package com.microsoft.onlineid.ngc.crypto;

import android.net.LocalSocket;
import android.net.LocalSocketAddress;
import com.microsoft.onlineid.internal.Assertion;
import com.microsoft.onlineid.internal.Objects;
import com.microsoft.onlineid.internal.Strings;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Locale;

/* loaded from: classes.dex */
class NgcKeyStore {
    private static final int KeyNotFoundError = 7;
    private static final String KeyNotFoundErrorMessage = "The requested key was not found in the keystore.";
    private static final int LockedError = 2;
    private static final int NoError = 1;
    private static final int PermissionDeniedError = 6;
    static final String PrivateKeyAliasPostfix = "-Private";
    private static final int ProtocolError = 5;
    private static final String ProtocolErrorMessage = "A protocol error occurred.";
    static final String PublicKeyAliasPostfix = "-Public";
    private static final int SystemError = 4;
    private static final int UndefinedActionError = 9;
    private static final int UninitializedError = 3;
    private static final int ValueCorruptedError = 8;
    private static final int WrongPasswordError = 10;
    private final KeyStore _systemKeyStore;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public enum Operation {
        Insert('i'),
        Delete('d'),
        Retrieve('g'),
        Check('e');

        private final char _opcode;

        Operation(char c) {
            this._opcode = c;
        }
    }

    public NgcKeyStore() throws KeyStoreException, CertificateException {
        if (NgcCredentialManager.PreSdk18) {
            this._systemKeyStore = null;
            return;
        }
        this._systemKeyStore = KeyStore.getInstance("AndroidKeyStore");
        try {
            this._systemKeyStore.load(null);
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    private byte[] accessDaemon(Operation operation, byte[] bArr, byte[] bArr2) throws KeyStoreException {
        LocalSocket localSocket = new LocalSocket();
        try {
            try {
                localSocket.connect(new LocalSocketAddress("keystore", LocalSocketAddress.Namespace.RESERVED));
                OutputStream outputStream = localSocket.getOutputStream();
                InputStream inputStream = localSocket.getInputStream();
                writeOperationData(outputStream, operation, bArr, bArr2);
                localSocket.shutdownOutput();
                checkOperationSuccess(inputStream);
                byte[] readOperationResult = readOperationResult(inputStream);
                localSocket.shutdownInput();
                try {
                    localSocket.close();
                    return readOperationResult;
                } catch (IOException e) {
                    throw new RuntimeException("Closing connection to keystore daemon failed.");
                }
            } catch (IOException e2) {
                throw new RuntimeException("Access of keystore daemon failed.");
            }
        } catch (Throwable th) {
            try {
                localSocket.close();
                throw th;
            } catch (IOException e3) {
                throw new RuntimeException("Closing connection to keystore daemon failed.");
            }
        }
    }

    private void addKey(String str, byte[] bArr) throws KeyStoreException {
        Strings.verifyArgumentNotNullOrEmpty(str, "Key Alias");
        Objects.verifyArgumentNotNull(bArr, "Key Data");
        accessDaemon(Operation.Insert, str.getBytes(Charset.defaultCharset()), bArr);
    }

    private void checkOperationSuccess(InputStream inputStream) throws KeyStoreException, IOException {
        int read = inputStream.read();
        if (read != 1) {
            switch (read) {
                case 2:
                    throw new KeyStoreException("The keystore is locked.");
                case 3:
                    throw new KeyStoreException("The keystore is uninitialized.");
                case 4:
                    throw new KeyStoreException("A system error occurred.");
                case 5:
                    throw new KeyStoreException(ProtocolErrorMessage);
                case 6:
                    throw new KeyStoreException("Permission denied.");
                case 7:
                    throw new KeyStoreException(KeyNotFoundErrorMessage);
                case 8:
                    throw new KeyStoreException("Value corrupted.");
                case 9:
                    throw new KeyStoreException("The specified action is undefined.");
                case 10:
                    throw new KeyStoreException("Incorrect password specified.");
                default:
                    Assertion.check(false, String.format(Locale.US, "Unknown error code: %d", Integer.valueOf(read)));
                    return;
            }
        }
    }

    private Key getKey(String str, boolean z) throws InvalidKeySpecException, KeyStoreException {
        Strings.verifyArgumentNotNullOrEmpty(str, "Key Alias");
        byte[] accessDaemon = accessDaemon(Operation.Retrieve, str.getBytes(Charset.defaultCharset()), null);
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            return z ? keyFactory.generatePrivate(new PKCS8EncodedKeySpec(accessDaemon)) : keyFactory.generatePublic(new X509EncodedKeySpec(accessDaemon));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private KeyStore.PrivateKeyEntry getKeyPairPostSdk18(String str) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, UnrecoverableEntryException {
        if (!this._systemKeyStore.containsAlias(str)) {
            throw new IllegalStateException("Keystore is initialized, but does not contain a key pair with the expected alias.");
        }
        KeyStore.Entry entry = this._systemKeyStore.getEntry(str, null);
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            return (KeyStore.PrivateKeyEntry) entry;
        }
        throw new IllegalStateException("Key pair with expected alias exists, but isn't of the correct entry type.");
    }

