package com.microsoft.mmx.agents.ypp.authclient.crypto;

import a.c.c.a.m3.c.b.l;
import a.c.c.a.m3.c.b.p;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.WorkerThread;
import com.microsoft.appmanager.telemetry.ILogger;
import com.microsoft.appmanager.telemetry.TelemetryUtils;
import com.microsoft.appmanager.telemetry.TraceContext;
import com.microsoft.mmx.agents.remoteconfiguration.ExpManager;
import com.microsoft.mmx.agents.ypp.authclient.auth.AuthState;
import com.microsoft.mmx.agents.ypp.authclient.auth.IAuthStorage;
import com.microsoft.mmx.agents.ypp.authclient.crypto.CertificateUtils;
import com.microsoft.mmx.agents.ypp.authclient.crypto.CryptoManager;
import com.microsoft.mmx.agents.ypp.authclient.crypto.CryptoTrustKeyRotationRequestData;
import com.microsoft.mmx.agents.ypp.authclient.crypto.KeyRotationRequestData;
import com.microsoft.mmx.agents.ypp.authclient.utils.AuthTelemetryUtils;
import com.microsoft.mmx.agents.ypp.configuration.PlatformConfiguration;
import com.microsoft.mmx.logging.ContentProperties;
import com.microsoft.mmx.remoteconfiguration.RemoteConfigurationRing;
import io.reactivex.Completable;
import io.reactivex.Scheduler;
import io.reactivex.Single;
import io.reactivex.functions.Action;
import io.reactivex.functions.BiFunction;
import io.reactivex.functions.Function;
import io.reactivex.schedulers.Schedulers;
import java.io.FileNotFoundException;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Objects;
import javax.inject.Inject;
import org.apache.commons.lang3.concurrent.ConcurrentException;
import org.apache.commons.lang3.concurrent.ConcurrentInitializer;
import org.apache.commons.lang3.concurrent.LazyInitializer;
import org.joda.time.DateTime;

/* loaded from: classes2.dex */
public class CryptoManager {
    private final IAuthStorage authStorage;
    private final ConcurrentInitializer<Scheduler> cryptoLazyInitScheduler = new LazyInitializer<Scheduler>(this) { // from class: com.microsoft.mmx.agents.ypp.authclient.crypto.CryptoManager.1
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.commons.lang3.concurrent.LazyInitializer
        public Scheduler initialize() {
            return Schedulers.newThread();
        }
    };
    private final JwtHelper jwtHelper;
    private final KeyManager keyManager;
    private final Log logger;
    private final PlatformConfiguration platformConfiguration;

    /* loaded from: classes2.dex */
    public static final class Log {
        private static final String TAG = CryptoManager.class.getSimpleName();
        private final ILogger logger;

        private Log(ILogger iLogger) {
            this.logger = iLogger;
        }

        public void a(String str, String str2) {
            this.logger.logDebug(TAG, ContentProperties.NO_PII, "Creating NonceJwt for deviceId: %s and nonce: %s", str, str2);
        }

        public void b(String str, String str2) {
            this.logger.logDebug(TAG, ContentProperties.NO_PII, "Creating SignedJwt for selfClientId: %s and payload: %s", str, str2);
        }

        public void c(String str) {
            this.logger.logDebug(TAG, ContentProperties.NO_PII, "Encoding certificate for deviceId %s", str);
        }
    }

    @Inject
    public CryptoManager(@NonNull KeyManager keyManager, @NonNull ILogger iLogger, @NonNull JwtHelper jwtHelper, @NonNull IAuthStorage iAuthStorage, @NonNull PlatformConfiguration platformConfiguration) {
        this.keyManager = keyManager;
        this.logger = new Log(iLogger);
        this.jwtHelper = jwtHelper;
        this.authStorage = iAuthStorage;
        this.platformConfiguration = platformConfiguration;
    }

    public static String getClientIdFromCertificate(@NonNull X509Certificate x509Certificate) {
        String name = x509Certificate.getIssuerX500Principal().getName();
        if (name == null || !name.startsWith("CN=")) {
            return null;
        }
        return name.substring(3);
    }

    private Scheduler getScheduler() throws ConcurrentException {
        return this.cryptoLazyInitScheduler.get();
    }

    private /* synthetic */ String lambda$getBase64Asn1EncodedCertificate$0(String str, KeyStore.PrivateKeyEntry privateKeyEntry) throws Exception {
        this.logger.c(str);
        return CertificateUtils.a(privateKeyEntry);
    }

    public Completable a(@NonNull KeyRotationRequestData keyRotationRequestData, @NonNull TraceContext traceContext) {
        try {
            return this.keyManager.k(keyRotationRequestData.getNewKeyAlias(), traceContext).doOnComplete(new Action() { // from class: a.c.c.a.m3.c.b.f
                @Override // io.reactivex.functions.Action
                public final void run() {
                    CryptoManager.this.c();
                }
            }).subscribeOn(getScheduler());
        } catch (ConcurrentException e) {
            return Completable.error(e);
        }
    }

