package com.amazon.identity.auth.device.token;

import android.content.Context;
import android.os.Build;
import android.os.Bundle;
import android.util.Base64;
import com.amazon.identity.auth.device.api.MAPError;
import com.amazon.identity.auth.device.api.TokenKeys;
import com.amazon.identity.auth.device.au;
import com.amazon.identity.auth.device.framework.ao;
import com.amazon.identity.auth.device.storage.KeystoreProvider;
import com.amazon.identity.auth.device.storage.t;
import com.amazon.identity.auth.device.utils.AccountConstants;
import com.amazon.identity.auth.device.utils.aq;
import com.amazon.identity.auth.device.utils.at;
import com.amazon.identity.auth.device.utils.y;
import com.amazon.identity.mobi.common.utils.SystemWrapper;
import java.util.concurrent.TimeUnit;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public class MobileAuthEncryptionKeyManager {
    private static final String TAG;
    private static final long pP;
    private static final long pV;
    private final SystemWrapper F;
    private final ao o;

    /* loaded from: classes3.dex */
    public static final class MobileAuthEncryptionKeyManagerException extends Exception {
        private static final long serialVersionUID = -7354549861193710767L;
        private final MAPError mError;
        private final String mErrorMessage;

        public MobileAuthEncryptionKeyManagerException(MAPError mAPError, String str) {
            super(str);
            this.mError = mAPError;
            this.mErrorMessage = str;
        }

        public MobileAuthEncryptionKeyManagerException(MAPError mAPError, String str, Throwable th) {
            super(th.getMessage(), th);
            this.mError = mAPError;
            this.mErrorMessage = str;
        }

        public MAPError getError() {
            return this.mError;
        }

        public String getErrorMessage() {
            return this.mErrorMessage;
        }
    }

    /* loaded from: classes3.dex */
    public static final class a {
        private final String nH;
        private final String pW;
        private final long pX;
        private final long pY;

        public a(String str, String str2, long j, long j2) {
            this.pW = str;
            this.nH = str2;
            this.pX = j;
            this.pY = j2;
        }
    }

    static {
        TimeUnit timeUnit = TimeUnit.MILLISECONDS;
        pV = at.b(180L, timeUnit);
        pP = at.c(1L, timeUnit);
        TAG = MobileAuthEncryptionKeyManager.class.getName();
    }

    public MobileAuthEncryptionKeyManager(Context context) {
        ao O = ao.O(context);
        this.o = O;
        this.F = (SystemWrapper) O.getSystemService("dcp_system");
    }

    private String r(String str, String str2, String str3) {
        return String.format("%s%s%s", str, str3, str2);
    }

    public boolean c(String str, String str2, com.amazon.identity.auth.device.framework.at atVar) throws MobileAuthEncryptionKeyManagerException {
        int i = Build.VERSION.SDK_INT;
        if (i < 26) {
            String format = String.format("Currently UpsertMobileAuthEncryptionKey operation is not supported in %d version of Android.", Integer.valueOf(i));
            y.e(TAG, format);
            atVar.bC("MOBILE_AUTH_UPSERT_ENCRYPTION_KEY:UnsupportedOperation");
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.UNSUPPORTED_OPERATION, format);
        }
        try {
            KeystoreProvider keystoreProvider = new KeystoreProvider(r("mobile_auth_storage", str, "_"));
            t k = t.k(this.o, "mobile_auth_storage");
            SecretKey fp = keystoreProvider.fp();
            String cw = k.cw(r(AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_IDENTIFIER, str, "."));
            if (fp != null && !aq.dI(cw)) {
                if (!((k.cz(String.format("%s.%s", AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_CREATION_TIME, str)) + pV) + pP <= this.F.currentTimeMillis())) {
                    return false;
                }
            }
            JSONObject jSONObject = new au(this.o, str, str2, cw).c(atVar).nA;
            a aVar = new a(jSONObject.getString("encryptionKey"), jSONObject.getString("keyIdentifier"), Long.parseLong(jSONObject.getJSONObject("keyMetadata").getString("keyVersion")), Long.parseLong(jSONObject.getJSONObject("keyMetadata").getString("creationTime")));
            byte[] decode = Base64.decode(aVar.pW, 0);
            keystoreProvider.a(new SecretKeySpec(decode, 0, decode.length, "AES"));
            k.T(r(AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_IDENTIFIER, str, "."), aVar.nH);
            k.a(r(AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_VERSION, str, "."), aVar.pX);
            k.a(r(AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_CREATION_TIME, str, "."), aVar.pY);
            atVar.bC("MOBILE_AUTH_UPSERT_ENCRYPTION_KEY");
            return true;
        } catch (KeystoreProvider.KeystoreProviderException e) {
            String format2 = String.format("KeystoreProviderException encountered while creating or updating encryption key. %s", e.getErrorMessage());
            y.e(TAG, format2, e);
            atVar.bC("MOBILE_AUTH_UPSERT_ENCRYPTION_KEY:KeystoreProviderException");
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INTERNAL_ERROR, format2, e);
        } catch (JSONException e2) {
            String format3 = String.format("JSONException encountered while parsing MobileAuthEncryptionKey response. %s", e2.getMessage());
            y.e(TAG, format3, e2);
            atVar.bC("MOBILE_AUTH_UPSERT_ENCRYPTION_KEY:JSONException");
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INVALID_RESPONSE, format3, e2);
        } catch (Exception e3) {
            String format4 = String.format("Exception encountered while creating or updating encryption key. %s", e3.getMessage());
            y.e(TAG, format4, e3);
            atVar.bC("MOBILE_AUTH_UPSERT_ENCRYPTION_KEY:Exception");
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INTERNAL_ERROR, format4, e3);
        }
    }

