package slack.services.accountmanager.impl;

import androidx.activity.BackEventCompat$$ExternalSyntheticOutline0;
import androidx.work.impl.model.WorkSpec;
import com.facebook.shimmer.Shimmer;
import com.google.android.gms.internal.mlkit_common.zzy;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import kotlin.NoWhenBranchMatchedException;
import kotlin.Pair;
import kotlin.Unit;
import kotlin.collections.CollectionsKt__IterablesKt;
import kotlin.collections.EmptyList;
import kotlin.jvm.internal.Intrinsics;
import slack.crypto.security.AeadPrimitiveFactory;
import slack.crypto.security.DecryptionResult;
import slack.crypto.security.TinkCryptoAtomic;
import slack.crypto.security.VerifyAeadResult$Invalid;
import slack.crypto.security.VerifyAeadResult$Valid;
import slack.foundation.auth.AuthToken;
import slack.libraries.accountmanager.api.AccountManager;
import slack.libraries.accountmanager.api.AuthTokenRecoveryHelper;
import slack.libraries.accountmanager.api.EnterpriseAccount;
import slack.libraries.accountmanager.api.RecoverAuthTokensResult;
import slack.libraries.accountmanager.api.ReliableTokenStoreResult$Invalid;
import slack.libraries.accountmanager.api.ReliableTokenStoreResult$Valid;
import slack.model.account.Account;
import slack.persistence.users.UsersQueries$$ExternalSyntheticLambda5;
import slack.telemetry.tracing.Spannable;
import slack.telemetry.tracing.TraceContext;
import slack.telemetry.tracing.Tracer;
import timber.log.Timber;

/* loaded from: classes5.dex */
public final class AuthTokenRecoveryHelperImpl implements AuthTokenRecoveryHelper {
    public final AccountManager accountManager;
    public final AeadPrimitiveFactory aeadPrimitiveFactory;
    public final SecureAccountTokenStoreImpl secureAccountTokenStore;
    public final TinkCryptoAtomic tinkCrypto;
    public final TinkCryptoAtomic tinkCryptoSecondary;
    public final Tracer tracer;

    /* loaded from: classes5.dex */
    public final class AccountsToRestore {
        public final List enterpriseAccountsToRestore;
        public final List userAccountsToRestore;

        public AccountsToRestore(List userAccountsToRestore, List enterpriseAccountsToRestore) {
            Intrinsics.checkNotNullParameter(userAccountsToRestore, "userAccountsToRestore");
            Intrinsics.checkNotNullParameter(enterpriseAccountsToRestore, "enterpriseAccountsToRestore");
            this.userAccountsToRestore = userAccountsToRestore;
            this.enterpriseAccountsToRestore = enterpriseAccountsToRestore;
        }

        public final boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof AccountsToRestore)) {
                return false;
            }
            AccountsToRestore accountsToRestore = (AccountsToRestore) obj;
            return Intrinsics.areEqual(this.userAccountsToRestore, accountsToRestore.userAccountsToRestore) && Intrinsics.areEqual(this.enterpriseAccountsToRestore, accountsToRestore.enterpriseAccountsToRestore);
        }

        public final int hashCode() {
            return this.enterpriseAccountsToRestore.hashCode() + (this.userAccountsToRestore.hashCode() * 31);
        }

        public final String toString() {
            return "AccountsToRestore(userAccountsToRestore=" + this.userAccountsToRestore + ", enterpriseAccountsToRestore=" + this.enterpriseAccountsToRestore + ")";
        }
    }

