package com.microsoft.identity.broker.crypto.keymanagers;

import android.security.keystore.KeyGenParameterSpec;
import com.microsoft.identity.broker.crypto.AndroidKeyStoreCryptoFactory;
import com.microsoft.identity.broker4j.broker.crypto.IAsymmetricKeyEntry;
import com.microsoft.identity.broker4j.broker.crypto.IBrokerCryptoFactory;
import com.microsoft.identity.broker4j.broker.crypto.IKeyEntry;
import com.microsoft.identity.broker4j.broker.crypto.RawAsymmetricKeyEntry;
import com.microsoft.identity.broker4j.broker.crypto.RawSymmetricKeyEntry;
import com.microsoft.identity.broker4j.broker.crypto.keymanagers.IKeyManager;
import com.microsoft.identity.common.java.AuthenticationConstants;
import com.microsoft.identity.common.java.crypto.SP800108KeyGen;
import com.microsoft.identity.common.java.exception.ClientException;
import com.nimbusds.jose.util.X509CertUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Objects;
import java.util.UUID;

/* loaded from: classes2.dex */
public class AndroidKeyStoreKeyManager implements IKeyManager {
    private final String TAG = AndroidKeyStoreKeyManager.class.getSimpleName();
    private final IBrokerCryptoFactory mCryptoFactory;

    public AndroidKeyStoreKeyManager(IBrokerCryptoFactory iBrokerCryptoFactory) {
        Objects.requireNonNull(iBrokerCryptoFactory, "cryptoFactory is marked non-null but is null");
        this.mCryptoFactory = iBrokerCryptoFactory;
    }

    @Override // com.microsoft.identity.broker4j.broker.crypto.keymanagers.IKeyManager
    public void deleteKey(IKeyEntry iKeyEntry) throws ClientException {
        try {
            KeyStore keyStore = KeyStore.getInstance(AndroidKeyStoreCryptoFactory.ANDROID_KEYSTORE);
            keyStore.load(null, null);
            keyStore.deleteEntry(iKeyEntry.getAlias());
        } catch (IOException e) {
            throw new ClientException("io_error", e.getMessage(), e);
        } catch (KeyStoreException e2) {
            throw new ClientException(ClientException.KEYSTORE_NOT_INITIALIZED, e2.getMessage(), e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new ClientException("no_such_algorithm", e3.getMessage(), e3);
        } catch (CertificateException e4) {
            throw new ClientException(ClientException.CERTIFICATE_LOAD_FAILURE, e4.getMessage(), e4);
        }
    }

    @Override // com.microsoft.identity.broker4j.broker.crypto.keymanagers.IKeyManager
    public IKeyEntry generateDerivedKey(IKeyEntry iKeyEntry, byte[] bArr, byte[] bArr2, String str) throws ClientException {
        try {
            KeyStore keyStore = KeyStore.getInstance(AndroidKeyStoreCryptoFactory.ANDROID_KEYSTORE);
            keyStore.load(null);
            if (!keyStore.containsAlias(iKeyEntry.getAlias())) {
                throw new ClientException(ClientException.INVALID_KEY, "keyToDerive entry does not exist in keyStore");
            }
            return RawSymmetricKeyEntry.builder().alias(UUID.randomUUID().toString()).keyData(new SP800108KeyGen(this.mCryptoFactory).generateDerivedKey(((KeyStore.SecretKeyEntry) keyStore.getEntry(iKeyEntry.getAlias(), null)).getSecretKey(), bArr, bArr2)).keyAlgorithm(str).build();
        } catch (IOException e) {
            throw new ClientException("io_error", e.getMessage(), e);
        } catch (InvalidKeyException e2) {
            throw new ClientException(ClientException.INVALID_KEY, e2.getMessage(), e2);
        } catch (KeyStoreException e3) {
            throw new ClientException(ClientException.KEYSTORE_NOT_INITIALIZED, e3.getMessage(), e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new ClientException("no_such_algorithm", e4.getMessage(), e4);
        } catch (UnrecoverableEntryException e5) {
            throw new ClientException(ClientException.INVALID_PROTECTION_PARAMS, e5.getMessage(), e5);
        } catch (CertificateException e6) {
            throw new ClientException(ClientException.CERTIFICATE_LOAD_FAILURE, e6.getMessage(), e6);
        }
    }

    @Override // com.microsoft.identity.broker4j.broker.crypto.keymanagers.IKeyManager
    public IAsymmetricKeyEntry generateKeyPair(String str, String str2, int i) throws ClientException {
        try {
            KeyPairGenerator keyPairGenerator = this.mCryptoFactory.getKeyPairGenerator(str2);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 6).setKeySize(i).setSignaturePaddings("PKCS1").setDigests("NONE", "SHA-1", "SHA-256").setEncryptionPaddings("OAEPPadding", "PKCS1Padding").build());
            return RawAsymmetricKeyEntry.builder().keyPair(keyPairGenerator.generateKeyPair()).alias(str).build();
        } catch (InvalidAlgorithmParameterException e) {
            throw new ClientException(ClientException.INVALID_ALG_PARAMETER, e.getMessage(), e);
        }
    }

    @Override // com.microsoft.identity.broker4j.broker.crypto.keymanagers.IKeyManager
    public IAsymmetricKeyEntry loadKeyPair(String str) throws ClientException {
        try {
            KeyStore keyStore = KeyStore.getInstance(AndroidKeyStoreCryptoFactory.ANDROID_KEYSTORE);
            keyStore.load(null, null);
            PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null)).getPrivateKey();
            return RawAsymmetricKeyEntry.builder().keyPair(new KeyPair(keyStore.getCertificate(str).getPublicKey(), privateKey)).alias(str).build();
        } catch (IOException e) {
            throw new ClientException("io_error", e.getMessage(), e);
        } catch (KeyStoreException e2) {
            throw new ClientException(ClientException.KEYSTORE_NOT_INITIALIZED, e2.getMessage(), e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new ClientException("no_such_algorithm", e3.getMessage(), e3);
        } catch (UnrecoverableEntryException e4) {
            throw new ClientException(ClientException.INVALID_PROTECTION_PARAMS, e4.getMessage(), e4);
        } catch (CertificateException e5) {
            throw new ClientException(ClientException.CERTIFICATE_LOAD_FAILURE, e5.getMessage(), e5);
        }
    }

    @Override // com.microsoft.identity.broker4j.broker.crypto.keymanagers.IKeyManager
    public IKeyEntry persistKey(byte[] bArr, IKeyEntry iKeyEntry) throws ClientException {
        throw new UnsupportedOperationException();
    }

    public void setCertificateEntry(String str, String str2) throws ClientException {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream((X509CertUtils.PEM_BEGIN_MARKER + System.getProperty("line.separator") + str2 + System.getProperty("line.separator") + X509CertUtils.PEM_END_MARKER).getBytes(AuthenticationConstants.ENCODING_UTF8)));
            KeyStore keyStore = KeyStore.getInstance(AndroidKeyStoreCryptoFactory.ANDROID_KEYSTORE);
            keyStore.load(null, null);
            keyStore.setCertificateEntry(str, x509Certificate);
        } catch (IOException e) {
            throw new ClientException("io_error", e.getMessage(), e);
        } catch (KeyStoreException e2) {
            throw new ClientException(ClientException.KEYSTORE_NOT_INITIALIZED, e2.getMessage(), e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new ClientException("no_such_algorithm", e3.getMessage(), e3);
        } catch (CertificateException e4) {
            throw new ClientException(ClientException.CERTIFICATE_LOAD_FAILURE, e4.getMessage(), e4);
        }
    }
}
