package com.amazon.identity.auth.device.api;

import android.content.Context;
import android.net.Uri;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Base64;
import com.amazon.identity.auth.device.callback.CallbackFuture;
import com.amazon.identity.auth.device.framework.KeyPairGenHelper;
import com.amazon.identity.auth.device.framework.ServiceWrappingContext;
import com.amazon.identity.auth.device.token.InternalTokenConstants;
import com.amazon.identity.auth.device.utils.ADPCorpusSigningCallbackHelpers;
import com.amazon.identity.auth.device.utils.BundleUtils;
import com.amazon.identity.auth.device.utils.MAPLog;
import com.amazon.identity.auth.device.utils.TimeUtil;
import com.amazon.identity.auth.request.AuthenticatedRequestHelpers;
import com.amazon.identity.auth.request.IRequestAdapter;
import com.amazon.identity.kcpsdk.auth.ITokenAuthProvider;
import com.audible.mobile.util.StringUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.commons.io.IOUtils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class InProcessAdpAuthenticationMethod extends AuthenticationMethod implements ADPCorpusSigningAuthenticationMethod {
    private final Context mContext;
    private final String mDirectedId;
    private final String mPackageName;
    private final TokenManagement mTokenManagement;
    private static final String TAG = InProcessAdpAuthenticationMethod.class.getName();
    private static final long GET_CENTRAL_CREDENTIAL_TIME_OUT_MS = TimeUtil.fromMinutesTo(2, TimeUnit.MILLISECONDS);
    private static final byte[] NEW_LINE = IOUtils.LINE_SEPARATOR_UNIX.getBytes();

    /* JADX INFO: Access modifiers changed from: package-private */
    public InProcessAdpAuthenticationMethod(Context context, String str, String str2, AuthenticationType authenticationType) {
        super(context, str, authenticationType);
        this.mContext = ServiceWrappingContext.create(context);
        this.mTokenManagement = (TokenManagement) this.mContext.getSystemService(ServiceWrappingContext.TOKEN_MANGEMENT);
        this.mDirectedId = str;
        this.mPackageName = str2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public InProcessAdpAuthenticationMethod(Context context, String str, String str2, String str3) {
        super(context, str, str3);
        this.mContext = ServiceWrappingContext.create(context);
        this.mTokenManagement = (TokenManagement) this.mContext.getSystemService(ServiceWrappingContext.TOKEN_MANGEMENT);
        this.mDirectedId = str;
        this.mPackageName = str2;
    }

