package com.amazon.identity.auth.device.api;

import android.annotation.SuppressLint;
import android.content.Context;
import android.net.Uri;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Base64;
import com.amazon.identity.auth.device.callback.CallbackFuture;
import com.amazon.identity.auth.device.utils.ADPCorpusSigningCallbackHelpers;
import com.amazon.identity.auth.device.utils.BundleUtils;
import com.amazon.identity.auth.device.utils.KeyFactoryUtils;
import com.amazon.identity.auth.device.utils.MAPLog;
import com.amazon.identity.auth.device.utils.TimeUtil;
import com.amazon.identity.auth.request.AuthenticatedRequestHelpers;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class InProcessAdpAuthenticationMethod extends AuthenticationMethod implements ADPCorpusSigningAuthenticationMethod {
    static final String g = InProcessAdpAuthenticationMethod.class.getName();
    private static final long h = TimeUtil.b(2, TimeUnit.MILLISECONDS);
    private static final byte[] i = "\n".getBytes();
    private final String j;
    private final TokenManagement k;

    /* JADX INFO: Access modifiers changed from: package-private */
    public InProcessAdpAuthenticationMethod(Context context, String str, String str2, AuthenticationType authenticationType) {
        super(context, str, authenticationType);
        this.k = (TokenManagement) this.c_.getSystemService("dcp_token_mangement");
        this.j = str2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public InProcessAdpAuthenticationMethod(Context context, String str, String str2, String str3) {
        super(context, str, str3);
        this.k = (TokenManagement) this.c_.getSystemService("dcp_token_mangement");
        this.j = str2;
    }

    private byte[] a(Uri uri, String str, byte[] bArr, String str2, String str3) {
        String encodedPath;
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            if (str == null) {
                MAPLog.a(g, "No verb specified. Cannot create corpus");
                return null;
            }
            if (uri == null) {
                encodedPath = null;
            } else if ("BustedIdentityADPAuthenticator".equals(this.b_)) {
                encodedPath = uri.toString();
            } else {
                encodedPath = uri.getEncodedPath();
                if (encodedPath == null) {
                    encodedPath = "";
                }
                if (!encodedPath.startsWith("/")) {
                    encodedPath = "/" + encodedPath;
                }
                String encodedQuery = uri.getEncodedQuery();
                if (!TextUtils.isEmpty(encodedQuery)) {
                    encodedPath = encodedPath + "?" + encodedQuery;
                }
            }
            if (encodedPath == null) {
                MAPLog.a(g, "No path specified. Cannot create corpus");
                return null;
            }
            if ("BustedIdentityADPAuthenticator".equals(this.b_)) {
                bArr = new byte[0];
            } else if (bArr == null) {
                bArr = new byte[0];
            }
            if (str3 == null) {
                MAPLog.a(g, "Unable to retrieve ADP token for given account. Cannot generate corpus.");
                return null;
            }
            byteArrayOutputStream.write(str.getBytes());
            byteArrayOutputStream.write(i);
            byteArrayOutputStream.write(encodedPath.getBytes());
            byteArrayOutputStream.write(i);
            byteArrayOutputStream.write(str2.getBytes());
            byteArrayOutputStream.write(i);
            byteArrayOutputStream.write(bArr);
            byteArrayOutputStream.write(i);
            byteArrayOutputStream.write(str3.getBytes());
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            MAPLog.a(g, "Could not construct a corpus because an IOException occured", e);
            return null;
        }
    }

    private byte[] a(byte[] bArr, PrivateKey privateKey) {
        try {
            Signature signature = Signature.getInstance("SHA256WithRSA");
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException e) {
            MAPLog.a(g, "Request signing failed because it was given an invalid key", e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            MAPLog.a(g, "Request signing failed because of No such algorithm found.", e2);
            return null;
        } catch (SignatureException e3) {
            MAPLog.a(g, "Request signing failed because there was a problem with the signature", e3);
            return null;
        }
    }

    private Bundle b() {
        Bundle bundle = new Bundle();
        bundle.putBoolean("ignore.platform.restrictions", true);
        return bundle;
    }

