package com.microsoft.identity.common.internal.platform;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.StrongBoxUnavailableException;
import android.text.TextUtils;
import android.util.Base64;
import androidx.recyclerview.widget.RecyclerView;
import com.microsoft.identity.common.internal.authscheme.PopAuthenticationSchemeInternal;
import com.microsoft.identity.common.internal.controllers.TaskCompletedCallbackWithError;
import com.microsoft.identity.common.internal.dto.AccessTokenRecord;
import com.microsoft.identity.common.internal.logging.Logger;
import e.d.a.f;
import e.d.a.m;
import e.d.a.w.h;
import e.d.a.w.l;
import e.d.b.c;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Calendar;
import java.util.Date;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import javax.security.auth.x500.X500Principal;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
class a implements IDevicePopManager {
    private static final String b = "a";

    /* renamed from: c, reason: collision with root package name */
    private static final ExecutorService f4176c = Executors.newCachedThreadPool();
    private final KeyStore a;

    /* renamed from: com.microsoft.identity.common.internal.platform.a$a, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    class RunnableC0156a implements Runnable {

        /* renamed from: e, reason: collision with root package name */
        final /* synthetic */ TaskCompletedCallbackWithError f4177e;

        /* renamed from: f, reason: collision with root package name */
        final /* synthetic */ Context f4178f;

        RunnableC0156a(TaskCompletedCallbackWithError taskCompletedCallbackWithError, Context context) {
            this.f4177e = taskCompletedCallbackWithError;
            this.f4178f = context;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                this.f4177e.onTaskCompleted(a.this.generateAsymmetricKey(this.f4178f));
            } catch (com.microsoft.identity.common.c.c e2) {
                this.f4177e.onError(e2);
            }
        }
    }

    /* loaded from: classes.dex */
    class b implements TaskCompletedCallbackWithError<String, com.microsoft.identity.common.c.c> {
        final /* synthetic */ String[] a;
        final /* synthetic */ CountDownLatch b;

        /* renamed from: c, reason: collision with root package name */
        final /* synthetic */ com.microsoft.identity.common.c.c[] f4180c;

        b(a aVar, String[] strArr, CountDownLatch countDownLatch, com.microsoft.identity.common.c.c[] cVarArr) {
            this.a = strArr;
            this.b = countDownLatch;
            this.f4180c = cVarArr;
        }

        @Override // com.microsoft.identity.common.internal.controllers.TaskCompletedCallbackWithError
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public void onError(com.microsoft.identity.common.c.c cVar) {
            this.f4180c[0] = cVar;
            this.b.countDown();
        }

        @Override // com.microsoft.identity.common.internal.controllers.TaskCompletedCallback
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public void onTaskCompleted(String str) {
            this.a[0] = str;
            this.b.countDown();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class c implements Runnable {

        /* renamed from: e, reason: collision with root package name */
        final /* synthetic */ TaskCompletedCallbackWithError f4181e;

        c(TaskCompletedCallbackWithError taskCompletedCallbackWithError) {
            this.f4181e = taskCompletedCallbackWithError;
        }

        @Override // java.lang.Runnable
        public void run() {
            String str;
            try {
                this.f4181e.onTaskCompleted(a.b(a.b(a.b(a.this.a.getEntry("microsoft-device-pop", null)))));
            } catch (f e2) {
                e = e2;
                str = "failed_to_compute_thumbprint_with_sha256";
                com.microsoft.identity.common.c.c cVar = new com.microsoft.identity.common.c.c(str, e.getMessage(), e);
                Logger.error(a.b, cVar.getMessage(), cVar);
                this.f4181e.onError(cVar);
            } catch (KeyStoreException e3) {
                e = e3;
                str = "keystore_not_initialized";
                com.microsoft.identity.common.c.c cVar2 = new com.microsoft.identity.common.c.c(str, e.getMessage(), e);
                Logger.error(a.b, cVar2.getMessage(), cVar2);
                this.f4181e.onError(cVar2);
            } catch (NoSuchAlgorithmException e4) {
                e = e4;
                str = "no_such_algorithm";
                com.microsoft.identity.common.c.c cVar22 = new com.microsoft.identity.common.c.c(str, e.getMessage(), e);
                Logger.error(a.b, cVar22.getMessage(), cVar22);
                this.f4181e.onError(cVar22);
            } catch (UnrecoverableEntryException e5) {
                e = e5;
                str = "protection_params_invalid";
                com.microsoft.identity.common.c.c cVar222 = new com.microsoft.identity.common.c.c(str, e.getMessage(), e);
                Logger.error(a.b, cVar222.getMessage(), cVar222);
                this.f4181e.onError(cVar222);
            } catch (JSONException e6) {
                e = e6;
                str = "json_construction_failed";
                com.microsoft.identity.common.c.c cVar2222 = new com.microsoft.identity.common.c.c(str, e.getMessage(), e);
                Logger.error(a.b, cVar2222.getMessage(), cVar2222);
                this.f4181e.onError(cVar2222);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static final class d {
        static final BigInteger a = BigInteger.ONE;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public a() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        this.a = keyStore;
        keyStore.load(null);
    }

