package com.amazon.whisperlink.internal;

import com.amazon.whisperlink.core.platform.AuthenticationFeatures;
import com.amazon.whisperlink.core.platform.PlatformCoreManager;
import com.amazon.whisperlink.exception.WPTException;
import com.amazon.whisperlink.impl.ServiceEndpointImpl;
import com.amazon.whisperlink.platform.PlatformManager;
import com.amazon.whisperlink.platform.authentication.DeviceAuthenticationRecord;
import com.amazon.whisperlink.platform.feature.AmazonAccessLevel;
import com.amazon.whisperlink.service.AuthResult;
import com.amazon.whisperlink.service.AuthResultCode;
import com.amazon.whisperlink.service.AuthToken;
import com.amazon.whisperlink.service.Description;
import com.amazon.whisperlink.service.DescriptionFilter;
import com.amazon.whisperlink.service.Device;
import com.amazon.whisperlink.service.WhisperLinkCoreConstants;
import com.amazon.whisperlink.transport.AuthorizationException;
import com.amazon.whisperlink.transport.EncryptionException;
import com.amazon.whisperlink.transport.NonceException;
import com.amazon.whisperlink.util.AuthenticationUtil;
import com.amazon.whisperlink.util.EncryptionUtil;
import com.amazon.whisperlink.util.Log;
import com.amazon.whisperlink.util.StringUtil;
import com.amazon.whisperlink.util.ThreadUtils;
import com.amazon.whisperlink.util.WhisperLinkUtil;
import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.thrift.TException;

/* loaded from: classes.dex */
public class AuthenticationData {
    private static final String GUEST_ACCESS_SECRET = "GuestSecret";
    private static final String TAG = "AuthenticationData";
    protected static final Set<String> authenticatingDevices = new HashSet(4);
    private final String internalRouteAuthSecret;
    private final NonceManager nonceManager;
    protected Map<String, DeviceAuthenticationRecord> records = new ConcurrentHashMap();

    public AuthenticationData(NonceManager nonceManager) {
        this.nonceManager = nonceManager;
        loadRecordsFromDB();
        this.internalRouteAuthSecret = generateRandomSecret();
    }

    private String generateRandomSecret() {
        byte[] bArr = new byte[16];
        EncryptionUtil.randomGenerator.nextBytes(bArr);
        return EncryptionUtil.base64Encode(bArr);
    }

    /* JADX WARN: Removed duplicated region for block: B:112:0x02d3  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private com.amazon.whisperlink.platform.authentication.DeviceAuthenticationRecord getDeviceRecord(com.amazon.whisperlink.service.Device r21, java.lang.String r22, int r23, boolean r24) throws com.amazon.whisperlink.transport.NonceException, org.apache.thrift.TException, com.amazon.whisperlink.transport.AuthorizationException, com.amazon.whisperlink.transport.EncryptionException {
        /*
            Method dump skipped, instructions count: 727
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.whisperlink.internal.AuthenticationData.getDeviceRecord(com.amazon.whisperlink.service.Device, java.lang.String, int, boolean):com.amazon.whisperlink.platform.authentication.DeviceAuthenticationRecord");
    }

    private DeviceAuthenticationRecord getDeviceRecordForInternalRoute() {
        Device localDevice = WhisperLinkUtil.getLocalDevice(false);
        Log.debug(TAG, "getDeviceRecordForInternalRoute: " + localDevice.uuid);
        DeviceAuthenticationRecord deviceAuthenticationRecord = new DeviceAuthenticationRecord(this.internalRouteAuthSecret, WhisperLinkCoreConstants.AUTH_LEVEL_ACCOUNT, true);
        putRecord(localDevice.uuid, deviceAuthenticationRecord);
        return deviceAuthenticationRecord;
    }

