package com.microsoft.ngc.aad;

import android.annotation.TargetApi;
import android.content.Context;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.UserNotAuthenticatedException;
import android.text.TextUtils;
import android.util.Base64;
import com.azure.authenticator.ui.AadRemoteNgcRegistrationActivity;
import com.microsoft.authenticator.core.common.Assertion;
import com.microsoft.authenticator.core.common.Strings;
import com.microsoft.authenticator.core.logging.BaseLogger;
import com.microsoft.ngc.aad.json.JsonRequestFactory;
import com.microsoft.ngc.aad.json.exception.AadServiceException;
import com.microsoft.ngc.aad.json.exception.MissingMetadataException;
import com.microsoft.ngc.aad.json.request.AbstractJsonRequest;
import com.microsoft.ngc.aad.json.response.AbstractJsonResponse;
import com.microsoft.ngc.aad.json.response.drs.NgcRegistrationResponse;
import com.microsoft.ngc.aad.json.response.evo.GetNonceResponse;
import com.microsoft.ngc.aad.json.response.evo.ListSessionsResponse;
import com.microsoft.ngc.aad.metadata.CloudEnvironment;
import com.microsoft.ngc.aad.telemetry.AadRemoteNgcAuthenticationTimeTelemetry;
import com.microsoft.ngc.aad.telemetry.AadRemoteNgcProcessingTimeManager;
import com.microsoft.ngc.provider.cryptography.NgcCredentialManager;
import com.microsoft.ngc.provider.exceptions.NgcCredentialException;
import java.security.InvalidKeyException;
import java.security.interfaces.RSAPublicKey;
import java.util.List;
import java.util.Locale;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public final class RemoteAuthenticationManager {
    private Context _applicationContext;
    private CloudEnvironment _environment;
    private AadRemoteNgcAuthenticationTimeTelemetry _telemetry;

    public RemoteAuthenticationManager(Context context, CloudEnvironment cloudEnvironment) {
        this(context, cloudEnvironment, null);
    }

    public RemoteAuthenticationManager(Context context, CloudEnvironment cloudEnvironment, AadRemoteNgcAuthenticationTimeTelemetry aadRemoteNgcAuthenticationTimeTelemetry) {
        Assertion.assertObjectNotNull(context, "applicationContext is null");
        this._applicationContext = context;
        this._environment = cloudEnvironment;
        this._telemetry = aadRemoteNgcAuthenticationTimeTelemetry;
        AadRemoteNgcProcessingTimeManager.setAuthenticationManager(this);
    }

    @TargetApi(23)
    private String constructNgcAssertion(String str, String str2, NgcSession ngcSession, String str3, String str4) throws NgcCredentialException, AadServiceException, UserNotAuthenticatedException, KeyPermanentlyInvalidatedException {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("typ", "JWT");
            jSONObject.put("alg", "RS256");
            jSONObject.put("kid", str2);
            jSONObject.put("use", "ngc");
            JSONObject jSONObject2 = new JSONObject();
            long currentTimeMillis = System.currentTimeMillis() / 1000;
            jSONObject2.put("iat", currentTimeMillis);
            jSONObject2.put("exp", currentTimeMillis + 300);
            jSONObject2.put("iss", str);
            jSONObject2.put("aud", ngcSession.getAudience());
            jSONObject2.put("scope", "openid aza");
            jSONObject2.put("request_nonce", str3);
            jSONObject2.put("deviceid", str4);
            String format = String.format(Locale.US, "%s.%s", Base64.encodeToString(jSONObject.toString().getBytes(Strings.Utf8Charset), 11), Base64.encodeToString(jSONObject2.toString().getBytes(Strings.Utf8Charset), 11));
            try {
                return String.format(Locale.US, "%s.%s", format, Base64.encodeToString(new NgcCredentialManager(this._applicationContext).sign(format.getBytes(Strings.Utf8Charset), str), 11));
            } catch (KeyPermanentlyInvalidatedException e) {
                throw e;
            } catch (UserNotAuthenticatedException e2) {
                throw e2;
            } catch (InvalidKeyException e3) {
                throw new NgcCredentialException(e3);
            }
        } catch (JSONException e4) {
            BaseLogger.e("Error constructing NGC assertion.", e4);
            throw new AadServiceException(e4);
        }
    }

