package com.microstrategy.android.network;

import android.content.Context;
import android.os.Build;
import android.telephony.TelephonyManager;
import android.util.Log;
import com.microstrategy.android.MstrApplication;
import com.microstrategy.android.model.config.MobileConfig;
import com.microstrategy.android.network.HttpClientManager;
import com.microstrategy.android.utils.Base64;
import com.microstrategy.android.utils.Debug;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.StringReader;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Observable;
import java.util.Observer;
import java.util.UUID;
import javax.net.ssl.SSLHandshakeException;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParserFactory;
import org.apache.http.NameValuePair;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.xml.sax.Attributes;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;

/* loaded from: classes.dex */
public class SecureClientHelper extends Observable {
    public static final String KEYSTORE_FILENAME = "secureLinkKeystore";
    private static final String TAG = "MSTR Android";
    private static final SecureClientHelper instance = new SecureClientHelper();
    private static KeyStore keystore;
    private static String m;
    private String certificateServerBaseURL;
    private MstrApplication ma;

    /* loaded from: classes.dex */
    public static class AuthField {
        public Map<String, String> parameters = new HashMap();

        public String getDisplayName() {
            return this.parameters.get("dn");
        }

        public String getName() {
            return this.parameters.get("n");
        }

        public String getType() {
            return this.parameters.get("tp");
        }

        public String toString() {
            return this.parameters.toString();
        }
    }

    /* loaded from: classes.dex */
    public static class CertificateData {
        public byte[] pkcs12;
        public String xml;

        CertificateData(byte[] bArr) throws SecureClientException {
            if (bArr != null) {
                int bytes2Int = SecureClientHelper.bytes2Int(bArr, 0);
                if (bytes2Int < 2) {
                    throw new SecureClientException("Incorrect certificate package - expected at least two sections, but only received " + bytes2Int);
                }
                int i = 0 + 4;
                int bytes2Int2 = SecureClientHelper.bytes2Int(bArr, i);
                this.pkcs12 = new byte[bytes2Int2];
                System.arraycopy(bArr, i + 4, this.pkcs12, 0, bytes2Int2);
                int i2 = bytes2Int2 + 8;
                try {
                    this.xml = new String(bArr, i2 + 4, SecureClientHelper.bytes2Int(bArr, i2), "UTF-8");
                } catch (UnsupportedEncodingException e) {
                    Log.e("MSTR Android", e.getMessage(), e);
                }
            }
        }
    }

    /* loaded from: classes.dex */
    public static class LoginInfo {
        public List<AuthField> fields;
        public StringBuilder msg;
        String xml;

        /* loaded from: classes.dex */
        public class LoginInfoHandler extends DefaultHandler {
            private boolean isReadingMsg = false;

            public LoginInfoHandler() {
            }

            @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
            public void characters(char[] cArr, int i, int i2) throws SAXException {
                if (!this.isReadingMsg || LoginInfo.this.msg == null) {
                    return;
                }
                LoginInfo.this.msg.append(cArr, i, i2);
            }

            @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
            public void endElement(String str, String str2, String str3) throws SAXException {
                if (str3.equals("msg")) {
                    this.isReadingMsg = false;
                }
            }

            @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
            public void startDocument() throws SAXException {
                LoginInfo.this.msg = null;
                LoginInfo.this.fields = new ArrayList();
            }

            @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
            public void startElement(String str, String str2, String str3, Attributes attributes) throws SAXException {
                if (str3.equals("msg")) {
                    LoginInfo.this.msg = new StringBuilder();
                    this.isReadingMsg = true;
                } else if (str3.equals("field")) {
                    AuthField authField = new AuthField();
                    for (int i = 0; i < attributes.getLength(); i++) {
                        authField.parameters.put(attributes.getQName(i), attributes.getValue(i));
                    }
                    LoginInfo.this.fields.add(authField);
                }
            }
        }