    @SuppressLint({"GetInstance"})
    private static byte[] b(byte[] bArr, PrivateKey privateKey) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            byte[] digest = messageDigest.digest();
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, privateKey);
            cipher.update(digest);
            return cipher.doFinal();
        } catch (InvalidKeyException e) {
            MAPLog.a(g, "Signing request with old auth failed because of InvalidKeyException: " + e.getMessage());
            return null;
        } catch (NoSuchAlgorithmException e2) {
            MAPLog.a(g, "Signing request with old auth failed because of NoSuchAlgorithmException: " + e2.getMessage());
            return null;
        } catch (BadPaddingException e3) {
            MAPLog.a(g, "Signing request with old auth failed because of BadPaddingException: " + e3.getMessage());
            return null;
        } catch (IllegalBlockSizeException e4) {
            MAPLog.a(g, "Signing request with old auth failed because of IllegalBlockSizeException: " + e4.getMessage());
            return null;
        } catch (NoSuchPaddingException e5) {
            MAPLog.a(g, "Signing request with old auth failed because of NoSuchPaddingException: " + e5.getMessage());
            return null;
        }
    }

    private PrivateKey c() {
        try {
            return KeyFactoryUtils.b(this.k.a(this.d_, TokenKeys.d(this.j), b(), h));
        } catch (MAPCallbackErrorException e) {
            MAPLog.a(g, "Getting private key failed because of callback error. Error Bundle: " + BundleUtils.c(e.a()));
            return null;
        } catch (InterruptedException e2) {
            MAPLog.a(g, "Getting private key failed because of InterruptedException: " + e2.getMessage());
            return null;
        } catch (InvalidKeySpecException e3) {
            MAPLog.a(g, "Could not sign request because there was an invalid key", e3);
            return null;
        } catch (ExecutionException e4) {
            MAPLog.a(g, "Getting private key failed because of ExecutionException: " + e4.getMessage());
            return null;
        } catch (TimeoutException e5) {
            MAPLog.a(g, "Getting private key failed because of TimeoutException: " + e5.getMessage());
            return null;
        }
    }

    private boolean d() {
        return AuthenticationType.DeviceAuthenticator.a().equals(this.b_);
    }

