package com.amazon.identity.auth.device.storage;

import android.accounts.Account;
import android.text.TextUtils;
import android.util.Base64;
import com.amazon.identity.auth.device.api.MAPAccountManager;
import com.amazon.identity.auth.device.framework.AESCipher;
import com.amazon.identity.auth.device.framework.AccountTokenEncryptor;
import com.amazon.identity.auth.device.framework.DCPOnlyTokenEncryptor;
import com.amazon.identity.auth.device.framework.PlatformWrapper;
import com.amazon.identity.auth.device.framework.ServiceWrappingContext;
import com.amazon.identity.auth.device.recovery.AccountRecoverContext;
import com.amazon.identity.auth.device.storage.DataStorage;
import com.amazon.identity.auth.device.utils.BackwardsCompatiabilityHelper;
import com.amazon.identity.auth.device.utils.MAPLog;
import com.amazon.identity.platform.metric.MetricsHelper;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.BadPaddingException;

/* loaded from: classes.dex */
public class BackwardsCompatiableDataStorage extends DataStorage {
    private static final String TAG = BackwardsCompatiableDataStorage.class.getName();
    private static AtomicInteger sRecoverLocallyTryTimesRecord = new AtomicInteger(0);
    private final AbstractTokenEncryptor mDcpOnlyTokenEncryptor;
    private final boolean mIsUsingNewCentralLocalDataStorage;
    private final PlatformWrapper mPlatform;
    private final DataStorage mStorage;

    /* loaded from: classes.dex */
    public static class BackwardsCompatibleDataStorageException extends Exception implements AccountRecoverContext.AccountRecoverable {
        private static final int LEGACY_ERROR_CODE = MAPAccountManager.RegistrationError.INTERNAL_ERROR.value();
        private static final String LEGACY_ERROR_MESSAGE = MAPAccountManager.RegistrationError.INTERNAL_ERROR.getName();
        private AccountRecoverContext mAccountRecoverContext;

        public BackwardsCompatibleDataStorageException(AccountRecoverContext accountRecoverContext) {
            super(LEGACY_ERROR_MESSAGE);
            this.mAccountRecoverContext = accountRecoverContext;
        }

        @Override // com.amazon.identity.auth.device.recovery.AccountRecoverContext.AccountRecoverable
        public AccountRecoverContext getAccountRecoverContext() {
            return this.mAccountRecoverContext;
        }

        @Override // com.amazon.identity.auth.device.recovery.AccountRecoverContext.AccountRecoverable
        public int getLegacyErrorCode() {
            return LEGACY_ERROR_CODE;
        }

        @Override // com.amazon.identity.auth.device.recovery.AccountRecoverContext.AccountRecoverable
        public String getLegacyErrorMessage() {
            return super.getMessage();
        }
    }

    public BackwardsCompatiableDataStorage(ServiceWrappingContext serviceWrappingContext) {
        this(serviceWrappingContext, serviceWrappingContext.getDataStorage());
    }

    public BackwardsCompatiableDataStorage(ServiceWrappingContext serviceWrappingContext, DataStorage dataStorage) {
        this(dataStorage, (PlatformWrapper) serviceWrappingContext.getSystemService("sso_platform"), new DCPOnlyTokenEncryptor(serviceWrappingContext));
    }

    BackwardsCompatiableDataStorage(DataStorage dataStorage, PlatformWrapper platformWrapper, AbstractTokenEncryptor abstractTokenEncryptor) {
        this.mStorage = dataStorage;
        this.mPlatform = platformWrapper;
        this.mDcpOnlyTokenEncryptor = abstractTokenEncryptor;
        this.mIsUsingNewCentralLocalDataStorage = isUsingNewCentralLocalDataStorage();
    }

    private boolean areTokensThatAreHistoricallyInUserdata(String str) {
        return BackwardsCompatiabilityHelper.isADcpOnlyToken(str) || BackwardsCompatiabilityHelper.isEncryptedTokenInUserData(str);
    }

