package com.google.android.apps.authenticator.enroll2sv.enroller;

import com.google.android.apps.authenticator.TotpClock;
import com.google.android.apps.authenticator.Utilities;
import com.google.android.apps.authenticator.enroll2sv.backend.Backend;
import com.google.android.apps.authenticator.enroll2sv.backend.BackendException;
import com.google.android.apps.authenticator.enroll2sv.backend.ConnectivityException;
import com.google.android.apps.authenticator.enroll2sv.backend.EnrollRequest;
import com.google.android.apps.authenticator.enroll2sv.backend.EnrollResponse;
import com.google.android.apps.authenticator.enroll2sv.backend.GetSharedSecretRequest;
import com.google.android.apps.authenticator.enroll2sv.backend.GetSharedSecretResponse;
import com.google.android.apps.authenticator.enroll2sv.backend.PhoneNumber;
import com.google.android.apps.authenticator.enroll2sv.backend.Response;
import com.google.android.apps.authenticator.enroll2sv.backend.SharedSecretVerifier;
import com.google.android.apps.authenticator.enroll2sv.backend.UnenrollRequest;
import com.google.android.apps.authenticator.enroll2sv.backend.UnenrollResponse;
import com.google.android.apps.authenticator.enroll2sv.enroller.Enroller;
import com.google.android.apps.authenticator.timesync.NetworkTimeProvider;
import com.google.android.apps.authenticator.timesync.SyncNowController;
import com.google.android.apps.authenticator2.R;
import com.google.common.base.Preconditions;
import com.google.common.util.concurrent.MoreExecutors;
import java.util.List;
import java.util.Random;

/* loaded from: classes.dex */
public class BackendBasedEnroller implements Enroller {
    private final Backend mBackend;
    private final NetworkTimeProvider mNetworkTimeProvider;
    private final Random mRng;
    private final SharedSecretVerifier mSharedSecretVerifier;
    private final TotpClock mTotpClock;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.google.android.apps.authenticator.enroll2sv.enroller.BackendBasedEnroller$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$google$android$apps$authenticator$enroll2sv$backend$Response$Error = new int[Response.Error.values().length];

        static {
            try {
                $SwitchMap$com$google$android$apps$authenticator$enroll2sv$backend$Response$Error[Response.Error.ALREADY_ENROLLED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$google$android$apps$authenticator$enroll2sv$backend$Response$Error[Response.Error.ALREADY_ENROLLED_INTERNAL.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$google$android$apps$authenticator$enroll2sv$backend$Response$Error[Response.Error.INVALID_AUTH_TOKEN.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$google$android$apps$authenticator$enroll2sv$backend$Response$Error[Response.Error.DISALLOWED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$google$android$apps$authenticator$enroll2sv$backend$Response$Error[Response.Error.DISALLOWED_BY_POLICY.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$com$google$android$apps$authenticator$enroll2sv$backend$Response$Error[Response.Error.BAD_SKEW.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$com$google$android$apps$authenticator$enroll2sv$backend$Response$Error[Response.Error.UPDATE_REQUIRED.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$com$google$android$apps$authenticator$enroll2sv$backend$Response$Error[Response.Error.BAD_SECRET.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$com$google$android$apps$authenticator$enroll2sv$backend$Response$Error[Response.Error.BAD_PHONE_NUMBER.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$com$google$android$apps$authenticator$enroll2sv$backend$Response$Error[Response.Error.SESSION_EXPIRED.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$com$google$android$apps$authenticator$enroll2sv$backend$Response$Error[Response.Error.UNSUPPORTED_COUNTRY.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class Session {
        private List<PhoneNumber> backupPhoneNumbers;
        private byte[] sharedSecret;
        private byte[] verifierNonce;

        private Session() {
        }

        /* synthetic */ Session(AnonymousClass1 anonymousClass1) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class SyncNowResultCapturingPresenter implements SyncNowController.Presenter {
        private SyncNowController.Result result;

        private SyncNowResultCapturingPresenter() {
        }

        /* synthetic */ SyncNowResultCapturingPresenter(AnonymousClass1 anonymousClass1) {
            this();
        }

