package com.microsoft.workaccount.workplacejoin;

import android.accounts.Account;
import android.accounts.AccountManager;
import android.content.Context;
import android.os.Build;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Base64;
import com.google.gson.Gson;
import com.google.gson.JsonSyntaxException;
import com.microsoft.identity.client.BrokerClientApplication;
import com.microsoft.identity.client.BrokerUtils;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.adal.internal.cache.IWpjTelemetryCallback;
import com.microsoft.identity.common.adal.internal.cache.StorageHelper;
import com.microsoft.identity.common.adal.internal.util.StringExtensions;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.internal.cache.CacheRecord;
import com.microsoft.identity.common.internal.cache.ICacheRecord;
import com.microsoft.identity.common.internal.dto.AccountRecord;
import com.microsoft.identity.common.internal.dto.IdTokenRecord;
import com.microsoft.workaccount.authenticatorservice.LegacySecretKeyStorage;
import com.microsoft.workaccount.workplacejoin.core.CertificateData;
import com.microsoft.workaccount.workplacejoin.core.StringHelper;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinApplication;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinFailure;
import com.microsoft.workaccount.workplacejoin.telemetry.TelemetryLogger;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes.dex */
public class AccountManagerStorageHelper {
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_CERT_PASSWORD_ENC = "workplaceJoin.key.cert.password.enc";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_CERT_PKCS12_ENC = "workplaceJoin.key.cert.pkcs12.enc";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_CERT_PRIVATE_KEY_ENC = "workplaceJoin.key.cert.privateKey.enc";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_CERT_PUBLIC_KEY_ENC = "workplaceJoin.key.cert.publicKey.enc";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_CERT_RESPONSE = "workplaceJoin.key.cert.response";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_DEVICEID = "workplaceJoin.key.deviceId";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_DRS_RESOURCE = "workplaceJoin.key.drs.resource";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_ENCODED_SESSION_KEY = "workplaceJoin.key.session.key";
    private static final String ACCOUNT_MANAGER_STORAGE_KEY_IS_SHARED_DEVICE = "workplaceJoin.key.is.shared.device";
    private static final String ACCOUNT_MANAGER_STORAGE_KEY_LAST_DEVICE_ATTR_CHECK_TIMESTAMP = "workplaceJoin.key.last.device.attr.check.timestamp";
    private static final String ACCOUNT_MANAGER_STORAGE_KEY_LAST_UPDATED_DEVICE_NAME = "workplaceJoin.key.last.updated.device.name";
    private static final String ACCOUNT_MANAGER_STORAGE_KEY_LAST_UPDATED_DEVICE_OS_VERSION = "workplaceJoin.key.last.updated.device.os.version";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_PRT = "workplaceJoin.key.prt";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_PRT_AUTHORITY = "workplaceJoin.key.prt.authority";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_PRT_EXPIRES_KEY = "workplaceJoin.key.prt.expires.key";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_PRT_IDTOKEN_KEY = "workplaceJoin.key.prt.idtoken.key";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_STK_PRIVATE_KEY = "workplaceJoin.key.stk.privateKey";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_STK_PUBLIC_KEY = "workplaceJoin.key.stk.publicKey";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_UPN = "workplaceJoin.key.upn";
    private static final String TAG = AccountManagerStorageHelper.class.getSimpleName() + "#";
    static final String WPJ_ACCOUNT_TYPE_CONSTANT = "com.microsoft.workaccount";
    private Context mContext;
    private String mResponse = null;
    private byte[] mPkcs12Certificate = null;
    private String mPrivateKeyEncoded = null;
    private String mPublicKeyEncoded = null;
    private byte[] mPrivateKey = null;
    private String mPassword = null;
    private String mUpn = null;
    private String mDeviceId = null;
    private X509Certificate mX509Certificate = null;
    private RSAPrivateKey mRsaPrivateKey = null;
    private RSAPublicKey mRsaPublicKey = null;
    private AccountManager mAcctMngr = null;
    private StorageHelper mStorageHelper = null;

    public AccountManagerStorageHelper(Context context) throws IllegalArgumentException {
        this.mContext = null;
        if (context != null) {
            this.mContext = context;
            return;
        }
        IllegalArgumentException illegalArgumentException = new IllegalArgumentException("Parameter 'context' is null");
        Logger.e(TAG + "AccountManagerStorageHelper", illegalArgumentException.getMessage(), WorkplaceJoinFailure.INTERNAL, illegalArgumentException);
        throw illegalArgumentException;
    }

