package com.microsoft.mmx.agents.ypp.authclient.trust;

import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.VisibleForTesting;
import com.microsoft.appmanager.telemetry.ILogger;
import com.microsoft.appmanager.telemetry.TraceContext;
import com.microsoft.appmanager.utils.AsyncOperation;
import com.microsoft.mmx.agents.ypp.DcgClient;
import com.microsoft.mmx.agents.ypp.EnvironmentType;
import com.microsoft.mmx.agents.ypp.authclient.crypto.CertificateUtils;
import com.microsoft.mmx.agents.ypp.authclient.crypto.CryptoException;
import com.microsoft.mmx.agents.ypp.authclient.crypto.CryptoManager;
import com.microsoft.mmx.agents.ypp.authclient.telemetry.TrustManagerTelemetry;
import com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager;
import com.microsoft.mmx.agents.ypp.authclient.trust.TrustManager;
import com.microsoft.mmx.agents.ypp.authclient.utils.TimestampUtils;
import com.microsoft.mmx.agents.ypp.configuration.PlatformConfiguration;
import com.microsoft.mmx.agents.ypp.deviceauthenticationproxy.IDeviceAuthenticationProxyClient;
import com.microsoft.mmx.agents.ypp.deviceauthenticationproxy.RemoveCryptoTrustRelationshipResult;
import com.microsoft.mmx.agents.ypp.deviceauthenticationproxy.ValidateRemoteCryptoTrustArguments;
import com.microsoft.mmx.agents.ypp.deviceauthenticationproxy.ValidateRemoteCryptoTrustResult;
import com.microsoft.mmx.agents.ypp.utils.Resiliency;
import com.microsoft.mmx.util.StringUtils;
import io.reactivex.Single;
import io.reactivex.SingleEmitter;
import io.reactivex.SingleOnSubscribe;
import java.security.InvalidParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import org.joda.time.DateTime;

/* loaded from: classes3.dex */
public class TrustManager implements ITrustManager {
    public static final String KEY_CRYPTO_ATTRIBUTES_ACCOUNT_KEY = "account_key";
    private static final String TRIGGER_ADD_DERIVED_CRYPTO_TRUST = "add_derived_crypto_trust_relationship";
    private static final String TRIGGER_GET_CRYPTO_TRUST = "get_crypto_trust_relationship";
    private static final String TRIGGER_GET_PARTNER_CRYPTO_ID = "get_partner_crypto_id";
    private static final String TRIGGER_GET_ROOT_CRYPTO_TRUST = "get_root_crypto_trust_relationship";
    private static final String TRIGGER_IS_CRYPTO_TRUSTED = "is_crypto_client_trusted";
    private final IAccountCryptoTrustStatusRepository accountCryptoTrustStatusRepository;
    private final CryptoManager cryptoManager;
    private final CryptoTrustCertChainManager cryptoTrustCertChainManager;
    private final ICryptoTrustRelationshipRepository cryptoTrustRepo;
    private final IDeviceAuthenticationProxyClient deviceAuthenticationProxyClient;
    private String deviceId;
    private final TrustManagerLog logger;
    private final PlatformConfiguration platformConfiguration;
    private final TrustRelationshipRepositoryFactory repositoryFactory;
    private final TrustManagerTelemetry telemetry;
    private final CopyOnWriteArraySet<ITrustManager.TrustedDevicesChangedListener> listeners = new CopyOnWriteArraySet<>();
    private final Lock lock = new ReentrantLock();
    private final Lock ctOperationLock = new ReentrantLock();

    public TrustManager(@NonNull String str, @NonNull TrustRelationshipRepositoryFactory trustRelationshipRepositoryFactory, @NonNull ILogger iLogger, @NonNull TrustManagerTelemetry trustManagerTelemetry, @NonNull PlatformConfiguration platformConfiguration, @NonNull ICryptoTrustRelationshipRepository iCryptoTrustRelationshipRepository, @NonNull IAccountCryptoTrustStatusRepository iAccountCryptoTrustStatusRepository, @NonNull CryptoManager cryptoManager, @NonNull IDeviceAuthenticationProxyClient iDeviceAuthenticationProxyClient, @NonNull CryptoTrustCertChainManager cryptoTrustCertChainManager) {
        this.deviceId = str;
        this.repositoryFactory = trustRelationshipRepositoryFactory;
        this.logger = new TrustManagerLog(iLogger);
        this.telemetry = trustManagerTelemetry;
        this.platformConfiguration = platformConfiguration;
        this.cryptoTrustRepo = iCryptoTrustRelationshipRepository;
        this.cryptoManager = cryptoManager;
        this.accountCryptoTrustStatusRepository = iAccountCryptoTrustStatusRepository;
        this.deviceAuthenticationProxyClient = iDeviceAuthenticationProxyClient;
        this.cryptoTrustCertChainManager = cryptoTrustCertChainManager;
    }

    private void addCryptoTrustRelationshipLocked(@NonNull String str, @NonNull String str2, @NonNull DcgClient dcgClient, @NonNull X509Certificate x509Certificate, long j, @NonNull TraceContext traceContext) {
        validateAddCTIds(str, str2, dcgClient, null, traceContext);
        long partnerKeyExpirationTimestamp = getPartnerKeyExpirationTimestamp(x509Certificate, traceContext);
        HashMap hashMap = new HashMap();
        TrustManagerUtils.addDcgIdToAttributes(hashMap, dcgClient);
        this.cryptoTrustRepo.add(new CryptoTrustRelationship(str, str2, x509Certificate, hashMap, j, partnerKeyExpirationTimestamp, null));
    }

    private void checkAndRefreshCryptoTrustTimeToLiveLocked(@NonNull String str, @NonNull TraceContext traceContext, boolean z, @NonNull CryptoTrustRelationship cryptoTrustRelationship) {
        if (getCurrentTime() < cryptoTrustRelationship.getLastAccessed()) {
            this.telemetry.isCryptoClientTrustedClockIssueAnomaly(traceContext, getCurrentTime(), cryptoTrustRelationship.getLastAccessed());
        }
        if (z && !cryptoTrustRelationship.isEnabled()) {
            this.cryptoTrustRepo.setEnable(cryptoTrustRelationship, true, getCurrentTime(), traceContext);
            refreshRemoteCryptoTrustTimeToLiveIfNeeded(cryptoTrustRelationship, traceContext);
        } else {
            if (TimestampUtils.isSameDay(cryptoTrustRelationship.getLastAccessed(), getCurrentTime())) {
                return;
            }
            this.logger.g(str);
            this.cryptoTrustRepo.updateLastAccessed(cryptoTrustRelationship, getCurrentTime(), traceContext);
            refreshRemoteCryptoTrustTimeToLiveIfNeeded(cryptoTrustRelationship, traceContext);
        }
    }

