package com.microsoft.identity.common.internal.platform;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.security.KeyPairGeneratorSpec;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyInfo;
import android.security.keystore.StrongBoxUnavailableException;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.RequiresApi;
import ax.bx.cx.g82;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.adal.internal.cache.StorageHelper;
import com.microsoft.identity.common.internal.util.Supplier;
import com.microsoft.identity.common.java.crypto.IAndroidKeyStoreKeyManager;
import com.microsoft.identity.common.java.crypto.IDevicePopManager;
import com.microsoft.identity.common.java.crypto.SecureHardwareState;
import com.microsoft.identity.common.java.crypto.SigningAlgorithm;
import com.microsoft.identity.common.java.dto.AccessTokenRecord;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.marker.CodeMarkerManager;
import com.microsoft.identity.common.java.marker.PerfConstants;
import com.microsoft.identity.common.java.util.TaskCompletedCallbackWithError;
import com.microsoft.identity.common.java.util.ported.DateUtilities;
import com.microsoft.identity.common.logging.Logger;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.crypto.impl.RSAKeyUtils;
import com.nimbusds.jose.jwk.RSAKey;
import java.io.IOException;
import java.lang.reflect.Type;
import java.math.BigInteger;
import java.net.URL;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.security.auth.x500.X500Principal;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes4.dex */
public class DevicePopManager implements IDevicePopManager {
    private static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    private static final String DEFAULT_KEYSTORE_ENTRY_ALIAS = "microsoft-device-pop";
    public static final String FAILED_TO_GENERATE_ATTESTATION_CERTIFICATE_CHAIN = "Failed to generate attestation certificate chain";
    private static final String PRIVATE_KEY_NOT_FOUND = "Not an instance of a PrivateKeyEntry";
    private static final int RSA_KEY_SIZE = 2048;
    public static final String STRONG_BOX_UNAVAILABLE_EXCEPTION = "StrongBoxUnavailableException";
    private static final String TAG = "DevicePopManager";
    private final Context mContext;
    private final IAndroidKeyStoreKeyManager<KeyStore.PrivateKeyEntry> mKeyManager;
    private static final Charset UTF8 = Charset.forName("UTF-8");
    public static final Type MAP_STRING_STRING_TYPE = TypeToken.getParameterized(Map.class, String.class, String.class).getType();
    public static final Gson GSON = new Gson();
    private static final ExecutorService sThreadExecutor = Executors.newFixedThreadPool(5);
    private static final CodeMarkerManager sCodeMarkerManager = CodeMarkerManager.getInstance();

    /* renamed from: com.microsoft.identity.common.internal.platform.DevicePopManager$5, reason: invalid class name */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class AnonymousClass5 {
        public static final /* synthetic */ int[] $SwitchMap$com$microsoft$identity$common$java$crypto$IDevicePopManager$PublicKeyFormat;

        static {
            int[] iArr = new int[IDevicePopManager.PublicKeyFormat.values().length];
            $SwitchMap$com$microsoft$identity$common$java$crypto$IDevicePopManager$PublicKeyFormat = iArr;
            try {
                iArr[IDevicePopManager.PublicKeyFormat.X_509_SubjectPublicKeyInfo_ASN_1.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$microsoft$identity$common$java$crypto$IDevicePopManager$PublicKeyFormat[IDevicePopManager.PublicKeyFormat.JWK.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes4.dex */
    public static final class CertificateProperties {
        public static final int CERTIFICATE_VALIDITY_YEARS = 99;
        public static final String COMMON_NAME = "CN=device-pop";
        public static final BigInteger SERIAL_NUMBER = BigInteger.ONE;

        private CertificateProperties() {
        }
    }

    /* loaded from: classes4.dex */
    public static final class KeyPairGeneratorAlgorithms {
        public static final String RSA = "RSA";
    }

    /* loaded from: classes4.dex */
    public static final class SignedHttpRequestJwtClaims {
        private static final String ACCESS_TOKEN = "at";
        private static final String CLIENT_CLAIMS = "client_claims";
        private static final String CNF = "cnf";
        private static final String HTTP_HOST = "u";
        private static final String HTTP_METHOD = "m";
        private static final String HTTP_PATH = "p";
        public static final String JWK = "jwk";
        private static final String NONCE = "nonce";
        private static final String TIMESTAMP = "ts";

        private SignedHttpRequestJwtClaims() {
        }
    }

    public DevicePopManager(@NonNull Context context) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        this(context, DEFAULT_KEYSTORE_ENTRY_ALIAS);
    }

    public DevicePopManager(@NonNull Context context, @NonNull String str) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
        keyStore.load(null);
        this.mKeyManager = DeviceKeyManager.builder().keyAlias(str).keyStore(keyStore).thumbprintSupplier(new Supplier<byte[]>() { // from class: com.microsoft.identity.common.internal.platform.DevicePopManager.1
            @Override // com.microsoft.identity.common.internal.util.Supplier
            public byte[] get() {
                try {
                    return DevicePopManager.this.getAsymmetricKeyThumbprint().getBytes(DevicePopManager.UTF8);
                } catch (ClientException e) {
                    throw e;
                }
            }
        }).build();
        this.mContext = context;
    }

