package com.auth0.android.authentication.storage;

import android.app.Activity;
import android.app.KeyguardManager;
import android.content.Context;
import android.content.Intent;
import android.os.Build;
import android.support.annotation.IntRange;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.support.annotation.RequiresApi;
import android.support.annotation.VisibleForTesting;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import com.auth0.android.authentication.AuthenticationAPIClient;
import com.auth0.android.authentication.AuthenticationException;
import com.auth0.android.callback.AuthenticationCallback;
import com.auth0.android.callback.BaseCallback;
import com.auth0.android.request.internal.GsonProvider;
import com.auth0.android.result.Credentials;
import com.google.gson.Gson;

@RequiresApi(api = 21)
/* loaded from: classes.dex */
public class SecureCredentialsManager {
    private static final String KEY_ALIAS = "com.auth0.key";
    private static final String KEY_CAN_REFRESH = "com.auth0.credentials_can_refresh";
    private static final String KEY_CREDENTIALS = "com.auth0.credentials";
    private static final String KEY_EXPIRES_AT = "com.auth0.credentials_expires_at";
    private static final String TAG = SecureCredentialsManager.class.getSimpleName();
    private Activity activity;
    private final AuthenticationAPIClient apiClient;
    private Intent authIntent;
    private boolean authenticateBeforeDecrypt;
    private int authenticationRequestCode;
    private final CryptoUtil crypto;
    private BaseCallback<Credentials, CredentialsManagerException> decryptCallback;
    private final Gson gson;
    private final Storage storage;

    public SecureCredentialsManager(@NonNull Context context, @NonNull AuthenticationAPIClient authenticationAPIClient, @NonNull Storage storage) {
        this(authenticationAPIClient, storage, new CryptoUtil(context, storage, KEY_ALIAS));
    }

    @VisibleForTesting
    SecureCredentialsManager(@NonNull AuthenticationAPIClient authenticationAPIClient, @NonNull Storage storage, @NonNull CryptoUtil cryptoUtil) {
        this.authenticationRequestCode = -1;
        this.apiClient = authenticationAPIClient;
        this.storage = storage;
        this.crypto = cryptoUtil;
        this.gson = GsonProvider.buildGson();
        this.authenticateBeforeDecrypt = false;
    }

    private void continueGetCredentials(final BaseCallback<Credentials, CredentialsManagerException> baseCallback) {
        try {
            final Credentials credentials = (Credentials) this.gson.fromJson(new String(this.crypto.decrypt(Base64.decode(this.storage.retrieveString(KEY_CREDENTIALS), 0))), Credentials.class);
            if ((TextUtils.isEmpty(credentials.getAccessToken()) && TextUtils.isEmpty(credentials.getIdToken())) || credentials.getExpiresAt() == null) {
                baseCallback.onFailure(new CredentialsManagerException("No Credentials were previously set."));
                this.decryptCallback = null;
            } else if (credentials.getExpiresAt().getTime() > getCurrentTimeInMillis()) {
                baseCallback.onSuccess(credentials);
                this.decryptCallback = null;
            } else if (credentials.getRefreshToken() == null) {
                baseCallback.onFailure(new CredentialsManagerException("No Credentials were previously set."));
                this.decryptCallback = null;
            } else {
                Log.d(TAG, "Credentials have expired. Renewing them now...");
                this.apiClient.renewAuth(credentials.getRefreshToken()).start(new AuthenticationCallback<Credentials>() { // from class: com.auth0.android.authentication.storage.SecureCredentialsManager.1
                    @Override // com.auth0.android.callback.Callback
                    public void onFailure(AuthenticationException authenticationException) {
                        baseCallback.onFailure(new CredentialsManagerException("An error occurred while trying to use the Refresh Token to renew the Credentials.", authenticationException));
                        SecureCredentialsManager.this.decryptCallback = null;
                    }

