package com.adobe.libs.connectors.utils;

import android.content.SharedPreferences;
import android.os.Build;
import android.util.Base64;
import com.adobe.libs.buildingblocks.utils.BBLogUtils;
import com.adobe.libs.buildingblocks.utils.BBSecurityUtils;
import com.adobe.libs.connectors.CNConnectorManager;
import com.adobe.libs.connectors.CNContext;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.util.Arrays;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: Unknown */
/* loaded from: classes.dex */
public class CNTokensCryptor {
    private static final String CONNECTORS_ACCESS_TOKEN_KEY = "connectorsAccessTokenKey";
    private static final String CONNECTORS_TOKENS_SECRET_IVKEY = "connectorsTokensSecretIVKey";
    private static final String CONNECTORS_TOKENS_SECRET_KEY = "connectorsTokensSecretKey";
    private static final String CONNECTORS_TOKENS_SECRET_KEY_PREFERENCES = "com.adobe.libs.connectors.utils.CNTokensCryptor";
    private static final String ENCRYPTION_ALGORITHM_NAME = "AES";
    private static final int ENCRYPTION_KEY_SIZE_128 = 128;
    private static final String SECRET_KEY_ALIAS = "connectorSecretKeyAlias";
    private final CNConnectorManager.ConnectorType mConnectorType;
    private SecretKey mSecretKey;
    private final String mUserID;

    public CNTokensCryptor(CNConnectorManager.ConnectorType connectorType, String str) {
        this.mConnectorType = connectorType;
        this.mUserID = str;
    }

    private SecretKey generateRandomKey() throws NoSuchAlgorithmException {
        SecretKey generateKey = BBSecurityUtils.generateKey(ENCRYPTION_ALGORITHM_NAME, 128);
        String encodeToString = Base64.encodeToString(BBSecurityUtils.generateIVBytes(16), 0);
        SharedPreferences.Editor edit = getTokensSecretKeyPreferences().edit();
        edit.putString(CONNECTORS_TOKENS_SECRET_IVKEY, encodeToString);
        edit.apply();
        return generateKey;
    }

    private byte[] getCryptorIv() {
        String string = getTokensSecretKeyPreferences().getString(CONNECTORS_TOKENS_SECRET_IVKEY, null);
        return string == null ? new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} : Base64.decode(string, 0);
    }

    private SecretKey getCryptorKey() throws Exception {
        KeyStore.PrivateKeyEntry secretKeyEntryFromKeyStore;
        SecretKey generateRandomKey;
        PublicKey generateKeyForApi19AndAbove;
        if (this.mSecretKey == null) {
            SharedPreferences tokensSecretKeyPreferences = getTokensSecretKeyPreferences();
            if (isCloudSecretKeyPresentInPreferences()) {
                String string = tokensSecretKeyPreferences.getString(CONNECTORS_TOKENS_SECRET_KEY, null);
                CNContext.logit("CNTokensCryptor:getCryptorKey - cloudSecretKey as read from preferences " + string);
                if (string != null) {
                    byte[] decode = Base64.decode(string, 0);
                    CNContext.logit("CNTokensCryptor:getCryptorKey - cloudSecretKey after decoding as read from preferences " + Arrays.toString(decode));
                    if (BBSecurityUtils.isSecretKeyPresentInKeyStore(getKeyStoreSecretKeyAlias()) && (secretKeyEntryFromKeyStore = BBSecurityUtils.getSecretKeyEntryFromKeyStore(getKeyStoreSecretKeyAlias())) != null) {
                        CNContext.logit("CNTokensCryptor:getCryptorKey - cloudSecretKey after decoding as read from preferences is encrypted");
                        decode = BBSecurityUtils.decrypt(secretKeyEntryFromKeyStore.getPrivateKey(), getCryptorIv(), decode);
                        CNContext.logit("CNTokensCryptor:getCryptorKey - decrypted cloud secret key " + Arrays.toString(decode));
                    }
                    this.mSecretKey = new SecretKeySpec(decode, ENCRYPTION_ALGORITHM_NAME);
                }
            }
            if (this.mSecretKey == null && (generateRandomKey = generateRandomKey()) != null) {
                byte[] encoded = generateRandomKey.getEncoded();
                if (Build.VERSION.SDK_INT >= 19 && (generateKeyForApi19AndAbove = BBSecurityUtils.generateKeyForApi19AndAbove(CNContext.getInstance().getAppContext(), getKeyStoreSecretKeyAlias())) != null) {
                    byte[] encoded2 = generateRandomKey.getEncoded();
                    CNContext.logit("CNTokensCryptor:getCryptorKey - unencrypted decoded cloud secret key " + Arrays.toString(encoded2));
                    encoded = BBSecurityUtils.encrypt(generateKeyForApi19AndAbove, getCryptorIv(), encoded2);
                    CNContext.logit("CNTokensCryptor:getCryptorKey - encrypted decoded cloud secret key " + Arrays.toString(encoded));
                    CNContext.logit("CNTokensCryptor:getCryptorKey - encrypted encoded cloud secret key " + Base64.encodeToString(encoded, 0));
                }
                SharedPreferences.Editor edit = tokensSecretKeyPreferences.edit();
                edit.putString(CONNECTORS_TOKENS_SECRET_KEY, Base64.encodeToString(encoded, 0));
                edit.apply();
                this.mSecretKey = generateRandomKey;
            }
        }
        return this.mSecretKey;
    }