    private void clearExpiredTrustRelationships(@NonNull TraceContext traceContext) {
        for (TrustRelationship trustRelationship : getRepository(traceContext).getAllTrustRelationships()) {
            if (isTrustRelationshipExpired(trustRelationship)) {
                DcgClient dcgClient = new DcgClient(trustRelationship.a(), EnvironmentType.valueOf(trustRelationship.b()));
                RemoveTrustRelationshipReason removeTrustRelationshipReason = RemoveTrustRelationshipReason.EXPIRE;
                removeCryptoTrustRelationshipByDcgClientInfo(dcgClient, removeTrustRelationshipReason, traceContext);
                removeTrustRelationship(dcgClient, removeTrustRelationshipReason, traceContext);
                this.logger.m(dcgClient);
            }
        }
    }

    private long getCurrentTime() {
        return DateTime.now().getMillis();
    }

    private CryptoTrustRelationship getParentCTFromAddDerivedCTRequest(@NonNull AddDerivedCTRelationshipRequest addDerivedCTRelationshipRequest, @NonNull TraceContext traceContext) {
        validateAddCTIds(addDerivedCTRelationshipRequest.getSelfClientId(), addDerivedCTRelationshipRequest.getPartnerClientId(), addDerivedCTRelationshipRequest.getPartnerDcgClientInfo(), null, traceContext);
        String parentCTPartnerClientId = addDerivedCTRelationshipRequest.getParentCTPartnerClientId();
        CryptoTrustRelationship byPartnerClientId = this.cryptoTrustRepo.getByPartnerClientId(parentCTPartnerClientId);
        if (byPartnerClientId == null) {
            throw new IllegalArgumentException("Parent CT relationship doesn't exist.");
        }
        if (!isCryptoClientTrustedInnerLocked(parentCTPartnerClientId, traceContext, TRIGGER_ADD_DERIVED_CRYPTO_TRUST, true)) {
            throw new CryptoException(new IllegalStateException("Parent CT relationship is untrusted."));
        }
        if (byPartnerClientId.getParentCTPartnerClientId() == null) {
            return byPartnerClientId;
        }
        throw new CryptoException(new UnsupportedOperationException("Parent CT relationship is not a root."));
    }

    @Nullable
    private String getPartnerClientIdByDcgClientIdInnerLocked(@NonNull DcgClient dcgClient, boolean z, @NonNull TraceContext traceContext) {
        for (CryptoTrustRelationship cryptoTrustRelationship : this.cryptoTrustRepo.getAllCryptoTrustRelationships()) {
            if (TrustManagerUtils.doesDcgInfoMatch(cryptoTrustRelationship, dcgClient) && isCryptoClientTrustedInnerLocked(cryptoTrustRelationship.getPartnerClientId(), traceContext, TRIGGER_GET_PARTNER_CRYPTO_ID, false) && (!z || cryptoTrustRelationship.isEnabled())) {
                return cryptoTrustRelationship.getPartnerClientId();
            }
        }
        return null;
    }

    private long getPartnerKeyExpirationTimestamp(@NonNull X509Certificate x509Certificate, @NonNull TraceContext traceContext) {
        long millis = new DateTime(x509Certificate.getNotAfter()).getMillis();
        if (millis <= DateTime.now().getMillis()) {
            CryptoException cryptoException = new CryptoException(new InvalidParameterException("partner crypto certificate already expired"));
            this.telemetry.logCryptoTrustPartnerCertInvalidException(cryptoException, traceContext);
            throw cryptoException;
        }
        long millis2 = DateTime.now().plus(this.platformConfiguration.getCertificateValidity()).getMillis();
        if (millis <= millis2) {
            return millis;
        }
        this.telemetry.addCryptoTrustPartnerCertInvalidExpAnomaly(traceContext, millis, DateTime.now().getMillis(), millis2);
        return millis2;
    }

    private ITrustRelationshipRepository getRepository(@NonNull TraceContext traceContext) {
        this.lock.lock();
        try {
            String str = this.deviceId;
            if (str != null) {
                return this.repositoryFactory.getForDeviceId(str);
            }
            IllegalStateException illegalStateException = new IllegalStateException("getRepository() called with null deviceId");
            this.telemetry.getRepositoryWithNullDeviceId(traceContext);
            this.logger.d(illegalStateException, traceContext);
            throw illegalStateException;
        } finally {
            this.lock.unlock();
        }
    }

    private boolean isCryptoClientTrustedInnerLocked(@NonNull String str, @NonNull TraceContext traceContext, @NonNull String str2, boolean z) {
        boolean z2;
        if (!this.platformConfiguration.isCryptoTrustHierarchyEnabled()) {
            return isSingleCryptoClientTrustedInnerLocked(str, traceContext, str2, z);
        }
        CryptoTrustRelationship byPartnerClientId = this.cryptoTrustRepo.getByPartnerClientId(str);
        boolean z3 = false;
        if (byPartnerClientId == null) {
            this.telemetry.isCryptoClientTrustedReturnsFalseAnomaly(traceContext, str2);
            return false;
        }
        boolean isSingleCryptoClientTrustedInnerLocked = isSingleCryptoClientTrustedInnerLocked(str, traceContext, str2, z);
        String parentCTPartnerClientId = byPartnerClientId.getParentCTPartnerClientId();
        if (StringUtils.isNullOrEmpty(parentCTPartnerClientId)) {
            z2 = true;
            z3 = isSingleCryptoClientTrustedInnerLocked;
        } else {
            boolean isSingleCryptoClientTrustedInnerLocked2 = isSingleCryptoClientTrustedInnerLocked(parentCTPartnerClientId, traceContext, str2, z);
            if (isSingleCryptoClientTrustedInnerLocked && isSingleCryptoClientTrustedInnerLocked2) {
                z3 = true;
            }
            z2 = isSingleCryptoClientTrustedInnerLocked2;
        }
        if (!z3) {
            this.telemetry.untrustedCTEvent(str, parentCTPartnerClientId, isSingleCryptoClientTrustedInnerLocked, z2, traceContext, str2);
        }
        return z3;
    }

    private boolean isCryptoTrustRelationshipExpired(CryptoTrustRelationship cryptoTrustRelationship) {
        return DateTime.now().withMillis(cryptoTrustRelationship.getPartnerKeyExpirationTime()).isBeforeNow() || DateTime.now().withMillis(cryptoTrustRelationship.getLastAccessed()).plus(this.platformConfiguration.getCryptoTrustExpirationTime()).isBeforeNow();
    }

