package com.microsoft.workaccount.workplacejoin;

import android.accounts.Account;
import android.content.Context;
import android.text.TextUtils;
import android.util.Base64;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.internal.util.StringUtil;
import com.microsoft.workaccount.workplacejoin.core.CertificateData;
import com.microsoft.workaccount.workplacejoin.core.DRSDiscoveryRequestHandler;
import com.microsoft.workaccount.workplacejoin.core.DRSMetadata;
import com.microsoft.workaccount.workplacejoin.core.Util;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinCertHelper;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinFailure;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.UUID;
import java.util.concurrent.Semaphore;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.spongycastle.pkcs.PKCSException;

/* loaded from: classes5.dex */
public class WorkplaceJoinDataStore {
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_CERT_PKCS12_ENC = "workplaceJoin.key.cert.pkcs12.enc";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_CERT_PKCS12_PASSWORD_ENC = "workplaceJoin.key.cert.password.enc";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_DEVICE_PRIVATE_KEY_ENC = "workplaceJoin.key.cert.privateKey.enc";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_IS_SHARED_DEVICE = "workplaceJoin.key.is.shared.device";
    private static final String ACCOUNT_MANAGER_STORAGE_KEY_LAST_DEVICE_ATTR_UPDATED_TIMESTAMP = "workplaceJoin.key.last.device.attr.check.timestamp";
    private static final String ACCOUNT_MANAGER_STORAGE_KEY_LAST_UPDATED_DEVICE_NAME = "workplaceJoin.key.last.updated.device.name";
    private static final String ACCOUNT_MANAGER_STORAGE_KEY_LAST_UPDATED_DEVICE_OS_VERSION = "workplaceJoin.key.last.updated.device.os.version";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_STK_PRIVATE_KEY_ENC = "workplaceJoin.key.stk.privateKey";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_STK_PUBLIC_KEY_ENC = "workplaceJoin.key.stk.publicKey";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_UPN = "workplaceJoin.key.upn";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_WPJ_HOME_TENANT_ID = "workplaceJoin.key.wpj.home.tenant.id";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_X509_RAW_BODY = "workplaceJoin.key.cert.response";
    private static final String TAG = WorkplaceJoinDataStore.class.getSimpleName() + "#";
    private static final ReentrantReadWriteLock sLock = new ReentrantReadWriteLock();
    private static final Semaphore sWpjTenantIdUpdateSem = new Semaphore(1);
    private final AccountManagerStorageHelper mAccountHelper;

    public WorkplaceJoinDataStore(Context context) {
        this.mAccountHelper = new AccountManagerStorageHelper(context);
    }

    public WorkplaceJoinDataStore(AccountManagerStorageHelper accountManagerStorageHelper) {
        this.mAccountHelper = accountManagerStorageHelper;
    }

    public static byte[] base64Decode(String str) {
        return Base64.decode(str.getBytes(AuthenticationConstants.CHARSET_UTF8), 2);
    }

    public static String base64Encode(byte[] bArr) {
        return new String(Base64.encode(bArr, 2), AuthenticationConstants.CHARSET_UTF8);
    }

    private Account getWorkplaceJoinAccount(String str) {
        for (Account account : this.mAccountHelper.getAllBrokerAccounts()) {
            if (isWorkplaceJoined(account) && (TextUtils.isEmpty(str) || str.equalsIgnoreCase(getWpjHomeTenantId(account)))) {
                return account;
            }
        }
        return null;
    }

    private String getWpjHomeTenantId(Account account) {
        String accountData = this.mAccountHelper.getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_WPJ_HOME_TENANT_ID);
        if (!StringUtil.isEmpty(accountData)) {
            return accountData;
        }
        Logger.w(TAG + "getWpjHomeTenantId", "WPJ home tenantID doesn't exist. Fall back to Account's home tenant ID", WorkplaceJoinFailure.INTERNAL);
        updateWpjHomeTenantIdAsyncIfNeeded();
        return this.mAccountHelper.getAccountHomeTenantId(account);
    }

    private boolean isWorkplaceJoined(Account account) {
        return this.mAccountHelper.hasData(account, ACCOUNT_MANAGER_STORAGE_KEY_X509_RAW_BODY);
    }

