package com.acompli.accore.notifications;

import android.os.Bundle;
import android.text.TextUtils;
import android.util.Base64;
import bolts.Task;
import com.acompli.accore.ACAccountPersistenceManager;
import com.acompli.accore.ACCore;
import com.acompli.accore.model.ACMailAccount;
import com.acompli.accore.model.PushEncryptionKey;
import com.acompli.accore.util.concurrent.ClientCompletionBlock;
import com.acompli.accore.util.concurrent.OutlookExecutors;
import com.acompli.accore.util.concurrent.TaskUtil;
import com.acompli.libcircle.ClInterfaces;
import com.acompli.libcircle.Errors;
import com.acompli.libcircle.log.Logger;
import com.acompli.libcircle.log.LoggerFactory;
import com.acompli.libcircle.metrics.EventLogger;
import com.acompli.thrift.client.generated.RegisterNotificationPublicKeyRequest_642;
import com.acompli.thrift.client.generated.RegisterNotificationPublicKeyResponse_643;
import com.microsoft.intune.mam.client.app.offline.OfflineStartupBlockedActivity;
import com.microsoft.office.outlook.Extras;
import com.microsoft.office.plat.keystore.CryptoUtils;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.Callable;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import okio.ByteString;

/* loaded from: classes.dex */
public class PushEncryptionKeysManager {
    private static final Logger a = LoggerFactory.a("PushEncryptionKeysManager");
    private final Object b = new Object();
    private final Map<Integer, RequestTracker> c = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class ClientGeneratedKeys {
        private final byte[] a;
        private final PrivateKey b;

        public ClientGeneratedKeys(byte[] bArr, PrivateKey privateKey) {
            this.a = bArr;
            this.b = privateKey;
        }

        public byte[] a() {
            return this.a;
        }

        public PrivateKey b() {
            return this.b;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class DecryptPayloadKeyResult {
        byte[] a;
        byte[] b;

        public DecryptPayloadKeyResult(byte[] bArr, byte[] bArr2) {
            this.a = bArr;
            this.b = bArr2;
        }
    }

    /* loaded from: classes.dex */
    public static class KeyRegistrationException extends Exception {
        private final ErrorType a;
        private final Errors.ClError b;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: classes.dex */
        public enum ErrorType {
            NETWORK,
            SQL,
            THROTTLE
        }

        public KeyRegistrationException(String str, ErrorType errorType) {
            super(str);
            this.a = errorType;
            this.b = null;
        }

        public KeyRegistrationException(String str, Errors.ClError clError) {
            super(str);
            this.a = ErrorType.NETWORK;
            this.b = clError;
        }

        public boolean a() {
            return this.a == ErrorType.SQL;
        }
    }

    /* loaded from: classes.dex */
    public static class MalformedPayloadBundleAttributesException extends Exception {
        public MalformedPayloadBundleAttributesException(String str) {
            super(str);
        }
    }

    /* loaded from: classes.dex */
    public static class MalformedPayloadKeyException extends Exception {
        public MalformedPayloadKeyException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class PayloadKeyAttributeComponents {
        private final String a;
        private final String b;
        private final String c;

        public PayloadKeyAttributeComponents(String str, String str2, String str3) {
            this.a = str;
            this.b = str2;
            this.c = str3;
        }

        public String a() {
            return this.b;
        }

        public String b() {
            return this.c;
        }
    }

    /* loaded from: classes.dex */
    public static class PrivateKeyNotFoundException extends Exception {
        public PrivateKeyNotFoundException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class RequestTracker {
        long a;
        boolean b;
        int c;

        private RequestTracker() {
        }

        public void a(boolean z) {
            this.b = z;
            if (z) {
                this.a = System.currentTimeMillis();
                this.c++;
            }
        }
    }

    private DecryptPayloadKeyResult a(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        PrivateKey generatePrivate = KeyFactory.getInstance(PushEncryptionKey.getKeyMethodForVersion(0)).generatePrivate(new PKCS8EncodedKeySpec(bArr));
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
        cipher.init(2, generatePrivate, new OAEPParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), PSource.PSpecified.DEFAULT));
        byte[] doFinal = cipher.doFinal(bArr2);
        byte[] bArr3 = new byte[32];
        byte[] bArr4 = new byte[32];
        System.arraycopy(doFinal, 0, bArr3, 0, 32);
        System.arraycopy(doFinal, 32, bArr4, 0, 32);
        return new DecryptPayloadKeyResult(bArr3, bArr4);
    }

