package com.l7tech.msso.store;

import android.util.Log;
import com.l7tech.msso.cert.CertUtils;
import com.l7tech.msso.io.Charsets;
import com.l7tech.msso.key.KeyUtils;
import com.l7tech.msso.security.KeyStore;
import com.l7tech.msso.security.KeyStoreUtils;
import com.l7tech.msso.token.IdToken;
import java.security.KeyPair;
import java.security.cert.X509Certificate;

/* loaded from: classes.dex */
public class DefaultTokenManager implements TokenManager {
    static final String MSSO_CLIENT_CERT_CHAIN = "msso.clientCertChain";
    static final String MSSO_CLIENT_CERT_PRIVATE_KEY = "msso.clientCertPrivateKey";
    static final String MSSO_CLIENT_CERT_PUBLIC_KEY = "msso.clientCertPublicKey";
    static final String MSSO_DEVICE_IDENTIFIER = "msso.deviceIdentifier";
    static final String MSSO_ID_TOKEN = "msso.idToken";
    static final String MSSO_ID_TOKEN_TYPE = "msso.idTokenType";
    static final String MSSO_USERNAME = "msso.username";
    private static final String TAG = "DefaultTokenManager";
    protected KeyStore ks;

    public DefaultTokenManager() {
        initKeyStore();
    }

    void checkKsError() throws TokenStoreException {
        int lastError = this.ks.getLastError();
        switch (lastError) {
            case 1:
            case 7:
                return;
            case 2:
                throw new TokenStoreLockedException();
            case 3:
                throw new TokenStoreUninitializedException();
            case 4:
            case 5:
            case 6:
            default:
                throw new TokenStoreException("Unexpected error accessing keystore daemon; error code=" + lastError);
        }
    }

    @Override // com.l7tech.msso.store.TokenManager
    public void deleteAllObjects() throws TokenStoreException {
        deleteIdToken();
        deleteSecureItem(MSSO_USERNAME);
        deleteSecureItem(MSSO_CLIENT_CERT_PRIVATE_KEY);
        deleteSecureItem(MSSO_CLIENT_CERT_PUBLIC_KEY);
        deleteSecureItem(MSSO_CLIENT_CERT_CHAIN);
        deleteSecureItem(MSSO_DEVICE_IDENTIFIER);
    }

    @Override // com.l7tech.msso.store.TokenManager
    public void deleteIdToken() throws TokenStoreException {
        deleteSecureItem(MSSO_ID_TOKEN);
        deleteSecureItem(MSSO_ID_TOKEN_TYPE);
    }

    void deleteSecureItem(String str) throws TokenStoreException {
        if (this.ks.delete(str)) {
            return;
        }
        checkKsError();
    }

    @Override // com.l7tech.msso.store.TokenProvider
    public X509Certificate[] getClientCertificateChain() {
        try {
            byte[] retrieveSecureItem = retrieveSecureItem(MSSO_CLIENT_CERT_CHAIN);
            if (retrieveSecureItem == null) {
                return null;
            }
            return CertUtils.decodeCertificateChain(retrieveSecureItem);
        } catch (TokenStoreException e) {
            Log.e(TAG, "Unable to access client cert chain: " + e.getMessage(), e);
            return null;
        }
    }

    @Override // com.l7tech.msso.store.TokenProvider
    public KeyPair getClientKeyPair() {
        byte[] retrieveSecureItem;
        try {
            byte[] retrieveSecureItem2 = retrieveSecureItem(MSSO_CLIENT_CERT_PUBLIC_KEY);
            if (retrieveSecureItem2 == null || (retrieveSecureItem = retrieveSecureItem(MSSO_CLIENT_CERT_PRIVATE_KEY)) == null) {
                return null;
            }
            return new KeyPair(KeyUtils.decodeRsaPublicKey(retrieveSecureItem2), KeyUtils.decodeRsaPrivateKey(retrieveSecureItem));
        } catch (TokenStoreException e) {
            Log.e(TAG, "Unable to access client cert key pair: " + e.getMessage(), e);
            return null;
        } catch (IllegalArgumentException e2) {
            Log.e(TAG, "Unable to decode client cert key pair: " + e2.getMessage(), e2);
            return null;
        }
    }

