package com.microsoft.mmx.agents.ypp.authclient.trust;

import Microsoft.Windows.MobilityExperience.Health.Agents.GetAccountSecretActivity;
import Microsoft.Windows.MobilityExperience.Health.Agents.PrefetchAccountSecretActivity;
import android.util.Base64;
import com.microsoft.appmanager.telemetry.TraceContext;
import com.microsoft.mmx.agents.Constants;
import com.microsoft.mmx.agents.di.AgentScope;
import com.microsoft.mmx.agents.ypp.EnvironmentType;
import com.microsoft.mmx.agents.ypp.authclient.crypto.KeyManager;
import com.microsoft.mmx.agents.ypp.authclient.telemetry.TrustHelperTelemetry;
import com.microsoft.mmx.agents.ypp.authclient.trust.accountsecret.AccountSecretCache;
import com.microsoft.mmx.agents.ypp.authclient.trust.accountsecret.AccountSecretRepository;
import com.microsoft.mmx.agents.ypp.authclient.trust.accountsecret.AccountSecretResult;
import com.microsoft.mmx.agents.ypp.authclient.trust.accountsecret.AccountSecretResultStatus;
import com.microsoft.mmx.agents.ypp.authclient.trust.accountsecret.AccountSecretUtils;
import com.microsoft.mmx.agents.ypp.authclient.trust.accountsecret.SecretDistributionServiceClient;
import com.microsoft.mmx.agents.ypp.configuration.PlatformConfiguration;
import com.microsoft.mmx.agents.ypp.servicesclient.models.AccountSecretResponse;
import java.nio.charset.Charset;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.function.BiConsumer;
import java.util.function.Function;
import javax.inject.Inject;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import org.jetbrains.annotations.NotNull;
import org.joda.time.DateTime;

/* compiled from: TrustHelper.kt */
@Metadata(d1 = {"\u0000x\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0007\u0018\u0000 .2\u00020\u0001:\u0001.B7\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t\u0012\u0006\u0010\n\u001a\u00020\u000b\u0012\u0006\u0010\f\u001a\u00020\r¢\u0006\u0002\u0010\u000eJ\u0010\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u0014H\u0002J\u0010\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u0018H\u0002J0\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u001c2\u0006\u0010\u001e\u001a\u00020\u001f2\u0006\u0010 \u001a\u00020!2\u0006\u0010\u0017\u001a\u00020\u0018H\u0002J&\u0010\"\u001a\b\u0012\u0004\u0012\u00020\u001a0#2\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010 \u001a\u00020!2\u0006\u0010\u0017\u001a\u00020\u0018H\u0016J&\u0010$\u001a\b\u0012\u0004\u0012\u00020\u001a0#2\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010 \u001a\u00020!2\u0006\u0010\u0017\u001a\u00020\u0018H\u0002J&\u0010%\u001a\b\u0012\u0004\u0012\u00020\u001a0#2\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010 \u001a\u00020!2\u0006\u0010\u0017\u001a\u00020\u0018H\u0002J\u0018\u0010&\u001a\u00020\u001a2\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0017\u001a\u00020\u0018H\u0002J\u0010\u0010'\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u0014H\u0002J\u0010\u0010(\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u0014H\u0002J \u0010)\u001a\u00020\u00162\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010 \u001a\u00020!2\u0006\u0010\u0017\u001a\u00020\u0018H\u0002J\u001e\u0010*\u001a\b\u0012\u0004\u0012\u00020+0#2\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u0017\u001a\u00020\u0018H\u0016J\u0018\u0010,\u001a\u00020\u00162\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0017\u001a\u00020\u0018H\u0002J \u0010-\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0017\u001a\u00020\u0018H\u0002R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\rX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u000f\u001a\u00020\u0010X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u000bX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006/"}, d2 = {"Lcom/microsoft/mmx/agents/ypp/authclient/trust/TrustHelper;", "Lcom/microsoft/mmx/agents/ypp/authclient/trust/ITrustHelper;", "keyManager", "Lcom/microsoft/mmx/agents/ypp/authclient/crypto/KeyManager;", "accountSecretRepository", "Lcom/microsoft/mmx/agents/ypp/authclient/trust/accountsecret/AccountSecretRepository;", "secretDistributionServiceClient", "Lcom/microsoft/mmx/agents/ypp/authclient/trust/accountsecret/SecretDistributionServiceClient;", "platformConfiguration", "Lcom/microsoft/mmx/agents/ypp/configuration/PlatformConfiguration;", "telemetry", "Lcom/microsoft/mmx/agents/ypp/authclient/telemetry/TrustHelperTelemetry;", "accountSecretUtils", "Lcom/microsoft/mmx/agents/ypp/authclient/trust/accountsecret/AccountSecretUtils;", "(Lcom/microsoft/mmx/agents/ypp/authclient/crypto/KeyManager;Lcom/microsoft/mmx/agents/ypp/authclient/trust/accountsecret/AccountSecretRepository;Lcom/microsoft/mmx/agents/ypp/authclient/trust/accountsecret/SecretDistributionServiceClient;Lcom/microsoft/mmx/agents/ypp/configuration/PlatformConfiguration;Lcom/microsoft/mmx/agents/ypp/authclient/telemetry/TrustHelperTelemetry;Lcom/microsoft/mmx/agents/ypp/authclient/trust/accountsecret/AccountSecretUtils;)V", "lock", "", "canSwitchToPrefetchSecret", "", "accountSecretCache", "Lcom/microsoft/mmx/agents/ypp/authclient/trust/accountsecret/AccountSecretCache;", "clearExpiredAccountSecret", "", "traceContext", "Lcom/microsoft/appmanager/telemetry/TraceContext;", "deriveAndPersistKeys", "Lcom/microsoft/mmx/agents/ypp/authclient/trust/accountsecret/AccountSecretResult;", "msaEmail", "", "masterKeyAlias", "expirationTime", "Lorg/joda/time/DateTime;", "environment", "Lcom/microsoft/mmx/agents/ypp/EnvironmentType;", "getAccountSecretAsync", "Ljava/util/concurrent/CompletableFuture;", "getAccountSecretFromServiceAsync", "getAccountSecretInternalLockedAsync", "getAccountSecretResultFromCache", "isSecretExpired", "needToPrefetch", Constants.DEPENDENCY_NAME.PREFETCH_SECRET, "provisionAccountAsync", "Lcom/microsoft/mmx/agents/ypp/authclient/trust/ProvisionAccountResult;", "removeAccountSecret", "switchToPrefetchSecret", "Companion", "agents_productionRelease"}, k = 1, mv = {1, 6, 0}, xi = 48)
@AgentScope
/* loaded from: classes3.dex */
public final class TrustHelper implements ITrustHelper {