    private boolean isSingleCryptoClientTrustedInnerLocked(@NonNull String str, @NonNull TraceContext traceContext, @NonNull String str2, boolean z) {
        CryptoTrustRelationship byPartnerClientId = this.cryptoTrustRepo.getByPartnerClientId(str);
        if (byPartnerClientId == null) {
            this.logger.f(str);
            this.telemetry.isCryptoClientTrustedReturnsFalseAnomaly(traceContext, str2);
            return false;
        }
        if (isCryptoTrustRelationshipExpired(byPartnerClientId)) {
            this.logger.e(str);
            removeCryptoTrustRelationshipLocked(str, RemoveTrustRelationshipReason.EXPIRE, traceContext);
            return false;
        }
        checkAndRefreshCryptoTrustTimeToLiveLocked(str, traceContext, z, byPartnerClientId);
        if (!this.platformConfiguration.isCryptoTrustHierarchyEnabled() || byPartnerClientId.getPartnerCertChainLeafThumbprint() == null) {
            return true;
        }
        return this.cryptoTrustCertChainManager.isCertChainValidSync(byPartnerClientId.getPartnerCertChainLeafThumbprint(), traceContext);
    }

    private boolean isTrustRelationshipExpired(TrustRelationship trustRelationship) {
        return DateTime.now().withMillis(trustRelationship.c()).plus(this.platformConfiguration.getTrustRelationshipExpirationTime()).isBeforeNow();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: notifyListenersOfAddedDevice, reason: merged with bridge method [inline-methods] */
    public void b(@NonNull DcgClient dcgClient) {
        Iterator<ITrustManager.TrustedDevicesChangedListener> it = this.listeners.iterator();
        while (it.hasNext()) {
            it.next().onTrustedDeviceAdded(dcgClient);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: notifyListenersOfRemovedDevice, reason: merged with bridge method [inline-methods] */
    public void h(@NonNull DcgClient dcgClient) {
        Iterator<ITrustManager.TrustedDevicesChangedListener> it = this.listeners.iterator();
        while (it.hasNext()) {
            it.next().onTrustedDeviceRemoved(dcgClient);
        }
    }

    private void refreshRemoteCryptoTrustTimeToLiveIfNeeded(CryptoTrustRelationship cryptoTrustRelationship, TraceContext traceContext) {
        if (this.platformConfiguration.isCryptoTrustHierarchyEnabled() && cryptoTrustRelationship.getAttributes().containsKey(KEY_CRYPTO_ATTRIBUTES_ACCOUNT_KEY)) {
            refreshRemoteCryptoTrustTimeToLive(cryptoTrustRelationship, traceContext);
        }
    }

    private boolean removeCTRelationshipAndDescendantsLocked(@NonNull String str, @NonNull RemoveTrustRelationshipReason removeTrustRelationshipReason, boolean z, @NonNull TraceContext traceContext) {
        RemoveTrustRelationshipReason removeTrustRelationshipReason2;
        CryptoTrustRelationship byPartnerClientId;
        CryptoTrustRelationship byPartnerClientId2 = this.cryptoTrustRepo.getByPartnerClientId(str);
        if (byPartnerClientId2 == null) {
            this.logger.q(this.deviceId, str);
            this.telemetry.trustedCryptoClientRemoveDescendantsNonexistentAnomaly(traceContext);
            return false;
        }
        String parentCTPartnerClientId = byPartnerClientId2.getParentCTPartnerClientId();
        if (!StringUtils.isNullOrEmpty(parentCTPartnerClientId) && (byPartnerClientId = this.cryptoTrustRepo.getByPartnerClientId(parentCTPartnerClientId)) != null) {
            HashSet hashSet = new HashSet(byPartnerClientId.getChildCTsPartnerClientId());
            hashSet.remove(str);
            this.cryptoTrustRepo.update(new CryptoTrustRelationship(byPartnerClientId.getSelfClientId(), byPartnerClientId.getPartnerClientId(), byPartnerClientId.getPartnerCert(), byPartnerClientId.getAttributes(), byPartnerClientId.getParentCTPartnerClientId(), hashSet, byPartnerClientId.getLastAccessed(), byPartnerClientId.getSelfTempKeyAlias(), byPartnerClientId.getPartnerTempCert(), byPartnerClientId.getPartnerTempKeyExpirationTime(), byPartnerClientId.getPartnerKeyExpirationTime(), byPartnerClientId.isEnabled(), byPartnerClientId.getPartnerCertChainLeafThumbprint()), traceContext);
            this.telemetry.cryptoChildSetUpdatedEvent(this.deviceId, str, traceContext);
        }
        Set<String> childCTsPartnerClientId = byPartnerClientId2.getChildCTsPartnerClientId();
        if (z) {
            removeTrustRelationshipReason2 = removeTrustRelationshipReason;
            tryClearV1Trust(byPartnerClientId2, removeTrustRelationshipReason2, EnvironmentType.Prod, traceContext);
            tryClearV1Trust(byPartnerClientId2, removeTrustRelationshipReason2, EnvironmentType.Beta, traceContext);
            tryClearV1Trust(byPartnerClientId2, removeTrustRelationshipReason2, EnvironmentType.Dogfood, traceContext);
        } else {
            removeTrustRelationshipReason2 = removeTrustRelationshipReason;
        }
        this.cryptoTrustRepo.removeByPartnerClientId(byPartnerClientId2.getPartnerClientId());
        this.telemetry.cryptoTrustRelationshipRemovedEvent(Collections.singletonList(str), removeTrustRelationshipReason2, traceContext);
        Iterator<String> it = childCTsPartnerClientId.iterator();
        while (it.hasNext()) {
            removeCTRelationshipAndDescendantsLocked(it.next(), removeTrustRelationshipReason2, z, traceContext);
        }
        return true;
    }

    /* JADX WARN: Code restructure failed: missing block: B:12:0x0033, code lost:
    
