package com.arlo.app.security;

import android.text.TextUtils;
import android.util.Base64;
import com.arlo.app.camera.BaseStation;
import com.arlo.app.camera.CameraInfo;
import com.arlo.app.communication.DeviceNotification;
import com.arlo.app.communication.HttpApi;
import com.arlo.app.communication.SseUtils;
import com.arlo.app.communication.device.api.DeviceResource;
import com.arlo.app.devices.DeviceUtils;
import com.arlo.app.security.SecurityUtils;
import com.arlo.app.security.certificates.CertificatesInfo;
import com.arlo.app.security.certificates.CertificatesParser;
import com.arlo.app.security.certificates.CertificatesStorage;
import com.arlo.app.security.certificates.DeviceCertificate;
import com.arlo.app.utils.AppSingleton;
import com.arlo.app.utils.BuildConfigUtilsKt;
import com.arlo.app.utils.FeatureAvailability;
import com.arlo.app.utils.MD5Utils;
import com.arlo.app.utils.VuezoneModel;
import com.arlo.logger.ArloLog;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import kotlin.Unit;
import kotlin.io.FilesKt;
import kotlin.jvm.functions.Function0;
import org.apache.commons.lang3.StringUtils;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class SecurityUtils {
    private static final int KEY_SIZE = 2048;
    private static final String PKCS1_PRIVATE_KEY_FILE_NAME = "private_pkcs1.pem";
    private static final String PKCS1_PRIVATE_KEY_FOOTER = "-----END PRIVATE KEY-----";
    private static final String PKCS1_PRIVATE_KEY_HEADER = "-----BEGIN PRIVATE KEY-----";
    private static final String PRIVATE_KEY_FILE_NAME = "private.pem";
    private static final String PUBLIC_KEY_FILE_NAME = "public.pem";
    private static final String SECURITY_FOLDER_NAME = "security";
    private static final String TAG = "SecurityUtils";
    private static CertificatesStorage certificateStorage;
    private static SecurityUtils instance;
    private boolean isInitialized = false;
    private PrivateKey mPrivateKey;
    private PublicKey mPublicKey;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.arlo.app.security.SecurityUtils$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public class AnonymousClass1 implements CertificatesParser.CertificatesParsedListener {
        AnonymousClass1() {
        }

        public /* synthetic */ Unit lambda$onCertificatesParsed$0$SecurityUtils$1(CertificatesInfo certificatesInfo) {
            Iterator<DeviceCertificate> it = certificatesInfo.getDeviceCertificates().iterator();
            while (it.hasNext()) {
                SecurityUtils.this.sendCameraNotification(it.next().getUniqueId());
            }
            return null;
        }

        @Override // com.arlo.app.security.certificates.CertificatesParser.CertificatesParsedListener
        public void onCertificatesParsed(final CertificatesInfo certificatesInfo) {
            SecurityUtils.certificateStorage.saveCertificatesAsync(certificatesInfo, new Function0() { // from class: com.arlo.app.security.-$$Lambda$SecurityUtils$1$W3wZSdjOnje51PyiPT63iTD8T-w
                @Override // kotlin.jvm.functions.Function0
                public final Object invoke() {
                    return SecurityUtils.AnonymousClass1.this.lambda$onCertificatesParsed$0$SecurityUtils$1(certificatesInfo);
                }
            });
        }

        @Override // com.arlo.app.security.certificates.CertificatesParser.CertificatesParsedListener
        public void onError(CertificatesParser.CertificatesParseException certificatesParseException) {
            ArloLog.e(SecurityUtils.TAG, "Can't parse certificates", certificatesParseException);
        }
    }

    private boolean checkKeysIntegrity() {
        boolean z;
        File file = new File(getPrivateKeyPath());
        File file2 = new File(getPublicKeyPath());
        File file3 = new File(getPKCS1PrivateKeyPath());
        if (file.exists() && file2.exists() && file3.exists()) {
            z = true;
        } else if (file.exists() && file2.exists()) {
            loadPrivateKey();
            storePrivateKey();
            z = file3.exists();
        } else {
            z = false;
        }
        if (!z) {
            ArloLog.d(TAG, "Keys do not exist or are corrupted. Removing keys and certificates.", true);
            FilesKt.deleteRecursively(new File(AppSingleton.getInstance().getApplicationContext().getFilesDir().toString() + File.separator + SECURITY_FOLDER_NAME + File.separator + VuezoneModel.getUserIDFromMemoryOrPreferences()));
            this.mPrivateKey = null;
            this.mPublicKey = null;
        }
        return z;
    }

    private void generateKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            this.mPublicKey = generateKeyPair.getPublic();
            this.mPrivateKey = generateKeyPair.getPrivate();
            storePrivateKey();
            storePublicKey();
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
        }
    }

