package com.microsoft.ngc.provider.cryptography;

import android.annotation.SuppressLint;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import com.microsoft.authenticator.core.logging.BaseLogger;
import com.microsoft.ngc.provider.exceptions.NgcDeviceLockScreenRequiredException;
import com.microsoft.ngc.provider.exceptions.NgcDeviceNotSupportedException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class NgcKeyPairGenerator {
    static final String ANDROID_KEY_STORE_PROVIDER_NAME = "AndroidKeyStore";
    private static final String KEY_PAIR_ALGORITHM_NAME = "RSA";
    private static final String KEY_PAIR_CERT_SUBJECT = "CN=MSA-NGC O=Microsoft, OU=MSA, C=US";
    public static final int KEY_PAIR_SIZE_BITS = 2048;
    private static final int USER_AUTHENTICATION_VALIDITY_DURATION_SECONDS = 30;

    NgcKeyPairGenerator() {
    }

    public static boolean checkIfKeyIsHardwareBacked(PrivateKey privateKey) {
        try {
            return ((KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, KeyInfo.class)).isInsideSecureHardware();
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
            BaseLogger.e("Error checking if private key is hardware-backed.", e);
            return false;
        }
    }

    @SuppressLint({"TrulyRandom"})
    public static NgcKeyInfo generateHardwareBackedKeyPairSilently(String str) {
        try {
            return generateKeyPairAndReturnNgcKeyInfo(KeyPairGenerator.getInstance("RSA", "AndroidKeyStore"), str, true);
        } catch (NgcDeviceLockScreenRequiredException e) {
            BaseLogger.w("Lock screen required.", e);
            return null;
        } catch (NgcDeviceNotSupportedException e2) {
            BaseLogger.w("Device not supported.", e2);
            return null;
        } catch (InvalidAlgorithmParameterException e3) {
            e = e3;
            BaseLogger.e("Unexpected error.", e);
            return null;
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            BaseLogger.e("Unexpected error.", e);
            return null;
        } catch (NoSuchProviderException e5) {
            e = e5;
            BaseLogger.e("Unexpected error.", e);
            return null;
        }
    }

