package com.trustonic.components.thpagent.agent;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Build;
import android.util.Base64;
import com.google.common.net.HttpHeaders;
import com.google.firebase.perf.network.FirebasePerfUrlConnection;
import com.trustonic.components.thpagent.api.remotelogger.RemoteLogger;
import com.trustonic.components.thpagent.exception.NotPermittedException;
import com.trustonic.components.thpagent.exception.SDKException;
import com.trustonic.components.thpagent.exception.authtoken.AuthtokenNotFoundException;
import com.trustonic.utils.ASN1Utils;
import com.trustonic.utils.HexUtils;
import com.trustonic.utils.IOUtils;
import d.a.a.a.a;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.nio.charset.Charset;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.conn.ConnectTimeoutException;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public class OnlineHelper implements RemoteLogger {
    public static final String ACTIVATE_ENDPOINT = "otav2/log/{suid}";
    public static final String DECRYPTION_KEY_ENDPOINT = "otav2/decryptionkey/{suid}/{l2uuid}";
    public static final String DECRYPTION_KEY_ENDPOINT_NAME = "decryptionkey";
    public static final String ENCODING = "UTF-8";
    public static final String LOG_TAG = LifecycleOperationTask.LOG_TAG;
    public static final String OTAV2_PREFIX = "otav2";
    public static final String PERSONALIZE_ENDPOINT = "otav2/personalize/{suid}/{l2uuid}/{tauuid}";
    public static final String T_DIR_GET_AUTHTOKEN_URL = "https://service.cgbe.trustonic.com/device/authtoken";
    public static final String UNBLOCK_ENDPOINT = "otav2/enrollment/{suid}/{l2uuid}";
    public static final String UNBLOCK_ENDPOINT_NAME = "enrollment";
    public final String DEFAULT_EX_MESSAGE;
    public ActivationAction activationAction;
    public ActivationHelper activationHelper;
    public final Configuration configuration;
    public final Context context;
    public String firstActivationDate;
    public List<X509Certificate> httpsCertificates;
    public final Logger logger;
    public final OnlineParameters onlineParams;
    public TEEClients teeUsed;
    public OnlineUseCases useCase;

    /* renamed from: com.trustonic.components.thpagent.agent.OnlineHelper$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class AnonymousClass1 {
        public static final /* synthetic */ int[] $SwitchMap$com$trustonic$components$thpagent$agent$OnlineUseCases = new int[OnlineUseCases.values().length];

        static {
            try {
                $SwitchMap$com$trustonic$components$thpagent$agent$OnlineUseCases[OnlineUseCases.ENROLLMENT.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$trustonic$components$thpagent$agent$OnlineUseCases[OnlineUseCases.ENROLLMENT_AND_DECRYPTION_KEY.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$trustonic$components$thpagent$agent$OnlineUseCases[OnlineUseCases.PERSONALIZATION.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$trustonic$components$thpagent$agent$OnlineUseCases[OnlineUseCases.RECORD_ACTIVATION.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$com$trustonic$components$thpagent$agent$OnlineUseCases[OnlineUseCases.DECRYPTION_KEY.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
        }
    }

    public OnlineHelper(Context context, Configuration configuration, ActivationAction activationAction, String str, String str2, String str3, TEEClients tEEClients) {
        this.DEFAULT_EX_MESSAGE = "Error while trying to get the required command";
        this.activationHelper = null;
        this.context = context;
        this.configuration = configuration;
        this.useCase = OnlineUseCases.RECORD_ACTIVATION;
        this.onlineParams = new OnlineParameters(str, str2);
        this.activationAction = activationAction;
        this.firstActivationDate = str3;
        this.teeUsed = tEEClients;
        this.activationHelper = new ActivationHelper(tEEClients, str2);
        this.logger = new Logger(configuration.getLogLevel(), LOG_TAG, configuration.getUseCase());
    }