    @NotNull
    private static final byte[] AD_KEY_SALT;

    @NotNull
    private static final byte[] MAC_KEY_SALT;

    @NotNull
    private static final byte[] MSG_KEY_SALT;

    @NotNull
    private final AccountSecretRepository accountSecretRepository;

    @NotNull
    private final AccountSecretUtils accountSecretUtils;

    @NotNull
    private final KeyManager keyManager;

    @NotNull
    private final Object lock;

    @NotNull
    private final PlatformConfiguration platformConfiguration;

    @NotNull
    private final SecretDistributionServiceClient secretDistributionServiceClient;

    @NotNull
    private final TrustHelperTelemetry telemetry;

    static {
        Charset charset = Charsets.UTF_8;
        byte[] bytes = "MSG_KEY_SALT".getBytes(charset);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        MSG_KEY_SALT = bytes;
        byte[] bytes2 = "MAC_KEY_SALT".getBytes(charset);
        Intrinsics.checkNotNullExpressionValue(bytes2, "this as java.lang.String).getBytes(charset)");
        MAC_KEY_SALT = bytes2;
        byte[] bytes3 = "AD_KEY_SALT".getBytes(charset);
        Intrinsics.checkNotNullExpressionValue(bytes3, "this as java.lang.String).getBytes(charset)");
        AD_KEY_SALT = bytes3;
    }