    @SuppressLint({"NewApi"})
    private static KeyGenParameterSpec.Builder a(KeyGenParameterSpec.Builder builder) {
        return builder.setIsStrongBoxBacked(true);
    }

    private static String a(String str) {
        try {
            return Base64.encodeToString(str.getBytes("UTF-8"), 11);
        } catch (UnsupportedEncodingException e2) {
            e2.printStackTrace();
            return null;
        }
    }

    @SuppressLint({"NewApi"})
    private KeyPair a(Context context, int i2) {
        KeyPair a;
        for (int i3 = 0; i3 < 4; i3++) {
            try {
                a = a(context, true);
            } catch (StrongBoxUnavailableException e2) {
                Logger.error(b, "StrongBox unsupported - skipping hardware flags.", e2);
                a = a(context, false);
            }
            int a2 = e.d.a.u.b.c.a(a.getPrivate());
            if (a2 >= i2 || a2 < 0) {
                c(a);
                return a;
            }
        }
        clearAsymmetricKey();
        throw new UnsupportedOperationException("Failed to generate valid KeyPair. Attempted 4 times.");
    }

    private KeyPair a(Context context, boolean z) {
        return a(context, RecyclerView.l.FLAG_MOVED, z).generateKeyPair();
    }

    private KeyPairGenerator a(Context context, int i2, boolean z) {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        a(context, keyPairGenerator, i2, z);
        return keyPairGenerator;
    }

    private static Date a(Calendar calendar) {
        return calendar.getTime();
    }

    @SuppressLint({"NewApi"})
    private static void a(Context context, KeyPairGenerator keyPairGenerator, int i2) {
        Calendar calendar = Calendar.getInstance();
        Date a = a(calendar);
        calendar.add(1, 99);
        KeyPairGeneratorSpec.Builder subject = new KeyPairGeneratorSpec.Builder(context).setAlias("microsoft-device-pop").setStartDate(a).setEndDate(calendar.getTime()).setSerialNumber(d.a).setSubject(new X500Principal("CN=device-pop"));
        if (Build.VERSION.SDK_INT >= 19) {
            subject.setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(i2, RSAKeyGenParameterSpec.F4));
        }
        keyPairGenerator.initialize(subject.build());
    }

    private static void a(Context context, KeyPairGenerator keyPairGenerator, int i2, boolean z) {
        if (Build.VERSION.SDK_INT < 23) {
            a(context, keyPairGenerator, i2);
        } else {
            a(keyPairGenerator, i2, z);
        }
    }

    @SuppressLint({"InlinedApi"})
    private static void a(KeyPairGenerator keyPairGenerator, int i2, boolean z) {
        KeyGenParameterSpec.Builder digests = new KeyGenParameterSpec.Builder("microsoft-device-pop", 15).setKeySize(i2).setSignaturePaddings("PKCS1").setDigests("SHA-256");
        if (Build.VERSION.SDK_INT >= 28 && z) {
            Logger.verbose(b, "Attempting to apply StrongBox isolation.");
            digests = a(digests);
        }
        keyPairGenerator.initialize(digests.build());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static l b(KeyPair keyPair) {
        l.a aVar = new l.a((RSAPublicKey) keyPair.getPublic());
        aVar.a(keyPair.getPrivate());
        aVar.a((h) null);
        return aVar.a();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String b(l lVar) {
        return a(new JSONObject().put(AccessTokenRecord.SerializedNames.KID, c(lVar)).toString());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static KeyPair b(KeyStore.Entry entry) {
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
        return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
    }

