package com.eltechs.ed.startupActions;

import android.content.Context;
import android.os.AsyncTask;
import android.os.Bundle;
import com.eltechs.axs.configuration.startup.actions.AbstractStartupAction;
import com.eltechs.axs.helpers.Base64;
import com.eltechs.axs.helpers.GAHelpers;
import com.eltechs.ed.R;
import com.eltechs.ed.safetyNetTamperCheck.GoogleApisTrustManager;
import com.eltechs.ed.safetyNetTamperCheck.SafetyNetResponse;
import com.eltechs.ed.safetyNetTamperCheck.Utils;
import com.google.android.gms.common.ConnectionResult;
import com.google.android.gms.common.GoogleApiAvailability;
import com.google.android.gms.common.api.GoogleApiClient;
import com.google.android.gms.common.api.ResultCallback;
import com.google.android.gms.common.api.Status;
import com.google.android.gms.safetynet.SafetyNet;
import com.google.android.gms.safetynet.SafetyNetApi;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.json.JSONObject;

/* JADX WARN: Classes with same name are omitted:
  pjiedex.ooo
 */
/* loaded from: classes.dex */
public class SafetyNetTamperCheck<StateClass> extends AbstractStartupAction<StateClass> implements GoogleApiClient.ConnectionCallbacks, GoogleApiClient.OnConnectionFailedListener {
    private static final boolean IS_LOGCAT = false;
    private static final boolean IS_PERMISSIVE = true;
    private static int MAX_TIMESTAMP_DURATION_MS = 120000;
    private static int MAX_TIMESTAMP_TIME_DELTA_MS = 300000;
    private static final String TAG = "SNTC";
    private static final String UTF8 = "UTF-8";
    private final String androidDeviceVerificationApiKey;
    private final List<String> apkCertificateDigests;
    private final String apkDigest;
    private GoogleApiClient googleApiClient;
    private byte[] requestNonce;
    private long requestTimestampMs;
    private final SecureRandom secureRandom = new SecureRandom();
    private final GoogleApiAvailability googleApiAvailability = GoogleApiAvailability.getInstance();

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      pjiedex.ooo
     */
    /* loaded from: classes.dex */
    public class AndroidDeviceVerifierTask extends AsyncTask<String, Void, Boolean> {
        private static final String GOOGLE_VERIFICATION_URL = "https://www.googleapis.com/androidcheck/v1/attestations/verify?key=";
        private String errorMessage;
        private String gaLabel;

        private AndroidDeviceVerifierTask() {
            this.errorMessage = null;
            this.gaLabel = null;
        }

        private TrustManager[] getTrustManagers() throws KeyStoreException, NoSuchAlgorithmException {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            TrustManager[] trustManagerArr = (TrustManager[]) Arrays.copyOf(trustManagers, trustManagers.length + 1);
            trustManagerArr[trustManagers.length] = new GoogleApisTrustManager();
            return trustManagerArr;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public Boolean doInBackground(String... strArr) {
            String str = strArr[0];
            String str2 = strArr[1];
            try {
                URL url = new URL(GOOGLE_VERIFICATION_URL + str);
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, getTrustManagers(), null);
                HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
                httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
                httpsURLConnection.setRequestMethod("POST");
                httpsURLConnection.setRequestProperty("Content-Type", "application/json");
                byte[] bytes = ("{ \"signedAttestation\": \"" + str2 + "\"}").getBytes("UTF-8");
                OutputStream outputStream = httpsURLConnection.getOutputStream();
                outputStream.write(bytes);
                outputStream.close();
                httpsURLConnection.connect();
                int responseCode = httpsURLConnection.getResponseCode();
                String responseMessage = httpsURLConnection.getResponseMessage();
                SafetyNetTamperCheck.this.logDebug("The response code is: " + responseCode);
                SafetyNetTamperCheck.this.logDebug("The response message is: " + responseMessage);
                if (responseCode != 200) {
                    this.errorMessage = String.format(SafetyNetTamperCheck.this.getString(R.string.sntc_google_apis_server_response_not_ok), Integer.valueOf(responseCode), responseMessage);
                    this.gaLabel = "sntc_google_apis_server_response_not_ok";
                    return false;
                }
                InputStream inputStream = httpsURLConnection.getInputStream();
                StringBuilder sb = new StringBuilder();
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        return Boolean.valueOf(new JSONObject(sb.toString()).getBoolean("isValidSignature"));
                    }
                    sb.append(readLine);
                }
            } catch (Exception e) {
                SafetyNetTamperCheck.this.logError("problem validating JWS Message: " + e.getMessage(), e);
                this.errorMessage = SafetyNetTamperCheck.this.getString(R.string.sntc_google_apis_server_response_fail);
                this.gaLabel = "sntc_google_apis_server_response_fail";
                return false;
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public void onPostExecute(Boolean bool) {
            SafetyNetTamperCheck.this.logDebug("verify api result = " + bool);
            if (this.errorMessage != null) {
                SafetyNetTamperCheck.this.endWithError(this.errorMessage, this.gaLabel);
            } else if (bool.booleanValue()) {
                SafetyNetTamperCheck.this.endWithSuccess();
            } else {
                SafetyNetTamperCheck.this.endWithError(SafetyNetTamperCheck.this.getString(R.string.sntc_google_signature_attestation_failed), "sntc_google_signature_attestation_failed");
            }
        }
    }