    @NonNull
    @RequiresApi(28)
    @SuppressLint({"NewApi"})
    private static KeyGenParameterSpec.Builder applyHardwareIsolation(@NonNull KeyGenParameterSpec.Builder builder) {
        return builder.setIsStrongBoxBacked(true);
    }

    private static String base64UrlEncode(@NonNull String str) {
        return Base64.encodeToString(str.getBytes(UTF8), 11);
    }

    @RequiresApi(api = 18)
    private KeyPair generateNewKeyPair(@NonNull Context context, boolean z, boolean z2, boolean z3) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, StrongBoxUnavailableException {
        KeyPair generateKeyPair;
        synchronized ((DateUtilities.isLocaleCalendarNonGregorian(Locale.getDefault()) ? DateUtilities.LOCALE_CHANGE_LOCK : new Object())) {
            Locale locale = Locale.getDefault();
            StorageHelper.applyKeyStoreLocaleWorkarounds(locale);
            try {
                generateKeyPair = getInitializedRsaKeyPairGenerator(context, 2048, z, z2, z3).generateKeyPair();
            } finally {
                Locale.setDefault(locale);
            }
        }
        return generateKeyPair;
    }

    @SuppressLint({"NewApi"})
    private KeyPair generateNewRsaKeyPair(@NonNull Context context, int i) throws UnsupportedOperationException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException {
        for (int i2 = 0; i2 < 4; i2++) {
            KeyPair keyPair = null;
            boolean z = false;
            boolean z2 = true;
            boolean z3 = true;
            boolean z4 = true;
            while (!z) {
                try {
                    keyPair = generateNewKeyPair(context, z2, z3, z4);
                    z = true;
                } catch (ProviderException e) {
                    if (z2 && isStrongBoxUnavailableException(e)) {
                        z2 = false;
                    } else if (z3 && e.getClass().getSimpleName().equals("SecureKeyImportUnavailableException")) {
                        Logger.error(TAG, "Import unsupported - skipping import flags.", e);
                        if (z2 && e.getCause() != null && isStrongBoxUnavailableException(e.getCause())) {
                            z2 = false;
                        }
                        z3 = false;
                    } else {
                        if (!z4 || !FAILED_TO_GENERATE_ATTESTATION_CERTIFICATE_CHAIN.equalsIgnoreCase(e.getMessage())) {
                            clearAsymmetricKey();
                            throw e;
                        }
                        Logger.error(TAG, "Failed to generate attestation cert - skipping flag.", e);
                        z4 = false;
                    }
                }
            }
            int keyBitLength = RSAKeyUtils.keyBitLength(keyPair.getPrivate());
            if (keyBitLength >= i || keyBitLength < 0) {
                getSecureHardwareState(keyPair);
                return keyPair;
            }
        }
        clearAsymmetricKey();
        throw new UnsupportedOperationException("Failed to generate valid KeyPair. Attempted 4 times.");
    }

    private Map<String, Object> getDevicePopJwkMinifiedJson() throws UnrecoverableEntryException, NoSuchAlgorithmException, KeyStoreException {
        Map<String, Object> jSONObject = getRsaKeyForKeyPair(getKeyPairForEntry(this.mKeyManager.getEntry())).toPublicJWK().toJSONObject();
        HashMap hashMap = new HashMap();
        hashMap.put(SignedHttpRequestJwtClaims.JWK, jSONObject);
        return hashMap;
    }

    @RequiresApi(api = 18)
    private KeyPairGenerator getInitializedRsaKeyPairGenerator(@NonNull Context context, int i, boolean z, boolean z2, boolean z3) throws InvalidAlgorithmParameterException, NoSuchProviderException, NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KeyPairGeneratorAlgorithms.RSA, ANDROID_KEYSTORE);
        initialize(context, keyPairGenerator, i, z, z2, z3);
        return keyPairGenerator;
    }

    @NonNull
    private String getJwkPublicKey() throws ClientException {
        String str;
        try {
            return GSON.l(getDevicePopJwkMinifiedJson().get(SignedHttpRequestJwtClaims.JWK), MAP_STRING_STRING_TYPE);
        } catch (KeyStoreException e) {
            e = e;
            str = ClientException.KEYSTORE_NOT_INITIALIZED;
            ClientException clientException = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG, clientException.getMessage(), clientException);
            throw clientException;
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            str = "no_such_algorithm";
            ClientException clientException2 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG, clientException2.getMessage(), clientException2);
            throw clientException2;
        } catch (UnrecoverableEntryException e3) {
            e = e3;
            str = ClientException.INVALID_PROTECTION_PARAMS;
            ClientException clientException22 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG, clientException22.getMessage(), clientException22);
            throw clientException22;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static KeyPair getKeyPairForEntry(@NonNull KeyStore.PrivateKeyEntry privateKeyEntry) {
        return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
    }

    private static Date getNow(@NonNull Calendar calendar) {
        return calendar.getTime();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getReqCnfForRsaKey(@NonNull RSAKey rSAKey) throws JOSEException, JSONException {
        return base64UrlEncode(new JSONObject().put(AccessTokenRecord.SerializedNames.KID, getThumbprintForRsaKey(rSAKey)).toString());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static RSAKey getRsaKeyForKeyPair(@NonNull KeyPair keyPair) {
        return new RSAKey.Builder((RSAPublicKey) keyPair.getPublic()).keyUse(null).build();
    }