    @Override // com.amazon.identity.auth.device.api.AuthenticationMethod
    protected MAPFuture<Bundle> a(Uri uri, String str, Map map, byte[] bArr, CallbackFuture callbackFuture) throws IOException {
        String str2;
        try {
            String a2 = this.k.a(this.d_, TokenKeys.b(this.j), b(), h);
            if (a2 == null) {
                AuthenticationMethod.a(callbackFuture, 2, "Unable to sign request. Could not retrieve ADP token for account");
                MAPLog.a(g, "Unable to sign request. Could not retrieve ADP token for account");
            } else {
                String a3 = a();
                byte[] a4 = a(uri, str, bArr, a3, a2);
                if (a4 == null || a3 == null) {
                    MAPLog.a(g, "Could not sign request because we were unable to create a corpus");
                    str2 = null;
                } else {
                    String a5 = a(a4);
                    str2 = a5 == null ? null : String.format("%s:%s", a5, a3);
                }
                if (str2 == null) {
                    AuthenticationMethod.a(callbackFuture, 3, "Unable to sign request. Could not generate ADP signature. Please check provided parameters.");
                    MAPLog.a(g, "Unable to sign request. Could not generate ADP signature.");
                } else {
                    Bundle bundle = new Bundle();
                    AuthenticatedRequestHelpers.a(bundle, d() ? "X-ADP-Request-Digest" : "x-adp-signature", str2);
                    AuthenticatedRequestHelpers.a(bundle, d() ? "X-ADP-Authentication-Token" : "x-adp-token", a2);
                    String str3 = d() ? null : "x-adp-alg";
                    if (str3 != null) {
                        AuthenticatedRequestHelpers.a(bundle, str3, d() ? null : "SHA256WithRSA:1.0");
                    }
                    if (callbackFuture != null) {
                        callbackFuture.b(bundle);
                    }
                }
            }
        } catch (MAPCallbackErrorException e) {
            Bundle a6 = e.a();
            AuthenticationMethod.a(callbackFuture, 6, "Getting ADP Token failed because of callback error. Error Bundle: " + BundleUtils.c(a6));
            MAPLog.a(g, "Getting ADP Token failed because of callback error. Error Bundle: " + BundleUtils.c(a6));
        } catch (InterruptedException e2) {
            Thread.currentThread().interrupt();
            AuthenticationMethod.a(callbackFuture, 6, "Getting ADP Token failed because of InterruptedException. This can happen if the caller kills the thread or asnc task that is calling MAP's api. Exception message: " + e2.getMessage());
            MAPLog.a(g, "Getting ADP Token failed because of InterruptedException. This can happen if the caller kills the thread or asnc task that is calling MAP's api. Exception message: " + e2.getMessage(), e2);
        } catch (ExecutionException e3) {
            AuthenticationMethod.a(callbackFuture, 6, "Getting ADP Token failed because of ExecutionException. This can happen when the thread or task was aborted. Exception message: " + e3.getMessage());
            MAPLog.a(g, "Getting ADP Token failed because of ExecutionException. This can happen when the thread or task was aborted. Exception message: " + e3.getMessage(), e3);
        } catch (TimeoutException e4) {
            AuthenticationMethod.a(callbackFuture, 6, "Getting ADP Token failed because of TimeoutException. This happens when the timeout passed into the future object occurs. Exception message: " + e4.getMessage());
            MAPLog.a(g, "Getting ADP Token failed because of TimeoutException. This happens when the timeout passed into the future object occurs. Exception message: " + e4.getMessage(), e4);
        }
        return callbackFuture;
    }

    @Override // com.amazon.identity.auth.device.api.ADPCorpusSigningAuthenticationMethod
    public MAPFuture<Bundle> a(final byte[] bArr, Bundle bundle, Callback callback) {
        final CallbackFuture callbackFuture = new CallbackFuture(callback);
        if (bArr == null) {
            ADPCorpusSigningCallbackHelpers.a(callbackFuture, g);
        } else if (TextUtils.isEmpty(this.d_) || !this.f.a(this.d_)) {
            ADPCorpusSigningCallbackHelpers.a(callbackFuture, 2, "The account is not valid or no longer registered.");
        } else {
            this.k.b(this.d_, TokenKeys.b(this.j), b(), new Callback() { // from class: com.amazon.identity.auth.device.api.InProcessAdpAuthenticationMethod.1
                @Override // com.amazon.identity.auth.device.api.Callback
                public void a(Bundle bundle2) {
                    MAPLog.a(InProcessAdpAuthenticationMethod.g, "Unknown error during signCorpus execution.");
                    ADPCorpusSigningCallbackHelpers.a(callbackFuture, 5, "Unknown error during signCorpus execution.");
                }

                @Override // com.amazon.identity.auth.device.api.Callback
                public void b(Bundle bundle2) {
                    String string = bundle2.getString("value_key");
                    String a2 = InProcessAdpAuthenticationMethod.this.a(bArr);
                    if (string == null || a2 == null) {
                        ADPCorpusSigningCallbackHelpers.a(callbackFuture, 2, "The account is not valid or no longer registered.");
                        return;
                    }
                    Bundle bundle3 = new Bundle();
                    bundle3.putString(ADPCorpusSigningAuthenticationMethod.f3249a, a2);
                    bundle3.putString("adp_token", string);
                    callbackFuture.b(bundle3);
                }
            });
        }
        return callbackFuture;
    }

    protected String a() {
        return new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'", Locale.US).format(new Date());
    }

    String a(byte[] bArr) {
        PrivateKey c2 = c();
        if (c2 == null) {
            return null;
        }
        byte[] b2 = d() ? b(bArr, c2) : a(bArr, c2);
        if (b2 != null) {
            return new String(Base64.encode(b2, 2));
        }
        return null;
    }
}
