package com.acompli.accore.notifications;

import android.text.TextUtils;
import android.util.Base64;
import bolts.Task;
import com.acompli.accore.ACAccountManager;
import com.acompli.accore.ACAccountPersistenceManager;
import com.acompli.accore.ACClient;
import com.acompli.accore.ACCore;
import com.acompli.accore.features.FeatureManager;
import com.acompli.accore.model.ACMailAccount;
import com.acompli.accore.model.PushEncryptionKey;
import com.acompli.accore.util.BaseAnalyticsProvider;
import com.acompli.accore.util.Environment;
import com.acompli.accore.util.concurrent.ClientCompletionBlock;
import com.acompli.accore.util.concurrent.OutlookExecutors;
import com.acompli.accore.util.concurrent.TaskUtil;
import com.acompli.libcircle.ClInterfaces;
import com.acompli.libcircle.Errors;
import com.acompli.libcircle.log.Logger;
import com.acompli.libcircle.log.LoggerFactory;
import com.acompli.thrift.client.generated.AccountActionType;
import com.acompli.thrift.client.generated.AddAccountActionResponse_297;
import com.acompli.thrift.client.generated.RegisterNotificationPublicKeyRequest_642;
import com.acompli.thrift.client.generated.RegisterNotificationPublicKeyResponse_643;
import com.acompli.thrift.client.generated.RemoveAccountActionResponse_452;
import com.facebook.imageutils.JfifUtil;
import com.microsoft.office.plat.CryptoUtils;
import com.outlook.mobile.telemetry.generated.OTNotificationDecryptionResult;
import com.outlook.mobile.telemetry.generated.OTNotificationErrorType;
import com.outlook.mobile.telemetry.generated.OTNotificationType;
import dagger.Lazy;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Iterator;
import java.util.Map;
import java.util.Vector;
import java.util.concurrent.Callable;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import okio.ByteString;

/* loaded from: classes.dex */
public class PushEncryptionKeysManager {
    private static final Logger a = LoggerFactory.a("PushEncryptionKeysManager");
    private final Object b = new Object();
    private final Lazy<FeatureManager> c;
    private final BaseAnalyticsProvider d;
    private boolean e;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class ClientGeneratedKeys {
        private final byte[] a;
        private final PrivateKey b;

        public ClientGeneratedKeys(byte[] bArr, PrivateKey privateKey) {
            this.a = bArr;
            this.b = privateKey;
        }

        public byte[] a() {
            return this.a;
        }

        public PrivateKey b() {
            return this.b;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class DecryptPayloadKeyResult {
        byte[] a;
        byte[] b;

        public DecryptPayloadKeyResult(byte[] bArr, byte[] bArr2) {
            this.a = bArr;
            this.b = bArr2;
        }
    }

    /* loaded from: classes.dex */
    public static class KeyRegistrationException extends Exception {
        private final ErrorType a;
        private final Errors.ClError b;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: classes.dex */
        public enum ErrorType {
            NETWORK,
            SQL,
            THROTTLE
        }

        public KeyRegistrationException(String str, ErrorType errorType) {
            super(str);
            this.a = errorType;
            this.b = null;
        }

        public KeyRegistrationException(String str, Errors.ClError clError) {
            super(str);
            this.a = ErrorType.NETWORK;
            this.b = clError;
        }

        public boolean a() {
            return this.a == ErrorType.SQL;
        }
    }

    /* loaded from: classes.dex */
    public static class MalformedPayloadBundleAttributesException extends Exception {
        public MalformedPayloadBundleAttributesException(String str) {
            super(str);
        }
    }

    /* loaded from: classes.dex */
    public static class MalformedPayloadKeyException extends Exception {
        public MalformedPayloadKeyException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class PayloadKeyAttributeComponents {
        private final String a;
        private final String b;
        private final String c;

        public PayloadKeyAttributeComponents(String str, String str2, String str3) {
            this.a = str;
            this.b = str2;
            this.c = str3;
        }

        public String a() {
            return this.b;
        }

        public String b() {
            return this.c;
        }
    }

    /* loaded from: classes.dex */
    public static class PrivateKeyNotFoundException extends Exception {
        public PrivateKeyNotFoundException(String str) {
            super(str);
        }
    }

    public PushEncryptionKeysManager(Lazy<FeatureManager> lazy, BaseAnalyticsProvider baseAnalyticsProvider) {
        this.c = lazy;
        this.d = baseAnalyticsProvider;
    }

