package com.ca.mas.core.store;

import android.content.Context;
import android.util.Log;
import com.ca.mas.core.conf.ConfigurationManager;
import com.ca.mas.core.datasource.AccountManagerStoreDataSource;
import com.ca.mas.core.datasource.DataSource;
import com.ca.mas.core.datasource.MASSecureStorageDataSource;
import com.ca.mas.core.io.Charsets;
import com.ca.mas.core.security.KeyStoreException;
import com.ca.mas.core.token.IdToken;
import com.ca.mas.core.util.KeyUtilsAsymmetric;
import com.ca.mas.foundation.MAS;
import java.nio.charset.Charset;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class DefaultTokenManager implements TokenManager {
    private static final String MSSO_CLIENT_CERT_CHAIN_PREFIX = "msso.clientCertChain_";
    private static final String MSSO_CLIENT_PRIVATE_KEY = "msso.clientCertPrivateKey";
    private static final String MSSO_DEVICE_IDENTIFIER = "com.ca.mas.foundation.msso.DEVICE_IDENTIFIER";
    private static final String MSSO_DN = "cn=msso";
    private static final String MSSO_ID_TOKEN = "msso.idToken";
    private static final String MSSO_ID_TOKEN_TYPE = "msso.idTokenType";
    private static final String MSSO_MAG_IDENTIFIER = "msso.magIdentifier";
    private static final String MSSO_SECURE_ID_TOKEN = "msso.secureIdToken";
    private static final String MSSO_USER_PROFILE = "msso.userProfile";
    protected DataSource<String, byte[]> storage;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DefaultTokenManager(DataSource dataSource) {
        this.storage = dataSource;
    }

    private void deleteSecureItem(String str) throws TokenStoreException {
        try {
            this.storage.remove(getKey(str));
        } catch (Exception e10) {
            throw new TokenStoreException(e10);
        }
    }

    private String getKey(String str) {
        return ConfigurationManager.getInstance().getConnectedGateway().toString() + str;
    }

    private byte[] retrieveSecureItem(String str) throws TokenStoreException {
        try {
            return this.storage.get(getKey(str));
        } catch (Exception e10) {
            throw new TokenStoreException(e10);
        }
    }

    private void storeSecureItem(String str, byte[] bArr) throws TokenStoreException {
        try {
            this.storage.put(getKey(str), bArr);
        } catch (Exception e10) {
            throw new TokenStoreException(e10);
        }
    }

    @Override // com.ca.mas.core.store.TokenManager
    public void clear() throws TokenStoreException {
        deleteIdToken();
        deleteUserProfile();
        deleteSecureIdToken();
        KeyUtilsAsymmetric.deletePrivateKey(getKey(MSSO_CLIENT_PRIVATE_KEY));
        KeyUtilsAsymmetric.clearCertificateChain(getKey(MSSO_CLIENT_CERT_CHAIN_PREFIX));
        deleteSecureItem(MSSO_MAG_IDENTIFIER);
        KeyUtilsAsymmetric.deletePrivateKey(MSSO_DEVICE_IDENTIFIER);
    }

    @Override // com.ca.mas.core.store.TokenManager
    public void clearAll() {
        this.storage.removeAll(null);
        KeyUtilsAsymmetric.deletePrivateKey(getKey(MSSO_CLIENT_PRIVATE_KEY));
        KeyUtilsAsymmetric.clearCertificateChain(getKey(MSSO_CLIENT_CERT_CHAIN_PREFIX));
        KeyUtilsAsymmetric.deletePrivateKey(MSSO_DEVICE_IDENTIFIER);
    }

    @Override // com.ca.mas.core.store.TokenProvider
    public PrivateKey createPrivateKey(Context context, int i10) throws KeyStoreException {
        DataSource<String, byte[]> dataSource = this.storage;
        return ((dataSource instanceof AccountManagerStoreDataSource) || (dataSource instanceof MASSecureStorageDataSource)) ? KeyUtilsAsymmetric.generateRsaPrivateKey(i10, getKey(MSSO_CLIENT_PRIVATE_KEY), MSSO_DN, false, false, -1, false) : KeyUtilsAsymmetric.generateRsaPrivateKey(i10, getKey(MSSO_CLIENT_PRIVATE_KEY), MSSO_DN, true, false, -1, false);
    }

    @Override // com.ca.mas.core.store.TokenManager
    public void deleteIdToken() throws TokenStoreException {
        deleteSecureItem(MSSO_ID_TOKEN);
        deleteSecureItem(MSSO_ID_TOKEN_TYPE);
    }

    @Override // com.ca.mas.core.store.TokenManager
    public void deleteSecureIdToken() throws TokenStoreException {
        deleteSecureItem(MSSO_SECURE_ID_TOKEN);
    }

    @Override // com.ca.mas.core.store.TokenManager
    public void deleteUserProfile() throws TokenStoreException {
        deleteSecureItem(MSSO_USER_PROFILE);
    }

    @Override // com.ca.mas.core.store.TokenProvider
    public X509Certificate[] getClientCertificateChain() {
        try {
            return KeyUtilsAsymmetric.getCertificateChain(getKey(MSSO_CLIENT_CERT_CHAIN_PREFIX));
        } catch (Exception e10) {
            if (!MAS.DEBUG) {
                return null;
            }
            Log.e(MAS.TAG, "Unable to access client cert chain: " + e10.getMessage(), e10);
            return null;
        }
    }