    public static String getRsaThumbprint(@NonNull KeyStore.PrivateKeyEntry privateKeyEntry) throws JOSEException {
        return getThumbprintForRsaKey(getRsaKeyForKeyPair(getKeyPairForEntry(privateKeyEntry)));
    }

    private SecureHardwareState getSecureHardwareState(@NonNull KeyPair keyPair) {
        if (Build.VERSION.SDK_INT < 23) {
            Logger.info(TAG, "Cannot query secure hardware state (API unavailable <23)");
            return SecureHardwareState.UNKNOWN_DOWNLEVEL;
        }
        try {
            PrivateKey privateKey = keyPair.getPrivate();
            boolean isInsideSecureHardware = ((KeyInfo) KeyFactory.getInstance(privateKey.getAlgorithm(), ANDROID_KEYSTORE).getKeySpec(privateKey, KeyInfo.class)).isInsideSecureHardware();
            Logger.info(TAG, "SecretKey is secure hardware backed? " + isInsideSecureHardware);
            return isInsideSecureHardware ? SecureHardwareState.TRUE_UNATTESTED : SecureHardwareState.FALSE;
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
            Logger.error(TAG, "Failed to query secure hardware state.", e);
            return SecureHardwareState.UNKNOWN_QUERY_ERROR;
        }
    }

    private static String getThumbprintForRsaKey(@NonNull RSAKey rSAKey) throws JOSEException {
        return rSAKey.computeThumbprint().toString();
    }

    private String getX509SubjectPublicKeyInfo() throws ClientException {
        String str;
        try {
            return new String(Base64.encode(getKeyPairForEntry(this.mKeyManager.getEntry()).getPublic().getEncoded(), 0), AuthenticationConstants.CHARSET_UTF8);
        } catch (KeyStoreException e) {
            e = e;
            str = ClientException.KEYSTORE_NOT_INITIALIZED;
            ClientException clientException = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG, clientException.getMessage(), clientException);
            throw clientException;
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            str = "no_such_algorithm";
            ClientException clientException2 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG, clientException2.getMessage(), clientException2);
            throw clientException2;
        } catch (UnrecoverableEntryException e3) {
            e = e3;
            str = ClientException.INVALID_PROTECTION_PARAMS;
            ClientException clientException22 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG, clientException22.getMessage(), clientException22);
            throw clientException22;
        }
    }

    @RequiresApi(api = 18)
    private void initialize(@NonNull Context context, @NonNull KeyPairGenerator keyPairGenerator, int i, boolean z, boolean z2, boolean z3) throws InvalidAlgorithmParameterException {
        int i2 = Build.VERSION.SDK_INT;
        if (i2 < 23) {
            initializePre23(context, keyPairGenerator, i);
        } else if (i2 < 28) {
            initialize23(keyPairGenerator, i, z, z3);
        } else {
            initialize28(keyPairGenerator, i, z, z2, z3);
        }
    }

    @RequiresApi(api = 23)
    @SuppressLint({"InlinedApi"})
    private void initialize23(@NonNull KeyPairGenerator keyPairGenerator, int i, boolean z, boolean z2) throws InvalidAlgorithmParameterException {
        KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder(this.mKeyManager.getKeyAlias(), 15).setKeySize(i).setSignaturePaddings("PKCS1").setDigests("NONE", IDevicePopManager.SHA_1, "SHA-256").setEncryptionPaddings("OAEPPadding", "PKCS1Padding");
        if (z2 && Build.VERSION.SDK_INT >= 24) {
            encryptionPaddings = setAttestationChallenge(encryptionPaddings);
        }
        if (Build.VERSION.SDK_INT >= 28 && z) {
            Logger.verbose(TAG, "Attempting to apply StrongBox isolation.");
            encryptionPaddings = applyHardwareIsolation(encryptionPaddings);
        }
        keyPairGenerator.initialize(encryptionPaddings.build());
    }

    @RequiresApi(api = 28)
    @SuppressLint({"InlinedApi"})
    private void initialize28(@NonNull KeyPairGenerator keyPairGenerator, int i, boolean z, boolean z2, boolean z3) throws InvalidAlgorithmParameterException {
        KeyGenParameterSpec.Builder encryptionPaddings = new KeyGenParameterSpec.Builder(this.mKeyManager.getKeyAlias(), (!z2 || Build.VERSION.SDK_INT < 28) ? 15 : 47).setKeySize(i).setSignaturePaddings("PKCS1").setDigests("NONE", IDevicePopManager.SHA_1, "SHA-256").setEncryptionPaddings("OAEPPadding", "PKCS1Padding");
        if (z3 && Build.VERSION.SDK_INT >= 24) {
            encryptionPaddings = setAttestationChallenge(encryptionPaddings);
        }
        if (Build.VERSION.SDK_INT >= 28 && z) {
            Logger.verbose(TAG, "Attempting to apply StrongBox isolation.");
            encryptionPaddings = applyHardwareIsolation(encryptionPaddings);
        }
        keyPairGenerator.initialize(encryptionPaddings.build());
    }

