package f.k.a.b.f.j;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.StrongBoxUnavailableException;
import android.util.Base64;
import com.google.firebase.crashlytics.internal.common.CommonUtils;
import com.microsoft.identity.common.exception.ClientException;
import com.nimbusds.jose.JOSEException;
import f.j.a.c.e.q.e;
import f.k.a.b.f.e.n;
import f.m.a.t.g;
import f.m.a.t.k;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.URI;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.interfaces.RSAMultiPrimePrivateCrtKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAKeyGenParameterSpec;
import java.security.spec.RSAOtherPrimeInfo;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Set;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import javax.security.auth.x500.X500Principal;
import org.json.JSONObject;

/* compiled from: DevicePopManager.java */
/* loaded from: classes.dex */
public class b implements d {
    public static final ExecutorService b = Executors.newCachedThreadPool();
    public final KeyStore a;

    /* compiled from: DevicePopManager.java */
    /* loaded from: classes.dex */
    public class a implements n<String, ClientException> {
        public final /* synthetic */ String[] a;
        public final /* synthetic */ CountDownLatch b;
        public final /* synthetic */ ClientException[] c;

        public a(b bVar, String[] strArr, CountDownLatch countDownLatch, ClientException[] clientExceptionArr) {
            this.a = strArr;
            this.b = countDownLatch;
            this.c = clientExceptionArr;
        }

        @Override // f.k.a.b.f.e.n
        public void c(String str) {
            this.a[0] = str;
            this.b.countDown();
        }

        @Override // f.k.a.b.f.e.n
        public void d(ClientException clientException) {
            this.c[0] = clientException;
            this.b.countDown();
        }
    }

    /* compiled from: DevicePopManager.java */
    /* renamed from: f.k.a.b.f.j.b$b, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public static final class C0200b {
        public static final BigInteger a = BigInteger.ONE;
    }

    public b() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        this.a = keyStore;
        keyStore.load(null);
    }

    public static String a(k kVar) {
        try {
            return Base64.encodeToString(new JSONObject().put("kid", j(kVar)).toString().getBytes("UTF-8"), 11);
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
            return null;
        }
    }

    public static KeyPair g(KeyStore.Entry entry) {
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
        return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
    }