    private static RSAPrivateKey convertPrivateKeyToRSAPrivateKey(byte[] bArr) {
        try {
            return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (NoSuchAlgorithmException e) {
            Logger.e(TAG + "convertPrivateKeyToRSAPrivateKey", "Conversion error", WorkplaceJoinFailure.INTERNAL, e);
            return null;
        } catch (InvalidKeySpecException e2) {
            Logger.e(TAG + "convertPrivateKeyToRSAPrivateKey", "Conversion error", WorkplaceJoinFailure.INTERNAL, e2);
            return null;
        }
    }

    private static RSAPublicKey convertPublicKeyToRSAPublicKey(byte[] bArr) {
        try {
            return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr));
        } catch (NoSuchAlgorithmException e) {
            Logger.e(TAG + "convertPublicKeyToRSAPublicKey", "Conversion error", WorkplaceJoinFailure.INTERNAL, e);
            return null;
        } catch (InvalidKeySpecException e2) {
            Logger.e(TAG + "convertPublicKeyToRSAPublicKey", "Conversion error", WorkplaceJoinFailure.INTERNAL, e2);
            return null;
        }
    }

    private String getCertPassword(Account account) {
        return getEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_CERT_PASSWORD_ENC);
    }

    private String getCertPkcs12(Account account) {
        return getEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_CERT_PKCS12_ENC);
    }

    private String getCertPrivateKey(Account account) {
        return getEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_CERT_PRIVATE_KEY_ENC);
    }

    private String getCertPublicKey(Account account) {
        return getEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_CERT_PUBLIC_KEY_ENC);
    }

    private boolean isAccountExist(Account account) {
        getAccountManager();
        Account[] allBrokerAccounts = getAllBrokerAccounts();
        if (allBrokerAccounts == null || allBrokerAccounts.length == 0) {
            Logger.v(TAG + "#isAccountExist", "No account exists for broker account type.");
            return false;
        }
        for (Account account2 : allBrokerAccounts) {
            if (account2.name.equalsIgnoreCase(account.name)) {
                return true;
            }
        }
        Logger.v(TAG + "#isAccountExist", "Given account doesn't exist in the account manager. ", "account.name:" + account.name);
        return false;
    }

    private void setCertPassword(Account account, String str) {
        Logger.v(TAG + "setCertPassword", "Saving password.");
        setEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_CERT_PASSWORD_ENC, str);
    }

    private void setCertPkcs12(Account account, String str) {
        Logger.v(TAG + "setCertPkcs12", "Saving pkcs12.");
        setEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_CERT_PKCS12_ENC, str);
    }

    private void setCertPrivateKey(Account account, String str) {
        Logger.v(TAG + "setCertPrivateKey", "Saving private key.");
        setEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_CERT_PRIVATE_KEY_ENC, str);
    }

    private void setCertPublicKey(Account account, String str) {
        Logger.v(TAG + "setCertPublicKey", "Saving public key.");
        setEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_CERT_PUBLIC_KEY_ENC, str);
    }

    public synchronized Account createAccount(String str, String str2, String str3) {
        Account account;
        AccountManager accountManager = getAccountManager();
        account = getAccount(str, str3);
        if (account == null) {
            account = new Account(str, str3);
            Logger.v(TAG + "createAccount", "Creating account. ", "account.name:" + account.name);
            Bundle bundle = new Bundle();
            bundle.putString(WorkplaceJoinApplication.DATA_UPN, str);
            accountManager.addAccountExplicitly(account, str2, bundle);
        } else {
            Logger.v(TAG + "createAccount", "Account found. ", "account.name:" + account.name);
            setAccountUpn(account, str);
            accountManager.setPassword(account, str2);
        }
        if (Build.VERSION.SDK_INT >= 26) {
            accountManager.setAccountVisibility(account, "com.azure.authenticator", 1);
            accountManager.setAccountVisibility(account, "com.microsoft.windowsintune.companyportal", 1);
        }
        return account;
    }

    public Account getAccount(String str, String str2) {
        if (str == null || str2 == null) {
            return null;
        }
        Account[] accountsByType = getAccountManager().getAccountsByType(str2);
        if (accountsByType == null) {
            Logger.v(TAG + "getAccount", "Account list null.");
            return null;
        }
        Logger.v(TAG + "getAccount", "Account list length:" + accountsByType.length);
        for (Account account : accountsByType) {
            if (account.name.equalsIgnoreCase(str)) {
                return account;
            }
        }
        return null;
    }

