package com.microsoft.intune.mam.client.fileencryption;

import com.microsoft.intune.mam.client.MAMException;
import com.microsoft.intune.mam.client.ipcclient.AppPolicyServiceWrapper;
import com.microsoft.intune.mam.client.telemetry.events.ScenarioEvent;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import com.microsoft.intune.mam.log.MAMSubOpTrace;
import com.microsoft.intune.mam.log.MAMTrace;
import com.microsoft.intune.mam.policy.BundleEncryptionKey;
import java.security.Key;
import java.util.HashMap;
import java.util.UUID;
import java.util.concurrent.Executor;
import java.util.logging.Level;
import javax.crypto.spec.SecretKeySpec;
import kotlin.eglGetConfigs;

/* loaded from: classes4.dex */
public class FileEncryptionKeyCacheImpl implements FileEncryptionKeyCache {
    private static final String DEFAULT_CIPHER = "AES";
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger(FileEncryptionKeyCacheImpl.class);
    static final int MAX_KEY_RETRIEVAL_FAILURES = 3;
    private Executor mExecutor;
    private AppPolicyServiceWrapper mProvider;
    private final HashMap<UUID, Key> mKnownKeys = new HashMap<>();
    private final HashMap<UUID, Integer> mFailedKeys = new HashMap<>();
    private UUID mCurrentMasterKeyId = null;
    private Key mCurrentMasterKey = null;
    private final Object mKeysLock = new Object();

    @eglGetConfigs
    public FileEncryptionKeyCacheImpl(AppPolicyServiceWrapper appPolicyServiceWrapper, Executor executor) {
        this.mProvider = appPolicyServiceWrapper;
        this.mExecutor = executor;
    }

    private int getPreviousKeyFailures(UUID uuid) {
        synchronized (this.mKeysLock) {
            Integer num = this.mFailedKeys.get(uuid);
            if (num == null) {
                return 0;
            }
            return num.intValue();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$startKeyFetchAsync$0() {
        MAMTrace.startSubOperation(ScenarioEvent.Scenario.ONLINE_APP_STARTUP, MAMSubOpTrace.ENCRYPTION_KEY_PREFETCH);
        try {
            BundleEncryptionKey prefetchCurrentFileEncryptionKey = this.mProvider.prefetchCurrentFileEncryptionKey();
            synchronized (this.mKeysLock) {
                if (prefetchCurrentFileEncryptionKey != null) {
                    setCurrentMasterKey(prefetchCurrentFileEncryptionKey);
                }
            }
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, "Unable to prefetch encryption key", e);
        }
        MAMTrace.endSubOperation(ScenarioEvent.Scenario.ONLINE_APP_STARTUP, MAMSubOpTrace.ENCRYPTION_KEY_PREFETCH);
    }

    @Override // com.microsoft.intune.mam.client.fileencryption.FileEncryptionKeyCache
    public void clearCachedKeys() {
        LOGGER.info("Clearing cached keys", new Object[0]);
        synchronized (this.mKeysLock) {
            this.mCurrentMasterKey = null;
            this.mCurrentMasterKeyId = null;
            this.mKnownKeys.clear();
        }
    }

    @Override // com.microsoft.intune.mam.client.fileencryption.FileEncryptionKeyCache
    public void clearFailedKeys() {
        this.mFailedKeys.clear();
    }

    @Override // com.microsoft.intune.mam.client.fileencryption.FileEncryptionKeyCache
    public Key getCurrentMasterKey() {
        return this.mCurrentMasterKey;
    }

