package at.asitplus.bindingclient;

import android.net.Uri;
import android.util.Base64;
import at.asitplus.bindingclient.data.BindingDeviceInfo;
import at.asitplus.bindingclient.data.BindingParams;
import at.asitplus.bindingclient.data.BindingPostRequest;
import at.asitplus.bindingclient.data.BindingPostResponse;
import at.asitplus.bindingclient.data.QrCodeContent;
import at.asitplus.common.AppIdService;
import at.asitplus.common.BindingAuthMethod;
import at.asitplus.common.BindingEnvironment;
import at.asitplus.common.BindingInformation;
import at.asitplus.common.ContextAdapter;
import at.asitplus.common.Error;
import at.asitplus.common.exception.detail.BindingExistsException;
import at.asitplus.common.exception.detail.QrCodeException;
import at.asitplus.common.exception.general.BindingClientException;
import at.asitplus.common.exception.internal.CryptoException;
import at.asitplus.utils.HttpClientBuilder;
import at.asitplus.utils.JwtSignatureVerifier;
import at.asitplus.utils.KeyStoreService;
import at.asitplus.utils.SimpleCookieJar;
import at.asitplus.utils.constants.EidConstants;
import com.google.common.net.HttpHeaders;
import com.nimbusds.jose.JOSEObject;
import com.nimbusds.jose.JWSObject;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import okhttp3.Headers;
import okhttp3.HttpUrl;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okhttp3.ResponseBody;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class BindingClient {
    public static final Logger h = LoggerFactory.getLogger((Class<?>) BindingClient.class);
    public final Delegate a;
    public final KeyStoreService b;
    public final AppIdService c;
    public final RevocationService d;
    public final HttpClientBuilder e;
    public final JwtSignatureVerifier f;
    public final ContextAdapter g;

    /* loaded from: classes.dex */
    public interface NoBinding {
        void noBinding();
    }

    /* loaded from: classes.dex */
    public interface Success {
        void success(BindingInformation bindingInformation);
    }

    public BindingClient(Delegate delegate, KeyStoreService keyStoreService, AppIdService appIdService, RevocationService revocationService, HttpClientBuilder httpClientBuilder, JwtSignatureVerifier jwtSignatureVerifier, ContextAdapter contextAdapter) {
        this.a = delegate;
        this.b = keyStoreService;
        this.c = appIdService;
        this.d = revocationService;
        this.e = httpClientBuilder;
        this.f = jwtSignatureVerifier;
        this.g = contextAdapter;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ Response a(Interceptor.Chain chain) throws IOException {
        return chain.proceed(chain.request().newBuilder().addHeader(HttpHeaders.X_REQUESTED_WITH, "Android Binding Library 2.0.18").build());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void a(Error error, Throwable th) {
        h.error("step3GenerateCsr: error", th);
        error.error(BindingClientException.build(th, this.g));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void a(JOSEObject jOSEObject, OkHttpClient okHttpClient, String str, Success success, String str2, Error error, BindingAuthMethod bindingAuthMethod, PKCS10CertificationRequest pKCS10CertificationRequest) {
        try {
            a(pKCS10CertificationRequest, jOSEObject, okHttpClient, str, success);
        } catch (a e) {
            h.info("CryptoCallback: Need Auth", (Throwable) e);
            this.a.callAgainAfterAuth(str2, e.a, error, new b(this, okHttpClient, str2, bindingAuthMethod, success, error), bindingAuthMethod);
        } catch (c e2) {
            try {
                a(okHttpClient, e2.a, success);
            } catch (Exception unused) {
                h.error("CryptoCallback: error", (Throwable) e2);
                error.error(BindingClientException.build(e2, this.g));
            }
        } catch (Throwable th) {
            h.error("CryptoCallback: error", th);
            error.error(BindingClientException.build(th, this.g));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ Response b(Interceptor.Chain chain) throws IOException {
        return chain.proceed(chain.request().newBuilder().addHeader(HttpHeaders.X_REQUESTED_WITH, "Android Binding Library 2.0.18").build());
    }

