package com.microsoft.onlineid.ngc;

import android.content.Context;
import android.content.Intent;
import android.util.Base64;
import com.microsoft.onlineid.ISecurityScope;
import com.microsoft.onlineid.SecurityScope;
import com.microsoft.onlineid.Ticket;
import com.microsoft.onlineid.analytics.ClientAnalytics;
import com.microsoft.onlineid.authenticator.Session;
import com.microsoft.onlineid.exception.AccountNotFoundException;
import com.microsoft.onlineid.exception.PromptNeededException;
import com.microsoft.onlineid.internal.ApiRequest;
import com.microsoft.onlineid.internal.Assertion;
import com.microsoft.onlineid.internal.Objects;
import com.microsoft.onlineid.internal.SessionService;
import com.microsoft.onlineid.internal.Strings;
import com.microsoft.onlineid.internal.log.Logger;
import com.microsoft.onlineid.internal.storage.AuthenticatorTypedStorage;
import com.microsoft.onlineid.internal.sts.TicketManager;
import com.microsoft.onlineid.internal.transport.NetworkException;
import com.microsoft.onlineid.ngc.crypto.NgcCredentialManager;
import com.microsoft.onlineid.ngc.exceptions.NgcCredentialException;
import com.microsoft.onlineid.sts.AuthenticatorUserAccount;
import com.microsoft.onlineid.sts.DeviceIdentity;
import com.microsoft.onlineid.sts.DeviceIdentityManager;
import com.microsoft.onlineid.sts.ServerConfig;
import com.microsoft.onlineid.sts.StsErrorCode;
import com.microsoft.onlineid.sts.exception.InvalidResponseException;
import com.microsoft.onlineid.sts.exception.StsException;
import com.microsoft.onlineid.sts.request.NgcRequestFactory;
import com.microsoft.onlineid.sts.response.ApproveSessionResponse;
import com.microsoft.onlineid.sts.response.ManageLoginKeyResponse;
import com.microsoft.onlineid.sts.response.NgcApproveSessionResponse;
import java.security.interfaces.RSAPublicKey;
import java.util.Locale;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class NgcManager {
    private static final int JwtBase64Flags = 11;
    public static final ISecurityScope KeyRegisterLoginProofTokenScope = new SecurityScope("http://Passport.NET/purpose", "PURPOSE_KEYREGISTER");
    private static final String LoginIntUrl = "https://login.live-int.com";
    private static final String LoginProdUrl = "https://login.live.com";
    private final Context _applicationContext;
    private final NgcCredentialManager _credentialManager;
    private final DeviceIdentityManager _deviceManager;
    private final NgcRequestFactory _requestFactory;
    private final ServerConfig _serverConfig;
    private final AuthenticatorTypedStorage _storage;
    private final TicketManager _ticketManager;

    /* loaded from: classes.dex */
    public enum Extras {
        CloudPin,
        Usid,
        Session;

        public String getKey() {
            return "com.microsoft.msa.authenticator." + name();
        }
    }

    @Deprecated
    NgcManager() {
        this._applicationContext = null;
        this._credentialManager = null;
        this._requestFactory = null;
        this._ticketManager = null;
        this._storage = null;
        this._deviceManager = null;
        this._serverConfig = null;
    }

    public NgcManager(Context context) {
        Objects.verifyArgumentNotNull(context, "Application context");
        this._applicationContext = context;
        this._credentialManager = new NgcCredentialManager(context);
        this._requestFactory = new NgcRequestFactory(context);
        this._ticketManager = new TicketManager(context);
        this._storage = new AuthenticatorTypedStorage(context);
        this._deviceManager = new DeviceIdentityManager(context);
        this._serverConfig = new ServerConfig(context);
    }

