package com.unitedinternet.portal.android.onlinestorage.application.authenticator;

import android.accounts.AbstractAccountAuthenticator;
import android.accounts.Account;
import android.accounts.AccountAuthenticatorResponse;
import android.accounts.AccountManager;
import android.content.Context;
import android.content.Intent;
import android.os.Bundle;
import android.os.Process;
import com.unitedinternet.portal.android.lib.authenticator.AuthenticationException;
import com.unitedinternet.portal.android.lib.authenticator.EncryptHelper;
import com.unitedinternet.portal.android.lib.authenticator.oauth2client.JsonOAuth2ClientFactoryFactory;
import com.unitedinternet.portal.android.lib.brand.Brand;
import com.unitedinternet.portal.android.lib.moduleintegrator.host.model.GenericBreadcrumb;
import com.unitedinternet.portal.android.lib.oauth2.OAuth2Authenticator;
import com.unitedinternet.portal.android.lib.string.StringUtils;
import com.unitedinternet.portal.android.onlinestorage.advertising.pcl.OnlineStoragePclActionExecutor;
import com.unitedinternet.portal.android.onlinestorage.application.account.HostAccountManager;
import com.unitedinternet.portal.android.onlinestorage.application.account.SimpleHostAccount;
import com.unitedinternet.portal.android.onlinestorage.application.authentication.AuthActivity;
import com.unitedinternet.portal.android.onlinestorage.application.authentication.EmptyRefreshTokenLogger;
import com.unitedinternet.portal.android.onlinestorage.crashtracking.BreadcrumbCategory;
import com.unitedinternet.portal.android.onlinestorage.crashtracking.CrashInfo;
import com.unitedinternet.portal.android.onlinestorage.injection.ComponentProvider;
import java.io.IOException;
import java.security.GeneralSecurityException;
import org.dmfs.httpessentials.exceptions.ProtocolError;
import org.dmfs.httpessentials.exceptions.ProtocolException;
import org.dmfs.oauth2.client.OAuth2AccessToken;
import org.dmfs.oauth2.client.errors.TokenRequestError;
import timber.log.Timber;

/* loaded from: classes2.dex */
public final class Authenticator extends AbstractAccountAuthenticator {
    private static final String EMPTY_FALLBACK_TOKEN = "INVALID_EMPTY_TOKEN_FALLBACK_SEE_ACLOUD-2429";
    private static final String INVALID_FALLBACK_TOKEN = "INVALID_TOKEN_FALLBACK_SEE_ACLOUD-3033";
    public static final String KEY_REFRESH_TOKEN = "refresh_token";
    private final AccountManager accountManager;
    private final Context context;
    private final HostAccountManager hostAccountManager;

    public Authenticator(Context context, HostAccountManager hostAccountManager) {
        super(context);
        this.context = context;
        this.accountManager = AccountManager.get(context);
        this.hostAccountManager = hostAccountManager;
    }

    private void assertAccessRights(Bundle bundle) throws AuthenticationException {
        if (bundle.getInt("callerUid") == Process.myUid()) {
            return;
        }
        Timber.e("Auth token request from unauthorized uid %d", Integer.valueOf(bundle.getInt("callerUid")));
        throw new AuthenticationException(6, "Calling process UID not authorized to get auth token.");
    }

    private Bundle refreshAccessToken(Account account, String str, EncryptHelper encryptHelper, String str2, OAuth2Authenticator oAuth2Authenticator) throws AuthenticationException {
        try {
            OAuth2AccessToken accessToken = oAuth2Authenticator.getAccessToken(str2, str);
            if (accessToken.hasRefreshToken()) {
                String charSequence = accessToken.refreshToken().toString();
                String encryptBase64Unsafe = encryptHelper.encryptBase64Unsafe(charSequence);
                this.accountManager.setUserData(account, KEY_REFRESH_TOKEN, encryptBase64Unsafe);
                String decryptBase64 = encryptHelper.decryptBase64(encryptBase64Unsafe);
                if (!charSequence.equals(decryptBase64)) {
                    throw new GeneralSecurityException("Unable to decrypt the encrypted token. This should never happen. token.decryptedLength = " + charSequence.length() + ", decrypted.length = " + (decryptBase64 != null ? decryptBase64.length() : 0));
                }
            }
            return tokenBundle(account, accessToken.accessToken().toString(), accessToken.expirationDate().getTimestamp());
        } catch (IOException e) {
            e = e;
            Timber.w(e, "Error while refreshing an access token", new Object[0]);
            throw new AuthenticationException(3, e.getMessage());
        } catch (GeneralSecurityException e2) {
            CrashInfo.submitHandledCrash(e2, "Authenticator.refreshAccessToken() failed because of problem with encrypting token");
            return new AuthenticationException(9, "invalid_grant:token not decipherable").toBundle();
        } catch (ProtocolException e3) {
            e = e3;
            Timber.w(e, "Error while refreshing an access token", new Object[0]);
            throw new AuthenticationException(3, e.getMessage());
        } catch (TokenRequestError e4) {
            Timber.e(e4, "TokenRequestError while refreshing an access token", new Object[0]);
            throw new AuthenticationException(3, e4.getMessage() + ":" + e4.description());
        } catch (ProtocolError e5) {
            e = e5;
            Timber.w(e, "Error while refreshing an access token", new Object[0]);
            throw new AuthenticationException(3, e.getMessage());
        } catch (Exception e6) {
            CrashInfo.submitHandledCrash(e6, "Authenticator.refreshAccessToken() failed");
            throw e6;
        }
    }

