package com.amazon.identity.auth.device.token;

import android.content.Context;
import android.os.Build;
import android.os.Bundle;
import android.util.Base64;
import com.amazon.identity.auth.device.api.MAPError;
import com.amazon.identity.auth.device.api.TokenKeys;
import com.amazon.identity.auth.device.c6;
import com.amazon.identity.auth.device.q6;
import com.amazon.identity.auth.device.storage.KeystoreProvider;
import com.amazon.identity.auth.device.ta;
import com.amazon.identity.auth.device.u7;
import com.amazon.identity.auth.device.utils.AccountConstants;
import com.amazon.identity.auth.device.xa;
import com.amazon.identity.auth.device.y9;
import com.amazon.identity.mobi.common.utils.SystemWrapper;
import java.security.KeyStoreException;
import java.util.Locale;
import java.util.concurrent.TimeUnit;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONException;
import org.json.JSONObject;

/* compiled from: DCP */
/* loaded from: classes4.dex */
public final class MobileAuthEncryptionKeyManager {

    /* renamed from: c, reason: collision with root package name */
    private static final long f1924c;

    /* renamed from: d, reason: collision with root package name */
    private static final long f1925d;

    /* renamed from: e, reason: collision with root package name */
    private static final String f1926e;

    /* renamed from: a, reason: collision with root package name */
    private final y9 f1927a;

    /* renamed from: b, reason: collision with root package name */
    private final SystemWrapper f1928b;

    /* compiled from: DCP */
    /* loaded from: classes4.dex */
    public static final class MobileAuthEncryptionKeyManagerException extends Exception {
        private static final long serialVersionUID = -7354549861193710767L;
        private final MAPError mError;
        private final String mErrorMessage;

        public MobileAuthEncryptionKeyManagerException(MAPError.CommonError commonError, String str, Exception exc) {
            super(exc.getMessage(), exc);
            this.mError = commonError;
            this.mErrorMessage = str;
        }

        public MobileAuthEncryptionKeyManagerException(MAPError mAPError, String str) {
            super(str);
            this.mError = mAPError;
            this.mErrorMessage = str;
        }

        public final MAPError a() {
            return this.mError;
        }

        public final String b() {
            return this.mErrorMessage;
        }
    }

    /* compiled from: DCP */
    /* loaded from: classes4.dex */
    public static final class a {

        /* renamed from: a, reason: collision with root package name */
        private final String f1929a;

        /* renamed from: b, reason: collision with root package name */
        private final String f1930b;

        /* renamed from: c, reason: collision with root package name */
        private final long f1931c;

        /* renamed from: d, reason: collision with root package name */
        private final long f1932d;

        public a(String str, String str2, long j2, long j3) {
            this.f1929a = str;
            this.f1930b = str2;
            this.f1931c = j2;
            this.f1932d = j3;
        }
    }

    static {
        TimeUnit timeUnit = TimeUnit.MILLISECONDS;
        f1924c = ta.a(259200L, timeUnit);
        f1925d = ta.a(60L, timeUnit);
        f1926e = MobileAuthEncryptionKeyManager.class.getName();
    }

    public MobileAuthEncryptionKeyManager(Context context) {
        y9 a2 = y9.a(context);
        this.f1927a = a2;
        this.f1928b = (SystemWrapper) a2.getSystemService("dcp_system");
    }

    private a a(xa xaVar, String str, String str2, String str3) throws JSONException {
        JSONObject jSONObject = new u7(this.f1927a, str3, str, str2).c(xaVar).f1543a;
        return new a(jSONObject.getString("encryptionKey"), jSONObject.getString("keyIdentifier"), Long.parseLong(jSONObject.getJSONObject("keyMetadata").getString("keyVersion")), Long.parseLong(jSONObject.getJSONObject("keyMetadata").getString("creationTime")));
    }

    private static String a(String str, String str2, String str3) {
        return String.format("%s%s%s", str, str3, str2);
    }

    private static void a(KeystoreProvider keystoreProvider, c6 c6Var, a aVar, String str) throws KeyStoreException {
        byte[] decode = Base64.decode(aVar.f1929a, 0);
        keystoreProvider.a(new SecretKeySpec(decode, 0, decode.length, "AES"));
        c6Var.a(a(AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_IDENTIFIER, str, "."), aVar.f1930b);
        c6Var.a(a(AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_VERSION, str, "."), aVar.f1931c);
        c6Var.a(a(AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_CREATION_TIME, str, "."), aVar.f1932d);
    }

    private boolean a(c6 c6Var, String str) {
        return (c6Var.d(String.format("%s.%s", AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_CREATION_TIME, str)) + f1924c) + f1925d <= this.f1928b.currentTimeMillis();
    }

