package com.microsoft.authenticator.securekeystore;

import Nt.y;
import android.security.keystore.KeyInfo;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.UserNotAuthenticatedException;
import com.microsoft.authenticator.core.logging.BaseLogger;
import com.microsoft.authenticator.core.telemetry.PiiGuard;
import com.microsoft.authenticator.core.telemetry.TelemetryManager;
import com.microsoft.authenticator.core.telemetry.entities.SharedCoreTelemetryEvent;
import com.microsoft.authenticator.core.telemetry.entities.SharedCoreTelemetryProperties;
import com.microsoft.authenticator.securekeystore.businessLogic.EccAsymmetricKeyPairGenerator;
import com.microsoft.authenticator.securekeystore.businessLogic.PublicKeyConvertor;
import com.microsoft.authenticator.securekeystore.businessLogic.RsaAsymmetricKeyPairGenerator;
import com.microsoft.authenticator.securekeystore.businessLogic.SecureKeystoreAccessor;
import com.microsoft.authenticator.securekeystore.entities.KeyGenerationResult;
import com.microsoft.authenticator.securekeystore.entities.KeystoreCredentialException;
import com.microsoft.authenticator.securekeystore.entities.KeystoreOperationParameters;
import com.microsoft.authenticator.securekeystore.entities.UnrecoverableKeystoreCredentialException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Locale;
import java.util.UUID;
import kotlin.Metadata;
import kotlin.collections.S;
import kotlin.jvm.internal.C12674t;
import kotlin.jvm.internal.V;

