package com.microsoft.mmx.agents.ypp.authclient.crypto;

import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.WorkerThread;
import com.microsoft.appmanager.telemetry.ILogger;
import com.microsoft.appmanager.telemetry.TelemetryUtils;
import com.microsoft.appmanager.telemetry.TraceContext;
import com.microsoft.mmx.agents.remoteconfiguration.ExpManager;
import com.microsoft.mmx.agents.remoteconfiguration.Feature;
import com.microsoft.mmx.agents.ypp.EnvironmentType;
import com.microsoft.mmx.agents.ypp.authclient.auth.AuthState;
import com.microsoft.mmx.agents.ypp.authclient.auth.AuthStorage;
import com.microsoft.mmx.agents.ypp.authclient.crypto.CryptoManager;
import com.microsoft.mmx.agents.ypp.authclient.crypto.KeyRotationRequestData;
import com.microsoft.mmx.agents.ypp.authclient.utils.AuthTelemetryUtils;
import com.microsoft.mmx.agents.ypp.configuration.EnvironmentMappingUtils;
import com.microsoft.mmx.agents.ypp.configuration.PlatformConfiguration;
import com.microsoft.mmx.agents.ypp.utils.StringUtils;
import com.microsoft.mmx.logging.ContentProperties;
import com.microsoft.mmx.remoteconfiguration.RemoteConfigurationRing;
import h2.a;
import io.reactivex.Completable;
import io.reactivex.Scheduler;
import io.reactivex.Single;
import io.reactivex.functions.BiFunction;
import io.reactivex.schedulers.Schedulers;
import java.io.FileNotFoundException;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Objects;
import javax.inject.Inject;
import org.apache.commons.lang3.concurrent.ConcurrentException;
import org.apache.commons.lang3.concurrent.ConcurrentInitializer;
import org.apache.commons.lang3.concurrent.LazyInitializer;
import org.joda.time.DateTime;
import s4.b;
import s4.c;
import s4.d;
import s4.f;
import z3.h;

/* loaded from: classes3.dex */
public class CryptoManager {
    private final AuthStorage authStorage;
    private final ConcurrentInitializer<Scheduler> cryptoLazyInitScheduler = new LazyInitializer<Scheduler>(this) { // from class: com.microsoft.mmx.agents.ypp.authclient.crypto.CryptoManager.1
        public AnonymousClass1(CryptoManager this) {
        }

        @Override // org.apache.commons.lang3.concurrent.LazyInitializer
        public Scheduler initialize() {
            return Schedulers.newThread();
        }
    };
    private final JwtHelper jwtHelper;
    private final KeyManager keyManager;
    private final Log logger;
    private final PlatformConfiguration platformConfiguration;

    /* renamed from: com.microsoft.mmx.agents.ypp.authclient.crypto.CryptoManager$1 */
    /* loaded from: classes3.dex */
    public class AnonymousClass1 extends LazyInitializer<Scheduler> {
        public AnonymousClass1(CryptoManager this) {
        }

        @Override // org.apache.commons.lang3.concurrent.LazyInitializer
        public Scheduler initialize() {
            return Schedulers.newThread();
        }
    }

    /* loaded from: classes3.dex */
    public static final class Log {
        private static final String TAG = "CryptoManager";
        private final ILogger logger;

        private Log(ILogger iLogger) {
            this.logger = iLogger;
        }

        public /* synthetic */ Log(ILogger iLogger, AnonymousClass1 anonymousClass1) {
            this(iLogger);
        }

        public void a(String str, String str2) {
            this.logger.logDebug(TAG, ContentProperties.NO_PII, "Creating NonceJwt for deviceId: %s and nonce: %s", str, str2);
        }

        public void b(String str, String str2) {
            this.logger.logDebug(TAG, ContentProperties.NO_PII, "Creating SignedJwt for selfClientId: %s and payload: %s", str, StringUtils.scrubSensitiveString(str2));
        }

        public void c(String str) {
            this.logger.logDebug(TAG, ContentProperties.NO_PII, "Encoding certificate for deviceId %s", str);
        }

        public void setNewKeysSuccessful(String str) {
            this.logger.logDebug(TAG, ContentProperties.NO_PII, "Set new keys for deviceId %s", str);
        }
    }

