package com.airwatch.keymanagement.unifiedpin.token;

import android.content.Context;
import android.content.SharedPreferences;
import android.text.TextUtils;
import android.util.Base64;
import androidx.preference.PreferenceManager;
import com.airwatch.crypto.openssl.OpenSSLCryptUtil;
import com.airwatch.crypto.openssl.OpenSSLLoadException;
import com.airwatch.keymanagement.AWKeyUtils;
import com.airwatch.keymanagement.unifiedpin.interfaces.TokenChannel;
import com.airwatch.keymanagement.unifiedpin.interfaces.UnifiedPinContext;
import com.airwatch.login.ui.jsonmodel.AuthMetaData;
import com.airwatch.storage.PreferenceErrorListener;
import com.airwatch.util.ArrayUtils;
import com.airwatch.util.Logger;
import com.airwatch.util.ReportAdapterUtil;
import java.util.Arrays;
import java.util.concurrent.TimeUnit;

/* loaded from: classes4.dex */
public class TokenFileStorageImpl implements TokenFileStorage {
    private Context appContext;
    private SharedPreferences.Editor editor;
    private OpenSSLCryptUtil openSSLCryptUtil;
    private SharedPreferences prefs;

    public TokenFileStorageImpl(Context context) {
        Context applicationContext = context.getApplicationContext();
        this.appContext = applicationContext;
        this.prefs = PreferenceManager.getDefaultSharedPreferences(applicationContext);
        this.openSSLCryptUtil = OpenSSLCryptUtil.getInstance();
        this.editor = this.prefs.edit();
        if (this.openSSLCryptUtil == null) {
            try {
                OpenSSLCryptUtil.createInstance(this.appContext);
                this.openSSLCryptUtil = OpenSSLCryptUtil.getInstance();
            } catch (OpenSSLLoadException e) {
                throw new IllegalStateException("could not load open ssl", e);
            }
        }
        handleUpgrade();
    }

    private String getEncryptedEP1() {
        byte[] dKSaltBytes = getDKSaltBytes();
        String string = this.prefs.getString(TokenFileStorage.EP1, "");
        if (TextUtils.isEmpty(string) || ArrayUtils.isEmpty(dKSaltBytes)) {
            Logger.d(TokenFileStorage.TAG, "Encryption ep1 does not exist or fetching failed");
            return string;
        }
        byte[] aesUnwrapKey = this.openSSLCryptUtil.aesUnwrapKey(dKSaltBytes, Base64.decode(string, 0));
        if (ArrayUtils.isEmpty(aesUnwrapKey)) {
            byte[] bArr = new byte[8];
            System.arraycopy(Base64.decode(string, 0), 0, bArr, 0, 8);
            ReportAdapterUtil.report(this.appContext, PreferenceErrorListener.PreferenceErrorCode.KEY_WRAP_LENGTH_MISMATCH, "getEp1Current length of ep1 " + Base64.decode(string, 0).length + " dksalt length " + dKSaltBytes.length + " Is wrap header present: " + Arrays.equals(OpenSSLCryptUtil.getInstance().generateSHA256(bArr), OpenSSLCryptUtil.WRAP_HEADER));
        } else {
            string = Base64.encodeToString(aesUnwrapKey, 0);
        }
        return TextUtils.isEmpty(string) ? "" : string.trim();
    }

    private TokenChannel getUnifiedPinManager() {
        return ((UnifiedPinContext) this.appContext).getTokenChannel();
    }

