package com.microsoft.workaccount.authenticatorservice;

import android.util.Base64;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.internal.broker.DerivedKey;
import com.microsoft.identity.common.internal.broker.IKeyHandler;
import com.microsoft.identity.common.internal.cache.CacheKeyValueDelegate;
import com.microsoft.identity.common.internal.platform.JweResponse;
import com.microsoft.workaccount.workplacejoin.Logger;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinFailure;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.json.JSONException;

/* loaded from: classes3.dex */
public final class SessionKey {
    static final String ALGORITHM = "alg";
    static final String CONTEXT = "ctx";
    static final String ENCRYPTION_ALGORITHM = "enc";
    static final String JWE_RSA_SESSION_KEY = "RSA/ECB/OAEPWithSHA1AndMGF1Padding";
    static final String KEY_ID = "kid";
    static final int KEY_LENGTH = 128;
    static final String KEY_USE = "use";
    private static final String TAG = "SessionKey#";
    static final String TYPE = "typ";
    static final String X509_CERTIFICATE = "x5c";
    static final String X509_CERTIFICATE_THUMBPRINT = "x5t";
    private DerivedKey mDerivedKey;
    private final JweResponse.JweHeader mHeader;
    private byte[] mRawKey;

    private SessionKey() {
        this(new JweResponse.JweHeader());
    }

    private SessionKey(JweResponse.JweHeader jweHeader) {
        this.mRawKey = null;
        this.mHeader = jweHeader;
    }

    public static SessionKey createFromJWE(String str, PrivateKey privateKey) throws AuthenticatorException {
        Logger.i("SessionKey#createFromJWE", "SessionKey create from JWE");
        try {
            JweResponse parseJwe = JweResponse.parseJwe(str);
            SessionKey sessionKey = new SessionKey(parseJwe.getJweHeader());
            String replace = parseJwe.getEncryptedKey().replace(CacheKeyValueDelegate.CACHE_VALUE_SEPARATOR, "+").replace("_", "/");
            int length = replace.length() % 4;
            if (length != 0) {
                if (length == 2) {
                    replace = replace + "==";
                } else {
                    if (length != 3) {
                        IllegalArgumentException illegalArgumentException = new IllegalArgumentException("Illegal base64url string!");
                        Logger.e("SessionKey#createFromJWE", illegalArgumentException.getMessage(), WorkplaceJoinFailure.INTERNAL, illegalArgumentException);
                        throw illegalArgumentException;
                    }
                    replace = replace + '=';
                }
            }
            byte[] decode = Base64.decode(replace, 0);
            if (sessionKey.mHeader.mHeaderAlg.equalsIgnoreCase("RSA-OAEP")) {
                Cipher cipher = Cipher.getInstance(JWE_RSA_SESSION_KEY, "BC");
                cipher.init(2, privateKey);
                sessionKey.mRawKey = cipher.doFinal(decode);
                return sessionKey;
            }
            AuthenticatorException authenticatorException = new AuthenticatorException("Header algorithm is not RSA-OAEP. Current Alg:" + sessionKey.mHeader.mHeaderAlg);
            Logger.e("SessionKey#createFromJWE", authenticatorException.getMessage(), WorkplaceJoinFailure.INTERNAL, authenticatorException);
            throw authenticatorException;
        } catch (InvalidKeyException e) {
            Logger.e("SessionKey#createFromJWE", e.getMessage(), WorkplaceJoinFailure.INTERNAL, e);
            throw new AuthenticatorException("Invalid key for cipher decrypt mode", e);
        } catch (NoSuchAlgorithmException e2) {
            Logger.e("SessionKey#createFromJWE", e2.getMessage(), WorkplaceJoinFailure.INTERNAL, e2);
            throw new AuthenticatorException("Algorithm: RSA/ECB/OAEPWithSHA1AndMGF1Padding does not exist on the device", e2);
        } catch (NoSuchProviderException e3) {
            Logger.e("SessionKey#createFromJWE", e3.getMessage(), WorkplaceJoinFailure.INTERNAL, e3);
            throw new AuthenticatorException("BC provider is not supported", e3);
        } catch (BadPaddingException e4) {
            Logger.e("SessionKey#createFromJWE", e4.getMessage(), WorkplaceJoinFailure.INTERNAL, e4);
            throw new AuthenticatorException("Encrypted session key has invalid padding", e4);
        } catch (IllegalBlockSizeException e5) {
            Logger.e("SessionKey#createFromJWE", e5.getMessage(), WorkplaceJoinFailure.INTERNAL, e5);
            throw new AuthenticatorException("Encrypted session key has invalid block size", e5);
        } catch (NoSuchPaddingException e6) {
            Logger.e("SessionKey#createFromJWE", e6.getMessage(), WorkplaceJoinFailure.INTERNAL, e6);
            throw new AuthenticatorException("Algorithm padding for RSA/ECB/OAEPWithSHA1AndMGF1Padding does not exist on the device", e6);
        } catch (JSONException e7) {
            Logger.e("SessionKey#createFromJWE", "JSONException when parsing response", e7.getMessage(), WorkplaceJoinFailure.INTERNAL, e7);
            throw new AuthenticatorException("Invalid JsonObject for sessionkey", e7);
        }
    }

    public static SessionKey createWithRawKey(byte[] bArr) {
        SessionKey sessionKey = new SessionKey();
        sessionKey.mRawKey = Arrays.copyOf(bArr, bArr.length);
        return sessionKey;
    }

    public synchronized DerivedKey getDerivedKey(IKeyHandler iKeyHandler, byte[] bArr) {
        if (this.mDerivedKey != null && Arrays.equals(this.mDerivedKey.getCtx(), bArr)) {
            return this.mDerivedKey;
        }
        DerivedKey generateDerivedKey = iKeyHandler.generateDerivedKey(getRawKey(), bArr);
        this.mDerivedKey = generateDerivedKey;
        return generateDerivedKey;
    }

    public String getEncodedSessionKey() {
        return new String(Base64.encode(this.mRawKey, 2), AuthenticationConstants.CHARSET_UTF8);
    }

    public byte[] getRawKey() {
        byte[] bArr = this.mRawKey;
        return Arrays.copyOf(bArr, bArr.length);
    }
}
