package com.microsoft.workaccount.authenticatorservice;

import android.util.Base64;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.adal.internal.util.StringExtensions;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.exception.ErrorStrings;
import com.microsoft.identity.common.internal.broker.DerivedKey;
import com.microsoft.identity.common.internal.broker.IKeyHandler;
import com.microsoft.omadm.utils.CryptoUtils;
import com.microsoft.workaccount.workplacejoin.Logger;
import com.microsoft.workaccount.workplacejoin.WorkplaceJoinData;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinFailure;
import java.io.ByteArrayOutputStream;
import java.io.UnsupportedEncodingException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.generators.KDFCounterBytesGenerator;
import org.spongycastle.crypto.macs.HMac;
import org.spongycastle.crypto.params.KDFCounterParameters;

/* loaded from: classes3.dex */
public enum KeyHandler implements IKeyHandler {
    INSTANCE;

    private static final int BYTE_BUFFER_SIZE = 4;
    private static final String HMAC_SHA256 = "HmacSHA256";
    private static final String JWS_ALGORITHM = "SHA256withRSA";
    private static final int MAC_SIZE = 8;
    private static final int SP800_108_CTX_SIZE = 24;
    private static final String SP800_108_LABEL = "AzureAD-SecureConversation";
    private static final String TAG = "KeyHandler#";
    private final SecureRandom mRandom = new SecureRandom();
    private static final Charset sUtf8CharSet = AuthenticationConstants.CHARSET_UTF8;
    private static final ReentrantReadWriteLock prtLock = new ReentrantReadWriteLock();

    KeyHandler() {
    }

    private DerivedKey generateDerivedKey(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        HMac hMac = new HMac(new SHA256Digest());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(bArr2, 0, bArr2.length);
        byteArrayOutputStream.write(0);
        byteArrayOutputStream.write(bArr3, 0, bArr3.length);
        byte[] myIntToBbBe = myIntToBbBe(hMac.getMacSize() * 8);
        byteArrayOutputStream.write(myIntToBbBe, 0, myIntToBbBe.length);
        KDFCounterParameters kDFCounterParameters = new KDFCounterParameters(bArr, byteArrayOutputStream.toByteArray(), 32);
        KDFCounterBytesGenerator kDFCounterBytesGenerator = new KDFCounterBytesGenerator(hMac);
        kDFCounterBytesGenerator.init(kDFCounterParameters);
        byte[] bArr4 = new byte[hMac.getMacSize()];
        Logger.v("KeyHandler#generateDerivedKey", "Generating derived key");
        kDFCounterBytesGenerator.generateBytes(bArr4, 0, bArr4.length);
        return new DerivedKey(bArr3, bArr4);
    }

    private static byte[] myIntToBbBe(int i) {
        return ByteBuffer.allocate(4).order(ByteOrder.BIG_ENDIAN).putInt(i).array();
    }

    @Override // com.microsoft.identity.common.internal.broker.IKeyHandler
    public byte[] decryptUsingSessionKey(byte[] bArr, byte[] bArr2, SessionKey sessionKey, byte[] bArr3) throws ClientException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(sessionKey.getDerivedKey(this, bArr3).getGeneratedKey(), CryptoUtils.KEY_ALGORITHM_AES);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        try {
            Cipher cipher = Cipher.getInstance(CryptoUtils.AES_CBC_PKCS7PADDING, "BC");
            cipher.init(2, secretKeySpec, ivParameterSpec);
            byte[] bArr4 = new byte[cipher.getOutputSize(bArr2.length)];
            int update = cipher.update(bArr2, 0, bArr2.length, bArr4, 0);
            int doFinal = update + cipher.doFinal(bArr4, update);
            byte[] bArr5 = new byte[doFinal];
            System.arraycopy(bArr4, 0, bArr5, 0, doFinal);
            return bArr5;
        } catch (InvalidAlgorithmParameterException e) {
            Logger.v("KeyHandler#decryptUsingDerivedSessionKey", e.getMessage());
            throw new ClientException("IV param is invalid", e.getMessage(), e);
        } catch (InvalidKeyException e2) {
            Logger.v("KeyHandler#decryptUsingDerivedSessionKey", e2.getMessage());
            throw new ClientException("Symmetric key is invalid", e2.getMessage(), e2);
        } catch (NoSuchAlgorithmException e3) {
            Logger.v("KeyHandler#decryptUsingDerivedSessionKey", e3.getMessage());
            throw new ClientException("AES/CBC/PKCS7Padding is not available", e3.getMessage(), e3);
        } catch (NoSuchProviderException e4) {
            Logger.v("KeyHandler#decryptUsingDerivedSessionKey", e4.getMessage());
            throw new ClientException("BC provider is not available", e4.getMessage(), e4);
        } catch (BadPaddingException e5) {
            Logger.v("KeyHandler#decryptUsingDerivedSessionKey", e5.getMessage());
            throw new ClientException("PKCS7Padding is expected", e5.getMessage(), e5);
        } catch (IllegalBlockSizeException e6) {
            Logger.v("KeyHandler#decryptUsingDerivedSessionKey", e6.getMessage());
            throw new ClientException("CBC Block size is expected", e6.getMessage(), e6);
        } catch (NoSuchPaddingException e7) {
            Logger.v("KeyHandler#decryptUsingDerivedSessionKey", e7.getMessage());
            throw new ClientException("AES/CBC/PKCS7Padding is not available", e7.getMessage(), e7);
        } catch (ShortBufferException e8) {
            Logger.v("KeyHandler#decryptUsingDerivedSessionKey", e8.getMessage());
            throw new ClientException("User provided buffer is too small ", e8.getMessage(), e8);
        }
    }

