package com.unitedinternet.portal.authentication.authenticator;

import android.accounts.AbstractAccountAuthenticator;
import android.accounts.Account;
import android.accounts.AccountAuthenticatorResponse;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Bundle;
import android.os.Process;
import android.util.Base64;
import com.unitedinternet.portal.android.lib.authenticator.AuthenticationException;
import com.unitedinternet.portal.android.lib.authenticator.EncryptHelper;
import com.unitedinternet.portal.android.lib.oauth2.OAuth2Authenticator;
import com.unitedinternet.portal.android.mail.account.data.Account2;
import com.unitedinternet.portal.android.mail.account.data.store.DataStoreProvider;
import com.unitedinternet.portal.android.mail.account.manager.AccountManager;
import com.unitedinternet.portal.android.mail.tracking.Tracker;
import com.unitedinternet.portal.android.onlinestorage.advertising.pcl.OnlineStoragePclActionExecutor;
import com.unitedinternet.portal.authentication.AuthenticationModuleAdapter;
import com.unitedinternet.portal.authentication.ModuleConstants;
import com.unitedinternet.portal.authentication.login.authcodegrant.OAuth2AuthenticatorFactory;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import kotlin.KotlinNothingValueException;
import kotlin.Metadata;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.text.Charsets;
import kotlin.text.StringsKt;
import kotlinx.coroutines.repackaged.net.bytebuddy.description.method.MethodDescription;
import kotlinx.coroutines.repackaged.net.bytebuddy.implementation.auxiliary.TypeProxy;
import org.dmfs.httpessentials.exceptions.ProtocolError;
import org.dmfs.httpessentials.exceptions.ProtocolException;
import org.dmfs.oauth2.client.OAuth2AccessToken;
import org.dmfs.oauth2.client.errors.TokenRequestError;
import timber.log.Timber;