    @Inject
    public CryptoManager(@NonNull KeyManager keyManager, @NonNull ILogger iLogger, @NonNull JwtHelper jwtHelper, @NonNull AuthStorage authStorage, @NonNull PlatformConfiguration platformConfiguration) {
        this.keyManager = keyManager;
        this.logger = new Log(iLogger);
        this.jwtHelper = jwtHelper;
        this.authStorage = authStorage;
        this.platformConfiguration = platformConfiguration;
    }

    public static String getClientIdFromCertificate(@NonNull X509Certificate x509Certificate) {
        String name = x509Certificate.getIssuerX500Principal().getName();
        if (name == null || !name.startsWith("CN=")) {
            return null;
        }
        return name.substring(3);
    }

    private Scheduler getScheduler() throws ConcurrentException {
        return this.cryptoLazyInitScheduler.get();
    }

    public /* synthetic */ void lambda$abortKeyRotation$7() throws Exception {
        this.authStorage.updateKeyRotationTargetValidationTime(DateTime.now().plus(this.platformConfiguration.getKeyRotationRetryTimeFail()));
    }

    private /* synthetic */ String lambda$getBase64Asn1EncodedCertificate$0(String str, KeyStore.PrivateKeyEntry privateKeyEntry) throws Exception {
        this.logger.c(str);
        return CertificateUtils.a(privateKeyEntry);
    }

    public static /* synthetic */ String lambda$getCertThumbprintForSelfClientId$3(KeyStore.PrivateKeyEntry privateKeyEntry) throws Exception {
        return CertificateUtils.getSha1Thumbprint((X509Certificate) privateKeyEntry.getCertificate());
    }

    public /* synthetic */ String lambda$getKeyRotationRequestData$5(String str, TraceContext traceContext, KeyStore.PrivateKeyEntry privateKeyEntry) throws Exception {
        return this.jwtHelper.a(privateKeyEntry, str, traceContext);
    }

    public static /* synthetic */ KeyRotationRequestData lambda$getKeyRotationRequestData$6(String str, String str2, String str3, String str4, String str5) throws Exception {
        return new KeyRotationRequestData(str, str2, str3, str5, str4);
    }

    public /* synthetic */ String lambda$getNonceJwtForDeviceId$1(String str, String str2, TraceContext traceContext, KeyStore.PrivateKeyEntry privateKeyEntry) throws Exception {
        this.logger.a(str, str2);
        return this.jwtHelper.a(privateKeyEntry, str2, traceContext);
    }

    public static /* synthetic */ CryptoTrustKeyRotationRequestData lambda$getSelfCryptoKeyRotationRequestData$4(String str, String str2, KeyStore.PrivateKeyEntry privateKeyEntry) throws Exception {
        return new CryptoTrustKeyRotationRequestData(str, str2, CertificateUtils.a(privateKeyEntry));
    }

    public /* synthetic */ String lambda$getSignedJwtForSelfClientId$2(String str, String str2, String str3, TraceContext traceContext, KeyStore.PrivateKeyEntry privateKeyEntry) throws Exception {
        this.logger.b(str, str2);
        return this.jwtHelper.b(privateKeyEntry, str2, str, str3, traceContext);
    }

    public /* synthetic */ void lambda$setNewKey$8(KeyRotationRequestData keyRotationRequestData) throws Exception {
        this.authStorage.updateKeyRotationTargetValidationTime(DateTime.now().plus(this.platformConfiguration.getKeyRotationAgeThreshold()));
        this.logger.setNewKeysSuccessful(keyRotationRequestData.getDeviceId());
    }

    public Completable abortCryptoTrustKeyRotation(@NonNull CryptoTrustKeyRotationRequestData cryptoTrustKeyRotationRequestData, @NonNull TraceContext traceContext) {
        try {
            return this.keyManager.k(cryptoTrustKeyRotationRequestData.getNewSelfKeyAlias(), traceContext).subscribeOn(getScheduler());
        } catch (ConcurrentException e8) {
            return Completable.error(e8);
        }
    }