        @Override // com.google.android.apps.authenticator.timesync.SyncNowController.Presenter
        public void onDone(SyncNowController.Result result) {
            this.result = result;
        }

        @Override // com.google.android.apps.authenticator.timesync.SyncNowController.Presenter
        public void onStarted() {
        }
    }

    public BackendBasedEnroller(Backend backend, Random random, SharedSecretVerifier sharedSecretVerifier, TotpClock totpClock, NetworkTimeProvider networkTimeProvider) {
        this.mBackend = backend;
        this.mRng = random;
        this.mSharedSecretVerifier = sharedSecretVerifier;
        this.mTotpClock = totpClock;
        this.mNetworkTimeProvider = networkTimeProvider;
    }

    private Session establishSession(Enroller.EnrollParams enrollParams) throws EnrollerException {
        return establishSession(enrollParams, true);
    }

    private Session establishSession(Enroller.EnrollParams enrollParams, boolean z) throws EnrollerException {
        Enroller.EnrollCollaborator enrollCollaborator = enrollParams.collaborator;
        throwIfCancelled(enrollCollaborator, Enroller.AccountState.UNCHANGED);
        GetSharedSecretRequest getSharedSecretRequest = new GetSharedSecretRequest();
        getSharedSecretRequest.authToken = enrollParams.authToken;
        getSharedSecretRequest.locale = enrollParams.locale;
        getSharedSecretRequest.appVersion = enrollParams.appVersion;
        getSharedSecretRequest.appVersionCode = enrollParams.appVersionCode;
        getSharedSecretRequest.androidId = enrollParams.androidId;
        getSharedSecretRequest.nonce = this.mSharedSecretVerifier.generateNonce(this.mRng);
        getSharedSecretRequest.systemTimeSeconds = Utilities.millisToSeconds(this.mTotpClock.nowMillis());
        try {
            GetSharedSecretResponse sharedSecret = this.mBackend.getSharedSecret(getSharedSecretRequest);
            if (sharedSecret.isSuccess()) {
                if (sharedSecret.sharedSecret == null) {
                    throw new EnrollerException(Enroller.Error.GENERIC_ERROR, Enroller.AccountState.UNCHANGED, new BackendException("No shared secret returned"));
                }
                Session session = new Session(null);
                session.sharedSecret = sharedSecret.sharedSecret;
                session.verifierNonce = getSharedSecretRequest.nonce;
                session.backupPhoneNumbers = sharedSecret.backupPhoneNumbers;
                return session;
            }
            throwIfCancelled(enrollCollaborator, Enroller.AccountState.UNCHANGED);
            String str = sharedSecret.errorDescription;
            switch (AnonymousClass1.$SwitchMap$com$google$android$apps$authenticator$enroll2sv$backend$Response$Error[sharedSecret.error.ordinal()]) {
                case R.styleable.Theme_accountListWithVerificationCodesRow /* 1 */:
                    throw new EnrollerException(Enroller.Error.ALREADY_ENROLLED, Enroller.AccountState.ENROLLED, str);
                case 2:
                    throw new EnrollerException(Enroller.Error.ALREADY_ENROLLED_INTERNAL, Enroller.AccountState.ENROLLED, str);
                case R.styleable.Theme_accountListWithVerificationCodesRowVerificationCode /* 3 */:
                    throw new EnrollerException(Enroller.Error.INVALID_AUTH_TOKEN, Enroller.AccountState.UNCHANGED);
                case 4:
                    throw new EnrollerException(Enroller.Error.DISALLOWED, Enroller.AccountState.UNCHANGED, str);
                case R.styleable.Theme_accountListWithVerificationCodesRowAccountName /* 5 */:
                    throw new EnrollerException(Enroller.Error.DISALLOWED_BY_POLICY, Enroller.AccountState.UNCHANGED, str);
                case R.styleable.Theme_wizardButtonBarStyle /* 6 */:
                    if (z && syncTime()) {
                        return establishSession(enrollParams, false);
                    }
                    throw new EnrollerException(Enroller.Error.BAD_CLOCK_SKEW, Enroller.AccountState.UNCHANGED, str);
                case R.styleable.Theme_directionalButtonLeftStyle /* 7 */:
                    throw new EnrollerException(Enroller.Error.UPDATE_REQUIRED, Enroller.AccountState.UNCHANGED, str);
                default:
                    throw new EnrollerException(Enroller.Error.GENERIC_ERROR, Enroller.AccountState.UNCHANGED, str);
            }
        } catch (ConnectivityException e) {
            throwIfCancelled(enrollCollaborator, Enroller.AccountState.UNCHANGED);
            throw new EnrollerException(Enroller.Error.CONNECTIVITY_ERROR, Enroller.AccountState.UNCHANGED, e);
        } catch (BackendException e2) {
            throwIfCancelled(enrollCollaborator, Enroller.AccountState.UNCHANGED);
            throw new EnrollerException(Enroller.Error.GENERIC_ERROR, Enroller.AccountState.UNCHANGED, e2);
        }
    }

