package com.amazon.dcp.sso;

import android.accounts.Account;
import android.accounts.AuthenticatorException;
import android.accounts.OperationCanceledException;
import android.content.Context;
import android.net.Uri;
import android.os.Bundle;
import android.util.Base64;
import com.amazon.kindle.cms.ipc.Constants;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.Date;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes.dex */
class InProcessAdpAuthenticationMethod extends AuthenticationMethod {
    private final TokenCache mCache;
    private static final String TAG = InProcessAdpAuthenticationMethod.class.getName();
    private static final byte[] NEW_LINE = "\n".getBytes();

    /* JADX INFO: Access modifiers changed from: package-private */
    public InProcessAdpAuthenticationMethod(Context context, String str, Account account, AuthenticationType authenticationType) {
        super(context, str, account, authenticationType);
        this.mCache = new TokenCache(context, account);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public InProcessAdpAuthenticationMethod(Context context, String str, Account account, String str2) {
        super(context, str, account, str2);
        this.mCache = new TokenCache(context, account);
    }

    private String getAdpAlgorithm() {
        if (useLegacyAuth()) {
            return null;
        }
        return "SHA256WithRSA:1.0";
    }

    private String getAdpAlgorithmHeaderName() {
        if (useLegacyAuth()) {
            return null;
        }
        return "x-adp-alg";
    }

    private String getAdpSignature(IRequestAdapter iRequestAdapter) {
        String currentTimestamp = getCurrentTimestamp();
        byte[] corpus = getCorpus(iRequestAdapter, currentTimestamp);
        if (corpus == null || currentTimestamp == null) {
            String str = TAG;
            return null;
        }
        String signBufferAsBase64 = signBufferAsBase64(corpus);
        if (signBufferAsBase64 != null) {
            return String.format("%s:%s", signBufferAsBase64, currentTimestamp);
        }
        return null;
    }

    private String getAdpSignatureHeaderName() {
        return useLegacyAuth() ? "X-ADP-Request-Digest" : "x-adp-signature";
    }

    private String getAdpTokenHeaderName() {
        return useLegacyAuth() ? "X-ADP-Authentication-Token" : "x-adp-token";
    }

    private byte[] getBytes(IRequestAdapter iRequestAdapter) {
        if (AuthenticatedRequestHelpers.IDENTITY_SIGNING_AUTH_TYPE.equals(getAuthenticationType())) {
            return new byte[0];
        }
        byte[] body = iRequestAdapter.getBody();
        return body == null ? new byte[0] : body;
    }

    private byte[] getCorpus(IRequestAdapter iRequestAdapter, String str) {
        byte[] bArr = null;
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            String httpVerb = iRequestAdapter.getHttpVerb();
            if (httpVerb == null) {
                String str2 = TAG;
            } else {
                String path = getPath(iRequestAdapter);
                if (path == null) {
                    String str3 = TAG;
                } else {
                    byte[] bytes = getBytes(iRequestAdapter);
                    String adpToken = getAdpToken();
                    if (adpToken == null) {
                        String str4 = TAG;
                    } else {
                        byteArrayOutputStream.write(httpVerb.getBytes());
                        byteArrayOutputStream.write(NEW_LINE);
                        byteArrayOutputStream.write(path.getBytes());
                        byteArrayOutputStream.write(NEW_LINE);
                        byteArrayOutputStream.write(str.getBytes());
                        byteArrayOutputStream.write(NEW_LINE);
                        byteArrayOutputStream.write(bytes);
                        byteArrayOutputStream.write(NEW_LINE);
                        byteArrayOutputStream.write(adpToken.getBytes());
                        bArr = byteArrayOutputStream.toByteArray();
                    }
                }
            }
        } catch (IOException e) {
            String str5 = TAG;
        }
        return bArr;
    }

    private KeyFactory getKeyFactory(String str) {
        try {
            return str.contains("-----BEGIN RSA PRIVATE KEY-----") ? KeyFactory.getInstance("RSA", "BC") : KeyFactory.getInstance("RSA");
        } catch (NoSuchAlgorithmException e) {
            String str2 = TAG;
            return null;
        } catch (NoSuchProviderException e2) {
            String str3 = TAG;
            return null;
        }
    }

    private String getPath(IRequestAdapter iRequestAdapter) {
        Uri uri = iRequestAdapter.getUri();
        if (uri == null) {
            return null;
        }
        if (AuthenticatedRequestHelpers.IDENTITY_SIGNING_AUTH_TYPE.equals(getAuthenticationType())) {
            return uri.toString();
        }
        String path = uri.getPath();
        if (path == null) {
            path = Constants.COMPATIBILITY_DEFAULT_USER;
        }
        if (!path.startsWith("/")) {
            path = "/" + path;
        }
        String query = uri.getQuery();
        return (query == null || query.isEmpty()) ? path : path + "?" + query;
    }

