package com.worklight.common.security;

import android.app.Activity;
import android.content.Context;
import android.os.Build;
import android.provider.Settings;
import android.webkit.WebView;
import com.google.android.gcm.GCMConstants;
import com.worklight.androidgap.WLDroidGap;
import com.worklight.common.WLConfig;
import com.worklight.common.WLUtils;
import com.worklight.utils.Base64;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPublicKey;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class WLDeviceAuthManager {
    private static final String ALG = "alg";
    private static final String APPLICATION = "application";
    private static final String EXP = "exp";
    private static final String JPK = "jpk";
    private static final String KEYSTORE_FILENAME = ".keystore";
    private static final String MOD = "mod";
    private static final String RSA = "RSA";
    private static final String X5C = "x5c";
    private static WLDeviceAuthManager instance;
    private static char[] keyStorePassword = null;
    private Context context;
    private WLProvisioningDelegate provisioningDelegate = null;
    private WebView webView;

    private WLDeviceAuthManager() {
    }

    private String addBasicDeviceProvisioningProperties(String str, String str2, String str3) throws JSONException {
        JSONObject jSONObject = new JSONObject(str);
        jSONObject.put("realm", str3);
        jSONObject.put("deviceId", Settings.Secure.getString(this.context.getContentResolver(), "android_id"));
        if (str2.equals(APPLICATION)) {
            jSONObject.put("applicationId", WLDroidGap.getWLConfig().getAppId());
        } else if (str2.startsWith("group:")) {
            jSONObject.put("groupId", str2.substring(str2.indexOf(":") + 1));
        }
        return jSONObject.toString();
    }

    private String getAlias(String str) {
        if (!str.equals(APPLICATION)) {
            return str;
        }
        StringBuilder append = new StringBuilder().append("app:");
        return append.append(WLDroidGap.getWLConfig().getAppId()).toString();
    }

    public static synchronized WLDeviceAuthManager getInstance() {
        WLDeviceAuthManager wLDeviceAuthManager;
        synchronized (WLDeviceAuthManager.class) {
            if (instance == null) {
                instance = new WLDeviceAuthManager();
            }
            wLDeviceAuthManager = instance;
        }
        return wLDeviceAuthManager;
    }

    private byte[] signData(String str, PrivateKey privateKey) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        signature.update(str.getBytes());
        return signature.sign();
    }

    public String addDeviceIdAndAppId(WLConfig wLConfig, String str) throws JSONException {
        JSONObject jSONObject = new JSONObject(str);
        JSONObject jSONObject2 = new JSONObject();
        JSONObject jSONObject3 = new JSONObject();
        jSONObject2.put("id", wLConfig.getAppId());
        jSONObject2.put("version", wLConfig.getApplicationVersion());
        jSONObject3.put("id", Settings.Secure.getString(((WLDroidGap) this.context).getContentResolver(), "android_id"));
        jSONObject3.put("os", Build.VERSION.RELEASE);
        jSONObject3.put("model", Build.MODEL);
        jSONObject3.put("environment", "Android");
        jSONObject.put(GCMConstants.EXTRA_APPLICATION_PENDING_INTENT, jSONObject2);
        jSONObject.put("device", jSONObject3);
        return jSONObject.toString();
    }

    public boolean createCSR(String str, String str2, String str3) throws JSONException {
        if (this.provisioningDelegate == null) {
            return false;
        }
        this.provisioningDelegate.sendCSR(addBasicDeviceProvisioningProperties(str, str2, str3), this.context);
        return true;
    }

    public String createCsrHeader(KeyPair keyPair, String str) throws Exception {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(ALG, "RS256");
        JSONObject jSONObject2 = new JSONObject();
        RSAPublicKey rSAPublicKey = (RSAPublicKey) keyPair.getPublic();
        jSONObject2.put(ALG, RSA);
        jSONObject2.put(MOD, Base64.encodeUrlSafe(rSAPublicKey.getModulus().toByteArray(), "UTF-8"));
        jSONObject2.put(EXP, Base64.encodeUrlSafe(rSAPublicKey.getPublicExponent().toByteArray(), "UTF-8"));
        jSONObject.put(JPK, jSONObject2);
        String str2 = Base64.encodeUrlSafe(jSONObject.toString().getBytes(), "UTF-8") + "." + Base64.encodeUrlSafe(str.getBytes(), "UTF-8");
        return str2 + "." + Base64.encodeUrlSafe(signCSR(str2, keyPair.getPrivate()), "UTF-8");
    }