        LoginInfo(byte[] bArr) throws IOException, ParserConfigurationException, SAXException {
            if (bArr != null) {
                this.xml = new String(bArr);
                SAXParserFactory.newInstance().newSAXParser().parse(new InputSource(new StringReader(this.xml)), new LoginInfoHandler());
            }
        }

        public String getXML() {
            return this.xml;
        }
    }

    /* loaded from: classes.dex */
    public enum SecureClientEvent {
        DEVICE_CERTIFICATE_NEW,
        DEVICE_CERTIFICATE_DELETED,
        TRUSTSTORE_CHANGED
    }

    /* loaded from: classes.dex */
    public static class SecureClientException extends Exception {
        private static final long serialVersionUID = 1;

        SecureClientException(String str) {
            super(str);
        }
    }

    /* loaded from: classes.dex */
    public static abstract class SecureClientObserver implements Observer {
        public abstract void update(SecureClientEvent secureClientEvent);

        @Override // java.util.Observer
        public final void update(Observable observable, Object obj) {
            if (obj instanceof SecureClientEvent) {
                update((SecureClientEvent) obj);
            } else {
                Log.e("MSTR Android", "Unknown observer update object: " + obj);
            }
        }
    }

    private SecureClientHelper() {
    }

    static int bytes2Int(byte[] bArr, int i) {
        int i2 = 0;
        if (bArr != null) {
            for (int i3 = 0; i3 < 4; i3++) {
                i2 += (bArr[i + i3] & 255) << (i3 * 8);
            }
        }
        return i2;
    }

    private String constructURL(String str, Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        try {
            sb.append(this.certificateServerBaseURL).append("?action=" + URLEncoder.encode(str, "UTF-8"));
            if (map != null && !map.isEmpty()) {
                for (Map.Entry<String, String> entry : map.entrySet()) {
                    sb.append("&" + URLEncoder.encode(entry.getKey(), "UTF-8") + "=" + URLEncoder.encode(entry.getValue(), "UTF-8"));
                }
            }
        } catch (UnsupportedEncodingException e) {
            Log.e("MSTR Android", e.getMessage(), e);
        }
        return sb.toString();
    }

    private boolean deleteKeystore(String str) {
        File fileStreamPath = this.ma.getApplicationContext().getFileStreamPath(str);
        if (fileStreamPath == null) {
            return false;
        }
        boolean delete = fileStreamPath.delete();
        if (!delete) {
            return delete;
        }
        Log.d("MSTR Android", "Deleted " + str);
        return delete;
    }

    static String escapeStringForXML(String str) {
        StringBuilder sb = new StringBuilder();
        if (str != null) {
            for (int i = 0; i < str.length(); i++) {
                char charAt = str.charAt(i);
                if ('<' == charAt) {
                    sb.append("&lt;");
                } else if ('>' == charAt) {
                    sb.append("&gt;");
                } else if ('&' == charAt) {
                    sb.append("&amp;");
                } else if ('\'' == charAt) {
                    sb.append("&apos;");
                } else if ('\"' == charAt) {
                    sb.append("&quot;");
                } else if ('\t' == charAt) {
                    sb.append("&#x09;");
                } else if ('\n' == charAt) {
                    sb.append("&#x0A;");
                } else if ('\r' == charAt) {
                    sb.append("&#x0D;");
                } else {
                    sb.append(charAt);
                }
            }
        }
        return sb.toString();
    }

    private static char getAscii(int i) {
        return (char) ((i % 95) + 32);
    }

