package com.worklight.common.security;

import android.app.Activity;
import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Build;
import android.provider.Settings;
import android.webkit.WebView;
import com.google.android.c2dm.C2DMessaging;
import com.worklight.androidgap.WLDroidGap;
import com.worklight.common.WLConfig;
import com.worklight.common.WLUtils;
import com.worklight.utils.Base64;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPublicKey;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:lib/worklight-builder.jar:environments.zip:android/native/libs/worklight-android.jar:com/worklight/common/security/WLDeviceAuthManager.class */
public class WLDeviceAuthManager {
    private static WLDeviceAuthManager instance;
    private WLProvisioningDelegate provisioningDelegate = null;
    private boolean isProvisioningEnabled = false;
    private boolean isProvisioningAllowed = false;
    private String provisioningEntity;
    private String realm;
    private static char[] keyStorePassword = null;
    private static final String ALG = "alg";
    private static final String JPK = "jpk";
    private static final String X5C = "x5c";
    private static final String MOD = "mod";
    private static final String EXP = "exp";
    private static final String RSA = "RSA";
    private static final String APPLICATION = "application";
    private Context context;
    private WebView webView;
    private static final String KEYSTORE_FILENAME = ".keystore";

    public static synchronized WLDeviceAuthManager getInstance() {
        if (instance == null) {
            instance = new WLDeviceAuthManager();
        }
        return instance;
    }

    private WLDeviceAuthManager() {
    }

    public KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA);
        keyPairGenerator.initialize(512);
        return keyPairGenerator.genKeyPair();
    }

    public void init(String str, boolean z, boolean z2, String str2, Activity activity, WebView webView) {
        this.provisioningEntity = str;
        this.realm = str2;
        this.isProvisioningAllowed = z2;
        this.isProvisioningEnabled = z;
        this.webView = webView;
        this.context = activity;
    }

    public boolean isCertificateExists() {
        if (this.context == null) {
            return false;
        }
        try {
            return getPrivateKeyEntry() != null;
        } catch (Exception e) {
            WLUtils.error("Error checking if certificate exists", e);
            return false;
        }
    }

    private String getAlias() {
        if (!this.provisioningEntity.equals(APPLICATION)) {
            return this.provisioningEntity;
        }
        StringBuilder append = new StringBuilder().append("app:");
        return append.append(WLDroidGap.getWLConfig().getAppId()).toString();
    }

    public String getRealmName() {
        return this.realm;
    }

    public void setProvisioningDelegate(WLProvisioningDelegate wLProvisioningDelegate) {
        this.provisioningDelegate = wLProvisioningDelegate;
    }

    public boolean createCSR(String str, Context context) throws JSONException {
        if (this.provisioningDelegate == null) {
            return false;
        }
        this.provisioningDelegate.sendCSR(addBasicDeviceProvisioningProperties(str), context);
        return true;
    }

    public byte[] signCSR(String str, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        signature.update(str.getBytes());
        return signature.sign();
    }

    public String createCsrHeader(KeyPair keyPair, String str) throws Exception {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(ALG, "RS256");
        JSONObject jSONObject2 = new JSONObject();
        RSAPublicKey rSAPublicKey = (RSAPublicKey) keyPair.getPublic();
        jSONObject2.put(ALG, RSA);
        jSONObject2.put(MOD, Base64.encodeUrlSafe(rSAPublicKey.getModulus().toByteArray(), "UTF-8"));
        jSONObject2.put(EXP, Base64.encodeUrlSafe(rSAPublicKey.getPublicExponent().toByteArray(), "UTF-8"));
        jSONObject.put(JPK, jSONObject2);
        String str2 = Base64.encodeUrlSafe(jSONObject.toString().getBytes(), "UTF-8") + "." + Base64.encodeUrlSafe(str.getBytes(), "UTF-8");
        return str2 + "." + Base64.encodeUrlSafe(signCSR(str2, keyPair.getPrivate()), "UTF-8");
    }

