package com.jrummyapps.android.safetynet;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.os.Bundle;
import android.os.Handler;
import android.os.Looper;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import com.google.android.gms.common.ConnectionResult;
import com.google.android.gms.common.api.GoogleApiClient;
import com.google.android.gms.safetynet.SafetyNet;
import com.google.android.gms.safetynet.SafetyNetApi;
import com.heyzap.http.AsyncHttpResponseHandler;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.URL;
import java.security.DigestInputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class SafetyNetHelper implements Runnable, GoogleApiClient.OnConnectionFailedListener, GoogleApiClient.ConnectionCallbacks {
    private static final String GOOGLE_VERIFICATION_URL = "https://www.googleapis.com/androidcheck/v1/attestations/verify?key=";
    private static final int MAX_TIMESTAMP_DURATION = 180000;
    public static final int RESPONSE_FAILED_ATTESTATION = 2;
    public static final int RESPONSE_FAILED_CONNECTION = 1;
    public static final int RESPONSE_FAILED_PARSING_JWS = 3;
    private static final String SHA_256 = "SHA-256";
    private static final String TAG = "SafetyNetHelper";
    public static final int UNKNOWN_ERROR = 4;
    private static SecureRandom secureRandom;
    private final String apiKey;
    private boolean cancel;
    private final Context context;
    private GoogleApiClient googleApiClient;
    private final Handler handler;
    private final Set<SafetyNetListener> listeners;
    private final byte[] nonce;
    private long requestTimestamp;
    private boolean running;

    /* loaded from: classes.dex */
    public static class Builder {
        String apiKey;
        final Context context;
        Handler handler;
        final Set<SafetyNetListener> listeners = new HashSet();
        byte[] nonce;

        Builder(@NonNull Context context) {
            this.context = context.getApplicationContext();
        }

        public Builder addSafetyNetListener(@NonNull SafetyNetListener safetyNetListener) {
            this.listeners.add(safetyNetListener);
            return this;
        }

        public SafetyNetHelper run() {
            if (this.nonce == null) {
                this.nonce = SafetyNetHelper.generateOneTimeNonce();
            }
            if (this.handler == null) {
                this.handler = new Handler(Looper.getMainLooper());
            }
            SafetyNetHelper safetyNetHelper = new SafetyNetHelper(this);
            safetyNetHelper.run();
            return safetyNetHelper;
        }

        public Builder setApiKey(@NonNull String str) {
            this.apiKey = str;
            return this;
        }

        public Builder setHandler(@NonNull Handler handler) {
            this.handler = handler;
            return this;
        }

        public Builder setNonce(@NonNull byte[] bArr) {
            this.nonce = bArr;
            return this;
        }
    }

    /* loaded from: classes.dex */
    public static class GoogleApisTrustManager implements X509TrustManager {
        private static final String[] GOOGLEAPIS_COM_PINS = {"sha1/f2QjSla9GtnwpqhqreDLIkQNFu8=", "sha1/Q9rWMO5T+KmAym79hfRqo3mQ4Oo=", "sha1/wHqYaI2J+6sFZAwRfap9ZbjKzE4="};

        private boolean validateCertificatePin(X509Certificate x509Certificate) throws CertificateException {
            try {
                String str = "sha1/" + Base64.encodeToString(MessageDigest.getInstance("SHA1").digest(x509Certificate.getPublicKey().getEncoded()), 0);
                for (String str2 : GOOGLEAPIS_COM_PINS) {
                    if (str2.equalsIgnoreCase(str)) {
                        return true;
                    }
                }
                return false;
            } catch (NoSuchAlgorithmException e) {
                throw new CertificateException(e);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        @SuppressLint({"TrustAllX509TrustManager"})
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (!validateCertificatePin(x509Certificate)) {
                    throw new CertificateException("could not find a valid SSL public key pin for www.googleapis.com");
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* loaded from: classes.dex */
    public static class SafetyNetError extends Exception {
        public SafetyNetError(Throwable th) {
            super(th);
        }
    }