    public String getAccountAuthorityType(Account account) {
        return getAccountData(account, AuthenticationConstants.Broker.ACCOUNT_USERINFO_AUTHORITY_TYPE);
    }

    public String getAccountCertificate(Account account) {
        return getAccountData(account, WorkplaceJoinApplication.DATA_CERTIFICATE);
    }

    public synchronized String getAccountData(Account account, String str) {
        String userData;
        userData = getAccountManager().getUserData(account, str);
        if (userData == null) {
            Logger.v(TAG + "getAccountData", "Account Manager getUserData returned a null for key: " + str);
        }
        return userData;
    }

    public String getAccountDisplayableUserId(Account account) {
        return getAccountData(account, "account.userinfo.userid.displayable");
    }

    public String getAccountEnvironment(Account account) {
        return getAccountData(account, AuthenticationConstants.Broker.ACCOUNT_USERINFO_ENVIRONMENT);
    }

    public synchronized String getAccountFamilyName(Account account) {
        return getAccountData(account, "account.userinfo.family.name");
    }

    public String getAccountGivenName(Account account) {
        return getAccountData(account, "account.userinfo.given.name");
    }

    public String getAccountHomeAccountId(Account account) {
        return getAccountData(account, "account.userinfo.userid");
    }

    public String getAccountIdToken(Account account) {
        return getAccountData(account, AuthenticationConstants.Broker.ACCOUNT_USERINFO_ID_TOKEN);
    }

    public String getAccountIdp(Account account) {
        return getAccountData(account, "account.userinfo.identity.provider");
    }

    public AccountManager getAccountManager() {
        if (this.mAcctMngr == null) {
            this.mAcctMngr = AccountManager.get(this.mContext);
        }
        return this.mAcctMngr;
    }

    public String getAccountNgcStatus(Account account) {
        return getAccountData(account, WorkplaceJoinApplication.DATA_IS_NGC);
    }

    public String getAccountTenantId(Account account) {
        return getAccountData(account, "account.userinfo.tenantid");
    }

    public String getAccountUpn(Account account) {
        return getAccountData(account, WorkplaceJoinApplication.DATA_UPN);
    }

    public String getAccountUserIdList(Account account) {
        return getAccountData(account, "account.userinfo.userid.list");
    }

    public Account[] getAllBrokerAccounts() {
        return getAccountManager().getAccountsByType("com.microsoft.workaccount");
    }

    public String getBRT(Account account) throws ClientException {
        try {
            return getEncryptedData(account, StringExtensions.createHash(AuthenticationConstants.Broker.USERDATA_BROKER_RT + account.name));
        } catch (UnsupportedEncodingException e) {
            throw new ClientException("unsupported_encoding", e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            throw new ClientException("no_such_algorithm", e2.getMessage());
        }
    }

    public List<Account> getBrtHolders() throws ClientException {
        ArrayList arrayList = new ArrayList();
        for (Account account : getAllBrokerAccounts()) {
            if (!StringHelper.IsNullOrBlank(BrokerUtils.getBrokerRT(account, this.mContext))) {
                arrayList.add(account);
            }
        }
        return arrayList;
    }

    public ICacheRecord getCacheRecordFromAccount(Account account) throws ClientException {
        String accountIdToken = getAccountIdToken(account);
        if (accountIdToken == null) {
            throw new ClientException("idToken is null, cannot create an ICacheRecord object from data in AccountManagerStorageHelper");
        }
        try {
            IdTokenRecord idTokenRecord = (IdTokenRecord) new Gson().fromJson(accountIdToken, IdTokenRecord.class);
            AccountRecord accountRecord = new AccountRecord();
            accountRecord.setFamilyName(getAccountFamilyName(account));
            accountRecord.setName(getAccountGivenName(account));
            accountRecord.setUsername(getAccountDisplayableUserId(account));
            accountRecord.setHomeAccountId(getAccountHomeAccountId(account));
            accountRecord.setRealm(getAccountTenantId(account));
            accountRecord.setEnvironment(getAccountEnvironment(account));
            accountRecord.setAuthorityType(getAccountAuthorityType(account));
            accountRecord.setLocalAccountId(BrokerClientApplication.getLocalAccountIdFromUserList(getAccountUserIdList(account)));
            CacheRecord cacheRecord = new CacheRecord();
            cacheRecord.setAccount(accountRecord);
            cacheRecord.setIdToken(idTokenRecord);
            return cacheRecord;
        } catch (JsonSyntaxException unused) {
            throw new ClientException("failed to cast idToken json, cannot create an ICacheRecord object from data in AccountManagerStorageHelper");
        }
    }

