package com.microsoft.workaccount.authenticatorservice;

import android.accounts.Account;
import android.content.Context;
import android.util.Base64;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.microsoft.aad.adal.unity.ADALError;
import com.microsoft.aad.adal.unity.AuthenticationException;
import com.microsoft.aad.adal.unity.DateTimeAdapter;
import com.microsoft.aad.adal.unity.ITokenCacheStore;
import com.microsoft.aad.adal.unity.StorageHelper;
import com.microsoft.aad.adal.unity.TokenCacheItem;
import com.microsoft.workaccount.workplacejoin.AccountManagerStorageHelper;
import com.microsoft.workaccount.workplacejoin.Logger;
import com.microsoft.workaccount.workplacejoin.core.StringHelper;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinFailure;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.DigestException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.StringTokenizer;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes.dex */
public class AccountManagerCache implements ITokenCacheStore {
    static final String FRT_ENTRY_PREFIX = "foci-";
    private static final String HASH_ALGORITHM = "SHA256";
    private static final String TAG = "AccountManagerCache#";
    private static final long serialVersionUID = 1;
    Account mCacheAccount;
    int mCallingAppUID;
    StorageHelper mCryptoHelper;
    private Gson mGson = new GsonBuilder().registerTypeAdapter(Date.class, new DateTimeAdapter()).create();
    AccountManagerStorageHelper mManager;

    public AccountManagerCache(Account account, int i, Context context) {
        this.mCacheAccount = account;
        this.mCallingAppUID = i;
        this.mManager = new AccountManagerStorageHelper(context);
        this.mCryptoHelper = new StorageHelper(context);
    }

    private String decryptEntry(String str) {
        try {
            Logger.v("AccountManagerCache#decryptEntry", "Decrypting item saved in broker cache.");
            return this.mCryptoHelper.decrypt(str);
        } catch (IOException e) {
            Logger.e("AccountManagerCache#decryptEntry", "IO exception", WorkplaceJoinFailure.ADAL, e);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e.getMessage(), e);
        } catch (DigestException e2) {
            Logger.e("AccountManagerCache#decryptEntry", "Digest exception", WorkplaceJoinFailure.ADAL, e2);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e2.getMessage(), e2);
        } catch (InvalidAlgorithmParameterException e3) {
            Logger.e("AccountManagerCache#decryptEntry", "Algorithm paramter is invalid", WorkplaceJoinFailure.ADAL, e3);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e3.getMessage(), e3);
        } catch (InvalidKeyException e4) {
            Logger.e("AccountManagerCache#decryptEntry", "Invalid key", WorkplaceJoinFailure.ADAL, e4);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e4.getMessage(), e4);
        } catch (KeyStoreException e5) {
            Logger.e("AccountManagerCache#decryptEntry", "KeyStore type is not valid", WorkplaceJoinFailure.ADAL, e5);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e5.getMessage(), e5);
        } catch (NoSuchAlgorithmException e6) {
            Logger.e("AccountManagerCache#decryptEntry", "Device does not support the algorithm", WorkplaceJoinFailure.ADAL, e6);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e6.getMessage(), e6);
        } catch (UnrecoverableEntryException e7) {
            Logger.e("AccountManagerCache#decryptEntry", "Entry is not recoverable", WorkplaceJoinFailure.ADAL, e7);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e7.getMessage(), e7);
        } catch (CertificateException e8) {
            Logger.e("AccountManagerCache#decryptEntry", "Certificate is invalid", WorkplaceJoinFailure.ADAL, e8);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e8.getMessage(), e8);
        } catch (BadPaddingException e9) {
            Logger.e("AccountManagerCache#decryptEntry", "Padding is not valid", WorkplaceJoinFailure.ADAL, e9);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e9.getMessage(), e9);
        } catch (IllegalBlockSizeException e10) {
            Logger.e("AccountManagerCache#decryptEntry", "Block size is illegal", WorkplaceJoinFailure.ADAL, e10);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e10.getMessage(), e10);
        } catch (NoSuchPaddingException e11) {
            Logger.e("AccountManagerCache#decryptEntry", "Device does not support padding type", WorkplaceJoinFailure.ADAL, e11);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e11.getMessage(), e11);
        }
    }