/* compiled from: Authenticator.kt */
@Metadata(d1 = {"\u0000ª\u0001\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010\u0011\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0010\t\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0001\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\t\u0018\u0000 I2\u00020\u0001:\u0001IBQ\b\u0002\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t\u0012\u0006\u0010\n\u001a\u00020\u000b\u0012\u0006\u0010\f\u001a\u00020\r\u0012\u0006\u0010\u000e\u001a\u00020\u000f\u0012\u0006\u0010\u0010\u001a\u00020\u0011\u0012\u0006\u0010\u0012\u001a\u00020\u0013¢\u0006\u0004\b\u0014\u0010\u0015J;\u0010\u0016\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u001c\u001a\u00020\u001b2\f\u0010\u001d\u001a\b\u0012\u0004\u0012\u00020\u001b0\u001e2\u0006\u0010\u001f\u001a\u00020\u0017H\u0016¢\u0006\u0002\u0010 J \u0010!\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\"\u001a\u00020#2\u0006\u0010\u001f\u001a\u00020\u0017H\u0016J\u0018\u0010$\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001a\u001a\u00020\u001bH\u0016J(\u0010%\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010&\u001a\u00020#2\u0006\u0010\u001c\u001a\u00020\u001b2\u0006\u0010'\u001a\u00020\u0017H\u0016J \u0010(\u001a\u00020\u00172\u0006\u0010&\u001a\u00020#2\u0006\u0010)\u001a\u00020\u001b2\u0006\u0010*\u001a\u00020+H\u0002J \u0010,\u001a\u00020\u001b2\u0006\u0010-\u001a\u00020.2\u0006\u0010&\u001a\u00020#2\u0006\u0010/\u001a\u000200H\u0002J(\u00101\u001a\u0002022\u0006\u0010\"\u001a\u00020#2\u0006\u0010\u001c\u001a\u00020\u001b2\u0006\u00103\u001a\u00020\u001b2\u0006\u0010/\u001a\u000200H\u0002J \u00104\u001a\u00020\u001b2\u0006\u0010\"\u001a\u00020#2\u0006\u0010-\u001a\u00020.2\u0006\u0010/\u001a\u000200H\u0002J\u0018\u00105\u001a\u0002062\u0006\u00107\u001a\u0002082\u0006\u00109\u001a\u00020\u001bH\u0002J\u0018\u0010:\u001a\u0002062\u0006\u00107\u001a\u00020;2\u0006\u00109\u001a\u00020\u001bH\u0002J\u0018\u0010<\u001a\u0002062\u0006\u00107\u001a\u00020=2\u0006\u00109\u001a\u00020\u001bH\u0002J\u0018\u0010>\u001a\u0002062\u0006\u00107\u001a\u00020?2\u0006\u00109\u001a\u00020\u001bH\u0002J\u0010\u0010@\u001a\u00020A2\u0006\u0010'\u001a\u00020\u0017H\u0002J\u0010\u0010B\u001a\u00020\u001b2\u0006\u0010\u001c\u001a\u00020\u001bH\u0016J+\u0010C\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\"\u001a\u00020#2\f\u0010D\u001a\b\u0012\u0004\u0012\u00020\u001b0\u001eH\u0016¢\u0006\u0002\u0010EJ(\u0010F\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\"\u001a\u00020#2\u0006\u0010\u001c\u001a\u00020\u001b2\u0006\u0010'\u001a\u00020\u0017H\u0016J\u0010\u0010G\u001a\u00020\u001b2\u0006\u0010H\u001a\u00020\u001bH\u0002R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u000bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\rX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u000e\u001a\u00020\u000fX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0010\u001a\u00020\u0011X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0012\u001a\u00020\u0013X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006J"}, d2 = {"Lcom/unitedinternet/portal/authentication/authenticator/Authenticator;", "Landroid/accounts/AbstractAccountAuthenticator;", "appContext", "Landroid/content/Context;", "encryptHelper", "Lcom/unitedinternet/portal/android/lib/authenticator/EncryptHelper;", "moduleAdapter", "Lcom/unitedinternet/portal/authentication/AuthenticationModuleAdapter;", "accountManager", "Lcom/unitedinternet/portal/android/mail/account/manager/AccountManager;", "tracker", "Lcom/unitedinternet/portal/android/mail/tracking/Tracker;", "dataStoreProvider", "Lcom/unitedinternet/portal/android/mail/account/data/store/DataStoreProvider;", "oAuth2AuthenticatorFactory", "Lcom/unitedinternet/portal/authentication/login/authcodegrant/OAuth2AuthenticatorFactory;", "androidSystemAccountManager", "Landroid/accounts/AccountManager;", "sharedPreferences", "Landroid/content/SharedPreferences;", MethodDescription.CONSTRUCTOR_INTERNAL_NAME, "(Landroid/content/Context;Lcom/unitedinternet/portal/android/lib/authenticator/EncryptHelper;Lcom/unitedinternet/portal/authentication/AuthenticationModuleAdapter;Lcom/unitedinternet/portal/android/mail/account/manager/AccountManager;Lcom/unitedinternet/portal/android/mail/tracking/Tracker;Lcom/unitedinternet/portal/android/mail/account/data/store/DataStoreProvider;Lcom/unitedinternet/portal/authentication/login/authcodegrant/OAuth2AuthenticatorFactory;Landroid/accounts/AccountManager;Landroid/content/SharedPreferences;)V", "addAccount", "Landroid/os/Bundle;", "response", "Landroid/accounts/AccountAuthenticatorResponse;", "accountType", "", "authTokenType", "requiredFeatures", "", "options", "(Landroid/accounts/AccountAuthenticatorResponse;Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;Landroid/os/Bundle;)Landroid/os/Bundle;", "confirmCredentials", "account", "Landroid/accounts/Account;", "editProperties", "getAuthToken", "systemAccount", "loginOptions", "buildBundle", "accessToken", "tokenExpirationTime", "", "getOAuthRefreshToken", "mailAccount", "Lcom/unitedinternet/portal/android/mail/account/data/Account2;", "oAuth2Authenticator", "Lcom/unitedinternet/portal/android/lib/oauth2/OAuth2Authenticator;", "refreshAccessToken", "Lorg/dmfs/oauth2/client/OAuth2AccessToken;", "refreshToken", "migrateToOauth", "failWithGeneralSecurityException", "", "e", "Ljava/security/GeneralSecurityException;", "message", "failWithIOException", "Ljava/io/IOException;", "failWithProtocolError", "Lorg/dmfs/httpessentials/exceptions/ProtocolError;", "failWithProtocolException", "Lorg/dmfs/httpessentials/exceptions/ProtocolException;", "assertAccessRights", "", "getAuthTokenLabel", "hasFeatures", "features", "(Landroid/accounts/AccountAuthenticatorResponse;Landroid/accounts/Account;[Ljava/lang/String;)Landroid/os/Bundle;", "updateCredentials", "hashLegacyToken", "legacyToken", "Companion", "authentication_mailcomRelease"}, k = 1, mv = {2, 1, 0}, xi = 48)
/* loaded from: classes8.dex */
public final class Authenticator extends AbstractAccountAuthenticator {
    public static final String AUTH_TYPE_LEGACY = "legacy_coms";
    public static final String CLEARED_TOKEN = "cleared_token";