    @Override // com.ca.mas.core.store.TokenProvider
    public PrivateKey getClientPrivateKey() {
        try {
            return KeyUtilsAsymmetric.getRsaPrivateKey(getKey(MSSO_CLIENT_PRIVATE_KEY));
        } catch (Exception e10) {
            if (!MAS.DEBUG) {
                return null;
            }
            Log.e(MAS.TAG, "Unable to get client private key: " + e10.getMessage(), e10);
            return null;
        }
    }

    @Override // com.ca.mas.core.store.TokenProvider
    public PublicKey getClientPublicKey() {
        try {
            return KeyUtilsAsymmetric.getRsaPublicKey(getKey(MSSO_CLIENT_PRIVATE_KEY));
        } catch (Exception e10) {
            if (!MAS.DEBUG) {
                return null;
            }
            Log.e(MAS.TAG, "Unable to get client public key: " + e10.getMessage(), e10);
            return null;
        }
    }

    @Override // com.ca.mas.core.store.TokenProvider
    public IdToken getIdToken() {
        try {
            byte[] retrieveSecureItem = retrieveSecureItem(MSSO_ID_TOKEN);
            if (retrieveSecureItem == null) {
                return null;
            }
            Charset charset = Charsets.UTF8;
            String str = new String(retrieveSecureItem, charset);
            byte[] retrieveSecureItem2 = retrieveSecureItem(MSSO_ID_TOKEN_TYPE);
            return new IdToken(str, retrieveSecureItem2 != null ? new String(retrieveSecureItem2, charset) : null);
        } catch (TokenStoreException e10) {
            if (MAS.DEBUG) {
                Log.e(MAS.TAG, "Unable to access ID token: " + e10.getMessage(), e10);
            }
            return null;
        }
    }

    @Override // com.ca.mas.core.store.TokenProvider
    public String getMagIdentifier() {
        try {
            byte[] retrieveSecureItem = retrieveSecureItem(MSSO_MAG_IDENTIFIER);
            if (retrieveSecureItem == null) {
                return null;
            }
            return new String(retrieveSecureItem, Charsets.UTF8);
        } catch (TokenStoreException e10) {
            if (MAS.DEBUG) {
                Log.e(MAS.TAG, "Unable to access client device identifier: " + e10.getMessage(), e10);
            }
            return null;
        }
    }

    @Override // com.ca.mas.core.store.TokenProvider
    public byte[] getSecureIdToken() {
        try {
            return retrieveSecureItem(MSSO_SECURE_ID_TOKEN);
        } catch (TokenStoreException e10) {
            if (!MAS.DEBUG) {
                return null;
            }
            Log.e(MAS.TAG, "Unable to retrieve encrypted ID token: " + e10.getMessage(), e10);
            return null;
        }
    }

    @Override // com.ca.mas.core.store.TokenManager
    public DataSource getTokenStore() {
        return this.storage;
    }

    @Override // com.ca.mas.core.store.TokenProvider
    public String getUserProfile() {
        try {
            byte[] retrieveSecureItem = retrieveSecureItem(MSSO_USER_PROFILE);
            if (retrieveSecureItem == null) {
                return null;
            }
            return new String(retrieveSecureItem, Charsets.UTF8);
        } catch (TokenStoreException e10) {
            if (MAS.DEBUG) {
                Log.e(MAS.TAG, "Unable to access client username: " + e10.getMessage(), e10);
            }
            return null;
        }
    }

    @Override // com.ca.mas.core.store.TokenProvider
    public boolean isClientCertificateChainAvailable() {
        try {
            return KeyUtilsAsymmetric.getCertificateChain(getKey(MSSO_CLIENT_CERT_CHAIN_PREFIX)) != null;
        } catch (Exception e10) {
            if (MAS.DEBUG) {
                Log.e(MAS.TAG, "Unable to access client cert chain: " + e10.getMessage(), e10);
            }
            return false;
        }
    }

    @Override // com.ca.mas.core.store.TokenManager
    public boolean isTokenStoreReady() {
        return this.storage.isReady();
    }

    @Override // com.ca.mas.core.store.TokenManager
    public void saveClientCertificateChain(X509Certificate[] x509CertificateArr) throws TokenStoreException {
        try {
            KeyUtilsAsymmetric.setCertificateChain(getKey(MSSO_CLIENT_CERT_CHAIN_PREFIX), x509CertificateArr);
        } catch (Exception e10) {
            if (MAS.DEBUG) {
                Log.e(MAS.TAG, "Unable to save client certificate chain: " + e10.getMessage(), e10);
            }
            throw new TokenStoreException("Unable to save client certificate chain: " + e10.getMessage());
        }
    }

    @Override // com.ca.mas.core.store.TokenManager
    public void saveIdToken(IdToken idToken) throws TokenStoreException {
        String value = idToken.getValue();
        Charset charset = Charsets.UTF8;
        storeSecureItem(MSSO_ID_TOKEN, value.getBytes(charset));
        storeSecureItem(MSSO_ID_TOKEN_TYPE, idToken.getType().getBytes(charset));
    }

    @Override // com.ca.mas.core.store.TokenManager
    public void saveMagIdentifier(String str) throws TokenStoreException {
        storeSecureItem(MSSO_MAG_IDENTIFIER, str.getBytes(Charsets.UTF8));
    }

    @Override // com.ca.mas.core.store.TokenManager
    public void saveSecureIdToken(byte[] bArr) throws TokenStoreException {
        storeSecureItem(MSSO_SECURE_ID_TOKEN, bArr);
    }

    @Override // com.ca.mas.core.store.TokenManager
    public void saveUserProfile(String str) throws TokenStoreException {
        storeSecureItem(MSSO_USER_PROFILE, str.getBytes(Charsets.UTF8));
    }
}