    private String encryptEntry(String str) {
        try {
            return this.mCryptoHelper.encrypt(str);
        } catch (IOException e) {
            Logger.e("AccountManagerCache#encryptEntry", "IO exception", WorkplaceJoinFailure.ADAL, e);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e.getMessage(), e);
        } catch (InvalidAlgorithmParameterException e2) {
            Logger.e("AccountManagerCache#encryptEntry", "Algorithm paramter is invalid", WorkplaceJoinFailure.ADAL, e2);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e2.getMessage(), e2);
        } catch (InvalidKeyException e3) {
            Logger.e("AccountManagerCache#encryptEntry", "Invalid key", WorkplaceJoinFailure.ADAL, e3);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e3.getMessage(), e3);
        } catch (NoSuchAlgorithmException e4) {
            Logger.e("AccountManagerCache#encryptEntry", "Device does not support the algorithm", WorkplaceJoinFailure.ADAL, e4);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e4.getMessage(), e4);
        } catch (InvalidKeySpecException e5) {
            Logger.e("AccountManagerCache#encryptEntry", "KeySpec is invalid", WorkplaceJoinFailure.ADAL, e5);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e5.getMessage(), e5);
        } catch (BadPaddingException e6) {
            Logger.e("AccountManagerCache#encryptEntry", "Padding is not valid", WorkplaceJoinFailure.ADAL, e6);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e6.getMessage(), e6);
        } catch (IllegalBlockSizeException e7) {
            Logger.e("AccountManagerCache#encryptEntry", "Block size is illegal", WorkplaceJoinFailure.ADAL, e7);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e7.getMessage(), e7);
        } catch (NoSuchPaddingException e8) {
            Logger.e("AccountManagerCache#encryptEntry", "Device does not support padding type", WorkplaceJoinFailure.ADAL, e8);
            throw new AuthenticationException(ADALError.DEVICE_CACHE_IS_NOT_WORKING, e8.getMessage(), e8);
        }
    }

    private List<String> getAppUidsForAccount() {
        Logger.v("AccountManagerCache#getAppUidsForAccount", "Trying to find all uids stored for the account");
        String accountData = this.mManager.getAccountData(this.mCacheAccount, "account.uid.caches");
        ArrayList arrayList = new ArrayList();
        if (accountData != null) {
            Logger.v("AccountManagerCache#getAppUidsForAccount", "Found uids for the account");
            String decryptEntry = decryptEntry(accountData);
            if (StringHelper.IsNullOrBlank(decryptEntry)) {
                Logger.d("AccountManagerCache#getAppUidsForAccount", "Failed to decrypt uids list");
            } else {
                Logger.v("AccountManagerCache#getAppUidsForAccount", "Successfully decrypt the uid list, trying to get individual uid.");
                String[] split = decryptEntry.split("calling.uid.key");
                if (split.length == 0) {
                    Logger.v("AccountManagerCache#getAppUidsForAccount", "Didn't successfully split the decrypted uids.");
                }
                for (int i = 0; i < split.length; i++) {
                    if (!StringHelper.IsNullOrBlank(split[i])) {
                        arrayList.add(split[i]);
                    }
                }
            }
        } else {
            Logger.v("AccountManagerCache#getAppUidsForAccount", "Uids not found for the account");
        }
        return arrayList;
    }

    private String getBrokerCacheKey(String str, String str2) {
        if (str == null || str.isEmpty()) {
            return null;
        }
        try {
            return new String(Base64.encode(MessageDigest.getInstance("SHA256").digest(("calling.uid.key" + str2 + str).getBytes("UTF_8")), 2), "UTF_8");
        } catch (UnsupportedEncodingException e) {
            Logger.e("AccountManagerCache#getBrokerCacheKey", "Encoding is not supported", WorkplaceJoinFailure.ADAL, e);
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException("Broker cache key is invalid");
            Logger.e("AccountManagerCache#getBrokerCacheKey", illegalArgumentException.getMessage(), WorkplaceJoinFailure.ADAL, illegalArgumentException);
            throw illegalArgumentException;
        } catch (NoSuchAlgorithmException e2) {
            Logger.e("AccountManagerCache#getBrokerCacheKey", "Device does not support the algorithm", WorkplaceJoinFailure.ADAL, e2);
            IllegalArgumentException illegalArgumentException2 = new IllegalArgumentException("Broker cache key is invalid");
            Logger.e("AccountManagerCache#getBrokerCacheKey", illegalArgumentException2.getMessage(), WorkplaceJoinFailure.ADAL, illegalArgumentException2);
            throw illegalArgumentException2;
        }
    }

