package com.adobe.libs.esignservices.utils;

import android.content.SharedPreferences;
import android.os.Build;
import android.util.Base64;
import com.adobe.libs.buildingblocks.utils.BBLogUtils;
import com.adobe.libs.buildingblocks.utils.BBSecurityUtils;
import com.adobe.libs.esignservices.ESContext;
import com.adobe.libs.esignservices.ESServicesAccount;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.util.Arrays;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class ESTokensCryptor {
    private static final String ENCRYPTION_ALGORITHM_NAME = "AES";
    private static final int ENCRYPTION_KEY_SIZE_128 = 128;
    private static final String ESIGN_ACCESS_TOKEN_KEY = "esign_access_token_new_KEY";
    private static final String ESIGN_CLOUD_SECRET_IVKEY = "esignCloudSecretIVKey";
    private static final String ESIGN_CLOUD_SECRET_KEY = "esignCloudSecretKey";
    private static final String ESIGN_CLOUD_SECRET_KEY_PREFERENCES = "com.adobe.libs.esignservices.ESTokensCryptor";
    private static final String ESIGN_REFRESH_TOKEN_KEY = "esign_refresh_token_new_KEY";
    private static final String SECRET_KEY_ALIAS = "AcrobatDotComSecretKeyAlias";
    private static SecretKey sCloudSecretKey = null;

    public static void encryptAndStoreTokens(String str, String str2) {
        ESServicesUtils.logit("ESServicesAccount:encryptAndStoreTokens - encrypt and store tokens");
        String str3 = str;
        String str4 = str2;
        try {
            try {
                SecretKey cryptorKey = getCryptorKey();
                if (str != null) {
                    str3 = Base64.encodeToString(BBSecurityUtils.encrypt(cryptorKey, getCryptorIv(), str.getBytes()), 0);
                    ESServicesUtils.logit("Access token encrypted value = " + str3);
                }
                if (str2 != null) {
                    str4 = Base64.encodeToString(BBSecurityUtils.encrypt(cryptorKey, getCryptorIv(), str2.getBytes()), 0);
                    ESServicesUtils.logit("Refresh token encrypted value = " + str4);
                }
            } catch (Exception e) {
                removeSecretKey();
                ESServicesUtils.logit("ESTokensCryptor:encryptAndStoreTokens " + e.getMessage());
                storeTokens(str, str2);
            }
        } finally {
            storeTokens(str3, str4);
        }
    }

    private static SecretKey generateRandomKey() throws NoSuchAlgorithmException {
        SecretKey generateKey = BBSecurityUtils.generateKey(ENCRYPTION_ALGORITHM_NAME, 128);
        String encodeToString = Base64.encodeToString(BBSecurityUtils.generateIVBytes(16), 0);
        SharedPreferences.Editor edit = ESContext.getInstance().getAppContext().getSharedPreferences(ESIGN_CLOUD_SECRET_KEY_PREFERENCES, 0).edit();
        edit.putString(ESIGN_CLOUD_SECRET_IVKEY, encodeToString);
        edit.apply();
        return generateKey;
    }

    public static String getAccessToken() {
        String string = ESServicesAccount.getInstance().getESCloudPreferences().getString(ESIGN_ACCESS_TOKEN_KEY, null);
        if (string == null || !isCloudSecretKeyPresent()) {
            return string;
        }
        try {
            return new String(BBSecurityUtils.decrypt(getCryptorKey(), getCryptorIv(), Base64.decode(string.getBytes(), 0)));
        } catch (Exception e) {
            BBLogUtils.logException("ESTokenCryptor:getAccessToken ", e);
            return null;
        }
    }

    private static byte[] getCryptorIv() {
        String string = ESContext.getInstance().getAppContext().getSharedPreferences(ESIGN_CLOUD_SECRET_KEY_PREFERENCES, 0).getString(ESIGN_CLOUD_SECRET_IVKEY, null);
        return string != null ? Base64.decode(string, 0) : new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
    }