    private CertificateData getCertificate(String str, String str2, Map<String, String> map) throws IOException, SecureClientException {
        String certificateCommand = getCertificateCommand(str, str2, map);
        Debug.LogConfiguration("MSTR Android", "SecureClientHelper.getCertificate URL: " + certificateCommand);
        SynchronousHttpRequest synchronousHttpRequest = new SynchronousHttpRequest(new HttpReq("", certificateCommand, "", "", ""), null);
        byte[] executeBinary = synchronousHttpRequest.executeBinary();
        if (!synchronousHttpRequest.success()) {
            throw new IOException(new String(executeBinary, "UTF-8"));
        }
        if (executeBinary.length > 0 && executeBinary[0] == 60) {
            String str3 = new String(executeBinary, "UTF-8");
            if (str3.startsWith("<error")) {
                throw new SecureClientException(str3);
            }
        }
        return new CertificateData(executeBinary);
    }

    private static final String getDeviceID(Context context) {
        String deviceId = ((TelephonyManager) context.getSystemService("phone")).getDeviceId();
        if (deviceId != null) {
            return deviceId;
        }
        if (Build.VERSION.SDK_INT < 8) {
            Log.w("MSTR Android", "Android device ID may not be unique or even available:android_id");
        }
        return "android_id";
    }

    public static SecureClientHelper getInstance() {
        return instance;
    }

    private static String getTmpPwd() {
        return UUID.randomUUID().toString().substring(0, 7);
    }

    private static KeyStore keystore(Context context, String str, String str2, char[] cArr, boolean z) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException {
        File fileStreamPath = context.getFileStreamPath(str);
        if (fileStreamPath == null || !fileStreamPath.exists()) {
            if (!z) {
                return null;
            }
            KeyStore keyStore = KeyStore.getInstance(str2, "BC");
            keyStore.load(null, cArr);
            return keyStore;
        }
        KeyStore keyStore2 = KeyStore.getInstance(str2, "BC");
        FileInputStream openFileInput = context.openFileInput(str);
        long currentTimeMillis = System.currentTimeMillis();
        try {
            try {
                keyStore2.load(openFileInput, cArr);
                try {
                    return keyStore2;
                } catch (IOException e) {
                    return keyStore2;
                }
            } catch (IOException e2) {
                throw e2;
            }
        } finally {
            Log.i("MSTR Android", "PERFORMANCE loading secure store " + str + ": " + (System.currentTimeMillis() - currentTimeMillis));
            try {
                openFileInput.close();
            } catch (IOException e3) {
                Log.e("MSTR Android", e3.getMessage(), e3);
            }
        }
    }

    public static KeyStore keystore(Context context, char[] cArr) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException {
        if (keystore == null) {
            keystore = keystore(context, KEYSTORE_FILENAME, "PKCS12", cArr, false);
        }
        return keystore;
    }

    public static String mix(String str, String str2) {
        char[] charArray;
        char[] charArray2;
        if (str == null || "".equals(str)) {
            return str2;
        }
        if (str2 == null || "".equals(str2)) {
            return str;
        }
        if (str.length() < str2.length()) {
            charArray = str.toCharArray();
            charArray2 = str2.toCharArray();
        } else {
            charArray = str2.toCharArray();
            charArray2 = str.toCharArray();
        }
        char[] cArr = new char[charArray2.length];
        for (int i = 0; i < charArray2.length; i++) {
            cArr[i] = getAscii(charArray2[i] + charArray[i % charArray.length]);
        }
        return new String(cArr);
    }

    private void saveWithNewPassword(byte[] bArr, String str) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException {
        Context applicationContext = this.ma.getApplicationContext();
        KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
        keyStore.load(new ByteArrayInputStream(bArr), str.toCharArray());
        Enumeration<String> aliases = keyStore.aliases();
        char[] charArray = getp(KEYSTORE_FILENAME).toCharArray();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            keyStore.setKeyEntry(nextElement, keyStore.getKey(nextElement, str.toCharArray()), charArray, keyStore.getCertificateChain(nextElement));
        }
        FileOutputStream openFileOutput = applicationContext.openFileOutput(KEYSTORE_FILENAME, 0);
        try {
            keyStore.store(openFileOutput, charArray);
            if (openFileOutput != null) {
                try {
                    openFileOutput.close();
                } catch (Exception e) {
                }
            }
        } catch (Throwable th) {
            if (openFileOutput != null) {
                try {
                    openFileOutput.close();
                } catch (Exception e2) {
                }
            }
            throw th;
        }
    }