    public OnlineHelper(OnlineParameters onlineParameters, Context context, Configuration configuration, OnlineUseCases onlineUseCases) {
        this.DEFAULT_EX_MESSAGE = "Error while trying to get the required command";
        this.activationHelper = null;
        this.context = context;
        this.onlineParams = onlineParameters;
        this.useCase = onlineUseCases;
        this.configuration = configuration;
        this.logger = new Logger(configuration.getLogLevel(), LOG_TAG, configuration.getUseCase());
    }

    private String buildRequestForUseCase() {
        String str;
        String developerPayload;
        String packageName = this.context.getPackageName();
        String taVersion = this.onlineParams.getTaVersion();
        try {
            String str2 = this.context.getPackageManager().getPackageInfo(packageName, 0).versionName;
            JSONObject jSONObject = new JSONObject();
            try {
                if (this.useCase != OnlineUseCases.ENROLLMENT && this.useCase != OnlineUseCases.ENROLLMENT_AND_DECRYPTION_KEY && this.useCase != OnlineUseCases.PERSONALIZATION && this.useCase != OnlineUseCases.DECRYPTION_KEY) {
                    if (this.useCase == OnlineUseCases.RECORD_ACTIVATION) {
                        jSONObject.put("appName", packageName);
                        jSONObject.put("appVersion", str2);
                        jSONObject.put("action", this.activationHelper.getActionLabel(this.activationAction));
                        jSONObject.put("taUUID", this.onlineParams.getTaUUID());
                        str = ActivationAction.FIRST_ACTIVATION_KEY;
                        developerPayload = this.firstActivationDate;
                        jSONObject.put(str, developerPayload);
                        return jSONObject.toString();
                    }
                    if (this.useCase == OnlineUseCases.GET_AUTHTOKEN) {
                        JSONObject jSONObject2 = new JSONObject();
                        jSONObject2.put("suid", this.onlineParams.getSuid());
                        jSONObject2.put("version", this.onlineParams.getKinibiVersion());
                        jSONObject2.put("mac", createHash("TrustonicAuthToken", this.onlineParams.getSuid(), this.onlineParams.getKinibiVersion()));
                        jSONObject2.put("oem", Build.MANUFACTURER);
                        jSONObject2.put("model", Build.MODEL);
                        jSONObject2.put("androidVersion", Build.VERSION.SDK_INT);
                        jSONObject.put("device", jSONObject2);
                    }
                    return jSONObject.toString();
                }
                jSONObject.put("otahandler-response", this.onlineParams.getOtahandlerResponse());
                jSONObject.put("appName", packageName);
                jSONObject.put("appVersion", str2);
                jSONObject.put("taVersion", taVersion);
                if (this.useCase == OnlineUseCases.ENROLLMENT_AND_DECRYPTION_KEY || this.useCase == OnlineUseCases.DECRYPTION_KEY) {
                    jSONObject.put(Configuration.SYMMETRIC_KEY_STOREDATA_KEY, this.onlineParams.getEncryptedSymmetricKey());
                }
                if (this.useCase == OnlineUseCases.PERSONALIZATION && this.configuration.getDeveloperPayload() != null) {
                    str = "developer-payload";
                    developerPayload = this.configuration.getDeveloperPayload();
                    jSONObject.put(str, developerPayload);
                }
                return jSONObject.toString();
            } catch (JSONException e2) {
                throw new IOException("Error while trying to get the required command", e2);
            }
        } catch (PackageManager.NameNotFoundException e3) {
            throw new IOException("Error while trying to get the required command", e3);
        }
    }

    private String createHash(String str, String str2, String str3) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(str.getBytes(Charset.forName("UTF-8")));
            messageDigest.update(str2.getBytes(Charset.forName("UTF-8")));
            if (str3 != null) {
                messageDigest.update(str3.getBytes("UTF-8"));
            }
            return Base64.encodeToString(messageDigest.digest(), 2);
        } catch (NoSuchAlgorithmException e2) {
            StringBuilder a2 = a.a("SHA-256 not supported:");
            a2.append(e2.getMessage());
            throw new IOException(a2.toString());
        }
    }

