package com.microsoft.workaccount.authenticatorservice;

import android.accounts.Account;
import android.annotation.SuppressLint;
import android.content.Context;
import android.content.SharedPreferences;
import android.text.TextUtils;
import android.util.Base64;
import com.microsoft.aad.adal.unity.BrokerClientException;
import com.microsoft.aad.adal.unity.DerivedKey;
import com.microsoft.aad.adal.unity.IKeyHandler;
import com.microsoft.aad.adal.unity.PRTResult;
import com.microsoft.aad.adal.unity.StorageHelper;
import com.microsoft.aad.adal.unity.StringExtensions;
import com.microsoft.intune.common.utils.IOUtils;
import com.microsoft.workaccount.workplacejoin.AccountManagerStorageHelper;
import com.microsoft.workaccount.workplacejoin.Logger;
import com.microsoft.workaccount.workplacejoin.core.SessionTransportKey;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinFailure;
import java.io.UnsupportedEncodingException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.CertificateEncodingException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.http.util.ByteArrayBuffer;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.generators.KDFCounterBytesGenerator;
import org.spongycastle.crypto.macs.HMac;
import org.spongycastle.crypto.params.KDFCounterParameters;

@SuppressLint({"TrulyRandom"})
/* loaded from: classes.dex */
public final class KeyHandler implements IKeyHandler {
    private static final String HMAC_SHA256 = "HmacSHA256";
    private static final String JWS_ALGORITHM = "SHA256withRSA";
    private static final String SHARED_PREFERENCE_KEY_PRT_EXPIRES_KEY = "workplaceJoin.key.prt.expires.key";
    private static final String SHARED_PREFERENCE_KEY_PRT_IDTOKEN_KEY = "workplaceJoin.key.prt.idtoken.key";
    private static final String SHARED_PREFERENCE_KEY_PRT_KEY = "workplaceJoin.key.prt.key";
    private static final String SHARED_PREFERENCE_KEY_SESSION_KEY = "workplaceJoin.key.session.key";
    private static final String SHARED_PREFERENCE_NAME = "wpj.key.cache";
    private static final int SP800_108_CTX_SIZE = 24;
    private static final String SP800_108_LABEL = "AzureAD-SecureConversation";
    private static final String TAG = "KeyHandler#";
    private AccountManagerStorageHelper mAcctMgrHelper;
    private Context mContext;
    private DerivedKey mDerivedKey;
    private SharedPreferences mPrefs;
    private final SecureRandom mRandom;
    private byte[] mSessionKey;
    private StorageHelper mStorageHelper;

    public KeyHandler(Context context) {
        this.mStorageHelper = null;
        this.mAcctMgrHelper = null;
        this.mContext = context;
        this.mDerivedKey = null;
        this.mRandom = new SecureRandom();
        this.mSessionKey = null;
        this.mPrefs = this.mContext.getSharedPreferences(SHARED_PREFERENCE_NAME, 0);
        this.mAcctMgrHelper = new AccountManagerStorageHelper(context);
    }

    public KeyHandler(Context context, byte[] bArr) {
        this.mStorageHelper = null;
        this.mAcctMgrHelper = null;
        this.mContext = context;
        this.mRandom = new SecureRandom();
        this.mSessionKey = bArr;
        this.mPrefs = this.mContext.getSharedPreferences(SHARED_PREFERENCE_NAME, 0);
        this.mStorageHelper = new StorageHelper(context);
        this.mAcctMgrHelper = new AccountManagerStorageHelper(context);
    }

    private String decrypt(String str) {
        if (this.mStorageHelper == null) {
            return str;
        }
        try {
            return this.mStorageHelper.decrypt(str);
        } catch (Exception e) {
            Logger.e("KeyHandler#decrypt", "Data decryption failed " + e.getMessage(), WorkplaceJoinFailure.INTERNAL, e);
            return str;
        }
    }

    private String encrypt(String str) {
        if (this.mStorageHelper == null) {
            return str;
        }
        try {
            return this.mStorageHelper.encrypt(str);
        } catch (Exception e) {
            Logger.e("KeyHandler#encrypt", "Data encryption failed " + e.getMessage(), WorkplaceJoinFailure.INTERNAL, e);
            return str;
        }
    }

    private String getEncodedSessionKey(byte[] bArr) throws UnsupportedEncodingException {
        return new String(Base64.encode(bArr, 2));
    }

    public static byte[] my_int_to_bb_be(int i) {
        return ByteBuffer.allocate(4).order(ByteOrder.BIG_ENDIAN).putInt(i).array();
    }