    private boolean syncTime() {
        SyncNowController syncNowController = new SyncNowController(this.mTotpClock, this.mNetworkTimeProvider, MoreExecutors.sameThreadExecutor(), false, MoreExecutors.sameThreadExecutor());
        SyncNowResultCapturingPresenter syncNowResultCapturingPresenter = new SyncNowResultCapturingPresenter(null);
        syncNowController.attach(syncNowResultCapturingPresenter);
        return syncNowResultCapturingPresenter.result == SyncNowController.Result.TIME_CORRECTED;
    }

    private void throwIfCancelled(Enroller.EnrollCollaborator enrollCollaborator, Enroller.AccountState accountState) throws EnrollerException {
        if (enrollCollaborator != null && enrollCollaborator.isEnrollmentCancelled()) {
            throw new EnrollerException(Enroller.Error.CANCELLED, accountState);
        }
    }

    @Override // com.google.android.apps.authenticator.enroll2sv.enroller.Enroller
    public Enroller.CheckCanEnrollResponse checkCanEnroll(Enroller.CheckCanEnrollParams checkCanEnrollParams) throws EnrollerException {
        Preconditions.checkNotNull(checkCanEnrollParams);
        Preconditions.checkNotNull(checkCanEnrollParams.locale);
        Enroller.EnrollParams enrollParams = new Enroller.EnrollParams();
        enrollParams.authToken = (String) Preconditions.checkNotNull(checkCanEnrollParams.authToken);
        enrollParams.locale = (String) Preconditions.checkNotNull(checkCanEnrollParams.locale);
        enrollParams.appVersion = checkCanEnrollParams.appVersion;
        enrollParams.appVersionCode = checkCanEnrollParams.appVersionCode;
        enrollParams.androidId = checkCanEnrollParams.androidId;
        Session establishSession = establishSession(enrollParams);
        Enroller.CheckCanEnrollResponse checkCanEnrollResponse = new Enroller.CheckCanEnrollResponse();
        checkCanEnrollResponse.backupPhoneNumbers = establishSession.backupPhoneNumbers;
        return checkCanEnrollResponse;
    }