    public Completable abortCryptoTrustKeyRotation(@NonNull CryptoTrustKeyRotationRequestData cryptoTrustKeyRotationRequestData, @NonNull TraceContext traceContext) {
        try {
            return this.keyManager.k(cryptoTrustKeyRotationRequestData.getNewSelfKeyAlias(), traceContext).subscribeOn(getScheduler());
        } catch (ConcurrentException e) {
            return Completable.error(e);
        }
    }

    public Single<KeyRotationRequestData> b(@NonNull final String str, @NonNull final String str2, @NonNull final TraceContext traceContext) {
        final String a2 = KeyManager.a();
        Single<String> nonceJwtForDeviceId = getNonceJwtForDeviceId(str, str2, traceContext);
        KeyManager keyManager = this.keyManager;
        Objects.requireNonNull(keyManager);
        return Single.zip(nonceJwtForDeviceId, Single.fromCallable(new p(keyManager, a2, str, traceContext)).map(new Function() { // from class: a.c.c.a.m3.c.b.h
            @Override // io.reactivex.functions.Function
            public final Object apply(Object obj) {
                return CryptoManager.this.d(str2, traceContext, (KeyStore.PrivateKeyEntry) obj);
            }
        }), new BiFunction() { // from class: a.c.c.a.m3.c.b.e
            @Override // io.reactivex.functions.BiFunction
            public final Object apply(Object obj, Object obj2) {
                return new KeyRotationRequestData(str, str2, a2, (String) obj2, (String) obj);
            }
        });
    }

    public /* synthetic */ void c() {
        this.authStorage.updateKeyRotationTargetValidationTime(DateTime.now().plus(this.platformConfiguration.getKeyRotationRetryTimeFail()));
    }

    public /* synthetic */ String d(String str, TraceContext traceContext, KeyStore.PrivateKeyEntry privateKeyEntry) {
        return this.jwtHelper.a(privateKeyEntry, str, traceContext);
    }

    public /* synthetic */ String e(String str, String str2, TraceContext traceContext, KeyStore.PrivateKeyEntry privateKeyEntry) {
        this.logger.a(str, str2);
        return this.jwtHelper.a(privateKeyEntry, str2, traceContext);
    }

    public /* synthetic */ String f(String str, String str2, TraceContext traceContext, KeyStore.PrivateKeyEntry privateKeyEntry) {
        this.logger.b(str, str2);
        return this.jwtHelper.b(privateKeyEntry, str2, str, traceContext);
    }

    public /* synthetic */ void g() {
        this.authStorage.updateKeyRotationTargetValidationTime(DateTime.now().plus(this.platformConfiguration.getKeyRotationAgeThreshold()));
    }

    public Single<String> getNewBase64EncodedCert(@NonNull String str, @NonNull TraceContext traceContext) {
        try {
            return this.keyManager.generateNewKeyPairEntry(str, traceContext).subscribeOn(getScheduler()).map(new Function() { // from class: a.c.c.a.m3.c.b.a
                @Override // io.reactivex.functions.Function
                public final Object apply(Object obj) {
                    return CertificateUtils.a((KeyStore.PrivateKeyEntry) obj);
                }
            }).observeOn(Schedulers.io());
        } catch (ConcurrentException e) {
            return Single.error(e);
        }
    }

    public Single<String> getNonceJwtForDeviceId(@NonNull final String str, @NonNull final String str2, @NonNull final TraceContext traceContext) {
        try {
            return this.keyManager.getOrGenerateKeyPairEntry(str, traceContext).subscribeOn(getScheduler()).map(new Function() { // from class: a.c.c.a.m3.c.b.c
                @Override // io.reactivex.functions.Function
                public final Object apply(Object obj) {
                    return CryptoManager.this.e(str, str2, traceContext, (KeyStore.PrivateKeyEntry) obj);
                }
            }).observeOn(Schedulers.io());
        } catch (ConcurrentException e) {
            return Single.error(e);
        }
    }

    public Single<CryptoTrustKeyRotationRequestData> getSelfCryptoKeyRotationRequestData(@NonNull final String str, @NonNull TraceContext traceContext) {
        try {
            Scheduler scheduler = getScheduler();
            final String a2 = KeyManager.a();
            KeyManager keyManager = this.keyManager;
            Objects.requireNonNull(keyManager);
            return Single.fromCallable(new p(keyManager, a2, str, traceContext)).subscribeOn(scheduler).map(new Function() { // from class: a.c.c.a.m3.c.b.g
                @Override // io.reactivex.functions.Function
                public final Object apply(Object obj) {
                    return new CryptoTrustKeyRotationRequestData(str, a2, CertificateUtils.a((KeyStore.PrivateKeyEntry) obj));
                }
            }).observeOn(Schedulers.io());
        } catch (ConcurrentException e) {
            return Single.error(e);
        }
    }