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    public static final String KEY_FAILING_LEGACY_TOKEN_HASH = "failing_legacy_token_hash";
    public static final String KEY_REFRESH_TOKEN = "refresh_token";
    public static final String PREFIX_LEGACY_TOKEN = "urn:password:mobiletoken:";
    public static final String PREF_CLEAN_REFRESH_TOKEN = "com.unitedinternet.android.clean_refresh_token";
    public static final String PREF_IS_CLEANING_NEEDED = ".should_clean_refresh_token";
    private final AccountManager accountManager;
    private final android.accounts.AccountManager androidSystemAccountManager;
    private final DataStoreProvider dataStoreProvider;
    private final EncryptHelper encryptHelper;
    private final AuthenticationModuleAdapter moduleAdapter;
    private final OAuth2AuthenticatorFactory oAuth2AuthenticatorFactory;
    private final SharedPreferences sharedPreferences;
    private final Tracker tracker;

    /* compiled from: Authenticator.kt */
    @Metadata(d1 = {"\u0000T\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0003\n\u0002\u0010\u000e\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0086\u0003\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003J=\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u0019H\u0000¢\u0006\u0002\b\u001aJU\u0010\u001b\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001e\u001a\u00020\u001f2\u0006\u0010 \u001a\u00020!H\u0001¢\u0006\u0002\b\"R\u000e\u0010\u0004\u001a\u00020\u0005X\u0080T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0005X\u0080T¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0005X\u0080T¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u000b\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n\u0000¨\u0006#"}, d2 = {"Lcom/unitedinternet/portal/authentication/authenticator/Authenticator$Companion;", "", MethodDescription.CONSTRUCTOR_INTERNAL_NAME, "()V", "AUTH_TYPE_LEGACY", "", "KEY_REFRESH_TOKEN", "KEY_FAILING_LEGACY_TOKEN_HASH", "PREFIX_LEGACY_TOKEN", "PREF_IS_CLEANING_NEEDED", "PREF_CLEAN_REFRESH_TOKEN", "CLEARED_TOKEN", TypeProxy.SilentConstruction.Appender.NEW_INSTANCE_METHOD_NAME, "Lcom/unitedinternet/portal/authentication/authenticator/Authenticator;", "appContext", "Landroid/content/Context;", "moduleAdapter", "Lcom/unitedinternet/portal/authentication/AuthenticationModuleAdapter;", "accountManager", "Lcom/unitedinternet/portal/android/mail/account/manager/AccountManager;", "tracker", "Lcom/unitedinternet/portal/android/mail/tracking/Tracker;", "dataStoreProvider", "Lcom/unitedinternet/portal/android/mail/account/data/store/DataStoreProvider;", "oAuth2AuthenticatorFactory", "Lcom/unitedinternet/portal/authentication/login/authcodegrant/OAuth2AuthenticatorFactory;", "newInstance$authentication_mailcomRelease", "testInstance", "encryptHelper", "Lcom/unitedinternet/portal/android/lib/authenticator/EncryptHelper;", "androidSystemAccountManager", "Landroid/accounts/AccountManager;", "sharedPreferences", "Landroid/content/SharedPreferences;", "testInstance$authentication_mailcomRelease", "authentication_mailcomRelease"}, k = 1, mv = {2, 1, 0}, xi = 48)
    /* loaded from: classes8.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final Authenticator newInstance$authentication_mailcomRelease(Context appContext, AuthenticationModuleAdapter moduleAdapter, AccountManager accountManager, Tracker tracker, DataStoreProvider dataStoreProvider, OAuth2AuthenticatorFactory oAuth2AuthenticatorFactory) {
            Intrinsics.checkNotNullParameter(appContext, "appContext");
            Intrinsics.checkNotNullParameter(moduleAdapter, "moduleAdapter");
            Intrinsics.checkNotNullParameter(accountManager, "accountManager");
            Intrinsics.checkNotNullParameter(tracker, "tracker");
            Intrinsics.checkNotNullParameter(dataStoreProvider, "dataStoreProvider");
            Intrinsics.checkNotNullParameter(oAuth2AuthenticatorFactory, "oAuth2AuthenticatorFactory");
            android.accounts.AccountManager accountManager2 = android.accounts.AccountManager.get(appContext);
            Intrinsics.checkNotNullExpressionValue(accountManager2, "get(...)");
            SharedPreferences sharedPreferences = appContext.getSharedPreferences(Authenticator.PREF_CLEAN_REFRESH_TOKEN, 0);
            Intrinsics.checkNotNullExpressionValue(sharedPreferences, "getSharedPreferences(...)");
            return new Authenticator(appContext, EncryptHelper.Companion.getInstance$default(EncryptHelper.INSTANCE, appContext, null, null, 6, null), moduleAdapter, accountManager, tracker, dataStoreProvider, oAuth2AuthenticatorFactory, accountManager2, sharedPreferences, null);
        }