    /* loaded from: classes.dex */
    public @interface SafetyNetErrorCode {
    }

    /* loaded from: classes.dex */
    public interface SafetyNetListener {
        void onError(@SafetyNetErrorCode int i, String str);

        void onFinished(SafetyNetResponse safetyNetResponse, SafetyNetVerification safetyNetVerification);
    }

    /* loaded from: classes.dex */
    public static class SafetyNetResponse {
        public final String[] apkCertificateDigestSha256;
        public final String apkDigestSha256;
        public final String apkPackageName;
        public final boolean ctsProfileMatch;
        public final HashMap<String, Object> header;
        public final String jws;
        public final String nonce;
        public final String signature;
        public final long timestampMs;

        SafetyNetResponse(String str, HashMap<String, Object> hashMap, String str2, long j, String str3, String[] strArr, String str4, boolean z, String str5) {
            this.jws = str;
            this.header = hashMap;
            this.nonce = str2;
            this.timestampMs = j;
            this.apkPackageName = str3;
            this.apkCertificateDigestSha256 = strArr;
            this.apkDigestSha256 = str4;
            this.ctsProfileMatch = z;
            this.signature = str5;
        }
    }

    /* loaded from: classes.dex */
    public static class SafetyNetVerification {
        public final boolean isValidApkDigest;
        public final boolean isValidApkSignature;
        public final boolean isValidNonce;
        public final boolean isValidResponseTime;

        @Nullable
        public final Boolean isValidSignature;

        SafetyNetVerification(@Nullable Boolean bool, boolean z, boolean z2, boolean z3, boolean z4) {
            this.isValidSignature = bool;
            this.isValidNonce = z;
            this.isValidResponseTime = z2;
            this.isValidApkSignature = z3;
            this.isValidApkDigest = z4;
        }

        public boolean isValid() {
            return (this.isValidSignature == null || this.isValidSignature.booleanValue()) && this.isValidNonce && this.isValidResponseTime && this.isValidApkSignature && this.isValidApkDigest;
        }
    }

    private SafetyNetHelper(Builder builder) {
        this.context = builder.context;
        this.handler = builder.handler;
        this.listeners = builder.listeners;
        this.nonce = builder.nonce;
        this.apiKey = builder.apiKey;
    }

    public static byte[] generateOneTimeNonce() {
        if (secureRandom == null) {
            secureRandom = new SecureRandom();
        }
        byte[] bArr = new byte[32];
        secureRandom.nextBytes(bArr);
        return bArr;
    }

    @SuppressLint({"PackageManagerGetSignatures"})
    private List<String> getApkCertificateDigests() {
        ArrayList arrayList = new ArrayList();
        try {
            for (Signature signature : this.context.getPackageManager().getPackageInfo(this.context.getPackageName(), 64).signatures) {
                try {
                    MessageDigest messageDigest = MessageDigest.getInstance(SHA_256);
                    messageDigest.update(signature.toByteArray());
                    arrayList.add(Base64.encodeToString(messageDigest.digest(), 2));
                } catch (NoSuchAlgorithmException e) {
                }
            }
        } catch (PackageManager.NameNotFoundException e2) {
        }
        return arrayList;
    }

    @Nullable
    private String getApkDigestSha256() {
        try {
            FileInputStream fileInputStream = new FileInputStream(this.context.getPackageCodePath());
            MessageDigest messageDigest = MessageDigest.getInstance(SHA_256);
            try {
                DigestInputStream digestInputStream = new DigestInputStream(fileInputStream, messageDigest);
                do {
                } while (digestInputStream.read(new byte[2048]) != -1);
                digestInputStream.close();
                fileInputStream.close();
                return Base64.encodeToString(messageDigest.digest(), 2);
            } catch (Throwable th) {
                fileInputStream.close();
                throw th;
            }
        } catch (IOException | NoSuchAlgorithmException e) {
            return null;
        }
    }