    private String a(byte[] bArr, byte[] bArr2, byte[] bArr3) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        System.arraycopy(bArr3, 0, new byte[32], 0, 32);
        byte[] bArr4 = new byte[16];
        System.arraycopy(bArr3, 32, bArr4, 0, 16);
        byte[] bArr5 = new byte[bArr3.length - 80];
        System.arraycopy(bArr3, 48, bArr5, 0, bArr3.length - 80);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr4);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, CryptoUtils.CryptoAlgorithm);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(2, secretKeySpec, ivParameterSpec);
        return new String(cipher.doFinal(bArr5));
    }

    private byte[] a(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    public Task<Void> a(final ACCore aCCore, final ACAccountPersistenceManager aCAccountPersistenceManager, final EventLogger eventLogger, final boolean z, final ACMailAccount aCMailAccount) {
        return Task.a(new Callable<Void>() { // from class: com.acompli.accore.notifications.PushEncryptionKeysManager.1
            @Override // java.util.concurrent.Callable
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public Void call() throws Exception {
                if (aCMailAccount.isMailAccount() && (z || !aCAccountPersistenceManager.c(aCMailAccount.getAccountID()))) {
                    try {
                        PushEncryptionKeysManager.this.a(aCCore, aCAccountPersistenceManager, aCMailAccount.getAccountID());
                    } catch (KeyRegistrationException e) {
                        if (e.a()) {
                            PushEncryptionKeysManager.this.a(eventLogger, e);
                        }
                    } catch (InterruptedException e2) {
                    } catch (Exception e3) {
                        PushEncryptionKeysManager.this.a(eventLogger, e3);
                    }
                }
                return null;
            }
        }, OutlookExecutors.c).a(TaskUtil.a());
    }

    ClientGeneratedKeys a() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(PushEncryptionKey.getKeyMethodCurrentVersion());
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PublicKey publicKey = generateKeyPair.getPublic();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        byte[] a2 = a(218);
        byte[] bArr = new byte[512];
        System.arraycopy(publicKey.getEncoded(), 0, bArr, 0, 294);
        System.arraycopy(a2, 0, bArr, 294, 218);
        return new ClientGeneratedKeys(bArr, privateKey);
    }

    public PayloadKeyAttributeComponents a(String str) throws MalformedPayloadKeyException {
        String[] split = str.split("::");
        if (split == null || split.length != 3) {
            throw new MalformedPayloadKeyException("");
        }
        return new PayloadKeyAttributeComponents(split[0], split[1], split[2]);
    }

    public String a(ACAccountPersistenceManager aCAccountPersistenceManager, Bundle bundle) throws MalformedPayloadBundleAttributesException, MalformedPayloadKeyException, PrivateKeyNotFoundException, GeneralSecurityException {
        String string = bundle.getString("account_id");
        String string2 = bundle.getString("key");
        String string3 = bundle.getString(Extras.MAIL_NOTIFICATION_ENCRYPTED_PAYLOAD);
        if (TextUtils.isEmpty(string)) {
            throw new MalformedPayloadBundleAttributesException("Missing param: account_id");
        }
        if (TextUtils.isEmpty(string3)) {
            throw new MalformedPayloadBundleAttributesException("Missing param: encrypted");
        }
        if (TextUtils.isEmpty(string3)) {
            throw new MalformedPayloadBundleAttributesException("Missing param: key");
        }
        try {
            int parseInt = Integer.parseInt(string);
            PayloadKeyAttributeComponents a2 = a(string2);
            PushEncryptionKey b = aCAccountPersistenceManager.b(parseInt, a2.a());
            if (b == null) {
                throw new PrivateKeyNotFoundException("");
            }
            return a(a2, b.getPrivateKeyEncoded(), string3);
        } catch (NumberFormatException e) {
            throw new MalformedPayloadKeyException("Invalid account_id attribute format.");
        }
    }