@Metadata(d1 = {"\u0000\u0082\u0001\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0012\n\u0002\b\u0004\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\b\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\b\u0018\u00002\u00020\u0001B1\b\u0007\u0012\u0006\u0010\u0003\u001a\u00020\u0002\u0012\u0006\u0010\u0005\u001a\u00020\u0004\u0012\u0006\u0010\u0007\u001a\u00020\u0006\u0012\u0006\u0010\t\u001a\u00020\b\u0012\u0006\u0010\u000b\u001a\u00020\n¢\u0006\u0004\b\f\u0010\rJ\u0019\u0010\u0011\u001a\u0004\u0018\u00010\u00102\u0006\u0010\u000f\u001a\u00020\u000eH\u0002¢\u0006\u0004\b\u0011\u0010\u0012J'\u0010\u0017\u001a\u00020\u00142\u0006\u0010\u0013\u001a\u00020\u000e2\u0006\u0010\u0015\u001a\u00020\u00142\u0006\u0010\u0016\u001a\u00020\u000eH\u0002¢\u0006\u0004\b\u0017\u0010\u0018J\u0017\u0010\u001a\u001a\u0004\u0018\u00010\u00192\u0006\u0010\u000f\u001a\u00020\u000e¢\u0006\u0004\b\u001a\u0010\u001bJ\u0019\u0010\u001d\u001a\u0004\u0018\u00010\u001c2\u0006\u0010\u000f\u001a\u00020\u000eH\u0007¢\u0006\u0004\b\u001d\u0010\u001eJ\u0015\u0010 \u001a\u00020\u00192\u0006\u0010\u001f\u001a\u00020\u000e¢\u0006\u0004\b \u0010!J\u0015\u0010#\u001a\u00020\"2\u0006\u0010\u001f\u001a\u00020\u000e¢\u0006\u0004\b#\u0010$J\r\u0010%\u001a\u00020\"¢\u0006\u0004\b%\u0010&J\u0015\u0010(\u001a\u00020\"2\u0006\u0010'\u001a\u00020\u0014¢\u0006\u0004\b(\u0010)J\u0015\u0010,\u001a\u00020+2\u0006\u0010*\u001a\u00020\u000e¢\u0006\u0004\b,\u0010-J\u0015\u0010.\u001a\u00020+2\u0006\u0010\u000f\u001a\u00020\u000e¢\u0006\u0004\b.\u0010-J\u001d\u0010/\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u00142\u0006\u0010\u001f\u001a\u00020\u000e¢\u0006\u0004\b/\u00100J\u001d\u00102\u001a\u00020\u00142\u0006\u0010\u0013\u001a\u0002012\u0006\u0010\u0015\u001a\u00020\u0014¢\u0006\u0004\b2\u00103J\u0017\u00105\u001a\u0004\u0018\u0001042\u0006\u0010\u001f\u001a\u00020\u000e¢\u0006\u0004\b5\u00106J\u0017\u00105\u001a\u0004\u0018\u0001042\u0006\u0010\u0013\u001a\u000201¢\u0006\u0004\b5\u00107J\u0017\u0010:\u001a\u0004\u0018\u00010\u00142\u0006\u00109\u001a\u000208¢\u0006\u0004\b:\u0010;J\u001d\u0010>\u001a\n\u0012\u0004\u0012\u00020=\u0018\u00010<2\u0006\u0010\u0013\u001a\u00020\u000e¢\u0006\u0004\b>\u0010?R\u0014\u0010\u0003\u001a\u00020\u00028\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0003\u0010@R\u0014\u0010\u0005\u001a\u00020\u00048\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0005\u0010AR\u0014\u0010\u0007\u001a\u00020\u00068\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0007\u0010BR\u0014\u0010\t\u001a\u00020\b8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\t\u0010CR\u0014\u0010\u000b\u001a\u00020\n8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u000b\u0010D¨\u0006E"}, d2 = {"Lcom/microsoft/authenticator/securekeystore/KeystoreCredentialManager;", "", "Lcom/microsoft/authenticator/securekeystore/businessLogic/SecureKeystoreAccessor;", "secureKeystoreAccessor", "Lcom/microsoft/authenticator/securekeystore/businessLogic/PublicKeyConvertor;", "publicKeyConvertor", "Lcom/microsoft/authenticator/securekeystore/businessLogic/RsaAsymmetricKeyPairGenerator;", "rsaKeyPairGenerator", "Lcom/microsoft/authenticator/securekeystore/businessLogic/EccAsymmetricKeyPairGenerator;", "eccKeyPairGenerator", "Lcom/microsoft/authenticator/core/telemetry/TelemetryManager;", "telemetryManager", "<init>", "(Lcom/microsoft/authenticator/securekeystore/businessLogic/SecureKeystoreAccessor;Lcom/microsoft/authenticator/securekeystore/businessLogic/PublicKeyConvertor;Lcom/microsoft/authenticator/securekeystore/businessLogic/RsaAsymmetricKeyPairGenerator;Lcom/microsoft/authenticator/securekeystore/businessLogic/EccAsymmetricKeyPairGenerator;Lcom/microsoft/authenticator/core/telemetry/TelemetryManager;)V", "", "keyPairAlias", "Landroid/security/keystore/KeyInfo;", "getKeyInfo", "(Ljava/lang/String;)Landroid/security/keystore/KeyInfo;", "keyId", "", "challenge", "algorithm", "signInternal", "(Ljava/lang/String;[BLjava/lang/String;)[B", "", "getIsInsideSecureHardwareOfKey", "(Ljava/lang/String;)Ljava/lang/Boolean;", "", "getSecurityLevelOfKeyAboveApi31", "(Ljava/lang/String;)Ljava/lang/Integer;", "accountId", "containsKey", "(Ljava/lang/String;)Z", "Lcom/microsoft/authenticator/securekeystore/entities/KeyGenerationResult;", "generateRsaKeyPair", "(Ljava/lang/String;)Lcom/microsoft/authenticator/securekeystore/entities/KeyGenerationResult;", "generateEccKeyPair", "()Lcom/microsoft/authenticator/securekeystore/entities/KeyGenerationResult;", "attestationChallenge", "generateAttestedEccKeyPair", "([B)Lcom/microsoft/authenticator/securekeystore/entities/KeyGenerationResult;", "username", "LNt/I;", "deleteRsaKeyPair", "(Ljava/lang/String;)V", "deleteKeyPair", "signRsa", "([BLjava/lang/String;)[B", "Ljava/util/UUID;", "signEcc", "(Ljava/util/UUID;[B)[B", "Ljava/security/PublicKey;", "getPublicKey", "(Ljava/lang/String;)Ljava/security/PublicKey;", "(Ljava/util/UUID;)Ljava/security/PublicKey;", "Ljava/security/interfaces/RSAPublicKey;", "publicKey", "exportPublicKeyAsRsaBCryptBlob", "(Ljava/security/interfaces/RSAPublicKey;)[B", "", "Ljava/security/cert/Certificate;", "getAliasCertificateChain", "(Ljava/lang/String;)[Ljava/security/cert/Certificate;", "Lcom/microsoft/authenticator/securekeystore/businessLogic/SecureKeystoreAccessor;", "Lcom/microsoft/authenticator/securekeystore/businessLogic/PublicKeyConvertor;", "Lcom/microsoft/authenticator/securekeystore/businessLogic/RsaAsymmetricKeyPairGenerator;", "Lcom/microsoft/authenticator/securekeystore/businessLogic/EccAsymmetricKeyPairGenerator;", "Lcom/microsoft/authenticator/core/telemetry/TelemetryManager;", "SecureKeystoreLibrary_release"}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes6.dex */
public final class KeystoreCredentialManager {
    private final EccAsymmetricKeyPairGenerator eccKeyPairGenerator;
    private final PublicKeyConvertor publicKeyConvertor;
    private final RsaAsymmetricKeyPairGenerator rsaKeyPairGenerator;
    private final SecureKeystoreAccessor secureKeystoreAccessor;
    private final TelemetryManager telemetryManager;

