignedContent parseFrom = ConstellationSignedContent.parseFrom(typedBuffer.getBytes());
            Intrinsics.e(parseFrom);
            setParsedSignedContent(parseFrom);
        } catch (InvalidProtocolBufferException e11) {
            ACDCLog.INSTANCE.e(TAG, "[session=" + this.session + "] Failed to parse manifest file received");
            this.onTrustEnabledCallback.invoke(Result.Companion.failure(new ACDCReason(ACDCResultCode.AUTH_RECEIVED_MANIFEST_FILE_TRANSFER_DATA_FAILED_TO_PARSE_MANIFEST, i.g("\n                  ACDC failed to parse a chunk of the manifest file received from the wearable during authentication due to an InvalidProtocolBufferException: " + e11 + "\n                  "))));
        }
    }

    private final boolean isTrustEnabled() {
        return this.okMessageReceived && this.okMessageSent;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void onError(ProtocolException protocolException) {
        int value = protocolException.getError().getValue();
        if (value == Errors.NEED_MANIFEST.getValue()) {
            sendManifest();
            sendEnableTrust(getChannel());
            return;
        }
        if (value == Errors.INVALID_MANIFEST.getValue()) {
            this.registrar.unregisterLinkableApp(new ConstellationAuthentication$onError$1(this));
            this.onTrustEnabledCallback.invoke(Result.Companion.failure(new ACDCReason(ACDCResultCode.AUTH_RECEIVED_INVALID_MANIFEST_ERROR_FROM_PEER, i.g("\n                    ACDC received an invalid manifest error from peer during constellation authentication.\n                    The peer received our manifest, but it was invalid from the peer's perspective.\n                    This means our manifest was built from a different private authority key than the peer's manifest.\n                    This can happen if the user reinstalled the Meta View app, but this app wasn't made aware.\n                    App is in a bad state so unregistering this app from ACDC: " + protocolException + "\n                    "))));
            return;
        }
        if (value == Errors.INVALID_PEER.getValue()) {
            this.registrar.unregisterLinkableApp(new ConstellationAuthentication$onError$2(this));
            this.onTrustEnabledCallback.invoke(Result.Companion.failure(new ACDCReason(ACDCResultCode.AUTH_RECEIVED_INVALID_PEER_ERROR_FROM_PEER, i.g("\n                    ACDC received an invalid peer error from peer during constellation authentication.\n                    Peer could not find this app in their manifest.\n                    This can happen if the user unregisters the app from the Meta View app, but this app wasn't made aware.\n                    App is in a bad state so unregistering this app from ACDC: " + protocolException + "\n                    "))));
            return;
        }
        if (value == Errors.MANIFEST_OUT_OF_DATE.getValue()) {
            ACDCLog.INSTANCE.i(TAG, "[session=" + this.session + "] Waiting on receiving new manifest");
            return;
        }
        if (value == Error.Ok.getValue()) {
            setOkMessageReceived(true);
            return;
        }
        if (value == Errors.FAILURE.getValue()) {
            this.onTrustEnabledCallback.invoke(Result.Companion.failure(new ACDCReason(ACDCResultCode.AUTH_RECEIVED_ENABLE_TRUST_FAILURE_FROM_PEER, "ACDC received a generic failure from peer during constellation authentication: " + protocolException)));
            return;
        }
        this.onTrustEnabledCallback.invoke(Result.Companion.failure(new ACDCReason(ACDCResultCode.AUTH_RECEIVED_UNKNOWN_ENABLE_TRUST_FAILURE_FROM_PEER, "ACDC received an unknown failure from peer during constellation authentication: " + protocolException)));
    }

    private final ConstellationManifest parseManifestFile(byte[] bArr) {
        try {
            ConstellationManifest parseFrom = ConstellationManifest.parseFrom(bArr);
            Intrinsics.e(parseFrom);
            return parseFrom;
        } catch (InvalidProtocolBufferException e11) {
            ACDCLog.INSTANCE.e(TAG, "[session=" + this.session + "] Error while parsing signed content", e11);
            ConstellationManifest build = ConstellationManifest.newBuilder().build();
            Intrinsics.e(build);
            return build;
        }
    }

    private final ConstellationSignedContent parseSignedContent(byte[] bArr) {
        try {
            ConstellationSignedContent parseFrom = ConstellationSignedContent.parseFrom(bArr);
            Intrinsics.e(parseFrom);
            return parseFrom;
        } catch (InvalidProtocolBufferException e11) {
            ACDCLog.INSTANCE.e(TAG, "[session=" + this.session + "] Error while parsing signed content", e11);
            ConstellationSignedContent build = ConstellationSignedContent.newBuilder().build();
            Intrinsics.e(build);
            return build;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void sendEnableTrust(LocalChannel localChannel) {
        PrivateKey appPrivateKey = this.store.getAppPrivateKey();
        if (appPrivateKey != null) {
            Challenges challenges = this.challenges;
            if (challenges == null) {
                Intrinsics.w("challenges");
                challenges = null;
            }
            this.store.loadManifest().onSuccess(new ConstellationAuthentication$sendEnableTrust$2(this, appPrivateKey, localChannel, appPrivateKey.sign(challenges.getTx()))).onFailure(new ConstellationAuthentication$sendEnableTrust$3(this));
            return;
        }
        ACDCLog.INSTANCE.e(TAG, "[session=" + this.session + "] sendEnableTrust(): No app private key on disk");
        this.onTrustEnabledCallback.invoke(Result.Companion.failure(new ACDCReason(ACDCResultCode.AUTH_SEND_ENABLE_TRUST_FAILED_MISSING_APP_PRIVATE_KEY, "ACDC failed to construct an EnableTrust message for the wearable during authentication \nbecause there is no app private key found on disk. This can happen if the app's \ndisk space was cleared or this app did not register properly.")));
    }