    private void setCertificateServerURL(String str) {
        this.certificateServerBaseURL = str;
        if (str != null) {
            String trim = str.trim();
            if (trim.indexOf("/asp") == -1 && trim.indexOf("/servlet") == -1) {
                if (!trim.endsWith("/")) {
                    trim = trim + "/";
                }
                this.certificateServerBaseURL = trim + "servlet/certificate";
            }
        }
    }

    public boolean deleteDeviceCertificate() {
        keystore = null;
        m = null;
        boolean deleteKeystore = deleteKeystore(KEYSTORE_FILENAME);
        if (deleteKeystore) {
            setChanged();
            notifyObservers(SecureClientEvent.DEVICE_CERTIFICATE_DELETED);
        }
        return deleteKeystore;
    }

    Certificate get(byte[] bArr) throws CertificateException {
        return CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    public LoginInfo getAuthenticationFields(String str, String str2) throws IOException, ParserConfigurationException, SAXException {
        String authenticationFieldsCommand = getAuthenticationFieldsCommand(str, str2);
        Debug.LogConfiguration("MSTR Android", "SecureClientHelper.getAuthenticationFields URL: " + authenticationFieldsCommand);
        SynchronousHttpRequest synchronousHttpRequest = new SynchronousHttpRequest(new HttpReq("", authenticationFieldsCommand, "", "", ""), null);
        byte[] executeBinary = synchronousHttpRequest.executeBinary();
        if (synchronousHttpRequest.success()) {
            return new LoginInfo(executeBinary);
        }
        throw new IOException(synchronousHttpRequest.getErrorMessage());
    }

    String getAuthenticationFieldsCommand(String str, String str2) {
        HashMap hashMap = new HashMap();
        if (str != null) {
            hashMap.put("country", escapeStringForXML(str));
        }
        if (str2 != null) {
            hashMap.put("language", escapeStringForXML(str2));
        }
        return constructURL("GetAuthenticationFields", hashMap);
    }

    public X509Certificate getCertificate() throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keystore2 = keystore(this.ma.getApplicationContext(), getp(KEYSTORE_FILENAME).toCharArray());
        if (keystore2 != null) {
            Enumeration<String> aliases = keystore2.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keystore2.getCertificate(aliases.nextElement());
                if (certificate instanceof X509Certificate) {
                    return (X509Certificate) certificate;
                }
            }
        }
        return null;
    }

    public PrivateKey getCertificateAndPrivateKey(X509Certificate[] x509CertificateArr) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, IOException {
        KeyStore keystore2 = keystore(this.ma.getApplicationContext(), getp(KEYSTORE_FILENAME).toCharArray());
        if (keystore2 != null) {
            Enumeration<String> aliases = keystore2.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate certificate = keystore2.getCertificate(nextElement);
                Key key = keystore2.getKey(nextElement, getp(KEYSTORE_FILENAME).toCharArray());
                if (certificate instanceof X509Certificate) {
                    x509CertificateArr[0] = (X509Certificate) certificate;
                    return (PrivateKey) key;
                }
            }
        }
        return null;
    }

    String getCertificateCommand(String str, String str2, Map<String, String> map) {
        HashMap hashMap = new HashMap();
        StringBuilder sb = new StringBuilder();
        sb.append("<auth>");
        if (str != null) {
            sb.append("<device_id>").append(escapeStringForXML(str)).append("</device_id>");
        }
        if (str2 != null) {
            sb.append("<pkcs12_password>").append(escapeStringForXML(str2)).append("</pkcs12_password>");
        }
        if (map != null && !map.isEmpty()) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                sb.append("<field n=\"").append(escapeStringForXML(entry.getKey())).append("\"").append(" v=\"").append(escapeStringForXML(entry.getValue())).append("\"/>");
            }
        }
        sb.append("</auth>");
        hashMap.put("includeXML", "1");
        hashMap.put("loginParams", sb.toString());
        return constructURL("GetCertificate", hashMap);
    }