    private WorkplaceJoinData loadWorkPlaceJoinEntry(Account account) {
        Date date;
        try {
            String str = "ScrubbedUpn" + account.name.substring(account.name.indexOf("@") + 1).trim();
            Logger.v(TAG + "loadWorkPlaceJoinEntry", "Loading Workplace Join entry for account.", str + " account name: " + account.name);
            String accountData = this.mAccountHelper.getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_UPN);
            boolean parseBoolean = Boolean.parseBoolean(this.mAccountHelper.getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_IS_SHARED_DEVICE));
            String wpjHomeTenantId = getWpjHomeTenantId(account);
            throwIfStringIsNull("tenantId", wpjHomeTenantId);
            Logger.v(TAG + "loadWorkPlaceJoinEntry", "Loading Device private key");
            String encryptedData = this.mAccountHelper.getEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_DEVICE_PRIVATE_KEY_ENC);
            throwIfStringIsNull("encodedDevicePrivateKey", encryptedData);
            byte[] base64Decode = base64Decode(encryptedData);
            throwIfByteArrayIsNull("devicePrivateKey", base64Decode);
            Logger.v(TAG + "loadWorkPlaceJoinEntry", "Loading STK private key");
            String encryptedData2 = this.mAccountHelper.getEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_STK_PRIVATE_KEY_ENC);
            throwIfStringIsNull("encodedStkPrivateKey", encryptedData2);
            byte[] base64Decode2 = base64Decode(encryptedData2);
            throwIfByteArrayIsNull("stkPrivateKey", base64Decode2);
            Logger.v(TAG + "loadWorkPlaceJoinEntry", "Loading pkcs12");
            String encryptedData3 = this.mAccountHelper.getEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_CERT_PKCS12_ENC);
            throwIfStringIsNull("encodedPkcs12", encryptedData2);
            byte[] base64Decode3 = base64Decode(encryptedData3);
            throwIfByteArrayIsNull("pkcs12", base64Decode3);
            String encryptedData4 = this.mAccountHelper.getEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_CERT_PKCS12_PASSWORD_ENC);
            throwIfStringIsNull("pkcs12Password", encryptedData4);
            Logger.v(TAG + "loadWorkPlaceJoinEntry", "Initialize certificate object.");
            String encryptedData5 = this.mAccountHelper.getEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_X509_RAW_BODY);
            throwIfStringIsNull("x509RawBody", encryptedData5);
            X509Certificate generateX509Certificate = WorkplaceJoinCertHelper.generateX509Certificate(encryptedData5);
            try {
                date = Util.RFC3339StringToDate(this.mAccountHelper.getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_LAST_DEVICE_ATTR_UPDATED_TIMESTAMP));
            } catch (Exception unused) {
                date = new Date(0L);
            }
            String accountData2 = this.mAccountHelper.getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_LAST_UPDATED_DEVICE_NAME);
            String accountData3 = this.mAccountHelper.getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_LAST_UPDATED_DEVICE_OS_VERSION);
            CertificateData create = CertificateData.create(generateX509Certificate, base64Decode3, encryptedData4, base64Decode, base64Decode2);
            Logger.v(TAG + "loadWorkPlaceJoinEntry", "Restore completed successfully");
            return WorkplaceJoinData.builder().tenantId(wpjHomeTenantId).upn(accountData).certificateData(create).isSharedDevice(parseBoolean).lastUpdatedDeviceAttributeDate(date).registeredDeviceName(accountData2).registeredOsVersion(accountData3).build();
        } catch (UnsupportedEncodingException | IllegalStateException | CertificateException e) {
            Logger.e(TAG + "loadWorkPlaceJoinEntry", "Fail to load Workplace Join entry.", WorkplaceJoinFailure.INTERNAL, e);
            return null;
        }
    }

    private void throwIfByteArrayIsNull(String str, byte[] bArr) throws IllegalStateException {
        if (bArr == null || bArr.length == 0) {
            throw new IllegalStateException(str + " is null.");
        }
    }

    private void throwIfStringIsNull(String str, String str2) throws IllegalStateException {
        if (TextUtils.isEmpty(str2)) {
            throw new IllegalStateException(str + " is null or empty.");
        }
    }