    public static SafetyNetResponse getSafetyNetResponseFromJws(@NonNull String str) throws SafetyNetError {
        try {
            String[] split = str.split("\\.");
            HashMap hashMap = new HashMap();
            try {
                JSONObject jSONObject = new JSONObject(new String(Base64.decode(split[0], 0)));
                Iterator<String> keys = jSONObject.keys();
                while (keys.hasNext()) {
                    String next = keys.next();
                    hashMap.put(next, jSONObject.get(next));
                }
            } catch (Exception e) {
            }
            JSONObject jSONObject2 = new JSONObject(new String(Base64.decode(split[1], 0)));
            String optString = jSONObject2.optString("nonce");
            long optLong = jSONObject2.optLong("timestampMs");
            String optString2 = jSONObject2.optString("apkPackageName");
            JSONArray optJSONArray = jSONObject2.optJSONArray("apkCertificateDigestSha256");
            String[] strArr = null;
            if (optJSONArray != null) {
                int length = optJSONArray.length();
                strArr = new String[length];
                for (int i = 0; i < length; i++) {
                    strArr[i] = optJSONArray.getString(i);
                }
            }
            String optString3 = jSONObject2.optString("apkDigestSha256");
            jSONObject2.optBoolean("ctsProfileMatch");
            return new SafetyNetResponse(str, hashMap, optString, optLong, optString2, strArr, optString3, jSONObject2.optBoolean("basicIntegrity"), split[2]);
        } catch (Exception e2) {
            throw new SafetyNetError(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onError(@SafetyNetErrorCode final int i, final String str) {
        this.running = false;
        if (this.cancel) {
            return;
        }
        this.handler.post(new Runnable() { // from class: com.jrummyapps.android.safetynet.SafetyNetHelper.2
            @Override // java.lang.Runnable
            public void run() {
                try {
                    Iterator it = SafetyNetHelper.this.listeners.iterator();
                    while (it.hasNext()) {
                        ((SafetyNetListener) it.next()).onError(i, str);
                    }
                } catch (IllegalStateException e) {
                    Log.e(SafetyNetHelper.TAG, "Error calling listener", e);
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onFinished(final SafetyNetResponse safetyNetResponse, final SafetyNetVerification safetyNetVerification) {
        this.running = false;
        if (this.cancel) {
            return;
        }
        this.handler.post(new Runnable() { // from class: com.jrummyapps.android.safetynet.SafetyNetHelper.3
            @Override // java.lang.Runnable
            public void run() {
                try {
                    Iterator it = SafetyNetHelper.this.listeners.iterator();
                    while (it.hasNext()) {
                        ((SafetyNetListener) it.next()).onFinished(safetyNetResponse, safetyNetVerification);
                    }
                } catch (IllegalStateException e) {
                    Log.e(SafetyNetHelper.TAG, "Error calling listener", e);
                }
            }
        });
    }

