package com.sevenprinciples.android.mdm.safeclient.thirdparty.samsung;

import android.content.Context;
import android.util.Base64;
import android.util.Log;
import androidx.core.view.accessibility.AccessibilityNodeInfoCompat;
import com.samsung.android.knox.EnterpriseKnoxManager;
import com.samsung.android.knox.container.KnoxContainerManager;
import com.samsung.android.knox.integrity.EnhancedAttestationPolicy;
import com.samsung.android.knox.integrity.EnhancedAttestationPolicyCallback;
import com.samsung.android.knox.integrity.EnhancedAttestationResult;
import com.sevenprinciples.android.mdm.safeclient.base.ApplicationContext;
import com.sevenprinciples.android.mdm.safeclient.base.Constants;
import com.sevenprinciples.android.mdm.safeclient.base.MDM;
import com.sevenprinciples.android.mdm.safeclient.base.logger.AppLog;
import com.sevenprinciples.android.mdm.safeclient.base.tools.StringHelper;
import com.sevenprinciples.android.mdm.safeclient.base.tools.WarningHelper;
import com.sevenprinciples.android.mdm.safeclient.base.tools.WebServicesHelper;
import com.sevenprinciples.android.mdm.safeclient.base.web.HTTPURLParameter;
import com.sevenprinciples.android.mdm.safeclient.main.MDMWrapper;
import com.sevenprinciples.android.mdm.safeclient.security.ThreadSafeEncryptedNoSQLStorage;
import com.sevenprinciples.android.mdm.safeclient.thirdparty.generic.Call;
import com.sevenprinciples.android.mdm.safeclient.ui.AntiDozeHelper;
import com.sevenprinciples.android.mdm.safeclient.ui.JS;
import cz.msebera.android.httpclient.client.cache.HeaderConstants;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class AttestationHelper {
    private static final int MAX_TIMESTAMP_DURATION = 120000;
    private static final String TAG = Constants.TAG_PREFFIX + "ATTH";

    /* loaded from: classes2.dex */
    public enum Status {
        Requested,
        Success,
        Error7_InvalidBasicIntegrity,
        Error6_CtsProfileMismatch,
        Error1_AttestationSuccessfulInvalidNonce,
        Error2_AttestationFailedMatchedNonce,
        Error3_AttestationFailedInvalidNonce,
        Error4_SafetyNetApiException,
        Error5_SafetyNetGeneric,
        KnoxUnsupported,
        Error7_PlayIntegrityGeneric,
        Error9_InvalidHttpResponse,
        Error10_InvalidHttpResponseCode,
        Error8_PlayIntegrityVerdict
    }

    private static ThreadSafeEncryptedNoSQLStorage DBB() {
        return MDMWrapper.getInstance().getDB();
    }

    public static void clear() {
        DBB().remove(Constants.Keys.SafetyNetAttestation.toString());
        DBB().remove(Constants.Keys.SafetyNetAttestationResult.toString());
        DBB().remove(Constants.Keys.SafetyNetAttestationStatement.toString());
        MDM.DB().remove(Constants.Keys.PlayIntegrityAttestation.toString());
        MDM.DB().remove(Constants.Keys.PlayIntegrityAttestationResult.toString());
        MDM.DB().remove(Constants.Keys.PlayIntegrityAttestationStatement.toString());
        MDM.DB().remove(Constants.Keys.KnoxAttestation.toString());
        MDM.DB().remove(Constants.Keys.KnoxAttestationResult.toString());
    }

    public static void clearSafetyNet() {
        DBB().remove(Constants.Keys.SafetyNetAttestation.toString());
        DBB().remove(Constants.Keys.SafetyNetAttestationResult.toString());
        DBB().remove(Constants.Keys.SafetyNetAttestationStatement.toString());
    }