    private void setEncryptedEP1(String str) {
        if (!TextUtils.isEmpty(str)) {
            str = str.trim();
        }
        if (TextUtils.isEmpty(str)) {
            this.editor.putString(TokenFileStorage.EP1, "");
            return;
        }
        byte[] dKSaltBytes = getDKSaltBytes();
        byte[] aesWrapKey = this.openSSLCryptUtil.aesWrapKey(dKSaltBytes, Base64.decode(str, 0));
        if (ArrayUtils.isEmpty(aesWrapKey)) {
            ReportAdapterUtil.report(this.appContext, PreferenceErrorListener.PreferenceErrorCode.KEY_WRAP_LENGTH_MISMATCH, "setEP1 Current length of ep1 " + Base64.decode(str, 0).length + " dksalt length " + dKSaltBytes.length);
        } else {
            str = Base64.encodeToString(aesWrapKey, 0);
        }
        this.editor.putString(TokenFileStorage.EP1, str);
        this.editor.commit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void beginTransaction() {
        boolean isPersistRS1ToDisk = isPersistRS1ToDisk();
        SharedPreferences sharedPreferences = this.appContext.getSharedPreferences(DefaultTokenFactory.TEMP_PREFS, 0);
        this.prefs = sharedPreferences;
        this.editor = sharedPreferences.edit();
        persistRS1ToDisk(isPersistRS1ToDisk);
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void cancelTransaction() {
        clear(this.prefs);
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(this.appContext);
        this.prefs = defaultSharedPreferences;
        this.editor = defaultSharedPreferences.edit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void clear() {
        clear(PreferenceManager.getDefaultSharedPreferences(this.appContext));
        clear(this.appContext.getSharedPreferences(DefaultTokenFactory.TEMP_PREFS, 0));
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void clear(SharedPreferences sharedPreferences) {
        TokenUtil.zeroizeSecureKeys(sharedPreferences);
        sharedPreferences.edit().putString(TokenFileStorage.EP2, "").putString(TokenFileStorage.EP1, "").remove(TokenFileStorage.ENCRYPT_FLAG).remove(TokenFileStorage.AES_WRAP_EP1).remove(TokenFileStorage.AES_WRAP_EP2).remove(TokenFileStorage.EP3).remove(TokenFileStorage.DKSALT).remove("authType").remove(TokenFileStorage.RS1).remove(TokenFileStorage.TOKEN_ENCRYPTION_VERSION).remove(TokenFileStorage.SAVE_RS1).remove(TokenFileStorage.TOKEN_VERSION).commit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void commit() {
        this.editor.commit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public boolean containsKey(String str) {
        return this.prefs.contains(str);
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void endTransaction() {
        String ep1 = getEP1(1);
        String ep2 = getEP2(1);
        String ep3 = getEP3();
        String ep12 = getEP1(2);
        String ep22 = getEP2(2);
        AuthMetaData authType = getAuthType();
        byte[] dKSaltBytes = getDKSaltBytes();
        long longValue = getTokenVersion().longValue();
        boolean isPersistRS1ToDisk = isPersistRS1ToDisk();
        byte[] rS1Bytes = getRS1Bytes();
        int tokenEncyptionVersion = getTokenEncyptionVersion();
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(this.appContext);
        this.prefs = defaultSharedPreferences;
        this.editor = defaultSharedPreferences.edit();
        SharedPreferences.Editor edit = this.prefs.edit();
        setDKSalt(dKSaltBytes);
        edit.commit();
        setEP1(1, ep1);