    public String createDeviceAuthHeader(String str, String str2, boolean z) throws Exception {
        if (!z || !isCertificateExists(str2)) {
            return str;
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(ALG, "RS256");
        KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(str2);
        jSONObject.put(X5C, Base64.encodeUrlSafe(privateKeyEntry.getCertificate().getEncoded(), "UTF-8"));
        String str3 = Base64.encodeUrlSafe(jSONObject.toString().getBytes(), "UTF-8") + "." + Base64.encodeUrlSafe(str.getBytes(), "UTF-8");
        return str3 + "." + Base64.encodeUrlSafe(signData(str3, privateKeyEntry.getPrivateKey()), "UTF-8");
    }

    public void csrCertificateRecieveFailed(String str) {
        WLUtils.error(str);
        ((WLDroidGap) this.context).runOnUiThread(new Runnable() { // from class: com.worklight.common.security.WLDeviceAuthManager.2
            @Override // java.lang.Runnable
            public void run() {
                WLDeviceAuthManager.this.webView.loadUrl("javascript:WL.DiagnosticDialog.showDialog(WL.ClientMessages.wlclientInitFailure, WL.ClientMessages.deviceAuthenticationFail, false, false);");
            }
        });
    }

    public KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA);
        keyPairGenerator.initialize(512);
        return keyPairGenerator.genKeyPair();
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x00bb  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected java.security.KeyStore.PrivateKeyEntry getPrivateKeyEntry(java.lang.String r26) throws java.io.IOException, java.security.KeyStoreException, java.security.NoSuchAlgorithmException, java.security.cert.CertificateException, android.content.pm.PackageManager.NameNotFoundException, java.security.UnrecoverableEntryException {
        /*
            Method dump skipped, instructions count: 476
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.worklight.common.security.WLDeviceAuthManager.getPrivateKeyEntry(java.lang.String):java.security.KeyStore$PrivateKeyEntry");
    }

    public void init(Activity activity, WebView webView) {
        this.webView = webView;
        this.context = activity;
    }

    public boolean isCertificateExists(String str) {
        if (this.context != null) {
            try {
                r2 = getPrivateKeyEntry(str) != null;
            } catch (Exception e) {
                WLUtils.error("Error checking if certificate exists", e);
            }
        }
        return r2;
    }