    public final BindingPostResponse a(OkHttpClient okHttpClient, String str, String str2) throws Exception {
        return BindingPostResponse.parse(a(okHttpClient, new Request.Builder().url(str).addHeader("Accept", "application/json").post(RequestBody.create(str2, MediaType.parse("application/json; charset=utf-8"))).build()).string());
    }

    public final QrCodeContent a(String str) throws IOException, QrCodeException {
        ResponseBody body = this.e.getBuilder().addInterceptor(new Interceptor() { // from class: at.asitplus.bindingclient.-$$Lambda$BindingClient$EHb3UH00h1LUX0l4zBY0Spr1MfI
            @Override // okhttp3.Interceptor
            public final Response intercept(Interceptor.Chain chain) {
                Response a;
                a = BindingClient.this.a(chain);
                return a;
            }
        }).build().newCall(new Request.Builder().url(str).get().build()).execute().body();
        if (body == null) {
            throw new IOException("Body is null");
        }
        try {
            JWSObject parse = JWSObject.parse(body.string());
            this.f.verify("qrBinding", parse);
            return QrCodeContent.parse(new JSONObject(parse.getPayload().toJSONObject()));
        } catch (Exception e) {
            h.warn("extractValuesFromQrCode failed", (Throwable) e);
            throw new QrCodeException(e);
        }
    }

    public final BindingInformation a(X509CertificateHolder x509CertificateHolder) {
        BindingEnvironment b = b(x509CertificateHolder);
        String x500Name = x509CertificateHolder.getSubject().toString();
        return new BindingInformation(x509CertificateHolder.getNotAfter(), x509CertificateHolder.getNotBefore(), this.d.getBindingServiceUrl(), x500Name, b);
    }

    public final Iterable<String> a(X500Name x500Name, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        RDN[] rDNs = x500Name.getRDNs(aSN1ObjectIdentifier);
        ArrayList arrayList = new ArrayList(rDNs.length);
        for (RDN rdn : rDNs) {
            for (AttributeTypeAndValue attributeTypeAndValue : rdn.getTypesAndValues()) {
                if (aSN1ObjectIdentifier.equals((ASN1Primitive) attributeTypeAndValue.getType())) {
                    arrayList.add(IETFUtils.valueToString(attributeTypeAndValue.getValue()).replace("\\", ""));
                }
            }
        }
        return arrayList;
    }

    public final ResponseBody a(OkHttpClient okHttpClient, Request request) throws Exception {
        Logger logger = h;
        logger.debug("getResponseBody: " + request);
        Response execute = okHttpClient.newCall(request).execute();
        String header = execute.header("Location");
        if (execute.isRedirect() && header != null) {
            boolean z = false;
            if (header.contains("/SAML2/Redirect/") || header.contains("SAMLRequest=") || header.contains("auth/eds")) {
                throw new d(header);
            }
            Headers headers = execute.headers();
            if ((header.contains("authHandler") || header.contains("?token=")) && Objects.equals(headers.get(EidConstants.HEADER_AUTH_HANDLER_OP), EidConstants.HEADER_AUTH_HANDLER_OP_VALUE_START)) {
                z = true;
            }
            if (z) {
                throw new a(header);
            }
            if (request.url().equals(HttpUrl.parse(header))) {
                throw new c(header);
            }
            if (b(request.url().getUrl()).equals(b(header))) {
                throw new c(header);
            }
        }
        if (!execute.isSuccessful()) {
            logger.error("HTTP status {} on URL {}", Integer.valueOf(execute.code()), request.url());
            StringBuilder a = at.asitplus.authclient.a.a("HTTP status ");
            a.append(execute.code());
            throw new IOException(a.toString());
        }
        ResponseBody body = execute.body();
        if (body != null && body.getContentLength() != 0) {
            return body;
        }
        logger.error("No valid response from URL {}", request.url());
        throw new IOException("No valid response");
    }

    public final void a(BindingPostResponse bindingPostResponse, Success success) throws Exception {
        this.d.store(bindingPostResponse.getRevocationToken());
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(bindingPostResponse.getCertificate());
        this.b.storeBinding(x509CertificateHolder);
        String encodeToString = Base64.encodeToString(x509CertificateHolder.getEncoded(), 2);
        h.debug("storeBinding: Stored " + encodeToString);
        success.success(a(x509CertificateHolder));
    }

