package com.echoworx.edt.internal.common.communication;

import com.echoworx.edt.common.ESSServerCommunicationException;
import com.echoworx.edt.common.ErrorCodes;
import com.echoworx.edt.common.pki.EDTX509Certificate;
import com.echoworx.edt.common.registry.CryptographyFacade;
import com.echoworx.edt.common.registry.HandlerRegistry;
import com.echoworx.edt.common.registry.HandlerType;
import com.echoworx.edt.common.registry.LoggingFacade;
import com.echoworx.edt.credential.domain.Password;
import com.echoworx.edt.internal.common.ParseServerResponseException;
import com.echoworx.edt.internal.credential.KeyServicesUtils;
import com.echoworx.edt.internal.credential.SecureChannelCreationException;
import com.echoworx.edt.internal.util.ByteUtils;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;

/* loaded from: classes.dex */
public class ESSSecureChannel implements ConnectionConstants {
    private static LoggingFacade logger = ((LoggingFacade) HandlerRegistry.getHandler(HandlerType.LOG_FACADE)).getLogger(ESSSecureChannel.class);
    private EDTX509Certificate X509cert;
    private String cypherKey;
    protected CryptographyFacade fCryptoHelper;
    private String fCurrentSession;
    private String keySerivcesURL;

    public ESSSecureChannel(String str, EDTX509Certificate eDTX509Certificate, String str2, Password password) {
        this.fCryptoHelper = null;
        this.keySerivcesURL = str;
        this.X509cert = eDTX509Certificate;
        this.fCryptoHelper = (CryptographyFacade) HandlerRegistry.getHandler(HandlerType.CRYPTOGRAPHY_FACADE);
        this.cypherKey = getKSSession(str2, password).getSessionKey();
    }

    private String negotiateKeys(String str, String str2) {
        String KS_KSSNEGOTIATE = XMLSchema.KS_KSSNEGOTIATE(str);
        try {
            Document document = XMLConnection.postXML(this.keySerivcesURL, KS_KSSNEGOTIATE, str2).getDocument();
            if (document == null) {
                throw getSecureChannelException("Response from key negotiation was empty.", KS_KSSNEGOTIATE, null);
            }
            if (!XMLConnection.checkXMLResponse(document, ESSXMLConstants.OPERATION_CHANNEL_NEGOTIATE, ESSXMLConstants.RESPONSE_VALUE_OK)) {
                throw getSecureChannelException("Response from key negotiation was empty.", KS_KSSNEGOTIATE, null);
            }
            NodeList elementsByTagName = document.getElementsByTagName(ESSXMLConstants.RESPONSE_XML_FIELD_KSSBLOB);
            if (elementsByTagName == null || elementsByTagName.item(0) == null || elementsByTagName.item(0).getFirstChild() == null) {
                throw getSecureChannelException("Channel was not created.  Check that the user has been provisioned and is in the proper state for this action.", KS_KSSNEGOTIATE, null);
            }
            return elementsByTagName.item(0).getFirstChild().getNodeValue();
        } catch (Exception e) {
            throw getSecureChannelException("Could not negotiate keys with server.", KS_KSSNEGOTIATE, e);
        }
    }

