package com.microsoft.onlineid.ngc.crypto;

import android.content.Context;
import android.os.Build;
import com.microsoft.onlineid.analytics.ClientAnalytics;
import com.microsoft.onlineid.internal.log.Logger;
import com.microsoft.onlineid.ngc.exceptions.NgcCredentialException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.Locale;

/* loaded from: classes.dex */
public class NgcCredentialManager {
    public static final String KeyPairAliasFormat = "MicrosoftAccountNGC-%s";
    static final boolean PreSdk18;
    static final String SignatureAlgorithm = "SHA256withRSA";
    private final Context _applicationContext;
    private final NgcKeyStore _keyStorage;

    static {
        PreSdk18 = Build.VERSION.SDK_INT < 18 ? true : PreSdk18;
    }

    public NgcCredentialManager(Context context) {
        try {
            this._keyStorage = new NgcKeyStore();
            this._applicationContext = context;
        } catch (KeyStoreException e) {
            throw new RuntimeException("Creation of keystore failed.", e);
        } catch (CertificateException e2) {
            throw new RuntimeException("Reading certificates from keystore failed.", e2);
        }
    }

    protected NgcCredentialManager(NgcKeyStore ngcKeyStore, Context context) {
        this._keyStorage = ngcKeyStore;
        this._applicationContext = context;
    }

    public void deleteKeyPair(String str) {
        try {
            this._keyStorage.deleteKey(String.format(Locale.US, KeyPairAliasFormat, str));
        } catch (KeyStoreException e) {
            Logger.error("Could not access keystore for deletion of ngc credentials", e);
            ClientAnalytics.get().logException(e);
        }
    }

    public PublicKey generateKeyPair(String str) {
        String format = String.format(Locale.US, KeyPairAliasFormat, str);
        KeyPair generateKeyPair = getKeyPairGenerator(format).generateKeyPair();
        this._keyStorage.store(generateKeyPair, format);
        return generateKeyPair.getPublic();
    }

    protected NgcKeyPairGenerator getKeyPairGenerator(String str) {
        return new NgcKeyPairGenerator(this._applicationContext, str);
    }

    public PublicKey getPublicKey(String str) throws NgcCredentialException {
        try {
            return this._keyStorage.getPublicKey(String.format(Locale.US, KeyPairAliasFormat, str));
        } catch (KeyStoreException e) {
            throw new NgcCredentialException("Access of keystore failed.", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("Nonexistent algorithm specified.", e2);
        } catch (UnrecoverableEntryException e3) {
            throw new NgcCredentialException("Could not retrieve key from keystore.", e3);
        } catch (CertificateException e4) {
            throw new NgcCredentialException("There was a problem loading certificates from the keystore.", e4);
        }
    }

    public boolean preGenerateKeyPair(String str) {
        try {
            generateKeyPair(str);
            return true;
        } catch (IllegalStateException e) {
            Logger.error("Device does not have a device password", e);
            return PreSdk18;
        }
    }

    public byte[] signChallenge(byte[] bArr, String str) throws NgcCredentialException {
        try {
            PrivateKey signingKey = this._keyStorage.getSigningKey(String.format(Locale.US, KeyPairAliasFormat, str));
            Signature signature = Signature.getInstance(SignatureAlgorithm);
            try {
                signature.initSign(signingKey);
                signature.update(bArr);
                return signature.sign();
            } catch (InvalidKeyException e) {
                throw new RuntimeException(e);
            }
        } catch (KeyStoreException e2) {
            throw new NgcCredentialException("Access of keystore failed.", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new RuntimeException(e3);
        } catch (SignatureException e4) {
            throw new NgcCredentialException("Signature instance was improperly initialized.", e4);
        } catch (UnrecoverableEntryException e5) {
            throw new NgcCredentialException("Could not retrieve key from keystore.", e5);
        } catch (CertificateException e6) {
            throw new NgcCredentialException("There was a problem loading certificates from the keystore.", e6);
        }
    }
}
