package com.microsoft.authenticator.securekeystore.businessLogic;

import Nt.y;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.StrongBoxUnavailableException;
import com.microsoft.authenticator.core.configuration.ExperimentationFeatureFlag;
import com.microsoft.authenticator.core.logging.BaseLogger;
import com.microsoft.authenticator.core.telemetry.entities.SharedCoreTelemetryEvent;
import com.microsoft.authenticator.core.telemetry.entities.SharedCoreTelemetryProperties;
import com.microsoft.authenticator.securekeystore.entities.KeyGenerationResult;
import com.microsoft.authenticator.securekeystore.entities.KeystoreOperationParameters;
import com.microsoft.identity.common.java.crypto.key.KeyUtil;
import com.microsoft.identity.common.java.telemetry.TelemetryEventStrings;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.util.Date;
import java.util.HashMap;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.collections.S;
import kotlin.jvm.internal.C12674t;

@Metadata(d1 = {"\u0000`\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0003\b&\u0018\u00002\u00020\u0001B\u0007¢\u0006\u0004\b\u0002\u0010\u0003J\u0017\u0010\u0007\u001a\u00020\u00062\u0006\u0010\u0005\u001a\u00020\u0004H\u0002¢\u0006\u0004\b\u0007\u0010\bJ\u0017\u0010\f\u001a\u00020\u000b2\u0006\u0010\n\u001a\u00020\tH&¢\u0006\u0004\b\f\u0010\rJ\u001f\u0010\u0010\u001a\u00020\u000b2\u0006\u0010\n\u001a\u00020\t2\u0006\u0010\u000f\u001a\u00020\u000eH&¢\u0006\u0004\b\u0010\u0010\u0011J9\u0010\u0017\u001a\u00020\u00162\u0006\u0010\u0013\u001a\u00020\u00122\u0006\u0010\n\u001a\u00020\t2\u0006\u0010\u0014\u001a\u00020\u00062\u0006\u0010\u0015\u001a\u00020\u00062\b\u0010\u000f\u001a\u0004\u0018\u00010\u000eH&¢\u0006\u0004\b\u0017\u0010\u0018J?\u0010\u001f\u001a\u00020\u001e2\u0006\u0010\u001a\u001a\u00020\u00192&\u0010\u001d\u001a\"\u0012\u0004\u0012\u00020\t\u0012\u0004\u0012\u00020\t\u0018\u00010\u001bj\u0010\u0012\u0004\u0012\u00020\t\u0012\u0004\u0012\u00020\t\u0018\u0001`\u001cH&¢\u0006\u0004\b\u001f\u0010 J'\u0010!\u001a\u00020\u000b2\u0006\u0010\u0013\u001a\u00020\u00122\u0006\u0010\n\u001a\u00020\t2\b\u0010\u000f\u001a\u0004\u0018\u00010\u000e¢\u0006\u0004\b!\u0010\"J%\u0010$\u001a\u00020#2\u0006\u0010\n\u001a\u00020\t2\u0006\u0010\u0014\u001a\u00020\u00062\u0006\u0010\u0015\u001a\u00020\u0006¢\u0006\u0004\b$\u0010%¨\u0006&"}, d2 = {"Lcom/microsoft/authenticator/securekeystore/businessLogic/AsymmetricKeyPairGenerateStrategy;", "", "<init>", "()V", "Ljava/security/PrivateKey;", "key", "", "checkIfKeyIsHardwareBacked", "(Ljava/security/PrivateKey;)Z", "", "keyPairAlias", "Lcom/microsoft/authenticator/securekeystore/entities/KeyGenerationResult;", "generateKeyPair", "(Ljava/lang/String;)Lcom/microsoft/authenticator/securekeystore/entities/KeyGenerationResult;", "", "attestationChallenge", "generateAttestedKeyPair", "(Ljava/lang/String;[B)Lcom/microsoft/authenticator/securekeystore/entities/KeyGenerationResult;", "Ljava/security/KeyPairGenerator;", "keyPairGenerator", "requireUserAuthentication", "useStrongBoxKeymaster", "Ljava/security/KeyPair;", "getGeneratedKeyPair", "(Ljava/security/KeyPairGenerator;Ljava/lang/String;ZZ[B)Ljava/security/KeyPair;", "Lcom/microsoft/authenticator/core/telemetry/entities/SharedCoreTelemetryEvent;", "eventName", "Ljava/util/HashMap;", "Lkotlin/collections/HashMap;", "eventProperties", "LNt/I;", "sendTelemetryEvent", "(Lcom/microsoft/authenticator/core/telemetry/entities/SharedCoreTelemetryEvent;Ljava/util/HashMap;)V", "tryGenerateMostSecureKeyPairInternal", "(Ljava/security/KeyPairGenerator;Ljava/lang/String;[B)Lcom/microsoft/authenticator/securekeystore/entities/KeyGenerationResult;", "Landroid/security/keystore/KeyGenParameterSpec$Builder;", "getKeyGenParameterSpecBuilder", "(Ljava/lang/String;ZZ)Landroid/security/keystore/KeyGenParameterSpec$Builder;", "SecureKeystoreLibrary_release"}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes6.dex */
public abstract class AsymmetricKeyPairGenerateStrategy {
    private final boolean checkIfKeyIsHardwareBacked(PrivateKey key) {
        try {
            return ((KeyInfo) KeyFactory.getInstance(key.getAlgorithm(), "AndroidKeyStore").getKeySpec(key, KeyInfo.class)).isInsideSecureHardware();
        } catch (Exception e10) {
            BaseLogger.e("Error checking if private key is hardware-backed.", e10);
            return false;
        }
    }