    public static NgcKeyInfo generateKeyPair(String str, boolean z) throws NgcDeviceNotSupportedException, NgcDeviceLockScreenRequiredException {
        try {
            return generateKeyPairAndReturnNgcKeyInfo(KeyPairGenerator.getInstance("RSA", "AndroidKeyStore"), str, z);
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            BaseLogger.e("Unexpected error when generating NGC keypair.", e);
            throw new RuntimeException(e);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x0028 A[Catch: InvalidAlgorithmParameterException -> 0x004e, TryCatch #0 {InvalidAlgorithmParameterException -> 0x004e, blocks: (B:3:0x0001, B:5:0x000f, B:15:0x0016, B:10:0x0028, B:11:0x002b, B:18:0x0020, B:20:0x0038, B:22:0x0043, B:23:0x004d), top: B:2:0x0001, inners: #1 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static com.microsoft.ngc.provider.cryptography.NgcKeyInfo generateKeyPairAndReturnNgcKeyInfo(java.security.KeyPairGenerator r3, java.lang.String r4, boolean r5) throws com.microsoft.ngc.provider.exceptions.NgcDeviceNotSupportedException, com.microsoft.ngc.provider.exceptions.NgcDeviceLockScreenRequiredException, java.security.InvalidAlgorithmParameterException {
        /*
            r0 = 0
            java.security.KeyPair r1 = getGeneratedKeyPair(r3, r4, r0, r0)     // Catch: java.security.InvalidAlgorithmParameterException -> L4e
            java.security.PrivateKey r1 = r1.getPrivate()     // Catch: java.security.InvalidAlgorithmParameterException -> L4e
            boolean r1 = checkIfKeyIsHardwareBacked(r1)     // Catch: java.security.InvalidAlgorithmParameterException -> L4e
            if (r1 == 0) goto L36
            int r5 = android.os.Build.VERSION.SDK_INT     // Catch: java.security.InvalidAlgorithmParameterException -> L4e
            r1 = 28
            r2 = 1
            if (r5 < r1) goto L25
            getGeneratedKeyPair(r3, r4, r2, r2)     // Catch: android.security.keystore.StrongBoxUnavailableException -> L20 java.security.InvalidAlgorithmParameterException -> L4e
            java.lang.String r5 = "Utilize StrongBox Keymaster"
            com.microsoft.authenticator.core.logging.BaseLogger.i(r5)     // Catch: android.security.keystore.StrongBoxUnavailableException -> L20 java.security.InvalidAlgorithmParameterException -> L4e
            r5 = r2
            goto L26
        L20:
            java.lang.String r5 = "StrongBox Keymaster unavailable"
            com.microsoft.authenticator.core.logging.BaseLogger.i(r5)     // Catch: java.security.InvalidAlgorithmParameterException -> L4e
        L25:
            r5 = r0
        L26:
            if (r5 != 0) goto L2b
            getGeneratedKeyPair(r3, r4, r2, r0)     // Catch: java.security.InvalidAlgorithmParameterException -> L4e
        L2b:
            java.lang.String r3 = "Successfully generated hardware-backed NGC."
            com.microsoft.authenticator.core.logging.BaseLogger.i(r3)     // Catch: java.security.InvalidAlgorithmParameterException -> L4e
            com.microsoft.ngc.provider.cryptography.NgcKeyInfo r3 = new com.microsoft.ngc.provider.cryptography.NgcKeyInfo     // Catch: java.security.InvalidAlgorithmParameterException -> L4e
            r3.<init>(r2)     // Catch: java.security.InvalidAlgorithmParameterException -> L4e
            return r3
        L36:
            if (r5 != 0) goto L43
            java.lang.String r3 = "Successfully generated non-hardware-backed NGC."
            com.microsoft.authenticator.core.logging.BaseLogger.i(r3)     // Catch: java.security.InvalidAlgorithmParameterException -> L4e
            com.microsoft.ngc.provider.cryptography.NgcKeyInfo r3 = new com.microsoft.ngc.provider.cryptography.NgcKeyInfo     // Catch: java.security.InvalidAlgorithmParameterException -> L4e
            r3.<init>(r0)     // Catch: java.security.InvalidAlgorithmParameterException -> L4e
            return r3
        L43:
            java.lang.String r3 = "Non-hardware-backed NGC generated, but hardware-backing required."
            com.microsoft.authenticator.core.logging.BaseLogger.i(r3)     // Catch: java.security.InvalidAlgorithmParameterException -> L4e
            com.microsoft.ngc.provider.exceptions.NgcDeviceNotSupportedException r3 = new com.microsoft.ngc.provider.exceptions.NgcDeviceNotSupportedException     // Catch: java.security.InvalidAlgorithmParameterException -> L4e
            r3.<init>()     // Catch: java.security.InvalidAlgorithmParameterException -> L4e
            throw r3     // Catch: java.security.InvalidAlgorithmParameterException -> L4e
        L4e:
            r3 = move-exception
            java.lang.Throwable r4 = r3.getCause()
            boolean r4 = r4 instanceof java.lang.IllegalStateException
            if (r4 == 0) goto L5d
            com.microsoft.ngc.provider.exceptions.NgcDeviceLockScreenRequiredException r4 = new com.microsoft.ngc.provider.exceptions.NgcDeviceLockScreenRequiredException
            r4.<init>(r3)
            throw r4
        L5d:
            throw r3
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.ngc.provider.cryptography.NgcKeyPairGenerator.generateKeyPairAndReturnNgcKeyInfo(java.security.KeyPairGenerator, java.lang.String, boolean):com.microsoft.ngc.provider.cryptography.NgcKeyInfo");
    }

    @SuppressLint({"WrongConstant"})
    private static KeyPair getGeneratedKeyPair(KeyPairGenerator keyPairGenerator, String str, boolean z, boolean z2) throws InvalidAlgorithmParameterException {
        Date date = new Date();
        KeyGenParameterSpec.Builder keySize = new KeyGenParameterSpec.Builder(str, 4).setDigests("SHA-256").setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(date).setCertificateNotAfter(date).setCertificateSubject(new X500Principal(KEY_PAIR_CERT_SUBJECT)).setSignaturePaddings("PKCS1").setKeySize(2048);
        if (z) {
            keySize.setUserAuthenticationRequired(true);
            if (Build.VERSION.SDK_INT >= 30) {
                keySize.setUserAuthenticationParameters(30, 3);
            } else {
                keySize.setUserAuthenticationValidityDurationSeconds(30);
            }
        }
        if (z2 && Build.VERSION.SDK_INT >= 28) {
            keySize.setIsStrongBoxBacked(true);
        }
        keyPairGenerator.initialize(keySize.build());
        return keyPairGenerator.generateKeyPair();
    }
}