    public Bundle e(String str, com.amazon.identity.auth.device.framework.at atVar) throws MobileAuthEncryptionKeyManagerException {
        int i = Build.VERSION.SDK_INT;
        if (i < 26) {
            String format = String.format("Currently GetMobileAuthEncryptionKey operation is not supported in %d version of Android.", Integer.valueOf(i));
            y.e(TAG, format);
            atVar.bC("MOBILE_AUTH_GET_ENCRYPTION_KEY:UnsupportedOperation");
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.UNSUPPORTED_OPERATION, format);
        }
        try {
            KeystoreProvider keystoreProvider = new KeystoreProvider(r("mobile_auth_storage", str, "_"));
            t k = t.k(this.o, "mobile_auth_storage");
            SecretKey fp = keystoreProvider.fp();
            String cw = k.cw(r(AccountConstants.TOKEN_TYPE_AMAZON_MOBILE_AUTH_ENCRYPTION_KEY_IDENTIFIER, str, "."));
            if (fp != null && !aq.dI(cw)) {
                atVar.bC("MOBILE_AUTH_GET_ENCRYPTION_KEY");
                Bundle bundle = new Bundle();
                bundle.putSerializable("value_key", fp);
                bundle.putString(TokenKeys.Options.KEY_MOBILE_AUTH_ENCRYPTION_KEY_ID, cw);
                return bundle;
            }
            if (this.o.dY() == null) {
                y.e(TAG, "MAP data storage is null/invalid.");
                atVar.bC("MOBILE_AUTH_GET_ENCRYPTION_KEY:InvalidMAPDataStorage");
                throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INTERNAL_ERROR, "MAP data storage is null/invalid.");
            }
            if (this.o.dY().D(str)) {
                y.e(TAG, "Null/Invalid encryption key or key identifier received.");
                atVar.bC("MOBILE_AUTH_GET_ENCRYPTION_KEY:KeyNotFoundException");
                throw new MobileAuthEncryptionKeyManagerException(MAPError.AccountError.ACCOUNT_ENCRYPTION_KEY_NOT_FOUND, "Null/Invalid encryption key or key identifier received.");
            }
            y.e(TAG, "Account already deregistered. So, no encryption key or key identifier received.");
            atVar.bC("MOBILE_AUTH_GET_ENCRYPTION_KEY:AccountDeregistered");
            throw new MobileAuthEncryptionKeyManagerException(MAPError.AccountError.ACCOUNT_ALREADY_DEREGISTERED, "Account already deregistered. So, no encryption key or key identifier received.");
        } catch (KeystoreProvider.KeystoreProviderException e) {
            String format2 = String.format("KeystoreProviderException encountered while fetching encryption key. %s", e.getErrorMessage());
            y.e(TAG, format2, e);
            atVar.bC("MOBILE_AUTH_GET_ENCRYPTION_KEY:KeystoreProviderException");
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INTERNAL_ERROR, format2, e);
        } catch (MobileAuthEncryptionKeyManagerException e2) {
            throw e2;
        } catch (Exception e3) {
            String format3 = String.format("Exception encountered while fetching encryption key. %s", e3.getMessage());
            y.e(TAG, format3, e3);
            atVar.bC("MOBILE_AUTH_GET_ENCRYPTION_KEY:Exception");
            throw new MobileAuthEncryptionKeyManagerException(MAPError.CommonError.INTERNAL_ERROR, format3, e3);
        }
    }
}