    public abstract KeyGenerationResult generateAttestedKeyPair(String keyPairAlias, byte[] attestationChallenge);

    public abstract KeyGenerationResult generateKeyPair(String keyPairAlias);

    public abstract KeyPair getGeneratedKeyPair(KeyPairGenerator keyPairGenerator, String keyPairAlias, boolean requireUserAuthentication, boolean useStrongBoxKeymaster, byte[] attestationChallenge);

    public final KeyGenParameterSpec.Builder getKeyGenParameterSpecBuilder(String keyPairAlias, boolean requireUserAuthentication, boolean useStrongBoxKeymaster) {
        C12674t.j(keyPairAlias, "keyPairAlias");
        KeyGenParameterSpec.Builder certificateSubject = new KeyGenParameterSpec.Builder(keyPairAlias, 4).setDigests(KeyUtil.HMAC_KEY_HASH_ALGORITHM).setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(new Date()).setCertificateSubject(new X500Principal(KeystoreOperationParameters.KEY_PAIR_CERT_SUBJECT));
        C12674t.i(certificateSubject, "Builder(keyPairAlias, Ke…s.KEY_PAIR_CERT_SUBJECT))");
        if (requireUserAuthentication) {
            certificateSubject.setUserAuthenticationRequired(true);
            if (Build.VERSION.SDK_INT >= 30) {
                certificateSubject.setUserAuthenticationParameters(30, 3);
            } else {
                certificateSubject.setUserAuthenticationValidityDurationSeconds(30);
            }
        }
        if (useStrongBoxKeymaster) {
            certificateSubject.setIsStrongBoxBacked(true);
        }
        return certificateSubject;
    }

    public abstract void sendTelemetryEvent(SharedCoreTelemetryEvent eventName, HashMap<String, String> eventProperties);

    public final KeyGenerationResult tryGenerateMostSecureKeyPairInternal(KeyPairGenerator keyPairGenerator, String keyPairAlias, byte[] attestationChallenge) {
        boolean z10;
        C12674t.j(keyPairGenerator, "keyPairGenerator");
        C12674t.j(keyPairAlias, "keyPairAlias");
        try {
            PrivateKey getGeneratedKeyPairPrivateKeyReference = getGeneratedKeyPair(keyPairGenerator, keyPairAlias, false, false, attestationChallenge).getPrivate();
            C12674t.i(getGeneratedKeyPairPrivateKeyReference, "getGeneratedKeyPairPrivateKeyReference");
            if (!checkIfKeyIsHardwareBacked(getGeneratedKeyPairPrivateKeyReference) && !ExperimentationFeatureFlag.INSTANCE.isFeatureEnabled(ExperimentationFeatureFlag.EnableEmulatorToBypassHardwareCheck)) {
                BaseLogger.i("Non-hardware-backed NGC generated, but hardware-backing required.");
                sendTelemetryEvent(SharedCoreTelemetryEvent.SecurityLevelOnRegistration, S.l(y.a(SharedCoreTelemetryProperties.HardwareBacked, TelemetryEventStrings.Value.FALSE)));
                return KeyGenerationResult.Failure.NoHardwareSupport.INSTANCE;
            }
            try {
                getGeneratedKeyPair(keyPairGenerator, keyPairAlias, true, true, attestationChallenge);
                BaseLogger.i("Utilize StrongBox Keymaster");
                z10 = true;
            } catch (StrongBoxUnavailableException unused) {
                BaseLogger.i("StrongBox Keymaster unavailable");
                z10 = false;
            }
            if (!z10) {
                getGeneratedKeyPair(keyPairGenerator, keyPairAlias, true, false, attestationChallenge);
            }
            BaseLogger.i("Successfully generated hardware-backed NGC.");
            sendTelemetryEvent(SharedCoreTelemetryEvent.SecurityLevelOnRegistration, S.l(y.a(SharedCoreTelemetryProperties.StrongBox, String.valueOf(z10))));
            return new KeyGenerationResult.Success(keyPairAlias);
        } catch (InvalidAlgorithmParameterException e10) {
            BaseLogger.e("Exception invalid algorithm params", e10);
            return e10.getCause() instanceof IllegalStateException ? KeyGenerationResult.Failure.DeviceLockScreenRequired.INSTANCE : new KeyGenerationResult.Failure.Unknown(e10);
        } catch (Exception e11) {
            BaseLogger.e("Unexpected error when generating NGC keypair.", e11);
            return new KeyGenerationResult.Failure.Unknown(e11);
        }
    }
}
