package com.acompli.accore.notifications;

import android.text.TextUtils;
import android.util.Base64;
import bolts.Task;
import com.acompli.accore.ACAccountManager;
import com.acompli.accore.ACAccountPersistenceManager;
import com.acompli.accore.ACClient;
import com.acompli.accore.ACCore;
import com.acompli.accore.features.FeatureManager;
import com.acompli.accore.model.ACMailAccount;
import com.acompli.accore.model.PushEncryptionKey;
import com.acompli.accore.util.BaseAnalyticsProvider;
import com.acompli.accore.util.Environment;
import com.acompli.accore.util.concurrent.ClientCompletionBlock;
import com.acompli.accore.util.concurrent.TaskUtil;
import com.acompli.libcircle.ClInterfaces$ClResponseCallback;
import com.acompli.libcircle.Errors;
import com.acompli.thrift.client.generated.AccountActionType;
import com.acompli.thrift.client.generated.AddAccountActionResponse_297;
import com.acompli.thrift.client.generated.RegisterNotificationPublicKeyRequest_642;
import com.acompli.thrift.client.generated.RegisterNotificationPublicKeyResponse_643;
import com.acompli.thrift.client.generated.RemoveAccountActionResponse_452;
import com.facebook.imageutils.JfifUtil;
import com.microsoft.office.outlook.executors.OutlookExecutors;
import com.microsoft.office.outlook.logger.Logger;
import com.microsoft.office.outlook.logger.LoggerFactory;
import com.microsoft.outlook.telemetry.generated.OTNotificationDecryptionResult;
import com.microsoft.outlook.telemetry.generated.OTNotificationType;
import dagger.v1.Lazy;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Iterator;
import java.util.Map;
import java.util.Vector;
import java.util.concurrent.Callable;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import okio.ByteString;

/* loaded from: classes.dex */
public class PushEncryptionKeysManager {
    private static final Logger e = LoggerFactory.getLogger("PushEncryptionKeysManager");
    private final Object a = new Object();
    private final Lazy<FeatureManager> b;
    private final BaseAnalyticsProvider c;
    private boolean d;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class ClientGeneratedKeys {
        private final byte[] a;
        private final PrivateKey b;

        public ClientGeneratedKeys(byte[] bArr, PrivateKey privateKey) {
            this.a = bArr;
            this.b = privateKey;
        }

        public PrivateKey a() {
            return this.b;
        }

        public byte[] b() {
            return this.a;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class DecryptPayloadKeyResult {
        byte[] a;
        byte[] b;

        public DecryptPayloadKeyResult(byte[] bArr, byte[] bArr2) {
            this.a = bArr;
            this.b = bArr2;
        }
    }

    /* loaded from: classes.dex */
    public static class KeyRegistrationException extends Exception {
        private final ErrorType a;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: classes.dex */
        public enum ErrorType {
            NETWORK,
            SQL,
            THROTTLE
        }

        public KeyRegistrationException(String str, ErrorType errorType) {
            super(str);
            this.a = errorType;
        }

        public KeyRegistrationException(String str, Errors.ClError clError) {
            super(str);
            this.a = ErrorType.NETWORK;
        }

        public boolean a() {
            return this.a == ErrorType.SQL;
        }
    }

    /* loaded from: classes.dex */
    public static class MalformedPayloadBundleAttributesException extends Exception {
        public MalformedPayloadBundleAttributesException(String str) {
            super(str);
        }
    }

    /* loaded from: classes.dex */
    public static class MalformedPayloadKeyException extends Exception {
        public MalformedPayloadKeyException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class PayloadKeyAttributeComponents {
        private final String a;
        private final String b;
        private final String c;

        public PayloadKeyAttributeComponents(String str, String str2, String str3) {
            this.a = str;
            this.b = str2;
            this.c = str3;
        }

        public String a() {
            return this.c;
        }

        public String b() {
            return this.b;
        }
    }

    /* loaded from: classes.dex */
    public static class PrivateKeyNotFoundException extends Exception {
        public PrivateKeyNotFoundException(String str) {
            super(str);
        }
    }

    public PushEncryptionKeysManager(Lazy<FeatureManager> lazy, BaseAnalyticsProvider baseAnalyticsProvider) {
        this.b = lazy;
        this.c = baseAnalyticsProvider;
    }

