package com.unitedinternet.portal.authenticator;

import android.accounts.AbstractAccountAuthenticator;
import android.accounts.AccountAuthenticatorResponse;
import android.accounts.AccountManager;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.os.Build;
import android.os.Bundle;
import android.os.Process;
import android.text.TextUtils;
import android.util.Base64;
import com.unitedinternet.portal.account.Account;
import com.unitedinternet.portal.account.AccountUnavailableException;
import com.unitedinternet.portal.android.lib.LoginException;
import com.unitedinternet.portal.android.lib.RequestException;
import com.unitedinternet.portal.android.lib.authenticator.AuthenticationException;
import com.unitedinternet.portal.android.lib.authenticator.EncryptHelper;
import com.unitedinternet.portal.android.lib.authenticator.oauth2client.JsonOAuth2ClientFactoryFactory;
import com.unitedinternet.portal.android.lib.oauth2.OAuth2Authenticator;
import com.unitedinternet.portal.android.lib.rest.PacExposer;
import com.unitedinternet.portal.android.mail.login.view.LoginActivity;
import com.unitedinternet.portal.core.exception.MessagingException;
import com.unitedinternet.portal.core.restmail.RESTStore;
import com.unitedinternet.portal.helper.Charsets;
import com.unitedinternet.portal.helper.FolderHelper;
import com.unitedinternet.portal.injection.ComponentProvider;
import com.unitedinternet.portal.trackingcrashes.CrashManager;
import com.unitedinternet.portal.trackingcrashes.GenericBreadcrumb;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import okhttp3.OkHttpClient;
import org.dmfs.httpessentials.exceptions.ProtocolError;
import org.dmfs.httpessentials.exceptions.ProtocolException;
import org.dmfs.oauth2.client.OAuth2AccessToken;
import org.dmfs.oauth2.client.errors.TokenRequestError;
import timber.log.Timber;

/* loaded from: classes2.dex */
public final class Authenticator extends AbstractAccountAuthenticator {
    public static final String CLEARED_TOKEN = "cleared_token";
    private static final String KEY_FAILING_LEGACY_TOKEN_HASH = "failing_legacy_token_hash";
    public static final String KEY_REFRESH_TOKEN = "refresh_token";
    private static final String PREFIX_LEGACY_TOKEN = "urn:password:mobiletoken:";
    public static final String PREF_CLEAN_REFRESH_TOKEN = "com.unitedinternet.android.clean_refresh_token";
    public static final String PREF_IS_CLEANING_NEEDED = ".should_clean_refresh_token";
    private final AccountManager accountManager;
    Context context;
    CrashManager crashManager;
    OkHttpClient okHttpClient;
    private SharedPreferences sharedPreferences;

    public Authenticator(Context context) {
        super(context);
        ComponentProvider.getApplicationComponent().inject(this);
        this.accountManager = AccountManager.get(context);
        this.sharedPreferences = context.getSharedPreferences(PREF_CLEAN_REFRESH_TOKEN, 0);
    }

    private void assertAccessRights(Bundle bundle) throws AuthenticationException {
        if (bundle.getInt("callerUid") == Process.myUid()) {
            return;
        }
        Timber.e("Auth token request from unauthorized uid %d", Integer.valueOf(bundle.getInt("callerUid")));
        throw new AuthenticationException(6, "Calling process UID not authorized to get auth token.");
    }

    private String getAddressbookUri(Account account) throws MessagingException {
        RESTStore rESTStore = new RESTStore(account);
        if (rESTStore.isLoginNeeded() && !rESTStore.doLogin()) {
            throw new MessagingException("Can't authenticate");
        }
        String str = null;
        try {
            PacExposer requestPAC = ComponentProvider.getApplicationComponent().getMailCommunicatorProvider().getMailCommunicator(account.getUuid()).requestPAC();
            if (requestPAC != null) {
                str = requestPAC.getAddressBookUri();
            }
        } catch (AccountUnavailableException e) {
            Timber.w(e, "Was not able to get a mail communicator", new Object[0]);
        } catch (LoginException e2) {
            Timber.w(e2, "Was not able to login", new Object[0]);
        } catch (RequestException e3) {
            Timber.w(e3, "Was not able to get context", new Object[0]);
        }
        if (str == null) {
            throw new MessagingException("Could not load contacts, addressbookURI is null");
        }
        if (str.endsWith(FolderHelper.PATH_SEPARATOR)) {
            return str;
        }
        return str + FolderHelper.PATH_SEPARATOR;
    }