    public static k i(KeyPair keyPair) {
        PrivateKey privateKey;
        f.m.a.u.c cVar;
        f.m.a.u.c cVar2;
        f.m.a.u.c cVar3;
        f.m.a.u.c cVar4;
        f.m.a.u.c cVar5;
        f.m.a.u.c cVar6;
        ArrayList arrayList;
        f.m.a.u.c d;
        f.m.a.u.c cVar7;
        f.m.a.u.c cVar8;
        f.m.a.u.c cVar9;
        f.m.a.u.c cVar10;
        f.m.a.u.c cVar11;
        ArrayList arrayList2;
        RSAPublicKey rSAPublicKey = (RSAPublicKey) keyPair.getPublic();
        f.m.a.u.c d2 = f.m.a.u.c.d(rSAPublicKey.getModulus());
        f.m.a.u.c d3 = f.m.a.u.c.d(rSAPublicKey.getPublicExponent());
        PrivateKey privateKey2 = keyPair.getPrivate();
        if (privateKey2 instanceof RSAPrivateKey) {
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) privateKey2;
            if (rSAPrivateKey instanceof RSAPrivateCrtKey) {
                RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) rSAPrivateKey;
                d = f.m.a.u.c.d(rSAPrivateCrtKey.getPrivateExponent());
                cVar8 = f.m.a.u.c.d(rSAPrivateCrtKey.getPrimeP());
                cVar9 = f.m.a.u.c.d(rSAPrivateCrtKey.getPrimeQ());
                cVar10 = f.m.a.u.c.d(rSAPrivateCrtKey.getPrimeExponentP());
                cVar11 = f.m.a.u.c.d(rSAPrivateCrtKey.getPrimeExponentQ());
                cVar7 = f.m.a.u.c.d(rSAPrivateCrtKey.getCrtCoefficient());
                arrayList2 = null;
            } else if (rSAPrivateKey instanceof RSAMultiPrimePrivateCrtKey) {
                RSAMultiPrimePrivateCrtKey rSAMultiPrimePrivateCrtKey = (RSAMultiPrimePrivateCrtKey) rSAPrivateKey;
                d = f.m.a.u.c.d(rSAMultiPrimePrivateCrtKey.getPrivateExponent());
                cVar8 = f.m.a.u.c.d(rSAMultiPrimePrivateCrtKey.getPrimeP());
                cVar9 = f.m.a.u.c.d(rSAMultiPrimePrivateCrtKey.getPrimeQ());
                cVar10 = f.m.a.u.c.d(rSAMultiPrimePrivateCrtKey.getPrimeExponentP());
                cVar11 = f.m.a.u.c.d(rSAMultiPrimePrivateCrtKey.getPrimeExponentQ());
                f.m.a.u.c d4 = f.m.a.u.c.d(rSAMultiPrimePrivateCrtKey.getCrtCoefficient());
                RSAOtherPrimeInfo[] otherPrimeInfo = rSAMultiPrimePrivateCrtKey.getOtherPrimeInfo();
                arrayList2 = new ArrayList();
                if (otherPrimeInfo != null) {
                    for (RSAOtherPrimeInfo rSAOtherPrimeInfo : otherPrimeInfo) {
                        arrayList2.add(new k.a(rSAOtherPrimeInfo));
                    }
                }
                cVar7 = d4;
            } else {
                d = f.m.a.u.c.d(rSAPrivateKey.getPrivateExponent());
                cVar7 = null;
                cVar8 = null;
                cVar9 = null;
                cVar10 = null;
                cVar11 = null;
                arrayList2 = null;
            }
            privateKey = null;
            cVar5 = cVar11;
            arrayList = arrayList2;
            cVar6 = cVar7;
            cVar4 = cVar10;
            cVar3 = cVar9;
            cVar2 = cVar8;
            cVar = d;
        } else {
            if (!"RSA".equalsIgnoreCase(privateKey2.getAlgorithm())) {
                throw new IllegalArgumentException("The private key algorithm must be RSA");
            }
            privateKey = privateKey2;
            cVar = null;
            cVar2 = null;
            cVar3 = null;
            cVar4 = null;
            cVar5 = null;
            cVar6 = null;
            arrayList = null;
        }
        try {
            return new k(d2, d3, cVar, cVar2, cVar3, cVar4, cVar5, cVar6, arrayList, privateKey, null, null, null, null, null, null, null, null, null);
        } catch (IllegalArgumentException e) {
            throw new IllegalStateException(e.getMessage(), e);
        }
    }

    public static String j(k kVar) {
        String g = o0.a.b.d.g(kVar.b());
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(CommonUtils.SHA256_INSTANCE);
            messageDigest.update(g.getBytes(f.m.a.u.d.a));
            return f.m.a.u.c.e(messageDigest.digest()).f3488f;
        } catch (NoSuchAlgorithmException e) {
            StringBuilder M = f.c.c.a.a.M("Couldn't compute JWK thumbprint: Unsupported hash algorithm: ");
            M.append(e.getMessage());
            throw new JOSEException(M.toString(), e);
        }
    }

    public boolean b() {
        try {
            return this.a.containsAlias("microsoft-device-pop");
        } catch (KeyStoreException e) {
            f.k.a.b.f.h.d.b("b", "Error while querying KeyStore", e);
            return false;
        }
    }

    public String c(Context context) {
        String str;
        try {
            return j(i(e(context, 2048)));
        } catch (JOSEException e) {
            e = e;
            str = "failed_to_compute_thumbprint_with_sha256";
            ClientException clientException = new ClientException(str, e.getMessage(), e);
            f.k.a.b.f.h.d.b("b", clientException.getMessage(), clientException);
            throw clientException;
        } catch (UnsupportedOperationException e2) {
            e = e2;
            str = "keystore_produced_invalid_cert";
            ClientException clientException2 = new ClientException(str, e.getMessage(), e);
            f.k.a.b.f.h.d.b("b", clientException2.getMessage(), clientException2);
            throw clientException2;
        } catch (InvalidAlgorithmParameterException e3) {
            e = e3;
            str = "keystore_initialization_failed";
            ClientException clientException22 = new ClientException(str, e.getMessage(), e);
            f.k.a.b.f.h.d.b("b", clientException22.getMessage(), clientException22);
            throw clientException22;
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            str = "no_such_algorithm";
            ClientException clientException222 = new ClientException(str, e.getMessage(), e);
            f.k.a.b.f.h.d.b("b", clientException222.getMessage(), clientException222);
            throw clientException222;
        } catch (NoSuchProviderException e5) {
            e = e5;
            str = "android_keystore_unavailable";
            ClientException clientException2222 = new ClientException(str, e.getMessage(), e);
            f.k.a.b.f.h.d.b("b", clientException2222.getMessage(), clientException2222);
            throw clientException2222;
        }
    }