    private k.a.b.d b() {
        k.a.b.d q = b(b(this.a.getEntry("microsoft-device-pop", null))).t().q();
        k.a.b.d dVar = new k.a.b.d();
        dVar.a("jwk", q);
        return dVar;
    }

    private static String c(l lVar) {
        return lVar.a().toString();
    }

    private void c(KeyPair keyPair) {
        String str;
        if (Build.VERSION.SDK_INT >= 23) {
            try {
                PrivateKey privateKey = keyPair.getPrivate();
                str = "SecretKey is secure hardware backed? " + ((KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, KeyInfo.class)).isInsideSecureHardware();
            } catch (Exception unused) {
                str = "Failed to query secure hardware state.";
            }
        } else {
            str = "Cannot query secure hardware state (API unavailable <23)";
        }
        Logger.info(b, str);
    }

    @Override // com.microsoft.identity.common.internal.platform.IDevicePopManager
    public boolean asymmetricKeyExists() {
        try {
            return this.a.containsAlias("microsoft-device-pop");
        } catch (KeyStoreException e2) {
            Logger.error(b, "Error while querying KeyStore", e2);
            return false;
        }
    }

    @Override // com.microsoft.identity.common.internal.platform.IDevicePopManager
    public boolean asymmetricKeyExists(String str) {
        if (!asymmetricKeyExists()) {
            return false;
        }
        try {
            return getAsymmetricKeyThumbprint().equals(str);
        } catch (com.microsoft.identity.common.c.c e2) {
            Logger.error(b, "Error while comparing thumbprints.", e2);
            return false;
        }
    }

    @Override // com.microsoft.identity.common.internal.platform.IDevicePopManager
    public boolean clearAsymmetricKey() {
        try {
            this.a.deleteEntry("microsoft-device-pop");
            return true;
        } catch (KeyStoreException e2) {
            Logger.error(b, "Error while clearing KeyStore", e2);
            return false;
        }
    }

    @Override // com.microsoft.identity.common.internal.platform.IDevicePopManager
    public String generateAsymmetricKey(Context context) {
        String str;
        try {
            return c(b(a(context, RecyclerView.l.FLAG_MOVED)));
        } catch (f e2) {
            e = e2;
            str = "failed_to_compute_thumbprint_with_sha256";
            com.microsoft.identity.common.c.c cVar = new com.microsoft.identity.common.c.c(str, e.getMessage(), e);
            Logger.error(b, cVar.getMessage(), cVar);
            throw cVar;
        } catch (UnsupportedOperationException e3) {
            e = e3;
            str = "keystore_produced_invalid_cert";
            com.microsoft.identity.common.c.c cVar2 = new com.microsoft.identity.common.c.c(str, e.getMessage(), e);
            Logger.error(b, cVar2.getMessage(), cVar2);
            throw cVar2;
        } catch (InvalidAlgorithmParameterException e4) {
            e = e4;
            str = "keystore_initialization_failed";
            com.microsoft.identity.common.c.c cVar22 = new com.microsoft.identity.common.c.c(str, e.getMessage(), e);
            Logger.error(b, cVar22.getMessage(), cVar22);
            throw cVar22;
        } catch (NoSuchAlgorithmException e5) {
            e = e5;
            str = "no_such_algorithm";
            com.microsoft.identity.common.c.c cVar222 = new com.microsoft.identity.common.c.c(str, e.getMessage(), e);
            Logger.error(b, cVar222.getMessage(), cVar222);
            throw cVar222;
        } catch (NoSuchProviderException e6) {
            e = e6;
            str = "android_keystore_unavailable";
            com.microsoft.identity.common.c.c cVar2222 = new com.microsoft.identity.common.c.c(str, e.getMessage(), e);
            Logger.error(b, cVar2222.getMessage(), cVar2222);
            throw cVar2222;
        }
    }

    @Override // com.microsoft.identity.common.internal.platform.IDevicePopManager
    public void generateAsymmetricKey(Context context, TaskCompletedCallbackWithError<String, com.microsoft.identity.common.c.c> taskCompletedCallbackWithError) {
        f4176c.submit(new RunnableC0156a(taskCompletedCallbackWithError, context));
    }