    @Override // com.microsoft.aad.adal.unity.IKeyHandler
    public byte[] decryptUsingDerivedKey(byte[] bArr, byte[] bArr2, byte[] bArr3) throws BrokerClientException {
        this.mDerivedKey = generateDerivedKey(this.mSessionKey, SP800_108_LABEL.getBytes(Charset.forName("ASCII")), bArr2);
        SecretKeySpec secretKeySpec = new SecretKeySpec(this.mDerivedKey.getGeneratedKey(), "AES");
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
            cipher.init(2, secretKeySpec, ivParameterSpec);
            byte[] bArr4 = new byte[cipher.getOutputSize(bArr3.length)];
            int update = cipher.update(bArr3, 0, bArr3.length, bArr4, 0);
            int doFinal = update + cipher.doFinal(bArr4, update);
            byte[] bArr5 = new byte[doFinal];
            System.arraycopy(bArr4, 0, bArr5, 0, doFinal);
            return bArr5;
        } catch (InvalidAlgorithmParameterException e) {
            Logger.v("KeyHandler#decryptUsingDerivedKey", e.getMessage());
            throw new BrokerClientException("IV param is invalid", e);
        } catch (InvalidKeyException e2) {
            Logger.v("KeyHandler#decryptUsingDerivedKey", e2.getMessage());
            throw new BrokerClientException("Symmetric key is invalid", e2);
        } catch (NoSuchAlgorithmException e3) {
            Logger.v("KeyHandler#decryptUsingDerivedKey", e3.getMessage());
            throw new BrokerClientException("AES/CBC/PKCS7Padding is not available", e3);
        } catch (NoSuchProviderException e4) {
            Logger.v("KeyHandler#decryptUsingDerivedKey", e4.getMessage());
            throw new BrokerClientException("BC provider is not available", e4);
        } catch (BadPaddingException e5) {
            Logger.v("KeyHandler#decryptUsingDerivedKey", e5.getMessage());
            throw new BrokerClientException("PKCS7Padding is expected", e5);
        } catch (IllegalBlockSizeException e6) {
            Logger.v("KeyHandler#decryptUsingDerivedKey", e6.getMessage());
            throw new BrokerClientException("CBC Block size is expected", e6);
        } catch (NoSuchPaddingException e7) {
            Logger.v("KeyHandler#decryptUsingDerivedKey", e7.getMessage());
            throw new BrokerClientException("AES/CBC/PKCS7Padding is not available", e7);
        } catch (ShortBufferException e8) {
            Logger.v("KeyHandler#decryptUsingDerivedKey", e8.getMessage());
            throw new BrokerClientException("User provided buffer is too small " + e8.getMessage(), e8);
        }
    }

    @Override // com.microsoft.aad.adal.unity.IKeyHandler
    public final synchronized void deletePRT() {
        Logger.v("KeyHandler#deletePRT", "Clear PRT from shared preference.");
        SharedPreferences.Editor edit = this.mPrefs.edit();
        edit.putString(SHARED_PREFERENCE_KEY_PRT_KEY, "");
        edit.putInt(SHARED_PREFERENCE_KEY_PRT_EXPIRES_KEY, 0);
        edit.putString(SHARED_PREFERENCE_KEY_PRT_IDTOKEN_KEY, "");
        edit.putString(SHARED_PREFERENCE_KEY_SESSION_KEY, "");
        edit.apply();
        this.mSessionKey = null;
    }