        setEP1(2, ep12);
        setTokenEncryptionVersion(tokenEncyptionVersion);
        setEP2(1, ep2);
        setEP2(2, ep22);
        if (!TextUtils.isEmpty(ep3)) {
            setEP3(ep3);
        }
        setAuthType(authType);
        setTokenVersion(longValue);
        if (isPersistRS1ToDisk) {
            persistRS1ToDisk(true);
            setRS1(rS1Bytes);
        }
        edit.commit();
        SharedPreferences sharedPreferences = this.appContext.getSharedPreferences(DefaultTokenFactory.TEMP_PREFS, 0);
        TokenUtil.zeroizeSecureKeys(sharedPreferences);
        sharedPreferences.edit().clear().commit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public AuthMetaData getAuthType() {
        String string = this.prefs.getString("authType", "");
        if (TextUtils.isEmpty(string)) {
            return null;
        }
        return AuthMetaData.getAuthMetaDataFromString(string);
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public byte[] getDKSaltBytes() {
        String string = this.prefs.getString(TokenFileStorage.DKSALT, "");
        if (TextUtils.isEmpty(string)) {
            return null;
        }
        return TokenUtil.getDKSaltByte(string);
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public String getEP1(int i) {
        return i != 1 ? i != 2 ? "" : this.prefs.getString(TokenFileStorage.AES_WRAP_EP1, "") : getEncryptedEP1();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public String getEP2(int i) {
        SharedPreferences sharedPreferences;
        String str;
        if (i == 1) {
            sharedPreferences = this.prefs;
            str = TokenFileStorage.EP2;
        } else {
            if (i != 2) {
                return "";
            }
            sharedPreferences = this.prefs;
            str = TokenFileStorage.AES_WRAP_EP2;
        }
        return sharedPreferences.getString(str, "");
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public String getEP3() {
        return this.prefs.getString(TokenFileStorage.EP3, "");
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public boolean getEncryptFlag() {
        return getStorage().getBoolean(TokenFileStorage.ENCRYPT_FLAG, false);
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public byte[] getPFromEP1() {
        return new byte[0];
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public byte[] getPuzzleBoxBytes() {
        if (this.openSSLCryptUtil.isPuzzleBoxMkConfigured(this.appContext)) {
            return AWKeyUtils.getAwUniqueUidV3Byte(this.appContext);
        }
        return null;
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public byte[] getRS1Bytes() {
        return TokenUtil.getRS1Byte(this.prefs.getString(TokenFileStorage.RS1, ""));
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public String getSAVE_RS1() {
        return this.prefs.getString(TokenFileStorage.SAVE_RS1, "");
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public SharedPreferences getStorage() {
        return PreferenceManager.getDefaultSharedPreferences(this.appContext);
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public int getTokenEncyptionVersion() {
        return Integer.parseInt(this.prefs.getString(TokenFileStorage.TOKEN_ENCRYPTION_VERSION, String.valueOf(1)));
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public Long getTokenVersion() {
        return Long.valueOf(this.prefs.getLong(TokenFileStorage.TOKEN_VERSION, 0L));
    }