    @RequiresApi(api = 18)
    @SuppressLint({"NewApi"})
    private void initializePre23(@NonNull Context context, @NonNull KeyPairGenerator keyPairGenerator, int i) throws InvalidAlgorithmParameterException {
        Calendar calendar = Calendar.getInstance();
        Date now = getNow(calendar);
        calendar.add(1, 99);
        KeyPairGeneratorSpec.Builder subject = new KeyPairGeneratorSpec.Builder(context).setAlias(this.mKeyManager.getKeyAlias()).setStartDate(now).setEndDate(calendar.getTime()).setSerialNumber(CertificateProperties.SERIAL_NUMBER).setSubject(new X500Principal(CertificateProperties.COMMON_NAME));
        subject.setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(i, RSAKeyGenParameterSpec.F4));
        keyPairGenerator.initialize(subject.build());
    }

    private static boolean isStrongBoxUnavailableException(@NonNull Throwable th) {
        boolean equals = th.getClass().getSimpleName().equals(STRONG_BOX_UNAVAILABLE_EXCEPTION);
        if (equals) {
            Logger.error(TAG + ":isStrongBoxUnavailableException", "StrongBox not supported.", th);
        }
        return equals;
    }

    /* JADX WARN: Removed duplicated region for block: B:25:0x00a9  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String mintSignedHttpRequestInternal(@androidx.annotation.Nullable java.lang.String r3, long r4, @androidx.annotation.NonNull java.net.URL r6, @androidx.annotation.Nullable java.lang.String r7, @androidx.annotation.Nullable java.lang.String r8, @androidx.annotation.Nullable java.lang.String r9) throws com.microsoft.identity.common.java.exception.ClientException {
        /*
            r2 = this;
            com.nimbusds.jwt.JWTClaimsSet$Builder r0 = new com.nimbusds.jwt.JWTClaimsSet$Builder     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            r0.<init>()     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            boolean r1 = android.text.TextUtils.isEmpty(r7)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            if (r1 != 0) goto L10
            java.lang.String r1 = "at"
            r0.claim(r1, r7)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
        L10:
            java.lang.String r7 = "ts"
            java.lang.Long r4 = java.lang.Long.valueOf(r4)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            r0.claim(r7, r4)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            java.lang.String r4 = "u"
            java.lang.String r5 = r6.getAuthority()     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            r0.claim(r4, r5)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            java.lang.String r4 = "cnf"
            java.util.Map r5 = r2.getDevicePopJwkMinifiedJson()     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            r0.claim(r4, r5)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            java.lang.String r4 = r6.getPath()     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            boolean r4 = android.text.TextUtils.isEmpty(r4)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            if (r4 != 0) goto L3e
            java.lang.String r4 = "p"
            java.lang.String r5 = r6.getPath()     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            r0.claim(r4, r5)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
        L3e:
            boolean r4 = android.text.TextUtils.isEmpty(r3)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            if (r4 != 0) goto L49
            java.lang.String r4 = "m"
            r0.claim(r4, r3)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
        L49:
            boolean r3 = android.text.TextUtils.isEmpty(r8)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            if (r3 != 0) goto L54
            java.lang.String r3 = "nonce"
            r0.claim(r3, r8)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
        L54:
            boolean r3 = android.text.TextUtils.isEmpty(r9)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            if (r3 != 0) goto L5f
            java.lang.String r3 = "client_claims"
            r0.claim(r3, r9)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
        L5f:
            com.nimbusds.jwt.JWTClaimsSet r3 = r0.build()     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            com.microsoft.identity.common.java.crypto.IAndroidKeyStoreKeyManager<java.security.KeyStore$PrivateKeyEntry> r4 = r2.mKeyManager     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            java.security.KeyStore$Entry r4 = r4.getEntry()     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            java.security.KeyStore$PrivateKeyEntry r4 = (java.security.KeyStore.PrivateKeyEntry) r4     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            java.security.PrivateKey r4 = r4.getPrivateKey()     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            com.nimbusds.jose.crypto.RSASSASigner r5 = new com.nimbusds.jose.crypto.RSASSASigner     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            r5.<init>(r4)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            com.nimbusds.jwt.SignedJWT r4 = new com.nimbusds.jwt.SignedJWT     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            com.nimbusds.jose.JWSHeader$Builder r6 = new com.nimbusds.jose.JWSHeader$Builder     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            com.nimbusds.jose.JWSAlgorithm r7 = com.nimbusds.jose.JWSAlgorithm.RS256     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            r6.<init>(r7)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            java.lang.String r7 = r2.getAsymmetricKeyThumbprint()     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            com.nimbusds.jose.JWSHeader$Builder r6 = r6.keyID(r7)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            com.nimbusds.jose.JWSHeader r6 = r6.build()     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            r4.<init>(r6, r3)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            r4.sign(r5)     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            java.lang.String r3 = r4.serialize()     // Catch: java.security.UnrecoverableEntryException -> L94 com.nimbusds.jose.JOSEException -> L98 java.security.KeyStoreException -> L9c java.security.NoSuchAlgorithmException -> La0
            return r3
        L94:
            r3 = move-exception
            java.lang.String r4 = "protection_params_invalid"
            goto La3
        L98:
            r3 = move-exception
            java.lang.String r4 = "failed_to_sign_jwt"
            goto La3
        L9c:
            r3 = move-exception
            java.lang.String r4 = "keystore_not_initialized"
            goto La3
        La0:
            r3 = move-exception
            java.lang.String r4 = "no_such_algorithm"
        La3:
            int r5 = android.os.Build.VERSION.SDK_INT
            r6 = 23
            if (r5 < r6) goto Lbb
            java.lang.Throwable r5 = r3.getCause()
            boolean r5 = r5 instanceof android.security.keystore.KeyPermanentlyInvalidatedException
            if (r5 == 0) goto Lbb
            java.lang.String r5 = com.microsoft.identity.common.internal.platform.DevicePopManager.TAG
            java.lang.String r6 = "Unable to access asymmetric key - clearing."
            com.microsoft.identity.common.logging.Logger.warn(r5, r6)
            r2.clearAsymmetricKey()
        Lbb:
            com.microsoft.identity.common.java.exception.ClientException r5 = new com.microsoft.identity.common.java.exception.ClientException
            java.lang.String r6 = r3.getMessage()
            r5.<init>(r4, r6, r3)
            java.lang.String r3 = com.microsoft.identity.common.internal.platform.DevicePopManager.TAG
            java.lang.String r4 = r5.getMessage()
            com.microsoft.identity.common.logging.Logger.error(r3, r4, r5)
            throw r5
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.identity.common.internal.platform.DevicePopManager.mintSignedHttpRequestInternal(java.lang.String, long, java.net.URL, java.lang.String, java.lang.String, java.lang.String):java.lang.String");
    }