    private String getKeyStoreSecretKeyAlias() {
        return "connectorSecretKeyAlias_" + this.mConnectorType.name() + "_" + this.mUserID;
    }

    private SharedPreferences getTokensSecretKeyPreferences() {
        return CNContext.getInstance().getAppContext().getSharedPreferences("com.adobe.libs.connectors.utils.CNTokensCryptor_" + this.mConnectorType.name() + "_" + this.mUserID, 0);
    }

    private boolean isCloudSecretKeyPresent() {
        return isCloudSecretKeyPresentInPreferences() || BBSecurityUtils.isSecretKeyPresentInKeyStore(getKeyStoreSecretKeyAlias());
    }

    private boolean isCloudSecretKeyPresentInPreferences() {
        return getTokensSecretKeyPreferences().contains(CONNECTORS_TOKENS_SECRET_KEY);
    }

    private void removeSecretKey() {
        SharedPreferences.Editor edit = getTokensSecretKeyPreferences().edit();
        edit.remove(CONNECTORS_TOKENS_SECRET_KEY);
        edit.remove(CONNECTORS_TOKENS_SECRET_IVKEY);
        edit.apply();
        try {
            BBSecurityUtils.removeKeyFromKeyStore(getKeyStoreSecretKeyAlias());
        } catch (Exception e) {
        }
        this.mSecretKey = null;
    }

    private void storeTokens(SharedPreferences sharedPreferences, String str) {
        SharedPreferences.Editor edit = sharedPreferences.edit();
        if (str != null) {
            edit.putString(CONNECTORS_ACCESS_TOKEN_KEY, str);
        }
        edit.apply();
    }

    public void clear() {
        SharedPreferences.Editor edit = getTokensSecretKeyPreferences().edit();
        edit.clear();
        edit.apply();
    }

    public void encryptAndStoreTokens(SharedPreferences sharedPreferences, String str) {
        CNContext.logit("CNTokensCryptor:encryptAndStoreTokens - encrypt and store tokens");
        try {
            try {
                SecretKey cryptorKey = getCryptorKey();
                if (str != null) {
                    String encodeToString = Base64.encodeToString(BBSecurityUtils.encrypt(cryptorKey, getCryptorIv(), str.getBytes()), 0);
                    try {
                        CNContext.logit("Access token encrypted value = " + encodeToString);
                        str = encodeToString;
                    } catch (Throwable th) {
                        str = encodeToString;
                        th = th;
                        storeTokens(sharedPreferences, str);
                        throw th;
                    }
                }
                storeTokens(sharedPreferences, str);
            } catch (Exception e) {
                removeSecretKey();
                CNContext.logit("CNTokensCryptor:encryptAndStoreTokens " + e.getMessage());
                storeTokens(sharedPreferences, str);
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    public String getAccessToken(SharedPreferences sharedPreferences) {
        String string = sharedPreferences.getString(CONNECTORS_ACCESS_TOKEN_KEY, null);
        if (string == null || !isCloudSecretKeyPresent()) {
            return string;
        }
        try {
            return new String(BBSecurityUtils.decrypt(getCryptorKey(), getCryptorIv(), Base64.decode(string.getBytes(), 0)));
        } catch (Exception e) {
            BBLogUtils.logException("CNTokensCryptor:getAccessToken ", e);
            return null;
        }
    }
}
