package com.okta.devices.encrypt;

import android.util.Base64;
import androidx.core.app.FrameMetricsAggregator;
import com.instabug.library.ui.custom.MaterialMenuDrawable;
import com.okta.devices.data.RepositoryManager;
import com.okta.devices.device.KeyProtection;
import com.okta.devices.device.SignatureHint;
import com.okta.devices.log.Log;
import com.okta.devices.model.Jwk;
import com.okta.devices.model.MethodType;
import com.okta.devices.model.MethodTypeDescription;
import com.okta.devices.model.Settings;
import com.okta.devices.model.local.KeyAliasInfo;
import com.okta.devices.model.local.KeyProtectionUsed;
import com.okta.devices.model.local.KeyType;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Iterator;
import java.util.List;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import org.jose4j.jwk.Use;
import org.jose4j.keys.EllipticCurves;

/* compiled from: KeyManager.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000l\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\t\n\u0002\u0010 \n\u0000\n\u0002\u0018\u0002\n\u0000\bÀ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u001a\u0010\u0011\u001a\u0004\u0018\u00010\u00122\u0006\u0010\u0013\u001a\u00020\u00042\u0006\u0010\u0014\u001a\u00020\u000fH\u0002J\u0010\u0010\u0015\u001a\u00020\u000f2\b\b\u0002\u0010\u0016\u001a\u00020\u0017J\u0006\u0010\u0018\u001a\u00020\u0007J\u001e\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u00042\u0006\u0010\u001e\u001a\u00020\u001fJ \u0010 \u001a\u0004\u0018\u00010\u00122\u0006\u0010!\u001a\u00020\u00042\u0006\u0010\"\u001a\u00020\u001f2\u0006\u0010\u000e\u001a\u00020\u000bJ\u0018\u0010#\u001a\u0004\u0018\u00010\u00122\u0006\u0010\u0013\u001a\u00020\u00042\u0006\u0010\u0016\u001a\u00020\u0017J?\u0010$\u001a\u00020\u001a2%\u0010%\u001a!\u0012\u0013\u0012\u00110\u000b¢\u0006\f\b\f\u0012\b\b\r\u0012\u0004\b\b(\u000e\u0012\u0004\u0012\u00020\u000f0\nj\u0002`\u00102\u0010\u0010&\u001a\f\u0012\u0004\u0012\u00020\u00070\u0006j\u0002`\bJ$\u0010'\u001a\u00020\u001a2\f\u0010(\u001a\b\u0012\u0004\u0012\u00020\u001c0)2\u000e\b\u0002\u0010*\u001a\b\u0012\u0004\u0012\u00020+0)R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u0018\u0010\u0005\u001a\f\u0012\u0004\u0012\u00020\u00070\u0006j\u0002`\bX\u0082.¢\u0006\u0002\n\u0000R-\u0010\t\u001a!\u0012\u0013\u0012\u00110\u000b¢\u0006\f\b\f\u0012\b\b\r\u0012\u0004\b\b(\u000e\u0012\u0004\u0012\u00020\u000f0\nj\u0002`\u0010X\u0082.¢\u0006\u0002\n\u0000¨\u0006,"}, d2 = {"Lcom/okta/devices/encrypt/KeyManager;", "", "()V", "TAG", "", "encryptionDelegate", "Lkotlin/Function0;", "Lcom/okta/devices/encrypt/EncryptionProvider;", "Lcom/okta/devices/device/EncryptionDelegate;", "signatureDelegate", "Lkotlin/Function1;", "Lcom/okta/devices/device/SignatureHint;", "Lkotlin/ParameterName;", "name", "hint", "Lcom/okta/devices/encrypt/DigitalSignature;", "Lcom/okta/devices/device/SignatureDelegate;", "constructJwk", "Lcom/okta/devices/model/Jwk;", "keyId", "signature", "digitalSignature", "settings", "Lcom/okta/devices/model/Settings;", "encryptionProvider", "generateAuthenticatorKeys", "", "desc", "Lcom/okta/devices/model/MethodTypeDescription;", "policyId", "userVerification", "", "getClientInstanceJwk", "oktaOrgId", "recreate", "getJwk", "init", "delegateSignature", "delegateEncryption", "removeAuthenticatorKeys", "methods", "", "types", "Lcom/okta/devices/model/local/KeyType;", "devices_release"}, k = 1, mv = {1, 4, 1})
/* loaded from: classes2.dex */
public final class KeyManager {
    public static final KeyManager INSTANCE = new KeyManager();
    private static final String TAG = "KeyManager";
    private static Function0<? extends EncryptionProvider> encryptionDelegate;
    private static Function1<? super SignatureHint, ? extends DigitalSignature> signatureDelegate;