    public boolean canStartJoinFlow(String str) {
        sLock.readLock().lock();
        try {
            Account workplaceJoinAccount = getWorkplaceJoinAccount();
            if (workplaceJoinAccount == null) {
                Logger.v(TAG + "canStartJoinFlow", "Workplace Join Account Does not exist.");
            } else {
                WorkplaceJoinData loadWorkPlaceJoinEntry = loadWorkPlaceJoinEntry(workplaceJoinAccount);
                if (loadWorkPlaceJoinEntry != null) {
                    if (loadWorkPlaceJoinEntry.isSharedDevice()) {
                        Logger.v(TAG + "canStartJoinFlow", "Eligible to start join flow as this is a shared device.");
                    } else if (this.mAccountHelper.isAccountMatching(workplaceJoinAccount, str)) {
                        Logger.v(TAG + "canStartJoinFlow", "Eligible to start join flow as the provided identifier matches with WPJ account.");
                    } else {
                        Logger.v(TAG + "canStartJoinFlow", "Identifier not matching. Cannot start joined flow.");
                    }
                    return true;
                }
                Logger.v(TAG + "canStartJoinFlow", "Fail to load WPJ data.");
            }
            return false;
        } finally {
            sLock.readLock().unlock();
        }
    }

    public Account getWorkplaceJoinAccount() {
        sLock.readLock().lock();
        try {
            return getWorkplaceJoinAccount(null);
        } finally {
            sLock.readLock().unlock();
        }
    }

    public WorkplaceJoinData getWorkplaceJoinData() {
        sLock.readLock().lock();
        try {
            Account workplaceJoinAccount = getWorkplaceJoinAccount();
            if (workplaceJoinAccount != null) {
                return loadWorkPlaceJoinEntry(workplaceJoinAccount);
            }
            sLock.readLock().unlock();
            return null;
        } finally {
            sLock.readLock().unlock();
        }
    }

    public void removeRegistrationData(WorkplaceJoinData workplaceJoinData) {
        sLock.writeLock().lock();
        try {
            Account workplaceJoinAccount = getWorkplaceJoinAccount(workplaceJoinData.getTenantId());
            if (workplaceJoinAccount == null) {
                Logger.v(TAG + "removeRegistrationData", "No matching WPJ Data found.");
                return;
            }
            Logger.v(TAG + "removeRegistrationData", "Removing PRTs and SKs associated to the joined tenant.");
            String tenantId = workplaceJoinData.getTenantId();
            for (Account account : this.mAccountHelper.getAllBrokerAccounts()) {
                String accountHomeTenantId = this.mAccountHelper.getAccountHomeTenantId(account);
                if (TextUtils.isEmpty(accountHomeTenantId) || accountHomeTenantId.equalsIgnoreCase(tenantId)) {
                    this.mAccountHelper.deletePRTandSK(account);
                }
            }
            Logger.v(TAG + "removeRegistrationData", "Removing WPJ data.");
            this.mAccountHelper.setAccountData(workplaceJoinAccount, ACCOUNT_MANAGER_STORAGE_KEY_WPJ_HOME_TENANT_ID, null);
            this.mAccountHelper.setAccountData(workplaceJoinAccount, ACCOUNT_MANAGER_STORAGE_KEY_IS_SHARED_DEVICE, null);
            this.mAccountHelper.setEncryptedData(workplaceJoinAccount, ACCOUNT_MANAGER_STORAGE_KEY_X509_RAW_BODY, null);
            this.mAccountHelper.setEncryptedData(workplaceJoinAccount, ACCOUNT_MANAGER_STORAGE_KEY_CERT_PKCS12_ENC, null);
            this.mAccountHelper.setEncryptedData(workplaceJoinAccount, ACCOUNT_MANAGER_STORAGE_KEY_STK_PRIVATE_KEY_ENC, null);
            this.mAccountHelper.setEncryptedData(workplaceJoinAccount, ACCOUNT_MANAGER_STORAGE_KEY_CERT_PKCS12_PASSWORD_ENC, null);
        } finally {
            sLock.writeLock().unlock();
        }
    }