    @Override // com.google.android.apps.authenticator.enroll2sv.enroller.Enroller
    public String enroll(Enroller.EnrollParams enrollParams) throws EnrollerException {
        Session establishSession;
        Preconditions.checkNotNull(enrollParams);
        Enroller.EnrollCollaborator enrollCollaborator = (Enroller.EnrollCollaborator) Preconditions.checkNotNull(enrollParams.collaborator);
        Preconditions.checkNotNull(enrollParams.authToken);
        Preconditions.checkNotNull(enrollParams.locale);
        if (enrollParams.sharedSecret != null) {
            establishSession = new Session(null);
            establishSession.sharedSecret = enrollParams.sharedSecret;
            establishSession.verifierNonce = (byte[]) Preconditions.checkNotNull(enrollParams.sharedSecretVerifierNonce);
        } else {
            establishSession = establishSession(enrollParams);
        }
        throwIfCancelled(enrollCollaborator, Enroller.AccountState.UNCHANGED);
        enrollCollaborator.saveSharedSecret(establishSession.sharedSecret, establishSession.verifierNonce);
        EnrollRequest enrollRequest = new EnrollRequest();
        enrollRequest.authToken = enrollParams.authToken;
        enrollRequest.locale = enrollParams.locale;
        enrollRequest.loginScopeOAuthTokenNeeded = enrollParams.loginScopeOAuthTokenNeeded;
        enrollRequest.deviceModel = enrollParams.deviceModel;
        enrollRequest.deviceVersionApiLevel = enrollParams.deviceVersionApiLevel;
        enrollRequest.deviceVersionCodename = enrollParams.deviceVersionCodename;
        enrollRequest.deviceVersionDisplay = enrollParams.deviceVersionDisplay;
        enrollRequest.deviceVersionRelease = enrollParams.deviceVersionRelease;
        enrollRequest.appVersion = enrollParams.appVersion;
        enrollRequest.appVersionCode = enrollParams.appVersionCode;
        enrollRequest.androidId = enrollParams.androidId;
        enrollRequest.sharedSecretVerifier = this.mSharedSecretVerifier.generateVerificationCode(establishSession.sharedSecret, establishSession.verifierNonce, SharedSecretVerifier.KEY_MIX_ENROLL);
        enrollRequest.backupPhoneNumbers = enrollParams.backupPhoneNumbers;
        enrollRequest.enrollmentAnalytics = enrollParams.enrollmentAnalytics;
        try {
            EnrollResponse enroll = this.mBackend.enroll(enrollRequest);
            if (enroll.isSuccess()) {
                if (enrollParams.loginScopeOAuthTokenNeeded && enroll.loginScopeOAuthToken == null) {
                    throw new EnrollerException(Enroller.Error.GENERIC_ERROR, Enroller.AccountState.ENROLLED, new BackendException("No OAuth token in reply, although requested"));
                }
                return enroll.loginScopeOAuthToken;
            }
            enrollCollaborator.discardSharedSecret(establishSession.sharedSecret);
            throwIfCancelled(enrollCollaborator, Enroller.AccountState.UNCHANGED);
            String str = enroll.errorDescription;
            switch (AnonymousClass1.$SwitchMap$com$google$android$apps$authenticator$enroll2sv$backend$Response$Error[enroll.error.ordinal()]) {
                case R.styleable.Theme_accountListWithVerificationCodesRow /* 1 */:
                    throw new EnrollerException(Enroller.Error.ALREADY_ENROLLED, Enroller.AccountState.ENROLLED, str);
                case 2:
                    throw new EnrollerException(Enroller.Error.ALREADY_ENROLLED_INTERNAL, Enroller.AccountState.ENROLLED, str);
                case R.styleable.Theme_accountListWithVerificationCodesRowVerificationCode /* 3 */:
                    throw new EnrollerException(Enroller.Error.INVALID_AUTH_TOKEN, Enroller.AccountState.UNCHANGED);
                case 4:
                    throw new EnrollerException(Enroller.Error.DISALLOWED, Enroller.AccountState.UNCHANGED, str);
                case R.styleable.Theme_accountListWithVerificationCodesRowAccountName /* 5 */:
                    throw new EnrollerException(Enroller.Error.DISALLOWED_BY_POLICY, Enroller.AccountState.UNCHANGED, str);
                case R.styleable.Theme_wizardButtonBarStyle /* 6 */:
                default:
                    throw new EnrollerException(Enroller.Error.GENERIC_ERROR, Enroller.AccountState.UNCHANGED, str, enroll.errorPhoneNumberIndex);
                case R.styleable.Theme_directionalButtonLeftStyle /* 7 */:
                    throw new EnrollerException(Enroller.Error.UPDATE_REQUIRED, Enroller.AccountState.UNCHANGED, str);
                case 8:
                    throw new EnrollerException(Enroller.Error.BAD_SECRET, Enroller.AccountState.UNCHANGED, str);
                case R.styleable.Theme_enrollmentWizardDividerHorizontal /* 9 */:
                    throw new EnrollerException(Enroller.Error.BAD_PHONE_NUMBER, Enroller.AccountState.UNCHANGED, str, enroll.errorPhoneNumberIndex);
                case R.styleable.Theme_selectableItemBackground /* 10 */:
                    throw new EnrollerException(Enroller.Error.SESSION_EXPIRED, Enroller.AccountState.UNCHANGED, str);
                case 11:
                    throw new EnrollerException(Enroller.Error.UNSUPPORTED_COUNTRY, Enroller.AccountState.UNCHANGED, str, enroll.errorPhoneNumberIndex);
            }
        } catch (ConnectivityException e) {
            throwIfCancelled(enrollCollaborator, Enroller.AccountState.UNKNOWN);
            throw new EnrollerException(Enroller.Error.CONNECTIVITY_ERROR, Enroller.AccountState.UNKNOWN, e);
        } catch (BackendException e2) {
            throwIfCancelled(enrollCollaborator, Enroller.AccountState.UNKNOWN);
            throw new EnrollerException(Enroller.Error.GENERIC_ERROR, Enroller.AccountState.UNKNOWN, e2);
        }
    }

