package slack.services.accountmanager.security;

import coil.memory.MemoryCache$Key$Complex$$ExternalSyntheticOutline0;
import com.amazonaws.services.chime.sdk.meetings.ingestion.IngestionRecord$$ExternalSyntheticOutline0;
import com.slack.data.clog.Login;
import com.slack.data.slog.Http;
import com.slack.data.slog.Paging;
import haxe.root.Std;
import io.reactivex.rxjava3.internal.operators.maybe.MaybeCreate;
import io.reactivex.rxjava3.schedulers.Schedulers;
import java.security.GeneralSecurityException;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import kotlin.NoWhenBranchMatchedException;
import kotlin.collections.builders.ListBuilder;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import slack.crypto.security.CachedFail;
import slack.crypto.security.Cryptographer;
import slack.crypto.security.Decrypted;
import slack.crypto.security.DecryptedCache;
import slack.crypto.security.DecryptionResult;
import slack.crypto.security.TinkCrypto;
import slack.emoji.EmojiManagerImpl$$ExternalSyntheticLambda1;
import slack.file.viewer.FileViewerPresenter$$ExternalSyntheticLambda1;
import slack.foundation.auth.AuthToken;
import slack.model.text.FormattedText;
import slack.services.accountmanager.SecureAccountTokenProvider;
import slack.services.accountmanager.SecureAccountTokenStoreImpl;
import slack.services.autotag.EmojiAutoTagProvider$$ExternalSyntheticLambda0;
import slack.telemetry.TracerImpl;
import slack.telemetry.metric.Counter;
import slack.telemetry.metric.Metrics;
import slack.telemetry.metric.MetricsProviderImpl;
import slack.telemetry.tracing.MaxSampleRate;
import slack.telemetry.tracing.Spannable;
import slack.telemetry.tracing.TraceContext;
import slack.telemetry.tracing.Tracer;
import timber.log.Timber;

/* compiled from: TokenDecryptHelper.kt */
/* loaded from: classes11.dex */
public final class TokenDecryptHelper {
    public final Set failedDecryptionsFromBadTag = new LinkedHashSet();
    public final Set failedSecureTokenStoreFetches = new LinkedHashSet();
    public final Metrics metrics;
    public final SecureAccountTokenProvider secureAccountTokenProvider;
    public final Cryptographer tinkCrypto;
    public final Cryptographer tinkCryptoSecondary;
    public final Tracer tracer;

    /* compiled from: TokenDecryptHelper.kt */
    /* loaded from: classes11.dex */
    public abstract class DecryptResult {
        public final String authToken;

        /* compiled from: TokenDecryptHelper.kt */
        /* loaded from: classes11.dex */
        public final class Decrypted extends DecryptResult {
            public Decrypted(String str) {
                super(str, null);
            }
        }

        /* compiled from: TokenDecryptHelper.kt */
        /* loaded from: classes11.dex */
        public final class Failed extends DecryptResult {
            public static final Failed INSTANCE = new Failed();

            public Failed() {
                super(null, null);
            }
        }

        /* compiled from: TokenDecryptHelper.kt */
        /* loaded from: classes11.dex */
        public final class Skipped extends DecryptResult {
            public static final Skipped INSTANCE = new Skipped();

            public Skipped() {
                super(null, null);
            }
        }

        public DecryptResult(String str, DefaultConstructorMarker defaultConstructorMarker) {
            this.authToken = str;
        }
    }