    public final void a(String str, BindingAuthMethod bindingAuthMethod, Success success, Error error) {
        at.asitplus.authclient.c.a("getBinding: Starting: ", str, h);
        OkHttpClient build = this.e.getBuilder().addInterceptor(new Interceptor() { // from class: at.asitplus.bindingclient.-$$Lambda$BindingClient$BNSFq0fEtfGBfIZpmQIXcyHNHYo
            @Override // okhttp3.Interceptor
            public final Response intercept(Interceptor.Chain chain) {
                Response b;
                b = BindingClient.this.b(chain);
                return b;
            }
        }).followRedirects(false).cookieJar(new SimpleCookieJar()).build();
        try {
            if (getBindingSubject() != null) {
                throw new BindingExistsException();
            }
            a(str, build, bindingAuthMethod, success, error);
        } catch (Throwable th) {
            if (th instanceof d) {
                h.info("getBinding: Need Saml auth", (Throwable) th);
                this.a.callAgainAfterSamlAuth(th.a, error, new b(this, build, str, bindingAuthMethod, success, error));
            } else {
                h.error("getBinding: error", (Throwable) th);
                error.error(BindingClientException.build(th, this.g));
            }
        }
    }

    public final void a(String str, OkHttpClient okHttpClient, BindingAuthMethod bindingAuthMethod, Success success, Error error) throws Exception {
        KeyPair generateKeyPair;
        String builder = Uri.parse(str).buildUpon().appendPath("params").appendQueryParameter(BindingConstants.PARAM_OS, "android").appendQueryParameter("packageName", this.g.getPackageName()).toString();
        JWSObject parse = JWSObject.parse(a(okHttpClient, new Request.Builder().url(builder).addHeader("Accept", "application/json").get().build()).string());
        Logger logger = h;
        logger.debug("step1GetParams: from " + builder + " get " + parse.getParsedString());
        BindingParams parse2 = BindingParams.parse(new JSONObject(parse.getPayload().toJSONObject()));
        StringBuilder sb = new StringBuilder();
        sb.append("step2GenerateKeyPair: ");
        sb.append(parse2);
        logger.debug(sb.toString());
        Number rsaLength = parse2.getRsaLength();
        String curveName = parse2.getCurveName();
        byte[] attestationChallenge = parse2.getAttestationChallenge();
        if (attestationChallenge == null || attestationChallenge.length == 0) {
            attestationChallenge = parse2.getSubject().getBytes(StandardCharsets.UTF_8);
        }
        byte[] bArr = attestationChallenge;
        if (rsaLength != null && rsaLength.intValue() > 0) {
            int intValue = rsaLength.intValue();
            if (intValue != 2048) {
                logger.error("generateRsaKeyPair: unsupported RSA length " + rsaLength);
                throw new CryptoException("Unsupported RSA length");
            }
            generateKeyPair = this.b.generateKeyPair(intValue, "RSA", true, -1, bArr);
        } else {
            if (!Objects.equals(curveName, "secp256r1")) {
                logger.error("generateEcKeyPair: unsupported EC curve " + curveName);
                throw new CryptoException("Unsupported EC curve");
            }
            generateKeyPair = this.b.generateKeyPair(256, "EC", true, -1, bArr);
        }
        a(str, okHttpClient, parse, generateKeyPair, bindingAuthMethod, success, error);
    }

    public final void a(final String str, final OkHttpClient okHttpClient, final JOSEObject jOSEObject, KeyPair keyPair, final BindingAuthMethod bindingAuthMethod, final Success success, final Error error) {
        BindingParams parse = BindingParams.parse(new JSONObject(jOSEObject.getPayload().toJSONObject()));
        String postUrl = parse.getPostUrl();
        String subject = parse.getSubject();
        final String uri = Uri.parse(str).buildUpon().appendEncodedPath(postUrl).build().toString();
        this.b.generateCsr(keyPair, subject, -1, new KeyStoreService.GenerateCsrCallback() { // from class: at.asitplus.bindingclient.-$$Lambda$BindingClient$jkl2Rbh_3YA0j6tYrSGZkV-bQp0
            @Override // at.asitplus.utils.KeyStoreService.GenerateCsrCallback
            public final void success(PKCS10CertificationRequest pKCS10CertificationRequest) {
                BindingClient.this.a(jOSEObject, okHttpClient, uri, success, str, error, bindingAuthMethod, pKCS10CertificationRequest);
            }
        }, new KeyStoreService.CallbackError() { // from class: at.asitplus.bindingclient.-$$Lambda$BindingClient$wm1lCUFDSsbyzrxwauKgqp1K1HY
            @Override // at.asitplus.utils.KeyStoreService.CallbackError
            public final void error(Throwable th) {
                BindingClient.this.a(error, th);
            }
        });
    }

