package com.microsoft.identity;

import android.app.Activity;
import android.app.admin.DevicePolicyManager;
import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Build;
import androidx.fragment.app.Fragment;
import com.google.gson.Gson;
import com.microsoft.identity.broker4j.broker.crypto.IAsymmetricKeyEntry;
import com.microsoft.identity.broker4j.broker.crypto.IKeyManager;
import com.microsoft.identity.broker4j.broker.crypto.LegacyKeyManager;
import com.microsoft.identity.broker4j.broker.crypto.keyaccessors.IBrokerKeyAccessorFactory;
import com.microsoft.identity.broker4j.broker.crypto.keyaccessors.RawBrokerKeyAccessorFactory;
import com.microsoft.identity.broker4j.broker.crypto.keyloaders.ISessionKeyLoader;
import com.microsoft.identity.broker4j.broker.crypto.keyloaders.RawDeviceKeyLoader;
import com.microsoft.identity.broker4j.broker.crypto.keyloaders.RawSessionKeyLoader;
import com.microsoft.identity.broker4j.broker.crypto.keyloaders.RawSessionTransportKeyLoader;
import com.microsoft.identity.broker4j.broker.flighting.BrokerFlightManager;
import com.microsoft.identity.broker4j.broker.flighting.IFlightManager;
import com.microsoft.identity.broker4j.broker.platform.components.IAccountDataStorage;
import com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents;
import com.microsoft.identity.broker4j.broker.platform.components.IDataLoader;
import com.microsoft.identity.broker4j.workplacejoin.WorkplaceJoinCertHelper;
import com.microsoft.identity.broker4j.workplacejoin.WorkplaceJoinFailure;
import com.microsoft.identity.broker4j.workplacejoin.data.CertificateData;
import com.microsoft.identity.broker4j.workplacejoin.data.IWorkplaceJoinController;
import com.microsoft.identity.broker4j.workplacejoin.data.WorkplaceJoinControllerFactory;
import com.microsoft.identity.broker4j.workplacejoin.data.WorkplaceJoinData;
import com.microsoft.identity.client.BrokerUtils;
import com.microsoft.identity.common.AndroidPlatformComponents;
import com.microsoft.identity.common.crypto.AndroidBrokerStorageEncryptionManager;
import com.microsoft.identity.common.internal.util.PackageUtils;
import com.microsoft.identity.common.java.broker.ICallValidator;
import com.microsoft.identity.common.java.cache.BrokerOAuth2TokenCache;
import com.microsoft.identity.common.java.cache.ICacheRecord;
import com.microsoft.identity.common.java.crypto.ICertificateGeneratorFunction;
import com.microsoft.identity.common.java.crypto.IKeyAccessor;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.exception.ErrorStrings;
import com.microsoft.identity.common.java.foci.FociQueryUtilities;
import com.microsoft.identity.common.java.logging.Logger;
import com.microsoft.identity.common.java.telemetry.ITelemetryCallback;
import com.microsoft.tokenshare.TokenSharingManager;
import com.microsoft.workaccount.authenticatorservice.LegacySecretKeyStorage;
import com.microsoft.workaccount.workplacejoin.AccountManagerStorageHelper;
import com.microsoft.workaccount.workplacejoin.WorkplaceJoin;
import com.microsoft.workaccount.workplacejoin.core.IDeviceControlledAPI;
import com.microsoft.workaccount.workplacejoin.core.Util;
import com.microsoft.workaccount.workplacejoin.telemetry.TelemetryLogger;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Map;

