package com.microsoft.onlineid.sdk.extension;

import android.content.Context;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import com.microsoft.ngc.provider.cryptography.NgcCredentialManager;
import com.microsoft.ngc.provider.cryptography.NgcKeyInfo;
import com.microsoft.ngc.provider.exceptions.NgcCredentialException;
import com.microsoft.ngc.provider.exceptions.NgcDeviceLockScreenRequiredException;
import com.microsoft.ngc.provider.exceptions.NgcDeviceNotSupportedException;
import com.microsoft.onlineid.ISecurityScope;
import com.microsoft.onlineid.SecurityScope;
import com.microsoft.onlineid.Ticket;
import com.microsoft.onlineid.analytics.ClientAnalytics;
import com.microsoft.onlineid.exception.AuthenticationException;
import com.microsoft.onlineid.exception.NetworkException;
import com.microsoft.onlineid.internal.Assertion;
import com.microsoft.onlineid.internal.Objects;
import com.microsoft.onlineid.internal.exception.AccountNotFoundException;
import com.microsoft.onlineid.internal.storage.TypedStorage;
import com.microsoft.onlineid.sts.AuthenticatorUserAccount;
import com.microsoft.onlineid.sts.DeviceIdentity;
import com.microsoft.onlineid.sts.ExtensionDeviceIdentityManager;
import com.microsoft.onlineid.sts.NgcHelper;
import com.microsoft.onlineid.sts.StsErrorCode;
import com.microsoft.onlineid.sts.exception.InvalidResponseException;
import com.microsoft.onlineid.sts.exception.StsException;
import com.microsoft.onlineid.sts.request.NgcRequestFactory;
import com.microsoft.onlineid.sts.response.ApproveSessionResponse;
import com.microsoft.onlineid.sts.response.ManageLoginKeyResponse;
import com.microsoft.onlineid.sts.response.NgcApproveSessionResponse;
import com.microsoft.onlineid.sts.response.NgcAuthResponse;
import java.security.InvalidKeyException;
import java.security.interfaces.RSAPublicKey;
import java.util.Locale;

/* loaded from: classes5.dex */
public class NgcManager {
    public static final ISecurityScope KeyRegisterLoginProofTokenScope = new SecurityScope("http://Passport.NET/purpose", "PURPOSE_KEYREGISTER");
    private final NgcCredentialManager _credentialManager;
    private final ExtensionDeviceIdentityManager _deviceManager;
    private final NgcHelper _ngcHelper;
    private final NgcRequestFactory _requestFactory;
    private final TypedStorage _ssoStorage;

    public NgcManager(Context context) {
        Objects.verifyArgumentNotNull(context, "Application context");
        this._credentialManager = new NgcCredentialManager();
        this._requestFactory = new NgcRequestFactory(context);
        this._ssoStorage = new TypedStorage(context);
        this._deviceManager = new ExtensionDeviceIdentityManager(context);
        this._ngcHelper = new NgcHelper();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private String getAuthNonce(AuthenticatorUserAccount authenticatorUserAccount, String str) throws InvalidResponseException, NetworkException, StsException {
        NgcAuthResponse ngcAuthResponse = (NgcAuthResponse) this._requestFactory.createAuthNonceRequest(authenticatorUserAccount, str).send();
        if (ngcAuthResponse.succeeded() || ngcAuthResponse.getError().getCode() != StsErrorCode.PP_E_STS_NONCE_REQUIRED) {
            throw new StsException("Nonce request did not return a nonce.", ngcAuthResponse.getError());
        }
        return ngcAuthResponse.getNonce();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private String getSessionApprovalNonce(Session session, String str, String str2, String str3, AuthenticatorUserAccount authenticatorUserAccount, String str4) throws NetworkException, InvalidResponseException, StsException {
        NgcApproveSessionResponse ngcApproveSessionResponse = (NgcApproveSessionResponse) this._requestFactory.createSessionApprovalNonceRequest(str, str2, str3, session, authenticatorUserAccount, str4).send();
        if (ngcApproveSessionResponse.succeeded() || ngcApproveSessionResponse.getError().getCode() != StsErrorCode.PP_E_STS_NONCE_REQUIRED) {
            throw new StsException("Nonce request did not return a nonce.", ngcApproveSessionResponse.getError());
        }
        return ngcApproveSessionResponse.getNonce();
    }