    private List<String> getKeysForAppUid(String str) {
        ArrayList arrayList = new ArrayList();
        Logger.v("AccountManagerCache#getKeysForAppUid", "Trying to get stored keys for given uid.");
        String accountData = this.mManager.getAccountData(this.mCacheAccount, "userdata.caller.cachekeys" + str);
        if (accountData == null || accountData.isEmpty()) {
            Logger.v("AccountManagerCache#getKeysForAppUid", "Keys are not present");
        } else {
            Logger.v("AccountManagerCache#getKeysForAppUid", "Keys are present:" + accountData);
            StringTokenizer stringTokenizer = new StringTokenizer(accountData, "|", false);
            if (!stringTokenizer.hasMoreTokens()) {
                Logger.v("AccountManagerCache#getKeysForAppUid", "No cache keys for account:" + this.mCacheAccount.name);
            }
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                if (nextToken != null && !nextToken.isEmpty()) {
                    Logger.v("AccountManagerCache#getKeysForAppUid", "Adding keys for: " + nextToken);
                    arrayList.add(nextToken);
                }
            }
        }
        return arrayList;
    }

    private void removeCacheKey(String str) {
        Logger.d("AccountManagerCache#removeCacheKey", "remove cache key:" + str);
        String accountData = this.mManager.getAccountData(this.mCacheAccount, "userdata.caller.cachekeys" + this.mCallingAppUID);
        if (accountData == null) {
            Logger.v("AccountManagerCache#removeCacheKey", "Cache key does not exist");
            return;
        }
        Logger.d("AccountManagerCache#removeCacheKey", "removeCacheKey Keylist:" + accountData);
        accountData.replace("|" + str, "");
        this.mManager.setAccountData(this.mCacheAccount, "userdata.caller.cachekeys" + this.mCallingAppUID, accountData.trim());
    }

    private void saveCacheKey(String str) {
        String accountData = this.mManager.getAccountData(this.mCacheAccount, "userdata.caller.cachekeys" + this.mCallingAppUID);
        if (accountData == null) {
            accountData = "";
        }
        Logger.d("AccountManagerCache#saveCacheKey", "Keylist:" + accountData);
        if (accountData.contains("|" + str)) {
            Logger.v("AccountManagerCache#saveCacheKey", "Account " + this.mCacheAccount.name + " has this cache key:" + str);
            return;
        }
        Logger.v("AccountManagerCache#saveCacheKey", "Account " + this.mCacheAccount.name + " does not have this cache key:" + str);
        this.mManager.setAccountData(this.mCacheAccount, "userdata.caller.cachekeys" + this.mCallingAppUID, accountData + "|" + str);
    }

    @Override // com.microsoft.aad.adal.unity.ITokenCacheStore
    public boolean contains(String str) {
        Logger.d("AccountManagerCache#contains", "Cache contains for key:" + str);
        if (str == null) {
            throw new IllegalArgumentException("cacheKey");
        }
        String accountData = this.mManager.getAccountData(this.mCacheAccount, getBrokerCacheKey(str, String.valueOf(this.mCallingAppUID)));
        return (accountData == null || accountData.isEmpty()) ? false : true;
    }

    @Override // com.microsoft.aad.adal.unity.ITokenCacheStore
    public Iterator<TokenCacheItem> getAll() {
        TokenCacheItem tokenCacheItem;
        ArrayList arrayList = new ArrayList();
        List<String> appUidsForAccount = getAppUidsForAccount();
        if (appUidsForAccount.isEmpty()) {
            Logger.v("AccountManagerCache#getAll", "No uids exist for account " + this.mCacheAccount.name);
        } else {
            Logger.v("AccountManagerCache#getAll", "Find uids for account " + this.mCacheAccount.name);
            for (String str : appUidsForAccount) {
                Iterator<String> it = getKeysForAppUid(str).iterator();
                while (it.hasNext()) {
                    String brokerCacheKey = getBrokerCacheKey(it.next(), str);
                    String accountData = this.mManager.getAccountData(this.mCacheAccount, brokerCacheKey);
                    if (accountData != null && !accountData.isEmpty()) {
                        try {
                            String decryptEntry = decryptEntry(accountData);
                            Logger.d("AccountManagerCache#getAll", "Decryption is passed for key :" + brokerCacheKey);
                            if (decryptEntry != null && (tokenCacheItem = (TokenCacheItem) this.mGson.fromJson(decryptEntry, TokenCacheItem.class)) != null) {
                                arrayList.add(tokenCacheItem);
                            }
                        } catch (Exception e) {
                            Logger.e("AccountManagerCache#getAll", "Failed to decrypt entry", WorkplaceJoinFailure.INTERNAL, e);
                        }
                    }
                }
            }
        }
        return arrayList.iterator();
    }