/* loaded from: classes2.dex */
public class AndroidBrokerPlatformComponents extends AndroidPlatformComponents implements IBrokerPlatformComponents {
    private static final Gson GSON = new Gson();
    private static final String TAG = AndroidBrokerPlatformComponents.class.getSimpleName();
    private static boolean sInitialized = false;
    private final Map<String, String> flightInformation;
    private AccountManagerStorageHelper mAccountManagerStorageHelper;
    private LegacyKeyManager mKeyMaker;
    private AndroidBrokerStorageEncryptionManager mStorageEncryptionManager;
    private IWorkplaceJoinController mWpjController;

    protected AndroidBrokerPlatformComponents(Context context, Activity activity, Fragment fragment) {
        super(context, activity, fragment);
        if (context == null) {
            throw new NullPointerException("applicationContext is marked non-null but is null");
        }
        initializeBrokerStaticClasses(context);
        this.flightInformation = getFlightManager().getFlights();
        Logger.info(TAG, "Flight information in use for request: " + GSON.toJson(this.flightInformation));
    }

    public static AndroidBrokerPlatformComponents createFromActivity(Activity activity) {
        if (activity != null) {
            return new AndroidBrokerPlatformComponents(activity.getApplicationContext(), activity, null);
        }
        throw new NullPointerException("activity is marked non-null but is null");
    }

    public static AndroidBrokerPlatformComponents createFromContext(Context context) {
        if (context != null) {
            return new AndroidBrokerPlatformComponents(context, null, null);
        }
        throw new NullPointerException("context is marked non-null but is null");
    }

    private static void initializeBrokerStaticClasses(Context context) {
        synchronized (AndroidBrokerPlatformComponents.class) {
            if (context == null) {
                throw new NullPointerException("context is marked non-null but is null");
            }
            if (!sInitialized) {
                LegacySecretKeyStorage.loadKeys();
                sInitialized = true;
            }
        }
    }

    private void tryRemovingCertFromAndroidUserStoreSilently(CertificateData certificateData) {
        if (certificateData == null) {
            throw new NullPointerException("certData is marked non-null but is null");
        }
        if (Build.VERSION.SDK_INT < 24) {
            Logger.info(TAG + ":tryRemovingCertSilently", "Certificate removal DID NOT succeed: uninstalling cert silently via DevicePolicyManager requires Android Version >= N, this device is running " + Build.VERSION.SDK_INT);
            return;
        }
        try {
            boolean removeKeyPair = ((DevicePolicyManager) this.mContext.getSystemService("device_policy")).removeKeyPair(null, certificateData.getAlias());
            String str = TAG + ":tryRemovingCertSilently";
            StringBuilder sb = new StringBuilder();
            sb.append("Certificate removal");
            sb.append(removeKeyPair ? " did " : " DID NOT ");
            sb.append("succeed. ");
            sb.append(WorkplaceJoinFailure.CERTIFICATE.toString());
            Logger.warn(str, sb.toString());
        } catch (SecurityException e) {
            Logger.warn(TAG + ":tryRemovingCertSilently", "Certificate removal DID NOT succeed: The caller must be delegated with DELEGATION_CERT_INSTALL by the device/profile owner. " + e.getMessage() + " " + WorkplaceJoinFailure.CERTIFICATE.toString());
        }
    }