    public CertificateData getNewCertificate(Map<String, String> map) throws IOException, SecureClientException, KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        String tmpPwd = getTmpPwd();
        CertificateData certificate = getCertificate(getDeviceID(this.ma.getApplicationContext()), tmpPwd, map);
        saveDeviceKeystore(certificate.pkcs12, tmpPwd);
        setChanged();
        notifyObservers(SecureClientEvent.DEVICE_CERTIFICATE_NEW);
        return certificate;
    }

    public String getp(String str) {
        if (m == null) {
            Key key = this.ma.getKeyManager().getKey("secLink", false);
            if (key == null) {
                if (keystore != null) {
                    Log.d("MSTR Android", "Master key no longer available - device certificate will be purged");
                    deleteDeviceCertificate();
                }
                key = this.ma.getKeyManager().getKey("secLink", true);
            }
            m = Base64.encode(key.getEncoded());
        }
        String mix = mix(str, m);
        return mix.length() > 7 ? mix.substring(0, 7) : mix;
    }

    public boolean hasCertificateServerURL() {
        if (this.certificateServerBaseURL != null && !this.certificateServerBaseURL.isEmpty()) {
            return true;
        }
        if (this.ma != null) {
            MobileConfig configObject = this.ma.getConfigObject();
            if (configObject.useCertificateServer()) {
                String certificateServerURL = configObject.getCertificateServerURL();
                return (certificateServerURL == null || certificateServerURL.isEmpty()) ? false : true;
            }
        } else {
            RuntimeException runtimeException = new RuntimeException("SecureClientHelper was not properly initialized");
            Log.e("MSTR Android", runtimeException.getMessage(), runtimeException);
        }
        return false;
    }

    public boolean hasDeviceCertificate(Context context) {
        File fileStreamPath = context.getFileStreamPath(KEYSTORE_FILENAME);
        return fileStreamPath != null && fileStreamPath.exists();
    }

    public void init(MstrApplication mstrApplication) {
        if (mstrApplication == null) {
            throw new RuntimeException("MstrApplication should not be empty");
        }
        this.ma = mstrApplication;
        MobileConfig configObject = this.ma.getConfigObject();
        if (configObject.useCertificateServer()) {
            setCertificateServerURL(configObject.getCertificateServerURL());
            setCertificateServerURL(configObject.getCertificateServerURL());
        }
    }

    public void init(MstrApplication mstrApplication, List<NameValuePair> list) {
        if (mstrApplication == null) {
            throw new RuntimeException("MstrApplication should not be empty");
        }
        this.ma = mstrApplication;
        if (list != null) {
            for (NameValuePair nameValuePair : new ArrayList(list)) {
                if ("csUrl".equals(nameValuePair.getName())) {
                    setCertificateServerURL(nameValuePair.getValue());
                }
            }
        }
    }

    public boolean requireDeviceCertificate(String str) {
        return str != null && str.indexOf(SSLConnectionSocketFactory.SSL) > -1 && str.indexOf("14094412") > -1;
    }

    public boolean requireDeviceCertificate(Throwable th) {
        return (th instanceof HttpClientManager.CustomHostnameVerifierException) || ((th instanceof SSLHandshakeException) && th.getCause() != null && requireDeviceCertificate(th.getCause().getMessage()));
    }

    void saveDeviceKeystore(byte[] bArr, String str) throws IOException, KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        File fileStreamPath = this.ma.getApplicationContext().getFileStreamPath(KEYSTORE_FILENAME);
        if (fileStreamPath != null && fileStreamPath.exists()) {
            fileStreamPath.delete();
        }
        saveWithNewPassword(bArr, str);
    }
}