    protected KSSessionData getKSSession(String str, Password password) {
        logger.debug("====> KS_INITIATE <=========");
        KSSessionData initiateSession = initiateSession();
        initiateSession.setPEMCertificate(this.X509cert);
        KeyServicesUtils.generateClientBlob(str, password, initiateSession);
        byte[] buildClientKey = KeyServicesUtils.buildClientKey(initiateSession.getNegotiationDataInPKCS7Format(), initiateSession.getRandomData());
        String byteArrayToHexString = ByteUtils.byteArrayToHexString(KeyServicesUtils.buildSessionKey(initiateSession.getDHKeys().getPrivateKey(), initiateSession.getServerRandomKey(), initiateSession.getRandomData()));
        logger.debug("====> KS_NEGOTIATE <=========");
        String negotiateKeys = negotiateKeys(new String(initiateSession.getClientBlob()), this.fCurrentSession);
        if (negotiateKeys == null || negotiateKeys.length() < 1) {
            logger.warn("KSS Session Negotiate Failed");
            throw getSecureChannelException("Did not receive required information as part of response from server during key negotiation.", null, null);
        }
        if (ByteUtils.isEqual(buildClientKey, this.fCryptoHelper.decodeHex(negotiateKeys.getBytes()))) {
            initiateSession.setSessionKey(byteArrayToHexString);
            return initiateSession;
        }
        logger.warn("KSS Session Negotiate Failed - Got different keys");
        throw getSecureChannelException("Received different keys during negotiation of KSS session.", null, null);
    }

    public ESSServerCommunicationException getSecureChannelException(String str, String str2, Throwable th) {
        String errorStringWithExtendedInfo = ErrorCodes.getErrorStringWithExtendedInfo(1003, str);
        SecureChannelCreationException secureChannelCreationException = th == null ? new SecureChannelCreationException(errorStringWithExtendedInfo) : new SecureChannelCreationException(errorStringWithExtendedInfo, th);
        secureChannelCreationException.setErrorCode(1003);
        secureChannelCreationException.setURL(this.keySerivcesURL);
        secureChannelCreationException.setXMLMessage(str2);
        return secureChannelCreationException;
    }

    public String getURL() {
        return this.keySerivcesURL;
    }

    protected KSSessionData initiateSession() {
        String KS_KSSINITIATE = XMLSchema.KS_KSSINITIATE();
        try {
            PostXMLResponse postXML = XMLConnection.postXML(this.keySerivcesURL, KS_KSSINITIATE, null);
            Document document = postXML.getDocument();
            this.fCurrentSession = postXML.getSession();
            if (document == null) {
                throw getSecureChannelException("Response from channel setup was empty.", KS_KSSINITIATE, null);
            }
            if (!XMLConnection.checkXMLResponse(document, ESSXMLConstants.OPERATION_CHANNEL_SETUP, ESSXMLConstants.RESPONSE_VALUE_OK)) {
                logger.warn("KSSINITIATE failed");
                throw getSecureChannelException("Server did not return a valid response when attempting to setup channel.", KS_KSSINITIATE, null);
            }
            try {
                String nodeValue = document.getElementsByTagName(ESSXMLConstants.RESPONSE_XML_FIELD_KSSBLOB).item(0).getFirstChild().getNodeValue();
                return new KSSessionData(nodeValue.substring(0, nodeValue.indexOf(95)), new String(this.fCryptoHelper.decodeHex(nodeValue.substring(nodeValue.indexOf(95) + 1, nodeValue.length()).getBytes())));
            } catch (Exception e) {
                throw getSecureChannelException("Server did not return all necessary information to setup a channel.", KS_KSSINITIATE, null);
            }
        } catch (Exception e2) {
            throw getSecureChannelException("Could not setup channel with server.", KS_KSSINITIATE, e2);
        }
    }

    public Document processRequest(String str) throws ParseServerResponseException {
        String processEnvelopedRequest = new KeyServiceEnvelope(str, this.cypherKey, this.keySerivcesURL).processEnvelopedRequest(this.fCurrentSession);
        try {
            return XMLConnection.parseXML(processEnvelopedRequest);
        } catch (Exception e) {
            ParseServerResponseException parseServerResponseException = new ParseServerResponseException(ErrorCodes.getErrorStringWithExtendedInfo(1003, "Could not parse de-enveloped response."), e);
            parseServerResponseException.setErrorCode(1003);
            parseServerResponseException.setURL(this.keySerivcesURL);
            parseServerResponseException.setXMLMessage(str);
            parseServerResponseException.setResponse(processEnvelopedRequest);
            throw parseServerResponseException;
        }
    }
}