    /* loaded from: classes5.dex */
    public final class DecryptedTokens {
        public final boolean hasAtLeastOneValidDecryptedToken;
        public final boolean hasInvalidDecryptedToken;
        public final String tokenFromSecureTokenStore;
        public final String tokenFromTinkCrypto;
        public final String tokenFromTinkCryptoSecondary;
        public final String validDecryptedToken;

        public DecryptedTokens(String str, String str2, String str3) {
            this.tokenFromSecureTokenStore = str;
            this.tokenFromTinkCrypto = str2;
            this.tokenFromTinkCryptoSecondary = str3;
            String str4 = str == null ? str2 == null ? str3 : str2 : str;
            this.validDecryptedToken = str4;
            this.hasAtLeastOneValidDecryptedToken = str4 != null;
            this.hasInvalidDecryptedToken = str == null || str2 == null || str3 == null;
        }

        public final boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof DecryptedTokens)) {
                return false;
            }
            DecryptedTokens decryptedTokens = (DecryptedTokens) obj;
            return Intrinsics.areEqual(this.tokenFromSecureTokenStore, decryptedTokens.tokenFromSecureTokenStore) && Intrinsics.areEqual(this.tokenFromTinkCrypto, decryptedTokens.tokenFromTinkCrypto) && Intrinsics.areEqual(this.tokenFromTinkCryptoSecondary, decryptedTokens.tokenFromTinkCryptoSecondary);
        }

        public final int hashCode() {
            String str = this.tokenFromSecureTokenStore;
            int hashCode = (str == null ? 0 : str.hashCode()) * 31;
            String str2 = this.tokenFromTinkCrypto;
            int hashCode2 = (hashCode + (str2 == null ? 0 : str2.hashCode())) * 31;
            String str3 = this.tokenFromTinkCryptoSecondary;
            return hashCode2 + (str3 != null ? str3.hashCode() : 0);
        }

        public final String toString() {
            StringBuilder sb = new StringBuilder("DecryptedTokens(tokenFromSecureTokenStore=");
            sb.append(this.tokenFromSecureTokenStore);
            sb.append(", tokenFromTinkCrypto=");
            sb.append(this.tokenFromTinkCrypto);
            sb.append(", tokenFromTinkCryptoSecondary=");
            return BackEventCompat$$ExternalSyntheticOutline0.m(sb, this.tokenFromTinkCryptoSecondary, ")");
        }
    }

    public AuthTokenRecoveryHelperImpl(AccountManager accountManager, AeadPrimitiveFactory aeadPrimitiveFactory, SecureAccountTokenStoreImpl secureAccountTokenStore, Tracer tracer, TinkCryptoAtomic tinkCryptoAtomic, TinkCryptoAtomic tinkCryptoAtomic2) {
        Intrinsics.checkNotNullParameter(accountManager, "accountManager");
        Intrinsics.checkNotNullParameter(secureAccountTokenStore, "secureAccountTokenStore");
        Intrinsics.checkNotNullParameter(tracer, "tracer");
        this.accountManager = accountManager;
        this.aeadPrimitiveFactory = aeadPrimitiveFactory;
        this.secureAccountTokenStore = secureAccountTokenStore;
        this.tracer = tracer;
        this.tinkCrypto = tinkCryptoAtomic;
        this.tinkCryptoSecondary = tinkCryptoAtomic2;
    }

    public static boolean hasInvalidSecureTokenStoreTokens(ArrayList arrayList, ArrayList arrayList2) {
        boolean z;
        boolean z2;
        if (!arrayList.isEmpty()) {
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                if (((DecryptedTokens) ((Pair) it.next()).getSecond()).tokenFromSecureTokenStore == null) {
                    z = true;
                    break;
                }
            }
        }
        z = false;
        if (!arrayList2.isEmpty()) {
            Iterator it2 = arrayList2.iterator();
            while (it2.hasNext()) {
                if (((DecryptedTokens) ((Pair) it2.next()).getSecond()).tokenFromSecureTokenStore == null) {
                    z2 = true;
                    break;
                }
            }
        }
        z2 = false;
        return z || z2;
    }