    @Override // com.l7tech.msso.store.TokenProvider
    public String getDeviceIdentifier() {
        try {
            byte[] retrieveSecureItem = retrieveSecureItem(MSSO_DEVICE_IDENTIFIER);
            if (retrieveSecureItem == null) {
                return null;
            }
            return new String(retrieveSecureItem, Charsets.UTF8);
        } catch (TokenStoreException e) {
            Log.e(TAG, "Unable to access client device identifier: " + e.getMessage(), e);
            return null;
        }
    }

    @Override // com.l7tech.msso.store.TokenProvider
    public IdToken getIdToken() {
        try {
            byte[] retrieveSecureItem = retrieveSecureItem(MSSO_ID_TOKEN);
            if (retrieveSecureItem == null) {
                return null;
            }
            String str = new String(retrieveSecureItem, Charsets.UTF8);
            byte[] retrieveSecureItem2 = retrieveSecureItem(MSSO_ID_TOKEN_TYPE);
            return new IdToken(str, retrieveSecureItem2 != null ? new String(retrieveSecureItem2, Charsets.UTF8) : null);
        } catch (TokenStoreException e) {
            Log.e(TAG, "Unable to access id token: " + e.getMessage(), e);
            return null;
        }
    }

    @Override // com.l7tech.msso.store.TokenProvider
    public String getUsername() {
        try {
            byte[] retrieveSecureItem = retrieveSecureItem(MSSO_USERNAME);
            if (retrieveSecureItem == null) {
                return null;
            }
            return new String(retrieveSecureItem, Charsets.UTF8);
        } catch (TokenStoreException e) {
            Log.e(TAG, "Unable to access client username: " + e.getMessage(), e);
            return null;
        }
    }

    protected void initKeyStore() {
        this.ks = KeyStoreUtils.getKeyStore();
    }

    @Override // com.l7tech.msso.store.TokenProvider
    public boolean isClientCertificateChainAvailable() {
        return this.ks.contains(MSSO_CLIENT_CERT_CHAIN);
    }

    public boolean isKeyStoreUnlocked() {
        return this.ks.isUnlocked();
    }

    @Override // com.l7tech.msso.store.TokenManager
    public boolean isTokenStoreReady() {
        return isKeyStoreUnlocked();
    }

    byte[] retrieveSecureItem(String str) throws TokenStoreException {
        byte[] bArr = this.ks.get(str);
        if (this.ks.getLastError() != 1) {
            checkKsError();
        }
        return bArr;
    }

    @Override // com.l7tech.msso.store.TokenManager
    public void saveClientCertificateChain(X509Certificate[] x509CertificateArr) throws TokenStoreException {
        storeSecureItem(MSSO_CLIENT_CERT_CHAIN, CertUtils.encodeCertificateChain(x509CertificateArr));
    }

    @Override // com.l7tech.msso.store.TokenManager
    public void saveClientKeyPair(KeyPair keyPair) throws TokenStoreException {
        storeSecureItem(MSSO_CLIENT_CERT_PRIVATE_KEY, KeyUtils.encodeRsaPrivateKey(keyPair.getPrivate()));
        storeSecureItem(MSSO_CLIENT_CERT_PUBLIC_KEY, KeyUtils.encodeRsaPublicKey(keyPair.getPublic()));
    }

    @Override // com.l7tech.msso.store.TokenManager
    public void saveDeviceIdentifier(String str) throws TokenStoreException {
        storeSecureItem(MSSO_DEVICE_IDENTIFIER, str.getBytes(Charsets.UTF8));
    }

    @Override // com.l7tech.msso.store.TokenManager
    public void saveIdToken(IdToken idToken) throws TokenStoreException {
        storeSecureItem(MSSO_ID_TOKEN, idToken.getValue().getBytes(Charsets.UTF8));
        storeSecureItem(MSSO_ID_TOKEN_TYPE, idToken.getType().getBytes(Charsets.UTF8));
    }

    @Override // com.l7tech.msso.store.TokenManager
    public void saveUsername(String str) throws TokenStoreException {
        storeSecureItem(MSSO_USERNAME, str.getBytes(Charsets.UTF8));
    }

    void storeSecureItem(String str, byte[] bArr) throws TokenStoreException {
        if (this.ks.put(str, bArr)) {
            return;
        }
        checkKsError();
    }
}