    /* compiled from: TokenDecryptHelper.kt */
    /* loaded from: classes11.dex */
    public final class TokenDecryptResult {
        public final String authToken;
        public final List failedDecryptMethods;
        public final List skippedDecryptMethods;

        public TokenDecryptResult(String str, List list, List list2) {
            Std.checkNotNullParameter(str, "authToken");
            this.authToken = str;
            this.failedDecryptMethods = list;
            this.skippedDecryptMethods = list2;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof TokenDecryptResult)) {
                return false;
            }
            TokenDecryptResult tokenDecryptResult = (TokenDecryptResult) obj;
            return Std.areEqual(this.authToken, tokenDecryptResult.authToken) && Std.areEqual(this.failedDecryptMethods, tokenDecryptResult.failedDecryptMethods) && Std.areEqual(this.skippedDecryptMethods, tokenDecryptResult.skippedDecryptMethods);
        }

        public final boolean hasDecryptedAuthToken() {
            return (this.authToken.length() > 0) && !Std.areEqual(this.authToken, "INVALID_TOKEN");
        }

        public int hashCode() {
            return this.skippedDecryptMethods.hashCode() + MemoryCache$Key$Complex$$ExternalSyntheticOutline0.m(this.failedDecryptMethods, this.authToken.hashCode() * 31, 31);
        }

        public String toString() {
            String str = this.authToken;
            List list = this.failedDecryptMethods;
            List list2 = this.skippedDecryptMethods;
            StringBuilder sb = new StringBuilder();
            sb.append("TokenDecryptResult(authToken=");
            sb.append(str);
            sb.append(", failedDecryptMethods=");
            sb.append(list);
            sb.append(", skippedDecryptMethods=");
            return IngestionRecord$$ExternalSyntheticOutline0.m(sb, list2, ")");
        }
    }

    /* compiled from: TokenDecryptHelper.kt */
    /* loaded from: classes11.dex */
    public enum TokenDecryptionMethod {
        TINK_KEYSTORE,
        TINK_KEYSTORE_SECONDARY,
        SECURE_TOKEN_STORE
    }

    public TokenDecryptHelper(Cryptographer cryptographer, Cryptographer cryptographer2, SecureAccountTokenProvider secureAccountTokenProvider, Tracer tracer, Metrics metrics) {
        this.tinkCrypto = cryptographer;
        this.tinkCryptoSecondary = cryptographer2;
        this.secureAccountTokenProvider = secureAccountTokenProvider;
        this.tracer = tracer;
        this.metrics = metrics;
    }

    public final DecryptResult decrypt(Cryptographer cryptographer, Function1 function1, AuthToken authToken) {
        try {
            Spannable trace = ((TracerImpl) this.tracer).trace(TokenDecryptHelper$decrypt$decryptSpannable$1.INSTANCE);
            trace.appendTag("type", ((TinkCrypto) cryptographer).type);
            trace.appendTag("encrypt_value", "TOKEN");
            trace.start();
            Object invoke = function1.invoke(authToken);
            if (invoke == null) {
                throw new IllegalStateException(("[" + ((TinkCrypto) cryptographer).type + "] encryptedToken for should not be null.").toString());
            }
            DecryptionResult decrypt = ((TinkCrypto) cryptographer).decrypt((String) invoke);
            if (decrypt instanceof Decrypted) {
                trace.complete();
            } else {
                trace.cancel();
            }
            if (decrypt instanceof DecryptedCache) {
                trace.cancel();
                return new DecryptResult.Decrypted(Paging.AnonymousClass1.getClearText(decrypt));
            }
            if (decrypt instanceof Decrypted) {
                trace.complete();
                return new DecryptResult.Decrypted(Paging.AnonymousClass1.getClearText(decrypt));
            }
            if (!(decrypt instanceof CachedFail)) {
                throw new NoWhenBranchMatchedException();
            }
            trace.cancel();
            return DecryptResult.Failed.INSTANCE;
        } catch (GeneralSecurityException e) {
            String str = ((TinkCrypto) cryptographer).type;
            if (!this.failedDecryptionsFromBadTag.contains(authToken)) {
                this.failedDecryptionsFromBadTag.add(authToken);
                Counter.increment$default(((MetricsProviderImpl) this.metrics).counter("token_decryption_error", "decrypt"), 0L, 1, null);
                Timber.w(e, "[" + str + "] Error during decryption", new Object[0]);
            }
            return DecryptResult.Failed.INSTANCE;
        } catch (Throwable th) {
            Counter.increment$default(((MetricsProviderImpl) this.metrics).counter("token_decryption_error", "decrypt_unknown"), 0L, 1, null);
            Timber.w(th, "Other error during decryption", new Object[0]);
            return DecryptResult.Failed.INSTANCE;
        }
    }