    public SafetyNetTamperCheck(Context context, String str) {
        this.androidDeviceVerificationApiKey = str;
        this.apkCertificateDigests = Utils.calcApkCertificateDigests(context, context.getPackageName());
        this.apkDigest = Utils.calcApkDigest(context);
        logDebug("apkCertificateDigests:" + this.apkCertificateDigests);
        logDebug("apkDigest:" + this.apkDigest);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void endWithError(String str, String str2) {
        GAHelpers.GASendEvent(getAppContext(), "SafetyNetCheck", "fail", str2, null);
        sendDone();
    }

    private void endWithGooglePlayServicesUnavailableError(int i) {
        logDebug(String.format("Connection to Google Play Services failed: %1$s (%2$d), isUserResolvableError = %3$b", this.googleApiAvailability.getErrorString(i), Integer.valueOf(i), Boolean.valueOf(this.googleApiAvailability.isUserResolvableError(i))));
        endWithError(String.format(getString(R.string.sntc_google_play_services_unavailable), this.googleApiAvailability.getErrorString(i)), "sntc_google_play_services_unavailable");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void endWithSuccess() {
        GAHelpers.GASendEvent(getAppContext(), "SafetyNetCheck", "ok", "", null);
        sendDone();
    }

    private byte[] generateNonce() {
        byte[] bArr = new byte[16];
        this.secureRandom.nextBytes(bArr);
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void logDebug(String str) {
    }

    private void logError(String str) {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void logError(String str, Throwable th) {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onSafetyNetAttestationResult(SafetyNetApi.AttestationResult attestationResult) {
        Status status = attestationResult.getStatus();
        if (!status.isSuccess()) {
            logDebug("An error occurred while communicating with the SafetyNet service. " + status);
            endWithError(getString(R.string.sntc_communication_error), "sntc_communication_error");
            return;
        }
        String jwsResult = attestationResult.getJwsResult();
        logDebug("JWS: " + jwsResult);
        SafetyNetResponse parseJsonWebSignature = parseJsonWebSignature(jwsResult);
        if (!validateSafetyNetResponsePayload(parseJsonWebSignature)) {
            endWithError(getString(R.string.sntc_validation_fail), "sntc_validation_fail");
            return;
        }
        if (!validateSafetyNetResponsePayloadTimestamp(parseJsonWebSignature)) {
            endWithError(getString(R.string.sntc_validation_fail_timestamp), "sntc_validation_fail_timestamp");
        } else if (parseJsonWebSignature.isCtsProfileMatch()) {
            new AndroidDeviceVerifierTask().execute(this.androidDeviceVerificationApiKey, jwsResult);
        } else {
            endWithError(getString(R.string.sntc_cts_profile_mismatch), "sntc_cts_profile_mismatch");
        }
    }

    private SafetyNetResponse parseJsonWebSignature(String str) {
        String[] split = str.split("\\.");
        if (split.length != 3) {
            return null;
        }
        try {
            String str2 = new String(Base64.decodeWebSafe(split[1]), "UTF-8");
            logDebug("JWS decodedPayload: " + str2);
            return SafetyNetResponse.parse(str2);
        } catch (Base64.DecoderException e) {
            return null;
        } catch (UnsupportedEncodingException e2) {
            return null;
        }
    }

