package com.microsoft.ngc.provider.cryptography;

import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import com.microsoft.authenticator.core.logging.BaseLogger;
import com.microsoft.ngc.provider.exceptions.NgcDeviceLockScreenRequiredException;
import com.microsoft.ngc.provider.exceptions.NgcDeviceNotSupportedException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class NgcKeyPairGenerator {
    static final String ANDROID_KEY_STORE_PROVIDER_NAME = "AndroidKeyStore";
    private static final String KEY_PAIR_ALGORITHM_NAME = "RSA";
    private static final String KEY_PAIR_CERT_SUBJECT = "CN=MSA-NGC O=Microsoft, OU=MSA, C=US";
    public static final int KEY_PAIR_SIZE_BITS = 2048;
    static final boolean SDK_POST_23;
    private static final int USER_AUTHENTICATION_VALIDITY_DURATION_SECONDS = 30;

    static {
        SDK_POST_23 = Build.VERSION.SDK_INT >= 23;
    }

    NgcKeyPairGenerator() {
    }

    @TargetApi(23)
    public static boolean checkIfKeyIsHardwareBacked(PrivateKey privateKey) {
        try {
            return ((KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), "AndroidKeyStore").getKeySpec(privateKey, KeyInfo.class)).isInsideSecureHardware();
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
            BaseLogger.e("Error checking if private key is hardware-backed.", e);
            return false;
        }
    }

    @SuppressLint({"TrulyRandom"})
    public static NgcKeyInfo generateHardwareBackedKeyPairSilently(String str) {
        if (!SDK_POST_23) {
            return null;
        }
        try {
            return generateKeyPairPostSdk23(KeyPairGenerator.getInstance(KEY_PAIR_ALGORITHM_NAME, "AndroidKeyStore"), str, true);
        } catch (NgcDeviceLockScreenRequiredException e) {
            BaseLogger.w("Lock screen required.", e);
            return null;
        } catch (NgcDeviceNotSupportedException e2) {
            BaseLogger.w("Device not supported.", e2);
            return null;
        } catch (InvalidAlgorithmParameterException e3) {
            e = e3;
            BaseLogger.e("Unexpected error.", e);
            return null;
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            BaseLogger.e("Unexpected error.", e);
            return null;
        } catch (NoSuchProviderException e5) {
            e = e5;
            BaseLogger.e("Unexpected error.", e);
            return null;
        }
    }

    public static NgcKeyInfo generateKeyPair(Context context, String str, boolean z) throws NgcDeviceNotSupportedException, NgcDeviceLockScreenRequiredException {
        if (z && !SDK_POST_23) {
            throw new NgcDeviceNotSupportedException();
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_PAIR_ALGORITHM_NAME, "AndroidKeyStore");
            if (SDK_POST_23) {
                return generateKeyPairPostSdk23(keyPairGenerator, str, z);
            }
            keyPairGenerator.initialize(getPreSdk23KeyParameterSpec(context, str));
            keyPairGenerator.generateKeyPair();
            return new NgcKeyInfo(false);
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            BaseLogger.e("Unexpected error when generating NGC keypair.", e);
            throw new RuntimeException(e);
        }
    }

    @TargetApi(23)
    private static NgcKeyInfo generateKeyPairPostSdk23(KeyPairGenerator keyPairGenerator, String str, boolean z) throws NgcDeviceNotSupportedException, NgcDeviceLockScreenRequiredException, InvalidAlgorithmParameterException {
        try {
            keyPairGenerator.initialize(getPostSdk23KeyParameterSpec(str, false));
            if (checkIfKeyIsHardwareBacked(keyPairGenerator.generateKeyPair().getPrivate())) {
                keyPairGenerator.initialize(getPostSdk23KeyParameterSpec(str, true));
                keyPairGenerator.generateKeyPair();
                BaseLogger.i("Successfully generated hardware-backed NGC.");
                return new NgcKeyInfo(true);
            }
            if (z) {
                BaseLogger.i("Non-hardware-backed NGC generated, but hardware-backing required.");
                throw new NgcDeviceNotSupportedException();
            }
            BaseLogger.i("Successfully generated non-hardware-backed NGC.");
            return new NgcKeyInfo(false);
        } catch (InvalidAlgorithmParameterException e) {
            if (e.getCause() instanceof IllegalStateException) {
                throw new NgcDeviceLockScreenRequiredException(e);
            }
            throw e;
        }
    }

    @TargetApi(23)
    private static AlgorithmParameterSpec getPostSdk23KeyParameterSpec(String str, boolean z) {
        Date date = new Date();
        KeyGenParameterSpec.Builder keySize = new KeyGenParameterSpec.Builder(str, 4).setDigests("SHA-256").setCertificateSerialNumber(BigInteger.ONE).setCertificateNotBefore(date).setCertificateNotAfter(date).setCertificateSubject(new X500Principal(KEY_PAIR_CERT_SUBJECT)).setSignaturePaddings("PKCS1").setKeySize(KEY_PAIR_SIZE_BITS);
        if (z) {
            keySize.setUserAuthenticationRequired(true);
            keySize.setUserAuthenticationValidityDurationSeconds(30);
        }
        return keySize.build();
    }

    @TargetApi(19)
    private static AlgorithmParameterSpec getPreSdk23KeyParameterSpec(Context context, String str) {
        Date date = new Date();
        return new KeyPairGeneratorSpec.Builder(context).setAlias(str).setSerialNumber(BigInteger.ONE).setStartDate(date).setEndDate(date).setSubject(new X500Principal(KEY_PAIR_CERT_SUBJECT)).setKeySize(KEY_PAIR_SIZE_BITS).build();
    }
}