    private DecryptPayloadKeyResult a(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        PrivateKey generatePrivate = KeyFactory.getInstance(PushEncryptionKey.getKeyMethodForVersion(0)).generatePrivate(new PKCS8EncodedKeySpec(bArr));
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, generatePrivate);
        byte[] doFinal = cipher.doFinal(bArr2);
        byte[] bArr3 = new byte[32];
        byte[] bArr4 = new byte[32];
        System.arraycopy(doFinal, 0, bArr3, 0, 32);
        System.arraycopy(doFinal, 32, bArr4, 0, 32);
        return new DecryptPayloadKeyResult(bArr3, bArr4);
    }

    private String a(byte[] bArr, byte[] bArr2, byte[] bArr3) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        System.arraycopy(bArr3, 0, new byte[32], 0, 32);
        byte[] bArr4 = new byte[16];
        System.arraycopy(bArr3, 32, bArr4, 0, 16);
        byte[] bArr5 = new byte[bArr3.length - 80];
        System.arraycopy(bArr3, 48, bArr5, 0, bArr3.length - 80);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr4);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, CryptoUtils.CryptoAlgorithm);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(2, secretKeySpec, ivParameterSpec);
        return new String(cipher.doFinal(bArr5));
    }

    private void b(ACCore aCCore, ACAccountManager aCAccountManager) {
        a.a("checkAllAccounts");
        ACAccountPersistenceManager h = aCCore.h();
        Vector<ACMailAccount> d = aCAccountManager.d();
        synchronized (this.b) {
            Iterator<ACMailAccount> it = d.iterator();
            while (it.hasNext()) {
                ACMailAccount next = it.next();
                if (b(next)) {
                    if (a(next)) {
                        if (!h.c(next.getAccountID())) {
                            d(aCCore, h, next);
                        }
                    } else if (h.c(next.getAccountID())) {
                        e(aCCore, h, next);
                    }
                }
            }
        }
    }

    private byte[] b(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ Object c(ACCore aCCore, ACAccountManager aCAccountManager) throws Exception {
        b(aCCore, aCAccountManager);
        return null;
    }

    ClientGeneratedKeys a() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(PushEncryptionKey.getKeyMethodCurrentVersion());
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PublicKey publicKey = generateKeyPair.getPublic();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        byte[] b = b(JfifUtil.MARKER_SOS);
        byte[] bArr = new byte[512];
        System.arraycopy(publicKey.getEncoded(), 0, bArr, 0, 294);
        System.arraycopy(b, 0, bArr, 294, JfifUtil.MARKER_SOS);
        return new ClientGeneratedKeys(bArr, privateKey);
    }

    public PayloadKeyAttributeComponents a(String str) throws MalformedPayloadKeyException {
        String[] split = str.split("::");
        if (split == null || split.length != 3) {
            throw new MalformedPayloadKeyException("");
        }
        return new PayloadKeyAttributeComponents(split[0], split[1], split[2]);
    }

    String a(PayloadKeyAttributeComponents payloadKeyAttributeComponents, byte[] bArr, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, BadPaddingException, IllegalBlockSizeException, InvalidKeySpecException {
        byte[] decode = Base64.decode(payloadKeyAttributeComponents.b(), 2);
        byte[] decode2 = Base64.decode(str, 2);
        DecryptPayloadKeyResult a2 = a(bArr, decode);
        return a(a2.a, a2.b, decode2);
    }

    public String a(Environment environment, ACAccountPersistenceManager aCAccountPersistenceManager, Map<String, String> map) throws MalformedPayloadBundleAttributesException, MalformedPayloadKeyException, PrivateKeyNotFoundException, GeneralSecurityException {
        String str = map.get("account_id");
        String str2 = map.get("key");
        String str3 = map.get("encrypted");
        if (TextUtils.isEmpty(str)) {
            throw new MalformedPayloadBundleAttributesException("Missing param: account_id");
        }
        if (TextUtils.isEmpty(str3)) {
            throw new MalformedPayloadBundleAttributesException("Missing param: encrypted");
        }
        if (TextUtils.isEmpty(str3)) {
            throw new MalformedPayloadBundleAttributesException("Missing param: key");
        }
        try {
            int parseInt = Integer.parseInt(str);
            PayloadKeyAttributeComponents a2 = a(str2);
            PushEncryptionKey c = aCAccountPersistenceManager.c(parseInt, a2.a());
            if (c != null) {
                return a(a2, c.getPrivateKeyEncoded(), str3);
            }
            if (!environment.h()) {
                throw new PrivateKeyNotFoundException("");
            }
            throw new PrivateKeyNotFoundException("Couldn't find key for [" + parseInt + "], [" + a2.a() + "].");
        } catch (NumberFormatException unused) {
            throw new MalformedPayloadKeyException("Invalid account_id attribute format.");
        }
    }