    public final KeyPair d(Context context, boolean z) {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
        if (Build.VERSION.SDK_INT < 23) {
            Calendar calendar = Calendar.getInstance();
            Date time = calendar.getTime();
            calendar.add(1, 99);
            KeyPairGeneratorSpec.Builder subject = new KeyPairGeneratorSpec.Builder(context).setAlias("microsoft-device-pop").setStartDate(time).setEndDate(calendar.getTime()).setSerialNumber(C0200b.a).setSubject(new X500Principal("CN=device-pop"));
            subject.setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4));
            keyPairGenerator.initialize(subject.build());
        } else {
            KeyGenParameterSpec.Builder digests = new KeyGenParameterSpec.Builder("microsoft-device-pop", 15).setKeySize(2048).setSignaturePaddings("PKCS1").setDigests(CommonUtils.SHA256_INSTANCE);
            if (Build.VERSION.SDK_INT >= 28 && z) {
                f.k.a.b.f.h.d.h("b", "Attempting to apply StrongBox isolation.");
                digests = digests.setIsStrongBoxBacked(true);
            }
            keyPairGenerator.initialize(digests.build());
        }
        return keyPairGenerator.generateKeyPair();
    }

    @SuppressLint({"NewApi"})
    public final KeyPair e(Context context, int i) {
        KeyPair d;
        String str;
        for (int i2 = 0; i2 < 4; i2++) {
            try {
                d = d(context, true);
            } catch (StrongBoxUnavailableException e) {
                f.k.a.b.f.h.d.b("b", "StrongBox unsupported - skipping hardware flags.", e);
                d = d(context, false);
            }
            int P2 = e.P2(d.getPrivate());
            if (P2 >= i || P2 < 0) {
                if (Build.VERSION.SDK_INT >= 23) {
                    try {
                        PrivateKey privateKey = d.getPrivate();
                        str = "SecretKey is secure hardware backed? " + ((KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, KeyInfo.class)).isInsideSecureHardware();
                    } catch (Exception unused) {
                        str = "Failed to query secure hardware state.";
                    }
                } else {
                    str = "Cannot query secure hardware state (API unavailable <23)";
                }
                f.k.a.b.f.h.d.d("b", str);
                return d;
            }
        }
        try {
            this.a.deleteEntry("microsoft-device-pop");
        } catch (KeyStoreException e2) {
            f.k.a.b.f.h.d.b("b", "Error while clearing KeyStore", e2);
        }
        throw new UnsupportedOperationException("Failed to generate valid KeyPair. Attempted 4 times.");
    }

    public final o0.a.b.d f() {
        k i = i(g(this.a.getEntry("microsoft-device-pop", null)));
        f.m.a.u.c cVar = i.q;
        f.m.a.u.c cVar2 = i.r;
        g gVar = i.g;
        Set<f.m.a.t.e> set = i.h;
        f.m.a.a aVar = i.i;
        String str = i.j;
        URI uri = i.k;
        f.m.a.u.c cVar3 = i.f3482l;
        f.m.a.u.c cVar4 = i.m;
        List<f.m.a.u.a> list = i.n;
        o0.a.b.d e = new k(cVar, cVar2, null, null, null, null, null, null, null, null, gVar, set, aVar, str, uri, cVar3, cVar4, list != null ? Collections.unmodifiableList(list) : null, i.p).e();
        o0.a.b.d dVar = new o0.a.b.d();
        dVar.put("jwk", e);
        return dVar;
    }

    public String h() {
        CountDownLatch countDownLatch = new CountDownLatch(1);
        String[] strArr = new String[1];
        ClientException[] clientExceptionArr = new ClientException[1];
        b.submit(new c(this, new a(this, strArr, countDownLatch, clientExceptionArr)));
        try {
            countDownLatch.await();
            if (strArr[0] != null) {
                return strArr[0];
            }
            throw clientExceptionArr[0];
        } catch (InterruptedException e) {
            f.k.a.b.f.h.d.b("b", "Interrupted while waiting on callback.", e);
            throw new ClientException("operation_interrupted", e.getMessage(), e);
        }
    }
}
