package com.microsoft.identity.broker4j.broker.crypto.keyloaders;

import com.microsoft.identity.broker4j.broker.crypto.BrokerKeyUtil;
import com.microsoft.identity.broker4j.broker.crypto.IAsymmetricKeyEntry;
import com.microsoft.identity.broker4j.broker.crypto.RawAsymmetricKeyEntry;
import com.microsoft.identity.broker4j.broker.platform.components.IAccountDataStorage;
import com.microsoft.identity.broker4j.broker.platform.components.IDataLoader;
import com.microsoft.identity.broker4j.workplacejoin.WorkplaceJoinCertHelper;
import com.microsoft.identity.common.java.broker.IBrokerAccount;
import com.microsoft.identity.common.java.crypto.ICryptoFactory;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.logging.Logger;
import com.microsoft.identity.common.java.util.StringUtil;
import edu.umd.cs.findbugs.annotations.Nullable;
import java.io.UnsupportedEncodingException;
import java.security.KeyPair;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Objects;
import java.util.UUID;
import lombok.NonNull;

/* loaded from: classes2.dex */
public class RawDeviceKeyLoader implements IDataLoader<IAsymmetricKeyEntry, IAccountDataStorage> {
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_DEVICE_PRIVATE_KEY_ENC = "workplaceJoin.key.cert.privateKey.enc";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_DEVICE_PUBLIC_KEY_ENC = "workplaceJoin.key.cert.publicKey.enc";
    private static final String TAG = "RawDeviceKeyLoader";
    private final ICryptoFactory mCryptoFactory;

    public RawDeviceKeyLoader(ICryptoFactory iCryptoFactory) {
        this.mCryptoFactory = iCryptoFactory;
    }

    @NonNull
    private RSAPrivateKey loadPrivateKey(@NonNull IAccountDataStorage iAccountDataStorage, @NonNull IBrokerAccount iBrokerAccount) throws ClientException {
        Objects.requireNonNull(iAccountDataStorage, "storage is marked non-null but is null");
        Objects.requireNonNull(iBrokerAccount, "account is marked non-null but is null");
        String data = iAccountDataStorage.getData(iBrokerAccount, ACCOUNT_MANAGER_STORAGE_KEY_DEVICE_PRIVATE_KEY_ENC);
        if (StringUtil.isNullOrEmpty(data)) {
            throw new IllegalStateException("encodedDevicePrivateKey is null or empty.");
        }
        byte[] base64Decode = StringUtil.base64Decode(data);
        if (base64Decode == null || base64Decode.length == 0) {
            throw new IllegalStateException("devicePrivateKey is null or empty.");
        }
        return BrokerKeyUtil.constructRSAPrivateKey(base64Decode, this.mCryptoFactory);
    }

    private RSAPublicKey loadPublicKey(@NonNull IAccountDataStorage iAccountDataStorage, @NonNull IBrokerAccount iBrokerAccount) {
        Objects.requireNonNull(iAccountDataStorage, "storage is marked non-null but is null");
        Objects.requireNonNull(iBrokerAccount, "account is marked non-null but is null");
        String str = TAG + ":loadPublicKey";
        try {
            RSAPublicKey tryLoadingPublicKeyFromRawData = tryLoadingPublicKeyFromRawData(iAccountDataStorage, iBrokerAccount);
            if (tryLoadingPublicKeyFromRawData != null) {
                return tryLoadingPublicKeyFromRawData;
            }
        } catch (ClientException e) {
            Logger.error(str, "Failed to load DeviceKey from raw data: " + e.getMessage(), e);
        }
        try {
            RSAPublicKey tryLoadingPublicKeyFromCertificateInLegacySpace = tryLoadingPublicKeyFromCertificateInLegacySpace(iAccountDataStorage, iBrokerAccount);
            if (tryLoadingPublicKeyFromCertificateInLegacySpace != null) {
                return tryLoadingPublicKeyFromCertificateInLegacySpace;
            }
        } catch (UnsupportedEncodingException | NoSuchProviderException | CertificateException e2) {
            Logger.error(str, "Failed to load DeviceKey from certificate: " + e2.getMessage(), e2);
        }
        throw new IllegalStateException("Failed to load public key");
    }