    public String getDRSResource(Account account) {
        return getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_DRS_RESOURCE);
    }

    public String getDeviceIdForExistingAccount(Account account) {
        if (isAccountExist(account)) {
            return getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_DEVICEID);
        }
        return null;
    }

    public String getEncodedSessionKey(Account account) {
        return getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_ENCODED_SESSION_KEY);
    }

    protected String getEncryptedData(Account account, String str) {
        StorageHelper storageHelper;
        String accountData = getAccountData(account, str);
        if (StringHelper.IsNullOrBlank(accountData) || (storageHelper = getStorageHelper()) == null) {
            return null;
        }
        try {
            return storageHelper.decrypt(accountData);
        } catch (IOException | GeneralSecurityException e) {
            Logger.e(TAG + "getEncryptedData", "Decryption failure.", WorkplaceJoinFailure.INTERNAL, e);
            return null;
        }
    }

    public int getExpiresIn(Account account) {
        try {
            String accountData = getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT_EXPIRES_KEY);
            if (accountData == null) {
                return 0;
            }
            return Integer.parseInt(accountData);
        } catch (NumberFormatException e) {
            Logger.e(TAG + "getExpiresIn", "getExpiresIn parsing error " + e.getMessage(), WorkplaceJoinFailure.INTERNAL, e);
            return 0;
        }
    }

    public boolean getIsSharedDevice(Account account) {
        return Boolean.valueOf(getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_IS_SHARED_DEVICE)).booleanValue();
    }

    public String getLastDeviceAttributeCheckTimestamp(Account account) {
        return getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_LAST_DEVICE_ATTR_CHECK_TIMESTAMP);
    }

    public String getLastUpdatedDeviceName(Account account) {
        return getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_LAST_UPDATED_DEVICE_NAME);
    }

    public String getLastUpdatedDeviceOsVersion(Account account) {
        return getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_LAST_UPDATED_DEVICE_OS_VERSION);
    }

    public String getPRT(Account account) {
        return getEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT);
    }

    public String getPRTAuthority(Account account) {
        return getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT_AUTHORITY);
    }

    public String getPrtIdToken(Account account) {
        return getEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT_IDTOKEN_KEY);
    }

    public String getStkPrivateKey(Account account) {
        return getEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_STK_PRIVATE_KEY);
    }

    public String getStkPublicKey(Account account) {
        return getEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_STK_PUBLIC_KEY);
    }

    public StorageHelper getStorageHelper() {
        if (this.mStorageHelper == null) {
            try {
                this.mStorageHelper = new StorageHelper(this.mContext, new IWpjTelemetryCallback() { // from class: com.microsoft.workaccount.workplacejoin.AccountManagerStorageHelper.1
                    @Override // com.microsoft.identity.common.adal.internal.cache.IWpjTelemetryCallback
                    public void logEvent(Context context, String str, Boolean bool, String str2) {
                        TelemetryLogger.logEvent(context, str, bool, str2);
                    }
                });
                LegacySecretKeyStorage.loadKeys();
            } catch (Exception e) {
                Logger.e(TAG + "getStorageHelper", "Failed to instantiate StorageHelper.", WorkplaceJoinFailure.INTERNAL, e);
            }
        }
        return this.mStorageHelper;
    }

    public Account getWPJAccount() {
        Account[] allBrokerAccounts = getAllBrokerAccounts();
        Logger.v(TAG + "getWPJAccount", "Current accounts number stored in broker is:" + allBrokerAccounts.length);
        for (Account account : allBrokerAccounts) {
            if (isWorkplaceJoined(account)) {
                return account;
            }
        }
        return null;
    }

    public CertificateData getWpjCertificateData() {
        CertificateData certificateData = new CertificateData();
        certificateData.setX509Cert(this.mX509Certificate);
        certificateData.setPrivateKey(this.mPrivateKey);
        certificateData.setPublicKey(this.mX509Certificate.getPublicKey().getEncoded());
        certificateData.setPKCS12Cert(this.mPkcs12Certificate);
        certificateData.setResponse(this.mResponse);
        return certificateData;
    }