    public static SecurityUtils getInstance() {
        if (instance == null) {
            instance = new SecurityUtils();
            certificateStorage = new CertificatesStorage();
        }
        SecurityUtils securityUtils = instance;
        if (!securityUtils.isInitialized) {
            securityUtils.initialize();
        }
        return instance;
    }

    private String getSecurityFolderPath() {
        return AppSingleton.getInstance().getApplicationContext().getFilesDir().toString() + File.separator + SECURITY_FOLDER_NAME + File.separator + VuezoneModel.getUserIDFromMemoryOrPreferences();
    }

    private void initialize() {
        checkKeysIntegrity();
        new File(getSecurityFolderPath()).mkdirs();
        if ((this.mPrivateKey == null || this.mPublicKey == null) && FeatureAvailability.isSensitiveLoggingEnabled()) {
            String str = TAG;
            ArloLog.d(str, "Setting up:", true);
            File file = new File(getPrivateKeyPath());
            ArloLog.d(str, file.getPath() + " | " + file.exists(), true);
            File file2 = new File(getPKCS1PrivateKeyPath());
            ArloLog.d(str, file2.getPath() + " | " + file2.exists(), true);
            File file3 = new File(getPublicKeyPath());
            ArloLog.d(str, file3.getPath() + " | " + file3.exists(), true);
        }
        if (this.mPrivateKey == null) {
            loadPrivateKey();
        }
        if (this.mPublicKey == null) {
            loadPublicKey();
        }
        this.isInitialized = true;
    }

    private void loadPrivateKey() {
        try {
            File file = new File(getPrivateKeyPath());
            if (file.exists()) {
                FileInputStream fileInputStream = new FileInputStream(file);
                byte[] bArr = new byte[(int) file.length()];
                fileInputStream.read(bArr);
                fileInputStream.close();
                this.mPrivateKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
            }
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            e.printStackTrace();
        }
    }

    private void loadPublicKey() {
        try {
            File file = new File(getPublicKeyPath());
            if (file.exists()) {
                FileInputStream fileInputStream = new FileInputStream(file);
                byte[] bArr = new byte[(int) file.length()];
                fileInputStream.read(bArr);
                fileInputStream.close();
                this.mPublicKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr));
            }
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            e.printStackTrace();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void sendCameraNotification(String str) {
        CameraInfo cameraInfo = (CameraInfo) DeviceUtils.getInstance().getDeviceByUniqueId(str, CameraInfo.class);
        if (cameraInfo != null) {
            DeviceNotification deviceNotification = new DeviceNotification();
            deviceNotification.setSmartDevice(cameraInfo);
            deviceNotification.setResource(DeviceResource.Certificate.INSTANCE);
            SseUtils.notificateSSEListeners(deviceNotification);
        }
    }

    private void storePrivateKey() {
        try {
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(this.mPrivateKey.getEncoded());
            FileOutputStream fileOutputStream = new FileOutputStream(getPrivateKeyPath());
            fileOutputStream.write(pKCS8EncodedKeySpec.getEncoded());
            fileOutputStream.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
        try {
            FileOutputStream fileOutputStream2 = new FileOutputStream(getPKCS1PrivateKeyPath());
            fileOutputStream2.write(("-----BEGIN PRIVATE KEY-----\n" + Base64.encodeToString(this.mPrivateKey.getEncoded(), 2) + StringUtils.LF + PKCS1_PRIVATE_KEY_FOOTER).getBytes());
            fileOutputStream2.close();
        } catch (IOException e2) {
            e2.printStackTrace();
        }
    }

    private void storePublicKey() {
        try {
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(this.mPublicKey.getEncoded());
            FileOutputStream fileOutputStream = new FileOutputStream(getPublicKeyPath());
            fileOutputStream.write(x509EncodedKeySpec.getEncoded());
            fileOutputStream.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    public void checkCertificates(final String str, final String str2, final HashSet<String> hashSet) {
        BaseStation baseStation = (BaseStation) DeviceUtils.getInstance().getDeviceByUniqueId(str, BaseStation.class);
        if (baseStation != null && !baseStation.isLoadingCertificates()) {
            byte[] deviceCertificateBytes = certificateStorage.getDeviceCertificateBytes(str);
            if (deviceCertificateBytes != null) {
                MD5Utils.calculateMD5(deviceCertificateBytes, new MD5Utils.OnCalculatedListener() { // from class: com.arlo.app.security.-$$Lambda$SecurityUtils$NvCwL3TvAKGsWirYFoTPWooxo4c
                    @Override // com.arlo.app.utils.MD5Utils.OnCalculatedListener
                    public final void onCalculated(String str3) {
                        SecurityUtils.this.lambda$checkCertificates$1$SecurityUtils(str2, str, hashSet, str3);
                    }
                });
                return;
            } else {
                recreateCertificates(str);
                return;
            }
        }
        if (baseStation != null) {
            ArloLog.d(TAG, "Tried to check certificates, but create request is already running for: " + str, true);
        }
    }