    @NonNull
    @RequiresApi(24)
    @SuppressLint({"NewApi"})
    private KeyGenParameterSpec.Builder setAttestationChallenge(@NonNull KeyGenParameterSpec.Builder builder) {
        return builder.setAttestationChallenge(new byte[0]);
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public boolean asymmetricKeyExists() {
        return this.mKeyManager.exists();
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public boolean asymmetricKeyExists(@NonNull String str) {
        return this.mKeyManager.hasThumbprint(str.getBytes(UTF8));
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public boolean clearAsymmetricKey() {
        return this.mKeyManager.clear();
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public String decrypt(@NonNull IDevicePopManager.Cipher cipher, @NonNull String str) throws ClientException {
        return new String(decrypt(cipher, Base64.decode(str, 3)), UTF8);
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public byte[] decrypt(@NonNull IDevicePopManager.Cipher cipher, byte[] bArr) throws ClientException {
        String str = "no_such_algorithm";
        try {
            PrivateKey privateKey = this.mKeyManager.getEntry().getPrivateKey();
            Cipher cipher2 = Cipher.getInstance(cipher.toString());
            if (cipher.getParameters() != null) {
                cipher2.init(2, privateKey, cipher.getParameters());
            } else {
                cipher2.init(2, privateKey);
            }
            return cipher2.doFinal(bArr);
        } catch (InvalidAlgorithmParameterException e) {
            e = e;
            str = ClientException.INVALID_ALG_PARAMETER;
            ClientException clientException = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":decrypt", str, e);
            throw clientException;
        } catch (InvalidKeyException e2) {
            e = e2;
            str = ClientException.INVALID_KEY;
            ClientException clientException2 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":decrypt", str, e);
            throw clientException2;
        } catch (KeyStoreException e3) {
            e = e3;
            str = ClientException.KEYSTORE_NOT_INITIALIZED;
            ClientException clientException22 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":decrypt", str, e);
            throw clientException22;
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            ClientException clientException222 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":decrypt", str, e);
            throw clientException222;
        } catch (UnrecoverableEntryException e5) {
            e = e5;
            str = ClientException.INVALID_PROTECTION_PARAMS;
            ClientException clientException2222 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":decrypt", str, e);
            throw clientException2222;
        } catch (BadPaddingException e6) {
            e = e6;
            str = ClientException.BAD_PADDING;
            ClientException clientException22222 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":decrypt", str, e);
            throw clientException22222;
        } catch (IllegalBlockSizeException e7) {
            e = e7;
            str = ClientException.INVALID_BLOCK_SIZE;
            ClientException clientException222222 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":decrypt", str, e);
            throw clientException222222;
        } catch (NoSuchPaddingException e8) {
            e = e8;
            ClientException clientException2222222 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":decrypt", str, e);
            throw clientException2222222;
        }
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public String encrypt(@NonNull IDevicePopManager.Cipher cipher, @NonNull String str) throws ClientException {
        return Base64.encodeToString(encrypt(cipher, str.getBytes(UTF8)), 3);
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public byte[] encrypt(@NonNull IDevicePopManager.Cipher cipher, @NonNull byte[] bArr) throws ClientException {
        String str;
        try {
            PublicKey publicKey = this.mKeyManager.getEntry().getCertificate().getPublicKey();
            Cipher cipher2 = Cipher.getInstance(cipher.toString());
            if (cipher.getParameters() != null) {
                cipher2.init(1, publicKey, cipher.getParameters());
            } else {
                cipher2.init(1, publicKey);
            }
            return cipher2.doFinal(bArr);
        } catch (InvalidAlgorithmParameterException e) {
            e = e;
            str = ClientException.INVALID_ALG_PARAMETER;
            ClientException clientException = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":encrypt", str, e);
            throw clientException;
        } catch (InvalidKeyException e2) {
            e = e2;
            str = ClientException.INVALID_KEY;
            ClientException clientException2 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":encrypt", str, e);
            throw clientException2;
        } catch (KeyStoreException e3) {
            e = e3;
            str = ClientException.KEYSTORE_NOT_INITIALIZED;
            ClientException clientException22 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":encrypt", str, e);
            throw clientException22;
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            str = "no_such_algorithm";
            ClientException clientException222 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":encrypt", str, e);
            throw clientException222;
        } catch (UnrecoverableEntryException e5) {
            e = e5;
            str = ClientException.INVALID_PROTECTION_PARAMS;
            ClientException clientException2222 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":encrypt", str, e);
            throw clientException2222;
        } catch (BadPaddingException e6) {
            e = e6;
            str = ClientException.BAD_PADDING;
            ClientException clientException22222 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":encrypt", str, e);
            throw clientException22222;
        } catch (IllegalBlockSizeException e7) {
            e = e7;
            str = ClientException.INVALID_BLOCK_SIZE;
            ClientException clientException222222 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":encrypt", str, e);
            throw clientException222222;
        } catch (NoSuchPaddingException e8) {
            e = e8;
            str = ClientException.NO_SUCH_PADDING;
            ClientException clientException2222222 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":encrypt", str, e);
            throw clientException2222222;
        }
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public String generateAsymmetricKey() throws ClientException {
