package defpackage;

import android.content.Context;
import android.os.Looper;
import android.os.SystemClock;
import android.text.TextUtils;
import android.util.Base64;
import com.fiberlink.maas360.android.control.ControlApplication;
import com.fiberlink.maas360.android.webservices.resources.v10.AbstractWebserviceResource;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateExpiredException;
import java.util.HashMap;
import java.util.concurrent.locks.ReentrantReadWriteLock;

/* loaded from: classes.dex */
public class bdc implements bcv {

    /* renamed from: a, reason: collision with root package name */
    private static final Object f2678a = new Object();

    /* renamed from: b, reason: collision with root package name */
    private static final Object f2679b = new Object();

    /* renamed from: c, reason: collision with root package name */
    private static final Object f2680c = new Object();
    private static final String d = bdc.class.getSimpleName();
    private static bcv f;
    private final ControlApplication g;
    private final awe h;
    private String j;
    private String k;
    private Boolean l;
    private Integer m;
    private boolean n;
    private boolean o;
    private Boolean q;
    private Boolean r;
    private long e = 0;
    private boolean p = false;
    private final ReentrantReadWriteLock i = new ReentrantReadWriteLock();

    private bdc(ControlApplication controlApplication, awe aweVar) {
        this.g = controlApplication;
        this.h = aweVar;
        if (!controlApplication.aR().a() || controlApplication.af()) {
            this.n = false;
            ckq.d(d, "DB Key Registered is false during initialization");
        } else {
            this.n = true;
            ckq.a(d, "DB Key Registered as true during initialization");
        }
    }

    private long a(long j) {
        long j2 = this.e;
        if (j2 == -1111111111 || j2 == 0 || j - j2 > o()) {
            synchronized (f2678a) {
                if (this.e == 0 || j - this.e > o()) {
                    long c2 = this.h.c("PBE_CONTAINER_LAST_ACCESSED_TIME");
                    this.e = c2;
                    if (c2 > j) {
                        e();
                        this.e = j;
                    }
                    if (this.e == -1111111111) {
                        ckq.b(d, "PBE:Last container access time is not there in database.");
                    }
                }
            }
            ckq.b(d, "PBE: Last container access time " + this.e);
        }
        return this.e;
    }

    public static bcv a(ControlApplication controlApplication, awe aweVar) {
        if (f == null) {
            synchronized (f2679b) {
                if (f == null) {
                    f = new bdc(controlApplication, aweVar);
                }
            }
        }
        return f;
    }

    private String a(Context context, String str, boolean z) {
        if (z) {
            try {
                byte[] b2 = cku.a().b(context, Base64.decode(str, 0), a(true, false), cku.a().d(context));
                if (b2.length > 0) {
                    return Base64.encodeToString(b2, 0);
                }
            } catch (Exception e) {
                ckq.d(d, e, "PBE:Exception in recovering PIN from android key store. Failed to get SecureDbKey");
            }
            return null;
        }
        if (!k()) {
            return str;
        }
        if (!i()) {
            try {
                ckq.a(d, "PBE: Recover key using keystore. PBE configured...");
                q();
            } catch (Exception e2) {
                ckq.d(d, e2, "PBE:Unable to recover pin from Android Key Store.");
                ckq.a(d, "Proceed without protecting db key. It will be retried on next access of db again.");
            }
        }
        if (j() == null) {
            return str;
        }
        a(Base64.decode(str, 0), j(), context, true);
        return str;
    }

    private String a(boolean z, boolean z2) {
        String j = j();
        if (!z || !TextUtils.isEmpty(this.j) || !a(z2)) {
            return j;
        }
        try {
            ckq.b(d, "PBE: Recover key using keystore. In memory pin was null.");
            q();
            return j();
        } catch (Exception e) {
            ckq.d(d, e, "PBE:Error in recovering PIN using Android Keystore");
            return j;
        }
    }