        public final Authenticator testInstance$authentication_mailcomRelease(Context appContext, EncryptHelper encryptHelper, AuthenticationModuleAdapter moduleAdapter, AccountManager accountManager, Tracker tracker, DataStoreProvider dataStoreProvider, OAuth2AuthenticatorFactory oAuth2AuthenticatorFactory, android.accounts.AccountManager androidSystemAccountManager, SharedPreferences sharedPreferences) {
            Intrinsics.checkNotNullParameter(appContext, "appContext");
            Intrinsics.checkNotNullParameter(encryptHelper, "encryptHelper");
            Intrinsics.checkNotNullParameter(moduleAdapter, "moduleAdapter");
            Intrinsics.checkNotNullParameter(accountManager, "accountManager");
            Intrinsics.checkNotNullParameter(tracker, "tracker");
            Intrinsics.checkNotNullParameter(dataStoreProvider, "dataStoreProvider");
            Intrinsics.checkNotNullParameter(oAuth2AuthenticatorFactory, "oAuth2AuthenticatorFactory");
            Intrinsics.checkNotNullParameter(androidSystemAccountManager, "androidSystemAccountManager");
            Intrinsics.checkNotNullParameter(sharedPreferences, "sharedPreferences");
            return new Authenticator(appContext, encryptHelper, moduleAdapter, accountManager, tracker, dataStoreProvider, oAuth2AuthenticatorFactory, androidSystemAccountManager, sharedPreferences, null);
        }
    }

    private Authenticator(Context context, EncryptHelper encryptHelper, AuthenticationModuleAdapter authenticationModuleAdapter, AccountManager accountManager, Tracker tracker, DataStoreProvider dataStoreProvider, OAuth2AuthenticatorFactory oAuth2AuthenticatorFactory, android.accounts.AccountManager accountManager2, SharedPreferences sharedPreferences) {
        super(context);
        this.encryptHelper = encryptHelper;
        this.moduleAdapter = authenticationModuleAdapter;
        this.accountManager = accountManager;
        this.tracker = tracker;
        this.dataStoreProvider = dataStoreProvider;
        this.oAuth2AuthenticatorFactory = oAuth2AuthenticatorFactory;
        this.androidSystemAccountManager = accountManager2;
        this.sharedPreferences = sharedPreferences;
    }

    public /* synthetic */ Authenticator(Context context, EncryptHelper encryptHelper, AuthenticationModuleAdapter authenticationModuleAdapter, AccountManager accountManager, Tracker tracker, DataStoreProvider dataStoreProvider, OAuth2AuthenticatorFactory oAuth2AuthenticatorFactory, android.accounts.AccountManager accountManager2, SharedPreferences sharedPreferences, DefaultConstructorMarker defaultConstructorMarker) {
        this(context, encryptHelper, authenticationModuleAdapter, accountManager, tracker, dataStoreProvider, oAuth2AuthenticatorFactory, accountManager2, sharedPreferences);
    }

    private final void assertAccessRights(Bundle loginOptions) throws AuthenticationException {
        if (loginOptions.getInt("callerUid") == Process.myUid()) {
            return;
        }
        Timber.INSTANCE.e("Auth token request from unauthorized uid %d", Integer.valueOf(loginOptions.getInt("callerUid")));
        throw new AuthenticationException(6, "Calling process UID not authorized to get auth token.");
    }