    private String buildNgcToken(String str, AuthenticatorUserAccount authenticatorUserAccount) throws JSONException, NgcCredentialException {
        String puid = authenticatorUserAccount.getPuid();
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("typ", "JWT");
        jSONObject.put("alg", "RS256");
        jSONObject.put("kid", authenticatorUserAccount.getServerKeyIdentifier());
        RSAPublicKey rSAPublicKey = (RSAPublicKey) this._credentialManager.getPublicKey(puid);
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("kty", "RSA");
        jSONObject2.put("n", Base64.encodeToString(rSAPublicKey.getModulus().toByteArray(), 11));
        jSONObject2.put("e", Base64.encodeToString(rSAPublicKey.getPublicExponent().toByteArray(), 11));
        jSONObject2.put("alg", "RSA-OAEP");
        jSONObject2.put("use", "enc");
        JSONObject jSONObject3 = new JSONObject();
        jSONObject3.put("jwk", jSONObject2);
        jSONObject3.put("attk", "");
        jSONObject3.put("attb", "");
        JSONObject jSONObject4 = new JSONObject();
        jSONObject4.put("aud", this._serverConfig.getEnvironment().equals(ServerConfig.KnownEnvironment.Int.getEnvironment()) ? LoginIntUrl : LoginProdUrl);
        jSONObject4.put("cnf", jSONObject3);
        jSONObject4.put("request_nonce", str);
        String format = String.format(Locale.US, "%s.%s", Base64.encodeToString(jSONObject.toString().getBytes(Strings.Utf8Charset), 11), Base64.encodeToString(jSONObject4.toString().replaceAll("\\\\/\\\\/", "//").getBytes(Strings.Utf8Charset), 11));
        return String.format(Locale.US, "%s.%s", format, Base64.encodeToString(this._credentialManager.signChallenge(format.getBytes(Strings.Utf8Charset), puid), 11));
    }

    /* JADX WARN: Multi-variable type inference failed */
    private String getNonce(Session session, String str, String str2, AuthenticatorUserAccount authenticatorUserAccount) throws NetworkException, InvalidResponseException, StsException {
        NgcApproveSessionResponse ngcApproveSessionResponse = (NgcApproveSessionResponse) this._requestFactory.createLoginNonceRequest(str, str2, session, authenticatorUserAccount).send();
        if (ngcApproveSessionResponse.succeeded() || ngcApproveSessionResponse.getError().getCode() != StsErrorCode.PP_E_STS_NONCE_REQUIRED) {
            throw new StsException("Nonce request did not return a nonce.", ngcApproveSessionResponse.getError());
        }
        return ngcApproveSessionResponse.getNonce();
    }

    public ApiRequest createNgcLoginRequestForFirstTimeUser(String str, String str2, String str3) {
        return new ApiRequest(this._applicationContext, new Intent(this._applicationContext, (Class<?>) SessionService.class).setAction(SessionService.ActionLoginNgc).putExtra(Extras.CloudPin.getKey(), str2).putExtra(Extras.Usid.getKey(), str3)).setAccountPuid(str);
    }

    public ApiRequest createNgcLoginRequestForReturningUser(String str, String str2, Session session) {
        return new ApiRequest(this._applicationContext, new Intent(this._applicationContext, (Class<?>) SessionService.class).setAction(SessionService.ActionLoginNgc).putExtra(Extras.CloudPin.getKey(), str2).putExtra(Extras.Session.getKey(), session)).setAccountPuid(str);
    }

    public ApiRequest createRegisterNgcRequest(String str, String str2) {
        return new ApiRequest(this._applicationContext, new Intent(this._applicationContext, (Class<?>) SessionService.class).setAction(SessionService.ActionRegisterNgc).putExtra(Extras.CloudPin.getKey(), str2)).setAccountPuid(str);
    }

