package com.paycom.mobile.lib.auth.oauth.data.db;

import android.content.Context;
import android.util.Base64;
import com.google.gson.Gson;
import com.paycom.mobile.lib.auth.cipher.PinCipherManager;
import com.paycom.mobile.lib.auth.cipher.data.storage.CipherStorage;
import com.paycom.mobile.lib.auth.cipher.domain.encryption.CipherInitializer;
import com.paycom.mobile.lib.auth.di.TokenQualifier;
import com.paycom.mobile.lib.auth.oauth.domain.error.OAuthTokenNotFound;
import com.paycom.mobile.lib.auth.oauth.domain.model.token.OAuthToken;
import com.paycom.mobile.lib.auth.quicklogin.domain.encryption.BiometricCipherInitializer;
import com.paycom.mobile.lib.auth.quicklogin.domain.encryption.wrapper.CipherWrapper;
import com.paycom.mobile.lib.auth.quicklogin.domain.pin.PinCipherEntryPoint;
import com.paycom.mobile.lib.auth.quicklogin.domain.pin.PinSessionCipherInitializer;
import com.paycom.mobile.lib.auth.token.data.TokenStorage;
import com.paycom.mobile.lib.auth.token.domain.errors.CipherNotAuthenticatedException;
import com.paycom.mobile.lib.auth.token.domain.errors.InvalidCipherException;
import com.paycom.mobile.lib.auth.token.domain.errors.TokenCorruptException;
import com.paycom.mobile.lib.logger.data.LoggerExtensionsKt;
import com.paycom.mobile.lib.logger.domain.AppBehaviorLogEvent;
import com.paycom.mobile.lib.logger.domain.AuditLogger;
import com.paycom.mobile.lib.logger.domain.ErrorLogEvent;
import com.paycom.mobile.lib.logger.domain.LogCtrl;
import com.paycom.mobile.lib.logger.domain.LogModule;
import com.paycom.mobile.lib.logger.domain.Logger;
import com.paycom.mobile.lib.logger.domain.LoggerKt;
import com.paycom.mobile.lib.navigation.domain.Extra;
import com.paycom.mobile.lib.util.encryption.KeyStoreEncryptionHelper;
import com.paycom.mobile.lib.util.encryption.exception.CipherException;
import dagger.hilt.android.EntryPointAccessors;
import dagger.hilt.android.qualifiers.ApplicationContext;
import javax.inject.Inject;
import javax.inject.Singleton;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;