    public String getWpjDeviceId() {
        return this.mDeviceId;
    }

    public byte[] getWpjPKCS12Certificate() {
        return this.mPkcs12Certificate;
    }

    public String getWpjPassword() {
        return this.mPassword;
    }

    public RSAPrivateKey getWpjPrivateKey() {
        return this.mRsaPrivateKey;
    }

    public RSAPublicKey getWpjPublicKey() {
        return this.mRsaPublicKey;
    }

    public String getWpjUPN() {
        return this.mUpn;
    }

    public X509Certificate getWpjX509Certificate() {
        return this.mX509Certificate;
    }

    public synchronized void initAccount(Account account, CertificateData certificateData, String str, String str2, String str3) {
        String str4;
        Logger.v(TAG + "init", "Persisting data to account manager user data.");
        String str5 = null;
        try {
            str4 = new String(Base64.encode(certificateData.getPrivateKey(), 2), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            Logger.e(TAG + "initAccount", "Encoding error for cert private key: " + e.getMessage(), WorkplaceJoinFailure.INTERNAL, e);
            str4 = null;
        }
        try {
            str5 = new String(Base64.encode(certificateData.getPublicKey(), 2), "UTF-8");
        } catch (UnsupportedEncodingException e2) {
            Logger.e(TAG + "initAccount", "Encoding error for cert public key " + e2.getMessage(), WorkplaceJoinFailure.INTERNAL, e2);
        }
        this.mResponse = str;
        this.mPkcs12Certificate = certificateData.getPKCS12Cert();
        this.mPrivateKeyEncoded = str4;
        this.mPublicKeyEncoded = str5;
        this.mPassword = str2;
        this.mUpn = str2;
        this.mDeviceId = str3;
        this.mX509Certificate = certificateData.getX509Cert();
        this.mRsaPrivateKey = convertPrivateKeyToRSAPrivateKey(certificateData.getPrivateKey());
        this.mRsaPublicKey = convertPublicKeyToRSAPublicKey(certificateData.getPublicKey());
        AccountManager accountManager = getAccountManager();
        accountManager.setUserData(account, ACCOUNT_MANAGER_STORAGE_KEY_CERT_RESPONSE, this.mResponse);
        try {
            setCertPkcs12(account, new String(Base64.encode(this.mPkcs12Certificate, 0), "UTF-8"));
        } catch (UnsupportedEncodingException e3) {
            Logger.e(TAG + "initAccount", "Encoding error, PKCS12 cert data is not correctly stored.", WorkplaceJoinFailure.INTERNAL, e3);
        }
        setCertPrivateKey(account, this.mPrivateKeyEncoded);
        setCertPublicKey(account, this.mPublicKeyEncoded);
        setCertPassword(account, this.mPassword);
        accountManager.setUserData(account, ACCOUNT_MANAGER_STORAGE_KEY_UPN, this.mUpn);
        accountManager.setUserData(account, ACCOUNT_MANAGER_STORAGE_KEY_DEVICEID, this.mDeviceId);
    }

    public boolean isSharedDevice() {
        Account wPJAccount = getWPJAccount();
        if (wPJAccount == null) {
            return false;
        }
        return getIsSharedDevice(wPJAccount);
    }

    public boolean isWorkplaceJoined(Account account) {
        return !StringHelper.IsNullOrBlank(getDeviceIdForExistingAccount(account));
    }