    @Inject
    public TrustHelper(@NotNull KeyManager keyManager, @NotNull AccountSecretRepository accountSecretRepository, @NotNull SecretDistributionServiceClient secretDistributionServiceClient, @NotNull PlatformConfiguration platformConfiguration, @NotNull TrustHelperTelemetry telemetry, @NotNull AccountSecretUtils accountSecretUtils) {
        Intrinsics.checkNotNullParameter(keyManager, "keyManager");
        Intrinsics.checkNotNullParameter(accountSecretRepository, "accountSecretRepository");
        Intrinsics.checkNotNullParameter(secretDistributionServiceClient, "secretDistributionServiceClient");
        Intrinsics.checkNotNullParameter(platformConfiguration, "platformConfiguration");
        Intrinsics.checkNotNullParameter(telemetry, "telemetry");
        Intrinsics.checkNotNullParameter(accountSecretUtils, "accountSecretUtils");
        this.keyManager = keyManager;
        this.accountSecretRepository = accountSecretRepository;
        this.secretDistributionServiceClient = secretDistributionServiceClient;
        this.platformConfiguration = platformConfiguration;
        this.telemetry = telemetry;
        this.accountSecretUtils = accountSecretUtils;
        this.lock = new Object();
    }

    private final boolean canSwitchToPrefetchSecret(AccountSecretCache accountSecretCache) {
        DateTime prefetchKeyExpirationTime = accountSecretCache.getPrefetchKeyExpirationTime();
        return accountSecretCache.getPrefetchMasterKeyAlias() != null && prefetchKeyExpirationTime != null && prefetchKeyExpirationTime.isAfterNow() && accountSecretCache.getActiveKeyExpirationTime().isBeforeNow();
    }

    private final void clearExpiredAccountSecret(TraceContext traceContext) {
        for (AccountSecretCache accountSecretCache : this.accountSecretRepository.getAll(traceContext)) {
            if (isSecretExpired(accountSecretCache)) {
                this.telemetry.removeExpiredAccountSecret(accountSecretCache, traceContext);
                removeAccountSecret(accountSecretCache, traceContext);
            }
        }
    }

    private final AccountSecretResult deriveAndPersistKeys(String msaEmail, String masterKeyAlias, DateTime expirationTime, EnvironmentType environment, TraceContext traceContext) {
        String msgKeyAlias = this.keyManager.deriveKey(masterKeyAlias, MSG_KEY_SALT, traceContext);
        String macKeyAlias = this.keyManager.deriveKey(masterKeyAlias, MAC_KEY_SALT, traceContext);
        String adKeyAlias = this.keyManager.deriveKey(masterKeyAlias, AD_KEY_SALT, traceContext);
        Intrinsics.checkNotNullExpressionValue(msgKeyAlias, "msgKeyAlias");
        Intrinsics.checkNotNullExpressionValue(macKeyAlias, "macKeyAlias");
        Intrinsics.checkNotNullExpressionValue(adKeyAlias, "adKeyAlias");
        this.accountSecretRepository.setAccountSecret(new AccountSecretCache(msaEmail, masterKeyAlias, msgKeyAlias, macKeyAlias, adKeyAlias, expirationTime, null, null, null, environment), traceContext);
        return AccountSecretResult.INSTANCE.successResult(this.keyManager.getSecretKey(msgKeyAlias, traceContext), this.keyManager.getSecretKey(macKeyAlias, traceContext), this.keyManager.getSecretKey(adKeyAlias, traceContext), expirationTime);
    }

    private final CompletableFuture<AccountSecretResult> getAccountSecretFromServiceAsync(String msaEmail, EnvironmentType environment, TraceContext traceContext) {
        CompletableFuture<AccountSecretResult> exceptionally = this.secretDistributionServiceClient.getActiveSecretAsync(environment, traceContext).thenCompose((Function<? super AccountSecretResponse, ? extends CompletionStage<U>>) new com.microsoft.mmx.agents.camera.b(2, this, msaEmail, traceContext, environment)).exceptionally((Function<Throwable, ? extends U>) new Function() { // from class: com.microsoft.mmx.agents.ypp.authclient.trust.h
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                AccountSecretResult m391getAccountSecretFromServiceAsync$lambda8;
                m391getAccountSecretFromServiceAsync$lambda8 = TrustHelper.m391getAccountSecretFromServiceAsync$lambda8(TrustHelper.this, (Throwable) obj);
                return m391getAccountSecretFromServiceAsync$lambda8;
            }
        });
        Intrinsics.checkNotNullExpressionValue(exceptionally, "secretDistributionServic…tStatus(it)\n            }");
        return exceptionally;
    }