    @SuppressLint({"SimpleDateFormat"})
    private byte[] getCommandRemotely() {
        URL uRLForUseCase = getURLForUseCase(this.useCase);
        if (uRLForUseCase == null) {
            throw new AssertionError("The URL is not supposed to be null at this point!");
        }
        String buildRequestForUseCase = buildRequestForUseCase();
        this.logger.trace("reqEntity:%s", buildRequestForUseCase);
        try {
            return sendRequest(uRLForUseCase, buildRequestForUseCase);
        } catch (KeyManagementException e2) {
            StringBuilder a2 = a.a("Error retrieving the command: ");
            a2.append(e2.getMessage());
            throw new SDKException(a2.toString(), e2);
        } catch (KeyStoreException e3) {
            StringBuilder a3 = a.a("Error retrieving the command: ");
            a3.append(e3.getMessage());
            throw new SDKException(a3.toString(), e3);
        } catch (NoSuchAlgorithmException e4) {
            StringBuilder a4 = a.a("Error retrieving the command: ");
            a4.append(e4.getMessage());
            throw new SDKException(a4.toString(), e4);
        } catch (CertificateException e5) {
            StringBuilder a5 = a.a("Error retrieving the command: ");
            a5.append(e5.getMessage());
            throw new SDKException(a5.toString(), e5);
        }
    }

    private String getLoggingURL(String str) {
        if (!str.contains("otav2/")) {
            throw new IllegalArgumentException(a.a("the enrollment URL does not contain ", "otav2/"));
        }
        return str.substring(0, str.indexOf("otav2/") + 6) + "log/" + this.onlineParams.getSuid();
    }

    private URL getURLForUseCase(OnlineUseCases onlineUseCases) {
        boolean z;
        String serverUrl;
        StringBuilder sb;
        String replace;
        String loggingURL;
        if (onlineUseCases == OnlineUseCases.GET_AUTHTOKEN) {
            try {
                return new URL("https://service.cgbe.trustonic.com/device/authtoken");
            } catch (MalformedURLException e2) {
                throw new SDKException(e2.getMessage(), e2);
            }
        }
        if (this.configuration.getServerBaseUrl() != null) {
            serverUrl = this.configuration.getServerBaseUrl();
            z = true;
        } else {
            z = false;
            serverUrl = this.configuration.getServerUrl();
        }
        if (serverUrl == null) {
            return null;
        }
        try {
            int ordinal = onlineUseCases.ordinal();
            if (ordinal == 0 || ordinal == 1) {
                if (z) {
                    serverUrl = serverUrl + UNBLOCK_ENDPOINT;
                }
                return new URL(serverUrl.replace(Configuration.SUID_PLACEHOLDER, this.onlineParams.getSuid()).replace(Configuration.L2UUID_PLACEHOLDER, this.onlineParams.getSdUUID()));
            }
            if (ordinal == 2) {
                if (z) {
                    sb = new StringBuilder();
                    sb.append(serverUrl);
                    sb.append(PERSONALIZE_ENDPOINT);
                } else {
                    sb = new StringBuilder();
                    sb.append(serverUrl);
                    sb.append("/");
                    sb.append(Configuration.TAUUID_PLACEHOLDER);
                }
                return new URL(sb.toString().replace(Configuration.SUID_PLACEHOLDER, this.onlineParams.getSuid()).replace(Configuration.L2UUID_PLACEHOLDER, this.onlineParams.getSdUUID()).replace(Configuration.TAUUID_PLACEHOLDER, this.onlineParams.getTaUUID()));
            }
            if (ordinal == 3) {
                if (z) {
                    replace = serverUrl + DECRYPTION_KEY_ENDPOINT;
                } else {
                    replace = serverUrl.replace(UNBLOCK_ENDPOINT_NAME, DECRYPTION_KEY_ENDPOINT_NAME);
                }
                return new URL(replace.replace(Configuration.SUID_PLACEHOLDER, this.onlineParams.getSuid()).replace(Configuration.L2UUID_PLACEHOLDER, this.onlineParams.getSdUUID()));
            }
            if (ordinal != 4) {
                throw new AssertionError("THPAgent is not supposed to go online for " + onlineUseCases.name().replace("_", " "));
            }
            if (z) {
                loggingURL = (serverUrl + ACTIVATE_ENDPOINT).replace(Configuration.SUID_PLACEHOLDER, this.onlineParams.getSuid()).replace(Configuration.TAUUID_PLACEHOLDER, this.onlineParams.getTaUUID());
            } else {
                loggingURL = getLoggingURL(this.configuration.getServerUrl());
            }
            return new URL(loggingURL);
        } catch (MalformedURLException unused) {
            throw new SDKException(a.a("URL derivation returned an invalid url:", serverUrl));
        }
    }