    public synchronized void restoreWPJAccount() {
        if (this.mPkcs12Certificate != null && this.mDeviceId != null && this.mRsaPrivateKey != null) {
            Logger.v(TAG + "restoreWPJAccount", "WPJ data is available");
            return;
        }
        Account wPJAccount = getWPJAccount();
        if (wPJAccount == null) {
            Logger.i(TAG + "restoreWPJAccount", "No workplace joined account exists. No need to continue with workpalce joined account restoring.");
            return;
        }
        AccountManager accountManager = getAccountManager();
        this.mResponse = accountManager.getUserData(wPJAccount, ACCOUNT_MANAGER_STORAGE_KEY_CERT_RESPONSE);
        String certPkcs12 = getCertPkcs12(wPJAccount);
        this.mPrivateKeyEncoded = getCertPrivateKey(wPJAccount);
        this.mPublicKeyEncoded = getCertPublicKey(wPJAccount);
        this.mPassword = getCertPassword(wPJAccount);
        this.mUpn = accountManager.getUserData(wPJAccount, ACCOUNT_MANAGER_STORAGE_KEY_UPN);
        this.mDeviceId = accountManager.getUserData(wPJAccount, ACCOUNT_MANAGER_STORAGE_KEY_DEVICEID);
        if (TextUtils.isEmpty(certPkcs12)) {
            Logger.v(TAG, "The stored PKCS12 cert is empty.");
        } else {
            try {
                Logger.v(TAG + "restoreWPJAccount", "Decode pkcs12 cert");
                this.mPkcs12Certificate = Base64.decode(certPkcs12.getBytes("UTF-8"), 0);
            } catch (UnsupportedEncodingException e) {
                Logger.e(TAG + "restoreWPJAccount", "Error occured when decoding stored pkcs12 cert data.", WorkplaceJoinFailure.INTERNAL, e);
            }
        }
        Logger.v(TAG + "restoreWPJAccount", "Restored cert info.", "Upn:" + this.mUpn + " deviceId:" + this.mDeviceId);
        if (TextUtils.isEmpty(this.mResponse)) {
            Logger.v(TAG, "Empty cert raw response, cannot create X.509 cert.");
        } else {
            try {
                this.mX509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(("-----BEGIN CERTIFICATE-----\n" + this.mResponse + "\n-----END CERTIFICATE-----").getBytes("UTF-8")));
                if (this.mPrivateKeyEncoded == null) {
                    Logger.v(TAG, "mPrivateKeyEncoded is null, cannot create mPrivateKey and mRsaPrivateKey");
                } else {
                    this.mPrivateKey = Base64.decode(this.mPrivateKeyEncoded.getBytes("UTF-8"), 2);
                    this.mRsaPrivateKey = convertPrivateKeyToRSAPrivateKey(this.mPrivateKey);
                }
                this.mRsaPublicKey = convertPublicKeyToRSAPublicKey(this.mX509Certificate.getPublicKey().getEncoded());
                Logger.v(TAG + "restoreWPJAccount", "Restore completed successfully");
            } catch (UnsupportedEncodingException e2) {
                Logger.e(TAG + "restoreWPJAccount", "Encoding error", WorkplaceJoinFailure.INTERNAL, e2);
            } catch (CertificateException e3) {
                Logger.e(TAG + "restoreWPJAccount", "Encoding error", WorkplaceJoinFailure.INTERNAL, e3);
            }
        }
    }

    public void setAccountAuthorityType(Account account, String str) {
        setAccountData(account, AuthenticationConstants.Broker.ACCOUNT_USERINFO_AUTHORITY_TYPE, str);
    }

    public void setAccountCertificate(Account account, String str) {
        setAccountData(account, WorkplaceJoinApplication.DATA_CERTIFICATE, str);
    }

    public synchronized void setAccountData(Account account, String str, String str2) {
        com.microsoft.identity.common.internal.logging.Logger.verbose(TAG + "setAccountData", str);
        getAccountManager().setUserData(account, str, str2);
    }

    public void setAccountDeviceId(Account account, String str) {
        setAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_DEVICEID, str);
    }

    public void setAccountDisplayableUserId(Account account, String str) {
        setAccountData(account, "account.userinfo.userid.displayable", str);
    }

    public void setAccountEnvironment(Account account, String str) {
        setAccountData(account, AuthenticationConstants.Broker.ACCOUNT_USERINFO_ENVIRONMENT, str);
    }

    public void setAccountFamilyName(Account account, String str) {
        setAccountData(account, "account.userinfo.family.name", str);
    }

    public void setAccountGivenName(Account account, String str) {
        setAccountData(account, "account.userinfo.given.name", str);
    }

    public void setAccountHomeAccountId(Account account, String str) {
        setAccountData(account, "account.userinfo.userid", str);
    }

    public void setAccountIdToken(Account account, String str) {
        setAccountData(account, AuthenticationConstants.Broker.ACCOUNT_USERINFO_ID_TOKEN, str);
    }

    public void setAccountIdp(Account account, String str) {
        setAccountData(account, "account.userinfo.identity.provider", str);
    }

    public void setAccountTenantId(Account account, String str) {
        setAccountData(account, "account.userinfo.tenantid", str);
    }

    public void setAccountUpn(Account account, String str) {
        setAccountData(account, WorkplaceJoinApplication.DATA_UPN, str);
    }