    public static boolean isSupported() {
        return true;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void approveLoginSession(String str, String str2, Session session, String str3, String str4, String str5) throws NgcCredentialException, AuthenticationException, InvalidKeyException {
        ClientAnalytics.get().logEvent("NGC", ClientAnalytics.NgcAttemptingToApproveSession);
        AuthenticatorUserAccount readAccount = SessionManager.readAccount(this._ssoStorage, str);
        if (readAccount == null) {
            throw new AccountNotFoundException();
        }
        ApproveSessionResponse approveSessionResponse = (ApproveSessionResponse) this._requestFactory.createSessionApprovalRequest(str5, str3, str4, session, readAccount, str2, this._ngcHelper.buildNgcToken(getSessionApprovalNonce(session, str5, str3, str4, readAccount, str2), readAccount, str2, true)).send();
        if (approveSessionResponse.succeeded()) {
            ClientAnalytics.get().logEvent("NGC", ClientAnalytics.NgcSessionApproved, str5 == null ? "via returning user" : "via first time user");
        } else {
            if (!approveSessionResponse.getError().isNgcKeyNotFoundError()) {
                throw new StsException("Approval request failed.", approveSessionResponse.getError());
            }
            throw new KeyPermanentlyInvalidatedException(approveSessionResponse.getError().getMessage());
        }
    }

    public boolean canGenerateHardwareBackedKeyPairSilently() {
        return this._credentialManager.canGenerateHardwareBackedKeyPairSilently();
    }

    public NgcKeyInfo generateKeyPair(String str, boolean z) throws AuthenticationException, NgcDeviceNotSupportedException, NgcDeviceLockScreenRequiredException {
        AuthenticatorUserAccount readAccount = SessionManager.readAccount(this._ssoStorage, str);
        if (readAccount != null) {
            return this._credentialManager.generateKeyPair(readAccount.getPuid(), z);
        }
        throw new AccountNotFoundException();
    }

    String getFriendlyName(String str, String str2) {
        return String.format(Locale.US, "MicrosoftAccount-%s-%s", str, str2);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public String registerNgcKey(String str, String str2, Ticket ticket) throws NgcCredentialException, AuthenticationException {
        AuthenticatorUserAccount readAccount = SessionManager.readAccount(this._ssoStorage, str);
        if (readAccount == null) {
            throw new AccountNotFoundException();
        }
        byte[] sessionKey = readAccount.getDAToken().getSessionKey();
        DeviceIdentity deviceIdentity = this._deviceManager.getDeviceIdentity(false);
        RSAPublicKey rSAPublicKey = (RSAPublicKey) this._credentialManager.getPublicKey(readAccount.getPuid());
        Assertion.check(rSAPublicKey != null, "Couldn't find NGC public key; expected to be pre-generated.");
        ManageLoginKeyResponse manageLoginKeyResponse = (ManageLoginKeyResponse) this._requestFactory.createRegisterKeyRequest(ticket, rSAPublicKey, getFriendlyName(readAccount.getPuid(), deviceIdentity.getPuid()), sessionKey, str2).send();
        if (!manageLoginKeyResponse.succeeded()) {
            throw new StsException("Attempt to register NGC key with the MSA server failed.", manageLoginKeyResponse.getError());
        }
        if (str2 == null || str2.isEmpty()) {
            readAccount.setServerKeyIdentifier(manageLoginKeyResponse.getServerKeyIdentifier());
            this._ssoStorage.writeAccount(readAccount);
        }
        return manageLoginKeyResponse.getServerKeyIdentifier();
    }

    public void setAccountServerKeyIdentifier(String str, String str2) throws AccountNotFoundException {
        AuthenticatorUserAccount readAccount = SessionManager.readAccount(this._ssoStorage, str);
        if (readAccount == null) {
            throw new AccountNotFoundException("Account was deleted before save serverKeyIdentifier");
        }
        readAccount.setServerKeyIdentifier(str2);
        this._ssoStorage.writeAccount(readAccount);
    }
}
