package com.amazon.identity.auth.device.token;

import android.content.Context;
import android.os.Build;
import android.os.Bundle;
import android.util.Base64;
import com.amazon.identity.auth.device.api.MAPError;
import com.amazon.identity.auth.device.api.TokenKeys;
import com.amazon.identity.auth.device.d6;
import com.amazon.identity.auth.device.i7;
import com.amazon.identity.auth.device.ja;
import com.amazon.identity.auth.device.k9;
import com.amazon.identity.auth.device.qa;
import com.amazon.identity.auth.device.s5;
import com.amazon.identity.auth.device.storage.KeystoreProvider;
import com.amazon.identity.auth.device.utils.AccountConstants;
import com.amazon.identity.auth.device.y9;
import com.amazon.identity.mobi.common.utils.SystemWrapper;
import com.amazonaws.services.s3.internal.crypto.JceEncryptionConstants;
import java.security.KeyStoreException;
import java.util.concurrent.TimeUnit;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONException;
import org.json.JSONObject;

/* compiled from: DCP */
/* loaded from: classes12.dex */
public class MobileAuthEncryptionKeyManager {
    private static final long c;
    private static final long d;
    private static final String e;

    /* renamed from: a, reason: collision with root package name */
    private final k9 f630a;
    private final SystemWrapper b;

    /* compiled from: DCP */
    /* loaded from: classes12.dex */
    public static final class MobileAuthEncryptionKeyManagerException extends Exception {
        private static final long serialVersionUID = -7354549861193710767L;
        private final MAPError mError;
        private final String mErrorMessage;

        public MobileAuthEncryptionKeyManagerException(MAPError mAPError, String str) {
            super(str);
            this.mError = mAPError;
            this.mErrorMessage = str;
        }

        public MobileAuthEncryptionKeyManagerException(MAPError mAPError, String str, Throwable th) {
            super(th.getMessage(), th);
            this.mError = mAPError;
            this.mErrorMessage = str;
        }

        public MAPError a() {
            return this.mError;
        }

        public String b() {
            return this.mErrorMessage;
        }
    }

    /* compiled from: DCP */
    /* loaded from: classes12.dex */
    public static final class a {

        /* renamed from: a, reason: collision with root package name */
        private final String f631a;
        private final String b;
        private final long c;
        private final long d;

        public a(String str, String str2, long j, long j2) {
            this.f631a = str;
            this.b = str2;
            this.c = j;
            this.d = j2;
        }
    }

    static {
        TimeUnit timeUnit = TimeUnit.MILLISECONDS;
        c = ja.a(180L, timeUnit);
        d = ja.b(1L, timeUnit);
        e = MobileAuthEncryptionKeyManager.class.getName();
    }

    public MobileAuthEncryptionKeyManager(Context context) {
        k9 a2 = k9.a(context);
        this.f630a = a2;
        this.b = (SystemWrapper) a2.getSystemService("dcp_system");
    }

    private a a(String str, String str2, String str3, qa qaVar) throws JSONException {
        JSONObject jSONObject = new i7(this.f630a, str3, str, str2).c(qaVar).f328a;
        return new a(jSONObject.getString("encryptionKey"), jSONObject.getString("keyIdentifier"), Long.parseLong(jSONObject.getJSONObject("keyMetadata").getString("keyVersion")), Long.parseLong(jSONObject.getJSONObject("keyMetadata").getString("creationTime")));
    }

    private String a(String str, String str2, String str3) {
        return String.format("%s%s%s", str, str3, str2);
    }

    private void a(KeystoreProvider keystoreProvider, s5 s5Var, a aVar, String str) throws KeyStoreException {
        byte[] decode = Base64.decode(aVar.f631a, 0);
        keystoreProvider.a(new SecretKeySpec(decode, 0, decode.length, JceEncryptionConstants.SYMMETRIC_KEY_ALGORITHM));
        s5Var.a(a(AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_IDENTIFIER, str, "."), aVar.b);
        s5Var.a(a(AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_VERSION, str, "."), aVar.c);
        s5Var.a(a(AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_CREATION_TIME, str, "."), aVar.d);
    }

    private boolean a(s5 s5Var, String str) {
        return (s5Var.c(String.format("%s.%s", AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_CREATION_TIME, str)) + c) + d <= this.b.currentTimeMillis();
    }