    private byte[] getCorpus(IRequestAdapter iRequestAdapter, String str) {
        String str2;
        byte[] body;
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            String httpVerb = iRequestAdapter.getHttpVerb();
            if (httpVerb == null) {
                MAPLog.e(TAG, "No verb specified. Cannot create corpus");
                return null;
            }
            Uri uri = iRequestAdapter.getUri();
            if (uri == null) {
                str2 = null;
            } else if (AuthenticatedRequestHelpers.IDENTITY_SIGNING_AUTH_TYPE.equals(getAuthenticationType())) {
                str2 = uri.toString();
            } else {
                String encodedPath = uri.getEncodedPath();
                if (encodedPath == null) {
                    encodedPath = StringUtils.EMPTY;
                }
                if (!encodedPath.startsWith("/")) {
                    encodedPath = "/" + encodedPath;
                }
                String encodedQuery = uri.getEncodedQuery();
                if (!TextUtils.isEmpty(encodedQuery)) {
                    encodedPath = encodedPath + "?" + encodedQuery;
                }
                str2 = encodedPath;
            }
            if (str2 == null) {
                MAPLog.e(TAG, "No path specified. Cannot create corpus");
                return null;
            }
            if (AuthenticatedRequestHelpers.IDENTITY_SIGNING_AUTH_TYPE.equals(getAuthenticationType())) {
                body = new byte[0];
            } else {
                body = iRequestAdapter.getBody();
                if (body == null) {
                    body = new byte[0];
                }
            }
            String value = this.mTokenManagement.getValue(this.mDirectedId, TokenKeys.getAdpTokenKeyForPackage(this.mPackageName), getOptions(), GET_CENTRAL_CREDENTIAL_TIME_OUT_MS);
            if (value == null) {
                MAPLog.e(TAG, "No adp token specified for the given account. Cannot create corpus");
                return null;
            }
            byteArrayOutputStream.write(httpVerb.getBytes());
            byteArrayOutputStream.write(NEW_LINE);
            byteArrayOutputStream.write(str2.getBytes());
            byteArrayOutputStream.write(NEW_LINE);
            byteArrayOutputStream.write(str.getBytes());
            byteArrayOutputStream.write(NEW_LINE);
            byteArrayOutputStream.write(body);
            byteArrayOutputStream.write(NEW_LINE);
            byteArrayOutputStream.write(value.getBytes());
            return byteArrayOutputStream.toByteArray();
        } catch (MAPCallbackErrorException e) {
            MAPLog.e(TAG, "Getting ADP Token during corpus generation failed because of callback error. Error Bundle: " + BundleUtils.toString(e.getErrorBundle()));
            return null;
        } catch (IOException e2) {
            MAPLog.e(TAG, "Could not construct a corpus because an IOException occured", e2);
            return null;
        } catch (InterruptedException e3) {
            MAPLog.e(TAG, "Getting ADP Token during corpus generation failed because of InterruptedException: " + e3.getMessage());
            return null;
        } catch (ExecutionException e4) {
            MAPLog.e(TAG, "Getting ADP Token during corpus generation failed because of ExecutionException: " + e4.getMessage());
            return null;
        } catch (TimeoutException e5) {
            MAPLog.e(TAG, "Getting ADP Token during corpus generation failed because of TimeoutException: " + e5.getMessage());
            return null;
        }
    }

    private KeyFactory getKeyFactory(String str) {
        try {
            return str.contains("-----BEGIN RSA PRIVATE KEY-----") ? KeyFactory.getInstance(KeyPairGenHelper.ALGO_RSA, "BC") : KeyFactory.getInstance(KeyPairGenHelper.ALGO_RSA);
        } catch (NoSuchAlgorithmException e) {
            MAPLog.e(TAG, "Could not get private key because there was no RSA algorithm", e);
            return null;
        } catch (NoSuchProviderException e2) {
            MAPLog.e(TAG, "Could not sign request because Bouncy Castle is not installed on the device", e2);
            return null;
        }
    }

    private Bundle getOptions() {
        Bundle bundle = new Bundle();
        bundle.putBoolean(InternalTokenConstants.KEY_OPTIONS_IGNORE_PLATFORM_AGNOSTIC_RESTRICTIONS, true);
        return bundle;
    }

    private PrivateKey getPrivateKey() {
        String value;
        KeyFactory keyFactory;
        PrivateKey privateKey = null;
        try {
            value = this.mTokenManagement.getValue(this.mDirectedId, TokenKeys.getPrivateKeyKeyForPackage(this.mPackageName), getOptions(), GET_CENTRAL_CREDENTIAL_TIME_OUT_MS);
        } catch (MAPCallbackErrorException e) {
            MAPLog.e(TAG, "Getting private key failed because of callback error. Error Bundle: " + BundleUtils.toString(e.getErrorBundle()));
        } catch (InterruptedException e2) {
            MAPLog.e(TAG, "Getting private key failed because of InterruptedException: " + e2.getMessage());
        } catch (InvalidKeySpecException e3) {
            MAPLog.e(TAG, "Could not sign request because there was an invalid key", e3);
        } catch (ExecutionException e4) {
            MAPLog.e(TAG, "Getting private key failed because of ExecutionException: " + e4.getMessage());
        } catch (TimeoutException e5) {
            MAPLog.e(TAG, "Getting private key failed because of TimeoutException: " + e5.getMessage());
        }
        if (value != null && (keyFactory = getKeyFactory(value)) != null) {
            privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(value.replaceAll("-----BEGIN RSA PRIVATE KEY-----", StringUtils.EMPTY).replaceAll("-----END RSA PRIVATE KEY-----", StringUtils.EMPTY).replaceAll("-----BEGIN PRIVATE KEY-----", StringUtils.EMPTY).replaceAll("-----END PRIVATE KEY-----", StringUtils.EMPTY).trim().getBytes(), 0)));
            return privateKey;
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String signBufferAsBase64(byte[] bArr) {
        PrivateKey privateKey = getPrivateKey();
        if (privateKey == null) {
            return null;
        }
        byte[] signWithOldAuth = useLegacyAuth() ? signWithOldAuth(bArr, privateKey) : signWithNewAuth(bArr, privateKey);
        return signWithOldAuth != null ? new String(Base64.encode(signWithOldAuth, 2)) : null;
    }