    @Override // com.microsoft.identity.common.internal.platform.IDevicePopManager
    public String getAsymmetricKeyThumbprint() {
        String str;
        try {
            return c(b(b(this.a.getEntry("microsoft-device-pop", null))));
        } catch (f e2) {
            e = e2;
            str = "failed_to_compute_thumbprint_with_sha256";
            throw new com.microsoft.identity.common.c.c(str, e.getMessage(), e);
        } catch (KeyStoreException e3) {
            e = e3;
            str = "keystore_not_initialized";
            throw new com.microsoft.identity.common.c.c(str, e.getMessage(), e);
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            str = "no_such_algorithm";
            throw new com.microsoft.identity.common.c.c(str, e.getMessage(), e);
        } catch (UnrecoverableEntryException e5) {
            e = e5;
            str = "protection_params_invalid";
            throw new com.microsoft.identity.common.c.c(str, e.getMessage(), e);
        }
    }

    @Override // com.microsoft.identity.common.internal.platform.IDevicePopManager
    public String getRequestConfirmation() {
        CountDownLatch countDownLatch = new CountDownLatch(1);
        String[] strArr = new String[1];
        com.microsoft.identity.common.c.c[] cVarArr = new com.microsoft.identity.common.c.c[1];
        getRequestConfirmation(new b(this, strArr, countDownLatch, cVarArr));
        try {
            countDownLatch.await();
            if (strArr[0] != null) {
                return strArr[0];
            }
            throw cVarArr[0];
        } catch (InterruptedException e2) {
            Logger.error(b, "Interrupted while waiting on callback.", e2);
            throw new com.microsoft.identity.common.c.c("operation_interrupted", e2.getMessage(), e2);
        }
    }

    @Override // com.microsoft.identity.common.internal.platform.IDevicePopManager
    public void getRequestConfirmation(TaskCompletedCallbackWithError<String, com.microsoft.identity.common.c.c> taskCompletedCallbackWithError) {
        f4176c.submit(new c(taskCompletedCallbackWithError));
    }

    @Override // com.microsoft.identity.common.internal.platform.IDevicePopManager
    public String mintSignedAccessToken(String str, URL url, String str2, String str3) {
        String str4;
        try {
            c.b bVar = new c.b();
            bVar.a("at", str2);
            bVar.a("ts", Long.valueOf(System.currentTimeMillis() / 1000));
            bVar.a("m", str);
            bVar.a("u", url.getHost());
            bVar.a("p", url.getPath());
            bVar.a("cnf", b());
            if (!TextUtils.isEmpty(str3)) {
                bVar.a(PopAuthenticationSchemeInternal.SerializedNames.NONCE, str3);
            }
            e.d.b.c a = bVar.a();
            e.d.a.u.a aVar = new e.d.a.u.a(((KeyStore.PrivateKeyEntry) this.a.getEntry("microsoft-device-pop", null)).getPrivateKey());
            e.d.b.f fVar = new e.d.b.f(new m.a(e.d.a.l.f7850j).a(), a);
            fVar.a(aVar);
            return fVar.e();
        } catch (f e2) {
            e = e2;
            str4 = "failed_to_sign_jwt";
            com.microsoft.identity.common.c.c cVar = new com.microsoft.identity.common.c.c(str4, e.getMessage(), e);
            Logger.error(b, cVar.getMessage(), cVar);
            throw cVar;
        } catch (KeyStoreException e3) {
            e = e3;
            str4 = "keystore_not_initialized";
            com.microsoft.identity.common.c.c cVar2 = new com.microsoft.identity.common.c.c(str4, e.getMessage(), e);
            Logger.error(b, cVar2.getMessage(), cVar2);
            throw cVar2;
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            str4 = "no_such_algorithm";
            com.microsoft.identity.common.c.c cVar22 = new com.microsoft.identity.common.c.c(str4, e.getMessage(), e);
            Logger.error(b, cVar22.getMessage(), cVar22);
            throw cVar22;
        } catch (UnrecoverableEntryException e5) {
            e = e5;
            str4 = "protection_params_invalid";
            com.microsoft.identity.common.c.c cVar222 = new com.microsoft.identity.common.c.c(str4, e.getMessage(), e);
            Logger.error(b, cVar222.getMessage(), cVar222);
            throw cVar222;
        }
    }
}
