package com.microsoft.omadm;

import android.content.Context;
import com.microsoft.omadm.connection.CertificateKeyStore;
import com.microsoft.omadm.database.TableRepository;
import com.microsoft.omadm.exception.OMADMException;
import com.microsoft.omadm.gcm.data.GcmIdentifierDataObject;
import com.microsoft.omadm.platforms.android.certmgr.data.ScepCertificateEnrollState;
import com.microsoft.omadm.platforms.android.provider.NodeCacheProvider;
import com.microsoft.omadm.utils.DataEncryptionUtils;
import java.io.File;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.spongycastle.util.encoders.Base64;

/* loaded from: classes.dex */
public class DataEncryptionUpdater {
    private static final String BAD_AES_ALGORITHM = "AES/ECB/PKCS5Padding";
    private static final String BAD_RSA_ALGORITHM = "RSA/ECB/PKCS1Padding";
    public static final int MODE_BAD_ENCRYPTION = 0;
    public static final int MODE_CBC = 1;
    private final Context context;
    private final EnrollmentSettings enrollmentSettings;
    private final EnrollmentStateSettings enrollmentStateSettings;
    private final Logger logger;
    private final OMADMSettings omadmSettings;
    private final TableRepository tableRepository;

    public DataEncryptionUpdater(EnrollmentSettings enrollmentSettings, EnrollmentStateSettings enrollmentStateSettings, OMADMSettings oMADMSettings, Context context, TableRepository tableRepository, Logger logger) {
        this.enrollmentSettings = enrollmentSettings;
        this.enrollmentStateSettings = enrollmentStateSettings;
        this.omadmSettings = oMADMSettings;
        this.context = context;
        this.tableRepository = tableRepository;
        this.logger = logger;
    }

    private byte[] reEncrypt(byte[] bArr) throws OMADMException {
        return DataEncryptionUtils.encryptData(DataEncryptionUtils.decryptData(bArr, this.context, BAD_AES_ALGORITHM), this.context);
    }

    private void updateKeyStorePassword() {
        if (this.enrollmentSettings.getString(EnrollmentSettings.KEY_STORE_PASSWORD, null) != null && this.enrollmentSettings.getBoolean(EnrollmentSettings.IS_KEY_STORE_PASSWORD_ENCRYPTED, false)) {
            try {
                try {
                    try {
                        this.enrollmentSettings.setString(EnrollmentSettings.KEY_STORE_PASSWORD, Base64.toBase64String(DataEncryptionUtils.encryptKeyData(DataEncryptionUtils.getKeyStorePassword(this.context, BAD_RSA_ALGORITHM, this.enrollmentSettings), CertificateKeyStore.getEnrollmentCertificate(this.context, this.enrollmentSettings))));
                    } catch (OMADMException e) {
                        this.logger.log(Level.SEVERE, "Failed to reencrypt key store password", (Throwable) e);
                    }
                } catch (OMADMException unused) {
                }
            } catch (OMADMException unused2) {
            }
        }
    }

    private void updateNodeCache() {
        new File(NodeCacheProvider.getNodeCacheFilePath(this.context)).delete();
    }

    private void updateRegistrationId() {
        String string = this.omadmSettings.getString(OMADMSettings.GCM_REGISTRATION_ID, null);
        if (string == null) {
            return;
        }
        try {
            this.omadmSettings.setString(OMADMSettings.GCM_REGISTRATION_ID, android.util.Base64.encodeToString(reEncrypt(android.util.Base64.decode(string, 2)), 2));
        } catch (OMADMException e) {
            this.logger.log(Level.SEVERE, "Failed to reencrypt registration ID", (Throwable) e);
        }
    }

    private void updateScepCertificateEnrollStates() {
        for (ScepCertificateEnrollState scepCertificateEnrollState : this.tableRepository.getAll(ScepCertificateEnrollState.class)) {
            if (scepCertificateEnrollState.encryptedCertificateRequestToken != null) {
                try {
                    scepCertificateEnrollState.encryptedCertificateRequestToken = reEncrypt(scepCertificateEnrollState.encryptedCertificateRequestToken);
                    this.tableRepository.update(scepCertificateEnrollState);
                } catch (OMADMException e) {
                    this.logger.log(Level.SEVERE, "Failed to reencrypt SCEP certificate request token", (Throwable) e);
                }
            }
        }
    }

    private void updateSenderId() {
        for (GcmIdentifierDataObject gcmIdentifierDataObject : this.tableRepository.getAll(GcmIdentifierDataObject.class)) {
            if (gcmIdentifierDataObject.encryptedSenderId != null) {
                try {
                    gcmIdentifierDataObject.encryptedSenderId = reEncrypt(gcmIdentifierDataObject.encryptedSenderId);
                    this.tableRepository.update(gcmIdentifierDataObject);
                } catch (OMADMException e) {
                    this.logger.log(Level.SEVERE, "Failed to reencrypt sender ID", (Throwable) e);
                }
            }
        }
    }

    public void update() {
        if (this.enrollmentSettings.getInt(EnrollmentSettings.KEY_STORE_MODE, 0) == 0) {
            if (this.enrollmentStateSettings.getCurrentState().isEnrolled()) {
                this.logger.info("Updating encryption algorithm");
                updateKeyStorePassword();
                updateScepCertificateEnrollStates();
                updateSenderId();
                updateRegistrationId();
                updateNodeCache();
            }
            this.enrollmentSettings.setInt(EnrollmentSettings.KEY_STORE_MODE, 1);
        }
    }
}