    public final DecryptResult decryptWithTink(AuthToken authToken, TraceContext traceContext) {
        Spannable startSubSpan = traceContext.startSubSpan("decrypt_with_tink_keystore");
        try {
            final String encryptedToken = authToken.encryptedToken(AuthToken.Crypto.TINK);
            return decrypt(this.tinkCrypto, new Function1() { // from class: slack.services.accountmanager.security.TokenDecryptHelper$decryptWithTink$1$1
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(1);
                }

                @Override // kotlin.jvm.functions.Function1
                public Object invoke(Object obj) {
                    Std.checkNotNullParameter((AuthToken) obj, "it");
                    return encryptedToken;
                }
            }, authToken);
        } finally {
            startSubSpan.complete();
        }
    }

    public final DecryptResult decryptWithTinkSecondary(AuthToken authToken, TraceContext traceContext) {
        Spannable startSubSpan = traceContext.startSubSpan("decrypt_with_tink_keystore_secondary");
        try {
            final String encryptedToken = authToken.encryptedToken(AuthToken.Crypto.TINK_SECONDARY);
            return decrypt(this.tinkCryptoSecondary, new Function1() { // from class: slack.services.accountmanager.security.TokenDecryptHelper$decryptWithTinkSecondary$1$1
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(1);
                }

                @Override // kotlin.jvm.functions.Function1
                public Object invoke(Object obj) {
                    Std.checkNotNullParameter((AuthToken) obj, "it");
                    return encryptedToken;
                }
            }, authToken);
        } finally {
            startSubSpan.complete();
        }
    }

    public final DecryptResult fetchTokenFromSecureStore(String str) {
        try {
            String token = ((SecureAccountTokenStoreImpl) this.secureAccountTokenProvider).getToken(str);
            return token != null ? new DecryptResult.Decrypted(token) : DecryptResult.Failed.INSTANCE;
        } catch (IllegalStateException e) {
            this.failedSecureTokenStoreFetches.add(str);
            Counter.increment$default(((MetricsProviderImpl) this.metrics).counter("token_decryption_error", "decrypt"), 0L, 1, null);
            Timber.w(e, "Failed to fetch from Secure Token Store for " + str, new Object[0]);
            return DecryptResult.Failed.INSTANCE;
        }
    }