    private byte[] getUnblockResponseFromJSON(byte[] bArr) {
        try {
            return Base64.decode(new JSONObject(new String(bArr)).getString(Configuration.UNBLOCK_CMD_KEY), 0);
        } catch (JSONException e2) {
            throw new IOException("Error while trying to get the required command", e2);
        }
    }

    private void logActivation() {
        if (getURLForUseCase(this.useCase) == null) {
            this.logger.trace("no URL provided, activation will not be logged", new Object[0]);
        } else {
            getCommandRemotely();
        }
    }

    private byte[] sendRequest(URL url, String str) {
        HttpURLConnection httpURLConnection;
        int i;
        boolean z;
        byte[] bArr;
        int i2;
        boolean z2;
        byte[] inputStreamToByteArray;
        boolean z3 = true;
        boolean z4 = false;
        try {
            httpURLConnection = (HttpURLConnection) ((URLConnection) FirebasePerfUrlConnection.instrument(url.openConnection()));
            try {
                httpURLConnection.setConnectTimeout(this.configuration.getServerTimeout());
                httpURLConnection.setReadTimeout(this.configuration.getServerTimeout());
                if (httpURLConnection instanceof HttpsURLConnection) {
                    if (this.httpsCertificates == null || this.httpsCertificates.size() == 0) {
                        throw new IOException("Certificate for host " + url.toString() + " was not provided");
                    }
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(null, null);
                    for (int i3 = 0; i3 < this.httpsCertificates.size(); i3++) {
                        keyStore.setCertificateEntry("cert_" + i3, this.httpsCertificates.get(i3));
                    }
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore);
                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                    sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
                    ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(sSLContext.getSocketFactory());
                }
                httpURLConnection.setDoOutput(true);
                byte[] bytes = str.getBytes(Charset.forName("UTF-8"));
                httpURLConnection.setRequestProperty("X-OTA-Version", "1.0");
                httpURLConnection.setRequestProperty("Content-type", "application/json;charset=utf-8");
                httpURLConnection.setRequestProperty(HttpHeaders.CONTENT_LENGTH, Integer.toString(bytes.length));
                httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT_CHARSET, "UTF-8");
                BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(httpURLConnection.getOutputStream());
                ConnectTimeoutException e2 = null;
                byte[] bArr2 = null;
                int i4 = 0;
                int i5 = 0;
                while (true) {
                    try {
                        if (this.useCase == OnlineUseCases.ENROLLMENT) {
                            this.logger.info("Going online to retrieve Unblock SD command from TAM server", new Object[0]);
                        }
                        if (this.useCase == OnlineUseCases.ENROLLMENT_AND_DECRYPTION_KEY) {
                            this.logger.info("Going online to retrieve Unblock SD command and the ta binary decryption key from TAM server", new Object[0]);
                        }
                        if (this.useCase == OnlineUseCases.PERSONALIZATION) {
                            this.logger.info("Going online to retrieve Personalization commands from TAM server", new Object[0]);
                        }
                        if (this.useCase == OnlineUseCases.RECORD_ACTIVATION) {
                            this.logger.trace("Going online to record %s activation", this.teeUsed.getInternalName());
                        }
                        if (this.useCase == OnlineUseCases.DECRYPTION_KEY) {
                            this.logger.debug("going online to get the decryption key for the encrypted ta binary", new Object[0]);
                        }
                        this.logger.info("Contacting %s", url.toString());
                        httpURLConnection.connect();
                        try {
                            try {
                                bufferedOutputStream.write(bytes);
                                bufferedOutputStream.flush();
                                i = httpURLConnection.getResponseCode();
                                this.logger.debug("Received HTTP response %d", Integer.valueOf(i));
                                if (i == 200) {
                                    inputStreamToByteArray = IOUtils.inputStreamToByteArray(httpURLConnection.getInputStream());
                                    i2 = i4;
                                    z2 = false;
                                } else {
                                    if (i == 403) {
                                        throw new NotPermittedException("TAM v2 server returned http code 403 - Forbidden");
                                    }
                                    if (i != 408) {
