package com.microsoft.intune.cryptography.androidapicomponent.implementation;

import android.security.KeyChainException;
import com.microsoft.intune.cryptography.androidapicomponent.abstraction.ISystemUserKeyStore;
import com.microsoft.intune.cryptography.domain.KeyChainState;
import com.microsoft.intune.utils.LoggingExtensionsKt;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.reflect.KClass;
import kotlin.text.Regex;
import kotlin.text.RegexOption;
import org.jscep.server.ScepServlet;

/* compiled from: AndroidSystemUserKeyStore.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000F\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\u0018\u0000 \u00172\u00020\u0001:\u0001\u0017B\u000f\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J6\u0010\u0005\u001a\u000e\u0012\u0004\u0012\u0002H\u0007\u0012\u0004\u0012\u00020\b0\u0006\"\u0004\b\u0000\u0010\u00072\u0006\u0010\t\u001a\u0002H\u00072\f\u0010\n\u001a\b\u0012\u0004\u0012\u0002H\u00070\u000bH\u0082\b¢\u0006\u0002\u0010\fJ\"\u0010\r\u001a\u0014\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u000f0\u000e\u0012\u0004\u0012\u00020\b0\u00062\u0006\u0010\u0010\u001a\u00020\u0011H\u0016J\u0012\u0010\u0012\u001a\u0004\u0018\u00010\u00132\u0006\u0010\u0010\u001a\u00020\u0011H\u0016J\u0012\u0010\u0014\u001a\u0004\u0018\u00010\u00152\u0006\u0010\u0010\u001a\u00020\u0011H\u0016J\u0012\u0010\u0016\u001a\u0004\u0018\u00010\u000f2\u0006\u0010\u0010\u001a\u00020\u0011H\u0016R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u0018"}, d2 = {"Lcom/microsoft/intune/cryptography/androidapicomponent/implementation/AndroidSystemUserKeyStore;", "Lcom/microsoft/intune/cryptography/androidapicomponent/abstraction/ISystemUserKeyStore;", "keyChainWrapper", "Lcom/microsoft/intune/cryptography/androidapicomponent/implementation/IKeyChainWrapper;", "(Lcom/microsoft/intune/cryptography/androidapicomponent/implementation/IKeyChainWrapper;)V", "doKeyChainOperation", "Lkotlin/Pair;", "T", "Lcom/microsoft/intune/cryptography/domain/KeyChainState;", "defaultValue", ScepServlet.OP_PARAM, "Lkotlin/Function0;", "(Ljava/lang/Object;Lkotlin/jvm/functions/Function0;)Lkotlin/Pair;", "getCertificateChain", "", "Ljava/security/cert/X509Certificate;", "alias", "", "getPrivateKey", "Ljava/security/PrivateKey;", "getPublicKey", "Ljava/security/PublicKey;", "getPublicKeyCert", "Companion", "base_userOfficialRelease"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes.dex */
public final class AndroidSystemUserKeyStore implements ISystemUserKeyStore {
    public final IKeyChainWrapper keyChainWrapper;
    public static final Logger LOGGER = LoggingExtensionsKt.logger((KClass<?>) Reflection.getOrCreateKotlinClass(AndroidSystemUserKeyStore.class));
    public static final Regex LOCKED_KEYSTORE_REGEX = new Regex("locked", RegexOption.IGNORE_CASE);

    public AndroidSystemUserKeyStore(IKeyChainWrapper keyChainWrapper) {
        Intrinsics.checkNotNullParameter(keyChainWrapper, "keyChainWrapper");
        this.keyChainWrapper = keyChainWrapper;
    }

    private final <T> Pair<T, KeyChainState> doKeyChainOperation(T defaultValue, Function0<? extends T> operation) {
        Pair<T, KeyChainState> pair;
        try {
            return new Pair<>(operation.invoke(), KeyChainState.UNLOCKED);
        } catch (KeyChainException e) {
            Regex regex = LOCKED_KEYSTORE_REGEX;
            String message = e.getMessage();
            if (message == null) {
                message = "";
            }
            if (regex.containsMatchIn(message)) {
                LOGGER.log(Level.SEVERE, "Unable to access the keystore because it is still locked", (Throwable) e);
                pair = new Pair<>(defaultValue, KeyChainState.LOCKED);
            } else {
                LOGGER.log(Level.SEVERE, "Unable to access the keystore", (Throwable) e);
                pair = new Pair<>(defaultValue, KeyChainState.UNKNOWN);
            }
            return pair;
        } catch (IllegalStateException unused) {
            LOGGER.severe("Unable to read from the system keychain on the main thread");
            return new Pair<>(defaultValue, KeyChainState.UNKNOWN);
        }
    }