    static String bytesToString(byte[] bArr) {
        return Base64.encodeToString(bArr, 2);
    }

    private String encryptUserDataIfNeccesary(AbstractTokenEncryptor abstractTokenEncryptor, String str, String str2) {
        return BackwardsCompatiabilityHelper.isEncryptedTokenInUserData(str) ? abstractTokenEncryptor.encryptToken(str2) : BackwardsCompatiabilityHelper.isADcpOnlyToken(str) ? this.mDcpOnlyTokenEncryptor.encryptToken(str2) : str2;
    }

    private String getUserDataThrowExceptionIfCorrupted(String str, String str2) throws BackwardsCompatibleDataStorageException {
        MAPLog.d(TAG, "Get user data for: " + str2);
        String userData = this.mStorage.getUserData(str, str2);
        if (TextUtils.isEmpty(userData)) {
            MAPLog.d(TAG, String.format(Locale.ENGLISH, "Value for %s is empty", str2));
            return userData;
        }
        if (this.mIsUsingNewCentralLocalDataStorage) {
            return userData;
        }
        try {
            return tryDecryptToken(str, str2, userData);
        } catch (BadPaddingException unused) {
            MAPLog.e(TAG, "BadPaddingException occurs.");
            if (sRecoverLocallyTryTimesRecord.getAndIncrement() < 5) {
                String tryRecoverBadPaddingLocally = tryRecoverBadPaddingLocally(str, str2, userData, this.mStorage);
                if (!TextUtils.isEmpty(tryRecoverBadPaddingLocally)) {
                    MAPLog.d(TAG, "Successfully recovered locally!");
                    resetRecoverLocallyTryTimesRecord();
                    MetricsHelper.incrementCounter("map_badpadding_locally_recover_success", new String[0]);
                    return tryRecoverBadPaddingLocally;
                }
                MAPLog.i(TAG, "Failed to recover account in device");
                MetricsHelper.incrementCounter("map_badpadding_locally_recover_failure", new String[0]);
            } else {
                MAPLog.e(TAG, "Exceed local recovery retry upper-bound. Going to return account recovery bundle.");
            }
            throw new BackwardsCompatibleDataStorageException(AccountRecoverContext.buildFromScratch().setDirectedId(str).setRecoverReason("BackwardsCompatiableDataStorage:BadPaddingException"));
        }
    }

    private boolean isUsingNewCentralLocalDataStorage() {
        return this.mStorage instanceof CentralLocalDataStorage;
    }

    static synchronized void resetRecoverLocallyTryTimesRecord() {
        synchronized (BackwardsCompatiableDataStorage.class) {
            sRecoverLocallyTryTimesRecord = new AtomicInteger(0);
        }
    }

    private AccountTransaction rewriteAccountTransaction(AccountTransaction accountTransaction, AbstractTokenEncryptor abstractTokenEncryptor) {
        HashMap hashMap = new HashMap(accountTransaction.getUserData());
        HashMap hashMap2 = new HashMap();
        for (Map.Entry<String, String> entry : accountTransaction.getTokens().entrySet()) {
            if (areTokensThatAreHistoricallyInUserdata(entry.getKey())) {
                hashMap.put(entry.getKey(), entry.getValue());
            } else {
                hashMap2.put(entry.getKey(), entry.getValue());
            }
        }
        if (abstractTokenEncryptor != null) {
            for (Map.Entry entry2 : hashMap.entrySet()) {
                entry2.setValue(encryptUserDataIfNeccesary(abstractTokenEncryptor, (String) entry2.getKey(), (String) entry2.getValue()));
            }
        }
        return new AccountTransaction(accountTransaction.getDirectedId(), hashMap, hashMap2);
    }

    static byte[] stringToBytes(String str) {
        return Base64.decode(str, 0);
    }