    public Single<String> getCertThumbprintForSelfClientId(@NonNull String str, @NonNull TraceContext traceContext) {
        try {
            return this.keyManager.getExistingKeyPairEntry(str, traceContext).subscribeOn(getScheduler()).map(d.f14060b).observeOn(Schedulers.io());
        } catch (ConcurrentException e8) {
            return Single.error(e8);
        }
    }

    public Single<String> getNewBase64EncodedCert(@NonNull String str, @NonNull TraceContext traceContext) {
        try {
            return this.keyManager.generateNewKeyPairEntry(str, traceContext).subscribeOn(getScheduler()).map(d.f14061c).observeOn(Schedulers.io());
        } catch (ConcurrentException e8) {
            return Single.error(e8);
        }
    }

    public Single<String> getNonceJwtForDeviceId(@NonNull String str, @NonNull String str2, @NonNull TraceContext traceContext) {
        try {
            return this.keyManager.getOrGenerateKeyPairEntry(str, traceContext).subscribeOn(getScheduler()).map(new c(this, str, str2, traceContext)).observeOn(Schedulers.io());
        } catch (ConcurrentException e8) {
            return Single.error(e8);
        }
    }

    public Single<CryptoTrustKeyRotationRequestData> getSelfCryptoKeyRotationRequestData(@NonNull String str, @NonNull TraceContext traceContext) {
        try {
            Scheduler scheduler = getScheduler();
            String i8 = KeyManager.i();
            KeyManager keyManager = this.keyManager;
            Objects.requireNonNull(keyManager);
            return Single.fromCallable(new h(keyManager, i8, str, traceContext)).subscribeOn(scheduler).map(new b(str, i8)).observeOn(Schedulers.io());
        } catch (ConcurrentException e8) {
            return Single.error(e8);
        }
    }

    public Single<String> getSignedJwtForSelfClientId(@NonNull String str, @NonNull String str2, @NonNull TraceContext traceContext) {
        return getSignedJwtForSelfClientId(str, str2, null, traceContext);
    }

    public Single<String> getSignedJwtForSelfClientId(@NonNull String str, @NonNull String str2, @Nullable String str3, @NonNull TraceContext traceContext) {
        try {
            return this.keyManager.getExistingKeyPairEntry(str, traceContext).subscribeOn(getScheduler()).map(new t4.d(this, str, str2, str3, traceContext)).observeOn(Schedulers.io());
        } catch (ConcurrentException e8) {
            return Single.error(e8);
        }
    }

    public Completable i(@NonNull KeyRotationRequestData keyRotationRequestData, @NonNull TraceContext traceContext) {
        try {
            return this.keyManager.k(keyRotationRequestData.getNewKeyAlias(), traceContext).doOnComplete(new a(this)).subscribeOn(getScheduler());
        } catch (ConcurrentException e8) {
            return Completable.error(e8);
        }
    }

    public boolean isDcgAuthKeyInKeyStore(@Nullable TraceContext traceContext) {
        if (traceContext == null) {
            traceContext = TelemetryUtils.createNewTraceContext(AuthTelemetryUtils.UNKNOWN_AUTH, AuthTelemetryUtils.CRYPTO_MANAGER_CHECK_DCG_AUTH_KEY_AVAILABILITY_TRIGGER);
        }
        AuthState authState = this.authStorage.getAuthState(EnvironmentMappingUtils.inferEnvironmentFromBuild());
        if (authState != null) {
            return this.keyManager.hasKeyPairInKeyStore(authState.getDeviceId(), traceContext);
        }
        return false;
    }

