package com.airoas.android.agent.internal.net;

import android.os.Build;
import android.util.Log;
import com.airoas.android.agent.internal.helper.IdentHelper;
import com.airoas.android.agent.internal.net.HttpNetJob;
import com.airoas.android.agent.internal.service.BaseInstrument;
import com.airoas.android.util.Logger;
import com.airoas.android.util.MapFactory;
import com.airoas.android.util.StringUtil;
import com.airoas.android.util.io.ByteBundle;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import kotlin.jvm.internal.ByteCompanionObject;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public final class AROTrustMgr {
    private static final int DIGEST_SHA256 = 1;
    private static final String DIGEST_URL = "https://api-generic.airoas.com/request-key";
    private static final String TAG = AROTrustMgr.class.getSimpleName();
    private static final List<String> sDomainList = Arrays.asList("api.airoas.com", "api.sdk.airoas.com", "10.220.0.34");
    private static AROTrustMgr sInstance = null;
    private MessageDigest mMdInstance;
    private byte[] mPrefixData;
    private String mSharedPassphrase;
    private PublicKey mRootPubkey = null;
    private String mRootPubkeySha256 = null;
    private String mTrustDomainName = null;
    private String mToken = null;

    /* loaded from: classes.dex */
    static class AROTrustManagerImpl implements X509TrustManager {
        private SSLSocketFactory mAROTrustImplFactory;
        private AROTrustMgr mTrustMgr = AROTrustMgr.getInstance();
        static final AROTrustManagerImpl INSTANCE = new AROTrustManagerImpl();
        static final X509Certificate[] EMPTY_CERTARRAY = new X509Certificate[0];

        private AROTrustManagerImpl() {
            this.mAROTrustImplFactory = null;
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, new TrustManager[]{this}, new SecureRandom());
                this.mAROTrustImplFactory = sSLContext.getSocketFactory();
            } catch (Throwable unused) {
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (x509CertificateArr == null) {
                throw new CertificateException("ARO component never allows empty certificates configuration!");
            }
            if (!this.mTrustMgr.verify(x509CertificateArr)) {
                throw new CertificateException("ARO trust verify didn't pass");
            }
            Logger.log(4, AROTrustMgr.TAG, "verify pass");
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return EMPTY_CERTARRAY;
        }

        SSLSocketFactory getSSLFactory() {
            return this.mAROTrustImplFactory;
        }
    }

    private AROTrustMgr() {
        createRootPubkey();
        String hexString = Long.toHexString(System.currentTimeMillis());
        String valueOf = String.valueOf(Build.VERSION.SDK_INT);
        String googleAdId = IdentHelper.getInstance().getGoogleAdId();
        String airoasId = IdentHelper.getInstance().getAiroasId();
        String str = Build.MODEL;
        String str2 = Build.BRAND;
        String packageName = BaseInstrument.getApplicationContext().getPackageName();
        final String str3 = hexString + valueOf + googleAdId + airoasId + packageName;
        HttpNetJob httpNetJob = new HttpNetJob(DIGEST_URL, new MapFactory().add("X-Cux", hexString).add("X-Apv", valueOf).add("X-Devid", googleAdId).add("X-Arid", airoasId).add("X-Model", str).add("X-Brand", str2).add("X-Bdn", packageName).toMap(), "");
        httpNetJob.setOnHttpResponseListener(new HttpNetJob.OnHttpResponseListener() { // from class: com.airoas.android.agent.internal.net.AROTrustMgr.1
            @Override // com.airoas.android.agent.internal.net.HttpNetJob.OnHttpResponseListener
            public void onHttpErrorResponsed(NetJob netJob, String str4, Throwable th) {
                Log.e(AROTrustMgr.TAG, "Error occured while requesting ARO");
            }

            @Override // com.airoas.android.agent.internal.net.HttpNetJob.OnHttpResponseListener
            public void onHttpResponsed(NetJob netJob, String str4, int i, Map<String, List<String>> map, ByteBundle byteBundle) {
                try {
                    byteBundle.flip();
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    byteBundle.write(byteArrayOutputStream);
                    JSONObject jSONObject = new JSONObject(byteArrayOutputStream.toString());
                    String optString = jSONObject.optString("tk");
                    AROTrustMgr.this.mSharedPassphrase = jSONObject.optString("shr_psk", "").toLowerCase();
                    AROTrustMgr.this.mTrustDomainName = jSONObject.optString("dom");
                    int optInt = jSONObject.optInt("dt");
                    if (StringUtil.isEmpty(optString)) {
                        return;
                    }
                    AROTrustMgr.this.mToken = optString;
                    int checkSum = StringUtil.checkSum(optString.getBytes());
                    byte[] bytes = str3.getBytes();
                    for (int i2 = 0; i2 < bytes.length; i2++) {
                        bytes[i2] = (byte) (bytes[i2] ^ checkSum);
                    }
                    MessageDigest messageDigest = MessageDigest.getInstance(AROTrustMgr.getDigestType(optInt));
                    messageDigest.update(bytes);
                    try {
                        AROTrustMgr.this.mMdInstance = (MessageDigest) messageDigest.clone();
                        AROTrustMgr.this.mPrefixData = null;
                    } catch (CloneNotSupportedException unused) {
                        AROTrustMgr.this.mMdInstance = messageDigest;
                        AROTrustMgr.this.mPrefixData = bytes;
                    }
                } catch (IOException e) {
                    e.printStackTrace();
                } catch (NoSuchAlgorithmException e2) {
                    e2.printStackTrace();
                } catch (JSONException e3) {
                    e3.printStackTrace();
                }
            }
        });
        NetMgr.getInstance().post(httpNetJob);
    }

