package com.nz.safetynet;

import android.content.Context;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import com.google.android.gms.common.api.CommonStatusCodes;
import com.google.android.gms.safetynet.SafetyNet;
import com.google.android.gms.safetynet.SafetyNetApi;
import com.google.android.gms.tasks.OnFailureListener;
import com.google.android.gms.tasks.OnSuccessListener;
import com.huawei.agconnect.config.AGConnectServicesConfig;
import com.huawei.hms.common.ApiException;
import com.huawei.hms.support.api.entity.safetydetect.SysIntegrityResp;
import com.huawei.hms.support.api.entity.safetydetect.UserDetectResponse;
import com.huawei.hms.support.api.safetydetect.SafetyDetect;
import com.huawei.hms.support.api.safetydetect.SafetyDetectStatusCodes;
import com.nz.safetynet.AndroidDeviceVerifier;
import com.nz.safetynet.SafetyNetHelper;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.List;

/* loaded from: classes3.dex */
public class SafetyNetHelper {
    private static int MAX_TIMESTAMP_DURATION = 120000;
    public static final int RESPONSE_ERROR_VALIDATING_SIGNATURE = 1000;
    public static final int RESPONSE_FAILED_SIGNATURE_VALIDATION = 1002;
    public static final int RESPONSE_FAILED_SIGNATURE_VALIDATION_NO_API_KEY = 1003;
    public static final int RESPONSE_VALIDATION_FAILED = 1001;
    public static final int SAFETY_NET_API_REQUEST_UNSUCCESSFUL = 999;
    private static final String TAG = "SafetyNetHelper";
    private List<String> apkCertificateDigests;
    private SafetyNetWrapperCallback callback;
    private boolean isGooglePlay;
    private SafetyNetResponse lastResponse;
    private String packageName;
    private byte[] requestNonce;
    private long requestTimestamp;
    private final SecureRandom secureRandom;
    private final String verificationApiKey;

    /* loaded from: classes3.dex */
    public interface SafetyNetCaptchaCallback {
        void error(int i, String str);

        void success(String str);
    }

    /* loaded from: classes3.dex */
    public interface SafetyNetWrapperCallback {
        void error(int i, String str);

        void success(boolean z, boolean z2);
    }

    public SafetyNetHelper(String str, boolean z) {
        this.isGooglePlay = true;
        this.verificationApiKey = str;
        this.isGooglePlay = z;
        assureApiKeysDefined();
        this.secureRandom = new SecureRandom();
    }

    private void assureApiKeysDefined() {
        if (TextUtils.isEmpty(this.verificationApiKey)) {
            Log.w(TAG, "Google Device Verification Api Key not defined, cannot properly validate safety net response without it. See https://developer.android.com/google/play/safetynet/start.html#verify-compat-check");
            throw new IllegalArgumentException("safetyNetApiKey must be defined!");
        }
    }

    private byte[] generateOneTimeRequestNonce() {
        byte[] bArr = new byte[32];
        this.secureRandom.nextBytes(bArr);
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ void lambda$runHuaweiSafetyNetTest$5(Exception exc) {
        if (!(exc instanceof ApiException)) {
            Log.e(TAG, "ERROR:" + exc.getMessage());
            return;
        }
        ApiException apiException = (ApiException) exc;
        Log.e(TAG, "Error: " + SafetyDetectStatusCodes.getStatusCodeString(apiException.getStatusCode()) + ": " + apiException.getMessage());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ void lambda$runReCAPTCHA$0(SafetyNetCaptchaCallback safetyNetCaptchaCallback, SafetyNetApi.RecaptchaTokenResponse recaptchaTokenResponse) {
        String tokenResult = recaptchaTokenResponse.getTokenResult();
        Log.d(TAG, tokenResult);
        safetyNetCaptchaCallback.success(tokenResult);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ void lambda$runReCAPTCHA$1(SafetyNetCaptchaCallback safetyNetCaptchaCallback, Exception exc) {
        if (!(exc instanceof com.google.android.gms.common.api.ApiException)) {
            Log.e(TAG, "Error: " + exc.getMessage());
            safetyNetCaptchaCallback.error(-1, exc.getMessage());
            return;
        }
        int statusCode = ((com.google.android.gms.common.api.ApiException) exc).getStatusCode();
        safetyNetCaptchaCallback.error(statusCode, exc.getMessage());
        Log.e(TAG, "Error: " + CommonStatusCodes.getStatusCodeString(statusCode));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ void lambda$runReCAPTCHA$2(SafetyNetCaptchaCallback safetyNetCaptchaCallback, UserDetectResponse userDetectResponse) {
        String responseToken = userDetectResponse.getResponseToken();
        Log.d(TAG, responseToken);
        safetyNetCaptchaCallback.success(responseToken);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ void lambda$runReCAPTCHA$3(Exception exc) {
        String message;
        if (exc instanceof com.google.android.gms.common.api.ApiException) {
            com.google.android.gms.common.api.ApiException apiException = (com.google.android.gms.common.api.ApiException) exc;
            message = SafetyDetectStatusCodes.getStatusCodeString(apiException.getStatusCode()) + ": " + apiException.getMessage();
        } else {
            message = exc.getMessage();
        }
        Log.i(TAG, "User detection fail. Error info: " + message);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SafetyNetResponse parseJsonWebSignature(String str) {
        if (str == null) {
            return null;
        }
        String[] split = str.split("\\.");
        if (split.length == 3) {
            return SafetyNetResponse.parse(new String(Base64.decode(split[1], 0)));
        }
        return null;
    }