    public Single<String> getSignedJwtForSelfClientId(@NonNull final String str, @NonNull final String str2, @NonNull final TraceContext traceContext) {
        try {
            return this.keyManager.getExistingKeyPairEntry(str, traceContext).subscribeOn(getScheduler()).map(new Function() { // from class: a.c.c.a.m3.c.b.b
                @Override // io.reactivex.functions.Function
                public final Object apply(Object obj) {
                    return CryptoManager.this.f(str, str2, traceContext, (KeyStore.PrivateKeyEntry) obj);
                }
            }).observeOn(Schedulers.io());
        } catch (ConcurrentException e) {
            return Single.error(e);
        }
    }

    public Completable h(KeyRotationRequestData keyRotationRequestData, TraceContext traceContext) {
        try {
            Scheduler scheduler = getScheduler();
            KeyManager keyManager = this.keyManager;
            String deviceId = keyRotationRequestData.getDeviceId();
            String newKeyAlias = keyRotationRequestData.getNewKeyAlias();
            Objects.requireNonNull(keyManager);
            return Completable.fromAction(new l(keyManager, deviceId, newKeyAlias, traceContext)).doOnComplete(new Action() { // from class: a.c.c.a.m3.c.b.d
                @Override // io.reactivex.functions.Action
                public final void run() {
                    CryptoManager.this.g();
                }
            }).subscribeOn(scheduler);
        } catch (ConcurrentException e) {
            return Completable.error(e);
        }
    }

    public boolean isDcgAuthKeyInKeyStore(@Nullable TraceContext traceContext) {
        if (traceContext == null) {
            traceContext = TelemetryUtils.createNewTraceContext(AuthTelemetryUtils.UNKNOWN_AUTH, AuthTelemetryUtils.CRYPTO_MANAGER_CHECK_DCG_AUTH_KEY_AVAILABILITY_TRIGGER);
        }
        AuthState authState = this.authStorage.getAuthState();
        if (authState != null) {
            return this.keyManager.hasKeyPairInKeyStore(authState.getDeviceId(), traceContext);
        }
        return false;
    }

    @WorkerThread
    public boolean isKeyRotationNecessary(String str, @NonNull TraceContext traceContext) {
        if (this.authStorage.getAuthState() != null && this.authStorage.getKeyRotationTargetValidationTime() != null && this.authStorage.getKeyRotationTargetValidationTime().isBeforeNow()) {
            if (ExpManager.isRemoteConfigurationManagerInitialized() && ExpManager.getRing() == RemoteConfigurationRing.TEAM) {
                return true;
            }
            try {
                return DateTime.now().plus(this.platformConfiguration.getKeyRotationAgeThreshold()).isAfter(DateTime.now().withMillis(((X509Certificate) this.keyManager.getOrGenerateKeyPairEntry(str, traceContext).blockingGet().getCertificate()).getNotAfter().getTime()).toInstant());
            } catch (CryptoException unused) {
            }
        }
        return false;
    }

    public Completable removeDcgAuthKeyFromKeyStore(@Nullable TraceContext traceContext) {
        if (traceContext == null) {
            traceContext = TelemetryUtils.createNewTraceContext(AuthTelemetryUtils.UNKNOWN_AUTH, AuthTelemetryUtils.CRYPTO_MANAGER_REMOVE_DCG_AUTH_KEY_FROM_KEYSTORE);
        }
        AuthState authState = this.authStorage.getAuthState();
        return authState != null ? this.keyManager.removeKeyPairByKeyAliasIdSpecial(authState.getDeviceId(), traceContext) : Completable.error(new CryptoException(new FileNotFoundException()));
    }

    public Completable removeKeyPair(@NonNull String str, @NonNull TraceContext traceContext) {
        try {
            return this.keyManager.j(str, traceContext).subscribeOn(getScheduler());
        } catch (ConcurrentException e) {
            return Completable.error(e);
        }
    }

    public Completable setNewCryptoTrustKey(@NonNull CryptoTrustKeyRotationRequestData cryptoTrustKeyRotationRequestData, @NonNull TraceContext traceContext) {
        try {
            Scheduler scheduler = getScheduler();
            KeyManager keyManager = this.keyManager;
            String selfClientId = cryptoTrustKeyRotationRequestData.getSelfClientId();
            String newSelfKeyAlias = cryptoTrustKeyRotationRequestData.getNewSelfKeyAlias();
            Objects.requireNonNull(keyManager);
            return Completable.fromAction(new l(keyManager, selfClientId, newSelfKeyAlias, traceContext)).subscribeOn(scheduler);
        } catch (ConcurrentException e) {
            return Completable.error(e);
        }
    }
}
