package com.microsoft.identity.common.crypto;

import a2.a;
import android.annotation.TargetApi;
import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import androidx.annotation.RequiresApi;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.internal.util.AndroidKeyStoreUtil;
import com.microsoft.identity.common.java.crypto.key.AES256KeyLoader;
import com.microsoft.identity.common.java.crypto.key.KeyUtil;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.telemetry.ITelemetryCallback;
import com.microsoft.identity.common.java.util.CachedData;
import com.microsoft.identity.common.java.util.FileUtil;
import com.microsoft.identity.common.logging.Logger;
import edu.umd.cs.findbugs.annotations.Nullable;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.File;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Calendar;
import java.util.Locale;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;
import lombok.NonNull;

@TargetApi(18)
/* loaded from: classes6.dex */
public class AndroidWrappedKeyLoader extends AES256KeyLoader {
    static final String KEYSTORE_KEY_ALIAS = "KEYSTORE_KEY";
    static final String KEY_FILE_PATH = "adalks";
    static final int KEY_FILE_SIZE = 1024;
    public static final String KEY_IDENTIFIER = "A001";
    private static final String TAG = "AndroidWrappedKeyLoader#";
    private static final String WRAP_ALGORITHM = "RSA/ECB/PKCS1Padding";
    private static final String WRAP_KEY_ALGORITHM = "RSA";

    @SuppressFBWarnings({"MS_SHOULD_BE_FINAL"})
    public static boolean sSkipKeyInvalidationCheck;
    private final String mAlias;
    private final Context mContext;
    private final CachedData<SecretKey> mKeyCache = new CachedData<SecretKey>() { // from class: com.microsoft.identity.common.crypto.AndroidWrappedKeyLoader.1
        @Override // com.microsoft.identity.common.java.util.CachedData
        public SecretKey getData() {
            if (!AndroidWrappedKeyLoader.sSkipKeyInvalidationCheck && (!AndroidKeyStoreUtil.canLoadKey(AndroidWrappedKeyLoader.this.mAlias) || !AndroidWrappedKeyLoader.this.getKeyFile().exists())) {
                clear();
            }
            return (SecretKey) super.getData();
        }
    };
    private final ITelemetryCallback mTelemetryCallback;

    public AndroidWrappedKeyLoader(@NonNull String str, @NonNull Context context, @Nullable ITelemetryCallback iTelemetryCallback) {
        if (str == null) {
            throw new NullPointerException("alias is marked non-null but is null");
        }
        if (context == null) {
            throw new NullPointerException("context is marked non-null but is null");
        }
        this.mAlias = str;
        this.mContext = context;
        this.mTelemetryCallback = iTelemetryCallback;
    }

    private void deleteSecretKeyFromStorage() throws ClientException {
        AndroidKeyStoreUtil.deleteKey(this.mAlias);
        FileUtil.deleteFile(getKeyFile());
        this.mKeyCache.clear();
    }

    @NonNull
    private synchronized KeyPair generateKeyStoreKeyPair() throws ClientException {
        KeyPair generateKeyPair;
        try {
            String str = TAG + ":generateKeyStoreKeyPair";
            try {
                logFlowStart(str, AuthenticationConstants.TelemetryEvents.KEYSTORE_WRITE_START);
                generateKeyPair = AndroidKeyStoreUtil.generateKeyPair("RSA", getSpecForKeyStoreKey(this.mContext, this.mAlias));
                logFlowSuccess(str, AuthenticationConstants.TelemetryEvents.KEYSTORE_WRITE_END, "");
            } catch (ClientException e10) {
                logFlowError(str, AuthenticationConstants.TelemetryEvents.KEYSTORE_WRITE_END, e10.toString(), e10);
                throw e10;
            }
        } catch (Throwable th2) {
            throw th2;
        }
        return generateKeyPair;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public File getKeyFile() {
        Context context = this.mContext;
        return new File(context.getDir(context.getPackageName(), 0), KEY_FILE_PATH);
    }

    @RequiresApi(api = 18)
    private static AlgorithmParameterSpec getSpecForKeyStoreKey(@NonNull Context context, @NonNull String str) {
        if (context == null) {
            throw new NullPointerException("context is marked non-null but is null");
        }
        if (str == null) {
            throw new NullPointerException("alias is marked non-null but is null");
        }
        String format = String.format(Locale.ROOT, "CN=%s, OU=%s", str, context.getPackageName());
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 100);
        return new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSubject(new X500Principal(format)).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
    }

    private void logEvent(@NonNull String str, @NonNull String str2, boolean z10, @NonNull String str3) {
        if (str == null) {
            throw new NullPointerException("methodTag is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("operationName is marked non-null but is null");
        }
        if (str3 == null) {
            throw new NullPointerException("reason is marked non-null but is null");
        }
        Logger.verbose(str, str2 + ": " + str3);
        ITelemetryCallback iTelemetryCallback = this.mTelemetryCallback;
        if (iTelemetryCallback != null) {
            iTelemetryCallback.logEvent(str2, Boolean.valueOf(z10), str3);
        }
    }

    private void logFlowError(@NonNull String str, @NonNull String str2, @NonNull String str3, @Nullable Exception exc) {
        if (str == null) {
            throw new NullPointerException("methodTag is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("operationName is marked non-null but is null");
        }
        if (str3 == null) {
            throw new NullPointerException("reason is marked non-null but is null");
        }
        Logger.error(str, str2 + " failed: " + str3, exc);
        ITelemetryCallback iTelemetryCallback = this.mTelemetryCallback;
        if (iTelemetryCallback != null) {
            iTelemetryCallback.logEvent(str2, Boolean.TRUE, str3);
        }
    }