    private String addBasicDeviceProvisioningProperties(String str) throws JSONException {
        JSONObject jSONObject = new JSONObject(str);
        jSONObject.put("deviceId", Settings.Secure.getString(this.context.getContentResolver(), "android_id"));
        if (this.provisioningEntity.equals(APPLICATION)) {
            jSONObject.put("applicationId", WLDroidGap.getWLConfig().getAppId());
        } else if (this.provisioningEntity.startsWith("group:")) {
            jSONObject.put("groupId", this.provisioningEntity.substring(this.provisioningEntity.indexOf(":") + 1));
        }
        return jSONObject.toString();
    }

    public String createDeviceAuthHeader(String str) throws Exception {
        String str2;
        if (this.isProvisioningEnabled && isCertificateExists()) {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(ALG, "RS256");
            KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry();
            jSONObject.put(X5C, Base64.encodeUrlSafe(privateKeyEntry.getCertificate().getEncoded(), "UTF-8"));
            String str3 = Base64.encodeUrlSafe(jSONObject.toString().getBytes(), "UTF-8") + "." + Base64.encodeUrlSafe(str.getBytes(), "UTF-8");
            str2 = str3 + "." + Base64.encodeUrlSafe(signData(str3, privateKeyEntry.getPrivateKey()), "UTF-8");
        } else {
            str2 = str;
        }
        return str2;
    }

    public String addDeviceIdAndAppId(WLConfig wLConfig, String str) throws JSONException {
        JSONObject jSONObject = new JSONObject(str);
        JSONObject jSONObject2 = new JSONObject();
        JSONObject jSONObject3 = new JSONObject();
        jSONObject2.put("id", wLConfig.getAppId());
        jSONObject2.put("version", wLConfig.getApplicationVersion());
        jSONObject3.put("id", Settings.Secure.getString(this.context.getContentResolver(), "android_id"));
        jSONObject3.put("os", Build.VERSION.RELEASE);
        jSONObject3.put("model", Build.MODEL);
        jSONObject3.put("environment", "Android");
        jSONObject.put(C2DMessaging.EXTRA_APPLICATION_PENDING_INTENT, jSONObject2);
        jSONObject.put("device", jSONObject3);
        return jSONObject.toString();
    }

    public void saveCertificate(KeyPair keyPair, Certificate certificate) throws Exception {
        if (isCertificateExists()) {
            throw new Exception("Error - Got a new Certificate, but an older one already exists, exiting process");
        }
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        File file = new File(this.context.getFilesDir().getAbsolutePath() + "/" + KEYSTORE_FILENAME);
        FileInputStream fileInputStream = null;
        FileOutputStream fileOutputStream = null;
        try {
            try {
                if (file.exists()) {
                    fileInputStream = new FileInputStream(file);
                    keyStore.load(fileInputStream, keyStorePassword);
                    fileInputStream.close();
                } else {
                    keyStore.load(null, keyStorePassword);
                }
                keyStore.setKeyEntry(getAlias(), keyPair.getPrivate(), keyStorePassword, new Certificate[]{certificate});
                fileOutputStream = new FileOutputStream(file);
                keyStore.store(fileOutputStream, keyStorePassword);
                ((WLDroidGap) this.context).runOnUiThread(new Runnable() { // from class: com.worklight.common.security.WLDeviceAuthManager.1
                    @Override // java.lang.Runnable
                    public void run() {
                        WLDeviceAuthManager.this.webView.loadUrl("javascript:WL.DeviceAuth.__sendDeviceAuthentication()");
                    }
                });
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
            } catch (Exception e) {
                WLUtils.error("Error saving certificate", e);
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
            }
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    private byte[] signData(String str, PrivateKey privateKey) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        signature.update(str.getBytes());
        return signature.sign();
    }

