package com.citrix.MAM.Android.ManagedAppHelper;

import android.content.Context;
import android.database.Cursor;
import android.os.Bundle;
import android.util.Base64;
import android.util.Log;
import com.citrix.MAM.Android.ManagedAppHelper.Interface.MAMAppInfo;
import com.citrix.client.pnagent.asynctasks.DelegatingAsyncTask;
import com.citrix.client.pnagent.asynctasks.StartupInitializationTask;
import com.citrix.client.pnagent.asynctasks.parameters.StartupInitializationTaskParams;
import com.citrix.client.pnagent.asynctasks.results.IAsyncTask;
import com.citrix.client.pnagent.asynctasks.results.StartupInitializationTaskResult;
import com.citrix.client.pnagent.profiledata.ProfileData;
import com.citrix.client.profilemanager.ProfileDatabase;
import com.citrix.mdx.lib.PolicyParser;
import io.fabric.sdk.android.services.common.CommonUtils;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.concurrent.ExecutionException;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.http.client.HttpClient;

/* loaded from: classes.dex */
public class EncryptionKeyStorage {
    private static final String TAG = "EncryptionKeyStorage";
    private boolean mAllowOfflineKeys;
    private Context mContext;
    private ProfileDatabase mDb;
    private boolean mEnableLogging;
    private HttpClient mHttpClient;
    private boolean mNeedAuthentication;
    private String mPkgName;
    private int mProfileId;
    private String mVaultName;

    public EncryptionKeyStorage(Context context, ProfileDatabase profileDatabase, int i, String str, String str2, PolicyParser policyParser) {
        this.mContext = context;
        this.mDb = profileDatabase;
        this.mProfileId = i;
        this.mPkgName = str;
        this.mVaultName = str2;
        this.mEnableLogging = !policyParser.getBoolean(PolicyParser.POLICY_DISABLE_LOGGING);
        this.mAllowOfflineKeys = PolicyParser.VALUE_OFFLINE.equals(policyParser.getString(PolicyParser.POLICY_ENCRYPTION_KEYS));
        if (this.mAllowOfflineKeys) {
            return;
        }
        eraseStoredSecrets();
    }

    private static String byteArrayToString(byte[] bArr) {
        if (bArr == null) {
            return "(null)";
        }
        if (bArr.length == 0) {
            return "(empty)";
        }
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (byte b : bArr) {
            stringBuffer.append(String.format("%02x", Byte.valueOf(b)));
        }
        return stringBuffer.toString();
    }

    private static byte[] calculateKey(byte[] bArr, byte[] bArr2) {
        if (bArr == null || bArr2 == null) {
            return null;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(CommonUtils.SHA1_INSTANCE);
            messageDigest.update(bArr);
            messageDigest.update(bArr2);
            return messageDigest.digest();
        } catch (RuntimeException e) {
            return null;
        } catch (NoSuchAlgorithmException e2) {
            return null;
        }
    }

    private static byte[] decode64(String str) {
        String str2 = str;
        int indexOf = str.indexOf(61);
        if (indexOf > 0) {
            str2 = str.substring(0, indexOf);
        }
        return Base64.decode(str2, 0);
    }

    private byte[] encryptOrDecrypt(byte[] bArr, int i, byte[] bArr2, byte[] bArr3) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "AES");
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr3);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(i, secretKeySpec, ivParameterSpec);
            return cipher.doFinal(bArr);
        } catch (GeneralSecurityException e) {
            logError("Caught " + e.getClass().getName());
            logError(e.toString());
            return null;
        }
    }

    private void eraseStoredSecrets() {
        logInfo("Erasing stored secrets");
        if (this.mPkgName.equals(this.mVaultName)) {
            this.mDb.updateAppMamSecrets(this.mPkgName, null, null, null);
            this.mDb.deleteOfflineKey(this.mProfileId, this.mPkgName);
        }
    }

    private byte[] getEncryptionKeysOffline() {
        byte[] bArr = null;
        if (this.mAllowOfflineKeys) {
            byte[][] retrieveSecrets = retrieveSecrets();
            if (retrieveSecrets == null || retrieveSecrets.length != 2 || retrieveSecrets[0] == null || retrieveSecrets[1] == null) {
                logInfo("No saved keys");
            } else {
                bArr = calculateKey(retrieveSecrets[0], retrieveSecrets[1]);
                if (bArr != null) {
                    logInfo("Returning saved offline key");
                } else {
                    logInfo("Could not calculate offline key");
                }
            }
        }
        return bArr;
    }