    private void a(Context context, boolean z) {
        if (a(context) != null) {
            HashMap hashMap = new HashMap();
            hashMap.put("IS_SECURE_DB_KEY_SAFE", String.valueOf(z));
            hashMap.put("Control.Data.TEL", a(context));
            this.h.a(hashMap);
            this.r = Boolean.valueOf(z);
            ckq.b(d, "PBE:Removed PIN based db protection.");
        }
    }

    private void a(boolean z, int i) {
        this.l = Boolean.valueOf(z);
        this.m = Integer.valueOf(i);
        this.h.b("pin_based_encryp_enabled", this.l.booleanValue());
        this.h.b("pin_based_encryp_cache_expiry", this.m.intValue());
    }

    private void a(byte[] bArr, String str, Context context, boolean z) {
        if (TextUtils.isEmpty(str)) {
            ckq.c(d, "PBE: Pin was not secured as pin text is not valid.");
            return;
        }
        try {
            byte[] a2 = cku.a().a(context, bArr, str, cku.a().d(context));
            HashMap hashMap = new HashMap();
            hashMap.put("IS_SECURE_DB_KEY_SAFE", String.valueOf(k()));
            hashMap.put("Control.Data.TEL", Base64.encodeToString(a2, 0));
            if (z) {
                hashMap.put("SECURE_PIN", Base64.encodeToString(a(str, context), 0));
            }
            this.h.a(hashMap);
            this.r = Boolean.valueOf(k());
            a(str);
        } catch (Exception e) {
            ckq.a(d, e, "PBE:Exception in protecting secure DB key");
        }
        bcs.a().a(context);
        bxk.a().b();
    }

    private byte[] a(String str, Context context) {
        try {
            PublicKey d2 = ckt.a().d("MAAS360_SECURE_CONTEXT");
            if (d2 == null || l()) {
                d2 = ckt.a().a(context, "MAAS360_SECURE_CONTEXT", 43200).getPublic();
            }
            return ckt.a().a(str.getBytes(bqb.f3388a), d2);
        } catch (Exception e) {
            ckq.d(d, e, "PBE:Error in generating secure PIN");
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void b(String str) {
        if ((TextUtils.isEmpty(this.h.a("SECURE_PIN")) || l() || !ckt.a().c("MAAS360_SECURE_CONTEXT")) && ckt.a().b()) {
            try {
                this.h.b("SECURE_PIN", Base64.encodeToString(a(str, this.g.getApplicationContext()), 0));
                ckq.b(d, "PBE:Protected PIN successfully");
            } catch (Exception unused) {
                ckq.c(d, "PBE:Error in saving secure pin");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void c(boolean z) {
        if (l() != z) {
            synchronized (f2680c) {
                if (l() != z) {
                    this.h.b("secure_pin_key_corrupted", z);
                    this.q = Boolean.valueOf(z);
                }
            }
        }
    }

    public static bcv h() {
        return f;
    }

    private boolean k() {
        if (this.l == null) {
            synchronized (f2680c) {
                if (this.l == null) {
                    this.l = Boolean.valueOf(this.h.a("pin_based_encryp_enabled", false));
                    ckq.b(d, "PBE: Enabled " + this.l);
                }
            }
        }
        return this.l.booleanValue();
    }

    private boolean l() {
        if (this.q == null) {
            synchronized (f2680c) {
                if (this.q == null) {
                    this.q = Boolean.valueOf(this.h.a("secure_pin_key_corrupted", false));
                    String str = d;
                    boolean z = true;
                    String[] strArr = new String[1];
                    StringBuilder sb = new StringBuilder();
                    sb.append("PBE: Secure Pin Recoverable ");
                    if (this.q.booleanValue()) {
                        z = false;
                    }
                    sb.append(z);
                    strArr[0] = sb.toString();
                    ckq.b(str, strArr);
                }
            }
        }
        return this.q.booleanValue();
    }