/* compiled from: EncryptedQuickLoginOAuthTokenStorage.kt */
@Singleton
@Metadata(d1 = {"\u0000T\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0006\b\u0017\u0018\u00002\u00020\u0001B\u001b\b\u0007\u0012\b\b\u0001\u0010\u0002\u001a\u00020\u0003\u0012\b\b\u0001\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J(\u0010\u000b\u001a\u0004\u0018\u00010\f2\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u00102\f\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\u00130\u0012H\u0002J\b\u0010\u0014\u001a\u00020\u0015H\u0002J\b\u0010\u0016\u001a\u00020\u0015H\u0016J\b\u0010\u0017\u001a\u00020\u0018H\u0002J\n\u0010\u0019\u001a\u0004\u0018\u00010\fH\u0002J\n\u0010\u001a\u001a\u0004\u0018\u00010\fH\u0002J\u0018\u0010\u001b\u001a\u0004\u0018\u00010\f2\f\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\u00130\u0012H\u0002J\u0018\u0010\u001c\u001a\u0004\u0018\u00010\f2\f\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\u00130\u0012H\u0016J\u0010\u0010\u001d\u001a\u00020\u00102\u0006\u0010\r\u001a\u00020\u001eH\u0002J\b\u0010\u001f\u001a\u00020\u0018H\u0016J\u0010\u0010 \u001a\u00020\u00152\u0006\u0010!\u001a\u00020\fH\u0016J\u001a\u0010\"\u001a\u00020\u00152\u0006\u0010!\u001a\u00020\f2\b\u0010#\u001a\u0004\u0018\u00010\u0010H\u0002R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u0011\u0010\u0007\u001a\u00020\b¢\u0006\b\n\u0000\u001a\u0004\b\t\u0010\nR\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006$"}, d2 = {"Lcom/paycom/mobile/lib/auth/oauth/data/db/EncryptedQuickLoginOAuthTokenStorage;", "Lcom/paycom/mobile/lib/auth/oauth/data/db/OAuthStorage;", "context", "Landroid/content/Context;", "tokenStorage", "Lcom/paycom/mobile/lib/auth/token/data/TokenStorage;", "(Landroid/content/Context;Lcom/paycom/mobile/lib/auth/token/data/TokenStorage;)V", "logger", "Lcom/paycom/mobile/lib/logger/domain/Logger;", "getLogger", "()Lcom/paycom/mobile/lib/logger/domain/Logger;", "cipherDecryptOAuthToken", "Lcom/paycom/mobile/lib/auth/oauth/domain/model/token/OAuthToken;", "cipherInitializer", "Lcom/paycom/mobile/lib/auth/cipher/domain/encryption/CipherInitializer;", "encryptedToken", "", "lazyMessage", "Lkotlin/Function0;", "", "clearLegacyCipherStoragesIfPinAuth", "", "clearToken", "containsStableKeyStoreToken", "", "doGetKeyStoreQuickLoginToken", "findInKeyStore", "findInLegacyStorageAndMigrateToKeyStore", "findOAuthToken", "generateTokenIVIfBiometricAuth", "Lcom/paycom/mobile/lib/auth/quicklogin/domain/encryption/BiometricCipherInitializer;", "hasOAuthToken", "saveOAuthToken", Extra.OAUTH_TOKEN, "saveTokenToKeyStore", "iv", "lib-auth_release"}, k = 1, mv = {1, 8, 0}, xi = 48)
@LogCtrl(module = LogModule.LOGIN)
/* loaded from: classes5.dex */
public class EncryptedQuickLoginOAuthTokenStorage implements OAuthStorage {
    private final Context context;
    private final Logger logger;
    private final TokenStorage tokenStorage;

    @Inject
    public EncryptedQuickLoginOAuthTokenStorage(@ApplicationContext Context context, @TokenQualifier.MeshTokenStorageV3 TokenStorage tokenStorage) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(tokenStorage, "tokenStorage");
        this.context = context;
        this.tokenStorage = tokenStorage;
        this.logger = LoggerKt.getLogger(this);
    }

    private final OAuthToken cipherDecryptOAuthToken(CipherInitializer cipherInitializer, byte[] encryptedToken, Function0<String> lazyMessage) {
        byte[] doFinal = cipherInitializer.initDecrypt().doFinal(encryptedToken);
        if (doFinal != null) {
            return (OAuthToken) new Gson().fromJson(new String(doFinal, Charsets.UTF_8), OAuthToken.class);
        }
        LoggerExtensionsKt.atInternalAndExternalAudit(this.logger).log(new ErrorLogEvent.Authentication.quickLoginFetchAccessTokenError(new IllegalStateException("decryptToken is null"), lazyMessage.invoke()));
        return null;
    }

    private final void clearLegacyCipherStoragesIfPinAuth() {
        if (!(CipherStorage.INSTANCE.getInstance().getCipherInitializer() instanceof PinSessionCipherInitializer)) {
            LoggerExtensionsKt.atInternalAndExternalAudit(this.logger).log(new AppBehaviorLogEvent.Authentication.refreshTokenMigration("biometric"));
            return;
        }
        LoggerExtensionsKt.atInternalAndExternalAudit(this.logger).log(new AppBehaviorLogEvent.Authentication.refreshTokenMigration(Extra.SSO_PIN_EXTRA));
        PinCipherManager pinCipherManager = ((PinCipherEntryPoint) EntryPointAccessors.fromApplication(this.context, PinCipherEntryPoint.class)).getPinCipherManager();
        pinCipherManager.getPreMeshPinCipherStorage().clear();
        pinCipherManager.getMeshTokenStorageV3PinCipherStorage().clear();
    }