    private boolean validateSafetyNetResponsePayload(SafetyNetResponse safetyNetResponse) {
        if (safetyNetResponse == null) {
            logError("SafetyNetResponse is null.");
            return false;
        }
        String trim = android.util.Base64.encodeToString(this.requestNonce, 0).trim();
        if (!trim.equals(safetyNetResponse.getNonce())) {
            logError("invalid nonce, expected = \"" + trim + "\"");
            logError("invalid nonce, response   = \"" + safetyNetResponse.getNonce() + "\"");
            return false;
        }
        if (!getAppContext().getPackageName().equalsIgnoreCase(safetyNetResponse.getApkPackageName())) {
            logError("invalid packageName, expected = \"" + getAppContext().getPackageName() + "\"");
            logError("invalid packageName, response = \"" + safetyNetResponse.getApkPackageName() + "\"");
            return false;
        }
        if (!Arrays.equals(this.apkCertificateDigests.toArray(), safetyNetResponse.getApkCertificateDigestSha256())) {
            logError("invalid apkCertificateDigest, local/expected = " + Arrays.asList(this.apkCertificateDigests));
            logError("invalid apkCertificateDigest, response = " + Arrays.asList(safetyNetResponse.getApkCertificateDigestSha256()));
            return false;
        }
        if (this.apkDigest.equals(safetyNetResponse.getApkDigestSha256())) {
            return true;
        }
        logError("invalid ApkDigest, local/expected = \"" + this.apkDigest + "\"");
        logError("invalid ApkDigest, response = \"" + safetyNetResponse.getApkDigestSha256() + "\"");
        return false;
    }

    private boolean validateSafetyNetResponsePayloadTimestamp(SafetyNetResponse safetyNetResponse) {
        long timestampMs = safetyNetResponse.getTimestampMs() - this.requestTimestampMs;
        if (timestampMs >= (-MAX_TIMESTAMP_TIME_DELTA_MS) && timestampMs <= MAX_TIMESTAMP_TIME_DELTA_MS + MAX_TIMESTAMP_DURATION_MS) {
            return true;
        }
        logError("Duration calculated from the timestamp of response \"" + timestampMs + " \" exceeds permitted duration of \"" + MAX_TIMESTAMP_DURATION_MS + "\"");
        return false;
    }

    @Override // com.eltechs.axs.configuration.startup.StartupAction
    public void execute() {
        int isGooglePlayServicesAvailable = this.googleApiAvailability.isGooglePlayServicesAvailable(getAppContext());
        if (isGooglePlayServicesAvailable != 0) {
            endWithGooglePlayServicesUnavailableError(isGooglePlayServicesAvailable);
        } else {
            this.googleApiClient = new GoogleApiClient.Builder(getAppContext()).addApi(SafetyNet.API).addConnectionCallbacks(this).addOnConnectionFailedListener(this).build();
            this.googleApiClient.connect();
        }
    }

    @Override // com.google.android.gms.common.api.GoogleApiClient.ConnectionCallbacks
    public void onConnected(Bundle bundle) {
        logDebug("onConnected");
        this.requestNonce = generateNonce();
        this.requestTimestampMs = System.currentTimeMillis();
        SafetyNet.SafetyNetApi.attest(this.googleApiClient, this.requestNonce).setResultCallback(new ResultCallback<SafetyNetApi.AttestationResult>() { // from class: com.eltechs.ed.startupActions.SafetyNetTamperCheck.1
            @Override // com.google.android.gms.common.api.ResultCallback
            public void onResult(SafetyNetApi.AttestationResult attestationResult) {
                SafetyNetTamperCheck.this.onSafetyNetAttestationResult(attestationResult);
            }
        });
    }

    @Override // com.google.android.gms.common.api.GoogleApiClient.OnConnectionFailedListener
    public void onConnectionFailed(ConnectionResult connectionResult) {
        endWithGooglePlayServicesUnavailableError(connectionResult.getErrorCode());
    }

    @Override // com.google.android.gms.common.api.GoogleApiClient.ConnectionCallbacks
    public void onConnectionSuspended(int i) {
        logDebug("onConnectionSuspended");
    }
}