    public DerivedKey generateDerivedKey(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        HMac hMac = new HMac(new SHA256Digest());
        ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer(128);
        byteArrayBuffer.append(bArr2, 0, bArr2.length);
        byteArrayBuffer.append(0);
        byteArrayBuffer.append(bArr3, 0, bArr3.length);
        byte[] my_int_to_bb_be = my_int_to_bb_be(hMac.getMacSize() * 8);
        byteArrayBuffer.append(my_int_to_bb_be, 0, my_int_to_bb_be.length);
        KDFCounterParameters kDFCounterParameters = new KDFCounterParameters(bArr, byteArrayBuffer.toByteArray(), 32);
        KDFCounterBytesGenerator kDFCounterBytesGenerator = new KDFCounterBytesGenerator(hMac);
        kDFCounterBytesGenerator.init(kDFCounterParameters);
        byte[] bArr4 = new byte[hMac.getMacSize()];
        Logger.v("KeyHandler#generateDerivedKey", "Generating derived key");
        kDFCounterBytesGenerator.generateBytes(bArr4, 0, bArr4.length);
        this.mDerivedKey = new DerivedKey(bArr3, bArr4);
        return this.mDerivedKey;
    }

    @Override // com.microsoft.aad.adal.unity.IKeyHandler
    public DerivedKey getDerivedKey() {
        if (this.mDerivedKey == null) {
            byte[] bytes = SP800_108_LABEL.getBytes(Charset.forName("ASCII"));
            byte[] bArr = new byte[24];
            this.mRandom.nextBytes(bArr);
            this.mDerivedKey = generateDerivedKey(this.mSessionKey, bytes, bArr);
        }
        return this.mDerivedKey;
    }

    @Override // com.microsoft.aad.adal.unity.IKeyHandler
    public String getDeviceCertX5c() {
        this.mAcctMgrHelper.restoreWPJAccount();
        try {
            return new String(Base64.encode(this.mAcctMgrHelper.getWpjX509Certificate().getEncoded(), 2), "UTF_8");
        } catch (UnsupportedEncodingException e) {
            Logger.e("KeyHandler#getDeviceCertX5c", e.getMessage(), WorkplaceJoinFailure.CERTIFICATE, e);
            return "";
        } catch (CertificateEncodingException e2) {
            Logger.e("KeyHandler#getDeviceCertX5c", e2.getMessage(), WorkplaceJoinFailure.CERTIFICATE, e2);
            return "";
        }
    }

    @Override // com.microsoft.aad.adal.unity.IKeyHandler
    public String getKeyId() {
        return null;
    }

    @Override // com.microsoft.aad.adal.unity.IKeyHandler
    public PRTResult getPRT(Account account) {
        Logger.v("KeyHandler#getPRT", "Retrieve PRT in shared preference.");
        PRTResult pRTResult = new PRTResult();
        String string = this.mPrefs.getString(SHARED_PREFERENCE_KEY_PRT_KEY, "");
        int i = this.mPrefs.getInt(SHARED_PREFERENCE_KEY_PRT_EXPIRES_KEY, 0);
        String string2 = this.mPrefs.getString(SHARED_PREFERENCE_KEY_PRT_IDTOKEN_KEY, "");
        String string3 = this.mPrefs.getString(SHARED_PREFERENCE_KEY_SESSION_KEY, "");
        if (!TextUtils.isEmpty(string3)) {
            this.mSessionKey = Base64.decode(string3.getBytes(Charset.forName("UTF_8")), 2);
        }
        pRTResult.setExpiresIn(i);
        pRTResult.setIdToken(string2);
        pRTResult.setPrimaryRefreshToken(decrypt(string));
        return pRTResult;
    }