    /* JADX WARN: Removed duplicated region for block: B:30:0x0098  */
    /* JADX WARN: Removed duplicated region for block: B:32:0x009d  */
    /* JADX WARN: Removed duplicated region for block: B:34:? A[RETURN, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:39:0x00a4  */
    /* JADX WARN: Removed duplicated region for block: B:41:0x00a9  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void saveCertificate(java.lang.String r13, java.security.KeyPair r14, java.security.cert.Certificate r15) throws java.lang.Exception {
        /*
            r12 = this;
            boolean r8 = r12.isCertificateExists(r13)
            if (r8 == 0) goto Le
            java.lang.Exception r8 = new java.lang.Exception
            java.lang.String r9 = "Error - Got a new Certificate, but an older one already exists, exiting process"
            r8.<init>(r9)
            throw r8
        Le:
            java.lang.String r8 = java.security.KeyStore.getDefaultType()
            java.security.KeyStore r6 = java.security.KeyStore.getInstance(r8)
            java.io.File r7 = new java.io.File
            java.lang.StringBuilder r8 = new java.lang.StringBuilder
            r8.<init>()
            android.content.Context r9 = r12.context
            java.io.File r9 = r9.getFilesDir()
            java.lang.String r9 = r9.getAbsolutePath()
            java.lang.StringBuilder r8 = r8.append(r9)
            java.lang.String r9 = "/"
            java.lang.StringBuilder r8 = r8.append(r9)
            java.lang.String r9 = ".keystore"
            java.lang.StringBuilder r8 = r8.append(r9)
            java.lang.String r8 = r8.toString()
            r7.<init>(r8)
            r2 = 0
            r4 = 0
            boolean r8 = r7.exists()     // Catch: java.lang.Exception -> L90 java.lang.Throwable -> La1
            if (r8 == 0) goto L89
            java.io.FileInputStream r3 = new java.io.FileInputStream     // Catch: java.lang.Exception -> L90 java.lang.Throwable -> La1
            r3.<init>(r7)     // Catch: java.lang.Exception -> L90 java.lang.Throwable -> La1
            char[] r8 = com.worklight.common.security.WLDeviceAuthManager.keyStorePassword     // Catch: java.lang.Throwable -> Lad java.lang.Exception -> Lb3
            r6.load(r3, r8)     // Catch: java.lang.Throwable -> Lad java.lang.Exception -> Lb3
            r3.close()     // Catch: java.lang.Throwable -> Lad java.lang.Exception -> Lb3
            r2 = r3
        L54:
            java.lang.String r0 = r12.getAlias(r13)     // Catch: java.lang.Exception -> L90 java.lang.Throwable -> La1
            java.security.PrivateKey r8 = r14.getPrivate()     // Catch: java.lang.Exception -> L90 java.lang.Throwable -> La1
            char[] r9 = com.worklight.common.security.WLDeviceAuthManager.keyStorePassword     // Catch: java.lang.Exception -> L90 java.lang.Throwable -> La1
            r10 = 1
            java.security.cert.Certificate[] r10 = new java.security.cert.Certificate[r10]     // Catch: java.lang.Exception -> L90 java.lang.Throwable -> La1
            r11 = 0
            r10[r11] = r15     // Catch: java.lang.Exception -> L90 java.lang.Throwable -> La1
            r6.setKeyEntry(r0, r8, r9, r10)     // Catch: java.lang.Exception -> L90 java.lang.Throwable -> La1
            java.io.FileOutputStream r5 = new java.io.FileOutputStream     // Catch: java.lang.Exception -> L90 java.lang.Throwable -> La1
            r5.<init>(r7)     // Catch: java.lang.Exception -> L90 java.lang.Throwable -> La1
            char[] r8 = com.worklight.common.security.WLDeviceAuthManager.keyStorePassword     // Catch: java.lang.Throwable -> Lb0 java.lang.Exception -> Lb6
            r6.store(r5, r8)     // Catch: java.lang.Throwable -> Lb0 java.lang.Exception -> Lb6
            android.content.Context r8 = r12.context     // Catch: java.lang.Throwable -> Lb0 java.lang.Exception -> Lb6
            com.worklight.androidgap.WLDroidGap r8 = (com.worklight.androidgap.WLDroidGap) r8     // Catch: java.lang.Throwable -> Lb0 java.lang.Exception -> Lb6
            com.worklight.common.security.WLDeviceAuthManager$1 r9 = new com.worklight.common.security.WLDeviceAuthManager$1     // Catch: java.lang.Throwable -> Lb0 java.lang.Exception -> Lb6
            r9.<init>()     // Catch: java.lang.Throwable -> Lb0 java.lang.Exception -> Lb6
            r8.runOnUiThread(r9)     // Catch: java.lang.Throwable -> Lb0 java.lang.Exception -> Lb6
            if (r5 == 0) goto L82
            r5.close()
        L82:
            if (r2 == 0) goto Lb9
            r2.close()
            r4 = r5
        L88:
            return
        L89:
            r8 = 0
            char[] r9 = com.worklight.common.security.WLDeviceAuthManager.keyStorePassword     // Catch: java.lang.Exception -> L90 java.lang.Throwable -> La1
            r6.load(r8, r9)     // Catch: java.lang.Exception -> L90 java.lang.Throwable -> La1
            goto L54
        L90:
            r1 = move-exception
        L91:
            java.lang.String r8 = "Error saving certificate"
            com.worklight.common.WLUtils.error(r8, r1)     // Catch: java.lang.Throwable -> La1
            if (r4 == 0) goto L9b
            r4.close()
        L9b:
            if (r2 == 0) goto L88
            r2.close()
            goto L88
        La1:
            r8 = move-exception
        La2:
            if (r4 == 0) goto La7
            r4.close()
        La7:
            if (r2 == 0) goto Lac
            r2.close()
        Lac:
            throw r8
        Lad:
            r8 = move-exception
            r2 = r3
            goto La2
        Lb0:
            r8 = move-exception
            r4 = r5
            goto La2
        Lb3:
            r1 = move-exception
            r2 = r3
            goto L91
        Lb6:
            r1 = move-exception
            r4 = r5
            goto L91
        Lb9:
            r4 = r5
            goto L88
        */
        throw new UnsupportedOperationException("Method not decompiled: com.worklight.common.security.WLDeviceAuthManager.saveCertificate(java.lang.String, java.security.KeyPair, java.security.cert.Certificate):void");
    }

    public void setProvisioningDelegate(WLProvisioningDelegate wLProvisioningDelegate) {
        this.provisioningDelegate = wLProvisioningDelegate;
    }

    public byte[] signCSR(String str, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        signature.update(str.getBytes());
        return signature.sign();
    }
}
