package ch.sbb.spc;

import android.content.Context;
import ch.sbb.spc.AesCbcWithIntegrity;
import com.google.gson.JsonSyntaxException;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class TokenStore extends Store {
    protected static final String ACCESS_TOKEN_PREFIX = "token_prefix";
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) TokenStore.class);
    protected static final String TOKEN_METADATA = "token_metadata";
    protected final String REFRESH_TOKEN;
    protected final String TOKEN;
    protected String accessToken;
    protected AesCbcWithIntegrity.CipherTextIvMac refreshTokenCipherText;
    protected AesCbcWithIntegrity.SecretKeys refreshTokenKeys;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenStore(Context context, String str) throws IllegalArgumentException {
        super(context, str);
        this.TOKEN = "access_token";
        this.REFRESH_TOKEN = "refresh_token";
    }

    private String getAccessToken() throws SecurityException {
        if (isKeyStoreAvailable()) {
            return this.encryptionUtils.decryptString(this.prefs.getString("default_useraccess_token", null), this.keyStoreAlias);
        }
        LOGGER.error("KeyStore not available, returning access token from memory.");
        return this.accessToken;
    }

    private String getRefreshTokenCipherText() throws SecurityException {
        AesCbcWithIntegrity.SecretKeys secretKeys;
        if (isKeyStoreAvailable()) {
            return this.encryptionUtils.decryptString(this.prefs.getString("default_userrefresh_token", null), this.keyStoreAlias);
        }
        AesCbcWithIntegrity.CipherTextIvMac cipherTextIvMac = this.refreshTokenCipherText;
        if (cipherTextIvMac == null || (secretKeys = this.refreshTokenKeys) == null) {
            return null;
        }
        try {
            return AesCbcWithIntegrity.decryptString(cipherTextIvMac, secretKeys);
        } catch (UnsupportedEncodingException | GeneralSecurityException e) {
            LOGGER.error("Could not decrypt token: message: " + e.getMessage() + ", cause: " + e.getCause(), (Throwable) e);
            return null;
        }
    }

    private boolean isSafeToStoreInMemory() {
        return (DeviceTools.isRunningInEmulator() || DeviceTools.isDebuggable(this.context)) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void deleteToken() {
        this.accessToken = null;
        this.refreshTokenCipherText = null;
        this.refreshTokenKeys = null;
        this.prefs.edit().remove("default_usertoken_metadata").remove("default_useraccess_token").remove("default_userrefresh_token").apply();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getAccessTokenPrefix() {
        return this.prefs.getString(ACCESS_TOKEN_PREFIX, "");
    }

    public void handleKeyStoreProblem() {
        initKeystore();
        deleteToken();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized Token loadToken() {
        try {
            String string = this.prefs.getString("default_usertoken_metadata", null);
            String accessToken = getAccessToken();
            String refreshTokenCipherText = getRefreshTokenCipherText();
            if (StringUtils.isEmpty(string) || StringUtils.isEmpty(accessToken)) {
                Logger logger = LOGGER;
                Object[] objArr = new Object[3];
                objArr[0] = StringUtils.isEmpty(string) ? "empty" : "ok";
                objArr[1] = StringUtils.isEmpty(accessToken) ? "empty" : "ok";
                objArr[2] = StringUtils.isEmpty(refreshTokenCipherText) ? "empty" : "ok";
                logger.error("Loading of tokens failed. tokenJson: '{}', accessToken: '{}', refreshTokenCipherText: '{}'", objArr);
                return new Token();
            }
            try {
                Token token = (Token) gson.fromJson(string, Token.class);
                if (token == null) {
                    return new Token();
                }
                token.setAccessToken(accessToken);
                token.setRefreshToken(refreshTokenCipherText);
                return token;
            } catch (JsonSyntaxException e) {
                LOGGER.error("Unable to load token: json conversion message: " + e.getMessage() + ", cause: " + e.getCause(), (Throwable) e);
                return new Token();
            }
        } catch (SecurityException e2) {
            LOGGER.error("Loading of tokens failed: message: " + e2.getMessage() + ", cause: " + e2.getCause(), (Throwable) e2);
            handleKeyStoreProblem();
            return new Token();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void storeAccessTokenPrefix(String str) {
        if (str == null) {
            this.prefs.edit().remove(ACCESS_TOKEN_PREFIX).apply();
        } else {
            this.prefs.edit().putString(ACCESS_TOKEN_PREFIX, str).apply();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void storeToken(Token token) {
        if (token == null) {
            LOGGER.error("Unable to save tokens: supplied tokens invalid.");
            return;
        }
        if (!isKeyStoreAvailable()) {
            LOGGER.warn("KeyStore not available. Only able to keep token temporarily.");
        }
        try {
            try {
                this.prefs.edit().putString("default_usertoken_metadata", gson.toJson(token.copyOnlyMetadata())).apply();
                if (isKeyStoreAvailable()) {
                    if (!StringUtils.isEmpty(token.getAccessToken())) {
                        this.prefs.edit().putString("default_useraccess_token", this.encryptionUtils.encryptString(token.getAccessToken(), this.keyStoreAlias)).apply();
                    }
                    if (!StringUtils.isEmpty(token.getRefreshToken())) {
                        this.prefs.edit().putString("default_userrefresh_token", this.encryptionUtils.encryptString(token.getRefreshToken(), this.keyStoreAlias)).apply();
                    }
                } else {
                    if (isSafeToStoreInMemory()) {
                        this.refreshTokenKeys = AesCbcWithIntegrity.generateKey();
                        this.refreshTokenCipherText = AesCbcWithIntegrity.encrypt(token.getRefreshToken(), this.refreshTokenKeys);
                    } else {
                        LOGGER.warn("It is not safe to keep tokens in memory");
                    }
                    if (!StringUtils.isEmpty(token.getAccessToken())) {
                        this.accessToken = token.getAccessToken();
                    }
                }
            } catch (SecurityException e) {
                handleKeyStoreProblem();
                LOGGER.error("Saving of tokens failed: message: " + e.getMessage() + ", cause: " + e.getCause(), (Throwable) e);
            }
        } catch (UnsupportedEncodingException e2) {
            handleKeyStoreProblem();
            LOGGER.error("Unable to encrypt token: message: " + e2.getMessage() + ", cause: " + e2.getCause(), (Throwable) e2);
        } catch (GeneralSecurityException e3) {
            handleKeyStoreProblem();
            LOGGER.error("Failed to generate refreshTokenKeys:message: " + e3.getMessage() + ", cause: " + e3.getCause(), (Throwable) e3);
        }
    }
}