    @Override // com.microsoft.intune.cryptography.androidapicomponent.abstraction.ISystemUserKeyStore
    public Pair<X509Certificate[], KeyChainState> getCertificateChain(String alias) {
        Pair<X509Certificate[], KeyChainState> pair;
        Intrinsics.checkNotNullParameter(alias, "alias");
        X509Certificate[] x509CertificateArr = new X509Certificate[0];
        try {
            X509Certificate[] certificateChain = this.keyChainWrapper.getCertificateChain(alias);
            if (certificateChain == null) {
                certificateChain = new X509Certificate[0];
            }
            return new Pair<>(certificateChain, KeyChainState.UNLOCKED);
        } catch (KeyChainException e) {
            Regex regex = LOCKED_KEYSTORE_REGEX;
            String message = e.getMessage();
            if (message == null) {
                message = "";
            }
            if (regex.containsMatchIn(message)) {
                LOGGER.log(Level.SEVERE, "Unable to access the keystore because it is still locked", (Throwable) e);
                pair = new Pair<>(x509CertificateArr, KeyChainState.LOCKED);
            } else {
                LOGGER.log(Level.SEVERE, "Unable to access the keystore", (Throwable) e);
                pair = new Pair<>(x509CertificateArr, KeyChainState.UNKNOWN);
            }
            return pair;
        } catch (IllegalStateException unused) {
            LOGGER.severe("Unable to read from the system keychain on the main thread");
            return new Pair<>(x509CertificateArr, KeyChainState.UNKNOWN);
        }
    }

    @Override // com.microsoft.intune.cryptography.androidapicomponent.abstraction.IKeyPairStore
    public PrivateKey getPrivateKey(String alias) {
        Pair pair;
        Pair pair2;
        Intrinsics.checkNotNullParameter(alias, "alias");
        try {
            pair = new Pair(this.keyChainWrapper.getPrivateKey(alias), KeyChainState.UNLOCKED);
        } catch (KeyChainException e) {
            Regex regex = LOCKED_KEYSTORE_REGEX;
            String message = e.getMessage();
            if (message == null) {
                message = "";
            }
            if (regex.containsMatchIn(message)) {
                LOGGER.log(Level.SEVERE, "Unable to access the keystore because it is still locked", (Throwable) e);
                pair2 = new Pair(null, KeyChainState.LOCKED);
            } else {
                LOGGER.log(Level.SEVERE, "Unable to access the keystore", (Throwable) e);
                pair2 = new Pair(null, KeyChainState.UNKNOWN);
            }
            pair = pair2;
        } catch (IllegalStateException unused) {
            LOGGER.severe("Unable to read from the system keychain on the main thread");
            pair = new Pair(null, KeyChainState.UNKNOWN);
        }
        return (PrivateKey) pair.component1();
    }

    @Override // com.microsoft.intune.cryptography.androidapicomponent.abstraction.IKeyPairStore
    public PublicKey getPublicKey(String alias) {
        Intrinsics.checkNotNullParameter(alias, "alias");
        X509Certificate publicKeyCert = getPublicKeyCert(alias);
        if (publicKeyCert != null) {
            return publicKeyCert.getPublicKey();
        }
        return null;
    }

    @Override // com.microsoft.intune.cryptography.androidapicomponent.abstraction.IKeyPairStore
    public X509Certificate getPublicKeyCert(String alias) {
        Intrinsics.checkNotNullParameter(alias, "alias");
        return (X509Certificate) ArraysKt___ArraysKt.getOrNull(getCertificateChain(alias).getFirst(), 0);
    }
}
