package com.microsoft.identity.internal.device;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import androidx.compose.runtime.h0;
import com.microsoft.identity.internal.EccKeyFactory;
import com.microsoft.identity.internal.EccKeyResponse;
import com.microsoft.identity.internal.StatusInternal;
import com.microsoft.identity.internal.SubStatusInternal;
import com.microsoft.identity.internal.TempError;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import java.util.HashMap;
import p2.c;

/* loaded from: classes2.dex */
public class EccKeyFactoryImpl extends EccKeyFactory {
    private static final String ANDROID_KEY_INFRA = "AndroidKeyStore";
    private KeyFactory mKeyFactory;
    private KeyStore mKeyStore;

    public EccKeyFactoryImpl() {
        try {
            this.mKeyFactory = KeyFactory.getInstance("EC", ANDROID_KEY_INFRA);
        } catch (NoSuchAlgorithmException | NoSuchProviderException unused) {
            this.mKeyFactory = null;
        }
    }

    private TempError createError(StatusInternal statusInternal, String str, Exception exc, int i11) {
        HashMap hashMap = new HashMap();
        if (exc != null) {
            StringBuilder a11 = c.a(str, " exception ");
            a11.append(exc.toString());
            str = a11.toString();
        }
        hashMap.put("message", str);
        return new TempError(statusInternal, SubStatusInternal.NONE, hashMap, i11);
    }

    private EccKeyResponse fail(StatusInternal statusInternal, String str, Exception exc, int i11) {
        return new EccKeyResponse(null, createError(statusInternal, str, exc, i11));
    }

    private TempError initializeKeyStore() {
        try {
            if (this.mKeyStore == null) {
                synchronized (this) {
                    if (this.mKeyStore == null) {
                        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_INFRA);
                        this.mKeyStore = keyStore;
                        if (keyStore == null) {
                            return createError(StatusInternal.UNEXPECTED, "Failed to get AndroidKeyStore instance", null, 0);
                        }
                        keyStore.load(null);
                    }
                }
            }
            return null;
        } catch (IOException e11) {
            return createError(StatusInternal.UNEXPECTED, "Failed to load AndroidKeyStore instance", e11, 0);
        } catch (KeyStoreException e12) {
            return createError(StatusInternal.UNEXPECTED, "Failed to get AndroidKeyStore instance", e12, 0);
        } catch (NoSuchAlgorithmException e13) {
            return createError(StatusInternal.UNEXPECTED, "Failed to load AndroidKeyStore instance", e13, 0);
        } catch (CertificateException e14) {
            return createError(StatusInternal.UNEXPECTED, "Failed to load AndroidKeyStore instance", e14, 0);
        }
    }

    private boolean isKeyHardwareBacked(PrivateKey privateKey) {
        int securityLevel;
        KeyFactory keyFactory = this.mKeyFactory;
        if (keyFactory != null && privateKey != null) {
            try {
                int i11 = Build.VERSION.SDK_INT;
                KeyInfo keyInfo = (KeyInfo) keyFactory.getKeySpec(privateKey, KeyInfo.class);
                if (i11 < 31) {
                    return keyInfo.isInsideSecureHardware();
                }
                securityLevel = keyInfo.getSecurityLevel();
                return securityLevel == -1 || securityLevel == 1 || securityLevel == 2;
            } catch (InvalidKeySpecException unused) {
            }
        }
        return false;
    }

    @Override // com.microsoft.identity.internal.EccKeyFactory
    public TempError deleteEccKey(String str) {
        if (str.isEmpty()) {
            return createError(StatusInternal.UNEXPECTED, "Key id is empty", null, 0);
        }
        TempError initializeKeyStore = initializeKeyStore();
        if (initializeKeyStore != null) {
            return initializeKeyStore;
        }
        try {
            if (this.mKeyStore.containsAlias(str)) {
                this.mKeyStore.deleteEntry(str);
            }
            return null;
        } catch (KeyStoreException e11) {
            return createError(StatusInternal.UNEXPECTED, h0.a("KeyStore entry ", str, " cannot be removed"), e11, 0);
        }
    }

    @Override // com.microsoft.identity.internal.EccKeyFactory
    public EccKeyResponse generateEccKey(String str, boolean z11) {
        int i11 = Build.VERSION.SDK_INT;
        if (i11 < 31) {
            return fail(StatusInternal.UNEXPECTED, a.c.c("ECDH is unavailable on API version ", i11), null, 0);
        }
        if (str.isEmpty()) {
            return fail(StatusInternal.UNEXPECTED, "Key id is empty", null, 0);
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", ANDROID_KEY_INFRA);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 64).setAlgorithmParameterSpec(new ECGenParameterSpec("prime256v1")).build());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            return generateKeyPair == null ? fail(StatusInternal.UNEXPECTED, "Failed to generate device keys", null, 0) : new EccKeyResponse(new EccKeyImpl(str, generateKeyPair, new Date(), isKeyHardwareBacked(generateKeyPair.getPrivate())), null);
        } catch (InvalidAlgorithmParameterException e11) {
            return fail(StatusInternal.UNEXPECTED, "Failed to initialize the key generator", e11, 0);
        } catch (NoSuchAlgorithmException e12) {
            return fail(StatusInternal.UNEXPECTED, "AndroidKeyStore could not provide algorithm EC", e12, 0);
        } catch (NoSuchProviderException e13) {
            return fail(StatusInternal.UNEXPECTED, "AndroidKeyStoreprovider is not available", e13, 0);
        }
    }

    @Override // com.microsoft.identity.internal.EccKeyFactory
    public EccKeyResponse loadEccKey(String str) {
        int i11 = Build.VERSION.SDK_INT;
        if (i11 < 31) {
            return fail(StatusInternal.UNEXPECTED, a.c.c("ECDH is unavailable on API version ", i11), null, 0);
        }
        if (str.isEmpty()) {
            return fail(StatusInternal.UNEXPECTED, "Key id is empty", null, 0);
        }
        TempError initializeKeyStore = initializeKeyStore();
        if (initializeKeyStore != null) {
            return new EccKeyResponse(null, initializeKeyStore);
        }
        try {
            Certificate certificate = this.mKeyStore.getCertificate(str);
            if (certificate == null) {
                return new EccKeyResponse(null, null);
            }
            PublicKey publicKey = certificate.getPublicKey();
            Date creationDate = this.mKeyStore.getCreationDate(str);
            try {
                PrivateKey privateKey = (PrivateKey) this.mKeyStore.getKey(str, null);
                return new EccKeyResponse(new EccKeyImpl(str, new KeyPair(publicKey, privateKey), creationDate, isKeyHardwareBacked(privateKey)), null);
            } catch (KeyStoreException e11) {
                return fail(StatusInternal.UNEXPECTED, "Failed to read private key with id".concat(str), e11, 0);
            } catch (NoSuchAlgorithmException e12) {
                return fail(StatusInternal.UNEXPECTED, "Failed to read private key with id".concat(str), e12, 0);
            } catch (UnrecoverableKeyException e13) {
                return fail(StatusInternal.UNEXPECTED, "Failed to read private key with id ".concat(str), e13, 0);
            }
        } catch (KeyStoreException e14) {
            return fail(StatusInternal.UNEXPECTED, "Failed to read certificate ".concat(str), e14, 0);
        }
    }
}
