package com.microsoft.identity.common.internal.platform;

import a.a;
import android.security.keystore.KeyInfo;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.internal.util.Supplier;
import com.microsoft.identity.common.logging.Logger;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStore.Entry;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Date;
import java.util.Objects;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import lombok.NonNull;

/* loaded from: classes3.dex */
public class DeviceKeyManager<K extends KeyStore.Entry> implements IKeyManager<K> {
    private static final String TAG = "DeviceKeyManager";
    private final String mKeyAlias;
    private final KeyStore mKeyStore;
    private final Supplier<byte[]> mThumbprintSupplier;

    /* loaded from: classes3.dex */
    public static class DeviceKeyManagerBuilder<K extends KeyStore.Entry> {
        private String keyAlias;
        private KeyStore keyStore;
        private Supplier<byte[]> thumbprintSupplier;

        public DeviceKeyManager<K> build() throws KeyStoreException {
            return new DeviceKeyManager<>(this.keyStore, this.keyAlias, this.thumbprintSupplier);
        }

        public DeviceKeyManagerBuilder<K> keyAlias(@NonNull String str) {
            Objects.requireNonNull(str, "keyAlias is marked non-null but is null");
            this.keyAlias = str;
            return this;
        }

        public DeviceKeyManagerBuilder<K> keyStore(@NonNull KeyStore keyStore) {
            Objects.requireNonNull(keyStore, "keyStore is marked non-null but is null");
            this.keyStore = keyStore;
            return this;
        }

        public DeviceKeyManagerBuilder<K> thumbprintSupplier(@NonNull Supplier<byte[]> supplier) {
            Objects.requireNonNull(supplier, "thumbprintSupplier is marked non-null but is null");
            this.thumbprintSupplier = supplier;
            return this;
        }

        public String toString() {
            StringBuilder x2 = a.x("DeviceKeyManager.DeviceKeyManagerBuilder(keyStore=");
            x2.append(this.keyStore);
            x2.append(", keyAlias=");
            x2.append(this.keyAlias);
            x2.append(", thumbprintSupplier=");
            x2.append(this.thumbprintSupplier);
            x2.append(")");
            return x2.toString();
        }
    }

    public DeviceKeyManager(@NonNull KeyStore keyStore, @NonNull String str, @NonNull Supplier<byte[]> supplier) throws KeyStoreException {
        Objects.requireNonNull(keyStore, "keyStore is marked non-null but is null");
        Objects.requireNonNull(str, "keyAlias is marked non-null but is null");
        Objects.requireNonNull(supplier, "thumbprintSupplier is marked non-null but is null");
        this.mKeyAlias = str;
        this.mThumbprintSupplier = supplier;
        this.mKeyStore = keyStore;
    }

    public static <K extends KeyStore.Entry> DeviceKeyManagerBuilder<K> builder() {
        return new DeviceKeyManagerBuilder<>();
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public boolean clear() {
        try {
            this.mKeyStore.deleteEntry(this.mKeyAlias);
            return true;
        } catch (KeyStoreException e) {
            Logger.error(TAG, "Error while clearing KeyStore", e);
            return false;
        }
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public boolean exists() {
        try {
            return this.mKeyStore.containsAlias(this.mKeyAlias);
        } catch (KeyStoreException e) {
            Logger.error(TAG, "Error while querying KeyStore", e);
            return false;
        }
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public Certificate[] getCertificateChain() throws ClientException {
        try {
            return this.mKeyStore.getCertificateChain(this.mKeyAlias);
        } catch (KeyStoreException e) {
            ClientException clientException = new ClientException(ClientException.KEYSTORE_NOT_INITIALIZED, e.getMessage(), e);
            Logger.error(TAG, clientException.getMessage(), clientException);
            throw clientException;
        }
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public Date getCreationDate() throws ClientException {
        try {
            return this.mKeyStore.getCreationDate(this.mKeyAlias);
        } catch (KeyStoreException e) {
            String str = TAG;
            StringBuilder x2 = a.x("Error while getting creation date for alias ");
            x2.append(this.mKeyAlias);
            Logger.error(str, x2.toString(), e);
            throw new ClientException(ClientException.KEYSTORE_NOT_INITIALIZED, e.getMessage(), e);
        }
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public K getEntry() throws UnrecoverableEntryException, NoSuchAlgorithmException, KeyStoreException {
        return (K) this.mKeyStore.getEntry(this.mKeyAlias, null);
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public String getKeyAlias() {
        return this.mKeyAlias;
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public SecureHardwareState getSecureHardwareState() throws ClientException {
        String str;
        try {
            try {
                K entry = getEntry();
                if (entry instanceof KeyStore.PrivateKeyEntry) {
                    try {
                        PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                        boolean isInsideSecureHardware = ((KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), this.mKeyStore.getProvider()).getKeySpec(privateKey, KeyInfo.class)).isInsideSecureHardware();
                        Logger.info(TAG, "PrivateKey is secure hardware backed? " + isInsideSecureHardware);
                        return isInsideSecureHardware ? SecureHardwareState.TRUE_UNATTESTED : SecureHardwareState.FALSE;
                    } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                        Logger.error(TAG, "Failed to query secure hardware state.", e);
                        return SecureHardwareState.UNKNOWN_QUERY_ERROR;
                    }
                }
                if (!(entry instanceof KeyStore.SecretKeyEntry)) {
                    throw new ClientException("unknown_error", "Cannot handle entries of type " + entry.getClass().getCanonicalName());
                }
                try {
                    SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
                    boolean isInsideSecureHardware2 = ((KeyInfo) SecretKeyFactory.getInstance(secretKey.getAlgorithm(), this.mKeyStore.getProvider()).getKeySpec(secretKey, KeyInfo.class)).isInsideSecureHardware();
                    Logger.info(TAG, "SecretKey is secure hardware backed? " + isInsideSecureHardware2);
                    return isInsideSecureHardware2 ? SecureHardwareState.TRUE_UNATTESTED : SecureHardwareState.FALSE;
                } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
                    Logger.error(TAG, "Failed to query secure hardware state.", e2);
                    return SecureHardwareState.UNKNOWN_QUERY_ERROR;
                }
            } catch (NoSuchAlgorithmException e3) {
                e = e3;
                str = "no_such_algorithm";
                ClientException clientException = new ClientException(str, e.getMessage(), e);
                Logger.error(TAG + ":getSecureHardwareState", str, e);
                throw clientException;
            }
        } catch (KeyStoreException e4) {
            e = e4;
            str = ClientException.KEYSTORE_NOT_INITIALIZED;
            ClientException clientException2 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":getSecureHardwareState", str, e);
            throw clientException2;
        } catch (UnrecoverableEntryException e5) {
            e = e5;
            str = ClientException.INVALID_PROTECTION_PARAMS;
            ClientException clientException22 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":getSecureHardwareState", str, e);
            throw clientException22;
        }
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public byte[] getThumbprint() {
        return this.mThumbprintSupplier.get();
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public boolean hasThumbprint(@NonNull byte[] bArr) {
        Objects.requireNonNull(bArr, "thumbprint is marked non-null but is null");
        return Arrays.equals(bArr, this.mThumbprintSupplier.get());
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public void importKey(@NonNull byte[] bArr, @NonNull String str) throws ClientException {
        Objects.requireNonNull(bArr, "jwk is marked non-null but is null");
        Objects.requireNonNull(str, "algorithm is marked non-null but is null");
        throw new UnsupportedOperationException("This is not currently supported");
    }
}
