package com.microsoft.ngc.aad;

import android.content.Context;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Base64;
import com.microsoft.authenticator.core.common.Assertion;
import com.microsoft.authenticator.core.common.Strings;
import com.microsoft.authenticator.core.logging.BaseLogger;
import com.microsoft.authenticator.core.protocol.AbstractRequest;
import com.microsoft.authenticator.core.protocol.AbstractResponse;
import com.microsoft.authenticator.core.protocol.CloudEnvironment;
import com.microsoft.authenticator.core.protocol.exception.GenericServiceException;
import com.microsoft.authenticator.core.telemetry.ITelemetryManager;
import com.microsoft.identity.broker4j.broker.joined.JoinedAccountRequestHeader;
import com.microsoft.ngc.aad.protocol.RequestFactory;
import com.microsoft.ngc.aad.protocol.exception.MissingMetadataException;
import com.microsoft.ngc.aad.protocol.exception.NgcKeyNotFoundException;
import com.microsoft.ngc.aad.protocol.request.evo.ListSessionsRequest;
import com.microsoft.ngc.aad.protocol.response.drs.NgcDeletionResponse;
import com.microsoft.ngc.aad.protocol.response.drs.NgcRegistrationResponse;
import com.microsoft.ngc.aad.protocol.response.evo.GetNonceResponse;
import com.microsoft.ngc.aad.protocol.response.evo.ListSessionsResponse;
import com.microsoft.ngc.aad.telemetry.AadRemoteNgcTelemetry;
import com.microsoft.ngc.provider.cryptography.NgcCredentialManager;
import com.microsoft.ngc.provider.exceptions.NgcCredentialException;
import com.microsoft.ngc.provider.exceptions.UnrecoverableNgcCredentialException;
import io.jsonwebtoken.Header;
import io.jsonwebtoken.JwsHeader;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.StringCompanionObject;
import org.json.JSONException;
import org.json.JSONObject;

/* compiled from: RemoteAuthenticationManager.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000X\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\t\n\u0002\u0010 \n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018\u0000 &2\u00020\u0001:\u0001&B\u001f\b\u0016\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007¢\u0006\u0002\u0010\bB\u001d\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\t\u001a\u00020\n¢\u0006\u0002\u0010\u000bJ6\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u000f2\u0006\u0010\u0011\u001a\u00020\u000f2\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u000f2\u0006\u0010\u0015\u001a\u00020\u000fJ(\u0010\u0016\u001a\u00020\u000f2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0011\u001a\u00020\u000f2\u0006\u0010\u0017\u001a\u00020\u000f2\u0006\u0010\u0015\u001a\u00020\u000fH\u0002J\u001e\u0010\u0018\u001a\u00020\u000f2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0019\u001a\u00020\u000f2\u0006\u0010\u001a\u001a\u00020\u000fJ&\u0010\u001b\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u000f2\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0019\u001a\u00020\u000fJ$\u0010\u001c\u001a\b\u0012\u0004\u0012\u00020\u00130\u001d2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0019\u001a\u00020\u000f2\u0006\u0010\u001e\u001a\u00020\u0007J\u0016\u0010\u001f\u001a\u00020\u000f2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0019\u001a\u00020\u000fJ\u0018\u0010 \u001a\u00020!2\u0006\u0010\"\u001a\u00020#2\u0006\u0010$\u001a\u00020%H\u0002R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\nX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006'"}, d2 = {"Lcom/microsoft/ngc/aad/RemoteAuthenticationManager;", "", "applicationContext", "Landroid/content/Context;", "environment", "Lcom/microsoft/authenticator/core/protocol/CloudEnvironment;", "manager", "Lcom/microsoft/authenticator/core/telemetry/ITelemetryManager;", "(Landroid/content/Context;Lcom/microsoft/authenticator/core/protocol/CloudEnvironment;Lcom/microsoft/authenticator/core/telemetry/ITelemetryManager;)V", "telemetry", "Lcom/microsoft/ngc/aad/telemetry/AadRemoteNgcTelemetry;", "(Landroid/content/Context;Lcom/microsoft/authenticator/core/protocol/CloudEnvironment;Lcom/microsoft/ngc/aad/telemetry/AadRemoteNgcTelemetry;)V", "approveNgcSession", "", "upn", "", "objectId", "keyId", "ngcSession", "Lcom/microsoft/ngc/aad/NgcSession;", "entropySign", "deviceId", "constructNgcAssertion", "nonce", "deleteNgc", "accessToken", "ngcKeyId", "denyNgcSession", "listSessions", "", "telemetryManager", "registerNgc", "sendRequest", "Lcom/microsoft/authenticator/core/protocol/AbstractResponse;", "request", "Lcom/microsoft/authenticator/core/protocol/AbstractRequest;", "requestType", "Lcom/microsoft/ngc/aad/telemetry/AadRemoteNgcTelemetry$AadNgcRequest;", "Companion", "AadRemoteNgcLibrary_productionRelease"}, k = 1, mv = {1, 4, 1})
/* loaded from: classes4.dex */
public final class RemoteAuthenticationManager {
    private static final int JWT_BASE64_FLAGS = 11;
    private static final int JWT_VALIDITY_INTERVAL_IN_SECONDS = 300;
    private final Context applicationContext;
    private final CloudEnvironment environment;
    private final AadRemoteNgcTelemetry telemetry;