    private Bundle getLegacyAccessToken(android.accounts.Account account, Account account2) throws AuthenticationException {
        try {
            return tokenBundle(account, getAddressbookUri(account2), 0L);
        } catch (MessagingException e) {
            Timber.e(e, "Error getting the legacy access token.", new Object[0]);
            throw new AuthenticationException(7, String.format("Can't authenticate this account, legacy token not supported for %s.", account));
        }
    }

    private String hashLegacyToken(String str) {
        try {
            return Base64.encodeToString(MessageDigest.getInstance("sha1").digest(str.getBytes(Charsets.UTF_8)), 8);
        } catch (NoSuchAlgorithmException e) {
            throw new NoSha1SupportException(e);
        }
    }

    private String migrateToOauth(android.accounts.Account account, Account account2, EncryptHelper encryptHelper, OAuth2Authenticator oAuth2Authenticator) throws AuthenticationException {
        if (!account2.canUseTokenLogin()) {
            throw new AuthenticationException(7, String.format("Can't authenticate account %s, not refresh token present and legacy token not supported.", account));
        }
        String loginToken = account2.getLoginToken();
        if (TextUtils.isEmpty(loginToken)) {
            throw new AuthenticationException(3, "invalid_grant:no logintoken");
        }
        if (loginToken.startsWith("urn:password:mobiletoken:")) {
            loginToken = loginToken.substring(25);
        }
        String userData = this.accountManager.getUserData(account, KEY_FAILING_LEGACY_TOKEN_HASH);
        if (!TextUtils.isEmpty(userData) && userData.equals(hashLegacyToken(loginToken))) {
            throw new AuthenticationException(3, "Legacy token not valid.");
        }
        try {
            String charSequence = oAuth2Authenticator.loginWithLegacyToken(loginToken).refreshToken().toString();
            this.accountManager.setUserData(account, KEY_REFRESH_TOKEN, encryptHelper.encryptBase64(charSequence));
            this.accountManager.setUserData(account, KEY_FAILING_LEGACY_TOKEN_HASH, null);
            this.sharedPreferences.edit().putBoolean(account2.getUuid() + PREF_IS_CLEANING_NEEDED, false).apply();
            return charSequence;
        } catch (IOException e) {
            e = e;
            Timber.e(e, "Error while migrating to OAuth2", new Object[0]);
            throw new AuthenticationException(3, e.getMessage());
        } catch (TokenRequestError e2) {
            Timber.e(e2, "Error while migrating to OAuth2", new Object[0]);
            if ("invalid_grant".equals(e2.getMessage())) {
                this.accountManager.setUserData(account, KEY_FAILING_LEGACY_TOKEN_HASH, hashLegacyToken(loginToken));
            }
            throw new AuthenticationException(9, e2.getMessage() + ":" + e2.description());
        } catch (ProtocolError e3) {
            e = e3;
            Timber.e(e, "Error while migrating to OAuth2", new Object[0]);
            throw new AuthenticationException(3, e.getMessage());
        } catch (ProtocolException e4) {
            Timber.e(e4, "Error while migrating to OAuth2", new Object[0]);
            throw new AuthenticationException(5, e4.getMessage());
        }
    }

    private Bundle refreshAccessToken(android.accounts.Account account, String str, EncryptHelper encryptHelper, String str2, OAuth2Authenticator oAuth2Authenticator) throws AuthenticationException {
        try {
            OAuth2AccessToken accessToken = oAuth2Authenticator.getAccessToken(str2, str);
            if (accessToken.hasRefreshToken()) {
                this.accountManager.setUserData(account, KEY_REFRESH_TOKEN, encryptHelper.encryptBase64(accessToken.refreshToken().toString()));
            }
            return tokenBundle(account, accessToken.accessToken().toString(), accessToken.expirationDate().getTimestamp());
        } catch (IOException e) {
            e = e;
            Timber.e(e, "Error while refreshing an access token", new Object[0]);
            throw new AuthenticationException(3, e.getMessage());
        } catch (TokenRequestError e2) {
            Timber.e(e2, "TokenRequestError while refreshing an access token", new Object[0]);
            throw new AuthenticationException(9, e2.getMessage() + ":" + e2.description());
        } catch (ProtocolError e3) {
            e = e3;
            Timber.e(e, "Error while refreshing an access token", new Object[0]);
            throw new AuthenticationException(3, e.getMessage());
        } catch (ProtocolException e4) {
            Timber.e(e4, "Error while refreshing an access token", new Object[0]);
            throw new AuthenticationException(5, e4.getMessage());
        }
    }