    public final TokenDecryptResult getToken(AuthToken authToken, Function0 function0) {
        String str;
        Std.checkNotNullParameter(authToken, "authToken");
        Std.checkNotNullParameter(function0, "onFailedTokenDecryptionDetected");
        TokenDecryptionMethod tokenDecryptionMethod = TokenDecryptionMethod.TINK_KEYSTORE_SECONDARY;
        TokenDecryptionMethod tokenDecryptionMethod2 = TokenDecryptionMethod.TINK_KEYSTORE;
        TokenDecryptionMethod tokenDecryptionMethod3 = TokenDecryptionMethod.SECURE_TOKEN_STORE;
        Login.Builder builder = new Login.Builder(28);
        builder.withRate(MaxSampleRate.POINT_ONE_PERCENT);
        Spannable trace = ((TracerImpl) this.tracer).trace(TokenDecryptHelper$getToken$authTokenDecryptTrace$1.INSTANCE, builder.build());
        trace.start();
        TraceContext traceContext = trace.getTraceContext();
        DecryptResult tokenFromSecureTokenStore = getTokenFromSecureTokenStore(authToken, traceContext);
        boolean z = tokenFromSecureTokenStore instanceof DecryptResult.Decrypted;
        DecryptResult decryptWithTink = z ? DecryptResult.Skipped.INSTANCE : decryptWithTink(authToken, traceContext);
        DecryptResult decryptWithTinkSecondary = (z || (decryptWithTink instanceof DecryptResult.Decrypted)) ? DecryptResult.Skipped.INSTANCE : decryptWithTinkSecondary(authToken, traceContext);
        Std.checkNotNullParameter(tokenFromSecureTokenStore, "tokenFromSecureTokenStore");
        Std.checkNotNullParameter(decryptWithTink, "tokenFromTinkKeyStore");
        Std.checkNotNullParameter(decryptWithTinkSecondary, "tokenFromTinkKeyStoreSecondary");
        if (tokenFromSecureTokenStore.authToken != null) {
            trace.appendTag("type", "secure_token_store");
            str = tokenFromSecureTokenStore.authToken;
        } else if (decryptWithTink.authToken != null) {
            trace.appendTag("type", "Tink");
            str = decryptWithTink.authToken;
        } else if (decryptWithTinkSecondary.authToken != null) {
            trace.appendTag("type", "TinkSecondary");
            str = decryptWithTinkSecondary.authToken;
        } else {
            trace.appendTag("type", FormattedText.TYPE_PLAIN_TEXT_DEPRECATED);
            str = "INVALID_TOKEN";
        }
        trace.complete();
        List createListBuilder = Http.AnonymousClass1.createListBuilder();
        if (tokenFromSecureTokenStore instanceof DecryptResult.Failed) {
            ((ListBuilder) createListBuilder).add(tokenDecryptionMethod3);
        }
        if (decryptWithTink instanceof DecryptResult.Failed) {
            ((ListBuilder) createListBuilder).add(tokenDecryptionMethod2);
        }
        if (decryptWithTinkSecondary instanceof DecryptResult.Failed) {
            ((ListBuilder) createListBuilder).add(tokenDecryptionMethod);
        }
        List build = Http.AnonymousClass1.build(createListBuilder);
        List createListBuilder2 = Http.AnonymousClass1.createListBuilder();
        if (tokenFromSecureTokenStore instanceof DecryptResult.Skipped) {
            ((ListBuilder) createListBuilder2).add(tokenDecryptionMethod3);
        }
        if (decryptWithTink instanceof DecryptResult.Skipped) {
            ((ListBuilder) createListBuilder2).add(tokenDecryptionMethod2);
        }
        if (decryptWithTinkSecondary instanceof DecryptResult.Skipped) {
            ((ListBuilder) createListBuilder2).add(tokenDecryptionMethod);
        }
        TokenDecryptResult tokenDecryptResult = new TokenDecryptResult(str, build, Http.AnonymousClass1.build(createListBuilder2));
        if (tokenDecryptResult.hasDecryptedAuthToken()) {
            new MaybeCreate(new EmojiAutoTagProvider$$ExternalSyntheticLambda0(tokenDecryptResult, this, authToken)).subscribeOn(Schedulers.io()).timeout(15L, TimeUnit.SECONDS).subscribe(new FileViewerPresenter$$ExternalSyntheticLambda1(function0), EmojiManagerImpl$$ExternalSyntheticLambda1.INSTANCE$slack$services$accountmanager$security$TokenDecryptHelper$$InternalSyntheticLambda$11$5da075c042461ada76d7a5fe53ccbd7fe130384bf4a73a757cadb9ca678b8678$1);
        }
        return tokenDecryptResult;
    }

    public final DecryptResult getTokenFromSecureTokenStore(AuthToken authToken, TraceContext traceContext) {
        String str = authToken.identifier;
        Spannable startSubSpan = traceContext.startSubSpan("decrypt_with_secure_token_store");
        try {
            return !this.failedSecureTokenStoreFetches.contains(str) ? fetchTokenFromSecureStore(str) : DecryptResult.Failed.INSTANCE;
        } finally {
            startSubSpan.complete();
        }
    }
}
