package com.amazon.aws.argon.service.nativeevents.handler;

import com.amazon.aws.argon.crypto.CryptoToolException;
import com.amazon.aws.argon.crypto.VpnCertificateManager;
import com.amazon.aws.argon.data.argonclient.ClientCertificateData;
import com.amazon.aws.argon.logging.ArgonLogger;
import com.amazon.aws.argon.service.ArgonService;
import java.util.List;
import lombok.NonNull;

/* loaded from: classes.dex */
public class CertificateSignEventHandler {
    private static final String TAG = CertificateSignEventHandler.class.getSimpleName();
    private final ArgonService argonService;
    private final VpnCertificateManager vpnCertificateManager;

    public CertificateSignEventHandler(@NonNull ArgonService argonService, @NonNull VpnCertificateManager vpnCertificateManager) {
        if (argonService == null) {
            throw new NullPointerException("argonService");
        }
        if (vpnCertificateManager == null) {
            throw new NullPointerException("vpnCertificateManager");
        }
        this.argonService = argonService;
        this.vpnCertificateManager = vpnCertificateManager;
    }

    private void handleError(String str, Exception exc) {
        ArgonLogger.e(TAG, str, exc);
        this.argonService.setClientCertificateData(new ClientCertificateData());
    }

    public void handle(String str) {
        if (str == null) {
            handleError("Got a sign request with no data.", null);
            return;
        }
        try {
            String argonVpnCertificateAlias = this.vpnCertificateManager.getArgonVpnCertificateAlias();
            if (argonVpnCertificateAlias == null) {
                handleError("We don't have the cert alias. This means we can't sign this request.", null);
            } else {
                byte[] signMessageWithCert = this.vpnCertificateManager.signMessageWithCert(argonVpnCertificateAlias, str);
                if (signMessageWithCert == null || signMessageWithCert.length == 0) {
                    handleError("We HAVE the cert alias. But signing resulted in null.", null);
                } else {
                    List<byte[]> certificateChain = this.vpnCertificateManager.getCertificateChain(argonVpnCertificateAlias);
                    if (certificateChain == null || certificateChain.isEmpty()) {
                        handleError("We HAVE the cert alias. But failed to fetch the cert chain.", null);
                    } else {
                        this.argonService.setClientCertificateData(new ClientCertificateData(certificateChain, signMessageWithCert));
                    }
                }
            }
        } catch (CryptoToolException e) {
            handleError("Ex while trying to access cert manager. Voiding the sign request.", e);
        }
    }
}
