package com.clover.core.di.module;

import android.content.ContentProviderClient;
import android.content.Context;
import android.os.Build;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import com.clover.common2.CommonActivity;
import com.clover.config.C;
import com.clover.config.CloverConfig;
import com.clover.core.model.CloverHostnameVerifier;
import com.clover.core.model.CloverInfo;
import com.clover.keystore.CloverKeyStoreContract;
import com.clover.keystore.CloverKeyStoreProvider;
import com.clover.sdk.SimpleSyncClient;
import com.clover.settings.CloverSettings;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Iterator;
import javax.net.ssl.HostnameVerifier;

/* loaded from: classes.dex */
public class SecurityModule {
    private boolean isKeyStoreValid(KeyStore keyStore, String str) throws Exception {
        if (keyStore.getKey(str, null) == null) {
            Log.w(CommonActivity.CLOVER_CONNECTOR, "USRPKEY missing");
            return false;
        }
        Certificate[] certificateChain = keyStore.getCertificateChain(str);
        if (certificateChain == null || certificateChain.length <= 2) {
            Log.w(CommonActivity.CLOVER_CONNECTOR, "CACERT missing");
            return false;
        }
        if (!certificateChain[0].equals(certificateChain[1])) {
            return true;
        }
        Log.w(CommonActivity.CLOVER_CONNECTOR, "USRCERT missing");
        return false;
    }

    private KeyStore loadAndroidKeyStore(Context context) {
        if ("Clover".equals(Build.MANUFACTURER)) {
            try {
                String string = CloverSettings.Merchant.getString(context.getContentResolver(), "device_cn");
                if (TextUtils.isEmpty(string)) {
                    Log.w(CommonActivity.CLOVER_CONNECTOR, "Failed to get device_cn from CloverSettings, expected on Goldleaf");
                    return null;
                }
                String replace = string.replace("-", "");
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                if (!validateAndroidKeyStore(context, keyStore, replace, true)) {
                    Log.w(CommonActivity.CLOVER_CONNECTOR, "AndroidKeyStore is missing certs or key");
                    return null;
                }
                validateKeyStore(keyStore);
                Log.d(CommonActivity.CLOVER_CONNECTOR, "DeviceClient is using AndroidKeyStore");
                return keyStore;
            } catch (Exception e) {
                Log.w(CommonActivity.CLOVER_CONNECTOR, e);
            }
        }
        return null;
    }

    private KeyStore loadCloverKeyStore(Context context) {
        ContentProviderClient acquireContentProviderClient = context.getContentResolver().acquireContentProviderClient(CloverKeyStoreContract.CONTENT_URI);
        try {
            if (acquireContentProviderClient != null) {
                try {
                    try {
                        CloverKeyStoreProvider.install(context, CertificateFactory.getInstance("X.509"));
                        KeyStore keyStore = KeyStore.getInstance(CloverKeyStoreProvider.PROVIDER_NAME);
                        keyStore.load(null, null);
                        validateKeyStore(keyStore);
                        if (keyStore.containsAlias("device_auth")) {
                            Log.d(CommonActivity.CLOVER_CONNECTOR, "DeviceClient is using CloverKeyStore");
                            return keyStore;
                        }
                        Log.w(CommonActivity.CLOVER_CONNECTOR, "CloverKeyStore missing alias!!!");
                        return null;
                    } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                        Log.e(CommonActivity.CLOVER_CONNECTOR, "Failed to load CloverKeyStore!!!", e);
                        return null;
                    }
                } catch (Exception e2) {
                    Log.e(CommonActivity.CLOVER_CONNECTOR, "Unable to install CloverKeyStoreProvider!!!", e2);
                    return null;
                }
            }
            return null;
        } finally {
            acquireContentProviderClient.release();
        }
    }

    private KeyStore loadCloverSettingsKeyStore(Context context, String str) {
        try {
            String string = CloverSettings.Merchant.getString(context.getContentResolver(), "device_pkcs12_data");
            if (TextUtils.isEmpty(string) || TextUtils.isEmpty(str)) {
                return null;
            }
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(new ByteArrayInputStream(Base64.decode(string, 0)), new KeyStore.PasswordProtection(str.toCharArray()).getPassword());
            validateKeyStore(keyStore);
            Log.d(CommonActivity.CLOVER_CONNECTOR, "DeviceClient is using CloverSettings KeyStore");
            return keyStore;
        } catch (Exception e) {
            Log.w(CommonActivity.CLOVER_CONNECTOR, e);
            return null;
        }
    }