                                        if (i != 451) {
                                            throw new IOException(String.format("Permanent error from %s HTTP status code %d", url.toString(), Integer.valueOf(i)));
                                        }
                                        if (OnlineUseCases.GET_AUTHTOKEN.equals(this.useCase)) {
                                            throw new AuthtokenNotFoundException("authtoken not found.", null);
                                        }
                                        throw new IOException(String.format("Permanent error from %s HTTP status code %d", url.toString(), Integer.valueOf(i)));
                                    }
                                    try {
                                        int i6 = i4 + 1;
                                        if (i6 < this.configuration.getServerRetries()) {
                                            this.logger.warn("timeout while contacting the TAM server, retrying", new Object[0]);
                                        }
                                        inputStreamToByteArray = bArr2;
                                        i2 = i6;
                                        z2 = true;
                                    } catch (ConnectTimeoutException e3) {
                                        e2 = e3;
                                        z = true;
                                        int i7 = i4 + 1;
                                        try {
                                            bufferedOutputStream.close();
                                            if (z) {
                                                httpURLConnection.disconnect();
                                            }
                                            i5 = i;
                                            bArr = bArr2;
                                            i2 = i7;
                                            z2 = true;
                                            if (z2) {
                                                break;
                                            }
                                            i4 = i2;
                                            bArr2 = bArr;
                                            if (i5 == 200) {
                                                return bArr;
                                            }
                                            if (e2 != null) {
                                                throw new IOException("connection timeout", e2);
                                            }
                                            throw new IOException("unable to get command: HTTP code:" + i5);
                                        } catch (Throwable th) {
                                            th = th;
                                            z4 = z;
                                            if (httpURLConnection != null && z4) {
                                                httpURLConnection.disconnect();
                                            }
                                            throw th;
                                        }
                                    }
                                }
                                try {
                                    bufferedOutputStream.close();
                                    httpURLConnection.disconnect();
                                    bArr = inputStreamToByteArray;
                                    i5 = i;
                                } catch (Throwable th2) {
                                    th = th2;
                                    z4 = z3;
                                    if (httpURLConnection != null) {
                                        httpURLConnection.disconnect();
                                    }
                                    throw th;
                                }
                            } catch (ConnectTimeoutException e4) {
                                e2 = e4;
                                i = i5;
                            }
                        } catch (Throwable th3) {
                            th = th3;
                            bufferedOutputStream.close();
                            if (z3) {
                                httpURLConnection.disconnect();
                            }
                            throw th;
                        }
                    } catch (ConnectTimeoutException e5) {
                        e2 = e5;
                        i = i5;
                        z = false;
                    } catch (Throwable th4) {
                        th = th4;
                        z3 = false;
                    }
                    if (z2 || i2 >= this.configuration.getServerRetries()) {
                        break;
                        break;
                    }
                    i4 = i2;
                    bArr2 = bArr;
                }
            } catch (Throwable th5) {
                th = th5;
            }
        } catch (Throwable th6) {
            th = th6;
            httpURLConnection = null;
        }
    }