    @Override // com.microsoft.aad.adal.unity.ITokenCacheStore
    public TokenCacheItem getItem(String str, boolean z) {
        Logger.d("AccountManagerCache#getItem", "Cache get item for key:" + str + " app UID:" + this.mCallingAppUID);
        if (str == null) {
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException("cacheKey");
            Logger.e("AccountManagerCache#getItem", illegalArgumentException.getMessage(), WorkplaceJoinFailure.INTERNAL, illegalArgumentException);
            throw illegalArgumentException;
        }
        TokenCacheItem tokenCacheItem = null;
        String accountData = this.mManager.getAccountData(this.mCacheAccount, getKey(str, z));
        if (accountData == null || accountData.isEmpty()) {
            return null;
        }
        try {
            String decryptEntry = decryptEntry(accountData);
            Logger.d("AccountManagerCache#getItem", "Decryption is passed for key :" + str);
            if (decryptEntry == null) {
                return null;
            }
            tokenCacheItem = (TokenCacheItem) this.mGson.fromJson(decryptEntry, TokenCacheItem.class);
            Logger.d("AccountManagerCache#getItem", "Json parsing for key :" + str);
            return tokenCacheItem;
        } catch (Exception e) {
            Logger.e("AccountManagerCache#getItem", "Failed to decrypt entry", WorkplaceJoinFailure.INTERNAL, e);
            removeItem(str);
            return tokenCacheItem;
        }
    }

    final String getKey(String str, boolean z) {
        return z ? str : getBrokerCacheKey(str, String.valueOf(this.mCallingAppUID));
    }

    @Override // com.microsoft.aad.adal.unity.ITokenCacheStore
    public void removeAll() {
        Logger.v("AccountManagerCache#removeAll", "Attempting to remove all keys for account:" + this.mCacheAccount.name);
        String accountData = this.mManager.getAccountData(this.mCacheAccount, "userdata.caller.cachekeys" + this.mCallingAppUID);
        if (accountData == null || accountData.isEmpty()) {
            Logger.v("AccountManagerCache#removeAll", "Keys are not present");
            return;
        }
        Logger.v("AccountManagerCache#removeAll", "Keys are present:" + accountData);
        StringTokenizer stringTokenizer = new StringTokenizer(accountData, "|", false);
        if (!stringTokenizer.hasMoreTokens()) {
            Logger.v("AccountManagerCache#removeAll", "No cache keys for account:" + this.mCacheAccount.name);
        }
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken != null && !nextToken.isEmpty()) {
                Logger.v("AccountManagerCache#removeAll", "Removing cache for key:" + nextToken);
                removeItem(nextToken);
            }
        }
        this.mManager.setAccountData(this.mCacheAccount, "userdata.caller.cachekeys" + this.mCallingAppUID, "");
    }

    @Override // com.microsoft.aad.adal.unity.ITokenCacheStore
    public void removeItem(String str) {
        if (str == null) {
            throw new IllegalArgumentException("key");
        }
        Logger.d("AccountManagerCache#removeItem", "Cache removeItem for key:" + str);
        this.mManager.setAccountData(this.mCacheAccount, getBrokerCacheKey(str, String.valueOf(this.mCallingAppUID)), "");
        removeCacheKey(str);
    }

    @Override // com.microsoft.aad.adal.unity.ITokenCacheStore
    public void setItem(String str, TokenCacheItem tokenCacheItem, boolean z) {
        Logger.d("AccountManagerCache#setItem", "Cache setItem for key:" + str);
        if (str == null) {
            throw new IllegalArgumentException("key");
        }
        if (tokenCacheItem == null) {
            throw new IllegalArgumentException("item");
        }
        String encryptEntry = encryptEntry(this.mGson.toJson(tokenCacheItem));
        if (encryptEntry != null) {
            this.mManager.setAccountData(this.mCacheAccount, getKey(str, z), encryptEntry);
            if (z) {
                return;
            }
            saveCacheKey(str);
        }
    }
}