    String getFriendlyName(String str, String str2) {
        return String.format(Locale.US, "MicrosoftAccount-%s-%s", str, str2);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void registerNgcKey(String str, String str2, String str3) throws AccountNotFoundException, NetworkException, PromptNeededException, InvalidResponseException, StsException {
        RSAPublicKey rSAPublicKey;
        Ticket ticket = this._ticketManager.getTicket(str, KeyRegisterLoginProofTokenScope, str3);
        AuthenticatorUserAccount readAccount = this._storage.readAccount(str);
        if (readAccount == null) {
            throw new AccountNotFoundException("Account deleted before registration completed");
        }
        byte[] sessionKey = readAccount.getDAToken().getSessionKey();
        DeviceIdentity deviceIdentity = this._deviceManager.getDeviceIdentity(false);
        try {
            rSAPublicKey = (RSAPublicKey) this._credentialManager.getPublicKey(str);
            Assertion.check(rSAPublicKey != null, "Couldn't find NGC public key; expected to be pre-generated");
        } catch (NgcCredentialException e) {
            Logger.error("Couldn't find NGC public key; expected to be pre-generated");
            ClientAnalytics.get().logException(e);
            rSAPublicKey = (RSAPublicKey) this._credentialManager.generateKeyPair(str);
        }
        ManageLoginKeyResponse manageLoginKeyResponse = (ManageLoginKeyResponse) this._requestFactory.createRegisterKeyRequest(ticket, rSAPublicKey, getFriendlyName(str, deviceIdentity.getPuid()), sessionKey, str2).send();
        if (!manageLoginKeyResponse.succeeded()) {
            throw new StsException("Attempt to register NGC key with the MSA server failed.", manageLoginKeyResponse.getError());
        }
        String serverKeyIdentifier = manageLoginKeyResponse.getServerKeyIdentifier();
        AuthenticatorUserAccount readAccount2 = this._storage.readAccount(readAccount.getPuid());
        if (readAccount2 == null) {
            throw new AccountNotFoundException("Account was deleted before registration finished");
        }
        readAccount2.setServerKeyIdentifier(serverKeyIdentifier);
        this._storage.writeAccount(readAccount2);
        ClientAnalytics.get().logEvent("NGC", ClientAnalytics.NgcRegistrationSucceeded);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void sendNgcLoginRequests(String str, Session session, String str2, String str3) throws NetworkException, InvalidResponseException, NgcCredentialException, JSONException, PromptNeededException, AccountNotFoundException, StsException {
        ClientAnalytics.get().logEvent("NGC", ClientAnalytics.NgcAttemptingToApproveSession);
        AuthenticatorUserAccount readAccount = this._storage.readAccount(str);
        if (readAccount == null) {
            throw new AccountNotFoundException();
        }
        ApproveSessionResponse approveSessionResponse = (ApproveSessionResponse) this._requestFactory.createLoginApprovalRequest(str2, str3, session, readAccount, buildNgcToken(getNonce(session, str2, str3, readAccount), readAccount)).send();
        if (!approveSessionResponse.succeeded()) {
            if (approveSessionResponse.getError().isInvalidSessionError() && session != null) {
                this._storage.removeSession(session.getAccountPuid(), session.getInternalID());
            }
            if (!approveSessionResponse.getError().isNgcKeyNotFoundError()) {
                throw new StsException("Approval request failed.", approveSessionResponse.getError());
            }
            registerNgcKey(readAccount.getPuid(), str3, null);
            AuthenticatorUserAccount readAccount2 = this._storage.readAccount(readAccount.getPuid());
            if (readAccount2 == null) {
                throw new AccountNotFoundException("Account deleted during NGC session approval.");
            }
            ApproveSessionResponse approveSessionResponse2 = (ApproveSessionResponse) this._requestFactory.createLoginApprovalRequest(str2, str3, session, readAccount2, buildNgcToken(getNonce(session, str2, str3, readAccount2), readAccount2)).send();
            if (!approveSessionResponse2.succeeded()) {
                throw new StsException("Approval request failed after registration retry.", approveSessionResponse2.getError());
            }
        }
        if (session != null) {
            this._storage.removeSession(session.getAccountPuid(), session.getInternalID());
        }
        ClientAnalytics.get().logEvent("NGC", ClientAnalytics.NgcSessionApproved, str2 == null ? ClientAnalytics.ViaReturningUser : ClientAnalytics.ViaFirstTimeUser);
    }
}