    @Metadata(bv = {1, 0, 3}, k = 3, mv = {1, 4, 1})
    /* loaded from: classes2.dex */
    public final /* synthetic */ class WhenMappings {
        public static final /* synthetic */ int[] $EnumSwitchMapping$0;
        public static final /* synthetic */ int[] $EnumSwitchMapping$1;

        static {
            int[] iArr = new int[KeyType.values().length];
            $EnumSwitchMapping$0 = iArr;
            iArr[KeyType.PROOF_OF_POSSESSION.ordinal()] = 1;
            iArr[KeyType.USER_VERIFICATION.ordinal()] = 2;
            iArr[KeyType.TOTP_SHARED_SECRET.ordinal()] = 3;
            int[] iArr2 = new int[MethodType.values().length];
            $EnumSwitchMapping$1 = iArr2;
            iArr2[MethodType.SIGNED_NONCE.ordinal()] = 1;
            iArr2[MethodType.PUSH.ordinal()] = 2;
            iArr2[MethodType.TOTP.ordinal()] = 3;
        }
    }

    private KeyManager() {
    }

    public static final /* synthetic */ Function1 access$getSignatureDelegate$p(KeyManager keyManager) {
        Function1<? super SignatureHint, ? extends DigitalSignature> function1 = signatureDelegate;
        if (function1 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("signatureDelegate");
        }
        return function1;
    }

    private final Jwk constructJwk(String keyId, final DigitalSignature signature) {
        Function1<String, KeyProtectionUsed> function1 = new Function1<String, KeyProtectionUsed>() { // from class: com.okta.devices.encrypt.KeyManager$constructJwk$1
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(1);
            }

            @Override // kotlin.jvm.functions.Function1
            public final KeyProtectionUsed invoke(String kid) {
                Intrinsics.checkNotNullParameter(kid, "kid");
                return DigitalSignature.this.isHardwareBackedKeyStore(kid) ? KeyProtectionUsed.HARDWARE : KeyProtectionUsed.SOFTWARE;
            }
        };
        String algorithm = signature.algorithm();
        int hashCode = algorithm.hashCode();
        if (hashCode != 2206) {
            if (hashCode == 81440 && algorithm.equals("RSA")) {
                RSAPublicKeySpec spec = (RSAPublicKeySpec) KeyFactory.getInstance("RSA").getKeySpec(signature.getPublicKey(keyId), RSAPublicKeySpec.class);
                String name = function1.invoke(keyId).name();
                Intrinsics.checkNotNullExpressionValue(spec, "spec");
                return new Jwk("RSA", "RS256", keyId, name, Use.SIGNATURE, null, null, null, Base64.encodeToString(spec.getModulus().toByteArray(), 8), Base64.encodeToString(spec.getPublicExponent().toByteArray(), 8), 224, null);
            }
        } else if (algorithm.equals("EC")) {
            ECPublicKeySpec spec2 = (ECPublicKeySpec) KeyFactory.getInstance("EC").getKeySpec(signature.getPublicKey(keyId), ECPublicKeySpec.class);
            String name2 = function1.invoke(keyId).name();
            Intrinsics.checkNotNullExpressionValue(spec2, "spec");
            ECPoint w = spec2.getW();
            Intrinsics.checkNotNullExpressionValue(w, "spec.w");
            String encodeToString = Base64.encodeToString(w.getAffineX().toByteArray(), 8);
            ECPoint w2 = spec2.getW();
            Intrinsics.checkNotNullExpressionValue(w2, "spec.w");
            return new Jwk("EC", "ES256", name2, Use.SIGNATURE, EllipticCurves.P_256, null, encodeToString, Base64.encodeToString(w2.getAffineY().toByteArray(), 8), null, null, MaterialMenuDrawable.DEFAULT_TRANSFORM_DURATION, null);
        }
        throw new UnsupportedOperationException(signature.algorithm() + " is not supported");
    }