    private final Bundle buildBundle(Account systemAccount, String accessToken, long tokenExpirationTime) {
        Bundle bundle = new Bundle();
        bundle.putString("authAccount", systemAccount.name);
        bundle.putString("accountType", systemAccount.type);
        bundle.putString("authtoken", accessToken);
        bundle.putLong("android.accounts.expiry", tokenExpirationTime);
        Timber.INSTANCE.i("Deliver token for %s", systemAccount);
        return bundle;
    }

    private final Void failWithGeneralSecurityException(GeneralSecurityException e, String message) {
        Timber.INSTANCE.e(e, message, new Object[0]);
        throw new AuthenticationException(9, "invalid_grant: Perm.NOT_DECIPHERABLE " + e.getMessage());
    }

    private final Void failWithIOException(IOException e, String message) {
        Timber.INSTANCE.e(e, message, new Object[0]);
        throw new AuthenticationException(3, "Failed with " + Reflection.getOrCreateKotlinClass(e.getClass()).getSimpleName() + ": " + e.getMessage());
    }

    private final Void failWithProtocolError(ProtocolError e, String message) {
        Timber.INSTANCE.e(e, message, new Object[0]);
        throw new AuthenticationException(3, "Failed with " + Reflection.getOrCreateKotlinClass(e.getClass()).getSimpleName() + ": " + e.getMessage());
    }

    private final Void failWithProtocolException(ProtocolException e, String message) {
        Timber.INSTANCE.e(e, message, new Object[0]);
        throw new AuthenticationException(5, "Failed with " + Reflection.getOrCreateKotlinClass(e.getClass()).getSimpleName() + ": " + e.getMessage());
    }

    private final String getOAuthRefreshToken(Account2 mailAccount, Account systemAccount, OAuth2Authenticator oAuth2Authenticator) throws AuthenticationException {
        String userData = this.androidSystemAccountManager.getUserData(systemAccount, KEY_REFRESH_TOKEN);
        if (Intrinsics.areEqual(CLEARED_TOKEN, userData)) {
            throw new AuthenticationException(9, "invalid_grant: token was cleared");
        }
        if (userData != null) {
            if (!this.sharedPreferences.getBoolean(mailAccount.getAccountId().getUuid() + PREF_IS_CLEANING_NEEDED, true)) {
                try {
                    String decryptBase64Unsafe = this.encryptHelper.decryptBase64Unsafe(userData);
                    if (decryptBase64Unsafe != null) {
                        return decryptBase64Unsafe;
                    }
                    throw new AuthenticationException(9, "Refresh token was null after decryption");
                } catch (Exception e) {
                    Timber.INSTANCE.e(e, "decrypt token problem ", new Object[0]);
                    throw new AuthenticationException(9, "invalid_grant: Perm.NOT_DECIPHERABLE " + e.getMessage());
                }
            }
        }
        return migrateToOauth(systemAccount, mailAccount, oAuth2Authenticator);
    }

    private final String hashLegacyToken(String legacyToken) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("sha1");
            byte[] bytes = legacyToken.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
            String encodeToString = Base64.encodeToString(messageDigest.digest(bytes), 8);
            Intrinsics.checkNotNull(encodeToString);
            return encodeToString;
        } catch (NoSuchAlgorithmException e) {
            throw new NoSha1SupportException(e);
        }
    }