        r5 = removeCryptoTrustRelationshipLocked(r1.getPartnerClientId(), r6, r7);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean removeCryptoTrustRelationshipByDcgClientInfo(@androidx.annotation.NonNull com.microsoft.mmx.agents.ypp.DcgClient r5, @androidx.annotation.NonNull com.microsoft.mmx.agents.ypp.authclient.trust.RemoveTrustRelationshipReason r6, @androidx.annotation.NonNull com.microsoft.appmanager.telemetry.TraceContext r7) {
        /*
            r4 = this;
            java.util.concurrent.locks.Lock r0 = r4.ctOperationLock
            r0.lock()
            com.microsoft.mmx.agents.ypp.authclient.trust.ICryptoTrustRelationshipRepository r0 = r4.cryptoTrustRepo     // Catch: java.lang.Throwable -> L43
            java.util.List r0 = r0.getAllCryptoTrustRelationships()     // Catch: java.lang.Throwable -> L43
            java.util.Iterator r0 = r0.iterator()     // Catch: java.lang.Throwable -> L43
        Lf:
            boolean r1 = r0.hasNext()     // Catch: java.lang.Throwable -> L43
            if (r1 == 0) goto L41
            java.lang.Object r1 = r0.next()     // Catch: java.lang.Throwable -> L43
            com.microsoft.mmx.agents.ypp.authclient.trust.CryptoTrustRelationship r1 = (com.microsoft.mmx.agents.ypp.authclient.trust.CryptoTrustRelationship) r1     // Catch: java.lang.Throwable -> L43
            com.microsoft.mmx.agents.ypp.EnvironmentType r2 = r5.getEnvironmentType()     // Catch: java.lang.Throwable -> L43
            com.microsoft.mmx.agents.ypp.DcgClient r2 = com.microsoft.mmx.agents.ypp.authclient.trust.TrustManagerUtils.getDcgInfoByEnvironment(r1, r2)     // Catch: java.lang.Throwable -> L43
            if (r2 == 0) goto Lf
            java.lang.String r2 = r2.getDcgClientId()     // Catch: java.lang.Throwable -> L43
            java.lang.String r3 = r5.getDcgClientId()     // Catch: java.lang.Throwable -> L43
            boolean r2 = r2.contentEquals(r3)     // Catch: java.lang.Throwable -> L43
            if (r2 == 0) goto Lf
            java.lang.String r5 = r1.getPartnerClientId()     // Catch: java.lang.Throwable -> L43
            boolean r5 = r4.removeCryptoTrustRelationshipLocked(r5, r6, r7)     // Catch: java.lang.Throwable -> L43
        L3b:
            java.util.concurrent.locks.Lock r6 = r4.ctOperationLock
            r6.unlock()
            return r5
        L41:
            r5 = 0
            goto L3b
        L43:
            r5 = move-exception
            java.util.concurrent.locks.Lock r6 = r4.ctOperationLock
            r6.unlock()
            throw r5
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.mmx.agents.ypp.authclient.trust.TrustManager.removeCryptoTrustRelationshipByDcgClientInfo(com.microsoft.mmx.agents.ypp.DcgClient, com.microsoft.mmx.agents.ypp.authclient.trust.RemoveTrustRelationshipReason, com.microsoft.appmanager.telemetry.TraceContext):boolean");
    }

    private boolean removeCryptoTrustRelationshipLocked(@NonNull String str, @NonNull RemoveTrustRelationshipReason removeTrustRelationshipReason, @NonNull TraceContext traceContext) {
        if (this.platformConfiguration.isCryptoTrustHierarchyEnabled()) {
            return removeCTRelationshipAndDescendantsLocked(str, removeTrustRelationshipReason, false, traceContext);
        }
        CryptoTrustRelationship byPartnerClientId = this.cryptoTrustRepo.getByPartnerClientId(str);
        if (byPartnerClientId == null) {
            this.logger.q(this.deviceId, str);
            this.telemetry.trustedCryptoClientRemoveNonexistentAnomaly(traceContext);
            return false;
        }
        this.cryptoManager.removeKeyPair(byPartnerClientId.getSelfClientId(), traceContext);
        this.cryptoTrustRepo.removeByPartnerClientId(str);
        this.logger.r(str);
        this.telemetry.cryptoTrustRelationshipRemovedEvent(Collections.singletonList(str), removeTrustRelationshipReason, traceContext);
        return true;
    }

    private boolean removeTrustRelationship(@NonNull final DcgClient dcgClient, @NonNull RemoveTrustRelationshipReason removeTrustRelationshipReason, @NonNull TraceContext traceContext) {
        if (!getRepository(traceContext).remove(dcgClient)) {
            this.logger.t(dcgClient);
            this.telemetry.trustedDeviceRemoveNonexistentAnomaly(traceContext);
            return false;
        }
        this.logger.u(dcgClient);
        if (removeTrustRelationshipReason.equals(RemoveTrustRelationshipReason.EXPIRE)) {
            this.telemetry.trustedDeviceRemovedDueToExpirationEvent(dcgClient, traceContext);
        } else {
            this.telemetry.trustedDeviceRemovedEvent(dcgClient, traceContext);
        }
        AsyncOperation.runAsync(new Runnable() { // from class: b.e.c.a.n3.c.d.c0
            @Override // java.lang.Runnable
            public final void run() {
                TrustManager.this.h(dcgClient);
            }
        });
        return true;
    }

    private void tryClearV1Trust(@NonNull CryptoTrustRelationship cryptoTrustRelationship, @NonNull RemoveTrustRelationshipReason removeTrustRelationshipReason, @NonNull EnvironmentType environmentType, @NonNull TraceContext traceContext) {
        DcgClient dcgInfoByEnvironment = TrustManagerUtils.getDcgInfoByEnvironment(cryptoTrustRelationship, environmentType);
        if (dcgInfoByEnvironment != null) {
            removeTrustRelationship(dcgInfoByEnvironment, removeTrustRelationshipReason, traceContext);
        }
    }

    private void validateAddCTIds(@NonNull String str, @NonNull String str2, @NonNull DcgClient dcgClient, String str3, @NonNull TraceContext traceContext) {
        for (CryptoTrustRelationship cryptoTrustRelationship : this.cryptoTrustRepo.getAllCryptoTrustRelationships()) {
            if (cryptoTrustRelationship.getSelfClientId().equals(str)) {
                IllegalArgumentException illegalArgumentException = new IllegalArgumentException("self id already used in a different crypto trust relationship");
                this.telemetry.trustedCryptoClientIdConflictAnomaly(traceContext);
                throw illegalArgumentException;
            }
            if (cryptoTrustRelationship.getPartnerClientId().equals(str2)) {
                IllegalArgumentException illegalArgumentException2 = new IllegalArgumentException("crypto trust relationship for partner id already exists");
                this.telemetry.trustedCryptoClientIdConflictAnomaly(traceContext);
                throw illegalArgumentException2;
            }
            if (TrustManagerUtils.doesDcgInfoMatch(cryptoTrustRelationship, dcgClient)) {
                IllegalArgumentException illegalArgumentException3 = new IllegalArgumentException("crypto trust relationship for partner dcg client id already exists");
                this.telemetry.trustedCryptoClientIdConflictAnomaly(traceContext);
                throw illegalArgumentException3;
            }
            if (str3 != null && str3.equals(cryptoTrustRelationship.getAttributes().get(KEY_CRYPTO_ATTRIBUTES_ACCOUNT_KEY))) {
                IllegalArgumentException illegalArgumentException4 = new IllegalArgumentException("crypto trust relationship for account key already exists");
                this.telemetry.trustedCryptoAccountKeyConflictAnomaly(traceContext);
                throw illegalArgumentException4;
            }
        }
    }