    public byte[] getSessionKey() {
        return this.mSessionKey;
    }

    @Override // com.microsoft.aad.adal.unity.IKeyHandler
    public final synchronized void savePRT(PRTResult pRTResult) {
        Logger.v("KeyHandler#savePRT", "Saving PRT into shared preference.");
        try {
            SharedPreferences.Editor edit = this.mPrefs.edit();
            edit.putString(SHARED_PREFERENCE_KEY_PRT_KEY, encrypt(pRTResult.getPrimaryRefreshToken()));
            edit.putInt(SHARED_PREFERENCE_KEY_PRT_EXPIRES_KEY, pRTResult.getExpiresIn());
            edit.putString(SHARED_PREFERENCE_KEY_PRT_IDTOKEN_KEY, pRTResult.getIdToken());
            if (!TextUtils.isEmpty(pRTResult.getSessionKeyJwe())) {
                SessionKey createFromJWE = SessionKey.createFromJWE(pRTResult.getSessionKeyJwe(), new SessionTransportKey(this.mContext).getSessionTransportKey().getPrivate());
                edit.putString(SHARED_PREFERENCE_KEY_SESSION_KEY, createFromJWE.getEncodedSessionKey());
                this.mSessionKey = createFromJWE.getRawKey();
            }
            edit.putString(SHARED_PREFERENCE_KEY_SESSION_KEY, getEncodedSessionKey(this.mSessionKey));
            edit.apply();
        } catch (AuthenticatorException e) {
            Logger.e("KeyHandler#savePRT", "Authentication error " + e.getMessage(), WorkplaceJoinFailure.INTERNAL, e);
        } catch (UnsupportedEncodingException e2) {
            Logger.e("KeyHandler#savePRT", "Unsupported Enconding " + e2.getMessage(), WorkplaceJoinFailure.INTERNAL, e2);
        }
    }

    public void setDerivedKey(DerivedKey derivedKey) {
        this.mDerivedKey = derivedKey;
    }

    public void setSessionKey(byte[] bArr) {
        this.mSessionKey = bArr;
    }

    @Override // com.microsoft.aad.adal.unity.IKeyHandler
    public String signWithDerivedKey(String str) {
        try {
            Mac mac = Mac.getInstance(HMAC_SHA256);
            mac.init(new SecretKeySpec(this.mDerivedKey.getGeneratedKey(), HMAC_SHA256));
            return StringExtensions.encodeBase64URLSafeString(mac.doFinal(str.getBytes(IOUtils.UTF8_CHARSET_ENCODING)));
        } catch (UnsupportedEncodingException e) {
            Logger.e("KeyHandler#signWithDerivedKey", "UTF-8 encoding is not supported " + e.getMessage(), WorkplaceJoinFailure.INTERNAL, e);
            return "Invalid";
        } catch (IllegalStateException e2) {
            Logger.e("KeyHandler#signWithDerivedKey", e2.getMessage(), WorkplaceJoinFailure.INTERNAL, e2);
            return "Invalid";
        } catch (InvalidKeyException e3) {
            Logger.e("KeyHandler#signWithDerivedKey", "Key is invalid for signing " + e3.getMessage(), WorkplaceJoinFailure.INTERNAL, e3);
            return "Invalid";
        } catch (NoSuchAlgorithmException e4) {
            Logger.e("KeyHandler#signWithDerivedKey", "HmacSHA256 algorithm does not exist " + e4.getMessage(), WorkplaceJoinFailure.INTERNAL, e4);
            return "Invalid";
        }
    }

    @Override // com.microsoft.aad.adal.unity.IKeyHandler
    public String signWithDevice(String str) {
        this.mAcctMgrHelper.restoreWPJAccount();
        try {
            Signature signature = Signature.getInstance(JWS_ALGORITHM);
            signature.initSign(this.mAcctMgrHelper.getWpjPrivateKey());
            signature.update(str.getBytes(IOUtils.UTF8_CHARSET_ENCODING));
            return StringExtensions.encodeBase64URLSafeString(signature.sign());
        } catch (Exception e) {
            Logger.e("KeyHandler#signWithDevice", e.getMessage(), WorkplaceJoinFailure.CERTIFICATE, e);
            return str;
        }
    }

    @Override // com.microsoft.aad.adal.unity.IKeyHandler
    public String signWithNGC(String str) {
        return null;
    }
}