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    public RemoteAuthenticationManager(Context applicationContext, CloudEnvironment environment, ITelemetryManager manager) {
        this(applicationContext, environment, new AadRemoteNgcTelemetry(manager));
        Intrinsics.checkNotNullParameter(applicationContext, "applicationContext");
        Intrinsics.checkNotNullParameter(environment, "environment");
        Intrinsics.checkNotNullParameter(manager, "manager");
    }

    public RemoteAuthenticationManager(Context applicationContext, CloudEnvironment environment, AadRemoteNgcTelemetry telemetry) {
        Intrinsics.checkNotNullParameter(applicationContext, "applicationContext");
        Intrinsics.checkNotNullParameter(environment, "environment");
        Intrinsics.checkNotNullParameter(telemetry, "telemetry");
        this.applicationContext = applicationContext;
        this.environment = environment;
        this.telemetry = telemetry;
    }

    private final String constructNgcAssertion(String upn, String keyId, String nonce, String deviceId) throws NgcCredentialException, GenericServiceException, UserNotAuthenticatedException {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(Header.TYPE, "JWT");
            jSONObject.put(JwsHeader.ALGORITHM, JoinedAccountRequestHeader.ALG_VALUE_RS256);
            jSONObject.put("kid", keyId);
            jSONObject.put("use", NgcSession.SESSION_TYPE_NGC);
            JSONObject jSONObject2 = new JSONObject();
            long currentTimeMillis = System.currentTimeMillis() / 1000;
            jSONObject2.put("iat", currentTimeMillis);
            jSONObject2.put("exp", 300 + currentTimeMillis);
            jSONObject2.put("iss", upn);
            jSONObject2.put("aud", "");
            jSONObject2.put("scope", "openid aza");
            jSONObject2.put("request_nonce", nonce);
            jSONObject2.put("deviceid", deviceId);
            StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
            Locale locale = Locale.US;
            Object[] objArr = new Object[2];
            String jSONObject3 = jSONObject.toString();
            Intrinsics.checkNotNullExpressionValue(jSONObject3, "jwtHeader.toString()");
            Charset charset = Strings.Utf8Charset;
            Intrinsics.checkNotNullExpressionValue(charset, "Strings.Utf8Charset");
            if (jSONObject3 == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
            }
            byte[] bytes = jSONObject3.getBytes(charset);
            Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
            objArr[0] = Base64.encodeToString(bytes, 11);
            String jSONObject4 = jSONObject2.toString();
            Intrinsics.checkNotNullExpressionValue(jSONObject4, "jwtClaims.toString()");
            Charset charset2 = Strings.Utf8Charset;
            Intrinsics.checkNotNullExpressionValue(charset2, "Strings.Utf8Charset");
            if (jSONObject4 == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
            }
            byte[] bytes2 = jSONObject4.getBytes(charset2);
            Intrinsics.checkNotNullExpressionValue(bytes2, "(this as java.lang.String).getBytes(charset)");
            objArr[1] = Base64.encodeToString(bytes2, 11);
            String format = String.format(locale, "%s.%s", Arrays.copyOf(objArr, 2));
            Intrinsics.checkNotNullExpressionValue(format, "java.lang.String.format(locale, format, *args)");
            try {
                NgcCredentialManager ngcCredentialManager = new NgcCredentialManager();
                if (!ngcCredentialManager.containsKey(upn)) {
                    BaseLogger.e("Credential manager doesn't contain key for upn: " + upn);
                    throw new UnrecoverableNgcCredentialException("Key is not present in storage");
                }
                Charset charset3 = Strings.Utf8Charset;
                Intrinsics.checkNotNullExpressionValue(charset3, "Strings.Utf8Charset");
                if (format == null) {
                    throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
                }
                byte[] bytes3 = format.getBytes(charset3);
                Intrinsics.checkNotNullExpressionValue(bytes3, "(this as java.lang.String).getBytes(charset)");
                byte[] sign = ngcCredentialManager.sign(bytes3, upn);
                StringCompanionObject stringCompanionObject2 = StringCompanionObject.INSTANCE;
                String format2 = String.format(Locale.US, "%s.%s", Arrays.copyOf(new Object[]{format, Base64.encodeToString(sign, 11)}, 2));
                Intrinsics.checkNotNullExpressionValue(format2, "java.lang.String.format(locale, format, *args)");
                return format2;
            } catch (KeyPermanentlyInvalidatedException e) {
                throw new UnrecoverableNgcCredentialException(e);
            } catch (UserNotAuthenticatedException e2) {
                throw e2;
            } catch (InvalidKeyException e3) {
                throw new NgcCredentialException(e3);
            }
        } catch (JSONException e4) {
            BaseLogger.e("Error constructing NGC assertion.", e4);
            throw new GenericServiceException(e4);
        }
    }