    private void a(ACCore aCCore, ACAccountManager aCAccountManager) {
        e.d("checkAllAccounts");
        ACAccountPersistenceManager p = aCCore.p();
        Vector<ACMailAccount> q1 = aCAccountManager.q1();
        synchronized (this.a) {
            Iterator<ACMailAccount> it = q1.iterator();
            while (it.hasNext()) {
                ACMailAccount next = it.next();
                if (k(next)) {
                    if (l(next)) {
                        if (!p.i(next.getAccountID())) {
                            g(aCCore, p, next);
                        }
                    } else if (p.i(next.getAccountID())) {
                        f(aCCore, p, next);
                    }
                }
            }
        }
    }

    private String c(byte[] bArr, byte[] bArr2, byte[] bArr3) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        System.arraycopy(bArr3, 0, new byte[32], 0, 32);
        byte[] bArr4 = new byte[16];
        System.arraycopy(bArr3, 32, bArr4, 0, 16);
        byte[] bArr5 = new byte[bArr3.length - 80];
        System.arraycopy(bArr3, 48, bArr5, 0, bArr3.length - 80);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr4);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(2, secretKeySpec, ivParameterSpec);
        return new String(cipher.doFinal(bArr5));
    }

    private DecryptPayloadKeyResult e(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        PrivateKey generatePrivate = KeyFactory.getInstance(PushEncryptionKey.getKeyMethodForVersion(0)).generatePrivate(new PKCS8EncodedKeySpec(bArr));
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, generatePrivate);
        byte[] doFinal = cipher.doFinal(bArr2);
        byte[] bArr3 = new byte[32];
        byte[] bArr4 = new byte[32];
        System.arraycopy(doFinal, 0, bArr3, 0, 32);
        System.arraycopy(doFinal, 32, bArr4, 0, 32);
        return new DecryptPayloadKeyResult(bArr3, bArr4);
    }

    private byte[] i(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    String b(PayloadKeyAttributeComponents payloadKeyAttributeComponents, byte[] bArr, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, BadPaddingException, IllegalBlockSizeException, InvalidKeySpecException {
        byte[] decode = Base64.decode(payloadKeyAttributeComponents.a(), 2);
        byte[] decode2 = Base64.decode(str, 2);
        DecryptPayloadKeyResult e2 = e(bArr, decode);
        return c(e2.a, e2.b, decode2);
    }

    public String d(Environment environment, ACAccountPersistenceManager aCAccountPersistenceManager, Map<String, String> map) throws MalformedPayloadBundleAttributesException, MalformedPayloadKeyException, PrivateKeyNotFoundException, GeneralSecurityException {
        String str = map.get("account_id");
        String str2 = map.get("key");
        String str3 = map.get("encrypted");
        if (TextUtils.isEmpty(str)) {
            throw new MalformedPayloadBundleAttributesException("Missing param: account_id");
        }
        if (TextUtils.isEmpty(str3)) {
            throw new MalformedPayloadBundleAttributesException("Missing param: encrypted");
        }
        if (TextUtils.isEmpty(str3)) {
            throw new MalformedPayloadBundleAttributesException("Missing param: key");
        }
        try {
            int parseInt = Integer.parseInt(str);
            PayloadKeyAttributeComponents t = t(str2);
            PushEncryptionKey h = aCAccountPersistenceManager.h(parseInt, t.b());
            if (h != null) {
                return b(t, h.getPrivateKeyEncoded(), str3);
            }
            if (!environment.F()) {
                throw new PrivateKeyNotFoundException("");
            }
            throw new PrivateKeyNotFoundException("Couldn't find key for [" + parseInt + "], [" + t.b() + "].");
        } catch (NumberFormatException unused) {
            throw new MalformedPayloadKeyException("Invalid account_id attribute format.");
        }
    }

    void f(ACCore aCCore, ACAccountPersistenceManager aCAccountPersistenceManager, ACMailAccount aCMailAccount) {
        e.d("Disabling: " + aCMailAccount.getAccountID());
        if (!k(aCMailAccount)) {
            e.e("  Account type is invalid, skipping: " + aCMailAccount.getAccountID());
            return;
        }
        final ClientCompletionBlock clientCompletionBlock = new ClientCompletionBlock();
        ACClient.J(aCCore, aCMailAccount.getAccountID(), AccountActionType.EnableNotificationEncryption, new ClInterfaces$ClResponseCallback<RemoveAccountActionResponse_452>(this) { // from class: com.acompli.accore.notifications.PushEncryptionKeysManager.2
            @Override // com.acompli.libcircle.ClInterfaces$ClResponseCallback
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public void onResponse(RemoveAccountActionResponse_452 removeAccountActionResponse_452) {
                clientCompletionBlock.m(removeAccountActionResponse_452);
                clientCompletionBlock.k();
            }

