package com.orange.authentication.lowLevelApi;

import android.content.Context;
import android.content.pm.Signature;
import android.content.pm.SigningInfo;
import android.os.Build;
import android.util.Base64;
import com.amazonaws.mobileconnectors.pinpoint.internal.core.util.StringUtil;
import com.google.android.gms.common.GoogleApiAvailability;
import com.google.android.gms.common.api.ApiException;
import com.google.android.gms.safetynet.SafetyNet;
import com.google.android.gms.safetynet.SafetyNetApi;
import com.google.android.gms.tasks.OnFailureListener;
import com.google.android.gms.tasks.OnSuccessListener;
import com.google.android.gms.tasks.Task;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.orange.authentication.lowLevelApi.securitylib.api.RootCheckData;
import com.orange.authentication.lowLevelApi.securitylib.api.SafetyNetCheckData;
import com.orange.authentication.lowLevelApi.securitylib.api.SafetyNetCheckListener;
import com.orange.authentication.lowLevelApi.securitylib.api.SecurityCheckApi;
import com.scottyab.rootbeer.RootBeer;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Ref;
import kotlin.text.StringsKt;

/* loaded from: classes5.dex */
public final class f implements SecurityCheckApi {
    private Context a;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public static final class a<TResult> implements OnSuccessListener<SafetyNetApi.AttestationResponse> {
        final /* synthetic */ Ref.ObjectRef b;
        final /* synthetic */ SafetyNetCheckListener c;

        a(Ref.ObjectRef objectRef, SafetyNetCheckListener safetyNetCheckListener) {
            this.b = objectRef;
            this.c = safetyNetCheckListener;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // com.google.android.gms.tasks.OnSuccessListener
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final void onSuccess(SafetyNetApi.AttestationResponse response) {
            Intrinsics.checkNotNullParameter(response, "response");
            f fVar = f.this;
            String jwsResult = response.getJwsResult();
            Intrinsics.checkNotNullExpressionValue(jwsResult, "response.jwsResult");
            fVar.a(jwsResult, (byte[]) this.b.element, this.c);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public static final class b implements OnFailureListener {
        final /* synthetic */ Ref.ObjectRef a;
        final /* synthetic */ SafetyNetCheckListener b;

        b(Ref.ObjectRef objectRef, SafetyNetCheckListener safetyNetCheckListener) {
            this.a = objectRef;
            this.b = safetyNetCheckListener;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // com.google.android.gms.tasks.OnFailureListener
        public final void onFailure(Exception exception) {
            Ref.ObjectRef objectRef;
            T t;
            Intrinsics.checkNotNullParameter(exception, "exception");
            if (exception instanceof ApiException) {
                objectRef = this.a;
                t = SafetyNetCheckData.SN_API_UNAVAILABLE;
            } else {
                objectRef = this.a;
                t = SafetyNetCheckData.SN_API_UNEXPECTED_ERROR;
            }
            objectRef.element = t;
            ((SafetyNetCheckData) this.a.element).setError(exception.getMessage());
            this.b.onSafetyNetCheckFailed((SafetyNetCheckData) this.a.element);
        }
    }

    public f(Context ctx) {
        Intrinsics.checkNotNullParameter(ctx, "ctx");
        this.a = ctx;
    }