    private final boolean containsStableKeyStoreToken() {
        try {
            return doGetKeyStoreQuickLoginToken() != null;
        } catch (Exception unused) {
            return false;
        }
    }

    private final OAuthToken doGetKeyStoreQuickLoginToken() {
        byte[] storedToken = this.tokenStorage.getStoredToken();
        if (storedToken == null) {
            return null;
        }
        return (OAuthToken) new Gson().fromJson(KeyStoreEncryptionHelper.INSTANCE.decrypt("key_alias_ql_token", Base64.encodeToString(storedToken, 2)), OAuthToken.class);
    }

    private final OAuthToken findInKeyStore() {
        try {
            OAuthToken doGetKeyStoreQuickLoginToken = doGetKeyStoreQuickLoginToken();
            if (doGetKeyStoreQuickLoginToken != null) {
                return doGetKeyStoreQuickLoginToken;
            }
            LoggerExtensionsKt.atInternalAndExternalAudit(this.logger).log(new AppBehaviorLogEvent.Authentication.authTokenNotFound("Refresh token not found in KeyStore"));
            Unit unit = Unit.INSTANCE;
            return doGetKeyStoreQuickLoginToken;
        } catch (Exception e) {
            e = e;
            if (!(e instanceof OAuthTokenNotFound)) {
                if (e instanceof CipherException) {
                    e = ((CipherException) e).getCause();
                }
                Exception exc = e;
                LoggerExtensionsKt.atInternalAndExternalAudit(this.logger).log(new ErrorLogEvent.Authentication.tokenAuthError(exc, "Unexpected Exception in QLOAuthTokenStorage"));
                LoggerExtensionsKt.atCrashReport(this.logger).error("Unexpected Exception in QLOAuthTokenStorage", (Throwable) exc);
            }
            return null;
        }
    }

    private final OAuthToken findInLegacyStorageAndMigrateToKeyStore(Function0<String> lazyMessage) {
        AuditLogger atInternalAndExternalAudit;
        ErrorLogEvent.Authentication.quickLoginFetchAccessTokenError quickloginfetchaccesstokenerror;
        CipherInitializer cipherInitializer = CipherStorage.INSTANCE.getInstance().getCipherInitializer();
        OAuthToken oAuthToken = null;
        if (cipherInitializer != null) {
            byte[] storedToken = this.tokenStorage.getStoredToken();
            try {
                if (storedToken == null) {
                    LoggerExtensionsKt.atInternalAndExternalAudit(this.logger).log(new ErrorLogEvent.Authentication.quickLoginFetchAccessTokenError(new OAuthTokenNotFound("refresh token null", null, 2, null), lazyMessage.invoke()));
                    return null;
                }
                try {
                    OAuthToken cipherDecryptOAuthToken = cipherDecryptOAuthToken(cipherInitializer, storedToken, lazyMessage);
                    if (cipherDecryptOAuthToken != null) {
                        saveTokenToKeyStore(cipherDecryptOAuthToken, cipherInitializer instanceof BiometricCipherInitializer ? this.tokenStorage.getEncryptionIv() : null);
                        clearLegacyCipherStoragesIfPinAuth();
                        oAuthToken = cipherDecryptOAuthToken;
                    }
                } catch (Exception e) {
                    LoggerExtensionsKt.atInternalAndExternalAudit(this.logger).log(new ErrorLogEvent.Authentication.quickLoginFetchAccessTokenError(e, lazyMessage.invoke()));
                    atInternalAndExternalAudit = LoggerExtensionsKt.atInternalAndExternalAudit(this.logger);
                    quickloginfetchaccesstokenerror = new ErrorLogEvent.Authentication.quickLoginFetchAccessTokenError(new IllegalStateException("failed building OAuthToken"), lazyMessage.invoke());
                }
                if (oAuthToken == null) {
                    atInternalAndExternalAudit = LoggerExtensionsKt.atInternalAndExternalAudit(this.logger);
                    quickloginfetchaccesstokenerror = new ErrorLogEvent.Authentication.quickLoginFetchAccessTokenError(new IllegalStateException("failed building OAuthToken"), lazyMessage.invoke());
                    atInternalAndExternalAudit.log(quickloginfetchaccesstokenerror);
                }
            } catch (Throwable th) {
                LoggerExtensionsKt.atInternalAndExternalAudit(this.logger).log(new ErrorLogEvent.Authentication.quickLoginFetchAccessTokenError(new IllegalStateException("failed building OAuthToken"), lazyMessage.invoke()));
                throw th;
            }
        } else {
            LoggerExtensionsKt.atInternalAndExternalAudit(this.logger).log(new ErrorLogEvent.Authentication.quickLoginFetchAccessTokenError(new IllegalStateException("cipherInitializer null"), lazyMessage.invoke()));
        }
        return oAuthToken;
    }