    private void b(String str, qa qaVar) throws MobileAuthEncryptionKeyManagerException {
        if (this.f630a.a() == null) {
            d6.b(e, "MAP data storage is null/invalid.");
            qaVar.b("MOBILE_AUTH_GET_ENCRYPTION_KEY:InvalidMAPDataStorage");
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INTERNAL_ERROR, "MAP data storage is null/invalid.");
        }
        if (this.f630a.a().a(str)) {
            d6.b(e, "Null/Invalid encryption key or key identifier received.");
            qaVar.b("MOBILE_AUTH_GET_ENCRYPTION_KEY:KeyNotFoundException");
            throw new MobileAuthEncryptionKeyManagerException(MAPError.AccountError.ACCOUNT_ENCRYPTION_KEY_NOT_FOUND, "Null/Invalid encryption key or key identifier received.");
        }
        d6.b(e, "Account already deregistered. So, no encryption key or key identifier received.");
        qaVar.b("MOBILE_AUTH_GET_ENCRYPTION_KEY:AccountDeregistered");
        throw new MobileAuthEncryptionKeyManagerException(MAPError.AccountError.ACCOUNT_ALREADY_DEREGISTERED, "Account already deregistered. So, no encryption key or key identifier received.");
    }

    public Bundle a(String str, qa qaVar) throws MobileAuthEncryptionKeyManagerException {
        int i = Build.VERSION.SDK_INT;
        if (i < 26) {
            String format = String.format("Currently GetMobileAuthEncryptionKey operation is not supported in %d version of Android.", Integer.valueOf(i));
            d6.b(e, format);
            qaVar.b("MOBILE_AUTH_GET_ENCRYPTION_KEY:UnsupportedOperation");
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.UNSUPPORTED_OPERATION, format);
        }
        try {
            KeystoreProvider keystoreProvider = new KeystoreProvider(a("mobile_auth_storage", str, "_"));
            s5 a2 = s5.a(this.f630a, "mobile_auth_storage");
            SecretKey b = keystoreProvider.b();
            String d2 = a2.d(a(AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_IDENTIFIER, str, "."));
            if (b == null || y9.c(d2)) {
                b(str, qaVar);
                throw null;
            }
            qaVar.b("MOBILE_AUTH_GET_ENCRYPTION_KEY");
            Bundle bundle = new Bundle();
            bundle.putSerializable("value_key", b);
            bundle.putString(TokenKeys.Options.KEY_MOBILE_AUTH_ENCRYPTION_KEY_ID, d2);
            return bundle;
        } catch (KeystoreProvider.KeystoreProviderException e2) {
            String format2 = String.format("KeystoreProviderException encountered while fetching encryption key. %s", e2.a());
            d6.b(e, format2, e2);
            qaVar.b("MOBILE_AUTH_GET_ENCRYPTION_KEY:KeystoreProviderException");
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INTERNAL_ERROR, format2, e2);
        } catch (MobileAuthEncryptionKeyManagerException e3) {
            throw e3;
        } catch (Exception e4) {
            String format3 = String.format("Exception encountered while fetching encryption key. %s", e4.getMessage());
            d6.b(e, format3, e4);
            qaVar.b("MOBILE_AUTH_GET_ENCRYPTION_KEY:Exception");
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INTERNAL_ERROR, format3, e4);
        }
    }

    public boolean a(String str, String str2, qa qaVar) throws MobileAuthEncryptionKeyManagerException {
        int i = Build.VERSION.SDK_INT;
        if (i < 26) {
            String format = String.format("Currently UpsertMobileAuthEncryptionKey operation is not supported in %d version of Android.", Integer.valueOf(i));
            d6.b(e, format);
            qaVar.b("MOBILE_AUTH_UPSERT_ENCRYPTION_KEY:UnsupportedOperation");
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.UNSUPPORTED_OPERATION, format);
        }
        try {
            KeystoreProvider keystoreProvider = new KeystoreProvider(a("mobile_auth_storage", str, "_"));
            s5 a2 = s5.a(this.f630a, "mobile_auth_storage");
            SecretKey b = keystoreProvider.b();
            String d2 = a2.d(a(AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_IDENTIFIER, str, "."));
            if (b != null && !y9.c(d2) && !a(a2, str)) {
                return false;
            }
            a(keystoreProvider, a2, a(str2, d2, str, qaVar), str);
            qaVar.b("MOBILE_AUTH_UPSERT_ENCRYPTION_KEY");
            return true;
        } catch (KeystoreProvider.KeystoreProviderException e2) {
            String format2 = String.format("KeystoreProviderException encountered while creating or updating encryption key. %s", e2.a());
            d6.b(e, format2, e2);
            qaVar.b("MOBILE_AUTH_UPSERT_ENCRYPTION_KEY:KeystoreProviderException");
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INTERNAL_ERROR, format2, e2);
        } catch (JSONException e3) {
            String format3 = String.format("JSONException encountered while parsing MobileAuthEncryptionKey response. %s", e3.getMessage());
            d6.b(e, format3, e3);
            qaVar.b("MOBILE_AUTH_UPSERT_ENCRYPTION_KEY:JSONException");
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INVALID_RESPONSE, format3, e3);
        } catch (Exception e4) {
            String format4 = String.format("Exception encountered while creating or updating encryption key. %s", e4.getMessage());
            d6.b(e, format4, e4);
            qaVar.b("MOBILE_AUTH_UPSERT_ENCRYPTION_KEY:Exception");
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INTERNAL_ERROR, format4, e4);
        }
    }
}