        String str;
        try {
            CodeMarkerManager codeMarkerManager = sCodeMarkerManager;
            codeMarkerManager.markCode(PerfConstants.CodeMarkerConstants.GENERATE_AT_POP_ASYMMETRIC_KEYPAIR_START);
            String thumbprintForRsaKey = getThumbprintForRsaKey(getRsaKeyForKeyPair(generateNewRsaKeyPair(this.mContext, 2048)));
            codeMarkerManager.markCode(PerfConstants.CodeMarkerConstants.GENERATE_AT_POP_ASYMMETRIC_KEYPAIR_END);
            return thumbprintForRsaKey;
        } catch (JOSEException e) {
            e = e;
            str = ClientException.THUMBPRINT_COMPUTATION_FAILURE;
            sCodeMarkerManager.markCode(PerfConstants.CodeMarkerConstants.GENERATE_AT_POP_ASYMMETRIC_KEYPAIR_END);
            ClientException clientException = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG, clientException.getMessage(), clientException);
            throw clientException;
        } catch (UnsupportedOperationException e2) {
            e = e2;
            str = ClientException.BAD_KEY_SIZE;
            sCodeMarkerManager.markCode(PerfConstants.CodeMarkerConstants.GENERATE_AT_POP_ASYMMETRIC_KEYPAIR_END);
            ClientException clientException2 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG, clientException2.getMessage(), clientException2);
            throw clientException2;
        } catch (InvalidAlgorithmParameterException e3) {
            e = e3;
            str = ClientException.INVALID_ALG;
            sCodeMarkerManager.markCode(PerfConstants.CodeMarkerConstants.GENERATE_AT_POP_ASYMMETRIC_KEYPAIR_END);
            ClientException clientException22 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG, clientException22.getMessage(), clientException22);
            throw clientException22;
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            str = "no_such_algorithm";
            sCodeMarkerManager.markCode(PerfConstants.CodeMarkerConstants.GENERATE_AT_POP_ASYMMETRIC_KEYPAIR_END);
            ClientException clientException222 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG, clientException222.getMessage(), clientException222);
            throw clientException222;
        } catch (NoSuchProviderException e5) {
            e = e5;
            str = ClientException.ANDROID_KEYSTORE_UNAVAILABLE;
            sCodeMarkerManager.markCode(PerfConstants.CodeMarkerConstants.GENERATE_AT_POP_ASYMMETRIC_KEYPAIR_END);
            ClientException clientException2222 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG, clientException2222.getMessage(), clientException2222);
            throw clientException2222;
        } catch (Throwable th) {
            sCodeMarkerManager.markCode(PerfConstants.CodeMarkerConstants.GENERATE_AT_POP_ASYMMETRIC_KEYPAIR_END);
            throw th;
        }
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public void generateAsymmetricKey(@NonNull final TaskCompletedCallbackWithError<String, ClientException> taskCompletedCallbackWithError) {
        sThreadExecutor.submit(new Runnable() { // from class: com.microsoft.identity.common.internal.platform.DevicePopManager.2
            @Override // java.lang.Runnable
            public void run() {
                try {
                    taskCompletedCallbackWithError.onTaskCompleted(DevicePopManager.this.generateAsymmetricKey());
                } catch (ClientException e) {
                    taskCompletedCallbackWithError.onError(e);
                }
            }
        });
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    @Nullable
    public Date getAsymmetricKeyCreationDate() throws ClientException {
        return this.mKeyManager.getCreationDate();
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public String getAsymmetricKeyThumbprint() throws ClientException {
        String str;
        try {
            return getRsaThumbprint(this.mKeyManager.getEntry());
        } catch (JOSEException e) {
            e = e;
            str = ClientException.THUMBPRINT_COMPUTATION_FAILURE;
            throw new ClientException(str, e.getMessage(), e);
        } catch (KeyStoreException e2) {
            e = e2;
            str = ClientException.KEYSTORE_NOT_INITIALIZED;
            throw new ClientException(str, e.getMessage(), e);
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            str = "no_such_algorithm";
            throw new ClientException(str, e.getMessage(), e);
        } catch (UnrecoverableEntryException e4) {
            e = e4;
            str = ClientException.INVALID_PROTECTION_PARAMS;
            throw new ClientException(str, e.getMessage(), e);
        }
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public Certificate[] getCertificateChain() throws ClientException {
        return this.mKeyManager.getCertificateChain();
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public IAndroidKeyStoreKeyManager<KeyStore.PrivateKeyEntry> getKeyManager() {
        return this.mKeyManager;
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    @NonNull
    public String getPublicKey(@NonNull IDevicePopManager.PublicKeyFormat publicKeyFormat) throws ClientException {
        int i = AnonymousClass5.$SwitchMap$com$microsoft$identity$common$java$crypto$IDevicePopManager$PublicKeyFormat[publicKeyFormat.ordinal()];
        if (i == 1) {
            return getX509SubjectPublicKeyInfo();
        }
        if (i == 2) {
            return getJwkPublicKey();
        }
        String str = "Unrecognized or unsupported key format: " + publicKeyFormat;
        ClientException clientException = new ClientException(ClientException.UNKNOWN_EXPORT_FORMAT, str);
        Logger.error(TAG + ":getPublicKey", str, clientException);
        throw clientException;
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public PublicKey getPublicKey() throws UnrecoverableEntryException, NoSuchAlgorithmException, KeyStoreException {
        return this.mKeyManager.getEntry().getCertificate().getPublicKey();
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public String getRequestConfirmation() throws ClientException {
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        final String[] strArr = new String[1];
        final ClientException[] clientExceptionArr = new ClientException[1];
        getRequestConfirmation(new TaskCompletedCallbackWithError<String, ClientException>() { // from class: com.microsoft.identity.common.internal.platform.DevicePopManager.3
            @Override // com.microsoft.identity.common.java.util.TaskCompletedCallbackWithError
            public void onError(@NonNull ClientException clientException) {
                clientExceptionArr[0] = clientException;
                countDownLatch.countDown();
            }