    private final void sendManifest() {
        try {
            getChannel().send(createManifestFileTransferCompleteMessage());
        } catch (ProtocolException e11) {
            ACDCLog.INSTANCE.e(TAG, "[session=" + this.session + "] Failed to send manifest file transfer data message", e11);
            this.onTrustEnabledCallback.invoke(Result.Companion.failure(new ACDCReason(ACDCResultCode.AUTH_SEND_MANIFEST_FILE_TRANSFER_COMPLETE_FAILED_TO_SEND_MANIFEST, i.g("\n                    ACDC failed to send the last chunk of the manifest file to the wearable during authentication due to a DataX Protocol Exception: " + e11 + "\n                  "))));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void sendTrustResult(RemoteChannel remoteChannel) {
        ACDCLog.INSTANCE.i(TAG, "[session=" + this.session + "] Sending trust result OK message to peer");
        try {
            remoteChannel.send(Error.Ok);
        } catch (ProtocolException e11) {
            this.onTrustEnabledCallback.invoke(Result.Companion.failure(new ACDCReason(ACDCResultCode.AUTH_SEND_TRUST_RESULT_FAILED_TO_SEND_MESSAGE, i.g("\n                    ACDC failed to send the trust result OK message to the wearable during authentication due to a DataX Protocol Exception: " + e11 + "\n                  "))));
        }
        setOkMessageSent(true);
    }

    private final void setOkMessageReceived(boolean z11) {
        this.okMessageReceived = z11;
        if (isTrustEnabled()) {
            this.onTrustEnabledCallback.invoke(Result.Companion.success(Unit.f73768a));
        }
    }

    private final void setOkMessageSent(boolean z11) {
        this.okMessageSent = z11;
        if (isTrustEnabled()) {
            this.onTrustEnabledCallback.invoke(Result.Companion.success(Unit.f73768a));
        }
    }

    private final void setParsedSignedContent(ConstellationSignedContent constellationSignedContent) {
        this.parsedSignedContent = constellationSignedContent;
    }

    private final Result<Unit, Errors> verifySignature(EnableTrust enableTrust) {
        return (Result) this.store.loadManifest().fold(new ConstellationAuthentication$verifySignature$1(enableTrust, this), new ConstellationAuthentication$verifySignature$2(this));
    }

    public final void detach() {
        ACDCLog.INSTANCE.i(TAG, "[session=" + this.session + "] Detaching from connection");
        ExtensionsKt.closeSafely(getChannel());
        unregister();
    }

    @Override // com.facebook.wearable.datax.Service
    public void onReceived(@NotNull RemoteChannel channel, @NotNull TypedBuffer buffer) {
        Intrinsics.checkNotNullParameter(channel, "channel");
        Intrinsics.checkNotNullParameter(buffer, "buffer");
        int type = buffer.getType();
        if (type == MessageType.ENABLE_TRUST.getValue()) {
            handleEnableTrustReceived(channel, buffer);
            return;
        }
        if (type == MessageType.MANIFEST_FILE_TRANSFER_DATA.getValue()) {
            handleManifestFileTransferData(channel, buffer);
            return;
        }
        if (type == MessageType.MANIFEST_FILE_TRANSFER_COMPLETE.getValue()) {
            handleManifestFileTransferComplete(channel, buffer);
            return;
        }
        ACDCLog.INSTANCE.e(TAG, "[session=" + this.session + "] Received unknown message type: " + buffer.getType());
        try {
            channel.send(Error.UnknownType);
        } catch (ProtocolException e11) {
            this.onTrustEnabledCallback.invoke(Result.Companion.failure(new ACDCReason(ACDCResultCode.AUTH_RECEIVED_UNKNOWN_MESSAGE_AND_FAILED_TO_SEND_UNKNOWN_TYPE_IN_RESPONSE, i.g("\n                      ACDC received an unknown message type " + buffer.getType() + " during authentication,\n                      so ACDC tried to send an `UnknownType` error back to the wearable,\n                      but it failed to send due to a DataX Protocol Exception: " + e11 + "\n                      "))));
        }
    }

    public final void startAuthentication(@NotNull Challenges challenges, @NotNull Function1<? super Result<Unit, ACDCReason>, Unit> onTrustEnabledCallback) {
        Intrinsics.checkNotNullParameter(challenges, "challenges");
        Intrinsics.checkNotNullParameter(onTrustEnabledCallback, "onTrustEnabledCallback");
        this.challenges = challenges;
        this.onTrustEnabledCallback = onTrustEnabledCallback;
        sendEnableTrust(getChannel());
    }
}