    private void uninstallSamsungCert(CertificateData certificateData) {
        if (certificateData == null) {
            throw new NullPointerException("certData is marked non-null but is null");
        }
        Logger.verbose(TAG + ":uninstallSamsungCert", "Uninstall cert with Samsung API if available");
        IDeviceControlledAPI createDeviceApiForAdmin = Util.createDeviceApiForAdmin(this.mContext, Util.createDeviceControlledAPI(this.mContext));
        boolean z = false;
        if (createDeviceApiForAdmin != null) {
            z = createDeviceApiForAdmin.uninstallCert(this.mContext, certificateData);
            Logger.verbose(TAG + ":uninstallSamsungCert", "Cert uninstall status:" + z);
        }
        if (z) {
            return;
        }
        Logger.verbose(TAG + ":uninstallSamsungCert", "Certificate is not removed from the device.");
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents
    public IAccountDataStorage getBrokerAccountDataStorage() {
        AccountManagerStorageHelper accountManagerStorageHelper;
        synchronized (this) {
            if (this.mAccountManagerStorageHelper == null) {
                this.mAccountManagerStorageHelper = new AccountManagerStorageHelper(this.mContext, getSessionKeyLoader(), getStorageEncryptionManager());
            }
            accountManagerStorageHelper = this.mAccountManagerStorageHelper;
        }
        return accountManagerStorageHelper;
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents
    public IBrokerKeyAccessorFactory getBrokerKeyAccessorFactory() {
        return new RawBrokerKeyAccessorFactory();
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents
    public String getBrokerVersion() {
        return "4.1.0";
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents
    public ICallValidator getCallValidator() {
        ICallValidator iCallValidator;
        synchronized (this) {
            iCallValidator = new ICallValidator() { // from class: com.microsoft.identity.AndroidBrokerPlatformComponents.2
                @Override // com.microsoft.identity.common.java.broker.ICallValidator
                public void throwIfNotInvokedByAcceptableApp(String str, int i, Map<String, Iterable<String>> map) throws ClientException {
                    if (str == null) {
                        throw new NullPointerException("methodName is marked non-null but is null");
                    }
                    if (map == null) {
                        throw new NullPointerException("allowedApplications is marked non-null but is null");
                    }
                    String callingPackageName = BrokerUtils.getCallingPackageName(AndroidBrokerPlatformComponents.this.mContext, i);
                    Iterable<String> iterable = map.get(callingPackageName);
                    if (iterable != null) {
                        try {
                            List<X509Certificate> readCertDataForApp = PackageUtils.readCertDataForApp(callingPackageName, AndroidBrokerPlatformComponents.this.mContext);
                            String verifySignatureHash = PackageUtils.verifySignatureHash(readCertDataForApp, iterable.iterator());
                            if (verifySignatureHash != null && readCertDataForApp.size() > 1) {
                                PackageUtils.verifyCertificateChain(readCertDataForApp);
                            }
                            if (verifySignatureHash != null) {
                                return;
                            }
                        } catch (PackageManager.NameNotFoundException e) {
                            throw new ClientException(ErrorStrings.APP_PACKAGE_NAME_NOT_FOUND, e.getMessage(), e);
                        } catch (IOException e2) {
                            e = e2;
                            throw new ClientException(ErrorStrings.BROKER_VERIFICATION_FAILED, e.getMessage(), e);
                        } catch (GeneralSecurityException e3) {
                            e = e3;
                            throw new ClientException(ErrorStrings.BROKER_VERIFICATION_FAILED, e.getMessage(), e);
                        }
                    }
                    Logger.error(AndroidBrokerPlatformComponents.TAG + str, "This application (" + callingPackageName + ") is not authorized to call getSsoToken", null);
                    throw new ClientException("unauthorized_client", ErrorStrings.BROKER_APP_VERIFICATION_FAILED);
                }
            };
        }
        return iCallValidator;
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents
    public ICertificateGeneratorFunction getCertificateGenerator() {
        return new ICertificateGeneratorFunction() { // from class: com.microsoft.identity.AndroidBrokerPlatformComponents.3
            @Override // com.microsoft.identity.common.java.crypto.ICertificateGeneratorFunction
            public X509Certificate apply(String str) throws CertificateException, UnsupportedEncodingException, NoSuchProviderException {
                return WorkplaceJoinCertHelper.generateX509Certificate(str);
            }
        };
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents
    public IDataLoader<IAsymmetricKeyEntry, IAccountDataStorage> getDeviceKeyLoader() {
        return new RawDeviceKeyLoader(this);
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IBrokerComponents
    public Map<String, String> getFlightInformation() {
        return this.flightInformation;
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IBrokerComponents
    public IFlightManager getFlightManager() {
        return new BrokerFlightManager(getMultiProcessStringStore(BrokerFlightManager.FLIGHT_INFO_STORAGE_NAME));
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents
    public IKeyManager getKeyMaker() {
        LegacyKeyManager legacyKeyManager;
        synchronized (this) {
            if (this.mKeyMaker == null) {
                this.mKeyMaker = new LegacyKeyManager();
            }
            legacyKeyManager = this.mKeyMaker;
        }
        return legacyKeyManager;
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents
    public ISessionKeyLoader getSessionKeyLoader() {
        return new RawSessionKeyLoader();
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents
    public IDataLoader<IAsymmetricKeyEntry, IAccountDataStorage> getSessionTransportKeyLoader() {
        return new RawSessionTransportKeyLoader();
    }