    public void storeRegistrationData(String str, String str2, String str3, String str4, KeyPair keyPair, KeyPair keyPair2, boolean z) throws IOException, CertificateException, NoSuchAlgorithmException, PKCSException {
        sLock.writeLock().lock();
        try {
            Logger.v(TAG + "storeRegistrationData", "Persisting data to account manager user data.");
            String uuid = UUID.randomUUID().toString();
            String base64Encode = base64Encode(WorkplaceJoinCertHelper.generatePkcs12(WorkplaceJoinCertHelper.generateX509Certificate(str4), uuid, keyPair.getPublic(), keyPair.getPrivate()));
            String base64Encode2 = base64Encode(keyPair.getPrivate().getEncoded());
            String base64Encode3 = base64Encode(keyPair2.getPrivate().getEncoded());
            String base64Encode4 = base64Encode(keyPair2.getPublic().getEncoded());
            Account createAccount = this.mAccountHelper.createAccount(str, "com.microsoft.workaccount");
            this.mAccountHelper.setAccountData(createAccount, ACCOUNT_MANAGER_STORAGE_KEY_WPJ_HOME_TENANT_ID, str2);
            this.mAccountHelper.setAccountData(createAccount, ACCOUNT_MANAGER_STORAGE_KEY_UPN, str3);
            this.mAccountHelper.setAccountData(createAccount, ACCOUNT_MANAGER_STORAGE_KEY_IS_SHARED_DEVICE, Boolean.toString(z));
            this.mAccountHelper.setEncryptedData(createAccount, ACCOUNT_MANAGER_STORAGE_KEY_X509_RAW_BODY, str4);
            this.mAccountHelper.setEncryptedData(createAccount, ACCOUNT_MANAGER_STORAGE_KEY_CERT_PKCS12_ENC, base64Encode);
            this.mAccountHelper.setEncryptedData(createAccount, ACCOUNT_MANAGER_STORAGE_KEY_DEVICE_PRIVATE_KEY_ENC, base64Encode2);
            this.mAccountHelper.setEncryptedData(createAccount, ACCOUNT_MANAGER_STORAGE_KEY_STK_PRIVATE_KEY_ENC, base64Encode3);
            this.mAccountHelper.setEncryptedData(createAccount, ACCOUNT_MANAGER_STORAGE_KEY_STK_PUBLIC_KEY_ENC, base64Encode4);
            this.mAccountHelper.setEncryptedData(createAccount, ACCOUNT_MANAGER_STORAGE_KEY_CERT_PKCS12_PASSWORD_ENC, uuid);
            this.mAccountHelper.setAccountData(createAccount, ACCOUNT_MANAGER_STORAGE_KEY_LAST_UPDATED_DEVICE_OS_VERSION, Util.getAndroidOSVersion());
            this.mAccountHelper.setAccountData(createAccount, ACCOUNT_MANAGER_STORAGE_KEY_LAST_UPDATED_DEVICE_NAME, Util.getDeviceDisplayName());
            this.mAccountHelper.setAccountData(createAccount, ACCOUNT_MANAGER_STORAGE_KEY_LAST_DEVICE_ATTR_UPDATED_TIMESTAMP, Util.RFC3339DateToString(new Date()));
        } finally {
            sLock.writeLock().unlock();
        }
    }

    public void updateRegisteredDeviceName(WorkplaceJoinData workplaceJoinData, String str) {
        sLock.writeLock().lock();
        try {
            Account workplaceJoinAccount = getWorkplaceJoinAccount(workplaceJoinData.getTenantId());
            if (workplaceJoinAccount != null) {
                this.mAccountHelper.setAccountData(workplaceJoinAccount, ACCOUNT_MANAGER_STORAGE_KEY_LAST_UPDATED_DEVICE_NAME, str);
                this.mAccountHelper.setAccountData(workplaceJoinAccount, ACCOUNT_MANAGER_STORAGE_KEY_LAST_DEVICE_ATTR_UPDATED_TIMESTAMP, Util.RFC3339DateToString(new Date()));
            } else {
                Logger.v(TAG + "updateRegisteredDeviceName", "No matching WPJ Data found.");
            }
        } finally {
            sLock.writeLock().unlock();
        }
    }

