package com.google.android.apps.access.wifi.consumer.app.apconnection;

import com.google.android.apps.access.wifi.consumer.app.apconnection.BleApConnector;
import com.google.android.apps.access.wifi.consumer.app.apconnection.BleManager;
import com.google.android.apps.access.wifi.consumer.util.CryptoUtilities;
import com.google.android.libraries.access.apconnection.ApConnector;
import defpackage.biz;
import java.nio.charset.Charset;
import java.security.KeyPair;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Locale;
import java.util.UUID;

/* compiled from: PG */
/* loaded from: classes.dex */
public class BleSecurity {
    public static final String ENCRYPTION_KEY_READ = "READ_ENCRYPTION_KEY";
    public static final String ENCRYPTION_KEY_WRITE = "WRITE_ENCRYPTION_KEY";
    public static final boolean FAILURE = false;
    public static final String HKDF_INFO_AUTHENTICATION = "AUTHENTICATION";
    public static final String HKDF_INFO_ENCRYPTION = "ENCRYPTION";
    public static final int NONCE_LENGTH = 16;
    public static final boolean SUCCESS = true;
    public byte[] apNonce;
    public byte[] appNonce;
    public final BleManager bleManager;
    public ApConnector.Callback callback;
    public byte[] encryptionKey = null;
    public byte[] masterKey;
    public String psk;
    public static final UUID ECDH_PUBLIC_KEY_UUID = UUID.fromString("22216033-F99B-412B-AFCA-670FD4BEDFF5");
    public static final UUID HMAC_NONCE_UUID = UUID.fromString("2DAB7A51-4BC8-4349-9624-46F1411FD030");
    public static final UUID HMAC_PROOF_UUID = UUID.fromString("E5B59E5A-774F-49D7-9DE0-7504B099EC50");
    public static final Charset USASCII_CHARSET = Charset.forName("US-ASCII");

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: PG */
    /* loaded from: classes.dex */
    public enum AuthState {
        START,
        ECDH_EXCHANGE,
        NONCE_EXCHANGE,
        PROOF_EXCHANGE
    }

    public BleSecurity(BleManager bleManager) {
        this.bleManager = bleManager;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void exchangeECDHKey() {
        try {
            final KeyPair generateECDHKeyPair = CryptoUtilities.generateECDHKeyPair();
            ApConnector.Callback callback = new ApConnector.Callback() { // from class: com.google.android.apps.access.wifi.consumer.app.apconnection.BleSecurity.2
                @Override // com.google.android.libraries.access.apconnection.ApConnector.Callback
                public void onLocalApOperationComplete(ApConnector.LocalApResult localApResult) {
                    if (localApResult.getStatus() != ApConnector.LocalApResult.Status.SUCCESS) {
                        biz.c(null, "Failed to perform ECDH key exchange.", new Object[0]);
                        BleSecurity.this.finishAuthenticationFlow(false, BleSecurity.ECDH_PUBLIC_KEY_UUID);
                        return;
                    }
                    try {
                        BleSecurity.this.masterKey = CryptoUtilities.generateECDHMasterKey(generateECDHKeyPair, ((BleApConnector.Result) localApResult).getValue());
                        BleSecurity.this.encryptionKey = CryptoUtilities.generateHKDFBytes(BleSecurity.this.masterKey, BleSecurity.this.psk.getBytes(BleSecurity.USASCII_CHARSET), BleSecurity.HKDF_INFO_ENCRYPTION.getBytes(BleSecurity.USASCII_CHARSET));
                        BleSecurity.this.requestApAuthStatus(AuthState.ECDH_EXCHANGE);
                    } catch (CryptoUtilities.CryptoException e) {
                        biz.c(null, "Exception generating encryption key, message=%s", e.getMessage());
                        BleSecurity.this.finishAuthenticationFlow(false, BleSecurity.ECDH_PUBLIC_KEY_UUID);
                    }
                }
            };
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BleManager.Command(false, ECDH_PUBLIC_KEY_UUID, CryptoUtilities.convertECDHPublicKeyToBytes(generateECDHKeyPair.getPublic())));
            arrayList.add(new BleManager.Command(true, ECDH_PUBLIC_KEY_UUID, null));
            this.bleManager.execute(callback, arrayList, null, false);
        } catch (CryptoUtilities.CryptoException e) {
            biz.c(null, "Exception exchanging ECDH key, message=%s", e.getMessage());
            finishAuthenticationFlow(false, ECDH_PUBLIC_KEY_UUID);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void exchangeNonce() {
        this.appNonce = CryptoUtilities.generateRandom(16);
        ApConnector.Callback callback = new ApConnector.Callback() { // from class: com.google.android.apps.access.wifi.consumer.app.apconnection.BleSecurity.3
            @Override // com.google.android.libraries.access.apconnection.ApConnector.Callback
            public void onLocalApOperationComplete(ApConnector.LocalApResult localApResult) {
                if (localApResult.getStatus() != ApConnector.LocalApResult.Status.SUCCESS) {
                    biz.c(null, "Failed to perfom nonce exchange.", new Object[0]);
                    BleSecurity.this.finishAuthenticationFlow(false, BleSecurity.HMAC_NONCE_UUID);
                    return;
                }
                BleSecurity.this.apNonce = ((BleApConnector.Result) localApResult).getValue();
                if (!Arrays.equals(BleSecurity.this.appNonce, BleSecurity.this.apNonce)) {
                    BleSecurity.this.requestApAuthStatus(AuthState.NONCE_EXCHANGE);
                } else {
                    biz.c(null, "AP nonce same as app nonce", new Object[0]);
                    BleSecurity.this.finishAuthenticationFlow(false, BleSecurity.HMAC_NONCE_UUID);
                }
            }
        };
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BleManager.Command(false, HMAC_NONCE_UUID, this.appNonce));
        arrayList.add(new BleManager.Command(true, HMAC_NONCE_UUID, null));
        this.bleManager.execute(callback, arrayList, null, false);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void exchangeProof() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.apNonce);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(this.appNonce);
        try {
            byte[] generateHKDFBytes = CryptoUtilities.generateHKDFBytes(this.masterKey, this.psk.getBytes(USASCII_CHARSET), HKDF_INFO_AUTHENTICATION.getBytes(USASCII_CHARSET));
            byte[] generateHMAC = CryptoUtilities.generateHMAC(generateHKDFBytes, arrayList);
            final byte[] generateHMAC2 = CryptoUtilities.generateHMAC(generateHKDFBytes, arrayList2);
            ApConnector.Callback callback = new ApConnector.Callback() { // from class: com.google.android.apps.access.wifi.consumer.app.apconnection.BleSecurity.4
                @Override // com.google.android.libraries.access.apconnection.ApConnector.Callback
                public void onLocalApOperationComplete(ApConnector.LocalApResult localApResult) {
                    if (localApResult.getStatus() == ApConnector.LocalApResult.Status.SUCCESS && Arrays.equals(((BleApConnector.Result) localApResult).getValue(), generateHMAC2)) {
                        BleSecurity.this.requestApAuthStatus(AuthState.PROOF_EXCHANGE);
                    } else {
                        biz.c(null, "Proof invalid", new Object[0]);
                        BleSecurity.this.finishAuthenticationFlow(false, BleSecurity.HMAC_PROOF_UUID);
                    }
                }
            };
            ArrayList arrayList3 = new ArrayList();
            arrayList3.add(new BleManager.Command(false, HMAC_PROOF_UUID, generateHMAC));
            arrayList3.add(new BleManager.Command(true, HMAC_PROOF_UUID, null));
            this.bleManager.execute(callback, arrayList3, null, false);
        } catch (CryptoUtilities.CryptoException e) {
            biz.c(null, "Exception exchanging proof, message=%s", e.getMessage());
            finishAuthenticationFlow(false, HMAC_PROOF_UUID);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void finishAuthenticationFlow(boolean z, UUID uuid) {
        if (z) {
            biz.a(null, "Authentication flow succeed on UUID: %s", uuid.toString());
            this.bleManager.setEncryptionKey(this.encryptionKey);
        } else {
            biz.a(null, "Authentication flow failed on UUID: %s", uuid.toString());
        }
        if (this.callback != null) {
            ApConnector.Callback callback = this.callback;
            stop();
            callback.onLocalApOperationComplete(new BleApConnector.Result(z ? ApConnector.LocalApResult.Status.SUCCESS : ApConnector.LocalApResult.Status.FAILURE, uuid, null));
        }
    }