    private byte[] signWithNewAuth(byte[] bArr, PrivateKey privateKey) {
        try {
            Signature signature = Signature.getInstance(ITokenAuthProvider.SHA256_WITH_RSA);
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException e) {
            MAPLog.e(TAG, "Request signing failed because it was given an invalid key", e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            MAPLog.e(TAG, "Request signing failed because of No such algorithm found.", e2);
            return null;
        } catch (SignatureException e3) {
            MAPLog.e(TAG, "Request signing failed because there was a problem with the signature", e3);
            return null;
        }
    }

    private byte[] signWithOldAuth(byte[] bArr, PrivateKey privateKey) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            byte[] digest = messageDigest.digest();
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, privateKey);
            cipher.update(digest);
            return cipher.doFinal();
        } catch (InvalidKeyException e) {
            MAPLog.e(TAG, "Signing request with old auth failed because of InvalidKeyException: " + e.getMessage());
            return null;
        } catch (NoSuchAlgorithmException e2) {
            MAPLog.e(TAG, "Signing request with old auth failed because of NoSuchAlgorithmException: " + e2.getMessage());
            return null;
        } catch (BadPaddingException e3) {
            MAPLog.e(TAG, "Signing request with old auth failed because of BadPaddingException: " + e3.getMessage());
            return null;
        } catch (IllegalBlockSizeException e4) {
            MAPLog.e(TAG, "Signing request with old auth failed because of IllegalBlockSizeException: " + e4.getMessage());
            return null;
        } catch (NoSuchPaddingException e5) {
            MAPLog.e(TAG, "Signing request with old auth failed because of NoSuchPaddingException: " + e5.getMessage());
            return null;
        }
    }

    private boolean useLegacyAuth() {
        return AuthenticationType.DeviceAuthenticator.getValue().equals(getAuthenticationType());
    }