    private final void a(String str, String str2) {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void a(String str, byte[] bArr, SafetyNetCheckListener safetyNetCheckListener) {
        SafetyNetCheckData safetyNetCheckData;
        String str2;
        SafetyNetCheckData.SafetyNetCheckDeviceStatus safetyNetCheckDeviceStatus;
        try {
            JWSObject parse = JWSObject.parse(str);
            Intrinsics.checkNotNullExpressionValue(parse, "JWSObject.parse(jws)");
            Map jSONObject = parse.getPayload().toJSONObject();
            JWSHeader header = parse.getHeader();
            Intrinsics.checkNotNullExpressionValue(header, "jwsObject.header");
            List x509CertChain = header.getX509CertChain();
            byte[] decode = Base64.decode(String.valueOf(jSONObject.get("nonce")), 0);
            byte[] decode2 = Base64.decode(String.valueOf(jSONObject.get("apkCertificateDigestSha256")), 0);
            byte[] a2 = a();
            Object obj = jSONObject.get("timestampMs");
            if (obj == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Long");
            }
            long longValue = ((Long) obj).longValue();
            String valueOf = String.valueOf(jSONObject.get("apkPackageName"));
            Object obj2 = jSONObject.get("ctsProfileMatch");
            if (obj2 == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Boolean");
            }
            boolean booleanValue = ((Boolean) obj2).booleanValue();
            Object obj3 = jSONObject.get("basicIntegrity");
            if (obj3 == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Boolean");
            }
            e eVar = new e(decode, longValue, valueOf, booleanValue, decode2, ((Boolean) obj3).booleanValue(), String.valueOf(jSONObject.get("evaluationType")));
            Iterator it = x509CertChain.iterator();
            boolean z = false;
            while (it.hasNext()) {
                Certificate generateCertificate = CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(Base64.decode(((com.nimbusds.jose.util.Base64) it.next()).toString(), 0)));
                if (generateCertificate == null) {
                    throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
                }
                X509Certificate x509Certificate = (X509Certificate) generateCertificate;
                x509Certificate.checkValidity();
                String x500Principal = x509Certificate.getIssuerX500Principal().toString();
                Intrinsics.checkNotNullExpressionValue(x500Principal, "cert.issuerX500Principal.toString()");
                if (StringsKt.contains$default((CharSequence) x500Principal, (CharSequence) "Google Trust Services", false, 2, (Object) null)) {
                    z = true;
                }
            }
            Date date = new Date(eVar.e());
            Date date2 = new Date();
            Date date3 = new Date();
            date2.setTime(System.currentTimeMillis() - 3000);
            date3.setTime(System.currentTimeMillis() + 3000);
            a("checkLocalJws", "Local Checking of jws attestation");
            if (z) {
                a("checkLocalJws", " -> signed by Google Trust Service");
                a("checkLocalJws", " -> evaluation type using hardware backed : " + eVar.d());
                Intrinsics.checkNotNullExpressionValue(this.a.getApplicationContext(), "ctx.applicationContext");
                if (!Intrinsics.areEqual(r5.getPackageName(), eVar.a())) {
                    safetyNetCheckData = SafetyNetCheckData.SN_APP_NOT_ATTESTED_JWS_WRONG_APP_NAME;
                    safetyNetCheckData.setJws(str);
                    str2 = "wrong app package name in jws";
                } else {
                    a("checkLocalJws", " -> with my app package name");
                    if (!date.after(date3) && !date.before(date2)) {
                        a("checkLocalJws", " -> jws NOT out of date");
                        if (Arrays.equals(bArr, decode)) {
                            a("checkLocalJws", " -> with the expected nonce");
                            if (a2 == null) {
                                safetyNetCheckData = SafetyNetCheckData.SN_APP_NOT_ATTESTED_JWS_WRONG_CERTIFICATE;
                                safetyNetCheckData.setJws(str);
                                str2 = "jws, no app certificate";
                            } else {
                                if (Arrays.equals(a2, decode2)) {
                                    a("checkLocalJws", " -> with expected app certificate");
                                    SafetyNetCheckData safetyNetCheckData2 = SafetyNetCheckData.SN_APP_ATTESTED;
                                    safetyNetCheckData2.setJws(str);
                                    if (eVar.b()) {
                                        a("checkLocalJws", " -> run on a Android with basic integrity");
                                        if (eVar.c()) {
                                            a("checkLocalJws", " -> run on Android compliant to cts profile, device reliable");
                                            safetyNetCheckDeviceStatus = SafetyNetCheckData.SafetyNetCheckDeviceStatus.SN_APP_ATTESTED_DEVICE_RELIABLE;
                                        } else {
                                            a("checkLocalJws", " -> run on Android NOT compliant to cts profile, device tampered, not a maufacturer ROMr");
                                            safetyNetCheckDeviceStatus = SafetyNetCheckData.SafetyNetCheckDeviceStatus.SN_APP_ATTESTED_DEVICE_TAMPERED;
                                        }
                                    } else {
                                        a("checkLocalJws", " -> run on a BROKEN Android with NO basic integrity");
                                        safetyNetCheckDeviceStatus = SafetyNetCheckData.SafetyNetCheckDeviceStatus.SN_APP_ATTESTED_DEVICE_CORRUPTED;
                                    }
                                    safetyNetCheckData2.setDeviceStatus(safetyNetCheckDeviceStatus);
                                    safetyNetCheckListener.onSafetyNetCheckDone(safetyNetCheckData2);
                                    return;
                                }
                                safetyNetCheckData = SafetyNetCheckData.SN_APP_NOT_ATTESTED_JWS_WRONG_CERTIFICATE;
                                safetyNetCheckData.setJws(str);
                                str2 = "jws, not the app certificate expected";
                            }
                        } else {
                            safetyNetCheckData = SafetyNetCheckData.SN_APP_NOT_ATTESTED_JWS_WRONG_NONCE;
                            safetyNetCheckData.setJws(str);
                            str2 = "not the nonce expected";
                        }
                    }
                    safetyNetCheckData = SafetyNetCheckData.SN_APP_NOT_ATTESTED_JWS_OUT_OF_DATE;
                    safetyNetCheckData.setJws(str);
                    str2 = "jws out of date";
                }
            } else {
                safetyNetCheckData = SafetyNetCheckData.SN_APP_NOT_ATTESTED_JWS_WRONG_SIGNATURE;
                safetyNetCheckData.setJws(str);
                str2 = "jws not issued from Google";
            }
            safetyNetCheckData.setError(str2);
            safetyNetCheckListener.onSafetyNetCheckFailed(safetyNetCheckData);
        } catch (Exception e) {
            SafetyNetCheckData safetyNetCheckData3 = SafetyNetCheckData.SN_API_UNEXPECTED_ERROR;
            safetyNetCheckData3.setJws(str);
            safetyNetCheckData3.setError(e.getMessage());
            safetyNetCheckListener.onSafetyNetCheckFailed(safetyNetCheckData3);
        }
    }