    @VisibleForTesting
    public void a(@NonNull final DcgClient dcgClient, long j, @NonNull TraceContext traceContext) {
        getRepository(traceContext).add(new TrustRelationship(dcgClient.getDcgClientId(), j, dcgClient.getEnvironmentType()));
        AsyncOperation.runAsync(new Runnable() { // from class: b.e.c.a.n3.c.d.z
            @Override // java.lang.Runnable
            public final void run() {
                TrustManager.this.b(dcgClient);
            }
        });
        this.logger.s(dcgClient);
        this.telemetry.trustedDeviceAddedEvent(dcgClient, traceContext);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public void addCryptoAndDcgTrustRelationship(@NonNull String str, @NonNull String str2, @NonNull DcgClient dcgClient, @NonNull X509Certificate x509Certificate, @NonNull TraceContext traceContext) {
        long currentTime = getCurrentTime();
        this.ctOperationLock.lock();
        try {
            addCryptoTrustRelationshipLocked(str, str2, dcgClient, x509Certificate, currentTime, traceContext);
            this.ctOperationLock.unlock();
            a(dcgClient, getCurrentTime(), traceContext);
            this.logger.p(str2);
            this.telemetry.trustedCryptoClientAddedEvent(this.deviceId, str2, traceContext);
        } catch (Throwable th) {
            this.ctOperationLock.unlock();
            throw th;
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public void addDerivedCTRelationship(@NonNull AddDerivedCTRelationshipRequest addDerivedCTRelationshipRequest, @NonNull TraceContext traceContext) {
        if (!this.platformConfiguration.isCryptoTrustHierarchyEnabled()) {
            throw new IllegalStateException("CryptoTrustHierarchy is disabled.");
        }
        String selfClientId = addDerivedCTRelationshipRequest.getSelfClientId();
        String partnerClientId = addDerivedCTRelationshipRequest.getPartnerClientId();
        DcgClient partnerDcgClientInfo = addDerivedCTRelationshipRequest.getPartnerDcgClientInfo();
        String parentCTPartnerClientId = addDerivedCTRelationshipRequest.getParentCTPartnerClientId();
        X509Certificate partnerCert = addDerivedCTRelationshipRequest.getPartnerCert();
        this.ctOperationLock.lock();
        try {
            CryptoTrustRelationship parentCTFromAddDerivedCTRequest = getParentCTFromAddDerivedCTRequest(addDerivedCTRelationshipRequest, traceContext);
            long partnerKeyExpirationTimestamp = getPartnerKeyExpirationTimestamp(partnerCert, traceContext);
            HashMap hashMap = new HashMap();
            TrustManagerUtils.addDcgIdToAttributes(hashMap, partnerDcgClientInfo);
            CryptoTrustRelationship cryptoTrustRelationship = new CryptoTrustRelationship(selfClientId, partnerClientId, partnerCert, hashMap, parentCTPartnerClientId, new HashSet(), getCurrentTime(), null, null, 0L, partnerKeyExpirationTimestamp, true, null);
            Set<String> childCTsPartnerClientId = parentCTFromAddDerivedCTRequest.getChildCTsPartnerClientId();
            if (childCTsPartnerClientId == null) {
                childCTsPartnerClientId = new HashSet<>();
            }
            childCTsPartnerClientId.add(cryptoTrustRelationship.getPartnerClientId());
            CryptoTrustRelationship cryptoTrustRelationship2 = new CryptoTrustRelationship(parentCTFromAddDerivedCTRequest.getSelfClientId(), parentCTFromAddDerivedCTRequest.getPartnerClientId(), parentCTFromAddDerivedCTRequest.getPartnerCert(), parentCTFromAddDerivedCTRequest.getAttributes(), parentCTFromAddDerivedCTRequest.getParentCTPartnerClientId(), childCTsPartnerClientId, getCurrentTime(), parentCTFromAddDerivedCTRequest.getSelfTempKeyAlias(), parentCTFromAddDerivedCTRequest.getPartnerTempCert(), parentCTFromAddDerivedCTRequest.getPartnerTempKeyExpirationTime(), parentCTFromAddDerivedCTRequest.getPartnerKeyExpirationTime(), true, parentCTFromAddDerivedCTRequest.getPartnerCertChainLeafThumbprint());
            this.cryptoTrustRepo.add(cryptoTrustRelationship);
            this.cryptoTrustRepo.update(cryptoTrustRelationship2, traceContext);
            this.ctOperationLock.unlock();
            a(partnerDcgClientInfo, getCurrentTime(), traceContext);
            this.logger.c(partnerClientId);
            this.telemetry.derivedCryptoClientAddedEvent(this.deviceId, partnerClientId, traceContext);
        } catch (Throwable th) {
            this.ctOperationLock.unlock();
            throw th;
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public void addRootCTRelationship(@NonNull AddRootCTRelationshipRequest addRootCTRelationshipRequest, @NonNull TraceContext traceContext) {
        if (!this.platformConfiguration.isCryptoTrustHierarchyEnabled()) {
            throw new IllegalStateException("CryptoTrustHierarchy is disabled.");
        }
        if (addRootCTRelationshipRequest.getCertChain().isEmpty()) {
            throw new IllegalArgumentException("Server cert chain can't be empty.");
        }
        X509Certificate x509Certificate = addRootCTRelationshipRequest.getCertChain().get(0);
        String selfClientId = addRootCTRelationshipRequest.getSelfClientId();
        String partnerClientId = addRootCTRelationshipRequest.getPartnerClientId();
        DcgClient partnerDcgClientInfo = addRootCTRelationshipRequest.getPartnerDcgClientInfo();
        String accountKey = addRootCTRelationshipRequest.getAccountKey();
        X509Certificate partnerCert = addRootCTRelationshipRequest.getPartnerCert();
        this.ctOperationLock.lock();
        try {
            try {
                validateAddCTIds(selfClientId, partnerClientId, partnerDcgClientInfo, accountKey, traceContext);
                long partnerKeyExpirationTimestamp = getPartnerKeyExpirationTimestamp(partnerCert, traceContext);
                HashMap hashMap = new HashMap();
                hashMap.put(KEY_CRYPTO_ATTRIBUTES_ACCOUNT_KEY, accountKey);
                TrustManagerUtils.addDcgIdToAttributes(hashMap, partnerDcgClientInfo);
                this.cryptoTrustCertChainManager.putCertChain(addRootCTRelationshipRequest.getCertChain(), traceContext);
                this.cryptoTrustRepo.add(new CryptoTrustRelationship(selfClientId, partnerClientId, partnerCert, hashMap, getCurrentTime(), partnerKeyExpirationTimestamp, CertificateUtils.getSha1Thumbprint(x509Certificate)));
                this.ctOperationLock.unlock();
                a(partnerDcgClientInfo, getCurrentTime(), traceContext);
                this.logger.n(partnerClientId);
                this.telemetry.rootCryptoClientAddedEvent(this.deviceId, partnerClientId, traceContext);
            } catch (Throwable th) {
                this.ctOperationLock.unlock();
                throw th;
            }
        } catch (NoSuchAlgorithmException | CertificateEncodingException e2) {
            throw new CryptoException(e2);
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public void addTrustRelationship(@NonNull DcgClient dcgClient, @NonNull TraceContext traceContext) {
        a(dcgClient, getCurrentTime(), traceContext);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public boolean addTrustedDevicesChangedListener(@NonNull ITrustManager.TrustedDevicesChangedListener trustedDevicesChangedListener) {
        this.logger.k();
        return this.listeners.add(trustedDevicesChangedListener);
    }

