package com.microsoft.authenticator.securekeystore;

import android.security.keystore.KeyInfo;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.UserNotAuthenticatedException;
import com.microsoft.authenticator.core.logging.BaseLogger;
import com.microsoft.authenticator.core.telemetry.TelemetryManager;
import com.microsoft.authenticator.core.telemetry.entities.SharedCoreTelemetryEvent;
import com.microsoft.authenticator.core.telemetry.entities.SharedCoreTelemetryProperties;
import com.microsoft.authenticator.securekeystore.businessLogic.EccAsymmetricKeyPairGenerator;
import com.microsoft.authenticator.securekeystore.businessLogic.PublicKeyConvertor;
import com.microsoft.authenticator.securekeystore.businessLogic.RsaAsymmetricKeyPairGenerator;
import com.microsoft.authenticator.securekeystore.businessLogic.SecureKeystoreAccessor;
import com.microsoft.authenticator.securekeystore.entities.KeyGenerationResult;
import com.microsoft.authenticator.securekeystore.entities.KeystoreCredentialException;
import com.microsoft.authenticator.securekeystore.entities.KeystoreOperationParameters;
import com.microsoft.authenticator.securekeystore.entities.UnrecoverableKeystoreCredentialException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Locale;
import java.util.Map;
import java.util.UUID;
import kotlin.TuplesKt;
import kotlin.collections.MapsKt__MapsJVMKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.StringCompanionObject;

/* compiled from: KeystoreCredentialManager.kt */
/* loaded from: classes3.dex */
public final class KeystoreCredentialManager {
    private final EccAsymmetricKeyPairGenerator eccKeyPairGenerator;
    private final PublicKeyConvertor publicKeyConvertor;
    private final RsaAsymmetricKeyPairGenerator rsaKeyPairGenerator;
    private final SecureKeystoreAccessor secureKeystoreAccessor;
    private final TelemetryManager telemetryManager;

    public KeystoreCredentialManager(SecureKeystoreAccessor secureKeystoreAccessor, PublicKeyConvertor publicKeyConvertor, RsaAsymmetricKeyPairGenerator rsaKeyPairGenerator, EccAsymmetricKeyPairGenerator eccKeyPairGenerator, TelemetryManager telemetryManager) {
        Intrinsics.checkNotNullParameter(secureKeystoreAccessor, "secureKeystoreAccessor");
        Intrinsics.checkNotNullParameter(publicKeyConvertor, "publicKeyConvertor");
        Intrinsics.checkNotNullParameter(rsaKeyPairGenerator, "rsaKeyPairGenerator");
        Intrinsics.checkNotNullParameter(eccKeyPairGenerator, "eccKeyPairGenerator");
        Intrinsics.checkNotNullParameter(telemetryManager, "telemetryManager");
        this.secureKeystoreAccessor = secureKeystoreAccessor;
        this.publicKeyConvertor = publicKeyConvertor;
        this.rsaKeyPairGenerator = rsaKeyPairGenerator;
        this.eccKeyPairGenerator = eccKeyPairGenerator;
        this.telemetryManager = telemetryManager;
    }

    private final KeyInfo getKeyInfo(String str) {
        Map<String, String> mapOf;
        Map<String, String> mapOf2;
        PrivateKey signingKey = this.secureKeystoreAccessor.getSigningKey(str);
        if (signingKey == null) {
            TelemetryManager telemetryManager = this.telemetryManager;
            SharedCoreTelemetryEvent sharedCoreTelemetryEvent = SharedCoreTelemetryEvent.AadNgcGetSecurityLevelOfKeyFailed;
            mapOf2 = MapsKt__MapsJVMKt.mapOf(TuplesKt.to(SharedCoreTelemetryProperties.Cause, "Key is null"));
            telemetryManager.trackEvent(sharedCoreTelemetryEvent, mapOf2);
            return null;
        }
        KeyInfo keyInfo = (KeyInfo) KeyFactory.getInstance(signingKey.getAlgorithm()).getKeySpec(signingKey, KeyInfo.class);
        if (keyInfo != null) {
            return keyInfo;
        }
        TelemetryManager telemetryManager2 = this.telemetryManager;
        SharedCoreTelemetryEvent sharedCoreTelemetryEvent2 = SharedCoreTelemetryEvent.AadNgcGetSecurityLevelOfKeyFailed;
        mapOf = MapsKt__MapsJVMKt.mapOf(TuplesKt.to(SharedCoreTelemetryProperties.Cause, "KeyInfo is null"));
        telemetryManager2.trackEvent(sharedCoreTelemetryEvent2, mapOf);
        return null;
    }