    @Override // com.microsoft.identity.common.internal.broker.IKeyHandler
    public DerivedKey generateDerivedKey(byte[] bArr, byte[] bArr2) {
        return generateDerivedKey(bArr, "AzureAD-SecureConversation".getBytes(AuthenticationConstants.CHARSET_ASCII), bArr2);
    }

    @Override // com.microsoft.identity.common.internal.broker.IKeyHandler
    public byte[] generateRandomKeyContext() {
        byte[] bArr = new byte[24];
        this.mRandom.nextBytes(bArr);
        return bArr;
    }

    @Override // com.microsoft.identity.common.internal.broker.IKeyHandler
    public String getDeviceCertX5c(WorkplaceJoinData workplaceJoinData) throws CertificateEncodingException {
        Logger.v("KeyHandler#getDeviceCertX5c", "Attempting to get encoded Device certificate");
        return new String(Base64.encode(workplaceJoinData.getCertificateData().getX509Cert().getEncoded(), 2), AuthenticationConstants.CHARSET_UTF8);
    }

    @Override // com.microsoft.identity.common.internal.broker.IKeyHandler
    public String signWithDeviceKey(String str, WorkplaceJoinData workplaceJoinData) throws InvalidKeyException, UnsupportedEncodingException, SignatureException, NoSuchAlgorithmException {
        Logger.v("KeyHandler#signWithDeviceKey", "Attempting to sign with Device key");
        Signature signature = Signature.getInstance(JWS_ALGORITHM);
        signature.initSign(workplaceJoinData.getCertificateData().getDevicePrivateKey());
        signature.update(str.getBytes(AuthenticationConstants.CHARSET_UTF8));
        return StringExtensions.encodeBase64URLSafeString(signature.sign());
    }

    @Override // com.microsoft.identity.common.internal.broker.IKeyHandler
    public String signWithSessionKey(String str, SessionKey sessionKey, byte[] bArr) throws ClientException {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(sessionKey.getDerivedKey(this, bArr).getGeneratedKey(), "HmacSHA256"));
            return StringExtensions.encodeBase64URLSafeString(mac.doFinal(str.getBytes(AuthenticationConstants.CHARSET_UTF8)));
        } catch (UnsupportedEncodingException e) {
            String str2 = "UTF-8 encoding is not supported " + e.getMessage();
            Logger.e("KeyHandler#signWithDerivedSessionKey", str2, WorkplaceJoinFailure.INTERNAL, e);
            throw new ClientException(ErrorStrings.ENCRYPTION_ERROR, str2, e);
        } catch (IllegalStateException e2) {
            Logger.e("KeyHandler#signWithDerivedSessionKey", e2.getMessage(), WorkplaceJoinFailure.INTERNAL, e2);
            throw new ClientException(ErrorStrings.ENCRYPTION_ERROR, e2.getMessage(), e2);
        } catch (InvalidKeyException e3) {
            String str3 = "Key is invalid for signing " + e3.getMessage();
            Logger.e("KeyHandler#signWithDerivedSessionKey", str3, WorkplaceJoinFailure.INTERNAL, e3);
            throw new ClientException(ErrorStrings.ENCRYPTION_ERROR, str3, e3);
        } catch (NoSuchAlgorithmException e4) {
            String str4 = "HmacSHA256 algorithm does not exist " + e4.getMessage();
            Logger.e("KeyHandler#signWithDerivedSessionKey", str4, WorkplaceJoinFailure.INTERNAL, e4);
            throw new ClientException(ErrorStrings.ENCRYPTION_ERROR, str4, e4);
        }
    }
}