    public static boolean hasInvalidTinkKeystoreAeadTokens(AuthToken.Crypto crypto, ArrayList arrayList, ArrayList arrayList2) {
        UsersQueries$$ExternalSyntheticLambda5 usersQueries$$ExternalSyntheticLambda5;
        UsersQueries$$ExternalSyntheticLambda5 usersQueries$$ExternalSyntheticLambda52;
        boolean z;
        boolean z2;
        int ordinal = crypto.ordinal();
        if (ordinal == 0) {
            usersQueries$$ExternalSyntheticLambda5 = new UsersQueries$$ExternalSyntheticLambda5(15);
        } else {
            if (ordinal != 1) {
                throw new NoWhenBranchMatchedException();
            }
            usersQueries$$ExternalSyntheticLambda5 = new UsersQueries$$ExternalSyntheticLambda5(16);
        }
        int ordinal2 = crypto.ordinal();
        if (ordinal2 == 0) {
            usersQueries$$ExternalSyntheticLambda52 = new UsersQueries$$ExternalSyntheticLambda5(17);
        } else {
            if (ordinal2 != 1) {
                throw new NoWhenBranchMatchedException();
            }
            usersQueries$$ExternalSyntheticLambda52 = new UsersQueries$$ExternalSyntheticLambda5(18);
        }
        if (!arrayList.isEmpty()) {
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                if (((Boolean) usersQueries$$ExternalSyntheticLambda5.invoke(it.next())).booleanValue()) {
                    z = true;
                    break;
                }
            }
        }
        z = false;
        if (!arrayList2.isEmpty()) {
            Iterator it2 = arrayList2.iterator();
            while (it2.hasNext()) {
                if (((Boolean) usersQueries$$ExternalSyntheticLambda52.invoke(it2.next())).booleanValue()) {
                    z2 = true;
                    break;
                }
            }
        }
        z2 = false;
        return z || z2;
    }