    private final byte[] a() {
        SigningInfo info;
        boolean hasMultipleSigners;
        Signature[] apkContentsSigners;
        try {
            info = this.a.getPackageManager().getPackageInfo(this.a.getPackageName(), 134217728).signingInfo;
            hasMultipleSigners = info.hasMultipleSigners();
            if (!hasMultipleSigners) {
                Intrinsics.checkNotNullExpressionValue(info, "info");
                apkContentsSigners = info.getApkContentsSigners();
                Certificate cert = CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(apkContentsSigners[0].toByteArray()));
                MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
                Intrinsics.checkNotNullExpressionValue(cert, "cert");
                return messageDigest.digest(cert.getEncoded());
            }
        } catch (Exception unused) {
        }
        return null;
    }

    private final byte[] a(Context context) {
        byte[] b2 = b(context);
        if (b2 != null) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[48];
            new SecureRandom().nextBytes(bArr);
            try {
                byteArrayOutputStream.write(bArr);
                byteArrayOutputStream.write(b2);
                return byteArrayOutputStream.toByteArray();
            } catch (Exception unused) {
            }
        }
        return null;
    }

    private final byte[] b(Context context) {
        long j = context.getApplicationInfo().uid + Build.TIME + context.getPackageManager().getPackageInfo(context.getPackageName(), 0).firstInstallTime;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            String valueOf = String.valueOf(j);
            Charset forName = Charset.forName(StringUtil.UTF_8);
            Intrinsics.checkNotNullExpressionValue(forName, "Charset.forName(charsetName)");
            if (valueOf == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
            }
            byte[] bytes = valueOf.getBytes(forName);
            Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
            return messageDigest.digest(bytes);
        } catch (Exception unused) {
            return null;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r4v5, types: [com.orange.authentication.lowLevelApi.securitylib.api.SafetyNetCheckData, T] */
    /* JADX WARN: Type inference failed for: r4v9, types: [com.orange.authentication.lowLevelApi.securitylib.api.SafetyNetCheckData, T] */
    /* JADX WARN: Type inference failed for: r5v1, types: [com.orange.authentication.lowLevelApi.securitylib.api.SafetyNetCheckData, T] */
    /* JADX WARN: Type inference failed for: r5v9, types: [byte[], T] */
    @Override // com.orange.authentication.lowLevelApi.securitylib.api.SecurityCheckApi
    public void attestSafetyNet(String googleSafetyNetKey, byte[] bArr, SafetyNetCheckListener listener) {
        Object obj;
        Intrinsics.checkNotNullParameter(googleSafetyNetKey, "googleSafetyNetKey");
        Intrinsics.checkNotNullParameter(listener, "listener");
        Ref.ObjectRef objectRef = new Ref.ObjectRef();
        try {
            Ref.ObjectRef objectRef2 = new Ref.ObjectRef();
            objectRef2.element = bArr;
            if (GoogleApiAvailability.getInstance().isGooglePlayServicesAvailable(this.a) == 0) {
                T t = objectRef2.element;
                if (((byte[]) t) == null || ((byte[]) t).length == 0) {
                    objectRef2.element = a(this.a);
                }
                if (((byte[]) objectRef2.element) != null) {
                    Task attest = SafetyNet.getClient(this.a).attest((byte[]) objectRef2.element, googleSafetyNetKey);
                    Intrinsics.checkNotNullExpressionValue(attest, "client.attest(nonce, googleSafetyNetKey)");
                    attest.addOnSuccessListener(new a(objectRef2, listener));
                    Intrinsics.checkNotNullExpressionValue(attest.addOnFailureListener(new b(objectRef, listener)), "api.addOnFailureListener…                       })");
                    return;
                }
                ?? r4 = SafetyNetCheckData.SN_API_UNABLE_TO_CONFIGURE;
                objectRef.element = r4;
                r4.setError("no SafetyNet nonce");
                obj = objectRef.element;
            } else {
                ?? r42 = SafetyNetCheckData.SN_API_UNAVAILABLE;
                objectRef.element = r42;
                r42.setError("no Google play services available");
                obj = objectRef.element;
            }
            listener.onSafetyNetCheckFailed((SafetyNetCheckData) obj);
        } catch (Exception e) {
            ?? r5 = SafetyNetCheckData.SN_API_UNAVAILABLE;
            objectRef.element = r5;
            r5.setError(e.getMessage());
            listener.onSafetyNetCheckFailed((SafetyNetCheckData) objectRef.element);
        }
    }

    @Override // com.orange.authentication.lowLevelApi.securitylib.api.SecurityCheckApi
    public RootCheckData checkRoot() {
        try {
            return new RootBeer(this.a).isRooted() ? RootCheckData.RB_ROOT_DETECTED : RootCheckData.RB_NO_ROOT_DETECTED;
        } catch (Exception e) {
            RootCheckData rootCheckData = RootCheckData.RB_UNABLE_TO_CHECK_ROOT;
            rootCheckData.setError(e.getMessage());
            return rootCheckData;
        }
    }
}