    public void updateRegisteredOsVersion(WorkplaceJoinData workplaceJoinData, String str) {
        sLock.writeLock().lock();
        try {
            Account workplaceJoinAccount = getWorkplaceJoinAccount(workplaceJoinData.getTenantId());
            if (workplaceJoinAccount != null) {
                this.mAccountHelper.setAccountData(workplaceJoinAccount, ACCOUNT_MANAGER_STORAGE_KEY_LAST_UPDATED_DEVICE_OS_VERSION, str);
                this.mAccountHelper.setAccountData(workplaceJoinAccount, ACCOUNT_MANAGER_STORAGE_KEY_LAST_DEVICE_ATTR_UPDATED_TIMESTAMP, Util.RFC3339DateToString(new Date()));
            } else {
                Logger.v(TAG + "updateRegisteredDeviceName", "No matching WPJ Data found.");
            }
        } finally {
            sLock.writeLock().unlock();
        }
    }

    public void updateWpjHomeTenantIdAsyncIfNeeded() {
        if (!sWpjTenantIdUpdateSem.tryAcquire()) {
            Logger.i(TAG + "updateWpjHomeTenantIdAsyncIfNeeded", "The operation is already being executed.");
            return;
        }
        final Account workplaceJoinAccount = getWorkplaceJoinAccount();
        if (workplaceJoinAccount == null) {
            Logger.v(TAG + "updateWpjHomeTenantIdAsyncIfNeeded", "WPJ account does not exist.");
            sWpjTenantIdUpdateSem.release();
            return;
        }
        if (!StringUtil.isEmpty(this.mAccountHelper.getAccountData(workplaceJoinAccount, ACCOUNT_MANAGER_STORAGE_KEY_WPJ_HOME_TENANT_ID))) {
            Logger.v(TAG + "updateWpjHomeTenantIdAsyncIfNeeded", "Home tenant ID already exists.");
            sWpjTenantIdUpdateSem.release();
            return;
        }
        String accountData = this.mAccountHelper.getAccountData(workplaceJoinAccount, ACCOUNT_MANAGER_STORAGE_KEY_UPN);
        if (StringUtil.isEmpty(accountData)) {
            Logger.w(TAG + "updateWpjHomeTenantIdAsyncIfNeeded", "This is not a upn-based WPJ. there's nothing else we can use to do discovery to get home tenantID.", WorkplaceJoinFailure.INTERNAL);
            sWpjTenantIdUpdateSem.release();
            return;
        }
        Logger.i(TAG + "updateWpjHomeTenantIdAsyncIfNeeded", "Tenant ID is missing, calling DRS Discovery.");
        try {
            new DRSDiscoveryRequestHandler().requestDeviceRegistrationDiscovery(this.mAccountHelper.getContext(), accountData, null, new DRSDiscoveryRequestHandler.IOnDeviceRegistrationDiscovery() { // from class: com.microsoft.workaccount.workplacejoin.WorkplaceJoinDataStore.1
                @Override // com.microsoft.workaccount.workplacejoin.core.DRSDiscoveryRequestHandler.IOnDeviceRegistrationDiscovery
                public void onEndpointsDiscovery(DRSDiscoveryRequestHandler.DRSDiscoveryResult dRSDiscoveryResult) {
                    try {
                        if (dRSDiscoveryResult == null) {
                            Logger.e(WorkplaceJoinDataStore.TAG, "Failed to get a result from requestDeviceRegistrationDiscovery()", WorkplaceJoinFailure.INTERNAL, (Exception) null);
                        } else {
                            DRSMetadata dRSMetadata = dRSDiscoveryResult.getDRSMetadata();
                            if (dRSMetadata == null) {
                                Logger.e(WorkplaceJoinDataStore.TAG, "Failed to get DRSMetadata", WorkplaceJoinFailure.DRS, dRSDiscoveryResult.getDRSException());
                                return;
                            }
                            Logger.i(WorkplaceJoinDataStore.TAG + "updateWpjHomeTenantIdAsyncIfNeeded", "Tenant ID updated.");
                            WorkplaceJoinDataStore.this.mAccountHelper.setAccountData(workplaceJoinAccount, WorkplaceJoinDataStore.ACCOUNT_MANAGER_STORAGE_KEY_WPJ_HOME_TENANT_ID, dRSMetadata.getTenantId());
                        }
                    } finally {
                        WorkplaceJoinDataStore.sWpjTenantIdUpdateSem.release();
                    }
                }
            });
        } catch (Throwable unused) {
            sWpjTenantIdUpdateSem.release();
        }
    }
}
