package com.amazon.identity.auth.device;

import android.content.Context;
import android.os.Build;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Base64;
import com.amazon.identity.auth.device.api.MAPAccountManager;
import com.amazon.identity.auth.device.api.MAPCallbackErrorException;
import com.amazon.identity.auth.device.attribute.DeviceAttribute;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.concurrent.ExecutionException;

/* compiled from: DCP */
/* loaded from: classes.dex */
public final class il {
    private static final String[] a = {"-----BEGIN RSA PRIVATE KEY-----", "-----END RSA PRIVATE KEY-----", "-----BEGIN EC PRIVATE KEY-----", "-----END EC PRIVATE KEY-----", "-----BEGIN PRIVATE KEY-----", "-----END PRIVATE KEY-----"};
    private static final String b = il.class.getName();

    /* compiled from: DCP */
    /* loaded from: classes.dex */
    public static class a {
        protected KeyFactory a(String str) {
            return KeyFactory.getInstance(str);
        }

        protected KeyFactory b(String str, String str2) {
            return KeyFactory.getInstance(str, str2);
        }
    }

    private il() {
    }

    static KeyFactory a(String str, a aVar) {
        if (TextUtils.isEmpty(str)) {
            io.o(b, "The algorithm cannot be null");
            throw new IllegalArgumentException("The algorithm cannot be null");
        }
        int i2 = Build.VERSION.SDK_INT;
        if (i2 >= 28) {
            io.t(b, "KeyFactory at Android version " + i2);
            try {
                return aVar.a(str);
            } catch (Exception e2) {
                io.p(b, "getKeyFactory: Could not get private key because there was no " + str + " algorithm", e2);
                mq.s("MAPKeyFactoryGenerationError:DefaultProviderNotSupportAlgorithm:Algorithm:" + str + ":SystemVersion:" + Build.VERSION.SDK_INT, new String[0]);
                return null;
            }
        }
        try {
            return aVar.b(str, "BC");
        } catch (NoSuchAlgorithmException e3) {
            io.p(b, "getKeyFactory: Could not get private key because there was no " + str + " algorithm", e3);
            mq.s("MAPKeyFactoryGenerationError:BouncyCastleMissing:Algorithm:" + str + ":SystemVersion:" + Build.VERSION.SDK_INT, new String[0]);
            try {
                return aVar.a(str);
            } catch (NoSuchAlgorithmException e4) {
                io.p(b, "getKeyFactory: Could not get private key because there was no RSA algorithm", e4);
                mq.s("MAPKeyFactoryGenerationError:DefaultProviderNotSupportAlgorithm:Algorithm:" + str + ":SystemVersion:" + Build.VERSION.SDK_INT, new String[0]);
                return null;
            }
        } catch (NoSuchProviderException e5) {
            io.p(b, "The device doesn't contain BouncyCastle Provider, try using the default.", e5);
            mq.s("MAPKeyFactoryGenerationError:MissingBouncyCastle:Algorithm:" + str + ":SystemVersion:" + Build.VERSION.SDK_INT, new String[0]);
            try {
                return aVar.a(str);
            } catch (NoSuchAlgorithmException e6) {
                io.p(b, "getKeyFactory: Could not get private key because there was no RSA algorithm", e6);
                mq.s("MAPKeyFactoryGenerationError:DefaultProviderNotSupportAlgorithm:Algorithm:" + str + ":SystemVersion:" + Build.VERSION.SDK_INT, new String[0]);
                return null;
            }
        }
    }

    public static KeyFactory b(String str) {
        return a(str, new a());
    }

    public static String c(String str) {
        if (str == null) {
            return null;
        }
        for (String str2 : a) {
            str = str.replace(str2, "");
        }
        return str.trim();
    }

    public static PrivateKey d(String str) {
        if (TextUtils.isEmpty(str)) {
            return null;
        }
        KeyFactory b2 = b("RSA");
        if (b2 == null) {
            io.w(b, "Failed to create keyFactory for the input key");
            return null;
        }
        String str2 = b;
        new StringBuilder("Key Factory created using the algorithm as ").append(b2.getAlgorithm());
        io.j(str2);
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decode(c(str).getBytes(), 0));
        try {
            return b2.generatePrivate(pKCS8EncodedKeySpec);
        } catch (InvalidKeySpecException e2) {
            io.j(b);
            try {
                return b("EC").generatePrivate(pKCS8EncodedKeySpec);
            } catch (InvalidKeySpecException e3) {
                String str3 = b;
                io.p(str3, "Failed to create private key using the original algo: " + b2.getAlgorithm(), e2);
                io.p(str3, "Failed to create private key when retried using algo: EC", e3);
                throw e2;
            }
        }
    }

    public static void e(Context context, String str) {
        if (!TextUtils.equals(str, "SSO Currently does not have credentials") || mz.f(context)) {
            return;
        }
        String a2 = iw.a(context, DeviceAttribute.CentralDeviceType);
        io.o(b, "Central DMS token or DMS private key get corrupted, MAP is going to deregister device to clean the state");
        mq.s("DMSCredentialCorrupted:DeviceType:" + a2 + ":SYSTEM_VERSION:" + Build.VERSION.SDK_INT, new String[0]);
        try {
            new MAPAccountManager(context).k(null).get();
        } catch (MAPCallbackErrorException e2) {
            Bundle errorBundle = e2.getErrorBundle();
            io.o(b, "Error deregister the device when DMS private-key/DMS token got corrupted or missing. Error code:" + errorBundle.getInt("com.amazon.dcp.sso.ErrorCode") + " Error message is:" + errorBundle.getString("com.amazon.dcp.sso.ErrorMessage"));
        } catch (InterruptedException e3) {
            io.p(b, "InterruptedException! Error deregister the device when DMS private-key/DMS token got corrupted or missing. ", e3);
        } catch (ExecutionException e4) {
            io.p(b, "ExecutionException! Error deregister the device when DMS private-key/DMS token got corrupted or missing.", e4);
        }
        io.t(b, "Successfully deregister the device when DMS private-key/DMS token got corrupted or missing.");
    }
}