    /* renamed from: getAccountSecretFromServiceAsync$lambda-7 */
    public static final CompletionStage m390getAccountSecretFromServiceAsync$lambda7(TrustHelper this$0, String msaEmail, TraceContext traceContext, EnvironmentType environment, AccountSecretResponse accountSecretResponse) {
        CompletableFuture completedFuture;
        Intrinsics.checkNotNullParameter(this$0, "this$0");
        Intrinsics.checkNotNullParameter(msaEmail, "$msaEmail");
        Intrinsics.checkNotNullParameter(traceContext, "$traceContext");
        Intrinsics.checkNotNullParameter(environment, "$environment");
        synchronized (this$0.lock) {
            AccountSecretCache accountSecret = this$0.accountSecretRepository.getAccountSecret(msaEmail, traceContext);
            if (accountSecret != null) {
                this$0.telemetry.removePreviousAccountSecretCache(accountSecret);
                this$0.removeAccountSecret(accountSecret, traceContext);
            }
            String masterKeyAlias = this$0.keyManager.importKeyBytes(Base64.decode(accountSecretResponse.getSecretEncoded(), 0), traceContext);
            Intrinsics.checkNotNullExpressionValue(masterKeyAlias, "masterKeyAlias");
            completedFuture = CompletableFuture.completedFuture(this$0.deriveAndPersistKeys(msaEmail, masterKeyAlias, accountSecretResponse.getExpirationDateTime(), environment, traceContext));
        }
        return completedFuture;
    }

    /* renamed from: getAccountSecretFromServiceAsync$lambda-8 */
    public static final AccountSecretResult m391getAccountSecretFromServiceAsync$lambda8(TrustHelper this$0, Throwable it) {
        Intrinsics.checkNotNullParameter(this$0, "this$0");
        AccountSecretUtils accountSecretUtils = this$0.accountSecretUtils;
        Intrinsics.checkNotNullExpressionValue(it, "it");
        return accountSecretUtils.mapExceptionToResultStatus(it);
    }

    private final CompletableFuture<AccountSecretResult> getAccountSecretInternalLockedAsync(String msaEmail, EnvironmentType environment, TraceContext traceContext) {
        final GetAccountSecretActivity createGetAccountSecretActivity = this.telemetry.createGetAccountSecretActivity();
        AccountSecretCache accountSecret = this.accountSecretRepository.getAccountSecret(msaEmail, traceContext);
        if (accountSecret == null || environment != accountSecret.getEnvironmentType()) {
            clearExpiredAccountSecret(traceContext);
            CompletableFuture<AccountSecretResult> accountSecretFromServiceAsync = getAccountSecretFromServiceAsync(msaEmail, environment, traceContext);
            final int i = 0;
            CompletableFuture<AccountSecretResult> whenComplete = accountSecretFromServiceAsync.whenComplete(new BiConsumer(this) { // from class: com.microsoft.mmx.agents.ypp.authclient.trust.i

                /* renamed from: b, reason: collision with root package name */
                public final /* synthetic */ TrustHelper f6399b;

                {
                    this.f6399b = this;
                }

                @Override // java.util.function.BiConsumer
                public final void accept(Object obj, Object obj2) {
                    int i2 = i;
                    GetAccountSecretActivity getAccountSecretActivity = createGetAccountSecretActivity;
                    TrustHelper trustHelper = this.f6399b;
                    switch (i2) {
                        case 0:
                            TrustHelper.m392getAccountSecretInternalLockedAsync$lambda1(trustHelper, getAccountSecretActivity, (AccountSecretResult) obj, (Throwable) obj2);
                            return;
                        default:
                            TrustHelper.m393getAccountSecretInternalLockedAsync$lambda2(trustHelper, getAccountSecretActivity, (AccountSecretResult) obj, (Throwable) obj2);
                            return;
                    }
                }
            });
            Intrinsics.checkNotNullExpressionValue(whenComplete, "getAccountSecretFromServ…      }\n                }");
            return whenComplete;
        }
        if (needToPrefetch(accountSecret)) {
            accountSecret.setLastPrefetchTime(DateTime.now());
            prefetchSecret(accountSecret, environment, traceContext);
        }
        if (canSwitchToPrefetchSecret(accountSecret)) {
            AccountSecretResult switchToPrefetchSecret = switchToPrefetchSecret(msaEmail, accountSecret, traceContext);
            if (switchToPrefetchSecret.isSuccess()) {
                this.telemetry.getAccountSecretActivityStop(switchToPrefetchSecret, TrustHelperTelemetry.SWITCH_KEY, createGetAccountSecretActivity);
            } else {
                this.telemetry.getAccountSecretActivityFailedStop(switchToPrefetchSecret, TrustHelperTelemetry.SWITCH_KEY, createGetAccountSecretActivity);
            }
            CompletableFuture<AccountSecretResult> completedFuture = CompletableFuture.completedFuture(switchToPrefetchSecret);
            Intrinsics.checkNotNullExpressionValue(completedFuture, "completedFuture(result)");
            return completedFuture;
        }
        if (isSecretExpired(accountSecret)) {
            clearExpiredAccountSecret(traceContext);
            CompletableFuture<AccountSecretResult> accountSecretFromServiceAsync2 = getAccountSecretFromServiceAsync(msaEmail, environment, traceContext);
            final int i2 = 1;
            CompletableFuture<AccountSecretResult> whenComplete2 = accountSecretFromServiceAsync2.whenComplete(new BiConsumer(this) { // from class: com.microsoft.mmx.agents.ypp.authclient.trust.i