    private void runGooglePlaySafetyNetTest(Context context) {
        Log.v(TAG, "running SafetyNet.API Test");
        this.requestNonce = generateOneTimeRequestNonce();
        this.requestTimestamp = System.currentTimeMillis();
        SafetyNet.getClient(context).attest(this.requestNonce, this.verificationApiKey).addOnSuccessListener(new OnSuccessListener<SafetyNetApi.AttestationResponse>() { // from class: com.nz.safetynet.SafetyNetHelper.2
            @Override // com.google.android.gms.tasks.OnSuccessListener
            public void onSuccess(SafetyNetApi.AttestationResponse attestationResponse) {
                String jwsResult = attestationResponse.getJwsResult();
                final SafetyNetResponse parseJsonWebSignature = SafetyNetHelper.this.parseJsonWebSignature(jwsResult);
                SafetyNetHelper.this.lastResponse = parseJsonWebSignature;
                if (!parseJsonWebSignature.isCtsProfileMatch() || !parseJsonWebSignature.isBasicIntegrity()) {
                    SafetyNetHelper.this.callback.success(parseJsonWebSignature.isCtsProfileMatch(), parseJsonWebSignature.isBasicIntegrity());
                    return;
                }
                if (!SafetyNetHelper.this.validateSafetyNetResponsePayload(parseJsonWebSignature)) {
                    SafetyNetHelper.this.callback.error(1001, "Response payload validation failed");
                    return;
                }
                if (!TextUtils.isEmpty(SafetyNetHelper.this.verificationApiKey)) {
                    new AndroidDeviceVerifier(SafetyNetHelper.this.verificationApiKey, jwsResult).verify(new AndroidDeviceVerifier.AndroidDeviceVerifierCallback() { // from class: com.nz.safetynet.SafetyNetHelper.2.1
                        @Override // com.nz.safetynet.AndroidDeviceVerifier.AndroidDeviceVerifierCallback
                        public void error(String str) {
                            SafetyNetHelper.this.callback.error(1000, "Response signature validation error: " + str);
                        }

                        @Override // com.nz.safetynet.AndroidDeviceVerifier.AndroidDeviceVerifierCallback
                        public void success(boolean z) {
                            if (z) {
                                SafetyNetHelper.this.callback.success(parseJsonWebSignature.isCtsProfileMatch(), parseJsonWebSignature.isBasicIntegrity());
                            } else {
                                SafetyNetHelper.this.callback.error(1002, "Response signature invalid");
                            }
                        }
                    });
                    return;
                }
                Log.w(SafetyNetHelper.TAG, "No google Device Verification ApiKey defined");
                SafetyNetHelper.this.callback.error(1003, "No Google Device Verification ApiKey defined. Marking as failed. SafetyNet CtsProfileMatch: " + parseJsonWebSignature.isCtsProfileMatch());
            }
        }).addOnFailureListener(new OnFailureListener() { // from class: com.nz.safetynet.SafetyNetHelper.1
            @Override // com.google.android.gms.tasks.OnFailureListener
            public void onFailure(Exception exc) {
                if (!(exc instanceof com.google.android.gms.common.api.ApiException)) {
                    Log.d(SafetyNetHelper.TAG, "Error: " + exc.getMessage());
                    SafetyNetHelper.this.callback.error(1001, "Response payload validation failed");
                    return;
                }
                com.google.android.gms.common.api.ApiException apiException = (com.google.android.gms.common.api.ApiException) exc;
                SafetyNetHelper.this.callback.error(1001, "ApiException[" + apiException.getStatusCode() + "] " + apiException.getMessage());
            }
        });
    }