    public static boolean validate(@NonNull String str, @NonNull String str2) throws SafetyNetError {
        try {
            URL url = new URL(GOOGLE_VERIFICATION_URL + str2);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            TrustManager[] trustManagerArr = (TrustManager[]) Arrays.copyOf(trustManagers, trustManagers.length + 1);
            trustManagerArr[trustManagers.length] = new GoogleApisTrustManager();
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerArr, null);
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
            httpsURLConnection.setRequestMethod("POST");
            httpsURLConnection.setRequestProperty("Content-Type", "application/json");
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("signedAttestation", str);
            byte[] bytes = jSONObject.toString().getBytes(AsyncHttpResponseHandler.DEFAULT_CHARSET);
            OutputStream outputStream = httpsURLConnection.getOutputStream();
            outputStream.write(bytes);
            outputStream.close();
            httpsURLConnection.connect();
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpsURLConnection.getInputStream()));
            StringBuilder sb = new StringBuilder();
            String readLine = bufferedReader.readLine();
            String str3 = "";
            while (readLine != null) {
                sb.append(str3).append(readLine);
                readLine = bufferedReader.readLine();
                str3 = "\n";
            }
            return new JSONObject(sb.toString()).getBoolean("isValidSignature");
        } catch (Exception e) {
            throw new SafetyNetError(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SafetyNetVerification verify(SafetyNetResponse safetyNetResponse) {
        Boolean bool = null;
        if (!TextUtils.isEmpty(this.apiKey)) {
            try {
                bool = Boolean.valueOf(validate(safetyNetResponse.jws, this.apiKey));
            } catch (SafetyNetError e) {
                Log.d(TAG, "An error occurred while using the Android Device Verification API", e);
            }
        }
        boolean equals = TextUtils.equals(Base64.encodeToString(this.nonce, 0).trim(), safetyNetResponse.nonce);
        boolean z = safetyNetResponse.timestampMs - this.requestTimestamp < 180000;
        boolean z2 = true;
        if (safetyNetResponse.apkCertificateDigestSha256 != null && safetyNetResponse.apkCertificateDigestSha256.length > 0) {
            z2 = Arrays.equals(getApkCertificateDigests().toArray(), safetyNetResponse.apkCertificateDigestSha256);
        }
        return new SafetyNetVerification(bool, equals, z, z2, TextUtils.isEmpty(safetyNetResponse.apkDigestSha256) ? true : TextUtils.equals(getApkDigestSha256(), safetyNetResponse.apkDigestSha256));
    }

    public static Builder with(Context context) {
        return new Builder(context);
    }

    public void cancel() {
        this.cancel = true;
    }

    public boolean isRunning() {
        return this.running;
    }

    @Override // com.google.android.gms.common.api.GoogleApiClient.ConnectionCallbacks
    public void onConnected(@Nullable Bundle bundle) {
        Runnable runnable = new Runnable() { // from class: com.jrummyapps.android.safetynet.SafetyNetHelper.1
            @Override // java.lang.Runnable
            public void run() {
                try {
                    SafetyNetHelper.this.requestTimestamp = System.currentTimeMillis();
                    SafetyNetApi.AttestationResult await = SafetyNet.SafetyNetApi.attest(SafetyNetHelper.this.googleApiClient, SafetyNetHelper.this.nonce).await();
                    if (!SafetyNetHelper.this.cancel) {
                        if (await.getStatus().isSuccess()) {
                            try {
                                SafetyNetResponse safetyNetResponseFromJws = SafetyNetHelper.getSafetyNetResponseFromJws(await.getJwsResult());
                                SafetyNetHelper.this.onFinished(safetyNetResponseFromJws, SafetyNetHelper.this.verify(safetyNetResponseFromJws));
                            } catch (SafetyNetError e) {
                                SafetyNetHelper.this.onError(3, e.getLocalizedMessage());
                            }
                        } else {
                            SafetyNetHelper.this.onError(2, "An error occurred while communicating with SafetyNet.");
                        }
                    }
                } catch (Exception e2) {
                    SafetyNetHelper.this.onError(4, e2.getLocalizedMessage());
                }
            }
        };
        if (Looper.getMainLooper() == Looper.myLooper()) {
            new Thread(runnable).start();
        } else {
            runnable.run();
        }
    }

    @Override // com.google.android.gms.common.api.GoogleApiClient.OnConnectionFailedListener
    public void onConnectionFailed(@NonNull ConnectionResult connectionResult) {
        onError(1, "An error occurred while connecting with Google Play Services.");
    }

    @Override // com.google.android.gms.common.api.GoogleApiClient.ConnectionCallbacks
    public void onConnectionSuspended(int i) {
        onError(1, "An error occurred while connecting with Google Play Services.");
    }

    @Override // java.lang.Runnable
    public void run() {
        this.running = true;
        this.googleApiClient = new GoogleApiClient.Builder(this.context).addOnConnectionFailedListener(this).addConnectionCallbacks(this).addApi(SafetyNet.API).build();
        this.googleApiClient.connect();
    }
}