    public /* synthetic */ void c(List list) {
        Iterator it = list.iterator();
        while (it.hasNext()) {
            TrustRelationship trustRelationship = (TrustRelationship) it.next();
            h(new DcgClient(trustRelationship.a(), EnvironmentType.valueOf(trustRelationship.b())));
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public void clear(@NonNull TraceContext traceContext) {
        this.logger.a();
        this.telemetry.trustedDevicesClearedEvent(traceContext);
        final List<TrustRelationship> allTrustRelationships = getRepository(traceContext).getAllTrustRelationships();
        getRepository(traceContext).clear();
        LinkedList linkedList = new LinkedList();
        for (CryptoTrustRelationship cryptoTrustRelationship : this.cryptoTrustRepo.getAllCryptoTrustRelationships()) {
            this.cryptoManager.removeKeyPair(cryptoTrustRelationship.getSelfClientId(), traceContext);
            linkedList.add(cryptoTrustRelationship.getPartnerClientId());
        }
        this.telemetry.cryptoTrustRelationshipRemovedEvent(linkedList, RemoveTrustRelationshipReason.CLEAR, traceContext);
        this.cryptoTrustRepo.clear();
        this.accountCryptoTrustStatusRepository.clear();
        AsyncOperation.runAsync(new Runnable() { // from class: b.e.c.a.n3.c.d.b0
            @Override // java.lang.Runnable
            public final void run() {
                TrustManager.this.c(allTrustRelationships);
            }
        });
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public void clearAccountCryptoTrustStatus() {
        this.logger.b();
        this.accountCryptoTrustStatusRepository.clear();
    }

    public /* synthetic */ Boolean d(String str, TraceContext traceContext) {
        return Boolean.valueOf(isCryptoClientTrustedInnerLocked(str, traceContext, TRIGGER_IS_CRYPTO_TRUSTED, true));
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public void deviceIdDeprovisioned(@NonNull String str, @NonNull TraceContext traceContext) {
        this.lock.lock();
        try {
            String str2 = this.deviceId;
            if (str2 != null) {
                if (!str2.equals(str)) {
                    IllegalArgumentException illegalArgumentException = new IllegalArgumentException("deviceIdDeprovisioned called with newDeviceId != deviceId");
                    this.telemetry.deviceIdDeprovisionedAnomaly(traceContext);
                    throw illegalArgumentException;
                }
                clear(traceContext);
            }
            this.deviceId = null;
        } finally {
            this.lock.unlock();
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public void deviceIdProvisioned(@NonNull String str, @NonNull TraceContext traceContext) {
        this.lock.lock();
        try {
            String str2 = this.deviceId;
            if (str2 != null) {
                if (str2.equals(str)) {
                    IllegalArgumentException illegalArgumentException = new IllegalArgumentException("deviceIdProvisioned called with newDeviceId == deviceId");
                    this.telemetry.deviceIdProvisionedAnomaly(traceContext);
                    throw illegalArgumentException;
                }
                clear(traceContext);
            }
            this.deviceId = str;
        } finally {
            this.lock.unlock();
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public void disableCryptoTrustRelationship(@NonNull DcgClient dcgClient, @NonNull TraceContext traceContext) {
        this.ctOperationLock.lock();
        try {
            for (CryptoTrustRelationship cryptoTrustRelationship : this.cryptoTrustRepo.getAllCryptoTrustRelationships()) {
                if (cryptoTrustRelationship.isEnabled() && TrustManagerUtils.doesDcgInfoMatch(cryptoTrustRelationship, dcgClient)) {
                    this.cryptoTrustRepo.setEnable(cryptoTrustRelationship, false, getCurrentTime(), traceContext);
                    return;
                }
            }
        } finally {
            this.ctOperationLock.unlock();
        }
    }

    public /* synthetic */ void e(TraceContext traceContext, ValidateRemoteCryptoTrustResult validateRemoteCryptoTrustResult, Throwable th) {
        if (th != null) {
            this.telemetry.refreshRemoteCryptoTrustError(th, traceContext);
        }
    }

    public /* synthetic */ void f(TraceContext traceContext, SingleEmitter singleEmitter, RemoveCryptoTrustRelationshipResult removeCryptoTrustRelationshipResult, Throwable th) {
        RemoveCTResult mapToRemoveCryptoTrustResult = TrustManagerUtils.mapToRemoveCryptoTrustResult(removeCryptoTrustRelationshipResult, th);
        if (!mapToRemoveCryptoTrustResult.isSuccess()) {
            this.telemetry.removeRemoteCryptoTrustError(mapToRemoveCryptoTrustResult, traceContext);
        }
        singleEmitter.onSuccess(mapToRemoveCryptoTrustResult);
    }