    private Bundle tokenBundle(android.accounts.Account account, String str, long j) {
        Bundle bundle = new Bundle();
        bundle.putString("authAccount", account.name);
        bundle.putString("accountType", account.type);
        bundle.putString("authtoken", str);
        if (Build.VERSION.SDK_INT >= 23) {
            bundle.putLong("android.accounts.expiry", j);
        }
        Timber.i("Deliver token for %s", account);
        return bundle;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle addAccount(AccountAuthenticatorResponse accountAuthenticatorResponse, String str, String str2, String[] strArr, Bundle bundle) {
        Bundle bundle2 = new Bundle();
        bundle2.putParcelable("intent", new Intent(this.context, (Class<?>) LoginActivity.class));
        return bundle2;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle confirmCredentials(AccountAuthenticatorResponse accountAuthenticatorResponse, android.accounts.Account account, Bundle bundle) {
        throw new UnsupportedOperationException();
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle editProperties(AccountAuthenticatorResponse accountAuthenticatorResponse, String str) {
        throw new UnsupportedOperationException();
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle getAuthToken(AccountAuthenticatorResponse accountAuthenticatorResponse, android.accounts.Account account, String str, Bundle bundle) {
        String migrateToOauth;
        try {
            assertAccessRights(bundle);
            Account accountByAndroidAccount = ComponentProvider.getApplicationComponent().getPreferences().getAccountByAndroidAccount(account);
            if ("legacy_coms".equals(str)) {
                return getLegacyAccessToken(account, accountByAndroidAccount);
            }
            OAuth2Authenticator oAuth2Authenticator = new OAuth2Authenticator(new JsonOAuth2ClientFactoryFactory(new OAuthCredentialStore()).oAuth2ClientFactory(accountByAndroidAccount.getEuebrand()), this.okHttpClient);
            EncryptHelper encryptHelper = EncryptHelper.getInstance(this.context.getApplicationContext());
            String userData = this.accountManager.getUserData(account, KEY_REFRESH_TOKEN);
            if (CLEARED_TOKEN.equals(userData)) {
                throw new AuthenticationException(9, "invalid_grant:token was cleared");
            }
            if (userData != null) {
                if (!this.sharedPreferences.getBoolean(accountByAndroidAccount.getUuid() + PREF_IS_CLEANING_NEEDED, true)) {
                    try {
                        String decryptBase64Unsafe = encryptHelper.decryptBase64Unsafe(userData);
                        if (decryptBase64Unsafe != null) {
                            migrateToOauth = decryptBase64Unsafe;
                            return refreshAccessToken(account, str, encryptHelper, migrateToOauth, oAuth2Authenticator);
                        }
                        AuthenticationException authenticationException = new AuthenticationException(9, "invalid_grant: empty token");
                        this.crashManager.addBreadcrumb(new GenericBreadcrumb("decrypt produced an empty token", "AMAIL-17489"));
                        throw authenticationException;
                    } catch (Exception e) {
                        this.crashManager.addBreadcrumb(new GenericBreadcrumb("decrypt token exception: " + e.getMessage(), "AMAIL-17489"));
                        Timber.d(e, "decrypt token problem ", new Object[0]);
                        throw new AuthenticationException(9, "invalid_grant:token not decipherable because " + e.getMessage());
                    }
                }
            }
            migrateToOauth = migrateToOauth(account, accountByAndroidAccount, encryptHelper, oAuth2Authenticator);
            return refreshAccessToken(account, str, encryptHelper, migrateToOauth, oAuth2Authenticator);
        } catch (AuthenticationException e2) {
            Timber.d(e2);
            return e2.toBundle();
        }
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public String getAuthTokenLabel(String str) {
        throw new UnsupportedOperationException();
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle hasFeatures(AccountAuthenticatorResponse accountAuthenticatorResponse, android.accounts.Account account, String[] strArr) {
        Bundle bundle = new Bundle();
        bundle.putBoolean("booleanResult", false);
        return bundle;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle updateCredentials(AccountAuthenticatorResponse accountAuthenticatorResponse, android.accounts.Account account, String str, Bundle bundle) {
        throw new UnsupportedOperationException();
    }
}