    private boolean m() {
        if (this.r == null) {
            synchronized (f2680c) {
                if (this.r == null) {
                    this.r = Boolean.valueOf(this.h.a("IS_SECURE_DB_KEY_SAFE", false));
                    ckq.b(d, "PBE: Secure Pin  " + this.r);
                }
            }
        }
        return this.r.booleanValue();
    }

    private int n() {
        if (this.m == null) {
            Integer valueOf = Integer.valueOf(this.h.b("pin_based_encryp_cache_expiry"));
            this.m = valueOf;
            if (-1111111111 == valueOf.intValue()) {
                this.m = Integer.MAX_VALUE;
            }
        }
        return this.m.intValue();
    }

    private long o() {
        return Math.min(this.m.intValue() * 60 * AbstractWebserviceResource.SERVER_ERROR_CODE_INTERNAL_ERROR, 1800000L);
    }

    private boolean p() {
        return Looper.myLooper() == Looper.getMainLooper();
    }

    private void q() {
        PrivateKey b2 = ckt.a().b("MAAS360_SECURE_CONTEXT");
        String a2 = this.h.a("SECURE_PIN");
        if (b2 == null) {
            throw new CertificateExpiredException("Failed to get keypair from Android keystore");
        }
        try {
            a(new String(ckt.a().a(Base64.decode(a2, 0), b2), bqb.f3388a));
        } catch (Exception e) {
            ckq.d(d, e, "PBE: Error in decrypting secure pin");
            c(true);
            throw e;
        }
    }

    @Override // defpackage.bcv
    public String a(Context context) {
        if (this.k == null) {
            synchronized (f2680c) {
                ckq.a(d, "isSecureDbKeyRegistered : " + this.n);
                if (this.k == null && this.n) {
                    String a2 = this.h.a("Control.Data.TEL");
                    if (!TextUtils.isEmpty(a2)) {
                        if (!m()) {
                            this.k = a2;
                        } else if (a()) {
                            this.k = a(context, a2, m());
                        }
                    }
                } else {
                    ckq.d(d, "Not populating key with registered as: " + this.n);
                }
            }
        }
        return this.k;
    }

    @Override // defpackage.bcv
    public synchronized void a(Context context, String str) {
        ckq.a(d, "PBE:Handle DBK on parameter change");
        if (this.o) {
            return;
        }
        this.o = true;
        if (k()) {
            ckq.a(d, "PBE:PIN based data protection is enabled");
            if (!m()) {
                ckq.a(d, "PBE:This is first time PIN set scenario. We need to encrypt secure_db_key with PIN");
                a(Base64.decode(this.h.a("Control.Data.TEL"), 0), str, context, true);
            } else if (str.equals(a(true, true))) {
                ckq.b(d, "PBE: Old Pin & New Pin is same.");
            } else {
                ckq.a(d, "PBE: This is PIN change scenario.  Need to decrypt and re-encrypt secure_db_key with new PIN");
                try {
                    a(cku.a().b(context, Base64.decode(this.h.a("Control.Data.TEL"), 0), a(true, true), cku.a().d(context)), str, context, true);
                } catch (Exception e) {
                    ckq.d(d, e, "PBE: Exception in protecting data base key");
                }
            }
            this.o = false;
            return;
        }
        if (ckt.a().b()) {
            ckq.a(d, "PBE:PIN based data protection is not enabled but key store api is available");
            try {
                this.h.b("SECURE_PIN", Base64.encodeToString(a(str, context), 0));
                a(str);
            } catch (Exception e2) {
                ckq.d(d, e2, "PBE:Error in saving secure PIN");
            }
            bcs.a().a(context);
            bxk.a().b();
        } else {
            bcs.a().a(context);
            bxk.a().b();
        }
        this.o = false;
        return;
    }