            @Override // com.acompli.libcircle.ClInterfaces$ClResponseCallback
            public void onError(Errors.ClError clError) {
                clientCompletionBlock.l(clError);
                clientCompletionBlock.k();
            }
        });
        clientCompletionBlock.n();
        if (!clientCompletionBlock.f()) {
            aCAccountPersistenceManager.z(aCMailAccount.getAccountID());
            e.d("  Disabled: " + aCMailAccount.getAccountID());
            return;
        }
        e.e("Error updating encryption flag for account " + aCMailAccount.getAccountID() + ": " + clientCompletionBlock.a());
    }

    void g(ACCore aCCore, ACAccountPersistenceManager aCAccountPersistenceManager, ACMailAccount aCMailAccount) {
        e.d("Enabling: " + aCMailAccount.getAccountID());
        if (!k(aCMailAccount)) {
            e.e("  Account type is invalid, skipping: " + aCMailAccount.getAccountID());
            return;
        }
        final ClientCompletionBlock clientCompletionBlock = new ClientCompletionBlock();
        ACClient.d(aCCore, aCMailAccount.getAccountID(), AccountActionType.EnableNotificationEncryption, new ClInterfaces$ClResponseCallback<AddAccountActionResponse_297>(this) { // from class: com.acompli.accore.notifications.PushEncryptionKeysManager.1
            @Override // com.acompli.libcircle.ClInterfaces$ClResponseCallback
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public void onResponse(AddAccountActionResponse_297 addAccountActionResponse_297) {
                clientCompletionBlock.m(addAccountActionResponse_297);
                clientCompletionBlock.k();
            }

            @Override // com.acompli.libcircle.ClInterfaces$ClResponseCallback
            public void onError(Errors.ClError clError) {
                clientCompletionBlock.l(clError);
                clientCompletionBlock.k();
            }
        });
        clientCompletionBlock.n();
        if (clientCompletionBlock.f()) {
            e.e("Error updating encryption flag for account " + aCMailAccount.getAccountID() + ": " + clientCompletionBlock.a());
            return;
        }
        try {
            u(aCCore, aCAccountPersistenceManager, aCMailAccount.getAccountID());
            e.d("  Enabled: " + aCMailAccount.getAccountID());
        } catch (KeyRegistrationException e2) {
            if (e2.a()) {
                n(e2, aCMailAccount.getAccountID());
            }
        } catch (InterruptedException unused) {
        } catch (Exception e3) {
            n(e3, aCMailAccount.getAccountID());
        }
        try {
            aCAccountPersistenceManager.x(aCMailAccount.getAccountID(), 10);
        } catch (Exception unused2) {
        }
    }

    ClientGeneratedKeys h() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(PushEncryptionKey.getKeyMethodCurrentVersion());
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PublicKey publicKey = generateKeyPair.getPublic();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        byte[] i = i(JfifUtil.MARKER_SOS);
        byte[] bArr = new byte[512];
        System.arraycopy(publicKey.getEncoded(), 0, bArr, 0, 294);
        System.arraycopy(i, 0, bArr, 294, JfifUtil.MARKER_SOS);
        return new ClientGeneratedKeys(bArr, privateKey);
    }

    public boolean j(Map<String, String> map) {
        return (map == null || TextUtils.isEmpty(map.get("account_id")) || TextUtils.isEmpty(map.get("key")) || TextUtils.isEmpty(map.get("encrypted"))) ? false : true;
    }

    public boolean k(ACMailAccount aCMailAccount) {
        return aCMailAccount != null && aCMailAccount.isMailAccount() && aCMailAccount.getAccountType() == ACMailAccount.AccountType.OMAccount;
    }

    boolean l(ACMailAccount aCMailAccount) {
        if (this.b.get().g(FeatureManager.Feature.PUSH_NOTIFICATION_ENCRYPTION)) {
            return true;
        }
        return aCMailAccount != null && aCMailAccount.isGccAccount();
    }

    public /* synthetic */ Object m(ACCore aCCore, ACAccountManager aCAccountManager) throws Exception {
        a(aCCore, aCAccountManager);
        return null;
    }

    public void n(Throwable th, int i) {
        e.e("General encryption key registration error.", th);
        this.c.c4(OTNotificationType.mail, i, OTNotificationDecryptionResult.decryption_error_general, null, th.getMessage());
    }

    public void o(int i) {
        this.c.c4(OTNotificationType.mail, i, OTNotificationDecryptionResult.decryption_error_key_missing, null, null);
    }