    public final void a(OkHttpClient okHttpClient, String str) {
        at.asitplus.authclient.c.a("step5CallLogout: ", str, h);
        if (str == null) {
            return;
        }
        try {
            okHttpClient.newCall(new Request.Builder().url(str).addHeader("Accept", "application/json").get().build()).execute();
        } catch (IOException unused) {
        }
    }

    public final void a(OkHttpClient okHttpClient, String str, Success success) throws Exception {
        at.asitplus.authclient.c.a("resumeBindingWithAuthHandlerResponse: ", str, h);
        String currentAppId = this.c.getCurrentAppId();
        BindingPostResponse a = a(okHttpClient, Uri.parse(str).buildUpon().appendPath(currentAppId).appendPath(this.c.getPreviousAppId()).toString(), "");
        a(okHttpClient, a.getLogoutUrl());
        a(a, success);
    }

    public final void a(PKCS10CertificationRequest pKCS10CertificationRequest, JOSEObject jOSEObject, OkHttpClient okHttpClient, String str, Success success) throws Exception {
        at.asitplus.authclient.c.a("step4PostCsr: ", str, h);
        List<X509CertificateHolder> loadAttestationChain = this.b.loadAttestationChain();
        BindingPostResponse a = a(okHttpClient, str, new BindingPostRequest(jOSEObject.serialize(), new BindingDeviceInfo("android", this.g.getPackageName(), this.g.getOsVersion(), this.g.getPatchLevel(), this.g.getDeviceFriendlyName()), pKCS10CertificationRequest, loadAttestationChain, this.c.getPreviousAppId(), this.c.getCurrentAppId()).toJsonObject().toString());
        a(okHttpClient, a.getLogoutUrl());
        a(a, success);
    }

    public final BindingEnvironment b(X509CertificateHolder x509CertificateHolder) {
        for (X500Name x500Name : Arrays.asList(x509CertificateHolder.getSubject(), x509CertificateHolder.getIssuer())) {
            Iterator it = ((ArrayList) a(x500Name, BCStyle.OU)).iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                if (str.startsWith("T-") || str.equals("T")) {
                    return BindingEnvironment.T;
                }
                if (str.startsWith("Q-") || str.equals("Q")) {
                    return BindingEnvironment.Q;
                }
            }
            Iterator it2 = ((ArrayList) a(x500Name, BCStyle.CN)).iterator();
            while (it2.hasNext()) {
                String str2 = (String) it2.next();
                if (str2.startsWith("T-")) {
                    return BindingEnvironment.T;
                }
                if (str2.startsWith("Q-")) {
                    return BindingEnvironment.Q;
                }
            }
        }
        return BindingEnvironment.P;
    }

    public final String b(String str) {
        String[] split = str.split("/");
        StringBuilder sb = new StringBuilder(split[0]);
        for (String str2 : split) {
            if (!str.startsWith(str2)) {
                if (str.endsWith(str2)) {
                    return sb.toString();
                }
                sb.append("/");
                sb.append(str2);
            }
        }
        return sb.toString();
    }

    public boolean bindingKeyNeedsMigration201904() {
        try {
            return !this.b.isKeySuitableForJwtAuth();
        } catch (CryptoException e) {
            h.warn("useJwtAuthWithBindingKey: error", (Throwable) e);
            return false;
        }
    }