    public /* synthetic */ void g(final TraceContext traceContext, final SingleEmitter singleEmitter) {
        this.deviceAuthenticationProxyClient.removeRemoteCryptoTrustAsync(Resiliency.getRemoteCryptoTrustRetryStrategy(), traceContext).whenComplete(new AsyncOperation.ResultBiConsumer() { // from class: b.e.c.a.n3.c.d.a0
            @Override // com.microsoft.appmanager.utils.AsyncOperation.ResultBiConsumer
            public final void accept(Object obj, Object obj2) {
                TrustManager.this.f(traceContext, singleEmitter, (RemoveCryptoTrustRelationshipResult) obj, (Throwable) obj2);
            }
        });
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public List<CryptoTrustRelationship> getAllRootCryptoTrustRelationships(@NonNull TraceContext traceContext) {
        this.ctOperationLock.lock();
        try {
            LinkedList linkedList = new LinkedList();
            for (CryptoTrustRelationship cryptoTrustRelationship : this.cryptoTrustRepo.getAllCryptoTrustRelationships()) {
                if (cryptoTrustRelationship.getParentCTPartnerClientId() == null && isCryptoClientTrustedInnerLocked(cryptoTrustRelationship.getPartnerClientId(), traceContext, TRIGGER_GET_ROOT_CRYPTO_TRUST, false)) {
                    linkedList.add(cryptoTrustRelationship);
                }
            }
            return linkedList;
        } finally {
            this.ctOperationLock.unlock();
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    @Nullable
    public CryptoTrustRelationship getCryptoTrustRelationship(@NonNull String str, @NonNull TraceContext traceContext) {
        this.ctOperationLock.lock();
        try {
            return isCryptoClientTrustedInnerLocked(str, traceContext, TRIGGER_GET_CRYPTO_TRUST, false) ? this.cryptoTrustRepo.getByPartnerClientId(str) : null;
        } finally {
            this.ctOperationLock.unlock();
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    @Nullable
    public String getPartnerClientIdByDcgClientInfo(@NonNull DcgClient dcgClient, @NonNull TraceContext traceContext) {
        this.ctOperationLock.lock();
        try {
            return getPartnerClientIdByDcgClientIdInnerLocked(dcgClient, true, traceContext);
        } finally {
            this.ctOperationLock.unlock();
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    @Nullable
    public String getPartnerClientIdByDcgClientInfoIgnoreIsEnabled(@NonNull DcgClient dcgClient, @NonNull TraceContext traceContext) {
        this.ctOperationLock.lock();
        try {
            return getPartnerClientIdByDcgClientIdInnerLocked(dcgClient, false, traceContext);
        } finally {
            this.ctOperationLock.unlock();
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    @NonNull
    @Deprecated
    public List<DcgClient> getTrustedDcgClients(@NonNull TraceContext traceContext) {
        EnumSet enumSet;
        EnumSet enumSet2;
        clearExpiredTrustRelationships(traceContext);
        HashMap hashMap = new HashMap();
        for (TrustRelationship trustRelationship : getRepository(traceContext).getAllTrustRelationships()) {
            if (hashMap.containsKey(trustRelationship.a())) {
                enumSet2 = (EnumSet) hashMap.get(trustRelationship.a());
            } else {
                enumSet2 = EnumSet.noneOf(EnvironmentType.class);
                hashMap.put(trustRelationship.a(), enumSet2);
            }
            enumSet2.add(EnvironmentType.valueOf(trustRelationship.b()));
        }
        EnumSet of = EnumSet.of(EnvironmentType.Prod, EnvironmentType.Beta, EnvironmentType.Dogfood);
        this.ctOperationLock.lock();
        try {
            for (CryptoTrustRelationship cryptoTrustRelationship : this.cryptoTrustRepo.getAllCryptoTrustRelationships()) {
                boolean isCryptoClientTrustedInnerLocked = isCryptoClientTrustedInnerLocked(cryptoTrustRelationship.getPartnerClientId(), traceContext, TRIGGER_GET_CRYPTO_TRUST, false);
                if (cryptoTrustRelationship.isEnabled() && isCryptoClientTrustedInnerLocked) {
                    Iterator it = of.iterator();
                    while (it.hasNext()) {
                        EnvironmentType environmentType = (EnvironmentType) it.next();
                        DcgClient dcgInfoByEnvironment = TrustManagerUtils.getDcgInfoByEnvironment(cryptoTrustRelationship, environmentType);
                        if (hashMap.containsKey(dcgInfoByEnvironment.getDcgClientId())) {
                            enumSet = (EnumSet) hashMap.get(dcgInfoByEnvironment.getDcgClientId());
                        } else {
                            enumSet = EnumSet.noneOf(EnvironmentType.class);
                            hashMap.put(dcgInfoByEnvironment.getDcgClientId(), enumSet);
                        }
                        enumSet.add(environmentType);
                    }
                }
            }
            this.ctOperationLock.unlock();
            ArrayList arrayList = new ArrayList();
            for (String str : hashMap.keySet()) {
                Iterator it2 = ((EnumSet) hashMap.get(str)).iterator();
                while (it2.hasNext()) {
                    arrayList.add(new DcgClient(str, (EnvironmentType) it2.next()));
                }
            }
            return arrayList;
        } catch (Throwable th) {
            this.ctOperationLock.unlock();
            throw th;
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public boolean hasAccountCryptoTrust() {
        return this.accountCryptoTrustStatusRepository.hasAccountCryptoTrust();
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public AsyncOperation<Boolean> isCryptoClientTrustedAsync(@NonNull final String str, @NonNull final TraceContext traceContext) {
        this.ctOperationLock.lock();
        try {
            return AsyncOperation.supplyAsync(new AsyncOperation.Supplier() { // from class: b.e.c.a.n3.c.d.d0
                @Override // com.microsoft.appmanager.utils.AsyncOperation.Supplier
                public final Object get() {
                    return TrustManager.this.d(str, traceContext);
                }
            });
        } finally {
            this.ctOperationLock.unlock();
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public boolean isDeviceTrusted(@NonNull DcgClient dcgClient, @NonNull TraceContext traceContext) {
        ITrustRelationshipRepository repository = getRepository(traceContext);
        TrustRelationship byInfo = repository.getByInfo(dcgClient);
        if (byInfo == null) {
            this.logger.i(dcgClient);
            this.telemetry.isDeviceTrustedReturnsFalseAnomaly(traceContext);
            return false;
        }
        if (isTrustRelationshipExpired(byInfo)) {
            this.logger.h(dcgClient);
            RemoveTrustRelationshipReason removeTrustRelationshipReason = RemoveTrustRelationshipReason.EXPIRE;
            removeCryptoTrustRelationshipByDcgClientInfo(dcgClient, removeTrustRelationshipReason, traceContext);
            removeTrustRelationship(dcgClient, removeTrustRelationshipReason, traceContext);
            return false;
        }
        if (TimestampUtils.isSameDay(byInfo.c(), getCurrentTime())) {
            return true;
        }
        this.logger.j(dcgClient);
        repository.add(new TrustRelationship(byInfo.a(), getCurrentTime(), byInfo.b()));
        return true;
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public void migrateToEnvironmentSensitiveStorage(@NonNull EnvironmentType environmentType, @NonNull TraceContext traceContext) {
        getRepository(traceContext).tagNullEnvironmentRelationshipsWithDefault(environmentType);
        for (CryptoTrustRelationship cryptoTrustRelationship : this.cryptoTrustRepo.getAllCryptoTrustRelationships()) {
            Map<String, String> attributes = cryptoTrustRelationship.getAttributes();
            if (attributes.containsKey(TrustManagerUtils.KEY_CRYPTO_ATTRIBUTES_PARTNER_DCG_CLIENT_ID_PREFIX)) {
                TrustManagerUtils.addDcgIdToAttributes(attributes, new DcgClient(attributes.get(TrustManagerUtils.KEY_CRYPTO_ATTRIBUTES_PARTNER_DCG_CLIENT_ID_PREFIX), environmentType));
                attributes.remove(TrustManagerUtils.KEY_CRYPTO_ATTRIBUTES_PARTNER_DCG_CLIENT_ID_PREFIX);
                this.cryptoTrustRepo.update(cryptoTrustRelationship, traceContext);
            }
        }
    }