    /* JADX WARN: Finally extract failed */
    public final synchronized RecoverAuthTokensResult checkAndRecoverAuthTokens() {
        int i;
        try {
            Spannable trace = this.tracer.trace(AuthTokenRecoveryHelperImpl$checkAndRecoverAuthTokens$rootSpannable$1.INSTANCE);
            trace.start();
            Spannable startSubSpan = trace.getTraceContext().startSubSpan("fetch_all_authed_user_accounts");
            try {
                ArrayList allAccounts = this.accountManager.getAllAccounts();
                ArrayList arrayList = new ArrayList(CollectionsKt__IterablesKt.collectionSizeOrDefault(allAccounts));
                Iterator it = allAccounts.iterator();
                while (it.hasNext()) {
                    Account account = (Account) it.next();
                    arrayList.add(new Pair(account, new DecryptedTokens(getAuthTokenFromSecureTokenStore(account.teamId()), decryptTinkToken(account.authToken(), AuthToken.Crypto.TINK), decryptTinkToken(account.authToken(), AuthToken.Crypto.TINK_SECONDARY))));
                }
                WorkSpec.Companion.completeWithSuccess(startSubSpan);
                Spannable startSubSpan2 = trace.getTraceContext().startSubSpan("fetch_all_authed_enterprise_accounts");
                try {
                    List<EnterpriseAccount> enterpriseAccounts = this.accountManager.getEnterpriseAccounts();
                    ArrayList arrayList2 = new ArrayList(CollectionsKt__IterablesKt.collectionSizeOrDefault(enterpriseAccounts));
                    for (EnterpriseAccount enterpriseAccount : enterpriseAccounts) {
                        String authTokenFromSecureTokenStore = getAuthTokenFromSecureTokenStore(enterpriseAccount.enterpriseId);
                        AuthToken.Crypto crypto = AuthToken.Crypto.TINK;
                        AuthToken authToken = enterpriseAccount.enterpriseAuthToken;
                        arrayList2.add(new Pair(enterpriseAccount, new DecryptedTokens(authTokenFromSecureTokenStore, decryptTinkToken(authToken, crypto), decryptTinkToken(authToken, AuthToken.Crypto.TINK_SECONDARY))));
                    }
                    WorkSpec.Companion.completeWithSuccess(startSubSpan2);
                    AccountsToRestore determineAccountsToRestoreAuthTokens = determineAccountsToRestoreAuthTokens(arrayList, arrayList2, trace.getTraceContext());
                    int size = determineAccountsToRestoreAuthTokens.userAccountsToRestore.size();
                    Spannable startSubSpan3 = trace.getTraceContext().startSubSpan("restore_user_auth_tokens");
                    try {
                        for (Pair pair : determineAccountsToRestoreAuthTokens.userAccountsToRestore) {
                            Account account2 = (Account) pair.component1();
                            DecryptedTokens decryptedTokens = (DecryptedTokens) pair.component2();
                            AccountManager accountManager = this.accountManager;
                            String teamId = account2.teamId();
                            String str = decryptedTokens.validDecryptedToken;
                            Intrinsics.checkNotNull(str);
                            accountManager.updateAccountToken(teamId, str);
                        }
                        startSubSpan3.appendTag("count", Integer.valueOf(size));
                        Unit unit = Unit.INSTANCE;
                        WorkSpec.Companion.completeWithSuccess(startSubSpan3);
                        int size2 = determineAccountsToRestoreAuthTokens.enterpriseAccountsToRestore.size();
                        startSubSpan3 = trace.getTraceContext().startSubSpan("restore_enterprise_auth_tokens");
                        try {
                            for (Pair pair2 : determineAccountsToRestoreAuthTokens.enterpriseAccountsToRestore) {
                                EnterpriseAccount enterpriseAccount2 = (EnterpriseAccount) pair2.component1();
                                DecryptedTokens decryptedTokens2 = (DecryptedTokens) pair2.component2();
                                AccountManager accountManager2 = this.accountManager;
                                String str2 = enterpriseAccount2.enterpriseId;
                                String str3 = decryptedTokens2.validDecryptedToken;
                                Intrinsics.checkNotNull(str3);
                                accountManager2.updateEnterpriseAccountToken(str2, str3);
                            }
                            startSubSpan3.appendTag("count", Integer.valueOf(size2));
                            Unit unit2 = Unit.INSTANCE;
                            WorkSpec.Companion.completeWithSuccess(startSubSpan3);
                            i = size + size2;
                            trace.appendTag("count", Integer.valueOf(i));
                            trace.complete(false);
                        } finally {
                            WorkSpec.Companion.completeWithFailure(startSubSpan3, th);
                        }
                    } catch (Throwable th) {
                        throw th;
                    }
                } catch (Throwable th2) {
                    WorkSpec.Companion.completeWithFailure(startSubSpan2, th2);
                    throw th2;
                }
            } catch (Throwable th3) {
                WorkSpec.Companion.completeWithFailure(startSubSpan, th3);
                throw th3;
            }
        } catch (Throwable th4) {
            throw th4;
        }
        return i > 0 ? RecoverAuthTokensResult.ACCOUNTS_RECOVERED : RecoverAuthTokensResult.NOT_NEEDED;
    }

    public final boolean checkAndRestoreSecureTokenStore(ArrayList arrayList, ArrayList arrayList2, TraceContext traceContext) {
        SecureAccountTokenStoreImpl secureAccountTokenStoreImpl = this.secureAccountTokenStore;
        Spannable startSubSpan = traceContext.startSubSpan("check_and_recover_secure_token_store");
        try {
            boolean hasInvalidSecureTokenStoreTokens = hasInvalidSecureTokenStoreTokens(arrayList, arrayList2);
            boolean z = false;
            if (hasInvalidSecureTokenStoreTokens) {
                startSubSpan = startSubSpan.getTraceContext().startSubSpan("check_reliable_secure_token_store");
                try {
                    zzy isReliable = secureAccountTokenStoreImpl.isReliable();
                    WorkSpec.Companion.completeWithSuccess(startSubSpan);
                    startSubSpan = startSubSpan.getTraceContext().startSubSpan("recover_reliable_secure_token_store");
                    if (isReliable != null) {
                        try {
                            boolean z2 = true;
                            if (isReliable instanceof ReliableTokenStoreResult$Invalid) {
                                if (SecureAccountTokenStore$RecoverTokenStoreResult.FAILED == secureAccountTokenStoreImpl.recoverTokenStore(isReliable)) {
                                    z2 = false;
                                }
                                if (!z2) {
                                    Timber.w("Failed to recover the Secure Account token store", new Object[0]);
                                }
                            } else if (isReliable instanceof ReliableTokenStoreResult$Valid) {
                            }
                            z = z2;
                        } finally {
                        }
                    }
                    WorkSpec.Companion.completeWithSuccess(startSubSpan);
                } finally {
                    WorkSpec.Companion.completeWithFailure(startSubSpan, th);
                }
            }
            startSubSpan.appendTag("success", z);
            WorkSpec.Companion.completeWithSuccess(startSubSpan);
            return z;
        } catch (Throwable th) {
            throw th;
        }
    }