    private static AbstractJsonResponse sendRequest$432d1e1d(AbstractJsonRequest abstractJsonRequest, int i) throws AadServiceException {
        AadRemoteNgcProcessingTimeManager.logRequestStart$6510fad7(i);
        try {
            return abstractJsonRequest.send();
        } finally {
            AadRemoteNgcProcessingTimeManager.logRequestEnd$6510fad7(i);
        }
    }

    public final void approveNgcSession(String str, String str2, NgcSession ngcSession, String str3, String str4) throws NgcCredentialException, AadServiceException, UserNotAuthenticatedException, KeyPermanentlyInvalidatedException, MissingMetadataException {
        JsonRequestFactory jsonRequestFactory = new JsonRequestFactory(this._applicationContext, this._environment, str);
        sendRequest$432d1e1d(jsonRequestFactory.createApproveSessionRequest(constructNgcAssertion(str, str2, ngcSession, ((GetNonceResponse) sendRequest$432d1e1d(jsonRequestFactory.createGetNonceRequest(), AadRemoteNgcProcessingTimeManager.AadRemoteNgcRequest.GET_NONCE$70e9b404)).getNonce(), str4), ngcSession.getDeviceCode(), "ngc", str3), AadRemoteNgcProcessingTimeManager.AadRemoteNgcRequest.APPROVE$70e9b404);
    }

    public final void denyNgcSession(NgcSession ngcSession, String str) throws AadServiceException, MissingMetadataException {
        sendRequest$432d1e1d(new JsonRequestFactory(this._applicationContext, this._environment, ngcSession.getUpn()).createDenySessionRequest(ngcSession.getDeviceCode(), str), AadRemoteNgcProcessingTimeManager.AadRemoteNgcRequest.DENY$70e9b404);
    }

    public final AadRemoteNgcAuthenticationTimeTelemetry getTelemetry() {
        return this._telemetry;
    }

    public final List<NgcSession> listSessions(String str, String str2) throws AadServiceException, MissingMetadataException {
        Assertion.assertStringNotNullOrEmpty(str, AadRemoteNgcRegistrationActivity.KEY_UPN);
        Assertion.assertStringNotNullOrEmpty(str2, "accessToken");
        List<NgcSession> ngcSessions = ((ListSessionsResponse) sendRequest$432d1e1d(new JsonRequestFactory(this._applicationContext, this._environment, str).createListSessionsRequest(str2), AadRemoteNgcProcessingTimeManager.AadRemoteNgcRequest.LIST_SESSIONS$70e9b404)).getNgcSessions();
        for (NgcSession ngcSession : ngcSessions) {
            if (TextUtils.isEmpty(ngcSession.getUpn())) {
                BaseLogger.w("UPN is null.");
                ngcSessions.remove(ngcSession);
            } else if (!ngcSession.getUpn().equalsIgnoreCase(str)) {
                BaseLogger.w("UPN mismatch.");
                ngcSessions.remove(ngcSession);
            }
        }
        BaseLogger.i("Successfully received pending sessions.");
        return ngcSessions;
    }

    public final String registerNgc(String str, String str2, String str3) throws NgcCredentialException, AadServiceException, MissingMetadataException {
        Assertion.assertStringNotNullOrEmpty(str, AadRemoteNgcRegistrationActivity.KEY_UPN);
        Assertion.assertStringNotNullOrEmpty(str2, "accessToken");
        NgcCredentialManager ngcCredentialManager = new NgcCredentialManager(this._applicationContext);
        try {
            NgcRegistrationResponse ngcRegistrationResponse = (NgcRegistrationResponse) sendRequest$432d1e1d(new JsonRequestFactory(this._applicationContext, this._environment, str).createNgcRegistrationRequest((RSAPublicKey) ngcCredentialManager.getPublicKey(str), str2, str3), AadRemoteNgcProcessingTimeManager.AadRemoteNgcRequest.REGISTRATION$70e9b404);
            Assertion.check(ngcRegistrationResponse.getUpn().equals(str), "Verify the response UPN matches the request UPN");
            return ngcRegistrationResponse.getKeyId();
        } catch (AadServiceException | MissingMetadataException e) {
            ngcCredentialManager.deleteKeyPair(str);
            throw e;
        }
    }
}