    public KeystoreCredentialManager(SecureKeystoreAccessor secureKeystoreAccessor, PublicKeyConvertor publicKeyConvertor, RsaAsymmetricKeyPairGenerator rsaKeyPairGenerator, EccAsymmetricKeyPairGenerator eccKeyPairGenerator, TelemetryManager telemetryManager) {
        C12674t.j(secureKeystoreAccessor, "secureKeystoreAccessor");
        C12674t.j(publicKeyConvertor, "publicKeyConvertor");
        C12674t.j(rsaKeyPairGenerator, "rsaKeyPairGenerator");
        C12674t.j(eccKeyPairGenerator, "eccKeyPairGenerator");
        C12674t.j(telemetryManager, "telemetryManager");
        this.secureKeystoreAccessor = secureKeystoreAccessor;
        this.publicKeyConvertor = publicKeyConvertor;
        this.rsaKeyPairGenerator = rsaKeyPairGenerator;
        this.eccKeyPairGenerator = eccKeyPairGenerator;
        this.telemetryManager = telemetryManager;
    }

    private final KeyInfo getKeyInfo(String keyPairAlias) {
        PrivateKey signingKey = this.secureKeystoreAccessor.getSigningKey(keyPairAlias);
        if (signingKey == null) {
            this.telemetryManager.trackEvent(SharedCoreTelemetryEvent.AadNgcGetSecurityLevelOfKeyFailed, S.f(y.a(SharedCoreTelemetryProperties.Cause, "Key is null")));
            return null;
        }
        KeyInfo keyInfo = (KeyInfo) KeyFactory.getInstance(signingKey.getAlgorithm()).getKeySpec(signingKey, KeyInfo.class);
        if (keyInfo != null) {
            return keyInfo;
        }
        this.telemetryManager.trackEvent(SharedCoreTelemetryEvent.AadNgcGetSecurityLevelOfKeyFailed, S.f(y.a(SharedCoreTelemetryProperties.Cause, "KeyInfo is null")));
        return null;
    }

    private final byte[] signInternal(String keyId, byte[] challenge, String algorithm) throws KeystoreCredentialException, UserNotAuthenticatedException, KeyPermanentlyInvalidatedException, InvalidKeyException {
        try {
            PrivateKey signingKey = this.secureKeystoreAccessor.getSigningKey(keyId);
            if (signingKey == null) {
                throw new KeystoreCredentialException("Key was absent or keystore interaction failed.");
            }
            Signature signature = Signature.getInstance(algorithm);
            signature.initSign(signingKey);
            signature.update(challenge);
            byte[] sign = signature.sign();
            C12674t.i(sign, "{\n            val signin…geSigner.sign()\n        }");
            return sign;
        } catch (SignatureException e10) {
            throw new KeystoreCredentialException("Signature instance was improperly initialized.", e10);
        } catch (UnrecoverableEntryException e11) {
            throw new UnrecoverableKeystoreCredentialException("Key cannot be retried from keystore at all.", e11);
        }
    }