            @Override // com.microsoft.identity.common.java.util.TaskCompletedCallback
            public void onTaskCompleted(@NonNull String str) {
                strArr[0] = str;
                countDownLatch.countDown();
            }
        });
        try {
            countDownLatch.await();
            if (strArr[0] != null) {
                return strArr[0];
            }
            throw clientExceptionArr[0];
        } catch (InterruptedException e) {
            Logger.error(TAG, "Interrupted while waiting on callback.", e);
            throw new ClientException(ClientException.INTERRUPTED_OPERATION, e.getMessage(), e);
        }
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public void getRequestConfirmation(@NonNull final TaskCompletedCallbackWithError<String, ClientException> taskCompletedCallbackWithError) {
        sThreadExecutor.submit(new Runnable() { // from class: com.microsoft.identity.common.internal.platform.DevicePopManager.4
            @Override // java.lang.Runnable
            public void run() {
                String str;
                try {
                    taskCompletedCallbackWithError.onTaskCompleted(DevicePopManager.getReqCnfForRsaKey(DevicePopManager.getRsaKeyForKeyPair(DevicePopManager.getKeyPairForEntry((KeyStore.PrivateKeyEntry) DevicePopManager.this.mKeyManager.getEntry()))));
                } catch (JOSEException e) {
                    e = e;
                    str = ClientException.THUMBPRINT_COMPUTATION_FAILURE;
                    ClientException clientException = new ClientException(str, e.getMessage(), e);
                    Logger.error(DevicePopManager.TAG, clientException.getMessage(), clientException);
                    taskCompletedCallbackWithError.onError(clientException);
                } catch (KeyStoreException e2) {
                    e = e2;
                    str = ClientException.KEYSTORE_NOT_INITIALIZED;
                    ClientException clientException2 = new ClientException(str, e.getMessage(), e);
                    Logger.error(DevicePopManager.TAG, clientException2.getMessage(), clientException2);
                    taskCompletedCallbackWithError.onError(clientException2);
                } catch (NoSuchAlgorithmException e3) {
                    e = e3;
                    str = "no_such_algorithm";
                    ClientException clientException22 = new ClientException(str, e.getMessage(), e);
                    Logger.error(DevicePopManager.TAG, clientException22.getMessage(), clientException22);
                    taskCompletedCallbackWithError.onError(clientException22);
                } catch (UnrecoverableEntryException e4) {
                    e = e4;
                    str = ClientException.INVALID_PROTECTION_PARAMS;
                    ClientException clientException222 = new ClientException(str, e.getMessage(), e);
                    Logger.error(DevicePopManager.TAG, clientException222.getMessage(), clientException222);
                    taskCompletedCallbackWithError.onError(clientException222);
                } catch (JSONException e5) {
                    e = e5;
                    str = ClientException.JSON_CONSTRUCTION_FAILED;
                    ClientException clientException2222 = new ClientException(str, e.getMessage(), e);
                    Logger.error(DevicePopManager.TAG, clientException2222.getMessage(), clientException2222);
                    taskCompletedCallbackWithError.onError(clientException2222);
                }
            }
        });
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public SecureHardwareState getSecureHardwareState() throws ClientException {
        String str;
        try {
            return getSecureHardwareState(getKeyPairForEntry(this.mKeyManager.getEntry()));
        } catch (KeyStoreException e) {
            e = e;
            str = ClientException.KEYSTORE_NOT_INITIALIZED;
            ClientException clientException = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":getSecureHardwareState", str, e);
            throw clientException;
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            str = "no_such_algorithm";
            ClientException clientException2 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":getSecureHardwareState", str, e);
            throw clientException2;
        } catch (UnrecoverableEntryException e3) {
            e = e3;
            str = ClientException.INVALID_PROTECTION_PARAMS;
            ClientException clientException22 = new ClientException(str, e.getMessage(), e);
            Logger.error(TAG + ":getSecureHardwareState", str, e);
            throw clientException22;
        }
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public String mintSignedAccessToken(@Nullable String str, long j, @NonNull URL url, @NonNull String str2, @Nullable String str3) throws ClientException {
        return mintSignedAccessToken(str, j, url, str2, str3, null);
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public String mintSignedAccessToken(@Nullable String str, long j, @NonNull URL url, @NonNull String str2, @Nullable String str3, @Nullable String str4) throws ClientException {
        return mintSignedHttpRequestInternal(str, j, url, str2, str3, str4);
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public String mintSignedHttpRequest(@Nullable String str, long j, @NonNull URL url, @Nullable String str2, @Nullable String str3) throws ClientException {
        return mintSignedHttpRequestInternal(str, j, url, null, str2, str3);
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    @NonNull
    public String sign(@NonNull SigningAlgorithm signingAlgorithm, @NonNull String str) throws ClientException {
        return Base64.encodeToString(sign(signingAlgorithm, str.getBytes(UTF8)), 2);
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public byte[] sign(@NonNull SigningAlgorithm signingAlgorithm, @NonNull byte[] bArr) throws ClientException {
        String str;
        try {
            KeyStore.PrivateKeyEntry entry = this.mKeyManager.getEntry();
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                Signature signature = Signature.getInstance(signingAlgorithm.toString());
                signature.initSign(entry.getPrivateKey());
                signature.update(bArr);
                return signature.sign();
            }
            Logger.warn(TAG + ":sign", PRIVATE_KEY_NOT_FOUND);
            throw new ClientException(ClientException.INVALID_KEY_MISSING);
        } catch (InvalidKeyException e) {
            e = e;
            str = ClientException.INVALID_KEY;
            ClientException clientException = new ClientException(str, e.getMessage(), e);
            Logger.error(g82.a(new StringBuilder(), TAG, ":sign"), clientException.getMessage(), clientException);
            throw clientException;
        } catch (KeyStoreException e2) {
            e = e2;
            str = ClientException.KEYSTORE_NOT_INITIALIZED;
            ClientException clientException2 = new ClientException(str, e.getMessage(), e);
            Logger.error(g82.a(new StringBuilder(), TAG, ":sign"), clientException2.getMessage(), clientException2);
            throw clientException2;
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            str = "no_such_algorithm";
            ClientException clientException22 = new ClientException(str, e.getMessage(), e);
            Logger.error(g82.a(new StringBuilder(), TAG, ":sign"), clientException22.getMessage(), clientException22);
            throw clientException22;
        } catch (SignatureException e4) {
            e = e4;
            str = ClientException.SIGNING_FAILURE;
            ClientException clientException222 = new ClientException(str, e.getMessage(), e);
            Logger.error(g82.a(new StringBuilder(), TAG, ":sign"), clientException222.getMessage(), clientException222);
            throw clientException222;
        } catch (UnrecoverableEntryException e5) {
            e = e5;
            str = ClientException.INVALID_PROTECTION_PARAMS;
            ClientException clientException2222 = new ClientException(str, e.getMessage(), e);
            Logger.error(g82.a(new StringBuilder(), TAG, ":sign"), clientException2222.getMessage(), clientException2222);
            throw clientException2222;
        }
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public boolean verify(@NonNull SigningAlgorithm signingAlgorithm, @NonNull String str, @NonNull String str2) {
        return verify(signingAlgorithm, str.getBytes(UTF8), Base64.decode(str2, 2));
    }