    private final String migrateToOauth(Account account, Account2 mailAccount, OAuth2Authenticator oAuth2Authenticator) throws AuthenticationException {
        this.moduleAdapter.addBreadCrumb("Legacy token to oAuth2 migration started", ModuleConstants.BREADCRUMB_CATEGORY);
        if (!mailAccount.getCapabilities().canUseTokenLogin()) {
            throw new AuthenticationException(7, "Can't authenticate account " + account + ", not refresh token present and legacy token not supported.");
        }
        String loginToken = this.dataStoreProvider.getLegacyTokenDataStore(mailAccount.getAccountId()).getLoginToken();
        if (loginToken.length() == 0) {
            throw new AuthenticationException(3, "invalid_grant: no logintoken");
        }
        Tracker.DefaultImpls.callTracker$default(this.tracker, mailAccount.getAccountId().getDatabaseId(), AuthTrackerSections.INSTANCE.getMIGRATE_LEGACY_TO_OAUTH2(), null, 4, null);
        if (StringsKt.startsWith$default(loginToken, "urn:password:mobiletoken:", false, 2, (Object) null)) {
            loginToken = loginToken.substring(25);
            Intrinsics.checkNotNullExpressionValue(loginToken, "substring(...)");
        }
        String userData = this.androidSystemAccountManager.getUserData(account, KEY_FAILING_LEGACY_TOKEN_HASH);
        if (userData != null && userData.length() != 0 && Intrinsics.areEqual(userData, hashLegacyToken(loginToken))) {
            throw new AuthenticationException(3, "Legacy token not valid.");
        }
        try {
            String obj = oAuth2Authenticator.loginWithLegacyToken(loginToken).refreshToken().toString();
            this.androidSystemAccountManager.setUserData(account, KEY_REFRESH_TOKEN, this.encryptHelper.encryptBase64Unsafe(obj));
            this.androidSystemAccountManager.setUserData(account, KEY_FAILING_LEGACY_TOKEN_HASH, null);
            this.sharedPreferences.edit().putBoolean(mailAccount.getAccountId().getUuid() + PREF_IS_CLEANING_NEEDED, false).apply();
            this.moduleAdapter.addBreadCrumb("Legacy token to oAuth2 migration complete", ModuleConstants.BREADCRUMB_CATEGORY);
            return obj;
        } catch (IOException e) {
            failWithIOException(e, "Error while migrating to OAuth2");
            throw new KotlinNothingValueException();
        } catch (GeneralSecurityException e2) {
            failWithGeneralSecurityException(e2, "Error while migrating to OAuth2 - Cannot encrypt refresh token");
            throw new KotlinNothingValueException();
        } catch (ProtocolException e3) {
            failWithProtocolException(e3, "Error while migrating to OAuth2");
            throw new KotlinNothingValueException();
        } catch (TokenRequestError e4) {
            Timber.INSTANCE.e(e4, "Error while migrating to OAuth2", new Object[0]);
            if (Intrinsics.areEqual("invalid_grant", e4.getMessage())) {
                this.androidSystemAccountManager.setUserData(account, KEY_FAILING_LEGACY_TOKEN_HASH, hashLegacyToken(loginToken));
            }
            throw new AuthenticationException(9, e4.getMessage() + ":" + e4.description());
        } catch (ProtocolError e5) {
            failWithProtocolError(e5, "Error while migrating to OAuth2");
            throw new KotlinNothingValueException();
        }
    }