    private PrivateKey getPrivateKey() {
        String privateKeyString;
        KeyFactory keyFactory;
        PrivateKey privateKey = null;
        try {
            privateKeyString = getPrivateKeyString();
        } catch (InvalidKeySpecException e) {
            String str = TAG;
        }
        if (privateKeyString == null || (keyFactory = getKeyFactory(privateKeyString)) == null) {
            return null;
        }
        privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(privateKeyString.replaceAll("-----BEGIN RSA PRIVATE KEY-----", Constants.COMPATIBILITY_DEFAULT_USER).replaceAll("-----END RSA PRIVATE KEY-----", Constants.COMPATIBILITY_DEFAULT_USER).replaceAll("-----BEGIN PRIVATE KEY-----", Constants.COMPATIBILITY_DEFAULT_USER).replaceAll("-----END PRIVATE KEY-----", Constants.COMPATIBILITY_DEFAULT_USER).trim().getBytes(), 0)));
        return privateKey;
    }

    private String signBufferAsBase64(byte[] bArr) {
        PrivateKey privateKey = getPrivateKey();
        if (privateKey == null) {
            return null;
        }
        byte[] signWithOldAuth = useLegacyAuth() ? signWithOldAuth(bArr, privateKey) : signWithNewAuth(bArr, privateKey);
        return signWithOldAuth != null ? new String(Base64.encode(signWithOldAuth, 2)) : null;
    }

    private byte[] signWithNewAuth(byte[] bArr, PrivateKey privateKey) {
        try {
            Signature signature = Signature.getInstance("SHA256WithRSA");
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException e) {
            String str = TAG;
            return null;
        } catch (NoSuchAlgorithmException e2) {
            String str2 = TAG;
            return null;
        } catch (SignatureException e3) {
            String str3 = TAG;
            return null;
        }
    }

    private byte[] signWithOldAuth(byte[] bArr, PrivateKey privateKey) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            byte[] digest = messageDigest.digest();
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, privateKey);
            cipher.update(digest);
            return cipher.doFinal();
        } catch (InvalidKeyException e) {
            String str = TAG;
            String str2 = "Signing request with old auth failed because of InvalidKeyException: " + e.getMessage();
            return null;
        } catch (NoSuchAlgorithmException e2) {
            String str3 = TAG;
            String str4 = "Signing request with old auth failed because of NoSuchAlgorithmException: " + e2.getMessage();
            return null;
        } catch (BadPaddingException e3) {
            String str5 = TAG;
            String str6 = "Signing request with old auth failed because of BadPaddingException: " + e3.getMessage();
            return null;
        } catch (IllegalBlockSizeException e4) {
            String str7 = TAG;
            String str8 = "Signing request with old auth failed because of IllegalBlockSizeException: " + e4.getMessage();
            return null;
        } catch (NoSuchPaddingException e5) {
            String str9 = TAG;
            String str10 = "Signing request with old auth failed because of NoSuchPaddingException: " + e5.getMessage();
            return null;
        }
    }

    private boolean useLegacyAuth() {
        return AuthenticationType.DeviceAuthenticator.getValue().equals(getAuthenticationType());
    }

    protected String getAdpToken() {
        try {
            return this.mCache.blockingFetchToken(AccountConstants.TOKEN_TYPE_DEVICE_ADP_TOKEN);
        } catch (AuthenticatorException e) {
            String str = TAG;
            return null;
        } catch (OperationCanceledException e2) {
            String str2 = TAG;
            return null;
        } catch (IOException e3) {
            String str3 = TAG;
            return null;
        }
    }

    @Override // com.amazon.dcp.sso.AuthenticationMethod
    protected Bundle getAuthenticationBundle(IRequestAdapter iRequestAdapter) throws IOException {
        Bundle bundle = null;
        String adpToken = getAdpToken();
        if (adpToken == null) {
            String str = TAG;
        } else {
            String adpSignature = getAdpSignature(iRequestAdapter);
            if (adpSignature == null || adpToken == null) {
                String str2 = TAG;
            } else {
                bundle = new Bundle();
                AuthenticatedRequestHelpers.setHeaderInBundle(bundle, getAdpSignatureHeaderName(), adpSignature);
                AuthenticatedRequestHelpers.setHeaderInBundle(bundle, getAdpTokenHeaderName(), adpToken);
                String adpAlgorithmHeaderName = getAdpAlgorithmHeaderName();
                if (adpAlgorithmHeaderName != null) {
                    AuthenticatedRequestHelpers.setHeaderInBundle(bundle, adpAlgorithmHeaderName, getAdpAlgorithm());
                }
            }
        }
        return bundle;
    }

    protected String getCurrentTimestamp() {
        return new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'").format(new Date());
    }

    protected String getPrivateKeyString() {
        try {
            return this.mCache.blockingFetchToken(AccountConstants.TOKEN_TYPE_DEVICE_PRIVATE_KEY);
        } catch (AuthenticatorException e) {
            String str = TAG;
            return null;
        } catch (OperationCanceledException e2) {
            String str2 = TAG;
            return null;
        } catch (IOException e3) {
            String str3 = TAG;
            return null;
        }
    }
}