    private final AbstractResponse sendRequest(AbstractRequest request, AadRemoteNgcTelemetry.AadNgcRequest requestType) throws GenericServiceException {
        this.telemetry.logRequestStart(requestType);
        try {
            return request.send();
        } finally {
            this.telemetry.logRequestEnd(requestType);
        }
    }

    public final void approveNgcSession(String upn, String objectId, String keyId, NgcSession ngcSession, String entropySign, String deviceId) throws NgcCredentialException, GenericServiceException, UserNotAuthenticatedException, MissingMetadataException {
        Intrinsics.checkNotNullParameter(upn, "upn");
        Intrinsics.checkNotNullParameter(objectId, "objectId");
        Intrinsics.checkNotNullParameter(keyId, "keyId");
        Intrinsics.checkNotNullParameter(ngcSession, "ngcSession");
        Intrinsics.checkNotNullParameter(entropySign, "entropySign");
        Intrinsics.checkNotNullParameter(deviceId, "deviceId");
        RequestFactory requestFactory = new RequestFactory(this.applicationContext, this.environment, upn);
        AbstractResponse sendRequest = sendRequest(requestFactory.createGetNonceRequest(), AadRemoteNgcTelemetry.AadNgcRequest.GET_NONCE);
        if (sendRequest == null) {
            throw new NullPointerException("null cannot be cast to non-null type com.microsoft.ngc.aad.protocol.response.evo.GetNonceResponse");
        }
        sendRequest(requestFactory.createApproveSessionRequest(constructNgcAssertion(upn, keyId, ((GetNonceResponse) sendRequest).getNonce(), deviceId), objectId, ngcSession.getSessionId(), NgcSession.SESSION_TYPE_NGC, entropySign), AadRemoteNgcTelemetry.AadNgcRequest.APPROVE_SESSION);
    }

    public final String deleteNgc(String upn, String accessToken, String ngcKeyId) throws GenericServiceException, MissingMetadataException {
        Intrinsics.checkNotNullParameter(upn, "upn");
        Intrinsics.checkNotNullParameter(accessToken, "accessToken");
        Intrinsics.checkNotNullParameter(ngcKeyId, "ngcKeyId");
        try {
            AbstractResponse sendRequest = sendRequest(new RequestFactory(this.applicationContext, this.environment, upn).createNgcDeletionRequest(accessToken, ngcKeyId), AadRemoteNgcTelemetry.AadNgcRequest.NGC_DELETION);
            if (sendRequest != null) {
                return ((NgcDeletionResponse) sendRequest).getKeyId();
            }
            throw new NullPointerException("null cannot be cast to non-null type com.microsoft.ngc.aad.protocol.response.drs.NgcDeletionResponse");
        } catch (NgcKeyNotFoundException unused) {
            return ngcKeyId;
        }
    }