    public void handleUpgrade() {
        if (containsKey(TokenFileStorage.TOKEN_ENCRYPTION_VERSION) || !containsKey(TokenFileStorage.EP1)) {
            return;
        }
        String string = this.prefs.getString(TokenFileStorage.EP1, "");
        byte[] dKSaltBytes = getDKSaltBytes();
        if (TextUtils.isEmpty(string) || ArrayUtils.isEmpty(dKSaltBytes) || !ArrayUtils.isEmpty(this.openSSLCryptUtil.aesUnwrapKey(dKSaltBytes, Base64.decode(string, 0)))) {
            return;
        }
        setEncryptedEP1(string);
        setEncryptFlag(true);
        this.editor.commit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public boolean hasEP1(int i) {
        if (i == 1) {
            return !TextUtils.isEmpty(this.prefs.getString(TokenFileStorage.EP1, ""));
        }
        if (i != 2) {
            return false;
        }
        return !TextUtils.isEmpty(this.prefs.getString(TokenFileStorage.AES_WRAP_EP1, ""));
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public boolean isPersistRS1ToDisk() {
        return this.prefs.getBoolean(TokenFileStorage.SAVE_RS1, false);
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void persistRS1ToDisk(boolean z) {
        this.editor.putBoolean(TokenFileStorage.SAVE_RS1, z).apply();
        if (!z) {
            this.editor.remove(TokenFileStorage.RS1).commit();
            return;
        }
        try {
            Token token = TokenUtil.toToken(getUnifiedPinManager().getLocalData(5, TimeUnit.SECONDS));
            if (token.isRs1Empty()) {
                return;
            }
            SharedPreferences.Editor edit = this.prefs.edit();
            setRS1(token.getRs1());
            edit.commit();
        } catch (Exception unused) {
        }
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void removeEP1(int i) {
        SharedPreferences.Editor editor;
        String str;
        if (i != 1) {
            if (i == 2) {
                editor = this.editor;
                str = TokenFileStorage.AES_WRAP_EP1;
            }
            this.editor.commit();
        }
        editor = this.editor;
        str = TokenFileStorage.EP1;
        editor.putString(str, "");
        this.editor.commit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void removeEP2(int i) {
        SharedPreferences.Editor editor;
        String str;
        if (i != 1) {
            if (i == 2) {
                editor = this.editor;
                str = TokenFileStorage.AES_WRAP_EP2;
            }
            this.editor.commit();
        }
        editor = this.editor;
        str = TokenFileStorage.EP2;
        editor.putString(str, "");
        this.editor.commit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void replaceToken(Token token) {
        setDKSalt(token.getDkSaltForEP1());
        this.editor.commit();
        setEP1(1, token.getEp1(1));
        setEP1(2, token.getEp1(2));
        setEP2(1, token.getEp2(1));
        setEP2(2, token.getEp2(2));
        setTokenEncryptionVersion(token.getTokenEncryptionVersion());
        setAuthType(token.getAuthType());
        setTokenVersion(token.version);
        setPuzzleBox(token.getPuzzleBoxSalt());
        if (isPersistRS1ToDisk()) {
            setRS1(token.getRs1());
        }
        this.editor.commit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void setAuthType(AuthMetaData authMetaData) {
        if (authMetaData != null) {
            this.editor.putString("authType", authMetaData.convertToString()).apply();
        } else {
            this.editor.remove("authType").commit();
            setTokenVersion(0L);
        }
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void setDKSalt(byte[] bArr) {
        if (ArrayUtils.isEmpty(bArr)) {
            return;
        }
        this.editor.putString(TokenFileStorage.DKSALT, TokenUtil.getDKSaltString(bArr)).commit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void setEP1(int i, String str) {
        if (i == 1) {
            setEncryptedEP1(str);
        } else if (i == 2) {
            if (!TextUtils.isEmpty(str)) {
                str = str.trim();
            }
            this.editor.putString(TokenFileStorage.AES_WRAP_EP1, str);
        }
        this.editor.commit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void setEP2(int i, String str) {
        SharedPreferences.Editor editor;
        String str2;
        if (i != 1) {
            if (i == 2) {
                editor = this.editor;
                str2 = TokenFileStorage.AES_WRAP_EP2;
            }
            this.editor.commit();
        }
        editor = this.editor;
        str2 = TokenFileStorage.EP2;
        editor.putString(str2, str);
        this.editor.commit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void setEP3(String str) {
        this.editor.putString(TokenFileStorage.EP3, str).commit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void setEncryptFlag(boolean z) {
        getStorage().edit().putBoolean(TokenFileStorage.ENCRYPT_FLAG, z).commit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void setPuzzleBox(byte[] bArr) {
        if (ArrayUtils.isEmpty(bArr) || bArr.length != 32) {
            return;
        }
        AWKeyUtils.seedAwUniqueUidV3(bArr, this.appContext);
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void setRS1(String str) {
        this.editor.putString(TokenFileStorage.RS1, str).commit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void setRS1(byte[] bArr) {
        if (ArrayUtils.isEmpty(bArr) || !isPersistRS1ToDisk()) {
            return;
        }
        this.editor.putString(TokenFileStorage.RS1, TokenUtil.getRS1String(bArr)).commit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void setSAVE_RS1(String str) {
        this.editor.putString(TokenFileStorage.SAVE_RS1, str).commit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void setTokenEncryptionVersion(int i) {
        this.editor.putString(TokenFileStorage.TOKEN_ENCRYPTION_VERSION, Integer.toString(i)).commit();
    }

    @Override // com.airwatch.keymanagement.unifiedpin.token.TokenFileStorage
    public void setTokenVersion(long j) {
        this.editor.putLong(TokenFileStorage.TOKEN_VERSION, j).apply();
    }
}