    public final boolean checkAndRestoreTinkKeystoreAead(AuthToken.Crypto crypto, ArrayList arrayList, ArrayList arrayList2, TraceContext traceContext) {
        AeadPrimitiveFactory.Storage storage;
        AeadPrimitiveFactory aeadPrimitiveFactory = this.aeadPrimitiveFactory;
        Spannable startSubSpan = traceContext.startSubSpan("check_and_recover_tink_keystore_aead");
        try {
            boolean hasInvalidTinkKeystoreAeadTokens = hasInvalidTinkKeystoreAeadTokens(crypto, arrayList, arrayList2);
            boolean z = false;
            if (hasInvalidTinkKeystoreAeadTokens) {
                startSubSpan = startSubSpan.getTraceContext().startSubSpan("check_reliable_tink_keystore_aead");
                try {
                    int ordinal = crypto.ordinal();
                    boolean z2 = true;
                    if (ordinal == 0) {
                        storage = AeadPrimitiveFactory.Storage.KEYSTORE;
                    } else {
                        if (ordinal != 1) {
                            throw new NoWhenBranchMatchedException();
                        }
                        storage = AeadPrimitiveFactory.Storage.KEYSTORE_SECONDARY;
                    }
                    Shimmer.Builder verifyAeadPrimitive = aeadPrimitiveFactory.verifyAeadPrimitive(storage);
                    WorkSpec.Companion.completeWithSuccess(startSubSpan);
                    startSubSpan = startSubSpan.getTraceContext().startSubSpan("recover_reliable_tink_keystore_aead");
                    try {
                        if (verifyAeadPrimitive instanceof VerifyAeadResult$Invalid) {
                            if (AeadPrimitiveFactory.RecoverAeadResult.FAILED == aeadPrimitiveFactory.recoverAeadPrimitive(verifyAeadPrimitive)) {
                                z2 = false;
                            }
                            if (!z2) {
                                Timber.w("Failed to recover the Tink keystore Aead", new Object[0]);
                            }
                        } else {
                            if (verifyAeadPrimitive instanceof VerifyAeadResult$Valid) {
                            }
                            WorkSpec.Companion.completeWithSuccess(startSubSpan);
                        }
                        z = z2;
                        WorkSpec.Companion.completeWithSuccess(startSubSpan);
                    } finally {
                    }
                } finally {
                    WorkSpec.Companion.completeWithFailure(startSubSpan, th);
                }
            }
            startSubSpan.appendTag("success", z);
            WorkSpec.Companion.completeWithSuccess(startSubSpan);
            return z;
        } catch (Throwable th) {
            throw th;
        }
    }