    @Override // com.microsoft.intune.mam.client.fileencryption.FileEncryptionKeyCache
    public UUID getCurrentMasterKeyId() throws MAMException {
        UUID uuid = this.mCurrentMasterKeyId;
        if (uuid != null) {
            return uuid;
        }
        ScenarioEvent.Scenario scenario = ScenarioEvent.Scenario.ONLINE_APP_STARTUP;
        MAMSubOpTrace mAMSubOpTrace = MAMSubOpTrace.ENCRYPTION_KEY_GET;
        MAMTrace.startSubOperation(scenario, mAMSubOpTrace);
        ScenarioEvent.Scenario scenario2 = ScenarioEvent.Scenario.ONLINE_FIRST_HOOKED_ACTIVITY_STARTUP;
        MAMTrace.startSubOperation(scenario2, mAMSubOpTrace);
        BundleEncryptionKey currentFileEncryptionKey = this.mProvider.getCurrentFileEncryptionKey();
        MAMTrace.endSubOperation(scenario, mAMSubOpTrace);
        MAMTrace.endSubOperation(scenario2, mAMSubOpTrace);
        return setCurrentMasterKey(currentFileEncryptionKey);
    }

    @Override // com.microsoft.intune.mam.client.fileencryption.FileEncryptionKeyCache
    public Key retrieveKey(UUID uuid) throws MAMException {
        SecretKeySpec secretKeySpec;
        synchronized (this.mKeysLock) {
            Key key = this.mKnownKeys.get(uuid);
            if (key != null) {
                return key;
            }
            if (getPreviousKeyFailures(uuid) >= 3) {
                throw new MAMException(String.format("Failed to get file encryption key with id %s after maximum retries.", uuid.toString()));
            }
            if (!this.mProvider.areEncryptionKeysAccessible()) {
                throw new MAMKeyAccessNotAllowedException();
            }
            try {
                BundleEncryptionKey fileEncryptionKey = this.mProvider.getFileEncryptionKey(uuid);
                synchronized (this.mKeysLock) {
                    if (fileEncryptionKey == null) {
                        this.mFailedKeys.put(uuid, Integer.valueOf(getPreviousKeyFailures(uuid) + 1));
                        throw new MAMException(String.format("Failed to get file encryption key with id %s from client.", uuid.toString()));
                    }
                    secretKeySpec = new SecretKeySpec(fileEncryptionKey.getKey(), "AES");
                    if (fileEncryptionKey.isCurrentKey()) {
                        setCurrentMasterKey(fileEncryptionKey);
                    } else {
                        this.mKnownKeys.put(uuid, secretKeySpec);
                    }
                }
                return secretKeySpec;
            } catch (MAMException e) {
                synchronized (this.mKeysLock) {
                    this.mFailedKeys.put(uuid, Integer.valueOf(getPreviousKeyFailures(uuid) + 1));
                    throw e;
                }
            }
        }
    }

    @Override // com.microsoft.intune.mam.client.fileencryption.FileEncryptionKeyCache
    public UUID setCurrentMasterKey(BundleEncryptionKey bundleEncryptionKey) throws MAMException {
        UUID uuid;
        if (bundleEncryptionKey == null || bundleEncryptionKey.getKey() == null) {
            throw new MAMException("null encryption key is invalid");
        }
        synchronized (this.mKeysLock) {
            this.mCurrentMasterKeyId = bundleEncryptionKey.getKeyId();
            SecretKeySpec secretKeySpec = new SecretKeySpec(bundleEncryptionKey.getKey(), "AES");
            this.mCurrentMasterKey = secretKeySpec;
            this.mKnownKeys.put(this.mCurrentMasterKeyId, secretKeySpec);
            uuid = this.mCurrentMasterKeyId;
        }
        return uuid;
    }

    @Override // com.microsoft.intune.mam.client.fileencryption.FileEncryptionKeyCache
    public void startKeyFetchAsync() {
        this.mExecutor.execute(new Runnable() { // from class: com.microsoft.intune.mam.client.fileencryption.FileEncryptionKeyCacheImpl$$ExternalSyntheticLambda0
            @Override // java.lang.Runnable
            public final void run() {
                FileEncryptionKeyCacheImpl.this.lambda$startKeyFetchAsync$0();
            }
        });
    }
}