    public static void gatherParameters(HTTPURLParameter hTTPURLParameter, Context context) {
        Status safetyNetStatus = getSafetyNetStatus();
        if (safetyNetStatus != null) {
            try {
                hTTPURLParameter.addParameter("safetynet_attestation_status", safetyNetStatus.name());
            } catch (UnsupportedEncodingException e) {
                AppLog.w(TAG, e.getMessage(), e);
            }
            try {
                String lastSafetyNetResult = getLastSafetyNetResult();
                if (lastSafetyNetResult != null) {
                    hTTPURLParameter.addParameter("safetynet_attestation_info", lastSafetyNetResult);
                }
            } catch (Throwable th) {
                AppLog.w(TAG, th.getMessage(), th);
            }
        }
        try {
            String lastSafetyNetStatement = getLastSafetyNetStatement();
            if (lastSafetyNetStatement != null) {
                hTTPURLParameter.addParameter("safetynet_attestation_statement", lastSafetyNetStatement);
            }
        } catch (Throwable th2) {
            AppLog.w(TAG, th2.getMessage(), th2);
        }
    }

    public static String getLastResult() {
        try {
            return MDMWrapper.getInstance().getDB().getString(Constants.Keys.KnoxAttestationResult.toString(), null);
        } catch (Throwable unused) {
            return null;
        }
    }

    public static String getLastSafetyNetResult() {
        try {
            return MDMWrapper.getInstance().getDB().getString(Constants.Keys.SafetyNetAttestationResult.toString(), null);
        } catch (Throwable unused) {
            return null;
        }
    }

    public static String getLastSafetyNetStatement() {
        try {
            return MDMWrapper.getInstance().getDB().getString(Constants.Keys.SafetyNetAttestationStatement.toString(), null);
        } catch (Throwable unused) {
            return null;
        }
    }

    public static Status getSafetyNetStatus() {
        try {
            String string = MDMWrapper.getInstance().getDB().getString(Constants.Keys.SafetyNetAttestation.toString(), null);
            if (string == null) {
                return null;
            }
            return Status.valueOf(string);
        } catch (Throwable unused) {
            return null;
        }
    }

    public static Status getStatus() {
        try {
            String string = MDMWrapper.getInstance().getDB().getString(Constants.Keys.KnoxAttestation.toString(), null);
            if (string == null) {
                return null;
            }
            return Status.valueOf(string);
        } catch (Throwable unused) {
            return null;
        }
    }

    public static boolean isSupported() {
        try {
            return EnterpriseKnoxManager.getInstance(ApplicationContext.getContext()).getEnhancedAttestationPolicy().isSupported();
        } catch (Throwable unused) {
            return false;
        }
    }

    public static SafetyNetResponse parseJsonWebSignature(String str) {
        if (str == null) {
            return null;
        }
        String[] split = str.split("\\.");
        if (split.length == 3) {
            return SafetyNetResponse.parse(new String(Base64.decode(split[1], 0)));
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void saveAttestation(Status status) {
        MDMWrapper.getInstance().getDB().setString(Constants.Keys.KnoxAttestation.toString(), status.name());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void saveAttestationResult(String str) {
        MDMWrapper.getInstance().getDB().setString(Constants.Keys.KnoxAttestationResult.toString(), str);
    }