    public final void denyNgcSession(String upn, String objectId, NgcSession ngcSession, String accessToken) throws GenericServiceException, MissingMetadataException {
        Intrinsics.checkNotNullParameter(upn, "upn");
        Intrinsics.checkNotNullParameter(objectId, "objectId");
        Intrinsics.checkNotNullParameter(ngcSession, "ngcSession");
        Intrinsics.checkNotNullParameter(accessToken, "accessToken");
        sendRequest(new RequestFactory(this.applicationContext, this.environment, upn).createDenySessionRequest(objectId, ngcSession.getSessionId(), accessToken), AadRemoteNgcTelemetry.AadNgcRequest.DENY_SESSION);
    }

    public final List<NgcSession> listSessions(String upn, String accessToken, ITelemetryManager telemetryManager) throws GenericServiceException, MissingMetadataException {
        Intrinsics.checkNotNullParameter(upn, "upn");
        Intrinsics.checkNotNullParameter(accessToken, "accessToken");
        Intrinsics.checkNotNullParameter(telemetryManager, "telemetryManager");
        ListSessionsRequest createListSessionsRequest = new RequestFactory(this.applicationContext, this.environment, upn).createListSessionsRequest(accessToken, telemetryManager);
        AbstractResponse sendRequest = sendRequest(createListSessionsRequest, AadRemoteNgcTelemetry.AadNgcRequest.LIST_SESSIONS);
        if (sendRequest == null) {
            throw new NullPointerException("null cannot be cast to non-null type com.microsoft.ngc.aad.protocol.response.evo.ListSessionsResponse");
        }
        List<NgcSession> ngcSessions = ((ListSessionsResponse) sendRequest).getNgcSessions();
        BaseLogger.i("Successfully received pending sessions.");
        String requestIdString = createListSessionsRequest.getRequestIdString();
        Iterator<NgcSession> it = ngcSessions.iterator();
        while (it.hasNext()) {
            it.next().getTelemetry().setListSessionsRequestId(requestIdString);
        }
        return ngcSessions;
    }

    public final String registerNgc(String upn, String accessToken) throws NgcCredentialException, GenericServiceException, MissingMetadataException {
        Intrinsics.checkNotNullParameter(upn, "upn");
        Intrinsics.checkNotNullParameter(accessToken, "accessToken");
        NgcCredentialManager ngcCredentialManager = new NgcCredentialManager();
        if (!ngcCredentialManager.containsKey(upn)) {
            BaseLogger.e("Credential manager doesn't contain key for upn: " + upn);
            return "";
        }
        PublicKey publicKey = ngcCredentialManager.getPublicKey(upn);
        if (publicKey == null) {
            throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
        }
        try {
            AbstractResponse sendRequest = sendRequest(new RequestFactory(this.applicationContext, this.environment, upn).createNgcRegistrationRequest((RSAPublicKey) publicKey, accessToken), AadRemoteNgcTelemetry.AadNgcRequest.REGISTRATION);
            if (sendRequest == null) {
                throw new NullPointerException("null cannot be cast to non-null type com.microsoft.ngc.aad.protocol.response.drs.NgcRegistrationResponse");
            }
            NgcRegistrationResponse ngcRegistrationResponse = (NgcRegistrationResponse) sendRequest;
            Assertion.check(Intrinsics.areEqual(ngcRegistrationResponse.getUpn(), upn), "Verify the response UPN matches the request UPN");
            return ngcRegistrationResponse.getKeyId();
        } catch (GenericServiceException e) {
            ngcCredentialManager.deleteKeyPair(upn);
            throw e;
        } catch (MissingMetadataException e2) {
            ngcCredentialManager.deleteKeyPair(upn);
            throw e2;
        }
    }
}