                /* renamed from: b, reason: collision with root package name */
                public final /* synthetic */ TrustHelper f6399b;

                {
                    this.f6399b = this;
                }

                @Override // java.util.function.BiConsumer
                public final void accept(Object obj, Object obj2) {
                    int i22 = i2;
                    GetAccountSecretActivity getAccountSecretActivity = createGetAccountSecretActivity;
                    TrustHelper trustHelper = this.f6399b;
                    switch (i22) {
                        case 0:
                            TrustHelper.m392getAccountSecretInternalLockedAsync$lambda1(trustHelper, getAccountSecretActivity, (AccountSecretResult) obj, (Throwable) obj2);
                            return;
                        default:
                            TrustHelper.m393getAccountSecretInternalLockedAsync$lambda2(trustHelper, getAccountSecretActivity, (AccountSecretResult) obj, (Throwable) obj2);
                            return;
                    }
                }
            });
            Intrinsics.checkNotNullExpressionValue(whenComplete2, "getAccountSecretFromServ…      }\n                }");
            return whenComplete2;
        }
        AccountSecretResult accountSecretResultFromCache = getAccountSecretResultFromCache(accountSecret, traceContext);
        if (accountSecretResultFromCache.isSuccess()) {
            this.telemetry.getAccountSecretActivityStop(accountSecretResultFromCache, "cache", createGetAccountSecretActivity);
        } else {
            this.telemetry.getAccountSecretActivityFailedStop(accountSecretResultFromCache, "cache", createGetAccountSecretActivity);
        }
        CompletableFuture<AccountSecretResult> completedFuture2 = CompletableFuture.completedFuture(accountSecretResultFromCache);
        Intrinsics.checkNotNullExpressionValue(completedFuture2, "completedFuture(result)");
        return completedFuture2;
    }

    /* renamed from: getAccountSecretInternalLockedAsync$lambda-1 */
    public static final void m392getAccountSecretInternalLockedAsync$lambda1(TrustHelper this$0, GetAccountSecretActivity getAccountSecretActivity, AccountSecretResult result, Throwable th) {
        Intrinsics.checkNotNullParameter(this$0, "this$0");
        Intrinsics.checkNotNullParameter(getAccountSecretActivity, "$getAccountSecretActivity");
        if (result.isSuccess()) {
            TrustHelperTelemetry trustHelperTelemetry = this$0.telemetry;
            Intrinsics.checkNotNullExpressionValue(result, "result");
            trustHelperTelemetry.getAccountSecretActivityStop(result, TrustHelperTelemetry.NO_CACHE, getAccountSecretActivity);
        } else {
            TrustHelperTelemetry trustHelperTelemetry2 = this$0.telemetry;
            Intrinsics.checkNotNullExpressionValue(result, "result");
            trustHelperTelemetry2.getAccountSecretActivityFailedStop(result, TrustHelperTelemetry.NO_CACHE, getAccountSecretActivity);
        }
    }