    private AuthToken getToken(Description description, Device device, boolean z, String str, boolean z2) throws TException, AuthorizationException {
        int i;
        if (WhisperLinkUtil.serviceRequiresVerification(description)) {
            Log.info(TAG, "Verified connections are not supported in this version, failing authentication.");
            throw new AuthorizationException("Cannot create VALIDATED token in this version.");
        }
        if (WhisperLinkUtil.serviceRequiresEncryption(description)) {
            Log.info(TAG, "Service level encryption is not supported in this version, failing authentication.");
            throw new AuthorizationException("Cannot create SERVICE_ENCRYPTION token in this version.");
        }
        int intValue = WhisperLinkUtil.getLowestAuthenticationLevel(description).intValue();
        String buildVerificationData = WhisperLinkUtil.buildVerificationData(description);
        synchronized (authenticatingDevices) {
            long currentTimeMillis = System.currentTimeMillis();
            boolean z3 = true;
            while (z3) {
                if (authenticatingDevices.contains(device.uuid)) {
                    try {
                        authenticatingDevices.wait();
                    } catch (InterruptedException unused) {
                    }
                    if (System.currentTimeMillis() - currentTimeMillis > 40000) {
                        throw new AuthorizationException("Timed out waiting for authorize");
                    }
                } else {
                    authenticatingDevices.add(device.uuid);
                    z3 = false;
                }
            }
        }
        try {
            DeviceAuthenticationRecord deviceAuthenticationRecord = this.records.get(device.uuid);
            String str2 = null;
            if (deviceAuthenticationRecord != null) {
                str2 = deviceAuthenticationRecord.secret;
                i = deviceAuthenticationRecord.highestLevel;
            } else {
                i = 0;
            }
            if (deviceAuthenticationRecord == null || str2 == null || i < intValue) {
                deviceAuthenticationRecord = z2 ? getDeviceRecordForInternalRoute() : getDeviceRecord(device, str2, intValue, z);
                Log.debug(TAG, "Assigning shared secrets with device: " + device.uuid);
                str2 = deviceAuthenticationRecord.secret;
            }
            long createNonce = this.nonceManager.createNonce(device.uuid, deviceAuthenticationRecord.createdLocally);
            try {
                if (StringUtil.isEmpty(buildVerificationData)) {
                    AuthToken authToken = new AuthToken(EncryptionUtil.hmacEncrypt(new String[]{WhisperLinkUtil.getLocalDeviceUUID(), device.uuid}, createNonce, str2.getBytes("UTF-8")), createNonce);
                    synchronized (authenticatingDevices) {
                        if (!authenticatingDevices.remove(device.uuid)) {
                            Log.error(TAG, "Synchronization error in authenticate device!");
                        }
                        authenticatingDevices.notifyAll();
                    }
                    return authToken;
                }
                if (!PlatformManager.getPlatformManager().isFeatureSupported(AmazonAccessLevel.class)) {
                    throw new AuthorizationException("Amazon Access Level not Supported");
                }
                if (!((AmazonAccessLevel) PlatformManager.getPlatformManager().getFeature(AmazonAccessLevel.class)).isAmazonApplication(str)) {
                    throw new AuthorizationException("Not an Amazon Signed App: " + str);
                }
                AuthToken authToken2 = new AuthToken(EncryptionUtil.hmacEncrypt(new String[]{WhisperLinkUtil.getLocalDeviceUUID(), device.uuid, buildVerificationData, Integer.toString(buildVerificationData.length())}, createNonce, str2.getBytes("UTF-8")), createNonce);
                authToken2.setVerifiedData(buildVerificationData);
                synchronized (authenticatingDevices) {
                    if (!authenticatingDevices.remove(device.uuid)) {
                        Log.error(TAG, "Synchronization error in authenticate device!");
                    }
                    authenticatingDevices.notifyAll();
                }
                return authToken2;
            } catch (UnsupportedEncodingException e) {
                throw new EncryptionException(e);
            }
        } catch (Throwable th) {
            synchronized (authenticatingDevices) {
                if (!authenticatingDevices.remove(device.uuid)) {
                    Log.error(TAG, "Synchronization error in authenticate device!");
                }
                authenticatingDevices.notifyAll();
                throw th;
            }
        }
    }

    private boolean isValidAuthLevel(int i) {
        return i == 0 || i == 100 || i == 1000 || i == 1337;
    }