    @Nullable
    private RSAPublicKey tryLoadingPublicKeyFromCertificateInLegacySpace(@NonNull IAccountDataStorage iAccountDataStorage, @NonNull IBrokerAccount iBrokerAccount) throws CertificateException, NoSuchProviderException, UnsupportedEncodingException {
        Objects.requireNonNull(iAccountDataStorage, "storage is marked non-null but is null");
        Objects.requireNonNull(iBrokerAccount, "account is marked non-null but is null");
        String str = TAG + ":tryLoadingPublicKeyFromCertificate";
        String data = iAccountDataStorage.getData(iBrokerAccount, "workplaceJoin.key.cert.response");
        if (StringUtil.isNullOrEmpty(data)) {
            Logger.info(str, "X509 is not in the legacy space");
            return null;
        }
        PublicKey publicKey = WorkplaceJoinCertHelper.generateX509Certificate(data).getPublicKey();
        if (publicKey instanceof RSAPublicKey) {
            return (RSAPublicKey) publicKey;
        }
        throw new IllegalStateException("We got a public key that is not an RSAPublicKey, class was " + publicKey.getClass().getSimpleName());
    }

    @Nullable
    private RSAPublicKey tryLoadingPublicKeyFromRawData(@NonNull IAccountDataStorage iAccountDataStorage, @NonNull IBrokerAccount iBrokerAccount) throws ClientException {
        Objects.requireNonNull(iAccountDataStorage, "storage is marked non-null but is null");
        Objects.requireNonNull(iBrokerAccount, "account is marked non-null but is null");
        String str = TAG + ":tryLoadingPublicKeyFromRawData";
        String data = iAccountDataStorage.getData(iBrokerAccount, ACCOUNT_MANAGER_STORAGE_KEY_DEVICE_PUBLIC_KEY_ENC);
        if (StringUtil.isNullOrEmpty(data)) {
            Logger.info(str, "PublicKey in storage is null.");
            return null;
        }
        byte[] base64Decode = StringUtil.base64Decode(data);
        if (base64Decode != null && base64Decode.length != 0) {
            return BrokerKeyUtil.constructRSAPublicKey(base64Decode, this.mCryptoFactory);
        }
        Logger.info(str, "Decoded PublicKey is null.");
        return null;
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IDataLoader
    @Nullable
    public IAsymmetricKeyEntry load(@NonNull IAccountDataStorage iAccountDataStorage, @NonNull IBrokerAccount iBrokerAccount) {
        Objects.requireNonNull(iAccountDataStorage, "storage is marked non-null but is null");
        Objects.requireNonNull(iBrokerAccount, "account is marked non-null but is null");
        try {
            return RawAsymmetricKeyEntry.builder().keyPair(new KeyPair(loadPublicKey(iAccountDataStorage, iBrokerAccount), loadPrivateKey(iAccountDataStorage, iBrokerAccount))).alias(UUID.randomUUID().toString()).build();
        } catch (ClientException | IllegalArgumentException | IllegalStateException e) {
            Logger.error(TAG + ":load", "Failed to load DeviceKey: " + e.getMessage(), e);
            return null;
        }
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IDataLoader
    public void save(@NonNull IAccountDataStorage iAccountDataStorage, @NonNull IBrokerAccount iBrokerAccount, @Nullable IAsymmetricKeyEntry iAsymmetricKeyEntry) {
        String str;
        Objects.requireNonNull(iAccountDataStorage, "storage is marked non-null but is null");
        Objects.requireNonNull(iBrokerAccount, "account is marked non-null but is null");
        String str2 = null;
        if (iAsymmetricKeyEntry == null) {
            str = null;
        } else {
            if (!(iAsymmetricKeyEntry instanceof RawAsymmetricKeyEntry)) {
                IllegalStateException illegalStateException = new IllegalStateException("RawDeviceKeyLoader only supports RawAsymmetricKeyEntry, but got " + iAsymmetricKeyEntry.getClass().getSimpleName());
                Logger.error(TAG + ":save", illegalStateException.getMessage(), illegalStateException);
                throw illegalStateException;
            }
            KeyPair keyPair = ((RawAsymmetricKeyEntry) iAsymmetricKeyEntry).getKeyPair();
            str2 = StringUtil.base64Encode(keyPair.getPrivate().getEncoded());
            str = StringUtil.base64Encode(keyPair.getPublic().getEncoded());
        }
        iAccountDataStorage.setData(iBrokerAccount, ACCOUNT_MANAGER_STORAGE_KEY_DEVICE_PRIVATE_KEY_ENC, str2);
        iAccountDataStorage.setData(iBrokerAccount, ACCOUNT_MANAGER_STORAGE_KEY_DEVICE_PUBLIC_KEY_ENC, str);
    }
}