    String a(PayloadKeyAttributeComponents payloadKeyAttributeComponents, byte[] bArr, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, BadPaddingException, IllegalBlockSizeException, InvalidKeySpecException {
        byte[] decode = Base64.decode(payloadKeyAttributeComponents.b(), 2);
        byte[] decode2 = Base64.decode(str, 2);
        DecryptPayloadKeyResult a2 = a(bArr, decode);
        return a(a2.a, a2.b, decode2);
    }

    public void a(ACCore aCCore, ACAccountPersistenceManager aCAccountPersistenceManager, int i) throws NoSuchAlgorithmException, KeyRegistrationException, InterruptedException {
        synchronized (this.b) {
            RequestTracker requestTracker = this.c.get(Integer.valueOf(i));
            if (requestTracker == null) {
                requestTracker = new RequestTracker();
                this.c.put(Integer.valueOf(i), requestTracker);
            }
            if (requestTracker.b) {
                return;
            }
            long currentTimeMillis = System.currentTimeMillis() - requestTracker.a;
            if (currentTimeMillis < 60000) {
                throw new KeyRegistrationException("Blocking registration until throttle time has been reached, " + ((60000 - currentTimeMillis) / 1000) + " seconds remaining.", KeyRegistrationException.ErrorType.THROTTLE);
            }
            requestTracker.a(true);
            ClientGeneratedKeys a2 = a();
            RegisterNotificationPublicKeyRequest_642 m329build = new RegisterNotificationPublicKeyRequest_642.Builder().accountID(Short.valueOf((short) i)).publicKey(ByteString.a(a2.a())).m329build();
            final ClientCompletionBlock clientCompletionBlock = new ClientCompletionBlock();
            aCCore.a((ACCore) m329build, (ClInterfaces.ClResponseCallback<?>) new ClInterfaces.ClResponseCallback<RegisterNotificationPublicKeyResponse_643>() { // from class: com.acompli.accore.notifications.PushEncryptionKeysManager.2
                @Override // com.acompli.libcircle.ClInterfaces.ClResponseCallback
                /* renamed from: a, reason: merged with bridge method [inline-methods] */
                public void onResponse(RegisterNotificationPublicKeyResponse_643 registerNotificationPublicKeyResponse_643) {
                    clientCompletionBlock.a((ClientCompletionBlock) registerNotificationPublicKeyResponse_643);
                    clientCompletionBlock.g();
                }

                @Override // com.acompli.libcircle.ClInterfaces.ClResponseCallback
                public void onError(Errors.ClError clError) {
                    clientCompletionBlock.a(clError);
                    clientCompletionBlock.g();
                }
            });
            clientCompletionBlock.h();
            try {
                if (clientCompletionBlock.i()) {
                    throw new InterruptedException("Error registering key, interrupted.");
                }
                if (clientCompletionBlock.c()) {
                    throw new KeyRegistrationException("Error registering key.", clientCompletionBlock.b());
                }
                if (!aCAccountPersistenceManager.a(new PushEncryptionKey(i, ((RegisterNotificationPublicKeyResponse_643) clientCompletionBlock.a()).keyReference, a2.b().getEncoded(), System.currentTimeMillis(), 0))) {
                    throw new KeyRegistrationException("Error storing key to datastore.", KeyRegistrationException.ErrorType.SQL);
                }
                synchronized (this.b) {
                    this.c.get(Integer.valueOf(i)).b = false;
                }
            } catch (Throwable th) {
                synchronized (this.b) {
                    this.c.get(Integer.valueOf(i)).b = false;
                    throw th;
                }
            }
        }
    }

    public void a(EventLogger eventLogger) {
        eventLogger.a("push_notification_encryption_key_missing").b();
    }

    public void a(EventLogger eventLogger, Throwable th) {
        eventLogger.a("push_notification_encryption_general_exception").a(OfflineStartupBlockedActivity.MESSAGE_EXTRA_NAME, th.getMessage()).b();
    }

    public boolean a(Bundle bundle) {
        return (bundle == null || TextUtils.isEmpty(bundle.getString("account_id")) || TextUtils.isEmpty(bundle.getString("key")) || TextUtils.isEmpty(bundle.getString(Extras.MAIL_NOTIFICATION_ENCRYPTED_PAYLOAD))) ? false : true;
    }
}