    @Override // com.google.android.apps.authenticator.enroll2sv.enroller.Enroller
    public void unenroll(Enroller.UnenrollParams unenrollParams) throws EnrollerException {
        Preconditions.checkNotNull(unenrollParams);
        Preconditions.checkNotNull(unenrollParams.authToken);
        Preconditions.checkNotNull(unenrollParams.locale);
        Preconditions.checkNotNull(unenrollParams.sharedSecret);
        Preconditions.checkNotNull(unenrollParams.sharedSecretVerifierNonce);
        UnenrollRequest unenrollRequest = new UnenrollRequest();
        unenrollRequest.authToken = unenrollParams.authToken;
        unenrollRequest.locale = unenrollParams.locale;
        unenrollRequest.appVersion = unenrollParams.appVersion;
        unenrollRequest.appVersionCode = unenrollParams.appVersionCode;
        unenrollRequest.androidId = unenrollParams.androidId;
        unenrollRequest.sharedSecretVerifier = this.mSharedSecretVerifier.generateVerificationCode(unenrollParams.sharedSecret, unenrollParams.sharedSecretVerifierNonce, SharedSecretVerifier.KEY_MIX_UNENROLL);
        try {
            UnenrollResponse unenroll = this.mBackend.unenroll(unenrollRequest);
            if (unenroll.isSuccess()) {
                return;
            }
            String str = unenroll.errorDescription;
            switch (AnonymousClass1.$SwitchMap$com$google$android$apps$authenticator$enroll2sv$backend$Response$Error[unenroll.error.ordinal()]) {
                case R.styleable.Theme_accountListWithVerificationCodesRow /* 1 */:
                case 2:
                    throw new EnrollerException(Enroller.Error.GENERIC_ERROR, Enroller.AccountState.ENROLLED);
                case R.styleable.Theme_accountListWithVerificationCodesRowVerificationCode /* 3 */:
                    throw new EnrollerException(Enroller.Error.INVALID_AUTH_TOKEN, Enroller.AccountState.UNCHANGED);
                case 4:
                    throw new EnrollerException(Enroller.Error.DISALLOWED, Enroller.AccountState.UNCHANGED, str);
                case R.styleable.Theme_accountListWithVerificationCodesRowAccountName /* 5 */:
                case R.styleable.Theme_wizardButtonBarStyle /* 6 */:
                case R.styleable.Theme_directionalButtonLeftStyle /* 7 */:
                case R.styleable.Theme_enrollmentWizardDividerHorizontal /* 9 */:
                default:
                    throw new EnrollerException(Enroller.Error.GENERIC_ERROR, Enroller.AccountState.UNCHANGED, str);
                case 8:
                    throw new EnrollerException(Enroller.Error.BAD_SECRET, Enroller.AccountState.UNCHANGED, str);
                case R.styleable.Theme_selectableItemBackground /* 10 */:
                    throw new EnrollerException(Enroller.Error.SESSION_EXPIRED, Enroller.AccountState.UNCHANGED, str);
            }
        } catch (ConnectivityException e) {
            throw new EnrollerException(Enroller.Error.CONNECTIVITY_ERROR, Enroller.AccountState.UNKNOWN, e);
        } catch (BackendException e2) {
            throw new EnrollerException(Enroller.Error.GENERIC_ERROR, Enroller.AccountState.UNKNOWN, e2);
        }
    }
}