    private final byte[] signInternal(String str, byte[] bArr, String str2) throws KeystoreCredentialException, UserNotAuthenticatedException, KeyPermanentlyInvalidatedException, InvalidKeyException {
        try {
            PrivateKey signingKey = this.secureKeystoreAccessor.getSigningKey(str);
            if (signingKey == null) {
                throw new KeystoreCredentialException("Key was absent or keystore interaction failed.");
            }
            Signature signature = Signature.getInstance(str2);
            signature.initSign(signingKey);
            signature.update(bArr);
            byte[] sign = signature.sign();
            Intrinsics.checkNotNullExpressionValue(sign, "{\n            val signin…geSigner.sign()\n        }");
            return sign;
        } catch (SignatureException e) {
            throw new KeystoreCredentialException("Signature instance was improperly initialized.", e);
        } catch (UnrecoverableEntryException e2) {
            throw new UnrecoverableKeystoreCredentialException("Key cannot be retried from keystore at all.", e2);
        }
    }

    public final boolean containsKey(String accountId) {
        Intrinsics.checkNotNullParameter(accountId, "accountId");
        StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
        String format = String.format(Locale.US, KeystoreOperationParameters.KEY_PAIR_ALIAS_FORMAT, Arrays.copyOf(new Object[]{accountId}, 1));
        Intrinsics.checkNotNullExpressionValue(format, "format(locale, format, *args)");
        return this.secureKeystoreAccessor.containsKey(format);
    }

    public final void deleteKeyPair(String keyPairAlias) {
        Intrinsics.checkNotNullParameter(keyPairAlias, "keyPairAlias");
        BaseLogger.i("Deleting NGC KeyPair. keyPairAlias = " + keyPairAlias);
        this.secureKeystoreAccessor.deleteKey(keyPairAlias);
    }

    public final void deleteRsaKeyPair(String username) {
        Intrinsics.checkNotNullParameter(username, "username");
        BaseLogger.i("Deleting RSA NGC KeyPair. username = " + username);
        StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
        String format = String.format(Locale.US, KeystoreOperationParameters.KEY_PAIR_ALIAS_FORMAT, Arrays.copyOf(new Object[]{username}, 1));
        Intrinsics.checkNotNullExpressionValue(format, "format(locale, format, *args)");
        this.secureKeystoreAccessor.deleteKey(format);
    }

    public final byte[] exportPublicKeyAsRsaBCryptBlob(RSAPublicKey publicKey) {
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        return this.publicKeyConvertor.exportPublicKeyAsRsaBCryptBlob(publicKey);
    }

    public final KeyGenerationResult generateEccKeyPair() {
        BaseLogger.i("Attempting to generate ECC keypair.");
        UUID randomUUID = UUID.randomUUID();
        EccAsymmetricKeyPairGenerator eccAsymmetricKeyPairGenerator = this.eccKeyPairGenerator;
        String uuid = randomUUID.toString();
        Intrinsics.checkNotNullExpressionValue(uuid, "keyPairAlias.toString()");
        return eccAsymmetricKeyPairGenerator.generateKeyPair(uuid);
    }

    public final KeyGenerationResult generateRsaKeyPair(String accountId) {
        Intrinsics.checkNotNullParameter(accountId, "accountId");
        BaseLogger.i("Attempting to generate RSA keypair.");
        StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
        String format = String.format(Locale.US, KeystoreOperationParameters.KEY_PAIR_ALIAS_FORMAT, Arrays.copyOf(new Object[]{accountId}, 1));
        Intrinsics.checkNotNullExpressionValue(format, "format(locale, format, *args)");
        return this.rsaKeyPairGenerator.generateKeyPair(format);
    }

    public final Boolean getIsInsideSecureHardwareOfKey(String keyPairAlias) {
        Intrinsics.checkNotNullParameter(keyPairAlias, "keyPairAlias");
        KeyInfo keyInfo = getKeyInfo(keyPairAlias);
        if (keyInfo == null) {
            return null;
        }
        return Boolean.valueOf(keyInfo.isInsideSecureHardware());
    }

