package com.microsoft.identity.common.internal.platform;

import android.os.Build;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.internal.util.Supplier;
import com.microsoft.identity.common.logging.Logger;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStore.Entry;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Date;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import lombok.NonNull;

/* loaded from: classes4.dex */
public class DeviceKeyManager<K extends KeyStore.Entry> implements IKeyManager<K> {
    private static final String TAG = "DeviceKeyManager";
    private final String mKeyAlias;
    private final KeyStore mKeyStore;
    private final Supplier<byte[]> mThumbprintSupplier;

    /* loaded from: classes5.dex */
    public static class DeviceKeyManagerBuilder<K extends KeyStore.Entry> {
        private String keyAlias;
        private KeyStore keyStore;
        private Supplier<byte[]> thumbprintSupplier;

        DeviceKeyManagerBuilder() {
        }

        public DeviceKeyManager<K> build() {
            return new DeviceKeyManager<>(this.keyStore, this.keyAlias, this.thumbprintSupplier);
        }

        public DeviceKeyManagerBuilder<K> keyAlias(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("keyAlias is marked non-null but is null");
            }
            this.keyAlias = str;
            return this;
        }

        public DeviceKeyManagerBuilder<K> keyStore(@NonNull KeyStore keyStore) {
            if (keyStore == null) {
                throw new NullPointerException("keyStore is marked non-null but is null");
            }
            this.keyStore = keyStore;
            return this;
        }

        public DeviceKeyManagerBuilder<K> thumbprintSupplier(@NonNull Supplier<byte[]> supplier) {
            if (supplier == null) {
                throw new NullPointerException("thumbprintSupplier is marked non-null but is null");
            }
            this.thumbprintSupplier = supplier;
            return this;
        }

        public String toString() {
            return "DeviceKeyManager.DeviceKeyManagerBuilder(keyStore=" + this.keyStore + ", keyAlias=" + this.keyAlias + ", thumbprintSupplier=" + this.thumbprintSupplier + ")";
        }
    }

    public DeviceKeyManager(@NonNull KeyStore keyStore, @NonNull String str, @NonNull Supplier<byte[]> supplier) {
        if (keyStore == null) {
            throw new NullPointerException("keyStore is marked non-null but is null");
        }
        if (str == null) {
            throw new NullPointerException("keyAlias is marked non-null but is null");
        }
        if (supplier == null) {
            throw new NullPointerException("thumbprintSupplier is marked non-null but is null");
        }
        this.mKeyAlias = str;
        this.mThumbprintSupplier = supplier;
        this.mKeyStore = keyStore;
    }