    private void loadRecordsFromDB() {
        PlatformCoreManager platformManager = PlatformCoreManager.getPlatformManager();
        if (platformManager == null) {
            Log.warning(TAG, "No platform, cannot read a database.");
            return;
        }
        Map<String, DeviceAuthenticationRecord> allEntries = ((AuthenticationFeatures) platformManager.getFeature(AuthenticationFeatures.class)).getAuthDataStorageProvider().getAllEntries();
        Log.debug(TAG, "Loading " + allEntries.size() + " device authentication records from disk");
        this.records.putAll(allEntries);
    }

    private Map<String, String> parseVerifiedData(String str) {
        String[] split = str.split(ServiceEndpointImpl.SEPARATOR);
        TreeMap treeMap = new TreeMap();
        for (String str2 : split) {
            int indexOf = str2.indexOf(58);
            if (indexOf > 0) {
                treeMap.put(str2.substring(0, indexOf), str2.substring(indexOf + 1));
            }
        }
        return treeMap;
    }

    private boolean putRecord(final String str, final DeviceAuthenticationRecord deviceAuthenticationRecord) {
        boolean z = this.records.put(str, deviceAuthenticationRecord) != deviceAuthenticationRecord;
        if (z) {
            ThreadUtils.runInWorker(new Runnable() { // from class: com.amazon.whisperlink.internal.AuthenticationData.1
                @Override // java.lang.Runnable
                public void run() {
                    if (((AuthenticationFeatures) PlatformCoreManager.getPlatformManager().getFeature(AuthenticationFeatures.class)).getAuthDataStorageProvider().replaceRecord(str, deviceAuthenticationRecord)) {
                        return;
                    }
                    Log.debug(AuthenticationData.TAG, "Error trying to replace DeviceAuthenticationRecord in db for " + str);
                }
            });
        } else {
            ThreadUtils.runInWorker(new Runnable() { // from class: com.amazon.whisperlink.internal.AuthenticationData.2
                @Override // java.lang.Runnable
                public void run() {
                    if (((AuthenticationFeatures) PlatformCoreManager.getPlatformManager().getFeature(AuthenticationFeatures.class)).getAuthDataStorageProvider().addRecord(str, deviceAuthenticationRecord)) {
                        return;
                    }
                    Log.debug(AuthenticationData.TAG, "Error trying to write DeviceAuthenticationRecord to db for " + str);
                }
            });
        }
        return z;
    }

    private boolean removeRecord(String str) {
        boolean z = this.records.remove(str) != null;
        if (z) {
            removeRecordFromDB(str);
        }
        this.nonceManager.removeNonces(str);
        return z;
    }

    private void removeRecordFromDB(final String str) {
        ThreadUtils.runInWorker(new Runnable() { // from class: com.amazon.whisperlink.internal.AuthenticationData.3
            @Override // java.lang.Runnable
            public void run() {
                if (((AuthenticationFeatures) PlatformCoreManager.getPlatformManager().getFeature(AuthenticationFeatures.class)).getAuthDataStorageProvider().removeRecord(str)) {
                    return;
                }
                Log.debug(AuthenticationData.TAG, "Error trying to remove DeviceAuthenticationRecord in db for " + str);
            }
        });
    }

    /* JADX WARN: Code restructure failed: missing block: B:44:0x017a, code lost:
    
        throw new org.apache.thrift.TException("Amazon Account became null after validating keys similar");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.amazon.whisperlink.service.ReturnAuthParameters authorize(com.amazon.whisperlink.service.AuthParameters r32, com.amazon.whisperlink.service.Device r33, long r34, com.amazon.whisperlink.transport.TWhisperLinkTransport r36) throws com.amazon.whisperlink.transport.EncryptionException, com.amazon.whisperlink.transport.AuthorizationException {
        /*
            Method dump skipped, instructions count: 808
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.whisperlink.internal.AuthenticationData.authorize(com.amazon.whisperlink.service.AuthParameters, com.amazon.whisperlink.service.Device, long, com.amazon.whisperlink.transport.TWhisperLinkTransport):com.amazon.whisperlink.service.ReturnAuthParameters");
    }