    private final byte[] generateTokenIVIfBiometricAuth(BiometricCipherInitializer cipherInitializer) {
        try {
            byte[] iv = CipherWrapper.INSTANCE.getDefaultInstance(cipherInitializer.initEncrypt()).getIv();
            Intrinsics.checkNotNullExpressionValue(iv, "wrapper.iv");
            return iv;
        } catch (CipherException e) {
            throw new CipherNotAuthenticatedException(e.getCause());
        }
    }

    private final void saveTokenToKeyStore(OAuthToken oAuthToken, byte[] iv) {
        try {
            this.tokenStorage.storeToken(Base64.decode(KeyStoreEncryptionHelper.INSTANCE.encrypt("key_alias_ql_token", new Gson().toJson(oAuthToken)), 2), iv);
        } catch (CipherException e) {
            throw new CipherNotAuthenticatedException(e.getCause());
        }
    }

    @Override // com.paycom.mobile.lib.auth.oauth.data.db.OAuthStorage
    public void clearToken() {
        LoggerExtensionsKt.atInternalAndExternalAudit(this.logger).log(AppBehaviorLogEvent.Login.clearQuickLoginToken.INSTANCE);
        this.tokenStorage.clearToken();
    }

    @Override // com.paycom.mobile.lib.auth.oauth.data.db.OAuthStorage
    public OAuthToken findOAuthToken(Function0<String> lazyMessage) throws CipherNotAuthenticatedException, TokenCorruptException {
        Intrinsics.checkNotNullParameter(lazyMessage, "lazyMessage");
        return containsStableKeyStoreToken() ? findInKeyStore() : findInLegacyStorageAndMigrateToKeyStore(lazyMessage);
    }

    public final Logger getLogger() {
        return this.logger;
    }

    @Override // com.paycom.mobile.lib.auth.oauth.data.db.OAuthStorage
    public boolean hasOAuthToken() {
        return this.tokenStorage.getStoredToken() != null;
    }

    @Override // com.paycom.mobile.lib.auth.oauth.data.db.OAuthStorage
    public void saveOAuthToken(OAuthToken oAuthToken) throws CipherNotAuthenticatedException {
        Intrinsics.checkNotNullParameter(oAuthToken, "oAuthToken");
        LoggerExtensionsKt.atInternalAndExternalAudit(this.logger).log(AppBehaviorLogEvent.Login.updateLoginToken.INSTANCE);
        CipherInitializer cipherInitializer = CipherStorage.INSTANCE.getInstance().getCipherInitializer();
        if (cipherInitializer == null) {
            throw new CipherNotAuthenticatedException(new InvalidCipherException());
        }
        try {
            saveTokenToKeyStore(oAuthToken, cipherInitializer instanceof BiometricCipherInitializer ? generateTokenIVIfBiometricAuth((BiometricCipherInitializer) cipherInitializer) : null);
        } catch (CipherException e) {
            throw new CipherNotAuthenticatedException(e.getCause());
        }
    }
}