    public static /* synthetic */ DigitalSignature digitalSignature$default(KeyManager keyManager, Settings settings, int i, Object obj) throws IllegalArgumentException, UnsupportedOperationException {
        if ((i & 1) != 0) {
            settings = new Settings(null, null, null, null, null, null, null, null, null, FrameMetricsAggregator.EVERY_DURATION, null);
        }
        return keyManager.digitalSignature(settings);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static /* synthetic */ void removeAuthenticatorKeys$default(KeyManager keyManager, List list, List list2, int i, Object obj) throws KeyStoreException {
        if ((i & 2) != 0) {
            list2 = CollectionsKt.listOf((Object[]) new KeyType[]{KeyType.PROOF_OF_POSSESSION, KeyType.USER_VERIFICATION, KeyType.TOTP_SHARED_SECRET});
        }
        keyManager.removeAuthenticatorKeys(list, list2);
    }

    public final DigitalSignature digitalSignature(Settings settings) throws IllegalArgumentException, UnsupportedOperationException {
        List<String> algorithms;
        KeyProtection keyProtection;
        Intrinsics.checkNotNullParameter(settings, "settings");
        String algorithm = settings.getAlgorithm();
        if (algorithm == null || (algorithms = CollectionsKt.listOf(algorithm)) == null) {
            algorithms = settings.getAlgorithms();
        }
        if (algorithms == null) {
            algorithms = CollectionsKt.listOf("RS256");
        }
        Function1<? super SignatureHint, ? extends DigitalSignature> function1 = signatureDelegate;
        if (function1 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("signatureDelegate");
        }
        String keyProtection2 = settings.getKeyProtection();
        if (keyProtection2 == null || (keyProtection = KeyProtection.valueOf(keyProtection2)) == null) {
            keyProtection = KeyProtection.HARDWARE;
        }
        DigitalSignature invoke = function1.invoke(new SignatureHint(algorithms, keyProtection));
        if (algorithms.contains(invoke.jwsAlg())) {
            return invoke;
        }
        throw new UnsupportedOperationException(invoke.jwsAlg() + " not supported");
    }

    public final EncryptionProvider encryptionProvider() throws IllegalArgumentException, UnsupportedOperationException {
        Function0<? extends EncryptionProvider> function0 = encryptionDelegate;
        if (function0 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("encryptionDelegate");
        }
        return function0.invoke();
    }

    public final void generateAuthenticatorKeys(final MethodTypeDescription desc, final String policyId, final boolean userVerification) throws GeneralSecurityException, UnsupportedOperationException {
        Intrinsics.checkNotNullParameter(desc, "desc");
        Intrinsics.checkNotNullParameter(policyId, "policyId");
        Function1<KeyType, Unit> function1 = new Function1<KeyType, Unit>() { // from class: com.okta.devices.encrypt.KeyManager$generateAuthenticatorKeys$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            @Override // kotlin.jvm.functions.Function1
            public /* bridge */ /* synthetic */ Unit invoke(KeyType keyType) {
                invoke2(keyType);
                return Unit.INSTANCE;
            }

            /* JADX WARN: Code restructure failed: missing block: B:11:0x003f, code lost:
            
                if (r1 != null) goto L40;
             */
            /* JADX WARN: Code restructure failed: missing block: B:36:0x0117, code lost:
            
                if (r1 != null) goto L40;
             */
            /* renamed from: invoke, reason: avoid collision after fix types in other method */
            /*
                Code decompiled incorrectly, please refer to instructions dump.
                To view partially-correct add '--show-bad-code' argument
            */
            public final void invoke2(com.okta.devices.model.local.KeyType r14) {
                /*
                    Method dump skipped, instructions count: 337
                    To view this dump add '--comments-level debug' option
                */
                throw new UnsupportedOperationException("Method not decompiled: com.okta.devices.encrypt.KeyManager$generateAuthenticatorKeys$1.invoke2(com.okta.devices.model.local.KeyType):void");
            }
        };
        int i = WhenMappings.$EnumSwitchMapping$1[desc.getType().ordinal()];
        if (i == 1 || i == 2) {
            function1.invoke2(KeyType.PROOF_OF_POSSESSION);
            if (userVerification) {
                function1.invoke2(KeyType.USER_VERIFICATION);
                return;
            }
            return;
        }
        if (i != 3) {
            Log.e$default(Log.INSTANCE, TAG, desc.getType() + " is not supported", null, 4, null);
        } else {
            function1.invoke2(KeyType.TOTP_SHARED_SECRET);
        }
    }

