package com.microsoft.omadm.apppolicy;

import android.content.Context;
import com.microsoft.intune.mam.policy.BundleEncryptionKey;
import com.microsoft.omadm.apppolicy.EscrowedKeyProtector;
import com.microsoft.omadm.apppolicy.data.FileEncryptionKey;
import com.microsoft.omadm.apppolicy.data.FileEncryptionKeyTable;
import com.microsoft.omadm.apppolicy.data.MAMServiceEnrollment;
import com.microsoft.omadm.apppolicy.mamservice.MAMServiceEncryptionKey;
import com.microsoft.omadm.apppolicy.mamservice.MAMServiceGetEncryptionKeysTask;
import com.microsoft.omadm.apppolicy.mamservice.MAMServiceUtils;
import com.microsoft.omadm.database.TableRepository;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.utils.DataEncryptionUtils;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Logger;
import javax.crypto.KeyGenerator;

/* loaded from: classes.dex */
public class FileEncryptionKeyManager {
    private static final String ALGORITHM = "AES";
    private static final int KEY_LENGTH = 128;
    private static final int KEY_LIFETIME = 1;
    private static final Logger LOGGER = Logger.getLogger(FileEncryptionKeyManager.class.getName());
    private static final String UNABLE_TO_RECODER = "Unable to recover from reset Android KeyStore";
    private Context mContext;
    private EscrowedKeyProtector mEscrowedKeyProtector;
    private Map<String, BundleEncryptionKey> mKeyCache = new ConcurrentHashMap();
    private TableRepository mTableRepository;

    public FileEncryptionKeyManager(Context context, TableRepository tableRepository, EscrowedKeyProtector escrowedKeyProtector) {
        this.mContext = context;
        this.mTableRepository = tableRepository;
        this.mEscrowedKeyProtector = escrowedKeyProtector;
    }

    protected static boolean checkTimestamp(Date date) {
        if (date == null) {
            return false;
        }
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        return Calendar.getInstance().before(calendar);
    }

    private byte[] decryptKey(FileEncryptionKey fileEncryptionKey) throws OMADMException {
        if (!fileEncryptionKey.isFromService()) {
            return DataEncryptionUtils.decryptRawData(fileEncryptionKey.keyBytes, this.mContext);
        }
        try {
            return this.mEscrowedKeyProtector.decrypt(fileEncryptionKey.keyBytes);
        } catch (EscrowedKeyProtector.KeyStoreResetException unused) {
            LOGGER.warning("Unable to decrypt key, apparently because the Android KeyStore has been reset. Attempting to refresh escrowed keys from service");
            fileEncryptionKey.flags = Integer.valueOf(fileEncryptionKey.flags.intValue() | 2);
            this.mTableRepository.insertOrReplace(fileEncryptionKey);
            List<MAMServiceEnrollment> enrollmentsBySuccess = MAMServiceUtils.getEnrollmentsBySuccess();
            if (enrollmentsBySuccess == null || enrollmentsBySuccess.isEmpty()) {
                LOGGER.severe("No MAM Service enrollments, will not be able to retrieve escrowed keys");
                throw new OMADMException(UNABLE_TO_RECODER);
            }
            MAMServiceEnrollment mAMServiceEnrollment = enrollmentsBySuccess.get(0);
            Thread thread = new Thread(new MAMServiceGetEncryptionKeysTask(mAMServiceEnrollment.packageName, mAMServiceEnrollment.identity, mAMServiceEnrollment.refreshToken));
            thread.start();
            try {
                thread.join();
                FileEncryptionKey fileEncryptionKey2 = (FileEncryptionKey) this.mTableRepository.get(new FileEncryptionKey.Key(fileEncryptionKey.keyID));
                if (fileEncryptionKey2 == null) {
                    throw new OMADMException("Unable to recover from reset Android KeyStore even after trying to retrieve encryption keys, updated key is unexpectedly NULL");
                }
                try {
                    LOGGER.info("Trying to retrieve key again after requesting keys from service");
                    return this.mEscrowedKeyProtector.decrypt(fileEncryptionKey2.keyBytes);
                } catch (EscrowedKeyProtector.KeyStoreResetException e) {
                    throw new OMADMException("Unable to recover from reset Android KeyStore even after trying to retrieve encryption keys from service", e);
                }
            } catch (InterruptedException e2) {
                throw new OMADMException("Interrupted while waiting to retrieve escrowed keys", e2);
            }
        }
    }

    private static byte[] generateKey() throws OMADMException {
        String str = "";
        try {
            Provider[] providers = Security.getProviders();
            int length = providers.length;
            int i = 0;
            while (i < length) {
                Provider provider = providers[i];
                i++;
                str = str + provider.toString() + DatabaseAppPolicy.SPACE_ARRAY_SEPARATOR + provider.getInfo() + "\n";
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance(ALGORITHM);
            keyGenerator.init(128);
            return keyGenerator.generateKey().getEncoded();
        } catch (NoSuchAlgorithmException e) {
            throw new OMADMException("Failed to generate file encryption key\n" + str + DatabaseAppPolicy.SPACE_ARRAY_SEPARATOR + e.toString(), e);
        }
    }