    public void destroyBinding(boolean z, Success success, NoBinding noBinding) {
        try {
            Logger logger = h;
            logger.debug("destroyBinding: Starting");
            X509CertificateHolder loadCertificate = this.b.loadCertificate();
            if (loadCertificate == null) {
                noBinding.noBinding();
                return;
            }
            BindingInformation a = a(loadCertificate);
            this.b.destroyBinding();
            this.d.revokeBinding(z);
            logger.debug("destroyBinding: Success");
            success.success(a);
        } catch (Throwable th) {
            h.warn("destroyBinding: error", th);
            noBinding.noBinding();
        }
    }

    public void getBinding(String str, Success success, Error error) {
        a(str, BindingAuthMethod.VDA, success, error);
    }

    public BindingEnvironment getBindingEnvironment() {
        try {
            X509CertificateHolder loadCertificate = this.b.loadCertificate();
            if (loadCertificate == null) {
                h.debug("getBindingEnvironment: " + ((Object) null));
                return null;
            }
            BindingEnvironment b = b(loadCertificate);
            h.debug("getBindingEnvironment: " + b);
            return b;
        } catch (Throwable unused) {
            h.debug("getBindingEnvironment: " + ((Object) null));
            return null;
        }
    }

    public BindingInformation getBindingInformation() {
        try {
            X509CertificateHolder loadCertificate = this.b.loadCertificate();
            if (loadCertificate == null) {
                h.debug("getBindingInformation: " + ((Object) null));
                return null;
            }
            BindingInformation a = a(loadCertificate);
            h.debug("getBindingInformation: " + a);
            return a;
        } catch (Throwable unused) {
            h.debug("getBindingInformation: " + ((Object) null));
            return null;
        }
    }

    public String getBindingSubject() {
        try {
            X509CertificateHolder loadCertificate = this.b.loadCertificate();
            if (loadCertificate == null) {
                h.debug("getBindingSubject: " + ((Object) null));
                return null;
            }
            String x500Name = loadCertificate.getSubject().toString();
            h.debug("getBindingSubject: " + x500Name);
            return x500Name;
        } catch (Throwable unused) {
            h.debug("getBindingSubject: " + ((Object) null));
            return null;
        }
    }

    public void getBindingWithEidasQrCode(String str, Success success, Error error) {
        a(str, BindingAuthMethod.EIDAS, success, error);
    }

    public void getBindingWithQrCode(String str, Success success, Error error) {
        at.asitplus.authclient.c.a("getBindingWithQrCode: Starting: ", str, h);
        try {
            QrCodeContent a = a(str);
            String bindingService = a.getBindingService();
            this.a.setJwtValue(a.getEncryptedJwt());
            a(bindingService, BindingAuthMethod.QR_CODE, success, error);
        } catch (Throwable th) {
            h.error("getBindingWithQrCode: error extracting values from QR code", th);
            error.error(BindingClientException.build(th, this.g));
        }
    }

    public boolean isBindingValidCurrently() {
        boolean z = false;
        try {
            X509CertificateHolder loadCertificate = this.b.loadCertificate();
            if (loadCertificate == null) {
                return false;
            }
            z = loadCertificate.isValidOn(new Date());
            Logger logger = h;
            logger.debug("isBindingValidCurrently: " + z);
            logger.debug("isBindingValidCurrently: Not before: " + loadCertificate.getNotBefore() + ", not after " + loadCertificate.getNotAfter());
            return z;
        } catch (Throwable unused) {
            h.debug("isBindingValidCurrently: " + ((Object) null));
            return z;
        }
    }

    public void revokeBinding(boolean z, Success success, NoBinding noBinding) {
        try {
            Logger logger = h;
            logger.debug("revokeBinding: Starting");
            X509CertificateHolder loadCertificate = this.b.loadCertificate();
            if (loadCertificate == null) {
                noBinding.noBinding();
                return;
            }
            BindingInformation a = a(loadCertificate);
            this.d.revokeBinding(z);
            logger.debug("revokeBinding: Success");
            success.success(a);
        } catch (Throwable th) {
            h.warn("revokeBinding: error", th);
            noBinding.noBinding();
        }
    }

    public boolean useJwtAuthWithBindingKey() {
        try {
            return this.b.isKeySuitableForJwtAuth();
        } catch (CryptoException e) {
            h.warn("useJwtAuthWithBindingKey: error", (Throwable) e);
            return false;
        }
    }
}