    /* renamed from: getAccountSecretInternalLockedAsync$lambda-2 */
    public static final void m393getAccountSecretInternalLockedAsync$lambda2(TrustHelper this$0, GetAccountSecretActivity getAccountSecretActivity, AccountSecretResult result, Throwable th) {
        Intrinsics.checkNotNullParameter(this$0, "this$0");
        Intrinsics.checkNotNullParameter(getAccountSecretActivity, "$getAccountSecretActivity");
        if (result.isSuccess()) {
            TrustHelperTelemetry trustHelperTelemetry = this$0.telemetry;
            Intrinsics.checkNotNullExpressionValue(result, "result");
            trustHelperTelemetry.getAccountSecretActivityStop(result, TrustHelperTelemetry.EXPIRED, getAccountSecretActivity);
        } else {
            TrustHelperTelemetry trustHelperTelemetry2 = this$0.telemetry;
            Intrinsics.checkNotNullExpressionValue(result, "result");
            trustHelperTelemetry2.getAccountSecretActivityFailedStop(result, TrustHelperTelemetry.EXPIRED, getAccountSecretActivity);
        }
    }

    private final AccountSecretResult getAccountSecretResultFromCache(AccountSecretCache accountSecretCache, TraceContext traceContext) {
        return AccountSecretResult.INSTANCE.successResult(this.keyManager.getSecretKey(accountSecretCache.getActiveMsgKeyAlias(), traceContext), this.keyManager.getSecretKey(accountSecretCache.getActiveMacKeyAlias(), traceContext), this.keyManager.getSecretKey(accountSecretCache.getActiveAdKeyAlias(), traceContext), accountSecretCache.getActiveKeyExpirationTime());
    }

    private final boolean isSecretExpired(AccountSecretCache accountSecretCache) {
        if (!accountSecretCache.getActiveKeyExpirationTime().isBeforeNow()) {
            return false;
        }
        DateTime prefetchKeyExpirationTime = accountSecretCache.getPrefetchKeyExpirationTime();
        return !(prefetchKeyExpirationTime != null && !prefetchKeyExpirationTime.isBeforeNow());
    }

    private final boolean needToPrefetch(AccountSecretCache accountSecretCache) {
        return DateTime.now().isAfter(accountSecretCache.getActiveKeyExpirationTime().minus(this.platformConfiguration.getAccountSecretPrefetchTTL())) && DateTime.now().isBefore(accountSecretCache.getActiveKeyExpirationTime()) && (accountSecretCache.getPrefetchMasterKeyAlias() == null);
    }

    private final void prefetchSecret(AccountSecretCache accountSecretCache, EnvironmentType environmentType, TraceContext traceContext) {
        PrefetchAccountSecretActivity createPrefetchAccountSecretActivity = this.telemetry.createPrefetchAccountSecretActivity();
        this.secretDistributionServiceClient.prefetchSecretAsync(environmentType, traceContext).thenApply((Function<? super AccountSecretResponse, ? extends U>) new com.microsoft.mmx.agents.camera.b(3, this, accountSecretCache, createPrefetchAccountSecretActivity, traceContext)).exceptionally((Function<Throwable, ? extends U>) new com.microsoft.appmanager.a(this, createPrefetchAccountSecretActivity, 6));
    }

    /* renamed from: prefetchSecret$lambda-4 */
    public static final Unit m394prefetchSecret$lambda4(TrustHelper this$0, AccountSecretCache accountSecretCache, PrefetchAccountSecretActivity activity, TraceContext traceContext, AccountSecretResponse accountSecretResponse) {
        Intrinsics.checkNotNullParameter(this$0, "this$0");
        Intrinsics.checkNotNullParameter(accountSecretCache, "$accountSecretCache");
        Intrinsics.checkNotNullParameter(activity, "$activity");
        Intrinsics.checkNotNullParameter(traceContext, "$traceContext");
        synchronized (this$0.lock) {
            if (accountSecretCache.getPrefetchMasterKeyAlias() != null) {
                return Unit.INSTANCE;
            }
            accountSecretCache.setPrefetchMasterKeyAlias(this$0.keyManager.importKeyBytes(Base64.decode(accountSecretResponse.getSecretEncoded(), 0), traceContext));
            accountSecretCache.setPrefetchKeyExpirationTime(accountSecretResponse.getExpirationDateTime());
            this$0.accountSecretRepository.setAccountSecret(accountSecretCache, traceContext);
            Unit unit = Unit.INSTANCE;
            this$0.telemetry.prefetchAccountSecretActivityStop(accountSecretCache, activity);
            return Unit.INSTANCE;
        }
    }