    @Override // com.microsoft.identity.common.AndroidPlatformComponents, com.microsoft.identity.common.java.interfaces.IPlatformComponents
    public IKeyAccessor getStorageEncryptionManager() {
        AndroidBrokerStorageEncryptionManager androidBrokerStorageEncryptionManager;
        synchronized (this) {
            if (this.mStorageEncryptionManager == null) {
                LegacySecretKeyStorage.loadKeys();
                this.mStorageEncryptionManager = new AndroidBrokerStorageEncryptionManager(this.mContext, new ITelemetryCallback() { // from class: com.microsoft.identity.AndroidBrokerPlatformComponents.1
                    @Override // com.microsoft.identity.common.java.telemetry.ITelemetryCallback
                    public void logEvent(String str, Boolean bool, String str2) {
                        TelemetryLogger.logEvent(AndroidBrokerPlatformComponents.this.mContext, str, bool, str2);
                    }
                });
            }
            androidBrokerStorageEncryptionManager = this.mStorageEncryptionManager;
        }
        return androidBrokerStorageEncryptionManager;
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents
    public String getWorkplaceJoinClientName() {
        return WorkplaceJoin.WPJ_CLIENT_NAME;
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IBrokerComponents
    public IWorkplaceJoinController getWpjController() {
        IWorkplaceJoinController iWorkplaceJoinController;
        synchronized (this) {
            if (this.mWpjController == null) {
                this.mWpjController = new WorkplaceJoinControllerFactory().getWpjController(this);
            }
            iWorkplaceJoinController = this.mWpjController;
        }
        return iWorkplaceJoinController;
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents
    public boolean isAuthorizedToShareTokens(BrokerOAuth2TokenCache brokerOAuth2TokenCache, String str, String str2, ICacheRecord iCacheRecord, int i) throws IOException, ClientException {
        if (brokerOAuth2TokenCache == null) {
            throw new NullPointerException("brokerOAuth2TokenCache is marked non-null but is null");
        }
        if (str == null) {
            throw new NullPointerException("clientId is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("redirectUri is marked non-null but is null");
        }
        if (iCacheRecord == null) {
            throw new NullPointerException("cacheRecord is marked non-null but is null");
        }
        Logger.verbose(TAG + "isAuthorizedToShareTokens", "Verifying client is authorized to share tokens via token sharing library.");
        boolean isAuthorizedToShareTokens = TokenSharingManager.getInstance().isAuthorizedToShareTokens(this.mContext, i);
        if (isAuthorizedToShareTokens) {
            return isAuthorizedToShareTokens;
        }
        Logger.verbose(TAG + "isAuthorizedToShareTokens", "Verifying client is authorized to share tokens via ESTS request (fallback).");
        return FociQueryUtilities.tryFociTokenWithGivenClientId(brokerOAuth2TokenCache, str, str2, iCacheRecord);
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents
    public boolean isFromValidBrokerApp(int i) {
        return BrokerUtils.isFromValidBrokerApp(this.mContext, i);
    }

    @Override // com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents
    public void tryUninstallWpjCertFromDevice(WorkplaceJoinData workplaceJoinData) {
        if (workplaceJoinData == null) {
            throw new NullPointerException("workplaceJoinData is marked non-null but is null");
        }
        CertificateData certificateData = workplaceJoinData.getCertificateData();
        tryRemovingCertFromAndroidUserStoreSilently(certificateData);
        uninstallSamsungCert(certificateData);
    }
}