    @WorkerThread
    public boolean isKeyRotationNecessary(@NonNull String str, @NonNull EnvironmentType environmentType, @NonNull TraceContext traceContext) {
        Long keyValidityRemainingDays;
        if (this.authStorage.getAuthState(environmentType) != null && this.authStorage.getKeyRotationTargetValidationTime() != null && this.authStorage.getKeyRotationTargetValidationTime().isBeforeNow()) {
            if (ExpManager.isRemoteConfigurationManagerInitialized() && ExpManager.getRing() == RemoteConfigurationRing.TEAM) {
                return true;
            }
            try {
                return (!ExpManager.isFeatureOn(Feature.YPP_AUTH_V2_ENABLED) || (keyValidityRemainingDays = this.authStorage.getKeyValidityRemainingDays()) == null) ? DateTime.now().plus(this.platformConfiguration.getKeyRotationAgeThreshold()).isAfter(DateTime.now().withMillis(((X509Certificate) this.keyManager.getOrGenerateKeyPairEntry(str, traceContext).blockingGet().getCertificate()).getNotAfter().getTime()).toInstant()) : DateTime.now().plus(this.platformConfiguration.getKeyRotationAgeThreshold()).isAfter(DateTime.now().plusDays(keyValidityRemainingDays.intValue()));
            } catch (CryptoException unused) {
            }
        }
        return false;
    }

    public Single<KeyRotationRequestData> j(@NonNull final String str, @NonNull final String str2, @NonNull TraceContext traceContext) {
        final String i8 = KeyManager.i();
        Single<String> nonceJwtForDeviceId = getNonceJwtForDeviceId(str, str2, traceContext);
        KeyManager keyManager = this.keyManager;
        Objects.requireNonNull(keyManager);
        return Single.zip(nonceJwtForDeviceId, Single.fromCallable(new h(keyManager, i8, str, traceContext)).map(new r4.c(this, str2, traceContext)), new BiFunction() { // from class: s4.a
            @Override // io.reactivex.functions.BiFunction
            public final Object apply(Object obj, Object obj2) {
                KeyRotationRequestData lambda$getKeyRotationRequestData$6;
                lambda$getKeyRotationRequestData$6 = CryptoManager.lambda$getKeyRotationRequestData$6(str, str2, i8, (String) obj, (String) obj2);
                return lambda$getKeyRotationRequestData$6;
            }
        });
    }

    public Completable k(KeyRotationRequestData keyRotationRequestData, TraceContext traceContext) {
        try {
            Scheduler scheduler = getScheduler();
            KeyManager keyManager = this.keyManager;
            String deviceId = keyRotationRequestData.getDeviceId();
            String newKeyAlias = keyRotationRequestData.getNewKeyAlias();
            Objects.requireNonNull(keyManager);
            return Completable.fromAction(new f(keyManager, deviceId, newKeyAlias, traceContext)).doOnComplete(new r1.c(this, keyRotationRequestData)).subscribeOn(scheduler);
        } catch (ConcurrentException e8) {
            return Completable.error(e8);
        }
    }

    public Completable removeDcgAuthKeyFromKeyStore(@Nullable TraceContext traceContext) {
        if (traceContext == null) {
            traceContext = TelemetryUtils.createNewTraceContext(AuthTelemetryUtils.UNKNOWN_AUTH, AuthTelemetryUtils.CRYPTO_MANAGER_REMOVE_DCG_AUTH_KEY_FROM_KEYSTORE);
        }
        AuthState authState = this.authStorage.getAuthState(EnvironmentMappingUtils.inferEnvironmentFromBuild());
        return authState != null ? this.keyManager.removeKeyPairByKeyAliasIdSpecial(authState.getDeviceId(), traceContext) : Completable.error(new CryptoException(new FileNotFoundException()));
    }

    public Completable removeKeyPair(@NonNull String str, @NonNull TraceContext traceContext) {
        try {
            return this.keyManager.j(str, traceContext).subscribeOn(getScheduler());
        } catch (ConcurrentException e8) {
            return Completable.error(e8);
        }
    }

    public Completable setNewCryptoTrustKey(@NonNull CryptoTrustKeyRotationRequestData cryptoTrustKeyRotationRequestData, @NonNull TraceContext traceContext) {
        try {
            Scheduler scheduler = getScheduler();
            KeyManager keyManager = this.keyManager;
            String selfClientId = cryptoTrustKeyRotationRequestData.getSelfClientId();
            String newSelfKeyAlias = cryptoTrustKeyRotationRequestData.getNewSelfKeyAlias();
            Objects.requireNonNull(keyManager);
            return Completable.fromAction(new f(keyManager, selfClientId, newSelfKeyAlias, traceContext)).subscribeOn(scheduler);
        } catch (ConcurrentException e8) {
            return Completable.error(e8);
        }
    }
}