    public AuthResult checkToken(AuthToken authToken, String str, String str2, int i) throws AuthorizationException, EncryptionException, WPTException {
        boolean z;
        String str3;
        Description quickDescriptionLookup = WhisperLinkUtil.quickDescriptionLookup(new DescriptionFilter(str, WhisperLinkUtil.getLocalDevice(false)));
        AuthResult checkServiceDescription = AuthenticationUtil.checkServiceDescription(quickDescriptionLookup, i);
        if (checkServiceDescription != null) {
            return checkServiceDescription;
        }
        DeviceAuthenticationRecord deviceAuthenticationRecord = this.records.get(str2);
        if (deviceAuthenticationRecord == null) {
            Log.debug(TAG, "Can't find auth record for uuid=" + str2);
            return new AuthResult(AuthResultCode.NO_AUTHORIZATION_RECORD, 0);
        }
        Log.debug(TAG, "Found record for uuid=" + str2 + ", createdLocally=" + deviceAuthenticationRecord.createdLocally);
        String str4 = deviceAuthenticationRecord.secret;
        int i2 = deviceAuthenticationRecord.highestLevel;
        Log.debug(TAG, "checkToken: " + str4 + ";" + i2);
        if (str4 == null) {
            return new AuthResult(AuthResultCode.NO_AUTHORIZATION_RECORD, 0);
        }
        if (i2 < WhisperLinkUtil.getLowestAuthenticationLevel(quickDescriptionLookup).intValue()) {
            Log.info(TAG, "Current access level " + i2 + " less than requested level " + WhisperLinkUtil.getLowestAuthenticationLevel(quickDescriptionLookup));
            return new AuthResult(AuthResultCode.NOT_AUTHORIZED, i2);
        }
        try {
            if (authToken.isSetVerifiedData() && !StringUtil.isEmpty(authToken.getVerifiedData())) {
                String verifiedData = authToken.getVerifiedData();
                z = false;
                for (Map.Entry<String, String> entry : parseVerifiedData(verifiedData).entrySet()) {
                    String key = entry.getKey();
                    if ("sid".equals(key)) {
                        if (!quickDescriptionLookup.sid.equals(entry.getValue())) {
                            Log.error(TAG, "Requested SID does not match the fingerprinted SID!");
                            return new AuthResult(AuthResultCode.NOT_AUTHORIZED, 0);
                        }
                    } else {
                        if (WhisperLinkUtil.USE_AMAZON_APP_KEY.equals(key)) {
                            PlatformCoreManager platformManager = PlatformCoreManager.getPlatformManager();
                            if (!platformManager.isFeatureSupported(AmazonAccessLevel.class)) {
                                return new AuthResult(AuthResultCode.NOT_AUTHORIZED, 0);
                            }
                            try {
                                str3 = platformManager.getRegistrar().getAppId(quickDescriptionLookup.getSid());
                            } catch (TException e) {
                                Log.error(TAG, "Can't get package name, message=" + e.getMessage());
                                str3 = null;
                            }
                            if (str3 != null && ((AmazonAccessLevel) platformManager.getFeature(AmazonAccessLevel.class)).isAmazonApplication(str3)) {
                                z = true;
                            }
                            Log.error(TAG, "Unable to prove package is an Amazon signed app: " + str3);
                            return new AuthResult(AuthResultCode.NOT_AUTHORIZED, 0);
                        }
                        if (WhisperLinkUtil.USE_SERVICE_SIGNING_KEY.equals(key)) {
                            Log.error(TAG, "Service Signing unsupported in this version, failing authentication.");
                            return new AuthResult(AuthResultCode.NOT_AUTHORIZED, 0);
                        }
                        if (key.startsWith(WhisperLinkUtil.REQIRED_DATA_PREFIX)) {
                            Log.error(TAG, "Unknown required tag in verified data, failing authentication.");
                            return new AuthResult(AuthResultCode.NOT_AUTHORIZED, 0);
                        }
                        Log.error(TAG, "Unknown tag in verified header data, ignoring the data");
                    }
                }
                if (!EncryptionUtil.hmacEncrypt(new String[]{str2, WhisperLinkUtil.getLocalDeviceUUID(), verifiedData, Integer.toString(verifiedData.length())}, authToken.nonce, str4.getBytes("UTF-8")).equals(authToken.hashedSecret)) {
                    revokeToken(str2);
                    Log.error(TAG, "Hashed secrets do not match for validated data, rejecting token! (data)" + verifiedData + Integer.toString(verifiedData.length()));
                    return new AuthResult(AuthResultCode.INVALID_AUTHORIZATION_RECORD, 0);
                }
            } else {
                if (!EncryptionUtil.hmacEncrypt(new String[]{str2, WhisperLinkUtil.getLocalDeviceUUID()}, authToken.nonce, str4.getBytes("UTF-8")).equals(authToken.hashedSecret)) {
                    revokeToken(str2);
                    Log.error(TAG, "Hashed secrets do not match, rejecting token!");
                    return new AuthResult(AuthResultCode.INVALID_AUTHORIZATION_RECORD, 0);
                }
                z = false;
            }
            boolean serviceRequiresAmazonSigning = WhisperLinkUtil.serviceRequiresAmazonSigning(quickDescriptionLookup);
            if (serviceRequiresAmazonSigning != z) {
                Log.error(TAG, "Expected both local (" + serviceRequiresAmazonSigning + ") and remote (" + z + ") service to be an Amazon Signed App, failing authentication.");
                return new AuthResult(AuthResultCode.NOT_AUTHORIZED, 0);
            }
            try {
                boolean z2 = deviceAuthenticationRecord.createdLocally;
                if (WhisperLinkUtil.isLocalDevice(str2)) {
                    z2 = !z2;
                }
                this.nonceManager.checkNonce(str2, z2, authToken.nonce);
                return new AuthResult(AuthResultCode.SUCCESS, i2);
            } catch (NonceException e2) {
                Log.error(TAG, "Invalid Nonce", e2);
                return new AuthResult(AuthResultCode.INVALID_NONCE, 0);
            }
        } catch (UnsupportedEncodingException e3) {
            throw new EncryptionException(e3);
        }
    }