    private KeyStore loadEngineKeyStore(Context context) {
        Bundle call;
        try {
            ContentProviderClient acquireContentProviderClient = context.getContentResolver().acquireContentProviderClient(CloverSettings.ENGINE_CONTENT_URI);
            if (acquireContentProviderClient != null && (call = acquireContentProviderClient.call(SimpleSyncClient.METHOD_GET, "keyStore", null)) != null) {
                byte[] byteArray = call.getByteArray("data");
                char[] charArray = call.getCharArray("password");
                if (byteArray != null && charArray != null) {
                    KeyStore keyStore = KeyStore.getInstance("PKCS12");
                    keyStore.load(new ByteArrayInputStream(byteArray), new KeyStore.PasswordProtection(charArray).getPassword());
                    validateKeyStore(keyStore);
                    Log.d(CommonActivity.CLOVER_CONNECTOR, "DeviceClient is using engine KeyStore");
                    return keyStore;
                }
            }
        } catch (IllegalArgumentException unused) {
            Log.d(CommonActivity.CLOVER_CONNECTOR, CloverSettings.ENGINE_CONTENT_URI + " not available");
        } catch (Exception e) {
            Log.w(CommonActivity.CLOVER_CONNECTOR, e);
        }
        return null;
    }

    private KeyStore loadServerTrustStore(Context context) {
        CloverConfig instance = CloverConfig.instance(context);
        if (!instance.has(C.cert.ca_server)) {
            return null;
        }
        try {
            X509Certificate x509Certificate = instance.get(C.cert.ca_server);
            KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
            keyStore.load(null, null);
            keyStore.setEntry("cloverca", new KeyStore.TrustedCertificateEntry(x509Certificate), null);
            if (instance.has(C.cert.ca_server_sha256)) {
                keyStore.setEntry("cloverca2", new KeyStore.TrustedCertificateEntry(instance.get(C.cert.ca_server_sha256)), null);
            }
            return keyStore;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private KeyStore resolveKeyStore(String str, Context context) {
        KeyStore loadCloverKeyStore = loadCloverKeyStore(context);
        if (loadCloverKeyStore == null) {
            loadCloverKeyStore = loadAndroidKeyStore(context);
        }
        if (loadCloverKeyStore == null) {
            loadCloverKeyStore = loadCloverSettingsKeyStore(context, str);
        }
        if (loadCloverKeyStore == null) {
            loadCloverKeyStore = loadEngineKeyStore(context);
        }
        if (loadCloverKeyStore == null) {
            try {
                Log.e(CommonActivity.CLOVER_CONNECTOR, "DeviceClient is using empty KeyStore!!!");
                return KeyStore.getInstance("PKCS12");
            } catch (Exception e) {
                Log.e(CommonActivity.CLOVER_CONNECTOR, "DevceClient is using null KeyStore!!!", e);
            }
        }
        return loadCloverKeyStore;
    }

    private boolean validateAndroidKeyStore(Context context, KeyStore keyStore, String str, boolean z) throws KeyStoreException {
        boolean z2;
        try {
            if (!keyStore.containsAlias(str)) {
                CloverSettings.Merchant.keyStoreUnlock(context.getContentResolver());
            }
        } catch (Exception e) {
            Log.w(CommonActivity.CLOVER_CONNECTOR, e.toString());
            z2 = false;
        }
        if (!keyStore.containsAlias(str)) {
            Log.w(CommonActivity.CLOVER_CONNECTOR, "AndroidKeyStore unlock/duplicate failed, cannot repair!");
            return false;
        }
        z2 = isKeyStoreValid(keyStore, str);
        if (!z2 && z) {
            keyStore.deleteEntry(str);
            z2 = validateAndroidKeyStore(context, keyStore, str, false);
            if (z2) {
                Log.i(CommonActivity.CLOVER_CONNECTOR, "AndroidKeyStore repair succeeded");
            } else {
                Log.w(CommonActivity.CLOVER_CONNECTOR, "AndroidKeyStore repair failed");
            }
        }
        return z2;
    }

    private void validateKeyStore(KeyStore keyStore) throws GeneralSecurityException {
        try {
            Iterator it = Collections.list(keyStore.aliases()).iterator();
            KeyPair keyPair = null;
            if (it.hasNext()) {
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry((String) it.next(), null);
                keyPair = new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
            }
            if (keyPair == null) {
                throw new Exception("Missing key pair in keystore");
            }
            if (keyPair.getPrivate() == null) {
                throw new Exception("Missing private key in keystore");
            }
            if (keyPair.getPrivate() == null) {
                throw new Exception("Missing public key in keystore");
            }
            byte[] bytes = "CloverClover".getBytes();
            Signature signature = Signature.getInstance("NONEwithRSA");
            signature.initSign(keyPair.getPrivate());
            signature.update(bytes);
            byte[] sign = signature.sign();
            Signature signature2 = Signature.getInstance("NONEwithRSA");
            signature2.initVerify(keyPair.getPublic());
            signature2.update(bytes);
            if (!signature2.verify(sign)) {
                throw new Exception("Keystore validation failed");
            }
        } catch (Exception e) {
            throw new GeneralSecurityException("KeyStore test failed", e);
        }
    }

    public HostnameVerifier hostnameVerifier() {
        return new CloverHostnameVerifier();
    }

    public KeyStore provideKeyStore(CloverInfo cloverInfo, Context context) {
        return resolveKeyStore(cloverInfo.getDeviceId(), context);
    }

    public KeyStore provideTrustStore(Context context) {
        return loadServerTrustStore(context);
    }
}