    public final String decryptTinkToken(AuthToken authToken, AuthToken.Crypto crypto) {
        TinkCryptoAtomic tinkCryptoAtomic;
        String encryptedToken = authToken.encryptedToken(crypto);
        DecryptionResult decryptionResult = null;
        if (encryptedToken == null) {
            return null;
        }
        int ordinal = crypto.ordinal();
        if (ordinal == 0) {
            tinkCryptoAtomic = this.tinkCrypto;
        } else {
            if (ordinal != 1) {
                throw new NoWhenBranchMatchedException();
            }
            tinkCryptoAtomic = this.tinkCryptoSecondary;
        }
        try {
            decryptionResult = tinkCryptoAtomic.decrypt(encryptedToken);
        } catch (GeneralSecurityException unused) {
            Timber.d(BackEventCompat$$ExternalSyntheticOutline0.m(new StringBuilder("AuthToken with identifier "), authToken.identifier, " failed to decrypt Tink encrypted token,"), new Object[0]);
        }
        return DecryptionResult.getClearText(decryptionResult);
    }

    public final AccountsToRestore determineAccountsToRestoreAuthTokens(ArrayList arrayList, ArrayList arrayList2, TraceContext traceContext) {
        boolean z;
        AccountsToRestore accountsToRestore;
        Spannable startSubSpan = traceContext.startSubSpan("check_and_recover_broken_crypto");
        try {
            ArrayList arrayList3 = new ArrayList();
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                Object next = it.next();
                if (((DecryptedTokens) ((Pair) next).getSecond()).hasAtLeastOneValidDecryptedToken) {
                    arrayList3.add(next);
                }
            }
            boolean z2 = true;
            if (!arrayList3.isEmpty()) {
                Iterator it2 = arrayList3.iterator();
                while (it2.hasNext()) {
                    if (((DecryptedTokens) ((Pair) it2.next()).getSecond()).hasInvalidDecryptedToken) {
                        z = true;
                        break;
                    }
                }
            }
            z = false;
            ArrayList arrayList4 = new ArrayList();
            Iterator it3 = arrayList2.iterator();
            while (it3.hasNext()) {
                Object next2 = it3.next();
                if (((DecryptedTokens) ((Pair) next2).getSecond()).hasAtLeastOneValidDecryptedToken) {
                    arrayList4.add(next2);
                }
            }
            if (!arrayList4.isEmpty()) {
                Iterator it4 = arrayList4.iterator();
                while (it4.hasNext()) {
                    if (((DecryptedTokens) ((Pair) it4.next()).getSecond()).hasInvalidDecryptedToken) {
                        break;
                    }
                }
            }
            z2 = false;
            if (z || z2) {
                boolean checkAndRestoreSecureTokenStore = checkAndRestoreSecureTokenStore(arrayList3, arrayList4, startSubSpan.getTraceContext());
                boolean checkAndRestoreTinkKeystoreAead = checkAndRestoreTinkKeystoreAead(AuthToken.Crypto.TINK, arrayList3, arrayList4, startSubSpan.getTraceContext());
                boolean checkAndRestoreTinkKeystoreAead2 = checkAndRestoreTinkKeystoreAead(AuthToken.Crypto.TINK_SECONDARY, arrayList3, arrayList4, startSubSpan.getTraceContext());
                if (!checkAndRestoreSecureTokenStore) {
                    if (!checkAndRestoreTinkKeystoreAead) {
                        if (checkAndRestoreTinkKeystoreAead2) {
                        }
                    }
                }
                accountsToRestore = new AccountsToRestore(arrayList3, arrayList4);
                WorkSpec.Companion.completeWithSuccess(startSubSpan);
                return accountsToRestore;
            }
            EmptyList emptyList = EmptyList.INSTANCE;
            accountsToRestore = new AccountsToRestore(emptyList, emptyList);
            WorkSpec.Companion.completeWithSuccess(startSubSpan);
            return accountsToRestore;
        } catch (Throwable th) {
            WorkSpec.Companion.completeWithFailure(startSubSpan, th);
            throw th;
        }
    }

    public final String getAuthTokenFromSecureTokenStore(String str) {
        try {
            return this.secureAccountTokenStore.getToken(str);
        } catch (IllegalStateException unused) {
            Timber.d(BackEventCompat$$ExternalSyntheticOutline0.m("Failed to fetch the auth token from secure token store with identifier ", str, "."), new Object[0]);
            return null;
        }
    }
}
