package com.helloastro.android.security;

import android.annotation.TargetApi;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import com.facebook.stetho.common.Utf8Charset;
import com.helloastro.android.common.HuskyMailLogger;
import com.helloastro.android.common.HuskyMailSharedPreferences;
import com.helloastro.android.common.HuskyMailTracker;
import com.helloastro.android.db.DBAccountProvider;
import com.helloastro.android.db.dao.DBAccount;
import java.security.Key;
import java.security.KeyStore;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: classes2.dex */
public class SecureDeviceTokenManager {
    private static final String AES_MODE = "AES/GCM/NoPadding";
    private static final int ALGORITHM_SIZE = 256;
    private static final String ALIAS_KEY = "keyAstroSecure";
    private static final int IV_SIZE = 128;
    private static final String KEY_STORE_NAME = "AndroidKeyStore";
    private static HuskyMailLogger sLogger = new HuskyMailLogger("SecureDeviceToken", SecureDeviceTokenManager.class.getName());
    private static String mCacheDeviceToken = null;

    @TargetApi(23)
    private static SecretKey createSecretKey() {
        sLogger.logInfo("createSecretKey()");
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", KEY_STORE_NAME);
            keyGenerator.init(new KeyGenParameterSpec.Builder(ALIAS_KEY, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).setUserAuthenticationRequired(false).build());
            SecretKey generateKey = keyGenerator.generateKey();
            if (generateKey == null) {
                sLogger.logError("createSecretKey() - could not create key");
                HuskyMailTracker.getInstance().sendException(new IllegalStateException("tryGetSecretKey() - no key generated"));
            } else {
                sLogger.logInfo("createSecretKey() - created key");
                KeyStore keyStore = KeyStore.getInstance(KEY_STORE_NAME);
                keyStore.load(null);
                keyStore.setKeyEntry(ALIAS_KEY, generateKey, null, null);
            }
            return generateKey;
        } catch (Exception e2) {
            sLogger.logError("createSecretKey - exception thrown: " + e2, e2);
            return null;
        }
    }

    private static byte[] getByteArrayFromString(String str) {
        try {
            return Base64.decode(str, 2);
        } catch (Exception e2) {
            sLogger.logError("Exception thrown getting bytes from SharedPreferences");
            return null;
        }
    }

    private static byte[] getCipherIvFromSharedPreferences() {
        String secureCipherIv = HuskyMailSharedPreferences.getSecureCipherIv();
        if (!TextUtils.isEmpty(secureCipherIv)) {
            return getByteArrayFromString(secureCipherIv);
        }
        sLogger.logWarn("getCipherIvFromSharedPreferences - no stored bytes");
        return null;
    }

    public static synchronized String getDeviceToken() {
        String str = null;
        synchronized (SecureDeviceTokenManager.class) {
            if (TextUtils.isEmpty(mCacheDeviceToken)) {
                sLogger.logInfo("getDeviceToken - getting device token (not cached) - should happen once.");
                List<DBAccount> allAccounts = DBAccountProvider.readingProviderNoWarning().getAllAccounts();
                if (allAccounts == null || allAccounts.isEmpty()) {
                    sLogger.logWarn("getDeviceToken - no accounts, getOldDeviceToken()");
                    str = getOldDeviceToken();
                } else if (isMarshmallow()) {
                    byte[] tokenFromSharedPreferences = getTokenFromSharedPreferences();
                    byte[] cipherIvFromSharedPreferences = getCipherIvFromSharedPreferences();
                    if (tokenFromSharedPreferences == null || cipherIvFromSharedPreferences == null) {
                        sLogger.logInfo("getDeviceToken - trying to migrating device token");
                        if (!tryMigrateDeviceToken()) {
                            sLogger.logError("getDeviceToken - device token migration failed");
                        }
                        str = mCacheDeviceToken;
                    } else {
                        sLogger.logInfo("getDeviceToken - new style token is available");
                        SecretKey tryGetSecretKey = tryGetSecretKey(true);
                        if (tryGetSecretKey == null) {
                            sLogger.logError("getDeviceToken - tryGetSecretKey() failed");
                        } else {
                            try {
                                sLogger.logInfo("getDeviceToken - creating cipher");
                                Cipher cipher = Cipher.getInstance(AES_MODE);
                                cipher.init(2, tryGetSecretKey, new GCMParameterSpec(128, cipherIvFromSharedPreferences));
                                String str2 = new String(cipher.doFinal(tokenFromSharedPreferences), Utf8Charset.NAME);
                                if (TextUtils.isEmpty(str2)) {
                                    sLogger.logError("getDeviceToken() - generated empty device token");
                                } else {
                                    sLogger.logInfo("getDeviceToken() - decrypted device token");
                                }
                                mCacheDeviceToken = str2;
                                str = str2;
                            } catch (Exception e2) {
                                sLogger.logError("getDeviceToken - Exception with cipher: " + e2, e2);
                                HuskyMailTracker.getInstance().sendException(e2);
                            }
                        }
                    }
                } else {
                    sLogger.logInfo("getDeviceToken - getOldDeviceToken(), done.");
                    str = getOldDeviceToken();
                }
            } else {
                str = mCacheDeviceToken;
            }
        }
        return str;
    }