    public static <K extends KeyStore.Entry> DeviceKeyManagerBuilder<K> builder() {
        return new DeviceKeyManagerBuilder<>();
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public boolean clear() {
        try {
            this.mKeyStore.deleteEntry(this.mKeyAlias);
            return true;
        } catch (KeyStoreException e10) {
            Logger.error(TAG, "Error while clearing KeyStore", e10);
            return false;
        }
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public boolean exists() {
        try {
            return this.mKeyStore.containsAlias(this.mKeyAlias);
        } catch (KeyStoreException e10) {
            Logger.error(TAG, "Error while querying KeyStore", e10);
            return false;
        }
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public Certificate[] getCertificateChain() {
        try {
            return this.mKeyStore.getCertificateChain(this.mKeyAlias);
        } catch (KeyStoreException e10) {
            ClientException clientException = new ClientException(ClientException.KEYSTORE_NOT_INITIALIZED, e10.getMessage(), e10);
            Logger.error(TAG, clientException.getMessage(), clientException);
            throw clientException;
        }
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public Date getCreationDate() {
        try {
            return this.mKeyStore.getCreationDate(this.mKeyAlias);
        } catch (KeyStoreException e10) {
            Logger.error(TAG, "Error while getting creation date for alias " + this.mKeyAlias, e10);
            throw new ClientException(ClientException.KEYSTORE_NOT_INITIALIZED, e10.getMessage(), e10);
        }
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public K getEntry() {
        return (K) this.mKeyStore.getEntry(this.mKeyAlias, null);
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public String getKeyAlias() {
        return this.mKeyAlias;
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public SecureHardwareState getSecureHardwareState() {
        String str;
        boolean isInsideSecureHardware;
        boolean isInsideSecureHardware2;
        try {
            try {
                K entry = getEntry();
                if (entry instanceof KeyStore.PrivateKeyEntry) {
                    if (Build.VERSION.SDK_INT < 23) {
                        Logger.info(TAG, "Cannot query secure hardware state (API unavailable <23)");
                        return SecureHardwareState.UNKNOWN_DOWNLEVEL;
                    }
                    try {
                        PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                        isInsideSecureHardware2 = b.a(KeyFactory.getInstance(privateKey.getAlgorithm(), this.mKeyStore.getProvider()).getKeySpec(privateKey, a.a())).isInsideSecureHardware();
                        Logger.info(TAG, "PrivateKey is secure hardware backed? " + isInsideSecureHardware2);
                        return isInsideSecureHardware2 ? SecureHardwareState.TRUE_UNATTESTED : SecureHardwareState.FALSE;
                    } catch (NoSuchAlgorithmException | InvalidKeySpecException e10) {
                        Logger.error(TAG, "Failed to query secure hardware state.", e10);
                        return SecureHardwareState.UNKNOWN_QUERY_ERROR;
                    }
                }
                if (!(entry instanceof KeyStore.SecretKeyEntry)) {
                    throw new ClientException("unknown_error", "Cannot handle entries of type " + entry.getClass().getCanonicalName());
                }
                if (Build.VERSION.SDK_INT < 23) {
                    Logger.info(TAG, "Cannot query secure hardware state (API unavailable <23)");
                    return SecureHardwareState.UNKNOWN_DOWNLEVEL;
                }
                try {
                    SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
                    isInsideSecureHardware = b.a(SecretKeyFactory.getInstance(secretKey.getAlgorithm(), this.mKeyStore.getProvider()).getKeySpec(secretKey, a.a())).isInsideSecureHardware();
                    Logger.info(TAG, "SecretKey is secure hardware backed? " + isInsideSecureHardware);
                    return isInsideSecureHardware ? SecureHardwareState.TRUE_UNATTESTED : SecureHardwareState.FALSE;
                } catch (NoSuchAlgorithmException | InvalidKeySpecException e11) {
                    Logger.error(TAG, "Failed to query secure hardware state.", e11);
                    return SecureHardwareState.UNKNOWN_QUERY_ERROR;
                }
            } catch (NoSuchAlgorithmException e12) {
                e = e12;
                str = "no_such_algorithm";
                ClientException clientException = new ClientException(str, e.getMessage(), e);
                Logger.error(TAG + ":getSecureHardwareState", str, e);
                throw clientException;
            }
        } catch (KeyStoreException e13) {
            e = e13;
            str = ClientException.KEYSTORE_NOT_INITIALIZED;
            ClientException clientException2 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":getSecureHardwareState", str, e);
            throw clientException2;
        } catch (UnrecoverableEntryException e14) {
            e = e14;
            str = ClientException.INVALID_PROTECTION_PARAMS;
            ClientException clientException22 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":getSecureHardwareState", str, e);
            throw clientException22;
        }
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public byte[] getThumbprint() {
        return this.mThumbprintSupplier.get();
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public boolean hasThumbprint(@NonNull byte[] bArr) {
        if (bArr != null) {
            return Arrays.equals(bArr, this.mThumbprintSupplier.get());
        }
        throw new NullPointerException("thumbprint is marked non-null but is null");
    }

    @Override // com.microsoft.identity.common.internal.platform.IKeyManager
    public void importKey(@NonNull byte[] bArr, @NonNull String str) {
        if (bArr == null) {
            throw new NullPointerException("jwk is marked non-null but is null");
        }
        if (str != null) {
            throw new UnsupportedOperationException("This is not currently supported");
        }
        throw new NullPointerException("algorithm is marked non-null but is null");
    }
}