    private byte[] getEncryptionKeysOnline() {
        byte[] decode64;
        byte[] decode642;
        logInfo("Creating EncryptionKeyManager instance for app " + this.mPkgName + ", vault name " + this.mVaultName);
        byte[] bArr = null;
        MAMAuthInfo mAMAuthInfo = MAMAuthInfo.getMAMAuthInfo(this.mDb, this.mProfileId);
        AuthInfo authInfo = new AuthInfo();
        ProfileData profileData = authInfo.loadFromDatabase(this.mContext, this.mProfileId) ? authInfo.wProfileData : null;
        if (profileData != null) {
            try {
                HttpClient httpClient = this.mHttpClient;
                if (httpClient == null) {
                    httpClient = ((StartupInitializationTaskResult) DelegatingAsyncTask.create(new StartupInitializationTask(profileData, false), IAsyncTask.Impl.getTaskLogger("EncryptionKeyStorage.StartupInitialization.")).execute(new StartupInitializationTaskParams(this.mContext, null)).get()).m_httpClient;
                }
                logDebug("Creating EncryptionKeyManager");
                EncryptionKeyManager encryptionKeyManager = new EncryptionKeyManager(profileData, this.mProfileId, this.mDb, mAMAuthInfo, this.mVaultName, httpClient, this.mEnableLogging);
                if (encryptionKeyManager.needAuthentication()) {
                    this.mNeedAuthentication = true;
                } else {
                    logDebug("Calling retrieveKeys");
                    encryptionKeyManager.retrieveKeys();
                    logDebug("retrieveKeys returned");
                    if (encryptionKeyManager.retrieveKeyFlag && (bArr = calculateKey((decode64 = decode64(encryptionKeyManager.getMamKey1())), (decode642 = decode64(encryptionKeyManager.getMamKey2())))) != null && this.mAllowOfflineKeys) {
                        storeSecrets(decode64, decode642);
                    }
                }
            } catch (IllegalStateException e) {
                logError("Could not get httpClient from StartupInitializationTask");
                e.printStackTrace();
            } catch (InterruptedException e2) {
                e2.printStackTrace();
            } catch (ExecutionException e3) {
                e3.printStackTrace();
            }
        } else {
            logError("Invalid Profile");
        }
        return bArr;
    }

    public static String getSecurityGroupVaultName(PolicyParser policyParser) {
        String string;
        if (policyParser == null || (string = policyParser.getString("SecurityGroup")) == null) {
            return null;
        }
        return "secgroup:" + string.trim().toLowerCase();
    }

    public static boolean isEncryptionEnabled(PolicyParser policyParser) {
        String string = policyParser.getString(PolicyParser.POLICY_FILE_ENCRYPTION_ENABLE_PUBLIC);
        String string2 = policyParser.getString(PolicyParser.POLICY_FILE_ENCRYPTION_ENABLE_PRIVATE);
        if ("Disabled".equals(string) && "Disabled".equals(string2)) {
            Log.i(TAG, "Encryption is disabled");
            return false;
        }
        Log.i(TAG, "Encryption is enabled");
        return true;
    }

    private void logDebug(String str) {
        if (this.mEnableLogging) {
            Log.d(TAG, str);
        }
    }

    private void logError(String str) {
        if (this.mEnableLogging) {
            Log.e(TAG, str);
        }
    }

    private void logInfo(String str) {
        if (this.mEnableLogging) {
            Log.i(TAG, str);
        }
    }

    private void logVerbose(String str) {
        if (this.mEnableLogging) {
            Log.v(TAG, str);
        }
    }

    public static void mamTableRowAdded(String str, ProfileDatabase profileDatabase) {
    }

    private void putKeyIntoBundle(Bundle bundle, byte[] bArr) {
        if (this.mPkgName.equals(this.mVaultName)) {
            bundle.putByteArray(MAMAppInfo.KEY_MAM_ENCRYPTION, bArr);
        } else {
            bundle.putByteArray("Mam_Encryption_Key-vault-" + this.mVaultName, bArr);
        }
    }

    private byte[][] retrieveSecrets() {
        logInfo("Retrieving secrets");
        byte[] bArr = null;
        byte[] bArr2 = null;
        byte[] bArr3 = null;
        byte[][] bArr4 = (byte[][]) null;
        if (this.mAllowOfflineKeys) {
            String[] strArr = {"Secret1", "Secret2", "GeneralSecret"};
            Cursor mamOfflineKey = this.mDb.getMamOfflineKey(this.mProfileId, this.mVaultName);
            if (mamOfflineKey.moveToFirst()) {
                bArr = mamOfflineKey.getBlob(mamOfflineKey.getColumnIndex(strArr[0]));
                bArr2 = mamOfflineKey.getBlob(mamOfflineKey.getColumnIndex(strArr[1]));
                bArr3 = mamOfflineKey.getBlob(mamOfflineKey.getColumnIndex(strArr[2]));
            }
            mamOfflineKey.close();
            if (this.mPkgName.equals(this.mVaultName) && (bArr == null || bArr2 == null || bArr3 == null || bArr3.length != 48)) {
                Cursor mAMPackageCursor = this.mDb.getMAMPackageCursor(this.mPkgName, strArr);
                if (mAMPackageCursor.moveToFirst()) {
                    bArr = mAMPackageCursor.getBlob(mAMPackageCursor.getColumnIndex(strArr[0]));
                    bArr2 = mAMPackageCursor.getBlob(mAMPackageCursor.getColumnIndex(strArr[1]));
                    bArr3 = mAMPackageCursor.getBlob(mAMPackageCursor.getColumnIndex(strArr[2]));
                }
                mAMPackageCursor.close();
            }
        }
        if (bArr == null || bArr2 == null || bArr3 == null || bArr3.length != 48) {
            logInfo("retrieveSecrets: No secrets to retrieve");
            return bArr4;
        }
        byte[] copyOfRange = Arrays.copyOfRange(bArr3, 0, 16);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr3, 16, 32);
        byte[] copyOfRange3 = Arrays.copyOfRange(bArr3, 32, 48);
        byte[] encryptOrDecrypt = encryptOrDecrypt(bArr, 2, copyOfRange, copyOfRange2);
        byte[] encryptOrDecrypt2 = encryptOrDecrypt(bArr2, 2, copyOfRange, copyOfRange3);
        if (encryptOrDecrypt == null || encryptOrDecrypt2 == null) {
            logError("retrieveSecrets: Encountered a problem retrieving secrets.");
            return bArr4;
        }
        logInfo("retrieveSecrets: Retrieved secrets");
        return new byte[][]{encryptOrDecrypt, encryptOrDecrypt2};
    }