    @Override // com.microsoft.identity.common.java.crypto.IDevicePopManager
    public boolean verify(@NonNull SigningAlgorithm signingAlgorithm, @NonNull byte[] bArr, @NonNull byte[] bArr2) {
        String str;
        try {
            KeyStore.PrivateKeyEntry entry = this.mKeyManager.getEntry();
            if (entry != null) {
                Signature signature = Signature.getInstance(signingAlgorithm.toString());
                signature.initVerify(entry.getCertificate());
                signature.update(bArr);
                return signature.verify(bArr2);
            }
            Logger.warn(TAG + ":verify", PRIVATE_KEY_NOT_FOUND);
            return false;
        } catch (InvalidKeyException e) {
            e = e;
            str = ClientException.INVALID_KEY;
            Logger.error(TAG + ":verify", str, e);
            return false;
        } catch (KeyStoreException e2) {
            e = e2;
            str = ClientException.KEYSTORE_NOT_INITIALIZED;
            Logger.error(TAG + ":verify", str, e);
            return false;
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            str = "no_such_algorithm";
            Logger.error(TAG + ":verify", str, e);
            return false;
        } catch (SignatureException e4) {
            e = e4;
            str = ClientException.SIGNING_FAILURE;
            Logger.error(TAG + ":verify", str, e);
            return false;
        } catch (UnrecoverableEntryException e5) {
            e = e5;
            str = ClientException.INVALID_PROTECTION_PARAMS;
            Logger.error(TAG + ":verify", str, e);
            return false;
        }
    }
}