    private void runHuaweiSafetyNetTest(Context context) {
        Log.v(TAG, "running Huawei SafetyNet.API Test");
        this.requestNonce = generateOneTimeRequestNonce();
        this.requestTimestamp = System.currentTimeMillis();
        SafetyDetect.getClient(context).sysIntegrity(this.requestNonce, this.verificationApiKey).addOnSuccessListener(new com.huawei.hmf.tasks.OnSuccessListener() { // from class: com.nz.safetynet.-$$Lambda$SafetyNetHelper$vKkWE-h143P3UKqY6bKbYNlqcFA
            @Override // com.huawei.hmf.tasks.OnSuccessListener
            public final void onSuccess(Object obj) {
                SafetyNetHelper.this.lambda$runHuaweiSafetyNetTest$4$SafetyNetHelper((SysIntegrityResp) obj);
            }
        }).addOnFailureListener(new com.huawei.hmf.tasks.OnFailureListener() { // from class: com.nz.safetynet.-$$Lambda$SafetyNetHelper$QxYZtHSowCNJaQsvVi75C-evznE
            @Override // com.huawei.hmf.tasks.OnFailureListener
            public final void onFailure(Exception exc) {
                SafetyNetHelper.lambda$runHuaweiSafetyNetTest$5(exc);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean validateSafetyNetResponsePayload(SafetyNetResponse safetyNetResponse) {
        if (safetyNetResponse == null) {
            Log.e(TAG, "SafetyNetResponse is null.");
            return false;
        }
        String trim = Base64.encodeToString(this.requestNonce, 0).trim();
        if (!trim.equals(safetyNetResponse.getNonce())) {
            String str = TAG;
            Log.e(str, "invalid nonce, expected = \"" + trim + "\"");
            Log.e(str, "invalid nonce, response   = \"" + safetyNetResponse.getNonce() + "\"");
            return false;
        }
        if (!this.packageName.equalsIgnoreCase(safetyNetResponse.getApkPackageName())) {
            String str2 = TAG;
            Log.e(str2, "invalid packageName, expected = \"" + this.packageName + "\"");
            Log.e(str2, "invalid packageName, response = \"" + safetyNetResponse.getApkPackageName() + "\"");
            return false;
        }
        long timestampMs = safetyNetResponse.getTimestampMs() - this.requestTimestamp;
        if (timestampMs > MAX_TIMESTAMP_DURATION) {
            Log.e(TAG, "Duration calculated from the timestamp of response \"" + timestampMs + " \" exceeds permitted duration of \"" + MAX_TIMESTAMP_DURATION + "\"");
            return false;
        }
        if (Arrays.equals(this.apkCertificateDigests.toArray(), safetyNetResponse.getApkCertificateDigestSha256())) {
            return true;
        }
        String str3 = TAG;
        Log.e(str3, "invalid apkCertificateDigest, local/expected = " + Arrays.asList(this.apkCertificateDigests));
        Log.e(str3, "invalid apkCertificateDigest, response = " + Arrays.asList(safetyNetResponse.getApkCertificateDigestSha256()));
        return false;
    }

    public SafetyNetResponse getLastResponse() {
        return this.lastResponse;
    }

    public void initUserDetect(Context context) {
        SafetyDetect.getClient(context).initUserDetect();
    }

    public /* synthetic */ void lambda$runHuaweiSafetyNetTest$4$SafetyNetHelper(SysIntegrityResp sysIntegrityResp) {
        String result = sysIntegrityResp.getResult();
        final SafetyNetResponse parseJsonWebSignature = parseJsonWebSignature(result);
        this.lastResponse = parseJsonWebSignature;
        String str = TAG;
        Log.d(str, parseJsonWebSignature.toString());
        if (parseJsonWebSignature != null) {
            if (!parseJsonWebSignature.isCtsProfileMatch() || !parseJsonWebSignature.isBasicIntegrity()) {
                this.callback.success(parseJsonWebSignature.isCtsProfileMatch(), parseJsonWebSignature.isBasicIntegrity());
                return;
            }
            if (!validateSafetyNetResponsePayload(parseJsonWebSignature)) {
                this.callback.error(1001, "Response payload validation failed");
                return;
            }
            if (!TextUtils.isEmpty(this.verificationApiKey)) {
                new AndroidDeviceVerifier(this.verificationApiKey, result).verify(new AndroidDeviceVerifier.AndroidDeviceVerifierCallback() { // from class: com.nz.safetynet.SafetyNetHelper.3
                    @Override // com.nz.safetynet.AndroidDeviceVerifier.AndroidDeviceVerifierCallback
                    public void error(String str2) {
                        SafetyNetHelper.this.callback.error(1000, "Response signature validation error: " + str2);
                    }