    private static byte[] getOldByteArrayFromString(String str) {
        try {
            return Base64.decode(str.getBytes(), 0);
        } catch (Exception e2) {
            sLogger.logError("Exception thrown getting bytes from SharedPreferences");
            return null;
        }
    }

    private static byte[] getOldCipherIvFromSharedPreferences() {
        String oldSecureCipherIv = HuskyMailSharedPreferences.getOldSecureCipherIv();
        if (!TextUtils.isEmpty(oldSecureCipherIv)) {
            return getOldByteArrayFromString(oldSecureCipherIv);
        }
        sLogger.logWarn("getOldCipherIvFromSharedPreferences - no stored bytes");
        return null;
    }

    private static String getOldDeviceToken() {
        mCacheDeviceToken = HuskyMailSharedPreferences.getDeviceToken();
        return mCacheDeviceToken;
    }

    private static byte[] getOldTokenFromSharedPreferences() {
        String oldSecureDeviceToken = HuskyMailSharedPreferences.getOldSecureDeviceToken();
        if (!TextUtils.isEmpty(oldSecureDeviceToken)) {
            return getOldByteArrayFromString(oldSecureDeviceToken);
        }
        sLogger.logWarn("getOldTokenFromSharedPreferences - no stored bytes");
        return null;
    }

    private static String getStringFromByteArray(byte[] bArr) {
        try {
            return Base64.encodeToString(bArr, 2);
        } catch (Exception e2) {
            sLogger.logError("Exception thrown getting String from bytes");
            return null;
        }
    }

    private static byte[] getTokenFromSharedPreferences() {
        String secureDeviceToken = HuskyMailSharedPreferences.getSecureDeviceToken();
        if (!TextUtils.isEmpty(secureDeviceToken)) {
            return getByteArrayFromString(secureDeviceToken);
        }
        sLogger.logWarn("tryGetTokenFromSharedPreferences - no stored bytes");
        return null;
    }

    private static boolean isMarshmallow() {
        return Build.VERSION.SDK_INT >= 23;
    }

    public static synchronized boolean secureAndStoreDeviceToken(String str) {
        boolean z = false;
        synchronized (SecureDeviceTokenManager.class) {
            sLogger.logInfo("secureAndStoreDeviceToken()");
            mCacheDeviceToken = str;
            if (isMarshmallow()) {
                sLogger.logInfo("secureAndStoreDeviceToken() - saving in new format");
                SecretKey tryGetSecretKey = tryGetSecretKey(false);
                if (tryGetSecretKey == null) {
                    sLogger.logInfo("secureAndStoreDeviceToken() - creating key");
                    tryGetSecretKey = createSecretKey();
                    if (tryGetSecretKey == null) {
                        sLogger.logError("secureAndStoreDeviceToken - couldn't create key");
                        HuskyMailSharedPreferences.saveDeviceToken(str);
                    }
                } else {
                    sLogger.logInfo("secureAndStoreDeviceToken() - found existing key");
                }
                try {
                    sLogger.logInfo("secureAndStoreDeviceToken() - creating cipher");
                    Cipher cipher = Cipher.getInstance(AES_MODE);
                    cipher.init(1, tryGetSecretKey);
                    byte[] doFinal = cipher.doFinal(str.getBytes(Utf8Charset.NAME));
                    byte[] iv = cipher.getIV();
                    if (doFinal == null || doFinal.length < 1) {
                        sLogger.logError("secureAndStoreDeviceToken() - no encrypted bytes");
                    }
                    if (iv == null || iv.length < 1) {
                        sLogger.logError("secureAndStoreDeviceToken() - no IV bytes");
                    }
                    storeTokenInSharedPreferences(doFinal);
                    storeCipherIVInSharedPreferences(iv);
                    sLogger.logInfo("secureAndStoreDeviceToken() - done");
                    z = true;
                } catch (Exception e2) {
                    sLogger.logError("secureAndStoreDeviceToken - Exception with cipher: " + e2, e2);
                    HuskyMailSharedPreferences.saveDeviceToken(str);
                }
            } else {
                sLogger.logInfo("secureAndStoreDeviceToken() - saving in old format, done.");
                HuskyMailSharedPreferences.saveDeviceToken(str);
                z = true;
            }
        }
        return z;
    }

    private static boolean storeCipherIVInSharedPreferences(byte[] bArr) {
        String stringFromByteArray = getStringFromByteArray(bArr);
        if (TextUtils.isEmpty(stringFromByteArray)) {
            sLogger.logWarn("tryStoreIVInSharedPreferences - cannot convert bytes for storage");
            return false;
        }
        HuskyMailSharedPreferences.setSecureCipherIv(stringFromByteArray);
        return true;
    }