    private final OAuth2AccessToken refreshAccessToken(Account account, String authTokenType, String refreshToken, OAuth2Authenticator oAuth2Authenticator) throws AuthenticationException {
        try {
            OAuth2AccessToken accessToken = oAuth2Authenticator.getAccessToken(refreshToken, authTokenType);
            if (accessToken.hasRefreshToken()) {
                this.androidSystemAccountManager.setUserData(account, KEY_REFRESH_TOKEN, this.encryptHelper.encryptBase64Unsafe(accessToken.refreshToken().toString()));
                this.moduleAdapter.addBreadCrumb("Saved new refresh token", ModuleConstants.BREADCRUMB_CATEGORY);
            }
            Intrinsics.checkNotNullExpressionValue(accessToken, "also(...)");
            return accessToken;
        } catch (IOException e) {
            failWithIOException(e, "Error while refreshing an access token");
            throw new KotlinNothingValueException();
        } catch (GeneralSecurityException e2) {
            failWithGeneralSecurityException(e2, "Error while storing the new refresh token");
            throw new KotlinNothingValueException();
        } catch (ProtocolException e3) {
            failWithProtocolException(e3, "Error while refreshing an access token");
            throw new KotlinNothingValueException();
        } catch (TokenRequestError e4) {
            Timber.INSTANCE.e(e4, "TokenRequestError while refreshing an access token", new Object[0]);
            throw new AuthenticationException(9, e4.getMessage() + ":" + e4.description());
        } catch (ProtocolError e5) {
            failWithProtocolError(e5, "Error while refreshing an access token");
            throw new KotlinNothingValueException();
        }
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle addAccount(AccountAuthenticatorResponse response, String accountType, String authTokenType, String[] requiredFeatures, Bundle options) {
        Intrinsics.checkNotNullParameter(response, "response");
        Intrinsics.checkNotNullParameter(accountType, "accountType");
        Intrinsics.checkNotNullParameter(authTokenType, "authTokenType");
        Intrinsics.checkNotNullParameter(requiredFeatures, "requiredFeatures");
        Intrinsics.checkNotNullParameter(options, "options");
        Bundle bundle = new Bundle();
        bundle.putParcelable(OnlineStoragePclActionExecutor.SCHEME_INTENT, this.moduleAdapter.getLoginActivityIntent());
        return bundle;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle confirmCredentials(AccountAuthenticatorResponse response, Account account, Bundle options) {
        Intrinsics.checkNotNullParameter(response, "response");
        Intrinsics.checkNotNullParameter(account, "account");
        Intrinsics.checkNotNullParameter(options, "options");
        throw new UnsupportedOperationException();
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle editProperties(AccountAuthenticatorResponse response, String accountType) {
        Intrinsics.checkNotNullParameter(response, "response");
        Intrinsics.checkNotNullParameter(accountType, "accountType");
        throw new UnsupportedOperationException();
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle getAuthToken(AccountAuthenticatorResponse response, Account systemAccount, String authTokenType, Bundle loginOptions) {
        Intrinsics.checkNotNullParameter(response, "response");
        Intrinsics.checkNotNullParameter(systemAccount, "systemAccount");
        Intrinsics.checkNotNullParameter(authTokenType, "authTokenType");
        Intrinsics.checkNotNullParameter(loginOptions, "loginOptions");
        try {
            assertAccessRights(loginOptions);
            Account2 accountByAndroidAccount = this.accountManager.getAccountByAndroidAccount(systemAccount);
            if (accountByAndroidAccount == null) {
                throw new AuthenticationException(7, "No matching account found");
            }
            if (Intrinsics.areEqual(AUTH_TYPE_LEGACY, authTokenType)) {
                String legacyAccessToken = this.moduleAdapter.getLegacyAccessToken(systemAccount, accountByAndroidAccount);
                this.moduleAdapter.addBreadCrumb("Loaded legacy access token", ModuleConstants.BREADCRUMB_CATEGORY);
                return buildBundle(systemAccount, legacyAccessToken, 0L);
            }
            OAuth2Authenticator oauth2Authenticator = this.oAuth2AuthenticatorFactory.getOauth2Authenticator(accountByAndroidAccount.getBrand().getValue());
            String oAuthRefreshToken = getOAuthRefreshToken(accountByAndroidAccount, systemAccount, oauth2Authenticator);
            this.moduleAdapter.addBreadCrumb("Loaded current oAuth2 refresh token", ModuleConstants.BREADCRUMB_CATEGORY);
            OAuth2AccessToken refreshAccessToken = refreshAccessToken(systemAccount, authTokenType, oAuthRefreshToken, oauth2Authenticator);
            this.moduleAdapter.addBreadCrumb("Loaded new oAuth2 access token", ModuleConstants.BREADCRUMB_CATEGORY);
            return buildBundle(systemAccount, refreshAccessToken.accessToken().toString(), refreshAccessToken.expirationDate().getTimestamp());
        } catch (AuthenticationException e) {
            Timber.INSTANCE.e(e);
            this.moduleAdapter.addBreadCrumb("Failed to provide access token, " + e.getMessage(), ModuleConstants.BREADCRUMB_CATEGORY);
            Bundle bundle = e.toBundle();
            Intrinsics.checkNotNull(bundle);
            return bundle;
        }
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public String getAuthTokenLabel(String authTokenType) {
        Intrinsics.checkNotNullParameter(authTokenType, "authTokenType");
        throw new UnsupportedOperationException();
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle hasFeatures(AccountAuthenticatorResponse response, Account account, String[] features) {
        Intrinsics.checkNotNullParameter(response, "response");
        Intrinsics.checkNotNullParameter(account, "account");
        Intrinsics.checkNotNullParameter(features, "features");
        Bundle bundle = new Bundle();
        bundle.putBoolean("booleanResult", false);
        return bundle;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle updateCredentials(AccountAuthenticatorResponse response, Account account, String authTokenType, Bundle loginOptions) {
        Intrinsics.checkNotNullParameter(response, "response");
        Intrinsics.checkNotNullParameter(account, "account");
        Intrinsics.checkNotNullParameter(authTokenType, "authTokenType");
        Intrinsics.checkNotNullParameter(loginOptions, "loginOptions");
        throw new UnsupportedOperationException();
    }
}