    public void createTrustedAuthRecord(int i, Device device) {
        if (device == null || device.uuid == null) {
            throw new IllegalArgumentException("Device/UUID cannot be null :" + WhisperLinkUtil.printDeviceUuid(device));
        }
        if (!isValidAuthLevel(i)) {
            throw new IllegalArgumentException("Invalid Auth Level :" + i);
        }
        if (WhisperLinkUtil.getLocalDevice(false) != null && WhisperLinkUtil.getLocalDevice(false).uuid.equals(device.uuid)) {
            Log.error(TAG, "Cannot add a trusted record for the local device: " + WhisperLinkUtil.printDeviceUuid(device));
            return;
        }
        Log.debug(TAG, "Force assigning shared secrets with device: " + device.uuid + ": at auth level :" + i);
        putRecord(device.uuid, new DeviceAuthenticationRecord(generateRandomSecret(), i, true));
    }

    public Map<String, Integer> getCurrentLevels() {
        HashMap hashMap;
        synchronized (this) {
            hashMap = new HashMap(this.records.size());
            for (Map.Entry<String, DeviceAuthenticationRecord> entry : this.records.entrySet()) {
                hashMap.put(entry.getKey(), Integer.valueOf(entry.getValue().highestLevel));
            }
        }
        return hashMap;
    }

    public AuthToken getTokenForDevice(Description description, Device device, boolean z, String str) throws TException, AuthorizationException {
        return getToken(description, device, z, str, false);
    }

    public AuthToken getTokenForInternalRoute(Description description, String str) throws TException, AuthorizationException {
        Log.debug(TAG, "getTokenForInternalRoute:" + description + ":" + str);
        return getToken(description, WhisperLinkUtil.getLocalDevice(false), false, str, true);
    }

    public int revokeAll(int i) {
        Iterator<Map.Entry<String, DeviceAuthenticationRecord>> it2 = this.records.entrySet().iterator();
        int i2 = 0;
        while (it2.hasNext()) {
            Map.Entry<String, DeviceAuthenticationRecord> next = it2.next();
            if (next.getValue().highestLevel >= i) {
                String key = next.getKey();
                removeRecordFromDB(key);
                this.nonceManager.removeNonces(key);
                it2.remove();
                i2++;
            }
        }
        return i2;
    }

    public boolean revokeToken(String str) {
        return removeRecord(str);
    }
}