    private static boolean storeTokenInSharedPreferences(byte[] bArr) {
        String stringFromByteArray = getStringFromByteArray(bArr);
        if (TextUtils.isEmpty(stringFromByteArray)) {
            sLogger.logWarn("tryStoreTokenInSharedPreferences - cannot convert bytes for storage");
            return false;
        }
        HuskyMailSharedPreferences.setSecureDeviceToken(stringFromByteArray);
        return true;
    }

    private static SecretKey tryGetSecretKey(boolean z) {
        SecretKey secretKey;
        Key key;
        sLogger.logInfo("tryGetSecretKey()");
        try {
            KeyStore keyStore = KeyStore.getInstance(KEY_STORE_NAME);
            keyStore.load(null);
            key = keyStore.getKey(ALIAS_KEY, null);
        } catch (Exception e2) {
            sLogger.logError("tryGetSecretKey - exception thrown: " + e2, e2);
            if (z) {
                HuskyMailTracker.getInstance().sendException(new IllegalStateException("tryGetSecretKey - exception thrown: " + e2, e2));
            }
            secretKey = null;
        }
        if (key == null) {
            sLogger.logInfo("tryGetSecretKey - no existing key");
            if (!z) {
                return null;
            }
            HuskyMailTracker.getInstance().sendException(new IllegalStateException("tryGetSecretKey - failed looking up the secret key"));
            return null;
        }
        if (key instanceof SecretKey) {
            sLogger.logInfo("tryGetSecretKey - found existing key");
            secretKey = (SecretKey) key;
            return secretKey;
        }
        sLogger.logInfo("tryGetSecretKey - the key is not a secret key");
        if (!z) {
            return null;
        }
        HuskyMailTracker.getInstance().sendException(new IllegalStateException("tryGetSecretKey - the key is not a secret key"));
        return null;
    }

    private static boolean tryMigrateBytesToBytes(byte[] bArr, byte[] bArr2) {
        boolean z = false;
        sLogger.logInfo("tryMigrateBytesToBytes()");
        SecretKey tryGetSecretKey = tryGetSecretKey(true);
        if (tryGetSecretKey == null) {
            sLogger.logError("tryMigrateBytesToBytes - tryGetSecretKey() failed");
        } else {
            try {
                sLogger.logInfo("tryMigrateBytesToBytes - creating cipher");
                Cipher cipher = Cipher.getInstance(AES_MODE);
                cipher.init(2, tryGetSecretKey, new GCMParameterSpec(128, bArr2));
                String str = new String(cipher.doFinal(bArr));
                if (TextUtils.isEmpty(str)) {
                    sLogger.logError("tryMigrateBytesToBytes() - generated empty device token");
                } else {
                    mCacheDeviceToken = str;
                    if (secureAndStoreDeviceToken(mCacheDeviceToken)) {
                        HuskyMailSharedPreferences.removeOldCipherIv();
                        HuskyMailSharedPreferences.removeOldSecureDeviceToken();
                        z = true;
                    } else {
                        sLogger.logError("tryMigrateBytesToBytes - can't migrate to new scheme");
                    }
                }
            } catch (Exception e2) {
                sLogger.logError("tryMigrateBytesToBytes - Exception with cipher: " + e2, e2);
                HuskyMailTracker.getInstance().sendException(e2);
            }
        }
        return z;
    }

    private static boolean tryMigrateDeviceToken() {
        sLogger.logInfo("tryMigrateDeviceToken()");
        byte[] oldTokenFromSharedPreferences = getOldTokenFromSharedPreferences();
        byte[] oldCipherIvFromSharedPreferences = getOldCipherIvFromSharedPreferences();
        if (oldTokenFromSharedPreferences != null && oldTokenFromSharedPreferences.length > 0 && oldCipherIvFromSharedPreferences != null && oldCipherIvFromSharedPreferences.length > 0) {
            if (tryMigrateBytesToBytes(oldTokenFromSharedPreferences, oldCipherIvFromSharedPreferences)) {
                sLogger.logInfo("tryMigrateDeviceToken - bytes to bytes migration complete");
                return true;
            }
            sLogger.logWarn("tryMigrateDeviceToken - bytes to bytes migration failed, backup plan!");
        }
        String oldDeviceToken = getOldDeviceToken();
        if (TextUtils.isEmpty(oldDeviceToken)) {
            sLogger.logError("tryMigrateDeviceToken - can't find old token to migrate");
            return false;
        }
        sLogger.logInfo("tryMigrateDeviceToken() - migrating token to new format");
        if (!secureAndStoreDeviceToken(oldDeviceToken)) {
            sLogger.logError("tryMigrateDeviceToken - can't migrate to new scheme");
            return false;
        }
        sLogger.logInfo("tryMigrateDeviceToken() - migration complete, deleting old token");
        HuskyMailSharedPreferences.removeDeviceToken();
        return true;
    }
}