    public void a(int i) {
        this.d.a(OTNotificationType.mail, i, OTNotificationDecryptionResult.decryption_error_key_missing, (OTNotificationErrorType) null, (String) null);
    }

    public void a(final ACCore aCCore, final ACAccountManager aCAccountManager) {
        if (this.e) {
            return;
        }
        this.e = true;
        Task.a(new Callable() { // from class: com.acompli.accore.notifications.-$$Lambda$PushEncryptionKeysManager$wwc08cFnM41XHEiH8oA7mVrDsc8
            @Override // java.util.concurrent.Callable
            public final Object call() {
                Object c;
                c = PushEncryptionKeysManager.this.c(aCCore, aCAccountManager);
                return c;
            }
        }, OutlookExecutors.c).a(TaskUtil.a());
    }

    void a(ACCore aCCore, ACAccountPersistenceManager aCAccountPersistenceManager, int i) throws NoSuchAlgorithmException, KeyRegistrationException, InterruptedException {
        ClientGeneratedKeys a2 = a();
        RegisterNotificationPublicKeyRequest_642 m604build = new RegisterNotificationPublicKeyRequest_642.Builder().accountID((short) i).publicKey(ByteString.of(a2.a())).m604build();
        final ClientCompletionBlock clientCompletionBlock = new ClientCompletionBlock();
        aCCore.a((ACCore) m604build, (ClInterfaces.ClResponseCallback<?>) new ClInterfaces.ClResponseCallback<RegisterNotificationPublicKeyResponse_643>() { // from class: com.acompli.accore.notifications.PushEncryptionKeysManager.3
            @Override // com.acompli.libcircle.ClInterfaces.ClResponseCallback
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public void onResponse(RegisterNotificationPublicKeyResponse_643 registerNotificationPublicKeyResponse_643) {
                clientCompletionBlock.a((ClientCompletionBlock) registerNotificationPublicKeyResponse_643);
                clientCompletionBlock.g();
            }

            @Override // com.acompli.libcircle.ClInterfaces.ClResponseCallback
            public void onError(Errors.ClError clError) {
                clientCompletionBlock.a(clError);
                clientCompletionBlock.g();
            }
        });
        clientCompletionBlock.h();
        if (clientCompletionBlock.i()) {
            throw new InterruptedException("Error registering key, interrupted.");
        }
        if (clientCompletionBlock.c()) {
            throw new KeyRegistrationException("Error registering key.", clientCompletionBlock.b());
        }
        if (!aCAccountPersistenceManager.a(new PushEncryptionKey(i, ((RegisterNotificationPublicKeyResponse_643) clientCompletionBlock.a()).keyReference, a2.b().getEncoded(), System.currentTimeMillis(), 0))) {
            throw new KeyRegistrationException("Error storing key to datastore.", KeyRegistrationException.ErrorType.SQL);
        }
    }

    public void a(ACCore aCCore, ACAccountPersistenceManager aCAccountPersistenceManager, ACMailAccount aCMailAccount) {
        if (a(aCMailAccount) && b(aCMailAccount)) {
            synchronized (this.b) {
                d(aCCore, aCAccountPersistenceManager, aCMailAccount);
            }
        }
    }

    public void a(Throwable th, int i) {
        a.b("General encryption key registration error.", th);
        this.d.a(OTNotificationType.mail, i, OTNotificationDecryptionResult.decryption_error_general, (OTNotificationErrorType) null, th.getMessage());
    }

    boolean a(ACMailAccount aCMailAccount) {
        if (this.c.get().a(FeatureManager.Feature.PUSH_NOTIFICATION_ENCRYPTION)) {
            return true;
        }
        return aCMailAccount != null && aCMailAccount.isGccAccount();
    }

    public boolean a(Map<String, String> map) {
        return (map == null || TextUtils.isEmpty(map.get("account_id")) || TextUtils.isEmpty(map.get("key")) || TextUtils.isEmpty(map.get("encrypted"))) ? false : true;
    }

    public void b(ACCore aCCore, ACAccountPersistenceManager aCAccountPersistenceManager, ACMailAccount aCMailAccount) {
        a.a("onOutOfBandMessage: " + aCMailAccount.getAccountID());
        if (a(aCMailAccount)) {
            if (b(aCMailAccount)) {
                synchronized (this.b) {
                    d(aCCore, aCAccountPersistenceManager, aCMailAccount);
                }
            } else {
                a.b("  Account type is invalid, skipping: " + aCMailAccount.getAccountID());
            }
        }
    }

    public boolean b(ACMailAccount aCMailAccount) {
        return aCMailAccount != null && aCMailAccount.isMailAccount() && aCMailAccount.getAccountType() == ACMailAccount.AccountType.OMAccount;
    }