    public static byte[] generateKeyFromUUID(byte[] bArr, UUID uuid, boolean z) {
        if (bArr == null) {
            throw new IllegalArgumentException("Encryption key must not be null.");
        }
        String valueOf = String.valueOf(uuid.toString().toUpperCase(Locale.US));
        String valueOf2 = String.valueOf(z ? "R" : "W");
        return CryptoUtilities.generateHKDFBytes(bArr, (valueOf2.length() != 0 ? valueOf.concat(valueOf2) : new String(valueOf)).getBytes(USASCII_CHARSET), (z ? ENCRYPTION_KEY_READ : ENCRYPTION_KEY_WRITE).getBytes(USASCII_CHARSET));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void requestApAuthStatus(final AuthState authState) {
        BleManager.Command command = new BleManager.Command(true, BleApConnector.AUTH_STATUS_UUID, null);
        this.bleManager.execute(new ApConnector.Callback() { // from class: com.google.android.apps.access.wifi.consumer.app.apconnection.BleSecurity.1
            @Override // com.google.android.libraries.access.apconnection.ApConnector.Callback
            public void onLocalApOperationComplete(ApConnector.LocalApResult localApResult) {
                if (localApResult.getStatus() != ApConnector.LocalApResult.Status.SUCCESS) {
                    biz.c(null, "Failed to retrieve local ap result", new Object[0]);
                    BleSecurity.this.finishAuthenticationFlow(false, BleApConnector.AUTH_STATUS_UUID);
                    return;
                }
                BleApConnector.Result result = (BleApConnector.Result) localApResult;
                if (authState == AuthState.START) {
                    BleSecurity.this.exchangeECDHKey();
                    return;
                }
                if (result.isReadyForNonceExchange() && authState == AuthState.ECDH_EXCHANGE) {
                    BleSecurity.this.exchangeNonce();
                    return;
                }
                if (result.isProofReady() && authState == AuthState.NONCE_EXCHANGE) {
                    BleSecurity.this.exchangeProof();
                } else if (result.isProofValid() && authState == AuthState.PROOF_EXCHANGE) {
                    BleSecurity.this.finishAuthenticationFlow(true, BleApConnector.AUTH_STATUS_UUID);
                } else {
                    biz.c(null, "Previous state unexpected.", new Object[0]);
                    BleSecurity.this.finishAuthenticationFlow(false, BleApConnector.AUTH_STATUS_UUID);
                }
            }
        }, Collections.singletonList(command), null, false);
    }

    public void performAuthenticationFlow(ApConnector.Callback callback, String str) {
        this.callback = callback;
        this.psk = str;
        requestApAuthStatus(AuthState.START);
    }

    public void stop() {
        this.callback = null;
        this.bleManager.stop();
    }
}
