package com.microsoft.ngc.aad.sessionApproval.businessLogic;

import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Base64;
import com.microsoft.authenticator.core.common.Strings;
import com.microsoft.authenticator.core.logging.BaseLogger;
import com.microsoft.authenticator.core.protocol.exception.GenericServiceException;
import com.microsoft.authenticator.core.telemetry.TelemetryManager;
import com.microsoft.authenticator.core.telemetry.entities.SharedCoreTelemetryEvent;
import com.microsoft.authenticator.policyChannel.entities.AuthenticatorPolicyChannelState;
import com.microsoft.authenticator.policyChannel.entities.AuthenticatorPolicyChannelStateKt;
import com.microsoft.authenticator.securekeystore.KeystoreCredentialManager;
import com.microsoft.authenticator.securekeystore.entities.KeystoreCredentialException;
import com.microsoft.authenticator.securekeystore.entities.UnrecoverableKeystoreCredentialException;
import com.microsoft.identity.common.java.jwt.AbstractJwtRequest;
import com.microsoft.identity.common.java.jwt.JwtRequestHeader;
import com.microsoft.ngc.aad.sessionApproval.entity.SessionApprovalConstants;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.util.Arrays;
import java.util.Locale;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.StringCompanionObject;
import org.json.JSONException;
import org.json.JSONObject;

/* compiled from: SessionApprovalNgcAssertionUseCase.kt */
/* loaded from: classes5.dex */
public final class SessionApprovalNgcAssertionUseCase {
    private final KeystoreCredentialManager keystoreCredentialManager;
    private final TelemetryManager telemetryManager;

    public SessionApprovalNgcAssertionUseCase(KeystoreCredentialManager keystoreCredentialManager, TelemetryManager telemetryManager) {
        Intrinsics.checkNotNullParameter(keystoreCredentialManager, "keystoreCredentialManager");
        Intrinsics.checkNotNullParameter(telemetryManager, "telemetryManager");
        this.keystoreCredentialManager = keystoreCredentialManager;
        this.telemetryManager = telemetryManager;
    }

    public final String constructNgcAssertion(String upn, String keyId, String nonce, String deviceId, AuthenticatorPolicyChannelState authenticatorPolicyChannelState) throws KeystoreCredentialException, GenericServiceException, UserNotAuthenticatedException {
        Intrinsics.checkNotNullParameter(upn, "upn");
        Intrinsics.checkNotNullParameter(keyId, "keyId");
        Intrinsics.checkNotNullParameter(nonce, "nonce");
        Intrinsics.checkNotNullParameter(deviceId, "deviceId");
        Intrinsics.checkNotNullParameter(authenticatorPolicyChannelState, "authenticatorPolicyChannelState");
        String writeUnsignedJwt$AadRemoteNgcLibrary_release = writeUnsignedJwt$AadRemoteNgcLibrary_release(keyId, upn, nonce, deviceId, authenticatorPolicyChannelState);
        try {
            if (!this.keystoreCredentialManager.containsKey(upn)) {
                BaseLogger.e("Credential manager doesn't contain key for upn");
                throw new UnrecoverableKeystoreCredentialException("Key is not present in storage");
            }
            KeystoreCredentialManager keystoreCredentialManager = this.keystoreCredentialManager;
            byte[] bytes = writeUnsignedJwt$AadRemoteNgcLibrary_release.getBytes(Strings.Utf8Charset);
            Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
            byte[] signRsa = keystoreCredentialManager.signRsa(bytes, upn);
            StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
            String format = String.format(Locale.US, "%s.%s", Arrays.copyOf(new Object[]{writeUnsignedJwt$AadRemoteNgcLibrary_release, Base64.encodeToString(signRsa, 11)}, 2));
            Intrinsics.checkNotNullExpressionValue(format, "format(locale, format, *args)");
            return format;
        } catch (KeyPermanentlyInvalidatedException e) {
            throw new UnrecoverableKeystoreCredentialException(e);
        } catch (UserNotAuthenticatedException e2) {
            BaseLogger.e("User Not Authenticated. Last local auth has expired.");
            this.telemetryManager.trackEvent(SharedCoreTelemetryEvent.SignRSAFailedDueToLocalAuthTimeOut);
            throw e2;
        } catch (InvalidKeyException e3) {
            throw new KeystoreCredentialException(e3);
        }
    }

    public final String writeUnsignedJwt$AadRemoteNgcLibrary_release(String keyId, String upn, String nonce, String deviceId, AuthenticatorPolicyChannelState authenticatorPolicyChannelState) {
        Intrinsics.checkNotNullParameter(keyId, "keyId");
        Intrinsics.checkNotNullParameter(upn, "upn");
        Intrinsics.checkNotNullParameter(nonce, "nonce");
        Intrinsics.checkNotNullParameter(deviceId, "deviceId");
        Intrinsics.checkNotNullParameter(authenticatorPolicyChannelState, "authenticatorPolicyChannelState");
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(AbstractJwtRequest.ClaimNames.TYPE, "JWT");
            jSONObject.put("alg", JwtRequestHeader.ALG_VALUE_RS256);
            jSONObject.put("kid", keyId);
            jSONObject.put(AbstractJwtRequest.ClaimNames.USE, "ngc");
            JSONObject jSONObject2 = new JSONObject();
            long currentTimeMillis = System.currentTimeMillis() / 1000;
            jSONObject2.put("iat", currentTimeMillis);
            jSONObject2.put("exp", 300 + currentTimeMillis);
            jSONObject2.put("iss", upn);
            jSONObject2.put("aud", "");
            jSONObject2.put("scope", "openid aza");
            jSONObject2.put(AbstractJwtRequest.ClaimNames.NONCE, nonce);
            jSONObject2.put("deviceid", deviceId);
            jSONObject2.put(SessionApprovalConstants.APP_STATE_CLAIM, AuthenticatorPolicyChannelStateKt.toBase64EncodedString(authenticatorPolicyChannelState.toProtobuf()));
            StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
            Locale locale = Locale.US;
            String jSONObject3 = jSONObject.toString();
            Intrinsics.checkNotNullExpressionValue(jSONObject3, "jwtHeader.toString()");
            Charset charset = Strings.Utf8Charset;
            byte[] bytes = jSONObject3.getBytes(charset);
            Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
            String jSONObject4 = jSONObject2.toString();
            Intrinsics.checkNotNullExpressionValue(jSONObject4, "jwtClaims.toString()");
            byte[] bytes2 = jSONObject4.getBytes(charset);
            Intrinsics.checkNotNullExpressionValue(bytes2, "this as java.lang.String).getBytes(charset)");
            String format = String.format(locale, "%s.%s", Arrays.copyOf(new Object[]{Base64.encodeToString(bytes, 11), Base64.encodeToString(bytes2, 11)}, 2));
            Intrinsics.checkNotNullExpressionValue(format, "format(locale, format, *args)");
            return format;
        } catch (JSONException e) {
            BaseLogger.e("Error constructing NGC assertion.", e);
            throw new GenericServiceException(e);
        }
    }
}