    private String tryDecryptToken(String str, String str2, String str3) throws BadPaddingException {
        if (BackwardsCompatiabilityHelper.isADcpOnlyToken(str2)) {
            MAPLog.d(TAG, "DCPOnlyToken");
            String decryptToken = (this.mPlatform.isOtter() ? new AccountTokenEncryptor(this.mStorage, str) : this.mDcpOnlyTokenEncryptor).decryptToken(str3);
            if (decryptToken == null) {
                MAPLog.w(TAG, "Could not decrypt tokens using expected methods.");
            }
            return decryptToken;
        }
        if (BackwardsCompatiabilityHelper.isEncryptedTokenInUserData(str2)) {
            MAPLog.d(TAG, "EncryptedTokenInUserData");
            return new AccountTokenEncryptor(this.mStorage, str).decryptToken(str3);
        }
        MAPLog.d(TAG, "NonEncryptionData");
        return str3;
    }

    private String tryRecoverBadPaddingLocally(String str, String str2, String str3, DataStorage dataStorage) {
        if (!(dataStorage instanceof DistributedDataStorage)) {
            MAPLog.e(TAG, "DataStorage is not DistributedDataStorage. That db should never be corrupted");
            return null;
        }
        if (!BackwardsCompatiabilityHelper.isADcpOnlyToken(str2)) {
            MAPLog.e(TAG, "Token other than DMS token corrupted. This should never happen.");
            return null;
        }
        MAPLog.i(TAG, "Trying to recover corrupted key locally for key: " + str2);
        DistributedDataStorage distributedDataStorage = (DistributedDataStorage) dataStorage;
        Set<String> fetchRemoteDeviceEncryptionKey = distributedDataStorage.fetchRemoteDeviceEncryptionKey();
        ArrayList arrayList = new ArrayList();
        for (final String str4 : fetchRemoteDeviceEncryptionKey) {
            arrayList.add(new AbstractTokenEncryptor() { // from class: com.amazon.identity.auth.device.storage.BackwardsCompatiableDataStorage.2
                /* JADX INFO: Access modifiers changed from: protected */
                @Override // com.amazon.identity.auth.device.storage.AbstractTokenEncryptor
                public byte[] getEncryptionKey() {
                    return BackwardsCompatiableDataStorage.stringToBytes(str4);
                }
            });
        }
        return tryRecoverBadPaddingLocally(str3, arrayList, distributedDataStorage);
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public boolean addAccount(String str, AccountTransaction accountTransaction, DataStorage.DataPropogationCallback dataPropogationCallback) {
        String str2;
        AbstractTokenEncryptor abstractTokenEncryptor = null;
        if (this.mIsUsingNewCentralLocalDataStorage) {
            str2 = null;
        } else {
            final String generateAesSecureStorageKey = AESCipher.generateAesSecureStorageKey();
            abstractTokenEncryptor = new AbstractTokenEncryptor() { // from class: com.amazon.identity.auth.device.storage.BackwardsCompatiableDataStorage.1
                /* JADX INFO: Access modifiers changed from: protected */
                @Override // com.amazon.identity.auth.device.storage.AbstractTokenEncryptor
                public byte[] getEncryptionKey() {
                    return Base64.decode(generateAesSecureStorageKey, 0);
                }
            };
            str2 = generateAesSecureStorageKey;
        }
        AccountTransaction rewriteAccountTransaction = rewriteAccountTransaction(accountTransaction, abstractTokenEncryptor);
        if (str2 != null) {
            rewriteAccountTransaction.setUserData("com.amazon.dcp.sso.property.encryptKey", str2);
        }
        return this.mStorage.addAccount(str, rewriteAccountTransaction, dataPropogationCallback);
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public void expireToken(String str, String str2) {
        if (areTokensThatAreHistoricallyInUserdata(str2)) {
            setUserData(str, str2, null);
        } else {
            this.mStorage.expireToken(str, str2);
        }
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public Account getAccountForDirectedId(String str) {
        return this.mStorage.getAccountForDirectedId(str);
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public Set<String> getAccountNames() {
        return this.mStorage.getAccountNames();
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public Set<String> getAccounts() {
        return this.mStorage.getAccounts();
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public Set<String> getActors(String str) {
        return this.mStorage.getActors(str);
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public Set<String> getAllTokenKeys(String str) {
        return this.mStorage.getAllTokenKeys(str);
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public String getDeviceData(String str, String str2) {
        return this.mStorage.getDeviceData(str, str2);
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public String getToken(String str, String str2) {
        return areTokensThatAreHistoricallyInUserdata(str2) ? getUserData(str, str2) : this.mStorage.getToken(str, str2);
    }