    public void setAccountUserIdList(Account account, String str) {
        if (StringHelper.IsNullOrBlank(str)) {
            return;
        }
        setAccountData(account, "account.userinfo.userid.list", str + "$");
    }

    public void setBRT(Account account, String str) throws ClientException {
        try {
            setEncryptedData(account, StringExtensions.createHash(AuthenticationConstants.Broker.USERDATA_BROKER_RT + account.name), str);
            Logger.v(TAG + ":setBRT", "Invalidating PRT as BRT is updated.");
            setPRT(account, "", "", 0, "");
            setEncodedSessionKey(account, "");
        } catch (UnsupportedEncodingException e) {
            throw new ClientException("unsupported_encoding", e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            throw new ClientException("no_such_algorithm", e2.getMessage());
        }
    }

    public void setDRSResource(Account account, String str) {
        setAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_DRS_RESOURCE, str);
    }

    public void setEncodedSessionKey(Account account, String str) {
        setAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_ENCODED_SESSION_KEY, str);
    }

    protected void setEncryptedData(Account account, String str, String str2) {
        if (TextUtils.isEmpty(str2)) {
            setAccountData(account, str, null);
            return;
        }
        StorageHelper storageHelper = getStorageHelper();
        if (storageHelper != null) {
            try {
                setAccountData(account, str, storageHelper.encrypt(str2));
            } catch (IOException e) {
                Logger.e(TAG + "setEncryptedData", "Encryption failure.", WorkplaceJoinFailure.INTERNAL, e);
            } catch (InvalidAlgorithmParameterException e2) {
                Logger.e(TAG + "setEncryptedData", "Encryption failure.", WorkplaceJoinFailure.INTERNAL, e2);
            } catch (InvalidKeyException e3) {
                Logger.e(TAG + "setEncryptedData", "Encryption failure.", WorkplaceJoinFailure.INTERNAL, e3);
            } catch (NoSuchAlgorithmException e4) {
                Logger.e(TAG + "setEncryptedData", "Encryption failure.", WorkplaceJoinFailure.INTERNAL, e4);
            } catch (InvalidKeySpecException e5) {
                Logger.e(TAG + "setEncryptedData", "Encryption failure.", WorkplaceJoinFailure.INTERNAL, e5);
            } catch (BadPaddingException e6) {
                Logger.e(TAG + "setEncryptedData", "Encryption failure.", WorkplaceJoinFailure.INTERNAL, e6);
            } catch (IllegalBlockSizeException e7) {
                Logger.e(TAG + "setEncryptedData", "Encryption failure.", WorkplaceJoinFailure.INTERNAL, e7);
            } catch (NoSuchPaddingException e8) {
                Logger.e(TAG + "setEncryptedData", "Encryption failure.", WorkplaceJoinFailure.INTERNAL, e8);
            } catch (GeneralSecurityException e9) {
                Logger.e(TAG + "setEncryptedData", "Encryption failure.", WorkplaceJoinFailure.INTERNAL, e9);
            }
        }
    }

    public void setIsSharedDevice(Account account, boolean z) {
        setAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_IS_SHARED_DEVICE, Boolean.toString(z));
    }

    public void setLastDeviceAttributeCheckTimestamp(Account account, String str) {
        setAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_LAST_DEVICE_ATTR_CHECK_TIMESTAMP, str);
    }

    public void setLastUpdatedDeviceName(Account account, String str) {
        setAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_LAST_UPDATED_DEVICE_NAME, str);
    }

    public void setLastUpdatedDeviceOsVersion(Account account, String str) {
        setAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_LAST_UPDATED_DEVICE_OS_VERSION, str);
    }

    public void setPRT(Account account, String str, String str2, int i, String str3) {
        setEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT, str);
        setEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT_IDTOKEN_KEY, str3);
        setAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT_AUTHORITY, str2);
        setAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT_EXPIRES_KEY, Integer.toString(i));
    }

    public void setStkPrivateKey(Account account, String str) {
        setEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_STK_PRIVATE_KEY, str);
    }

    public void setStkPublicKey(Account account, String str) {
        setEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_STK_PUBLIC_KEY, str);
    }

    public boolean shouldStartJoinedFlow(String str) {
        Account wPJAccount = getWPJAccount();
        if (wPJAccount == null) {
            return false;
        }
        if (wPJAccount.name.equalsIgnoreCase(str)) {
            return true;
        }
        return getIsSharedDevice(wPJAccount);
    }
}