    private PrivateKey getPrivateKeyPreSdk18(String str) throws KeyStoreException {
        if (!keyExists(str + PrivateKeyAliasPostfix)) {
            throw new IllegalStateException("Keystore does not contain a private key with the expected alias.");
        }
        try {
            return (PrivateKey) getKey(str + PrivateKeyAliasPostfix, true);
        } catch (InvalidKeySpecException e) {
            throw new RuntimeException(e);
        }
    }

    private PublicKey getPublicKeyPreSdk18(String str) throws KeyStoreException {
        if (!keyExists(str + PublicKeyAliasPostfix)) {
            throw new IllegalStateException("Keystore does not contain a public key with the expected alias.");
        }
        try {
            return (PublicKey) getKey(str + PublicKeyAliasPostfix, false);
        } catch (InvalidKeySpecException e) {
            throw new RuntimeException(e);
        }
    }

    private boolean keyExists(String str) throws KeyStoreException {
        Strings.verifyArgumentNotNullOrEmpty(str, "Key Alias");
        if (!NgcCredentialManager.PreSdk18) {
            return this._systemKeyStore.containsAlias(str);
        }
        try {
            accessDaemon(Operation.Check, str.getBytes(Charset.defaultCharset()), null);
            return true;
        } catch (KeyStoreException e) {
            if (e.getMessage().equals(KeyNotFoundErrorMessage)) {
                return false;
            }
            throw e;
        }
    }

    private byte[] readOperationResult(InputStream inputStream) throws IOException, KeyStoreException {
        int read = inputStream.read();
        if (read == -1) {
            return null;
        }
        int read2 = inputStream.read();
        if (read2 == -1) {
            throw new KeyStoreException(ProtocolErrorMessage);
        }
        byte[] bArr = new byte[(read << 8) | read2];
        int i = 0;
        while (i < bArr.length) {
            int read3 = inputStream.read(bArr, i, bArr.length - i);
            if (read3 == -1) {
                throw new KeyStoreException(ProtocolErrorMessage);
            }
            i += read3;
        }
        return bArr;
    }

    private void writeOperationData(OutputStream outputStream, Operation operation, byte[] bArr, byte[] bArr2) throws IOException {
        outputStream.write(operation._opcode);
        outputStream.write(bArr.length >> 8);
        outputStream.write(bArr.length);
        outputStream.write(bArr);
        if (bArr2 != null) {
            outputStream.write(bArr2.length >> 8);
            outputStream.write(bArr2.length);
            outputStream.write(bArr2);
        }
        outputStream.flush();
    }

    public boolean containsKey(String str) throws KeyStoreException {
        return NgcCredentialManager.PreSdk18 ? keyExists(str + PrivateKeyAliasPostfix) : this._systemKeyStore.containsAlias(str);
    }

    public void deleteKey(String str) throws KeyStoreException {
        try {
            if (NgcCredentialManager.PreSdk18) {
                accessDaemon(Operation.Delete, (str + PrivateKeyAliasPostfix).getBytes(Charset.defaultCharset()), null);
                accessDaemon(Operation.Delete, (str + PublicKeyAliasPostfix).getBytes(Charset.defaultCharset()), null);
            } else {
                this._systemKeyStore.deleteEntry(str);
            }
        } catch (KeyStoreException e) {
            if (!e.getMessage().equals(KeyNotFoundErrorMessage)) {
                throw e;
            }
        }
    }

    public PublicKey getPublicKey(String str) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, UnrecoverableEntryException {
        return NgcCredentialManager.PreSdk18 ? getPublicKeyPreSdk18(str) : getKeyPairPostSdk18(str).getCertificate().getPublicKey();
    }

    public PrivateKey getSigningKey(String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableEntryException {
        return NgcCredentialManager.PreSdk18 ? getPrivateKeyPreSdk18(str) : getKeyPairPostSdk18(str).getPrivateKey();
    }

    public void store(KeyPair keyPair, String str) {
        if (NgcCredentialManager.PreSdk18) {
            try {
                addKey(str + PublicKeyAliasPostfix, keyPair.getPublic().getEncoded());
                try {
                    addKey(str + PrivateKeyAliasPostfix, keyPair.getPrivate().getEncoded());
                } catch (KeyStoreException e) {
                    throw new RuntimeException(String.format(Locale.US, "Unable to store private key: %s", e.getMessage()));
                }
            } catch (KeyStoreException e2) {
                throw new RuntimeException(String.format(Locale.US, "Unable to store public key: %s", e2.getMessage()));
            }
        }
    }
}