    public final PublicKey getPublicKey(String accountId) throws UnrecoverableKeystoreCredentialException {
        Intrinsics.checkNotNullParameter(accountId, "accountId");
        StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
        String format = String.format(Locale.US, KeystoreOperationParameters.KEY_PAIR_ALIAS_FORMAT, Arrays.copyOf(new Object[]{accountId}, 1));
        Intrinsics.checkNotNullExpressionValue(format, "format(locale, format, *args)");
        try {
            return this.secureKeystoreAccessor.getPublicKey(format);
        } catch (UnrecoverableEntryException e) {
            throw new UnrecoverableKeystoreCredentialException("Could not retrieve key from keystore.", e);
        }
    }

    public final PublicKey getPublicKey(UUID keyId) throws UnrecoverableKeystoreCredentialException {
        Intrinsics.checkNotNullParameter(keyId, "keyId");
        try {
            SecureKeystoreAccessor secureKeystoreAccessor = this.secureKeystoreAccessor;
            String uuid = keyId.toString();
            Intrinsics.checkNotNullExpressionValue(uuid, "keyId.toString()");
            return secureKeystoreAccessor.getPublicKey(uuid);
        } catch (UnrecoverableEntryException e) {
            throw new UnrecoverableKeystoreCredentialException("Could not retrieve key: " + keyId + " from keystore.", e);
        }
    }

    public final Integer getSecurityLevelOfKeyAboveApi31(String keyPairAlias) {
        int securityLevel;
        Map<String, String> mapOf;
        Intrinsics.checkNotNullParameter(keyPairAlias, "keyPairAlias");
        KeyInfo keyInfo = getKeyInfo(keyPairAlias);
        if (keyInfo == null) {
            return null;
        }
        try {
            securityLevel = keyInfo.getSecurityLevel();
            TelemetryManager telemetryManager = this.telemetryManager;
            SharedCoreTelemetryEvent sharedCoreTelemetryEvent = SharedCoreTelemetryEvent.AadNgcGetSecurityLevelOfKeySuccess;
            mapOf = MapsKt__MapsJVMKt.mapOf(TuplesKt.to("Result", String.valueOf(securityLevel)));
            telemetryManager.trackEvent(sharedCoreTelemetryEvent, mapOf);
            return Integer.valueOf(securityLevel);
        } catch (Exception e) {
            BaseLogger.e("Exception countered while trying to get security level: ", e);
            this.telemetryManager.trackEvent(SharedCoreTelemetryEvent.AadNgcGetSecurityLevelOfKeyFailed, e);
            return null;
        }
    }

    public final byte[] signEcc(UUID keyId, byte[] challenge) throws KeystoreCredentialException, UserNotAuthenticatedException, KeyPermanentlyInvalidatedException, InvalidKeyException {
        Intrinsics.checkNotNullParameter(keyId, "keyId");
        Intrinsics.checkNotNullParameter(challenge, "challenge");
        BaseLogger.i("Using ECC-based Private Key to sign NGC challenge. keyId = " + keyId);
        String uuid = keyId.toString();
        Intrinsics.checkNotNullExpressionValue(uuid, "keyId.toString()");
        return signInternal(uuid, challenge, KeystoreOperationParameters.ECC_SIGNATURE_ALGORITHM);
    }

    public final byte[] signRsa(byte[] challenge, String accountId) throws KeystoreCredentialException, UserNotAuthenticatedException, KeyPermanentlyInvalidatedException, InvalidKeyException {
        Intrinsics.checkNotNullParameter(challenge, "challenge");
        Intrinsics.checkNotNullParameter(accountId, "accountId");
        BaseLogger.i("Using RSA-based Private Key to sign NGC challenge.");
        StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
        String format = String.format(Locale.US, KeystoreOperationParameters.KEY_PAIR_ALIAS_FORMAT, Arrays.copyOf(new Object[]{accountId}, 1));
        Intrinsics.checkNotNullExpressionValue(format, "format(locale, format, *args)");
        return signInternal(format, challenge, KeystoreOperationParameters.RSA_SIGNATURE_ALGORITHM);
    }
}