    public final boolean containsKey(String accountId) {
        C12674t.j(accountId, "accountId");
        V v10 = V.f133091a;
        String format = String.format(Locale.US, KeystoreOperationParameters.KEY_PAIR_ALIAS_FORMAT, Arrays.copyOf(new Object[]{accountId}, 1));
        C12674t.i(format, "format(locale, format, *args)");
        return this.secureKeystoreAccessor.containsKey(format);
    }

    public final void deleteKeyPair(String keyPairAlias) {
        C12674t.j(keyPairAlias, "keyPairAlias");
        BaseLogger.i("Deleting NGC KeyPair. keyPairAlias:" + PiiGuard.INSTANCE.maskString(keyPairAlias));
        this.secureKeystoreAccessor.deleteKey(keyPairAlias);
    }

    public final void deleteRsaKeyPair(String username) {
        C12674t.j(username, "username");
        BaseLogger.i(" Deleting RSA NGC KeyPair. Username:" + PiiGuard.INSTANCE.maskString(username));
        V v10 = V.f133091a;
        String format = String.format(Locale.US, KeystoreOperationParameters.KEY_PAIR_ALIAS_FORMAT, Arrays.copyOf(new Object[]{username}, 1));
        C12674t.i(format, "format(locale, format, *args)");
        this.secureKeystoreAccessor.deleteKey(format);
    }

    public final byte[] exportPublicKeyAsRsaBCryptBlob(RSAPublicKey publicKey) {
        C12674t.j(publicKey, "publicKey");
        return this.publicKeyConvertor.exportPublicKeyAsRsaBCryptBlob(publicKey);
    }

    public final KeyGenerationResult generateAttestedEccKeyPair(byte[] attestationChallenge) {
        C12674t.j(attestationChallenge, "attestationChallenge");
        BaseLogger.i("Attempting to generate attested ECC keypair.");
        UUID randomUUID = UUID.randomUUID();
        EccAsymmetricKeyPairGenerator eccAsymmetricKeyPairGenerator = this.eccKeyPairGenerator;
        String uuid = randomUUID.toString();
        C12674t.i(uuid, "keyPairAlias.toString()");
        return eccAsymmetricKeyPairGenerator.generateAttestedKeyPair(uuid, attestationChallenge);
    }

    public final KeyGenerationResult generateEccKeyPair() {
        BaseLogger.i("Attempting to generate ECC keypair.");
        UUID randomUUID = UUID.randomUUID();
        EccAsymmetricKeyPairGenerator eccAsymmetricKeyPairGenerator = this.eccKeyPairGenerator;
        String uuid = randomUUID.toString();
        C12674t.i(uuid, "keyPairAlias.toString()");
        return eccAsymmetricKeyPairGenerator.generateKeyPair(uuid);
    }

    public final KeyGenerationResult generateRsaKeyPair(String accountId) {
        C12674t.j(accountId, "accountId");
        BaseLogger.i("Attempting to generate RSA keypair.");
        V v10 = V.f133091a;
        String format = String.format(Locale.US, KeystoreOperationParameters.KEY_PAIR_ALIAS_FORMAT, Arrays.copyOf(new Object[]{accountId}, 1));
        C12674t.i(format, "format(locale, format, *args)");
        return this.rsaKeyPairGenerator.generateKeyPair(format);
    }

    public final Certificate[] getAliasCertificateChain(String keyId) {
        C12674t.j(keyId, "keyId");
        try {
            BaseLogger.i("Try to fetch certificate chain from android keystore.");
            Certificate[] aliasCertificateChain = this.secureKeystoreAccessor.getAliasCertificateChain(keyId);
            if (aliasCertificateChain != null) {
                BaseLogger.i("Successfully fetched certificate chain from android keystore.");
            } else {
                BaseLogger.e("Keystore could not find certificate chain related to given keyId.");
            }
            return aliasCertificateChain;
        } catch (KeyStoreException e10) {
            BaseLogger.e("KeyStore is not initialized", e10);
            throw e10;
        }
    }