    public byte[] getCommand() {
        byte[] commandRemotely = getCommandRemotely();
        byte[] unblockResponseFromJSON = OnlineUseCases.GET_AUTHTOKEN.equals(this.useCase) ? commandRemotely : getUnblockResponseFromJSON(commandRemotely);
        this.logger.trace("Content received from server: %s", Base64.encodeToString(commandRemotely, 2));
        return unblockResponseFromJSON;
    }

    public byte[] getSymmetricKey() {
        byte[] commandRemotely = getCommandRemotely();
        try {
            this.logger.trace("trying to convert server response into JSON", new Object[0]);
            JSONObject jSONObject = new JSONObject(new String(commandRemotely, Charset.forName("UTF-8")));
            if (jSONObject.getString(Configuration.SYMMETRIC_KEY_STOREDATA_KEY) == null) {
                throw new IOException("Error while trying to get the required command", new IllegalArgumentException("Illegal server response structure"));
            }
            this.logger.trace("trying to convert Base64 encoded data into byte[]", new Object[0]);
            return Base64.decode(jSONObject.getString(Configuration.SYMMETRIC_KEY_STOREDATA_KEY), 0);
        } catch (JSONException e2) {
            throw new IOException("Error while trying to get the required command", e2);
        }
    }

    public EncryptedTAUnblockCommands getUnblockAndSymmetricKey() {
        byte[] commandRemotely = getCommandRemotely();
        try {
            this.logger.trace("trying to convert server response into JSON", new Object[0]);
            JSONObject jSONObject = new JSONObject(new String(commandRemotely, Charset.forName("UTF-8")));
            if (jSONObject.getString(Configuration.UNBLOCK_CMD_KEY) == null || jSONObject.getString(Configuration.SYMMETRIC_KEY_STOREDATA_KEY) == null) {
                throw new IOException("Error while trying to get the required command", new IllegalArgumentException("Illegal server response structure"));
            }
            this.logger.trace("unblock SD (base64) %s", jSONObject.getString(Configuration.UNBLOCK_CMD_KEY));
            this.logger.trace("encrypted symmetric key (base64) %s", jSONObject.getString(Configuration.SYMMETRIC_KEY_STOREDATA_KEY));
            this.logger.trace("extracting unblock command from set", new Object[0]);
            try {
                byte[] extractUnblockCommandFromSet = ASN1Utils.extractUnblockCommandFromSet(Base64.decode(jSONObject.getString(Configuration.UNBLOCK_CMD_KEY), 0), this.logger);
                this.logger.trace("extracted unblock command: %s", HexUtils.toHexString(extractUnblockCommandFromSet));
                this.logger.trace("trying to convert Base64 encoded data into byte[]", new Object[0]);
                return new EncryptedTAUnblockCommands(extractUnblockCommandFromSet, Base64.decode(jSONObject.getString(Configuration.SYMMETRIC_KEY_STOREDATA_KEY), 0));
            } catch (SDKException unused) {
                throw new IOException("Error while trying to get the required command", new IllegalArgumentException("Illegal server response structure"));
            }
        } catch (JSONException e2) {
            throw new IOException("Error while trying to get the required command", e2);
        }
    }

    @Override // com.trustonic.components.thpagent.api.remotelogger.RemoteLogger
    public void log(String str) {
        logActivation();
    }

    public OnlineHelper setHttpsCertificates(List<X509Certificate> list) {
        this.httpsCertificates = list;
        return this;
    }
}