                    @Override // com.nz.safetynet.AndroidDeviceVerifier.AndroidDeviceVerifierCallback
                    public void success(boolean z) {
                        if (z) {
                            SafetyNetHelper.this.callback.success(parseJsonWebSignature.isCtsProfileMatch(), parseJsonWebSignature.isBasicIntegrity());
                        } else {
                            SafetyNetHelper.this.callback.error(1002, "Response signature invalid");
                        }
                    }
                });
                return;
            }
            Log.w(str, "No google Device Verification ApiKey defined");
            this.callback.error(1003, "No Google Device Verification ApiKey defined. Marking as failed. SafetyNet CtsProfileMatch: " + parseJsonWebSignature.isCtsProfileMatch());
        }
    }

    public void requestTest(Context context, SafetyNetWrapperCallback safetyNetWrapperCallback) {
        String packageName = context.getPackageName();
        this.packageName = packageName;
        this.callback = safetyNetWrapperCallback;
        this.apkCertificateDigests = Utils.calcApkCertificateDigests(context, packageName);
        Log.d(TAG, "apkCertificateDigests:" + this.apkCertificateDigests);
        if (this.isGooglePlay) {
            runGooglePlaySafetyNetTest(context);
        } else {
            runHuaweiSafetyNetTest(context);
        }
    }

    public void runReCAPTCHA(Context context, final SafetyNetCaptchaCallback safetyNetCaptchaCallback) {
        if (this.isGooglePlay) {
            SafetyNet.getClient(context).verifyWithRecaptcha(this.verificationApiKey).addOnSuccessListener(new OnSuccessListener() { // from class: com.nz.safetynet.-$$Lambda$SafetyNetHelper$tIg__V1Gbg98P6Vp5L0QtWIm4oU
                @Override // com.google.android.gms.tasks.OnSuccessListener
                public final void onSuccess(Object obj) {
                    SafetyNetHelper.lambda$runReCAPTCHA$0(SafetyNetHelper.SafetyNetCaptchaCallback.this, (SafetyNetApi.RecaptchaTokenResponse) obj);
                }
            }).addOnFailureListener(new OnFailureListener() { // from class: com.nz.safetynet.-$$Lambda$SafetyNetHelper$etO_EhoiJ1UfH69ViwyT-iqhTwQ
                @Override // com.google.android.gms.tasks.OnFailureListener
                public final void onFailure(Exception exc) {
                    SafetyNetHelper.lambda$runReCAPTCHA$1(SafetyNetHelper.SafetyNetCaptchaCallback.this, exc);
                }
            });
        } else {
            SafetyDetect.getClient(context).userDetection(AGConnectServicesConfig.fromContext(context).getString("client/app_id")).addOnSuccessListener(new com.huawei.hmf.tasks.OnSuccessListener() { // from class: com.nz.safetynet.-$$Lambda$SafetyNetHelper$WWpua9Qq8VyCEZsh1D0vWgCwnmk
                @Override // com.huawei.hmf.tasks.OnSuccessListener
                public final void onSuccess(Object obj) {
                    SafetyNetHelper.lambda$runReCAPTCHA$2(SafetyNetHelper.SafetyNetCaptchaCallback.this, (UserDetectResponse) obj);
                }
            }).addOnFailureListener(new com.huawei.hmf.tasks.OnFailureListener() { // from class: com.nz.safetynet.-$$Lambda$SafetyNetHelper$26WaqTLP8dyZmNo490OafBznjoU
                @Override // com.huawei.hmf.tasks.OnFailureListener
                public final void onFailure(Exception exc) {
                    SafetyNetHelper.lambda$runReCAPTCHA$3(exc);
                }
            });
        }
    }
}