    public void clearCache() {
        this.mKeyCache.clear();
    }

    public synchronized BundleEncryptionKey getCurrentKey() throws OMADMException {
        FileEncryptionKey currentKey = ((FileEncryptionKeyTable) this.mTableRepository.getTable(FileEncryptionKey.class)).getCurrentKey();
        if (currentKey != null) {
            LOGGER.info("Current encryption key has id " + currentKey.keyID);
            if (checkTimestamp(currentKey.expireTime)) {
                BundleEncryptionKey bundleEncryptionKey = this.mKeyCache.get(currentKey.keyID);
                if (bundleEncryptionKey != null) {
                    return bundleEncryptionKey;
                }
                BundleEncryptionKey bundleEncryptionKey2 = new BundleEncryptionKey(currentKey.keyID, decryptKey(currentKey), true);
                this.mKeyCache.put(currentKey.keyID, bundleEncryptionKey2);
                return bundleEncryptionKey2;
            }
            if (currentKey.isFromService()) {
                List keys = this.mTableRepository.getKeys(MAMServiceEnrollment.class);
                if (keys != null && !keys.isEmpty()) {
                    BundleEncryptionKey bundleEncryptionKey3 = new BundleEncryptionKey(currentKey.keyID, decryptKey(currentKey), true);
                    this.mKeyCache.put(currentKey.keyID, bundleEncryptionKey3);
                    return bundleEncryptionKey3;
                }
                LOGGER.info("Stale MAMService file encryption key has expired, generating a new local key");
            }
        }
        byte[] generateKey = generateKey();
        byte[] encryptRawData = DataEncryptionUtils.encryptRawData(generateKey, this.mContext);
        UUID randomUUID = UUID.randomUUID();
        Calendar calendar = Calendar.getInstance();
        calendar.add(1, 1);
        this.mTableRepository.insert(new FileEncryptionKey(randomUUID, encryptRawData, calendar.getTime(), 0));
        LOGGER.info("Generated new encryption key with id " + randomUUID.toString());
        BundleEncryptionKey bundleEncryptionKey4 = new BundleEncryptionKey(randomUUID, generateKey, true);
        this.mKeyCache.put(randomUUID.toString(), bundleEncryptionKey4);
        return bundleEncryptionKey4;
    }

    public BundleEncryptionKey getKey(UUID uuid) throws OMADMException {
        String uuid2 = uuid.toString();
        BundleEncryptionKey bundleEncryptionKey = this.mKeyCache.get(uuid2);
        if (bundleEncryptionKey != null) {
            return bundleEncryptionKey;
        }
        FileEncryptionKey fileEncryptionKey = (FileEncryptionKey) this.mTableRepository.get(new FileEncryptionKey.Key(uuid2));
        if (fileEncryptionKey == null) {
            throw new OMADMException("The requested encryption key could not be found.");
        }
        if (fileEncryptionKey.equals(((FileEncryptionKeyTable) this.mTableRepository.getTable(FileEncryptionKey.class)).getCurrentKey())) {
            BundleEncryptionKey bundleEncryptionKey2 = new BundleEncryptionKey(uuid, decryptKey(fileEncryptionKey), true);
            this.mKeyCache.put(uuid2, bundleEncryptionKey2);
            return bundleEncryptionKey2;
        }
        BundleEncryptionKey bundleEncryptionKey3 = new BundleEncryptionKey(uuid, decryptKey(fileEncryptionKey), false);
        this.mKeyCache.put(uuid2, bundleEncryptionKey3);
        return bundleEncryptionKey3;
    }

    public void storeKeysFromMAMService(List<MAMServiceEncryptionKey> list) throws OMADMException {
        Collections.sort(list, new MAMServiceEncryptionKey.ExpiryComparator());
        for (MAMServiceEncryptionKey mAMServiceEncryptionKey : list) {
            FileEncryptionKey fileEncryptionKey = (FileEncryptionKey) this.mTableRepository.get(new FileEncryptionKey.Key(mAMServiceEncryptionKey.getKeyID()));
            if (fileEncryptionKey == null) {
                LOGGER.info("Adding escrowed key " + mAMServiceEncryptionKey.getKeyID() + " with expiration " + mAMServiceEncryptionKey.getExpiry());
                this.mTableRepository.insertOrReplace(new FileEncryptionKey(mAMServiceEncryptionKey.getKeyID(), this.mEscrowedKeyProtector.encrypt(mAMServiceEncryptionKey.getBytes()), mAMServiceEncryptionKey.getExpiry(), 1));
            } else if ((fileEncryptionKey.flags.intValue() & 2) != 0) {
                LOGGER.info("Replacing existing escrowed key " + mAMServiceEncryptionKey.getKeyID());
                fileEncryptionKey.keyBytes = this.mEscrowedKeyProtector.encrypt(mAMServiceEncryptionKey.getBytes());
                fileEncryptionKey.expireTime = mAMServiceEncryptionKey.getExpiry();
                fileEncryptionKey.flags = Integer.valueOf(fileEncryptionKey.flags.intValue() ^ 2);
                this.mTableRepository.update(fileEncryptionKey);
            } else if (fileEncryptionKey.expireTime.equals(mAMServiceEncryptionKey.getExpiry())) {
                LOGGER.info("Escrowed key " + mAMServiceEncryptionKey.getKeyID() + " already known.");
            } else {
                LOGGER.info("Updating expiry for escrowed key " + fileEncryptionKey.keyID);
                fileEncryptionKey.expireTime = mAMServiceEncryptionKey.getExpiry();
                this.mTableRepository.update(fileEncryptionKey);
            }
        }
    }
}