    public void c(ACCore aCCore, ACAccountPersistenceManager aCAccountPersistenceManager, ACMailAccount aCMailAccount) {
        if (!a(aCMailAccount)) {
            a.a("Account state invalid, updating account state.");
            synchronized (this.b) {
                e(aCCore, aCAccountPersistenceManager, aCMailAccount);
            }
            a.a("Account has been updated.");
            return;
        }
        if (b(aCMailAccount)) {
            synchronized (this.b) {
                d(aCCore, aCAccountPersistenceManager, aCMailAccount);
            }
            return;
        }
        Logger logger = a;
        StringBuilder sb = new StringBuilder();
        sb.append("  Account type is invalid, skipping: ");
        sb.append(aCMailAccount != null ? Integer.valueOf(aCMailAccount.getAccountID()) : "null");
        logger.b(sb.toString());
    }

    void d(ACCore aCCore, ACAccountPersistenceManager aCAccountPersistenceManager, ACMailAccount aCMailAccount) {
        a.a("Enabling: " + aCMailAccount.getAccountID());
        if (!b(aCMailAccount)) {
            a.b("  Account type is invalid, skipping: " + aCMailAccount.getAccountID());
            return;
        }
        final ClientCompletionBlock clientCompletionBlock = new ClientCompletionBlock();
        ACClient.a(aCCore, aCMailAccount.getAccountID(), AccountActionType.EnableNotificationEncryption, new ClInterfaces.ClResponseCallback<AddAccountActionResponse_297>() { // from class: com.acompli.accore.notifications.PushEncryptionKeysManager.1
            @Override // com.acompli.libcircle.ClInterfaces.ClResponseCallback
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public void onResponse(AddAccountActionResponse_297 addAccountActionResponse_297) {
                clientCompletionBlock.a((ClientCompletionBlock) addAccountActionResponse_297);
                clientCompletionBlock.g();
            }

            @Override // com.acompli.libcircle.ClInterfaces.ClResponseCallback
            public void onError(Errors.ClError clError) {
                clientCompletionBlock.a(clError);
                clientCompletionBlock.g();
            }
        });
        clientCompletionBlock.h();
        if (clientCompletionBlock.c()) {
            a.b("Error updating encryption flag for account " + aCMailAccount.getAccountID() + ": " + clientCompletionBlock.b());
            return;
        }
        try {
            a(aCCore, aCAccountPersistenceManager, aCMailAccount.getAccountID());
            a.a("  Enabled: " + aCMailAccount.getAccountID());
        } catch (KeyRegistrationException e) {
            if (e.a()) {
                a(e, aCMailAccount.getAccountID());
            }
        } catch (InterruptedException unused) {
        } catch (Exception e2) {
            a(e2, aCMailAccount.getAccountID());
        }
        try {
            aCAccountPersistenceManager.a(aCMailAccount.getAccountID(), 10);
        } catch (Exception unused2) {
        }
    }

    void e(ACCore aCCore, ACAccountPersistenceManager aCAccountPersistenceManager, ACMailAccount aCMailAccount) {
        a.a("Disabling: " + aCMailAccount.getAccountID());
        if (!b(aCMailAccount)) {
            a.b("  Account type is invalid, skipping: " + aCMailAccount.getAccountID());
            return;
        }
        final ClientCompletionBlock clientCompletionBlock = new ClientCompletionBlock();
        ACClient.b(aCCore, aCMailAccount.getAccountID(), AccountActionType.EnableNotificationEncryption, new ClInterfaces.ClResponseCallback<RemoveAccountActionResponse_452>() { // from class: com.acompli.accore.notifications.PushEncryptionKeysManager.2
            @Override // com.acompli.libcircle.ClInterfaces.ClResponseCallback
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public void onResponse(RemoveAccountActionResponse_452 removeAccountActionResponse_452) {
                clientCompletionBlock.a((ClientCompletionBlock) removeAccountActionResponse_452);
                clientCompletionBlock.g();
            }

            @Override // com.acompli.libcircle.ClInterfaces.ClResponseCallback
            public void onError(Errors.ClError clError) {
                clientCompletionBlock.a(clError);
                clientCompletionBlock.g();
            }
        });
        clientCompletionBlock.h();
        if (!clientCompletionBlock.c()) {
            aCAccountPersistenceManager.d(aCMailAccount.getAccountID());
            a.a("  Disabled: " + aCMailAccount.getAccountID());
            return;
        }
        a.b("Error updating encryption flag for account " + aCMailAccount.getAccountID() + ": " + clientCompletionBlock.b());
    }
}