    private void logFlowStart(@NonNull String str, @NonNull String str2) {
        if (str == null) {
            throw new NullPointerException("methodTag is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("operationName is marked non-null but is null");
        }
        Logger.verbose(str, str2.concat(" started."));
        ITelemetryCallback iTelemetryCallback = this.mTelemetryCallback;
        if (iTelemetryCallback != null) {
            iTelemetryCallback.logEvent(str2, Boolean.FALSE, "");
        }
    }

    private void logFlowSuccess(@NonNull String str, @NonNull String str2, @NonNull String str3) {
        if (str == null) {
            throw new NullPointerException("methodTag is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("operationName is marked non-null but is null");
        }
        if (str3 == null) {
            throw new NullPointerException("reason is marked non-null but is null");
        }
        Logger.verbose(str, str2 + " successfully finished: " + str3);
        ITelemetryCallback iTelemetryCallback = this.mTelemetryCallback;
        if (iTelemetryCallback != null) {
            iTelemetryCallback.logEvent(str2, Boolean.FALSE, str3);
        }
    }

    @Nullable
    private synchronized KeyPair readKeyStoreKeyPair() throws ClientException {
        KeyPair readKey;
        try {
            String str = TAG + ":readKeyStoreKeyPair";
            try {
                logFlowStart(str, AuthenticationConstants.TelemetryEvents.KEYSTORE_READ_START);
                readKey = AndroidKeyStoreUtil.readKey(this.mAlias);
                if (readKey == null) {
                    logFlowSuccess(str, AuthenticationConstants.TelemetryEvents.KEYSTORE_READ_END, "KeyStore is empty.");
                }
                logFlowSuccess(str, AuthenticationConstants.TelemetryEvents.KEYSTORE_READ_END, "KeyStore KeyPair is loaded.");
            } catch (ClientException e10) {
                logFlowError(str, AuthenticationConstants.TelemetryEvents.KEYSTORE_READ_END, e10.toString(), e10);
                throw e10;
            }
        } catch (Throwable th2) {
            throw th2;
        }
        return readKey;
    }

    private void saveSecretKeyToStorage(@NonNull SecretKey secretKey) throws ClientException {
        if (secretKey == null) {
            throw new NullPointerException("unencryptedKey is marked non-null but is null");
        }
        String j10 = a.j(new StringBuilder(), TAG, ":saveSecretKeyToStorage");
        KeyPair readKeyStoreKeyPair = readKeyStoreKeyPair();
        if (readKeyStoreKeyPair == null) {
            Logger.info(j10, "No existing keypair. Generating a new one.");
            readKeyStoreKeyPair = generateKeyStoreKeyPair();
        }
        FileUtil.writeDataToFile(AndroidKeyStoreUtil.wrap(secretKey, readKeyStoreKeyPair, WRAP_ALGORITHM), getKeyFile());
    }

    @Override // com.microsoft.identity.common.java.crypto.key.AbstractSecretKeyLoader
    public SecretKey generateRandomKey() throws ClientException {
        String j10 = a.j(new StringBuilder(), TAG, ":generateRandomKey");
        SecretKey generateRandomKey = super.generateRandomKey();
        saveSecretKeyToStorage(generateRandomKey);
        logEvent(j10, AuthenticationConstants.TelemetryEvents.KEY_CREATED, false, "New key is generated.");
        Logger.info(j10, "New key is generated with thumbprint: " + KeyUtil.getKeyThumbPrint(generateRandomKey));
        return generateRandomKey;
    }

    @Override // com.microsoft.identity.common.java.crypto.key.AbstractSecretKeyLoader
    @NonNull
    public String getAlias() {
        return KEYSTORE_KEY_ALIAS;
    }

    @Override // com.microsoft.identity.common.java.crypto.key.AbstractSecretKeyLoader
    @NonNull
    public synchronized SecretKey getKey() throws ClientException {
        SecretKey data;
        try {
            data = this.mKeyCache.getData();
            if (data == null) {
                data = readSecretKeyFromStorage();
            }
            if (data == null) {
                data = generateRandomKey();
            }
            this.mKeyCache.setData(data);
        } catch (Throwable th2) {
            throw th2;
        }
        return data;
    }

    @NonNull
    public CachedData<SecretKey> getKeyCache() {
        return this.mKeyCache;
    }

    @Override // com.microsoft.identity.common.java.crypto.key.AbstractSecretKeyLoader
    @NonNull
    public String getKeyTypeIdentifier() {
        return "A001";
    }

    @Nullable
    public SecretKey readSecretKeyFromStorage() throws ClientException {
        String j10 = a.j(new StringBuilder(), TAG, ":readSecretKeyFromStorage");
        try {
            KeyPair readKeyStoreKeyPair = readKeyStoreKeyPair();
            if (readKeyStoreKeyPair == null) {
                Logger.info(j10, "key does not exist in keystore");
                deleteSecretKeyFromStorage();
                return null;
            }
            byte[] readFromFile = FileUtil.readFromFile(getKeyFile(), 1024);
            if (readFromFile == null) {
                Logger.warn(j10, "Key file is empty");
                FileUtil.deleteFile(getKeyFile());
                this.mKeyCache.clear();
                return null;
            }
            SecretKey unwrap = AndroidKeyStoreUtil.unwrap(readFromFile, getKeySpecAlgorithm(), readKeyStoreKeyPair, WRAP_ALGORITHM);
            Logger.info(j10, "New key is generated with thumbprint: " + KeyUtil.getKeyThumbPrint(unwrap));
            return unwrap;
        } catch (ClientException e10) {
            Logger.warn(j10, "Error when loading key from Storage, wipe all existing key data ");
            deleteSecretKeyFromStorage();
            throw e10;
        }
    }
}