    @Override // com.amazon.identity.auth.device.api.AuthenticationMethod
    protected Bundle getAuthenticationBundle(IRequestAdapter iRequestAdapter) throws IOException {
        String str;
        try {
            String value = this.mTokenManagement.getValue(this.mDirectedId, TokenKeys.getAdpTokenKeyForPackage(this.mPackageName), getOptions(), GET_CENTRAL_CREDENTIAL_TIME_OUT_MS);
            if (value == null) {
                MAPLog.e(TAG, "Could not sign request because we could not get an ADP Signature");
                return null;
            }
            String currentTimestamp = getCurrentTimestamp();
            byte[] corpus = getCorpus(iRequestAdapter, currentTimestamp);
            if (corpus == null || currentTimestamp == null) {
                MAPLog.e(TAG, "Could not sign request because we were unable to create a corpus");
                str = null;
            } else {
                String signBufferAsBase64 = signBufferAsBase64(corpus);
                str = signBufferAsBase64 == null ? null : String.format("%s:%s", signBufferAsBase64, currentTimestamp);
            }
            if (str == null || value == null) {
                MAPLog.e(TAG, "Could not sign request because we could not generate an ADP signature");
                return null;
            }
            Bundle bundle = new Bundle();
            AuthenticatedRequestHelpers.setHeaderInBundle(bundle, useLegacyAuth() ? "X-ADP-Request-Digest" : "x-adp-signature", str);
            AuthenticatedRequestHelpers.setHeaderInBundle(bundle, useLegacyAuth() ? "X-ADP-Authentication-Token" : "x-adp-token", value);
            String str2 = useLegacyAuth() ? null : "x-adp-alg";
            if (str2 == null) {
                return bundle;
            }
            AuthenticatedRequestHelpers.setHeaderInBundle(bundle, str2, useLegacyAuth() ? null : "SHA256WithRSA:1.0");
            return bundle;
        } catch (MAPCallbackErrorException e) {
            MAPLog.e(TAG, "Getting ADP Token failed because of callback error. Error Bundle: " + BundleUtils.toString(e.getErrorBundle()));
            return null;
        } catch (InterruptedException e2) {
            MAPLog.e(TAG, "Getting ADP Token failed because of InterruptedException. This can happen if the caller kills the thread or asnc task that is calling MAP's api. Exception message: " + e2.getMessage(), e2);
            return null;
        } catch (ExecutionException e3) {
            MAPLog.e(TAG, "Getting ADP Token failed because of ExecutionException. This can happen when the thread or task was aborted. Exception message: " + e3.getMessage(), e3);
            return null;
        } catch (TimeoutException e4) {
            MAPLog.e(TAG, "Getting ADP Token failed because of TimeoutException. This happens when the timeout passed into the future object occurs. Exception message: " + e4.getMessage(), e4);
            return null;
        }
    }

    protected String getCurrentTimestamp() {
        return new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'").format(new Date());
    }

    @Override // com.amazon.identity.auth.device.api.ADPCorpusSigningAuthenticationMethod
    public MAPFuture<Bundle> signCorpus(final byte[] bArr, Bundle bundle, Callback callback) {
        final CallbackFuture callbackFuture = new CallbackFuture(callback);
        if (bArr == null) {
            ADPCorpusSigningCallbackHelpers.nullCorpusCallbackError(callbackFuture, TAG);
        } else if (TextUtils.isEmpty(this.mDirectedId) || !this.mMapAccountManager.isAccountRegistered(this.mDirectedId)) {
            ADPCorpusSigningCallbackHelpers.callbackError(callbackFuture, 2, "The account is not valid or no longer registered.");
        } else {
            this.mTokenManagement.getToken(this.mDirectedId, TokenKeys.getAdpTokenKeyForPackage(this.mPackageName), getOptions(), new Callback() { // from class: com.amazon.identity.auth.device.api.InProcessAdpAuthenticationMethod.1
                @Override // com.amazon.identity.auth.device.api.Callback
                public void onError(Bundle bundle2) {
                    MAPLog.e(InProcessAdpAuthenticationMethod.TAG, "Unknown error during signCorpus execution.");
                    ADPCorpusSigningCallbackHelpers.callbackError(callbackFuture, 5, "Unknown error during signCorpus execution.");
                }

                @Override // com.amazon.identity.auth.device.api.Callback
                public void onSuccess(Bundle bundle2) {
                    String string = bundle2.getString("value_key");
                    String signBufferAsBase64 = InProcessAdpAuthenticationMethod.this.signBufferAsBase64(bArr);
                    if (string == null || signBufferAsBase64 == null) {
                        ADPCorpusSigningCallbackHelpers.callbackError(callbackFuture, 2, "The account is not valid or no longer registered.");
                        return;
                    }
                    Bundle bundle3 = new Bundle();
                    bundle3.putString(ADPCorpusSigningAuthenticationMethod.KEY_ADP_AUTH_SIGNATURE, signBufferAsBase64);
                    bundle3.putString("adp_token", string);
                    callbackFuture.onSuccess(bundle3);
                }
            });
        }
        return callbackFuture;
    }
}