    private Bundle tokenBundle(Account account, String str, long j) {
        Bundle bundle = new Bundle();
        bundle.putString("authAccount", account.name);
        bundle.putString("accountType", account.type);
        bundle.putString("authtoken", str);
        bundle.putLong("android.accounts.expiry", j);
        Timber.i("Deliver token for %s", account);
        return bundle;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle addAccount(AccountAuthenticatorResponse accountAuthenticatorResponse, String str, String str2, String[] strArr, Bundle bundle) {
        Bundle bundle2 = new Bundle();
        bundle2.putParcelable(OnlineStoragePclActionExecutor.SCHEME_INTENT, new Intent(this.context, (Class<?>) AuthActivity.class));
        return bundle2;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle confirmCredentials(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, Bundle bundle) {
        throw new UnsupportedOperationException();
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle editProperties(AccountAuthenticatorResponse accountAuthenticatorResponse, String str) {
        throw new UnsupportedOperationException();
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle getAuthToken(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, String str, Bundle bundle) {
        EncryptHelper encryptHelper;
        OAuth2Authenticator oAuth2Authenticator;
        EncryptHelper encryptHelper2;
        EncryptHelper encryptHelper3 = null;
        try {
            try {
                try {
                    assertAccessRights(bundle);
                    SimpleHostAccount hostAccountByAndroidAccount = this.hostAccountManager.getHostAccountByAndroidAccount(account);
                    if (hostAccountByAndroidAccount == null) {
                        throw new AuthenticationException(7, String.format("Can't authenticate account %s, no refresh token present and legacy token not supported.", account));
                    }
                    OAuth2Authenticator oAuth2Authenticator2 = new OAuth2Authenticator(new JsonOAuth2ClientFactoryFactory(new OAuthCredentialStore(this.context)).oAuth2ClientFactory(Brand.getBrandName(hostAccountByAndroidAccount.getBrand())), ComponentProvider.getApplicationComponent().getOkHttpClient());
                    try {
                        encryptHelper2 = EncryptHelper.getInstance(this.context.getApplicationContext());
                    } catch (GeneralSecurityException e) {
                        e = e;
                        encryptHelper = null;
                    }
                    try {
                        String userData = this.accountManager.getUserData(account, KEY_REFRESH_TOKEN);
                        if (!StringUtils.isEmpty(userData)) {
                            return refreshAccessToken(account, str, encryptHelper2, encryptHelper2.decryptBase64Unsafe(userData), oAuth2Authenticator2);
                        }
                        EmptyRefreshTokenLogger.maybeSubmitHandledException(null, "Encrypted refresh token is empty");
                        return refreshAccessToken(account, str, encryptHelper2, EMPTY_FALLBACK_TOKEN, oAuth2Authenticator2);
                    } catch (AuthenticationException e2) {
                        e = e2;
                        encryptHelper3 = encryptHelper2;
                        if (encryptHelper3 != null) {
                            CrashInfo.addBreadcrumb(new GenericBreadcrumb("Number of saved encryption keys: " + encryptHelper3.getNumberOfKeysSaved(), BreadcrumbCategory.ACLOUD_3469));
                        }
                        Timber.d(e);
                        return e.toBundle();
                    } catch (GeneralSecurityException e3) {
                        e = e3;
                        encryptHelper = encryptHelper2;
                        oAuth2Authenticator = oAuth2Authenticator2;
                        if (encryptHelper != null) {
                            CrashInfo.addBreadcrumb(new GenericBreadcrumb("Number of saved encryption keys: " + encryptHelper.getNumberOfKeysSaved(), BreadcrumbCategory.ACLOUD_3469));
                        }
                        CrashInfo.submitHandledCrash(e, "Authenticator.getAuthToken() failed because of problem with decrypting refresh token");
                        this.accountManager.setUserData(account, KEY_REFRESH_TOKEN, null);
                        try {
                            return refreshAccessToken(account, str, encryptHelper, INVALID_FALLBACK_TOKEN, oAuth2Authenticator);
                        } catch (AuthenticationException e4) {
                            Timber.d(e4);
                            return e4.toBundle();
                        }
                    }
                } catch (AuthenticationException e5) {
                    e = e5;
                }
            } catch (GeneralSecurityException e6) {
                e = e6;
                encryptHelper = null;
                oAuth2Authenticator = null;
            }
        } catch (NullPointerException e7) {
            if (e7.getLocalizedMessage() != null && !e7.getLocalizedMessage().contains("'int java.lang.CharSequence.length()' on a null object")) {
                CrashInfo.submitHandledCrash(e7, "Authenticator.getAuthToken() failed");
            }
            throw e7;
        } catch (Exception e8) {
            CrashInfo.submitHandledCrash(e8, "Authenticator.getAuthToken() failed");
            throw e8;
        }
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public String getAuthTokenLabel(String str) {
        throw new UnsupportedOperationException();
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle hasFeatures(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, String[] strArr) {
        Bundle bundle = new Bundle();
        bundle.putBoolean("booleanResult", false);
        return bundle;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle updateCredentials(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, String str, Bundle bundle) {
        throw new UnsupportedOperationException();
    }
}