                    @Override // com.auth0.android.callback.BaseCallback
                    public void onSuccess(Credentials credentials2) {
                        Credentials credentials3 = new Credentials(credentials2.getIdToken(), credentials2.getAccessToken(), credentials2.getType(), credentials.getRefreshToken(), credentials2.getExpiresAt(), credentials2.getScope());
                        SecureCredentialsManager.this.saveCredentials(credentials3);
                        baseCallback.onSuccess(credentials3);
                        SecureCredentialsManager.this.decryptCallback = null;
                    }
                });
            }
        } catch (CryptoException e) {
            baseCallback.onFailure(new CredentialsManagerException("An error occurred while decrypting the existing credentials.", e));
        }
    }

    public boolean checkAuthenticationResult(int i, int i2) {
        if (i != this.authenticationRequestCode || this.decryptCallback == null) {
            return false;
        }
        if (i2 == -1) {
            continueGetCredentials(this.decryptCallback);
        } else {
            this.decryptCallback.onFailure(new CredentialsManagerException("The user didn't pass the authentication challenge."));
            this.decryptCallback = null;
        }
        return true;
    }

    public void clearCredentials() {
        this.storage.remove(KEY_CREDENTIALS);
        this.storage.remove(KEY_EXPIRES_AT);
        this.storage.remove(KEY_CAN_REFRESH);
        Log.d(TAG, "Credentials were just removed from the storage");
    }

    public void getCredentials(@NonNull BaseCallback<Credentials, CredentialsManagerException> baseCallback) {
        if (!hasValidCredentials()) {
            baseCallback.onFailure(new CredentialsManagerException("No Credentials were previously set."));
        } else {
            if (!this.authenticateBeforeDecrypt) {
                continueGetCredentials(baseCallback);
                return;
            }
            Log.d(TAG, "Authentication is required to read the Credentials. Showing the LockScreen.");
            this.decryptCallback = baseCallback;
            this.activity.startActivityForResult(this.authIntent, this.authenticationRequestCode);
        }
    }

    @VisibleForTesting
    long getCurrentTimeInMillis() {
        return System.currentTimeMillis();
    }

    public boolean hasValidCredentials() {
        String retrieveString = this.storage.retrieveString(KEY_CREDENTIALS);
        Long retrieveLong = this.storage.retrieveLong(KEY_EXPIRES_AT);
        Boolean retrieveBoolean = this.storage.retrieveBoolean(KEY_CAN_REFRESH);
        return (TextUtils.isEmpty(retrieveString) || retrieveLong == null || (retrieveLong.longValue() <= getCurrentTimeInMillis() && (retrieveBoolean == null || !retrieveBoolean.booleanValue()))) ? false : true;
    }

    public boolean requireAuthentication(@NonNull Activity activity, @IntRange(from = 1, to = 255) int i, @Nullable String str, @Nullable String str2) {
        if (i < 1 || i > 255) {
            throw new IllegalArgumentException("Request code must a value between 1 and 255.");
        }
        KeyguardManager keyguardManager = (KeyguardManager) activity.getSystemService("keyguard");
        this.authIntent = Build.VERSION.SDK_INT >= 21 ? keyguardManager.createConfirmDeviceCredentialIntent(str, str2) : null;
        this.authenticateBeforeDecrypt = ((Build.VERSION.SDK_INT >= 23 && keyguardManager.isDeviceSecure()) || (Build.VERSION.SDK_INT >= 21 && keyguardManager.isKeyguardSecure())) && this.authIntent != null;
        if (this.authenticateBeforeDecrypt) {
            this.activity = activity;
            this.authenticationRequestCode = i;
        }
        return this.authenticateBeforeDecrypt;
    }

    public void saveCredentials(@NonNull Credentials credentials) throws CredentialsManagerException {
        if ((TextUtils.isEmpty(credentials.getAccessToken()) && TextUtils.isEmpty(credentials.getIdToken())) || credentials.getExpiresAt() == null) {
            throw new CredentialsManagerException("Credentials must have a valid date of expiration and a valid access_token or id_token value.");
        }
        String json = this.gson.toJson(credentials);
        long time = credentials.getExpiresAt().getTime();
        boolean z = TextUtils.isEmpty(credentials.getRefreshToken()) ? false : true;
        Log.e(TAG, "Trying to encrypt the given data using the private key.");
        try {
            this.storage.store(KEY_CREDENTIALS, Base64.encodeToString(this.crypto.encrypt(json.getBytes()), 0));
            this.storage.store(KEY_EXPIRES_AT, Long.valueOf(time));
            this.storage.store(KEY_CAN_REFRESH, Boolean.valueOf(z));
        } catch (CryptoException e) {
            throw new CredentialsManagerException("An error occurred while encrypting the credentials.", e);
        }
    }
}