    protected KeyStore.PrivateKeyEntry getPrivateKeyEntry() throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, PackageManager.NameNotFoundException, UnrecoverableEntryException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        File file = new File(this.context.getFilesDir().getAbsolutePath() + "/" + KEYSTORE_FILENAME);
        String alias = getAlias();
        FileInputStream fileInputStream = null;
        if (file.exists()) {
            try {
                try {
                    fileInputStream = new FileInputStream(file);
                    keyStore.load(fileInputStream, keyStorePassword);
                    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, new KeyStore.PasswordProtection(keyStorePassword));
                    if (privateKeyEntry != null) {
                        if (fileInputStream != null) {
                            fileInputStream.close();
                        }
                        return privateKeyEntry;
                    }
                    if (APPLICATION.equalsIgnoreCase(this.provisioningEntity)) {
                        if (fileInputStream != null) {
                            fileInputStream.close();
                        }
                        return null;
                    }
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                } catch (IOException e) {
                    WLUtils.error("failed getting any certificate from app local keystore", e);
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        } else {
            if (APPLICATION.equalsIgnoreCase(this.provisioningEntity)) {
                return null;
            }
            keyStore.load(null, keyStorePassword);
        }
        String[] packagesForUid = this.context.getPackageManager().getPackagesForUid(this.context.getApplicationInfo().uid);
        KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
        for (String str : packagesForUid) {
            File file2 = new File(this.context.createPackageContext(str, 0).getFilesDir().getAbsolutePath() + "/" + KEYSTORE_FILENAME);
            FileInputStream fileInputStream2 = null;
            FileOutputStream fileOutputStream = null;
            if (file2.exists()) {
                try {
                    try {
                        fileInputStream2 = new FileInputStream(file2);
                        keyStore2.load(fileInputStream2, keyStorePassword);
                        KeyStore.PrivateKeyEntry privateKeyEntry2 = (KeyStore.PrivateKeyEntry) keyStore2.getEntry(alias, new KeyStore.PasswordProtection(keyStorePassword));
                        if (privateKeyEntry2 != null) {
                            fileOutputStream = new FileOutputStream(file);
                            keyStore.setKeyEntry(alias, privateKeyEntry2.getPrivateKey(), keyStorePassword, privateKeyEntry2.getCertificateChain());
                            keyStore.store(fileOutputStream, keyStorePassword);
                            fileOutputStream.close();
                            fileInputStream2.close();
                            if (fileInputStream2 != null) {
                                fileInputStream2.close();
                            }
                            if (fileOutputStream != null) {
                                fileOutputStream.close();
                            }
                            return privateKeyEntry2;
                        }
                        fileInputStream2.close();
                        if (fileInputStream2 != null) {
                            fileInputStream2.close();
                        }
                        if (0 != 0) {
                            fileOutputStream.close();
                        }
                    } catch (IOException e2) {
                        WLUtils.error("failed copying certificate to application keystore", e2);
                        if (fileInputStream2 != null) {
                            fileInputStream2.close();
                        }
                        if (fileOutputStream != null) {
                            fileOutputStream.close();
                        }
                    }
                } catch (Throwable th2) {
                    if (fileInputStream2 != null) {
                        fileInputStream2.close();
                    }
                    if (fileOutputStream != null) {
                        fileOutputStream.close();
                    }
                    throw th2;
                }
            }
        }
        return null;
    }

    public void csrCertificateRecieveFailed(String str) {
        WLUtils.error(str);
        ((WLDroidGap) this.context).runOnUiThread(new Runnable() { // from class: com.worklight.common.security.WLDeviceAuthManager.2
            @Override // java.lang.Runnable
            public void run() {
                WLDeviceAuthManager.this.webView.loadUrl("javascript:WL.DiagnosticDialog.showDialog(WL.ClientMessages.wlclientInitFailure, WL.ClientMessages.deviceAuthenticationFail, false, false);");
            }
        });
    }
}