    private static SecretKey getCryptorKey() throws Exception {
        SecretKey generateRandomKey;
        PublicKey generateKeyForApi19AndAbove;
        KeyStore.PrivateKeyEntry secretKeyEntryFromKeyStore;
        if (sCloudSecretKey == null) {
            SharedPreferences sharedPreferences = ESContext.getInstance().getAppContext().getSharedPreferences(ESIGN_CLOUD_SECRET_KEY_PREFERENCES, 0);
            if (isCloudSecretKeyPresentInPreferences()) {
                String string = sharedPreferences.getString(ESIGN_CLOUD_SECRET_KEY, null);
                ESServicesUtils.logit("ESServicesAccount:getCryptorKey - cloudSecretKey as read from preferences " + string);
                if (string != null) {
                    byte[] decode = Base64.decode(string, 0);
                    ESServicesUtils.logit("ESServicesAccount:getCryptorKey - cloudSecretKey after decoding as read from preferences " + Arrays.toString(decode));
                    if (BBSecurityUtils.isSecretKeyPresentInKeyStore(SECRET_KEY_ALIAS) && (secretKeyEntryFromKeyStore = BBSecurityUtils.getSecretKeyEntryFromKeyStore(SECRET_KEY_ALIAS)) != null) {
                        ESServicesUtils.logit("ESServicesAccount:getCryptorKey - cloudSecretKey after decoding as read from preferences is encrypted");
                        decode = BBSecurityUtils.decrypt(secretKeyEntryFromKeyStore.getPrivateKey(), getCryptorIv(), decode);
                        ESServicesUtils.logit("ESServicesAccount:getCryptorKey - decrypted cloud secret key " + Arrays.toString(decode));
                    }
                    sCloudSecretKey = new SecretKeySpec(decode, ENCRYPTION_ALGORITHM_NAME);
                }
            }
            if (sCloudSecretKey == null && (generateRandomKey = generateRandomKey()) != null) {
                byte[] encoded = generateRandomKey.getEncoded();
                if (Build.VERSION.SDK_INT >= 19 && (generateKeyForApi19AndAbove = BBSecurityUtils.generateKeyForApi19AndAbove(ESContext.getInstance().getAppContext(), SECRET_KEY_ALIAS)) != null) {
                    byte[] encoded2 = generateRandomKey.getEncoded();
                    ESServicesUtils.logit("ESServicesAccount:getCryptorKey - unencrypted decoded cloud secret key " + Arrays.toString(encoded2));
                    encoded = BBSecurityUtils.encrypt(generateKeyForApi19AndAbove, getCryptorIv(), encoded2);
                    ESServicesUtils.logit("ESServicesAccount:getCryptorKey - encrypted decoded cloud secret key " + Arrays.toString(encoded));
                    ESServicesUtils.logit("ESServicesAccount:getCryptorKey - encrypted encoded cloud secret key " + Base64.encodeToString(encoded, 0));
                }
                SharedPreferences.Editor edit = sharedPreferences.edit();
                edit.putString(ESIGN_CLOUD_SECRET_KEY, Base64.encodeToString(encoded, 0));
                edit.apply();
                sCloudSecretKey = generateRandomKey;
            }
        }
        return sCloudSecretKey;
    }

    public static String getRefreshToken() {
        String string = ESServicesAccount.getInstance().getESCloudPreferences().getString(ESIGN_REFRESH_TOKEN_KEY, null);
        if (string == null || !isCloudSecretKeyPresent()) {
            return string;
        }
        try {
            return new String(BBSecurityUtils.decrypt(getCryptorKey(), getCryptorIv(), Base64.decode(string.getBytes(), 0)));
        } catch (Exception e) {
            BBLogUtils.logException("ESTokenCryptor:getAccessToken ", e);
            return null;
        }
    }

    private static boolean isCloudSecretKeyPresent() {
        return isCloudSecretKeyPresentInPreferences() || BBSecurityUtils.isSecretKeyPresentInKeyStore(SECRET_KEY_ALIAS);
    }

    private static boolean isCloudSecretKeyPresentInPreferences() {
        return ESContext.getInstance().getAppContext().getSharedPreferences(ESIGN_CLOUD_SECRET_KEY_PREFERENCES, 0).contains(ESIGN_CLOUD_SECRET_KEY);
    }

    private static void removeSecretKey() {
        SharedPreferences.Editor edit = ESContext.getInstance().getAppContext().getSharedPreferences(ESIGN_CLOUD_SECRET_KEY_PREFERENCES, 0).edit();
        edit.remove(ESIGN_CLOUD_SECRET_KEY);
        edit.remove(ESIGN_CLOUD_SECRET_IVKEY);
        edit.apply();
        try {
            BBSecurityUtils.removeKeyFromKeyStore(SECRET_KEY_ALIAS);
        } catch (Exception e) {
        }
        sCloudSecretKey = null;
    }

    public static void removeTokens() {
        SharedPreferences.Editor edit = ESServicesAccount.getInstance().getESCloudPreferences().edit();
        edit.remove(ESIGN_ACCESS_TOKEN_KEY);
        edit.remove(ESIGN_REFRESH_TOKEN_KEY);
        edit.apply();
    }

    private static void storeTokens(String str, String str2) {
        SharedPreferences.Editor edit = ESServicesAccount.getInstance().getESCloudPreferences().edit();
        if (str != null) {
            edit.putString(ESIGN_ACCESS_TOKEN_KEY, str);
        }
        if (str2 != null) {
            edit.putString(ESIGN_REFRESH_TOKEN_KEY, str2);
        }
        edit.apply();
    }
}