    public void p(ACCore aCCore, ACAccountPersistenceManager aCAccountPersistenceManager, ACMailAccount aCMailAccount) {
        if (l(aCMailAccount) && k(aCMailAccount)) {
            synchronized (this.a) {
                g(aCCore, aCAccountPersistenceManager, aCMailAccount);
            }
        }
    }

    public void q(final ACCore aCCore, final ACAccountManager aCAccountManager) {
        if (this.d) {
            return;
        }
        this.d = true;
        Task.d(new Callable() { // from class: com.acompli.accore.notifications.f
            @Override // java.util.concurrent.Callable
            public final Object call() {
                return PushEncryptionKeysManager.this.m(aCCore, aCAccountManager);
            }
        }, OutlookExecutors.getBackgroundExecutor()).p(TaskUtil.k());
    }

    public void r(ACCore aCCore, ACAccountPersistenceManager aCAccountPersistenceManager, ACMailAccount aCMailAccount) {
        e.d("onOutOfBandMessage: " + aCMailAccount.getAccountID());
        if (l(aCMailAccount)) {
            if (k(aCMailAccount)) {
                synchronized (this.a) {
                    g(aCCore, aCAccountPersistenceManager, aCMailAccount);
                }
            } else {
                e.e("  Account type is invalid, skipping: " + aCMailAccount.getAccountID());
            }
        }
    }

    public void s(ACCore aCCore, ACAccountPersistenceManager aCAccountPersistenceManager, ACMailAccount aCMailAccount) {
        if (!l(aCMailAccount)) {
            e.d("Account state invalid, updating account state.");
            synchronized (this.a) {
                f(aCCore, aCAccountPersistenceManager, aCMailAccount);
            }
            e.d("Account has been updated.");
            return;
        }
        if (k(aCMailAccount)) {
            synchronized (this.a) {
                g(aCCore, aCAccountPersistenceManager, aCMailAccount);
            }
            return;
        }
        Logger logger = e;
        StringBuilder sb = new StringBuilder();
        sb.append("  Account type is invalid, skipping: ");
        sb.append(aCMailAccount != null ? Integer.valueOf(aCMailAccount.getAccountID()) : "null");
        logger.e(sb.toString());
    }

    public PayloadKeyAttributeComponents t(String str) throws MalformedPayloadKeyException {
        String[] split = str.split("::");
        if (split == null || split.length != 3) {
            throw new MalformedPayloadKeyException("");
        }
        return new PayloadKeyAttributeComponents(split[0], split[1], split[2]);
    }

    void u(ACCore aCCore, ACAccountPersistenceManager aCAccountPersistenceManager, int i) throws NoSuchAlgorithmException, KeyRegistrationException, InterruptedException {
        ClientGeneratedKeys h = h();
        RegisterNotificationPublicKeyRequest_642 m377build = new RegisterNotificationPublicKeyRequest_642.Builder().accountID((short) i).publicKey(ByteString.of(h.b())).m377build();
        final ClientCompletionBlock clientCompletionBlock = new ClientCompletionBlock();
        aCCore.h0(m377build, new ClInterfaces$ClResponseCallback<RegisterNotificationPublicKeyResponse_643>(this) { // from class: com.acompli.accore.notifications.PushEncryptionKeysManager.3
            @Override // com.acompli.libcircle.ClInterfaces$ClResponseCallback
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public void onResponse(RegisterNotificationPublicKeyResponse_643 registerNotificationPublicKeyResponse_643) {
                clientCompletionBlock.m(registerNotificationPublicKeyResponse_643);
                clientCompletionBlock.k();
            }

            @Override // com.acompli.libcircle.ClInterfaces$ClResponseCallback
            public void onError(Errors.ClError clError) {
                clientCompletionBlock.l(clError);
                clientCompletionBlock.k();
            }
        });
        clientCompletionBlock.n();
        if (clientCompletionBlock.e()) {
            throw new InterruptedException("Error registering key, interrupted.");
        }
        if (clientCompletionBlock.f()) {
            throw new KeyRegistrationException("Error registering key.", clientCompletionBlock.a());
        }
        if (!aCAccountPersistenceManager.c(new PushEncryptionKey(i, ((RegisterNotificationPublicKeyResponse_643) clientCompletionBlock.d()).keyReference, h.a().getEncoded(), System.currentTimeMillis(), 0))) {
            throw new KeyRegistrationException("Error storing key to datastore.", KeyRegistrationException.ErrorType.SQL);
        }
    }
}