    public final Boolean getIsInsideSecureHardwareOfKey(String keyPairAlias) {
        C12674t.j(keyPairAlias, "keyPairAlias");
        KeyInfo keyInfo = getKeyInfo(keyPairAlias);
        if (keyInfo == null) {
            return null;
        }
        return Boolean.valueOf(keyInfo.isInsideSecureHardware());
    }

    public final PublicKey getPublicKey(String accountId) throws UnrecoverableKeystoreCredentialException {
        C12674t.j(accountId, "accountId");
        V v10 = V.f133091a;
        String format = String.format(Locale.US, KeystoreOperationParameters.KEY_PAIR_ALIAS_FORMAT, Arrays.copyOf(new Object[]{accountId}, 1));
        C12674t.i(format, "format(locale, format, *args)");
        try {
            return this.secureKeystoreAccessor.getPublicKey(format);
        } catch (UnrecoverableEntryException e10) {
            throw new UnrecoverableKeystoreCredentialException("Could not retrieve key from keystore.", e10);
        }
    }

    public final PublicKey getPublicKey(UUID keyId) throws UnrecoverableKeystoreCredentialException {
        C12674t.j(keyId, "keyId");
        try {
            SecureKeystoreAccessor secureKeystoreAccessor = this.secureKeystoreAccessor;
            String uuid = keyId.toString();
            C12674t.i(uuid, "keyId.toString()");
            return secureKeystoreAccessor.getPublicKey(uuid);
        } catch (UnrecoverableEntryException e10) {
            throw new UnrecoverableKeystoreCredentialException("Could not retrieve key: " + keyId + " from keystore.", e10);
        }
    }

    public final Integer getSecurityLevelOfKeyAboveApi31(String keyPairAlias) {
        int securityLevel;
        C12674t.j(keyPairAlias, "keyPairAlias");
        KeyInfo keyInfo = getKeyInfo(keyPairAlias);
        if (keyInfo == null) {
            return null;
        }
        try {
            securityLevel = keyInfo.getSecurityLevel();
            this.telemetryManager.trackEvent(SharedCoreTelemetryEvent.AadNgcGetSecurityLevelOfKeySuccess, S.f(y.a("Result", String.valueOf(securityLevel))));
            return Integer.valueOf(securityLevel);
        } catch (Exception e10) {
            BaseLogger.e("Exception countered while trying to get security level: ", e10);
            this.telemetryManager.trackEvent(SharedCoreTelemetryEvent.AadNgcGetSecurityLevelOfKeyFailed, e10);
            return null;
        }
    }

    public final byte[] signEcc(UUID keyId, byte[] challenge) throws KeystoreCredentialException, UserNotAuthenticatedException, KeyPermanentlyInvalidatedException, InvalidKeyException {
        C12674t.j(keyId, "keyId");
        C12674t.j(challenge, "challenge");
        BaseLogger.i("Using ECC-based Private Key to sign NGC challenge. keyId = " + keyId);
        String uuid = keyId.toString();
        C12674t.i(uuid, "keyId.toString()");
        return signInternal(uuid, challenge, KeystoreOperationParameters.ECC_SIGNATURE_ALGORITHM);
    }

    public final byte[] signRsa(byte[] challenge, String accountId) throws KeystoreCredentialException, UserNotAuthenticatedException, KeyPermanentlyInvalidatedException, InvalidKeyException {
        C12674t.j(challenge, "challenge");
        C12674t.j(accountId, "accountId");
        BaseLogger.i("Using RSA-based Private Key to sign NGC challenge.");
        V v10 = V.f133091a;
        String format = String.format(Locale.US, KeystoreOperationParameters.KEY_PAIR_ALIAS_FORMAT, Arrays.copyOf(new Object[]{accountId}, 1));
        C12674t.i(format, "format(locale, format, *args)");
        return signInternal(format, challenge, KeystoreOperationParameters.RSA_SIGNATURE_ALGORITHM);
    }
}