    @Override // defpackage.bcv
    public synchronized void a(Context context, boolean z, int i) {
        ckq.b(d, "PBE:Handle DB key on policy change");
        boolean m = m();
        a(z, i);
        if (z) {
            ckq.b(d, "PBE:PIN based db encryption is configured.");
            if (!m) {
                ckq.b(d, "PBE:DB key is not secured");
                if (!TextUtils.isEmpty(this.h.a("SECURE_PIN")) && a()) {
                    try {
                        if (!i()) {
                            ckq.b(d, "PBE:Recovering PIN using android key store.");
                            q();
                        }
                        a(Base64.decode(this.h.a("Control.Data.TEL"), 0), a(true, false), context, true);
                        ckq.b(d, "PBE:Encrypted DB Key.");
                    } catch (Exception e) {
                        ckq.d(d, e, "PBE:Exception in securing PIN using android key store. Failed to get SecureDbKey");
                    }
                }
            }
        } else {
            ckq.b(d, "PBE:PIN based db encryption is not configured.Check PIN based db protection is set.");
            if (m) {
                a(context, false);
            }
        }
    }

    @Override // defpackage.bcv
    public void a(final String str) {
        try {
            this.i.writeLock().lock();
            ckq.b(d, "PBE: Adding ");
            this.j = str;
            this.p = false;
            this.i.writeLock().unlock();
            if (p()) {
                new Thread(new Runnable() { // from class: bdc.1
                    @Override // java.lang.Runnable
                    public void run() {
                        bdc.this.b(str);
                        bdc.this.c(false);
                    }
                }).start();
            } else {
                b(str);
                c(false);
            }
        } catch (Throwable th) {
            this.i.writeLock().unlock();
            throw th;
        }
    }

    @Override // defpackage.bcv
    public boolean a() {
        return a(false);
    }

    @Override // defpackage.bcv
    public boolean a(boolean z) {
        boolean z2 = (k() && m() && !i()) ? false : true;
        if (!z2) {
            if (!z) {
                int n = n();
                long elapsedRealtime = SystemClock.elapsedRealtime();
                z2 = (this.p || l() || elapsedRealtime - a(elapsedRealtime) > ((long) ((n * 60) * AbstractWebserviceResource.SERVER_ERROR_CODE_INTERNAL_ERROR))) ? false : true;
                if (!z2 && !this.p) {
                    ckq.b(d, "PBE: Cached is expired for PIN. It will not be recovered.");
                }
            }
            if (!l() && (z2 || z)) {
                z2 = ckt.a().c("MAAS360_SECURE_CONTEXT");
            }
        }
        ckq.b(d, "PBE: isPinRecoverable : " + z2);
        return z2;
    }

    @Override // defpackage.bcv
    public boolean b() {
        return b(false);
    }

    @Override // defpackage.bcv
    public boolean b(boolean z) {
        return this.k != null || (this.n && a(z));
    }

    @Override // defpackage.bcv
    public String c() {
        ckq.b(d, "PBE:Generating and enabling secure db key");
        String a2 = bem.a();
        this.h.b("Control.Data.TEL", a2);
        synchronized (f2680c) {
            this.k = a2;
            this.n = true;
        }
        return a2;
    }

    @Override // defpackage.bcv
    public boolean d() {
        return this.n;
    }

    @Override // defpackage.bcv
    public void e() {
        this.p = true;
        ckq.b(d, "PBE: System Reboot detected");
    }

    @Override // defpackage.bcv
    public void f() {
        synchronized (f2680c) {
            ckq.b(d, "Removing secure DB key");
            this.k = null;
            this.n = false;
            this.r = false;
            this.h.d("Control.Data.TEL");
            this.h.d("IS_SECURE_DB_KEY_SAFE");
        }
    }

    @Override // defpackage.bcv
    public void g() {
        synchronized (f2680c) {
            this.n = true;
        }
        ckq.b(d, "PBE: reinitializeSecureDB called. Secure Database registered");
    }

    public boolean i() {
        try {
            this.i.readLock().lock();
            return !TextUtils.isEmpty(this.j);
        } finally {
            this.i.readLock().unlock();
        }
    }

    public String j() {
        try {
            this.i.readLock().lock();
            return this.j;
        } finally {
            this.i.readLock().unlock();
        }
    }
}