    private void b(String str, xa xaVar) throws MobileAuthEncryptionKeyManagerException {
        if (this.f1927a.a() == null) {
            q6.a(f1926e, "MAP data storage is null/invalid.");
            xaVar.a("MOBILE_AUTH_GET_ENCRYPTION_KEY:InvalidMAPDataStorage", 1.0d);
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INTERNAL_ERROR, "MAP data storage is null/invalid.");
        }
        if (this.f1927a.a().a(str)) {
            q6.a(f1926e, "Null/Invalid encryption key or key identifier received.");
            xaVar.a("MOBILE_AUTH_GET_ENCRYPTION_KEY:KeyNotFoundException", 1.0d);
            throw new MobileAuthEncryptionKeyManagerException(MAPError.AccountError.ACCOUNT_ENCRYPTION_KEY_NOT_FOUND, "Null/Invalid encryption key or key identifier received.");
        }
        q6.a(f1926e, "Account already deregistered. So, no encryption key or key identifier received.");
        xaVar.a("MOBILE_AUTH_GET_ENCRYPTION_KEY:AccountDeregistered", 1.0d);
        throw new MobileAuthEncryptionKeyManagerException(MAPError.AccountError.ACCOUNT_ALREADY_DEREGISTERED, "Account already deregistered. So, no encryption key or key identifier received.");
    }

    public final Bundle a(String str, xa xaVar) throws MobileAuthEncryptionKeyManagerException {
        int i2 = Build.VERSION.SDK_INT;
        if (i2 < 26) {
            String format = String.format(Locale.US, "Currently GetMobileAuthEncryptionKey operation is not supported in %d version of Android.", Integer.valueOf(i2));
            q6.a(f1926e, format);
            xaVar.a("MOBILE_AUTH_GET_ENCRYPTION_KEY:UnsupportedOperation", 1.0d);
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.UNSUPPORTED_OPERATION, format);
        }
        try {
            KeystoreProvider keystoreProvider = new KeystoreProvider(a("mobile_auth_storage", str, "_"));
            c6 a2 = c6.a(this.f1927a, "mobile_auth_storage");
            SecretKey b2 = keystoreProvider.b();
            String e2 = a2.e(a(AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_IDENTIFIER, str, "."));
            if (b2 == null || e2 == null || e2.trim().length() == 0) {
                b(str, xaVar);
                throw null;
            }
            xaVar.a("MOBILE_AUTH_GET_ENCRYPTION_KEY", 1.0d);
            Bundle bundle = new Bundle();
            bundle.putSerializable("value_key", b2);
            bundle.putString(TokenKeys.Options.KEY_MOBILE_AUTH_ENCRYPTION_KEY_ID, e2);
            return bundle;
        } catch (KeystoreProvider.KeystoreProviderException e3) {
            String format2 = String.format("KeystoreProviderException encountered while fetching encryption key. %s", e3.a());
            q6.a(f1926e, format2, e3);
            xaVar.a("MOBILE_AUTH_GET_ENCRYPTION_KEY:KeystoreProviderException", 1.0d);
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INTERNAL_ERROR, format2, e3);
        } catch (MobileAuthEncryptionKeyManagerException e4) {
            throw e4;
        } catch (Exception e5) {
            String format3 = String.format("Exception encountered while fetching encryption key. %s", e5.getMessage());
            q6.a(f1926e, format3, e5);
            xaVar.a("MOBILE_AUTH_GET_ENCRYPTION_KEY:Exception", 1.0d);
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INTERNAL_ERROR, format3, e5);
        }
    }

    public final boolean a(String str, String str2, xa xaVar) throws MobileAuthEncryptionKeyManagerException {
        int i2 = Build.VERSION.SDK_INT;
        if (i2 < 26) {
            String format = String.format(Locale.US, "Currently UpsertMobileAuthEncryptionKey operation is not supported in %d version of Android.", Integer.valueOf(i2));
            q6.a(f1926e, format);
            xaVar.a("MOBILE_AUTH_UPSERT_ENCRYPTION_KEY:UnsupportedOperation", 1.0d);
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.UNSUPPORTED_OPERATION, format);
        }
        try {
            KeystoreProvider keystoreProvider = new KeystoreProvider(a("mobile_auth_storage", str, "_"));
            c6 a2 = c6.a(this.f1927a, "mobile_auth_storage");
            SecretKey b2 = keystoreProvider.b();
            String e2 = a2.e(a(AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_IDENTIFIER, str, "."));
            if (b2 != null && e2 != null && e2.trim().length() != 0 && !a(a2, str)) {
                return false;
            }
            a(keystoreProvider, a2, a(xaVar, str2, e2, str), str);
            xaVar.a("MOBILE_AUTH_UPSERT_ENCRYPTION_KEY", 1.0d);
            return true;
        } catch (KeystoreProvider.KeystoreProviderException e3) {
            String format2 = String.format("KeystoreProviderException encountered while creating or updating encryption key. %s", e3.a());
            q6.a(f1926e, format2, e3);
            xaVar.a("MOBILE_AUTH_UPSERT_ENCRYPTION_KEY:KeystoreProviderException", 1.0d);
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INTERNAL_ERROR, format2, e3);
        } catch (JSONException e4) {
            String format3 = String.format("JSONException encountered while parsing MobileAuthEncryptionKey response. %s", e4.getMessage());
            q6.a(f1926e, format3, e4);
            xaVar.a("MOBILE_AUTH_UPSERT_ENCRYPTION_KEY:JSONException", 1.0d);
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INVALID_RESPONSE, format3, e4);
        } catch (Exception e5) {
            String format4 = String.format("Exception encountered while creating or updating encryption key. %s", e5.getMessage());
            q6.a(f1926e, format4, e5);
            xaVar.a("MOBILE_AUTH_UPSERT_ENCRYPTION_KEY:Exception", 1.0d);
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INTERNAL_ERROR, format4, e5);
        }
    }
}