    public static void start(CallSecurityPolicy callSecurityPolicy, final String str, final String str2, final String str3, long j) {
        if (StringHelper.isEmpty(str2)) {
            str2 = "01928EEDAF5D46AF85559B40B71F4978";
        }
        if (!isSupported()) {
            callSecurityPolicy.setFailure(Call.ErrorTag.NoSuchMethodError);
            saveAttestation(Status.KnoxUnsupported);
            return;
        }
        try {
            long currentTimeMillis = System.currentTimeMillis() - j;
            String str4 = TAG;
            AppLog.w(str4, "delta T:" + currentTimeMillis);
            if (Math.abs(currentTimeMillis) > 180000) {
                JSONObject jSONObject = new JSONObject();
                jSONObject.put("action", "getNonce");
                jSONObject.put(KnoxContainerManager.CONTAINER_CREATION_REQUEST_ID, str3);
                jSONObject.put("attemptedAt", AntiDozeHelper.getLastConnectionAttemptTime());
                JSONObject postInternal = WebServicesHelper.postInternal(WebServicesHelper.getMobileServiceEndPoint(), jSONObject.toString());
                AppLog.w(str4, "response:" + postInternal);
                str = JS.s(postInternal, "response");
            }
        } catch (Throwable th) {
            th.printStackTrace();
            AppLog.e(TAG, "error in the response:" + th.getMessage(), th);
        }
        EnhancedAttestationPolicy enhancedAttestationPolicy = EnterpriseKnoxManager.getInstance(callSecurityPolicy.getContext()).getEnhancedAttestationPolicy();
        if (!enhancedAttestationPolicy.isSupported()) {
            callSecurityPolicy.setFailure(Call.ErrorTag.NoSuchMethodError);
            return;
        }
        saveAttestation(Status.Requested);
        enhancedAttestationPolicy.startAttestation(str2, str, new EnhancedAttestationPolicyCallback() { // from class: com.sevenprinciples.android.mdm.safeclient.thirdparty.samsung.AttestationHelper.1
            public void onAttestationFinished(EnhancedAttestationResult enhancedAttestationResult) {
                int i;
                AttestationHelper.saveAttestation(Status.Requested);
                try {
                    AppLog.w(AttestationHelper.TAG, "Attestation respone raw data:" + enhancedAttestationResult.getResponseRawData());
                    AppLog.w(AttestationHelper.TAG, "Attestation unique id:" + enhancedAttestationResult.getUniqueId());
                    AppLog.w(AttestationHelper.TAG, "Attestation error:" + enhancedAttestationResult.getError());
                    AppLog.w(AttestationHelper.TAG, "Attestation reason:" + enhancedAttestationResult.getReason());
                    AppLog.w(AttestationHelper.TAG, "Attestation url:" + enhancedAttestationResult.getUrl());
                    AppLog.w(AttestationHelper.TAG, "Attestation AUK:" + str2);
                    AppLog.w(AttestationHelper.TAG, "Attestation server response id: " + enhancedAttestationResult.getServerResponseId());
                    i = 0;
                    boolean z = false;
                    for (int i2 = 0; i2 < 3; i2++) {
                        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL("https://attest.samsungknox.com/v3/attestations/" + enhancedAttestationResult.getUniqueId()).openConnection();
                        httpsURLConnection.setRequestMethod("GET");
                        httpsURLConnection.setRequestProperty("Content-Type", "application/json");
                        httpsURLConnection.setRequestProperty("cache-control", HeaderConstants.CACHE_CONTROL_NO_CACHE);
                        httpsURLConnection.setRequestProperty("Ats-Request-Id", str3);
                        httpsURLConnection.setRequestProperty("Authorization", "Bearer " + str2);
                        httpsURLConnection.setUseCaches(false);
                        httpsURLConnection.setAllowUserInteraction(false);
                        httpsURLConnection.setConnectTimeout(AccessibilityNodeInfoCompat.EXTRA_DATA_TEXT_CHARACTER_LOCATION_ARG_MAX_LENGTH);
                        httpsURLConnection.setReadTimeout(AccessibilityNodeInfoCompat.EXTRA_DATA_TEXT_CHARACTER_LOCATION_ARG_MAX_LENGTH);
                        httpsURLConnection.connect();
                        int responseCode = httpsURLConnection.getResponseCode();
                        AppLog.w(AttestationHelper.TAG, "response code:" + responseCode);
                        if (responseCode == 200 || responseCode == 201) {
                            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpsURLConnection.getInputStream()));
                            StringBuilder sb = new StringBuilder();
                            while (true) {
                                String readLine = bufferedReader.readLine();
                                if (readLine == null) {
                                    break;
                                } else {
                                    sb.append(readLine).append("\n");
                                }
                            }
                            bufferedReader.close();
                            JSONObject jSONObject2 = new JSONObject(sb.toString());
                            AppLog.w(AttestationHelper.TAG, "response:" + jSONObject2.toString());
                            AttestationHelper.saveAttestationResult(jSONObject2.toString());
                            i = 0;
                            z = true;
                        } else {
                            i = 1;
                        }
                        if (z) {
                            break;
                        }
                    }
                } catch (Throwable th2) {
                    AppLog.w(AttestationHelper.TAG, "error " + th2.getMessage(), th2);
                    WarningHelper.forTheRecord(th2);
                    i = 2;
                }
                if (enhancedAttestationResult.getError() == 0 && i == 0) {
                    AppLog.i(AttestationHelper.TAG, "attest: onSuccess");
                    if (str.equals(enhancedAttestationResult.getUniqueId())) {
                        AttestationHelper.saveAttestation(Status.Success);
                    } else {
                        AttestationHelper.saveAttestation(Status.Error1_AttestationSuccessfulInvalidNonce);
                    }
                } else {
                    AppLog.i(AttestationHelper.TAG, "attest: onFailure => " + i + " " + enhancedAttestationResult.getUniqueId() + " vs " + str);
                    if (i == 1) {
                        AttestationHelper.saveAttestation(Status.Error10_InvalidHttpResponseCode);
                    } else if (i == 2) {
                        AttestationHelper.saveAttestation(Status.Error9_InvalidHttpResponse);
                    } else if (str.equals(enhancedAttestationResult.getUniqueId())) {
                        AttestationHelper.saveAttestation(Status.Error2_AttestationFailedMatchedNonce);
                    } else {
                        AttestationHelper.saveAttestation(Status.Error3_AttestationFailedInvalidNonce);
                    }
                }
                final Status status = AttestationHelper.getStatus();
                if (status != null) {
                    new Thread(new Runnable() { // from class: com.sevenprinciples.android.mdm.safeclient.thirdparty.samsung.AttestationHelper.1.1
                        @Override // java.lang.Runnable
                        public void run() {
                            try {
                                JSONObject jSONObject3 = new JSONObject();
                                JS.putS(jSONObject3, "action", "setAttestation");
                                JSONObject jSONObject4 = new JSONObject();
                                JS.putS(jSONObject4, "attestation_status", status.name());
                                JS.putS(jSONObject4, "attestation_info", AttestationHelper.getLastResult());
                                jSONObject3.put("attestationData", jSONObject4);
                                WebServicesHelper.postRaw(WebServicesHelper.getMobileServiceEndPoint(), jSONObject3, WebServicesHelper.buildAuth());
                                MDM.DB().remove(Constants.Keys.KnoxAttestation.toString());
                                MDM.DB().remove(Constants.Keys.KnoxAttestationResult.toString());
                            } catch (Throwable th3) {
                                AppLog.e(AttestationHelper.TAG, th3.getMessage(), th3);
                            }
                        }
                    }).start();
                }
            }
        });
        callSecurityPolicy.setSuccess(null);
    }