    public CertificatesStorage getCertificateStorage() {
        return certificateStorage;
    }

    public String getPKCS1PrivateKeyPath() {
        return AppSingleton.getInstance().getApplicationContext().getFilesDir().toString() + File.separator + SECURITY_FOLDER_NAME + File.separator + VuezoneModel.getUserIDFromMemoryOrPreferences() + File.separator + PKCS1_PRIVATE_KEY_FILE_NAME;
    }

    public PrivateKey getPrivateKey() {
        if (this.mPrivateKey == null) {
            generateKeyPair();
        }
        return this.mPrivateKey;
    }

    public String getPrivateKeyPEM() {
        return "-----BEGIN PRIVATE KEY-----\n" + new String(new X509EncodedKeySpec(Base64.encode(getPrivateKey().getEncoded(), 0)).getEncoded()) + PKCS1_PRIVATE_KEY_FOOTER;
    }

    public String getPrivateKeyPath() {
        return AppSingleton.getInstance().getApplicationContext().getFilesDir().toString() + File.separator + SECURITY_FOLDER_NAME + File.separator + VuezoneModel.getUserIDFromMemoryOrPreferences() + File.separator + PRIVATE_KEY_FILE_NAME;
    }

    public PublicKey getPublicKey() {
        if (this.mPublicKey == null) {
            generateKeyPair();
        }
        return this.mPublicKey;
    }

    public String getPublicKeyPEM() {
        return new String(new X509EncodedKeySpec(Base64.encode(getPublicKey().getEncoded(), 2)).getEncoded());
    }

    public String getPublicKeyPath() {
        return AppSingleton.getInstance().getApplicationContext().getFilesDir().toString() + File.separator + SECURITY_FOLDER_NAME + File.separator + VuezoneModel.getUserIDFromMemoryOrPreferences() + File.separator + PUBLIC_KEY_FILE_NAME;
    }

    public boolean isPKCS1PrivateKeyReady() {
        return new File(getPKCS1PrivateKeyPath()).exists();
    }

    public /* synthetic */ void lambda$checkCertificates$1$SecurityUtils(String str, final String str2, final HashSet hashSet, String str3) {
        if (str.equalsIgnoreCase(str3)) {
            byte[] peerCertificateBytes = certificateStorage.getPeerCertificateBytes(str2);
            if (peerCertificateBytes != null) {
                MD5Utils.calculateMD5(peerCertificateBytes, new MD5Utils.OnCalculatedListener() { // from class: com.arlo.app.security.-$$Lambda$SecurityUtils$sGed2za1yPJLWofCf3A15DzrgCA
                    @Override // com.arlo.app.utils.MD5Utils.OnCalculatedListener
                    public final void onCalculated(String str4) {
                        SecurityUtils.this.lambda$null$0$SecurityUtils(hashSet, str2, str4);
                    }
                });
                return;
            } else {
                recreateCertificates(str2);
                return;
            }
        }
        String str4 = TAG;
        ArloLog.d(str4, "MD5 sum invalid for: " + str2 + " device certificate", true);
        ArloLog.d(str4, "Expected: " + str + "; Calculated: " + str3, true);
        recreateCertificates(str2);
    }

    public /* synthetic */ void lambda$null$0$SecurityUtils(HashSet hashSet, String str, String str2) {
        if (hashSet.contains(str2)) {
            ArloLog.d(TAG, "Certificates good for: " + str, true);
            return;
        }
        String str3 = TAG;
        ArloLog.d(str3, "MD5 sum invalid for: " + str + " peer certificate", true);
        ArloLog.d(str3, "Expected: [" + TextUtils.join(", ", hashSet) + "]; Calculated: " + str2, true);
        recreateCertificates(str);
    }

    public void parseCertificates(JSONObject jSONObject) {
        if (BuildConfigUtilsKt.isDevBuild()) {
            ArloLog.d(TAG, "Parsing: " + jSONObject.toString(), true);
        }
        new CertificatesParser().parseAsync(jSONObject, new AnonymousClass1());
    }

    public boolean privateKeyExists() {
        return new File(getPrivateKeyPath()).exists();
    }

    public void recreateCertificates(String str) {
        certificateStorage.removeCertificates(str);
        HttpApi.getInstance().getDeviceCertificates(Collections.singleton(str), null);
    }

    public void reset() {
        this.mPrivateKey = null;
        this.mPublicKey = null;
        this.isInitialized = false;
    }
}
