package com.microsoft.mmx.agents.ypp.authclient.crypto;

import Microsoft.Windows.MobilityExperience.Health.Agents.KeyGenerationActivity;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.NonNull;
import androidx.annotation.RequiresApi;
import androidx.annotation.VisibleForTesting;
import androidx.annotation.WorkerThread;
import com.microsoft.aad.adal.StorageHelper;
import com.microsoft.mmx.agents.AgentsLogger;
import com.microsoft.mmx.agents.logging.ILogger;
import com.microsoft.mmx.agents.logging.LogDestination;
import com.microsoft.mmx.agents.logging.TraceContext;
import com.microsoft.mmx.agents.util.TelemetryUtils;
import com.microsoft.mmx.agents.ypp.authclient.auth.IAuthStorage;
import com.microsoft.mmx.agents.ypp.authclient.crypto.KeyManager;
import com.microsoft.mmx.agents.ypp.authclient.utils.AuthTelemetryUtils;
import com.microsoft.mmx.agents.ypp.configuration.PlatformConfiguration;
import com.microsoft.mmx.logging.ContentProperties;
import e.a.a.a.a;
import io.reactivex.Completable;
import io.reactivex.Single;
import io.reactivex.functions.Action;
import java.lang.ref.WeakReference;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.Date;
import java.util.UUID;
import java.util.concurrent.Callable;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.security.auth.x500.X500Principal;
import org.joda.time.DateTime;

@Singleton
/* loaded from: classes2.dex */
public class KeyManager {
    public final IAuthStorage authStorage;
    public final WeakReference<Context> contextReference;
    public final KeyAliasMapper keyAliasMapper;
    public final KeyStore keyStore;
    public final Lock lock = new ReentrantLock();
    public final Log logger;
    public final PlatformConfiguration platformConfiguration;
    public final AgentsLogger telemetry;

    /* loaded from: classes2.dex */
    public static final class Log {
        public final ILogger logger;
        public final String tag = KeyManager.class.getSimpleName();

        public Log(ILogger iLogger) {
            this.logger = iLogger;
        }

        public void a(String str, String str2) {
            this.logger.logDebug(this.tag, ContentProperties.NO_PII, "Creating new key pair for alias: %s and type: %s", str, str2);
        }

        public void b(String str, String str2) {
            this.logger.logDebug(this.tag, ContentProperties.NO_PII, "Creating new legacy key pair for alias: %s and type: %s", str, str2);
        }

        public void c(String str) {
            this.logger.logDebug(this.tag, ContentProperties.NO_PII, "Deleting key with alias: %s", str);
        }

        public void d(String str) {
            this.logger.logDebug(this.tag, ContentProperties.NO_PII, "Delete key called for nonexistent key with alias: %s", str);
        }

        public void e(GeneralSecurityException generalSecurityException, TraceContext traceContext) {
            this.logger.logException(this.tag, ContentProperties.NO_PII, "Exception occurred when creating or retrieving key pair", generalSecurityException, traceContext, LogDestination.Local);
        }

        public void f(String str) {
            this.logger.logDebug(this.tag, ContentProperties.NO_PII, "Returning existing Certificate for alias: %s", str);
        }
    }

    @Inject
    public KeyManager(KeyStore keyStore, Context context, AgentsLogger agentsLogger, ILogger iLogger, KeyAliasMapper keyAliasMapper, IAuthStorage iAuthStorage, PlatformConfiguration platformConfiguration) {
        this.keyStore = keyStore;
        this.contextReference = new WeakReference<>(context);
        this.telemetry = agentsLogger;
        this.logger = new Log(iLogger);
        this.keyAliasMapper = keyAliasMapper;
        this.authStorage = iAuthStorage;
        this.platformConfiguration = platformConfiguration;
    }

    public static String a() {
        StringBuilder Z = a.Z("key_alias_");
        Z.append(UUID.randomUUID().toString());
        return Z.toString();
    }

    @WorkerThread
    private synchronized void generateKeyPair(@NonNull String str, @NonNull String str2, @NonNull TraceContext traceContext) {
        KeyGenerationActivity keyGenerationActivity = new KeyGenerationActivity();
        TelemetryUtils.populateBaseActivityWithTraceContext(keyGenerationActivity, traceContext);
        keyGenerationActivity.setDim1("ECDSA384");
        this.telemetry.logActivityStart(keyGenerationActivity);
        try {
            if (Build.VERSION.SDK_INT >= 23) {
                this.logger.a(str, "ECDSA384");
                generateKeyPairInner(str, str2);
            } else {
                this.logger.b(str, "ECDSA384");
                generateLegacyKeyPairInner(str, str2);
            }
            this.telemetry.logActivityEnd(keyGenerationActivity);
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
            CryptoException cryptoException = new CryptoException(e2);
            AuthTelemetryUtils.populateActivityExceptionDetails(keyGenerationActivity, cryptoException);
            this.telemetry.logActivityEndExceptional("CryptoManager", "generateKeyPair", keyGenerationActivity, cryptoException);
            throw cryptoException;
        }
    }