    private void storeSecrets(byte[] bArr, byte[] bArr2) {
        logInfo("Storing secrets");
        Cursor mamOfflineKey = this.mDb.getMamOfflineKey(this.mProfileId, this.mVaultName);
        byte[] blob = mamOfflineKey.moveToFirst() ? mamOfflineKey.getBlob(mamOfflineKey.getColumnIndex("GeneralSecret")) : null;
        mamOfflineKey.close();
        if (blob == null || blob.length != 48) {
            blob = new byte[48];
            try {
                PRNGFixes.apply();
            } catch (SecurityException e) {
                logInfo("Can not apply the fix");
            }
            new SecureRandom().nextBytes(blob);
        }
        byte[] copyOfRange = Arrays.copyOfRange(blob, 0, 16);
        byte[] copyOfRange2 = Arrays.copyOfRange(blob, 16, 32);
        byte[] copyOfRange3 = Arrays.copyOfRange(blob, 32, 48);
        byte[] encryptOrDecrypt = encryptOrDecrypt(bArr, 1, copyOfRange, copyOfRange2);
        byte[] encryptOrDecrypt2 = encryptOrDecrypt(bArr2, 1, copyOfRange, copyOfRange3);
        if (encryptOrDecrypt == null || encryptOrDecrypt2 == null) {
            return;
        }
        if (this.mDb.updateMamOfflineKey(this.mProfileId, this.mVaultName, encryptOrDecrypt, encryptOrDecrypt2, blob) > 0) {
            logInfo("Updated secrets");
        } else if (this.mDb.insertMamOfflineKey(this.mProfileId, this.mVaultName, encryptOrDecrypt, encryptOrDecrypt2, blob) > 0) {
            logInfo("Inserted secrets");
        } else {
            logError("Could not store secrets??");
        }
    }

    public void getEncryptionKeys(Bundle bundle) {
        logVerbose("getKeys entry");
        if (this.mProfileId == -1) {
            logError("Can't get keys; bad profile id");
            return;
        }
        this.mNeedAuthentication = false;
        byte[] encryptionKeysOffline = getEncryptionKeysOffline();
        if (encryptionKeysOffline != null) {
            putKeyIntoBundle(bundle, encryptionKeysOffline);
            return;
        }
        byte[] encryptionKeysOnline = getEncryptionKeysOnline();
        if (encryptionKeysOnline != null) {
            logInfo("Got encryption keys online");
            putKeyIntoBundle(bundle, encryptionKeysOnline);
        } else {
            logInfo("Could not get encryption keys online");
            if (this.mNeedAuthentication) {
                bundle.putBoolean("NeedsAuthentication", true);
            }
        }
    }

    public byte[] getEncryptionKeys() {
        logVerbose("getKeys entry");
        if (this.mProfileId == -1) {
            logError("Can't get keys; bad profile id");
            return null;
        }
        this.mNeedAuthentication = false;
        byte[] encryptionKeysOffline = getEncryptionKeysOffline();
        if (encryptionKeysOffline != null) {
            return encryptionKeysOffline;
        }
        byte[] encryptionKeysOnline = getEncryptionKeysOnline();
        if (encryptionKeysOnline != null) {
            logInfo("Got encryption keys online");
            return encryptionKeysOnline;
        }
        logInfo("Could not get encryption keys online");
        return encryptionKeysOnline;
    }

    public boolean getNeedAuthentication() {
        return this.mNeedAuthentication;
    }

    public void setHttpClient(HttpClient httpClient) {
        this.mHttpClient = httpClient;
    }

    public void setVaultName(String str) {
        this.mVaultName = str;
    }
}