    /* renamed from: prefetchSecret$lambda-5 */
    public static final Unit m395prefetchSecret$lambda5(TrustHelper this$0, PrefetchAccountSecretActivity activity, Throwable it) {
        Intrinsics.checkNotNullParameter(this$0, "this$0");
        Intrinsics.checkNotNullParameter(activity, "$activity");
        TrustHelperTelemetry trustHelperTelemetry = this$0.telemetry;
        Intrinsics.checkNotNullExpressionValue(it, "it");
        trustHelperTelemetry.prefetchAccountSecretActivityFailedStop(activity, it);
        return Unit.INSTANCE;
    }

    private final void removeAccountSecret(AccountSecretCache accountSecretCache, TraceContext traceContext) {
        this.keyManager.removeKeyBytes(accountSecretCache.getActiveMasterKeyAlias(), traceContext);
        String prefetchMasterKeyAlias = accountSecretCache.getPrefetchMasterKeyAlias();
        if (prefetchMasterKeyAlias != null) {
            this.keyManager.removeKeyBytes(prefetchMasterKeyAlias, traceContext);
        }
        this.keyManager.removeKeyBytes(accountSecretCache.getActiveAdKeyAlias(), traceContext);
        this.keyManager.removeKeyBytes(accountSecretCache.getActiveMacKeyAlias(), traceContext);
        this.keyManager.removeKeyBytes(accountSecretCache.getActiveMsgKeyAlias(), traceContext);
        this.accountSecretRepository.remove(accountSecretCache.getAccountId(), traceContext);
    }

    private final AccountSecretResult switchToPrefetchSecret(String msaEmail, AccountSecretCache accountSecretCache, TraceContext traceContext) {
        String prefetchMasterKeyAlias = accountSecretCache.getPrefetchMasterKeyAlias();
        DateTime prefetchKeyExpirationTime = accountSecretCache.getPrefetchKeyExpirationTime();
        if (prefetchMasterKeyAlias == null || prefetchKeyExpirationTime == null) {
            return AccountSecretResult.INSTANCE.failedResult(AccountSecretResultStatus.ClientError, "PrefetchKey is null");
        }
        AccountSecretResult deriveAndPersistKeys = deriveAndPersistKeys(msaEmail, prefetchMasterKeyAlias, prefetchKeyExpirationTime, accountSecretCache.getEnvironmentType(), traceContext);
        this.keyManager.removeKeyBytes(accountSecretCache.getActiveMacKeyAlias(), traceContext);
        this.keyManager.removeKeyBytes(accountSecretCache.getActiveMsgKeyAlias(), traceContext);
        this.keyManager.removeKeyBytes(accountSecretCache.getActiveAdKeyAlias(), traceContext);
        this.keyManager.removeKeyBytes(accountSecretCache.getActiveMasterKeyAlias(), traceContext);
        return deriveAndPersistKeys;
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustHelper
    @NotNull
    public CompletableFuture<AccountSecretResult> getAccountSecretAsync(@NotNull String msaEmail, @NotNull EnvironmentType environment, @NotNull TraceContext traceContext) {
        CompletableFuture<AccountSecretResult> accountSecretInternalLockedAsync;
        Intrinsics.checkNotNullParameter(msaEmail, "msaEmail");
        Intrinsics.checkNotNullParameter(environment, "environment");
        Intrinsics.checkNotNullParameter(traceContext, "traceContext");
        synchronized (this.lock) {
            accountSecretInternalLockedAsync = getAccountSecretInternalLockedAsync(msaEmail, environment, traceContext);
        }
        return accountSecretInternalLockedAsync;
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustHelper
    @NotNull
    public CompletableFuture<ProvisionAccountResult> provisionAccountAsync(@NotNull String msaEmail, @NotNull TraceContext traceContext) {
        Intrinsics.checkNotNullParameter(msaEmail, "msaEmail");
        Intrinsics.checkNotNullParameter(traceContext, "traceContext");
        CompletableFuture<ProvisionAccountResult> completedFuture = CompletableFuture.completedFuture(new ProvisionAccountResult(ProvisionAccountResultStatus.Success, null));
        Intrinsics.checkNotNullExpressionValue(completedFuture, "completedFuture(\n       …ultStatus.Success, null))");
        return completedFuture;
    }
}