    public String getTokenThrowExceptionIfCorrupted(String str, String str2) throws BackwardsCompatibleDataStorageException {
        return areTokensThatAreHistoricallyInUserdata(str2) ? getUserDataThrowExceptionIfCorrupted(str, str2) : this.mStorage.getToken(str, str2);
    }

    public String getUndecryptedUserData(String str, String str2) {
        return this.mStorage.getUserData(str, str2);
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public String getUserData(String str, String str2) {
        try {
            return getUserDataThrowExceptionIfCorrupted(str, str2);
        } catch (BackwardsCompatibleDataStorageException e) {
            MAPLog.e(TAG, "BadPaddingException occurs. Swallow this exception here.", e);
            return null;
        }
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public void initialize() {
        this.mStorage.initialize();
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public void removeAccount(String str) {
        this.mStorage.removeAccount(str);
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public boolean replaceAccounts(String str, AccountTransaction accountTransaction, DataStorage.DataPropogationCallback dataPropogationCallback, List<String> list) {
        return this.mStorage.replaceAccounts(str, accountTransaction, dataPropogationCallback, list);
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public void setData(AccountTransaction accountTransaction) {
        this.mStorage.setData(rewriteAccountTransaction(accountTransaction, this.mIsUsingNewCentralLocalDataStorage ? null : new AccountTokenEncryptor(this.mStorage, accountTransaction.getDirectedId())));
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public void setDeviceData(String str, String str2, String str3) {
        this.mStorage.setDeviceData(str, str2, str3);
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public void setToken(String str, String str2, String str3) {
        if (areTokensThatAreHistoricallyInUserdata(str2)) {
            setUserData(str, str2, str3);
        } else {
            this.mStorage.setToken(str, str2, str3);
        }
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public void setUserData(String str, String str2, String str3) {
        if (this.mIsUsingNewCentralLocalDataStorage) {
            this.mStorage.setUserData(str, str2, str3);
        } else {
            this.mStorage.setUserData(str, str2, encryptUserDataIfNeccesary(new AccountTokenEncryptor(this.mStorage, str), str2, str3));
        }
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public void setup() {
        this.mStorage.setup();
    }

    @Override // com.amazon.identity.auth.device.storage.DataStorage
    public void syncDirtyData() {
        this.mStorage.syncDirtyData();
    }

    protected String tryRecoverBadPaddingLocally(String str, List<AbstractTokenEncryptor> list, DistributedDataStorage distributedDataStorage) {
        String decryptToken;
        for (AbstractTokenEncryptor abstractTokenEncryptor : list) {
            String bytesToString = bytesToString(abstractTokenEncryptor.getEncryptionKey());
            try {
                decryptToken = abstractTokenEncryptor.decryptToken(str);
            } catch (BadPaddingException unused) {
                MAPLog.e(TAG, "This key didn't match, retry!");
            }
            if (!TextUtils.isEmpty(decryptToken)) {
                distributedDataStorage.setDeviceEncryptionKey(bytesToString);
                MAPLog.i(TAG, "Successfully recovered locally!");
                return decryptToken;
            }
            continue;
        }
        return null;
    }
}