    @RequiresApi(23)
    private void generateKeyPairInner(@NonNull String str, @NonNull String str2) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", StorageHelper.ANDROID_KEY_STORE);
        Date certificateStartDate = getCertificateStartDate();
        Date certificateEndDate = getCertificateEndDate();
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 12).setDigests("SHA-384").setKeySize(this.platformConfiguration.getEcdsaKeysize()).setCertificateSerialNumber(new BigInteger(128, new SecureRandom())).setCertificateSubject(new X500Principal(a.S("CN=", str2))).setCertificateNotBefore(certificateStartDate).setCertificateNotAfter(certificateEndDate).setKeyValidityStart(certificateStartDate).setKeyValidityEnd(certificateEndDate).build());
        keyPairGenerator.generateKeyPair();
    }

    private void generateLegacyKeyPairInner(@NonNull String str, @NonNull String str2) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        Date certificateStartDate = getCertificateStartDate();
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.contextReference.get()).setAlias(str).setKeySize(this.platformConfiguration.getEcdsaKeysize()).setAlgorithmParameterSpec(new ECGenParameterSpec("secp384r1")).setKeyType("EC").setSubject(new X500Principal(a.S("CN=", str2))).setSerialNumber(new BigInteger(128, new SecureRandom())).setStartDate(certificateStartDate).setEndDate(getCertificateEndDate()).build();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", StorageHelper.ANDROID_KEY_STORE);
        keyPairGenerator.initialize(build);
        keyPairGenerator.generateKeyPair();
    }

    private Date getCertificateEndDate() {
        return DateTime.now().plus(this.platformConfiguration.getCertificateValidity()).toDate();
    }

    private Date getCertificateStartDate() {
        return DateTime.now().minus(this.platformConfiguration.getCertificateClockDriftTime()).toDate();
    }

    private Completable removeKeyPairInternal(@NonNull final String str, @NonNull final TraceContext traceContext) {
        return Completable.fromAction(new Action() { // from class: e.b.c.a.z2.a.b.h
            @Override // io.reactivex.functions.Action
            public final void run() {
                KeyManager.this.d(str, traceContext);
            }
        });
    }

    public /* synthetic */ KeyStore.PrivateKeyEntry b(String str, TraceContext traceContext) throws Exception {
        KeyStore.PrivateKeyEntry privateKeyEntry;
        try {
            try {
                this.lock.lock();
                String a = this.keyAliasMapper.a(str);
                if (a != null && this.keyStore.containsAlias(a)) {
                    privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore.getEntry(a, null);
                    Date notAfter = ((X509Certificate) privateKeyEntry.getCertificate()).getNotAfter();
                    if (!notAfter.before(DateTime.now().toDate())) {
                        this.logger.f(a);
                        return privateKeyEntry;
                    }
                    throw new IdentityExpiredException("Keypair expired on: " + notAfter.toString());
                }
                String a2 = a();
                generateKeyPair(a2, str, traceContext);
                this.keyAliasMapper.b(str, a2);
                this.authStorage.updateKeyRotationTargetValidationTime(DateTime.now().plus(this.platformConfiguration.getKeyRotationAgeThreshold()));
                privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore.getEntry(this.keyAliasMapper.a(str), null);
                return privateKeyEntry;
            } finally {
                this.lock.unlock();
            }
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e2) {
            this.logger.e(e2, traceContext);
            throw new CryptoException(e2);
        }
    }

    public /* synthetic */ KeyStore.PrivateKeyEntry c(String str, String str2, TraceContext traceContext) throws Exception {
        generateKeyPair(str, str2, traceContext);
        return (KeyStore.PrivateKeyEntry) this.keyStore.getEntry(str, null);
    }

    public /* synthetic */ void d(String str, TraceContext traceContext) throws Exception {
        try {
            try {
                this.lock.lock();
                if (this.keyStore.containsAlias(str)) {
                    this.logger.c(str);
                    this.keyStore.deleteEntry(str);
                } else {
                    this.logger.d(str);
                }
            } catch (KeyStoreException e2) {
                this.logger.e(e2, traceContext);
                throw new CryptoException(e2);
            }
        } finally {
            this.lock.unlock();
        }
    }

    public /* synthetic */ void e(String str, String str2) throws Exception {
        try {
            this.lock.lock();
            String a = this.keyAliasMapper.a(str);
            this.keyAliasMapper.b(str, str2);
            this.keyStore.deleteEntry(a);
        } finally {
            this.lock.unlock();
        }
    }

    public Completable f(@NonNull String str, @NonNull TraceContext traceContext) {
        String a = this.keyAliasMapper.a(str);
        if (a == null) {
            return Completable.complete();
        }
        KeyAliasMapper keyAliasMapper = this.keyAliasMapper;
        synchronized (keyAliasMapper) {
            keyAliasMapper.preferences.edit().remove(KeyAliasMapper.getPrefKey(str)).apply();
        }
        return removeKeyPairInternal(a, traceContext);
    }

    public Completable g(@NonNull String str, @NonNull TraceContext traceContext) {
        return removeKeyPairInternal(str, traceContext);
    }

    @VisibleForTesting(otherwise = 3)
    public Single<KeyStore.PrivateKeyEntry> getKeyPairEntry(@NonNull final String str, @NonNull final TraceContext traceContext) {
        return Single.fromCallable(new Callable() { // from class: e.b.c.a.z2.a.b.i
            @Override // java.util.concurrent.Callable
            public final Object call() {
                return KeyManager.this.b(str, traceContext);
            }
        });
    }
}