    public static boolean validateSafetyNetResponsePayload(String str, SafetyNetResponse safetyNetResponse, String str2, long j, List<String> list) {
        if (safetyNetResponse == null) {
            Log.e(TAG, "SafetyNetResponse is null.");
            return false;
        }
        String trim = Base64.encodeToString(str.getBytes(), 0).trim();
        if (!trim.equals(safetyNetResponse.getNonce())) {
            String str3 = TAG;
            Log.e(str3, "invalid nonce, expected = \"" + trim + "\"");
            Log.e(str3, "invalid nonce, response   = \"" + safetyNetResponse.getNonce() + "\"");
            return false;
        }
        if (!str2.equalsIgnoreCase(safetyNetResponse.getApkPackageName())) {
            String str4 = TAG;
            Log.e(str4, "invalid packageName, expected = \"" + str2 + "\"");
            Log.e(str4, "invalid packageName, response = \"" + safetyNetResponse.getApkPackageName() + "\"");
            return false;
        }
        long timestampMs = safetyNetResponse.getTimestampMs() - j;
        if (timestampMs > 120000) {
            Log.e(TAG, "Duration calculated from the timestamp of response \"" + timestampMs + " \" exceeds permitted duration of \"120000\"");
            return false;
        }
        if (Arrays.equals(list.toArray(), safetyNetResponse.getApkCertificateDigestSha256())) {
            return true;
        }
        String str5 = TAG;
        Log.e(str5, "invalid apkCertificateDigest, local/expected = " + Collections.singletonList(list));
        Log.e(str5, "invalid apkCertificateDigest, response = " + Arrays.asList(safetyNetResponse.getApkCertificateDigestSha256()));
        return false;
    }
}