    private final void createRootPubkey() {
        byte[] bArr = {48, -126, 1, 34, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 3, -126, 1, 15, 0, 48, -126, 1, 10, 2, -126, 1, 1, 0, -60, 68, -84, 125, 55, ByteCompanionObject.MAX_VALUE, -21, 87, -109, -41, -8, 86, 75, -19, 1, 4, 107, -46, 126, 6, -112, -37, -73, 28, 96, 7, 31, 4, 21, -37, 25, 8, -42, 77, -68, -80, -89, 99, -122, -98, -104, 109, 43, -38, 93, 57, 98, 74, -8, -78, 55, 60, -14, 124, 38, 47, -21, -84, -61, 85, -18, -72, 14, -77, 36, 3, 45, -16, -104, 82, -15, 74, -101, -59, -113, -114, -4, 44, 52, 107, -2, -124, 62, -53, -9, -73, 101, -91, 71, 83, -39, -50, 103, 3, 24, -122, -90, 31, 57, -85, -72, -115, -93, 45, -106, -48, 59, 120, 11, 1, -24, 37, -107, 5, 40, 105, 76, 126, 34, -111, -25, 39, -22, -86, -93, 10, -5, -126, -56, -21, 20, -36, 61, 116, 50, 38, 14, 51, 38, 71, 47, 50, -3, 33, -87, -51, 46, -31, -98, 96, -29, 1, 41, -47, 73, 114, 7, 41, -19, -76, -33, -44, -25, -57, -1, -51, 14, 36, 37, -78, 108, -35, -65, -83, 62, 44, -5, -7, 43, -114, 97, 51, -98, -12, -95, 2, 102, -20, -76, -1, 18, -45, -21, -68, -113, -116, 47, -49, -43, 89, ByteCompanionObject.MIN_VALUE, 68, -74, 31, -77, -51, 33, -110, -62, -115, -21, -41, -98, 64, -56, 35, -17, 20, -93, -90, -105, 102, -1, 42, 91, -20, -62, 39, 9, 27, 112, 6, -125, 29, 53, -116, 81, -62, -16, 86, -71, 98, 111, -94, 25, -95, 14, -83, 88, -104, 42, -16, -48, -19, 120, 73, 2, 3, 1, 0, 1};
        try {
            this.mRootPubkey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException unused) {
            Log.e(TAG, "Could not resolve public key from binary data. This may cause by incorrect public key format.");
            this.mRootPubkeySha256 = StringUtil.getSha256(bArr);
        }
    }

    public static String getDigestType(int i) {
        if (i == 1) {
        }
        return "SHA-256";
    }

    public static AROTrustMgr getInstance() {
        if (sInstance == null) {
            synchronized (AROTrustMgr.class) {
                if (sInstance == null) {
                    sInstance = new AROTrustMgr();
                }
            }
        }
        return sInstance;
    }

    public static boolean isTrustDomainName(String str) {
        return sDomainList.contains(str);
    }

    public SSLSocketFactory getSSLFactory() {
        return AROTrustManagerImpl.INSTANCE.getSSLFactory();
    }

    public String getToken() {
        return this.mToken;
    }

    public String getTrustDomainName() {
        return this.mTrustDomainName;
    }

    public boolean isAvailable() {
        return (StringUtil.isEmpty(this.mSharedPassphrase) || this.mMdInstance == null) ? false : true;
    }

    public MessageDigest requireMdInstance() {
        if (this.mPrefixData == null) {
            try {
                return (MessageDigest) this.mMdInstance.clone();
            } catch (CloneNotSupportedException e) {
                e.printStackTrace();
                return null;
            }
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(this.mPrefixData);
            return messageDigest;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return null;
        }
    }

    public boolean verify(Certificate[] certificateArr) {
        if (StringUtil.isEmptyArray(certificateArr)) {
            return false;
        }
        boolean z = false;
        for (int i = 0; i < certificateArr.length; i++) {
            try {
                certificateArr[i].verify(this.mRootPubkey);
                if (verifyBytes(certificateArr[i].getEncoded())) {
                    z = true;
                }
            } catch (Exception unused) {
                return false;
            }
        }
        return z;
    }

    public boolean verifyBytes(byte[] bArr) {
        MessageDigest requireMdInstance = requireMdInstance();
        requireMdInstance.update(bArr);
        return this.mSharedPassphrase.equals(StringUtil.arrayToHexString(requireMdInstance.digest()).toLowerCase());
    }
}