    public final Jwk getClientInstanceJwk(String oktaOrgId, boolean recreate, SignatureHint hint) {
        Intrinsics.checkNotNullParameter(oktaOrgId, "oktaOrgId");
        Intrinsics.checkNotNullParameter(hint, "hint");
        Function1<? super SignatureHint, ? extends DigitalSignature> function1 = signatureDelegate;
        if (function1 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("signatureDelegate");
        }
        DigitalSignature invoke = function1.invoke(hint);
        if (recreate || !invoke.containsAlias(oktaOrgId)) {
            invoke.generateKeyPair(oktaOrgId, false);
        }
        return constructJwk(oktaOrgId, digitalSignature(new Settings(hint.getAlgorithms(), hint.getKeyProtection().name(), null, null, null, null, null, null, null, 508, null)));
    }

    public final Jwk getJwk(String keyId, Settings settings) throws UnsupportedOperationException, InvalidAlgorithmParameterException {
        Intrinsics.checkNotNullParameter(keyId, "keyId");
        Intrinsics.checkNotNullParameter(settings, "settings");
        KeyAliasInfo keyAliasInfo = RepositoryManager.INSTANCE.getAuthenticatorRepository().getKeyAliasInfo(keyId);
        if (keyAliasInfo != null) {
            KeyManager keyManager = INSTANCE;
            DigitalSignature digitalSignature = keyManager.digitalSignature(settings);
            if (!Intrinsics.areEqual(digitalSignature.jwsAlg(), keyAliasInfo.getAlgorithm())) {
                throw new InvalidAlgorithmParameterException("Algorithm mismatch. Expect " + keyAliasInfo.getAlgorithm() + " but received " + digitalSignature.algorithm());
            }
            Jwk constructJwk = keyManager.constructJwk(keyId, digitalSignature);
            if (constructJwk != null) {
                return constructJwk;
            }
        }
        return constructJwk(keyId, digitalSignature(settings));
    }

    public final void init(Function1<? super SignatureHint, ? extends DigitalSignature> delegateSignature, Function0<? extends EncryptionProvider> delegateEncryption) {
        Intrinsics.checkNotNullParameter(delegateSignature, "delegateSignature");
        Intrinsics.checkNotNullParameter(delegateEncryption, "delegateEncryption");
        signatureDelegate = delegateSignature;
        encryptionDelegate = delegateEncryption;
    }

    public final void removeAuthenticatorKeys(List<MethodTypeDescription> methods, List<? extends KeyType> types) throws KeyStoreException {
        String sharedSecretKid;
        String userVerificationKid;
        String proofOfPossessionKid;
        Intrinsics.checkNotNullParameter(methods, "methods");
        Intrinsics.checkNotNullParameter(types, "types");
        KeyManager$removeAuthenticatorKeys$1 keyManager$removeAuthenticatorKeys$1 = KeyManager$removeAuthenticatorKeys$1.INSTANCE;
        Iterator<T> it = methods.iterator();
        while (it.hasNext()) {
            Settings settings = ((MethodTypeDescription) it.next()).getSettings();
            if (types.contains(KeyType.PROOF_OF_POSSESSION) && (proofOfPossessionKid = settings.getProofOfPossessionKid()) != null) {
                KeyManager$removeAuthenticatorKeys$1.INSTANCE.invoke2(proofOfPossessionKid);
                settings.setProofOfPossessionKid((String) null);
            }
            if (types.contains(KeyType.USER_VERIFICATION) && (userVerificationKid = settings.getUserVerificationKid()) != null) {
                KeyManager$removeAuthenticatorKeys$1.INSTANCE.invoke2(userVerificationKid);
                settings.setUserVerificationKid((String) null);
            }
            if (types.contains(KeyType.TOTP_SHARED_SECRET) && (sharedSecretKid = settings.getSharedSecretKid()) != null) {
                KeyManager$removeAuthenticatorKeys$1.INSTANCE.invoke2(sharedSecretKid);
                settings.setSharedSecretKid((String) null);
            }
        }
    }
}