    @VisibleForTesting
    public AsyncOperation<ValidateRemoteCryptoTrustResult> refreshRemoteCryptoTrustTimeToLive(CryptoTrustRelationship cryptoTrustRelationship, final TraceContext traceContext) {
        try {
            return this.deviceAuthenticationProxyClient.validateRemoteCryptoTrustAsync(new ValidateRemoteCryptoTrustArguments(this.deviceId, CertificateUtils.getSha1Thumbprint(cryptoTrustRelationship.getPartnerCert()), this.cryptoManager.getCertThumbprintForSelfClientId(cryptoTrustRelationship.getSelfClientId(), traceContext).blockingGet(), cryptoTrustRelationship.getPartnerClientId(), cryptoTrustRelationship.getSelfClientId(), Integer.valueOf(this.platformConfiguration.getRemoteCryptoTrustExpirationTime().toStandardSeconds().getSeconds())), Resiliency.getRemoteCryptoTrustRetryStrategy(), traceContext).whenComplete(new AsyncOperation.ResultBiConsumer() { // from class: b.e.c.a.n3.c.d.f0
                @Override // com.microsoft.appmanager.utils.AsyncOperation.ResultBiConsumer
                public final void accept(Object obj, Object obj2) {
                    TrustManager.this.e(traceContext, (ValidateRemoteCryptoTrustResult) obj, (Throwable) obj2);
                }
            });
        } catch (NoSuchAlgorithmException | CertificateEncodingException e2) {
            this.telemetry.refreshRemoteCryptoTrustError(e2, traceContext);
            return null;
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public boolean removeCryptoAndDcgTrustRelationship(@NonNull DcgClient dcgClient, @NonNull TraceContext traceContext) {
        if (!this.platformConfiguration.isCryptoTrustHierarchyEnabled()) {
            RemoveTrustRelationshipReason removeTrustRelationshipReason = RemoveTrustRelationshipReason.OTHER;
            removeCryptoTrustRelationshipByDcgClientInfo(dcgClient, removeTrustRelationshipReason, traceContext);
            return removeTrustRelationship(dcgClient, removeTrustRelationshipReason, traceContext);
        }
        this.ctOperationLock.lock();
        try {
            String partnerClientIdByDcgClientIdInnerLocked = getPartnerClientIdByDcgClientIdInnerLocked(dcgClient, false, traceContext);
            return !StringUtils.isNullOrEmpty(partnerClientIdByDcgClientIdInnerLocked) ? removeCTRelationshipAndDescendantsLocked(partnerClientIdByDcgClientIdInnerLocked, RemoveTrustRelationshipReason.OTHER, true, traceContext) : removeTrustRelationship(dcgClient, RemoveTrustRelationshipReason.OTHER, traceContext);
        } finally {
            this.ctOperationLock.unlock();
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public boolean removeCryptoTrustRelationship(@NonNull String str, @NonNull TraceContext traceContext) {
        this.ctOperationLock.lock();
        try {
            return removeCryptoTrustRelationshipLocked(str, RemoveTrustRelationshipReason.OTHER, traceContext);
        } finally {
            this.ctOperationLock.unlock();
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public Single<RemoveCTResult> removeCryptoTrustRelationshipByAccountKey(@NonNull String str, @NonNull final TraceContext traceContext) {
        if (!this.platformConfiguration.isCryptoTrustHierarchyEnabled()) {
            throw new IllegalStateException("CryptoTrustHierarchy is disabled.");
        }
        this.ctOperationLock.lock();
        try {
            for (CryptoTrustRelationship cryptoTrustRelationship : this.cryptoTrustRepo.getAllCryptoTrustRelationships()) {
                String str2 = cryptoTrustRelationship.getAttributes().get(KEY_CRYPTO_ATTRIBUTES_ACCOUNT_KEY);
                if (str2 != null && str2.contentEquals(str)) {
                    removeCryptoTrustRelationshipLocked(cryptoTrustRelationship.getPartnerClientId(), RemoveTrustRelationshipReason.OTHER, traceContext);
                    this.telemetry.removeCTByAccountKey(cryptoTrustRelationship.getPartnerClientId(), str2, traceContext);
                }
            }
            this.ctOperationLock.unlock();
            return Single.create(new SingleOnSubscribe() { // from class: b.e.c.a.n3.c.d.e0
                @Override // io.reactivex.SingleOnSubscribe
                public final void subscribe(SingleEmitter singleEmitter) {
                    TrustManager.this.g(traceContext, singleEmitter);
                }
            });
        } catch (Throwable th) {
            this.ctOperationLock.unlock();
            throw th;
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public boolean removeTrustedDevicesChangedListener(@NonNull ITrustManager.TrustedDevicesChangedListener trustedDevicesChangedListener) {
        this.logger.l();
        return this.listeners.remove(trustedDevicesChangedListener);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public void rotatePartnerCryptoKey(@NonNull String str, @NonNull X509Certificate x509Certificate, @NonNull TraceContext traceContext) {
        TrustManager trustManager = this;
        trustManager.ctOperationLock.lock();
        try {
            CryptoTrustRelationship byPartnerClientId = trustManager.cryptoTrustRepo.getByPartnerClientId(str);
            if (byPartnerClientId == null) {
                CryptoException cryptoException = new CryptoException(new IllegalStateException("Rotate partner crypto key for non-existed trust relationship"));
                trustManager.telemetry.trustedCryptoRotatePartnerKeyNonExistedAnomaly(traceContext);
                throw cryptoException;
            }
            long partnerKeyExpirationTimestamp = trustManager.getPartnerKeyExpirationTimestamp(x509Certificate, traceContext);
            try {
                trustManager.cryptoTrustRepo.update(new CryptoTrustRelationship(byPartnerClientId.getSelfClientId(), byPartnerClientId.getPartnerClientId(), x509Certificate, byPartnerClientId.getAttributes(), byPartnerClientId.getParentCTPartnerClientId(), byPartnerClientId.getChildCTsPartnerClientId(), DateTime.now().getMillis(), byPartnerClientId.getSelfTempKeyAlias(), byPartnerClientId.getPartnerCert(), DateTime.now().plus(trustManager.platformConfiguration.getCryptoTrustPartnerTempCertExpirationTime()).getMillis(), partnerKeyExpirationTimestamp, true, byPartnerClientId.getPartnerCertChainLeafThumbprint()), traceContext);
                this.ctOperationLock.unlock();
            } catch (Throwable th) {
                th = th;
                trustManager = this;
                trustManager.ctOperationLock.unlock();
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager
    public void setAccountCryptoTrustStatus(boolean z) {
        this.logger.o(z);
        this.accountCryptoTrustStatusRepository.set(z);
    }
}
