package com.clover.http;

import android.content.ContentProviderClient;
import android.content.Context;
import android.net.Uri;
import android.os.Build;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import com.clover.config.C;
import com.clover.config.CloverConfig;
import com.clover.keystore.CloverKeyStoreContract;
import com.clover.keystore.CloverKeyStoreProvider;
import com.clover.sdk.CloverIntent;
import com.clover.sdk.SimpleSyncClient;
import com.clover.settings.CloverSettings;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Iterator;
import org.apache.http.conn.ssl.SSLSocketFactory;

/* loaded from: classes.dex */
public class DeviceClient {
    private static final Uri ENGINE_CONTENT_URI = Uri.parse("content://com.clover.lockscreen");
    private static final boolean IS_CLOVER = "Clover".equals(Build.MANUFACTURER);
    private static String sAuthToken;
    private static Context sContext;
    private static String sDeviceId;
    private static Boolean sFoundCloverKeyStore;
    private static Boolean sKeyStoreTestPassed;
    private static String sMerchantId;
    private static SSLSocketFactory sSocketFactory;

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getDeviceId() {
        if (sContext != null) {
            return getDeviceId(sContext);
        }
        return null;
    }

    public static String getDeviceId(Context context) {
        if (TextUtils.isEmpty(sDeviceId)) {
            sDeviceId = CloverSettings.Merchant.getString(context.getContentResolver(), "device_id");
            if (TextUtils.isEmpty(sDeviceId)) {
                try {
                    Bundle call = context.getContentResolver().call(ENGINE_CONTENT_URI, SimpleSyncClient.METHOD_GET, "deviceId", (Bundle) null);
                    if (call != null) {
                        sDeviceId = call.getString("deviceId");
                    }
                } catch (IllegalArgumentException e) {
                    Log.d("clover", ENGINE_CONTENT_URI + " not available");
                }
            }
        }
        return sDeviceId;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getMerchantId() {
        if (sContext != null) {
            return getMerchantId(sContext);
        }
        return null;
    }

    public static String getMerchantId(Context context) {
        if (TextUtils.isEmpty(sMerchantId)) {
            sMerchantId = CloverSettings.Merchant.getString(context.getContentResolver(), "merchant_id");
            if (TextUtils.isEmpty(sMerchantId)) {
                try {
                    Bundle call = context.getContentResolver().call(ENGINE_CONTENT_URI, SimpleSyncClient.METHOD_GET, CloverIntent.EXTRA_MERCHANT_ID, (Bundle) null);
                    if (call != null) {
                        sMerchantId = call.getString(CloverIntent.EXTRA_MERCHANT_ID);
                    }
                } catch (IllegalArgumentException e) {
                    Log.d("clover", ENGINE_CONTENT_URI + " not available");
                }
            }
        }
        return sMerchantId;
    }

    public static KeyStore getServerTrustStore(CloverConfig cloverConfig) {
        if (!cloverConfig.has(C.cert.ca_server)) {
            return null;
        }
        try {
            X509Certificate x509Certificate = cloverConfig.get(C.cert.ca_server);
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null, null);
            keyStore.setEntry("cloverca", new KeyStore.TrustedCertificateEntry(x509Certificate), null);
            if (!cloverConfig.has(C.cert.ca_server_sha256)) {
                return keyStore;
            }
            keyStore.setEntry("cloverca2", new KeyStore.TrustedCertificateEntry(cloverConfig.get(C.cert.ca_server_sha256)), null);
            return keyStore;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static SSLSocketFactory getSocketFactory(Context context, KeyStore keyStore) {
        if (sSocketFactory == null) {
            sContext = context.getApplicationContext();
            KeyStore loadKeyStore = loadKeyStore(context);
            if (loadKeyStore == null) {
                return null;
            }
            try {
                sSocketFactory = new CloverSSLSocketFactory(loadKeyStore, null, keyStore);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        return sSocketFactory;
    }

    @Deprecated
    public static SSLSocketFactory getSocketFactory(CloverConfig cloverConfig, Context context) {
        return getSocketFactory(context, getServerTrustStore(cloverConfig));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getToken() {
        if (sContext != null) {
            return getToken(sContext);
        }
        return null;
    }

    protected static String getToken(Context context) {
        if (TextUtils.isEmpty(sAuthToken)) {
            sAuthToken = CloverSettings.Merchant.getString(context.getContentResolver(), "auth_token");
            if (TextUtils.isEmpty(sAuthToken)) {
                try {
                    Bundle call = context.getContentResolver().call(ENGINE_CONTENT_URI, SimpleSyncClient.METHOD_GET, "token", (Bundle) null);
                    if (call != null) {
                        sAuthToken = call.getString("token");
                    }
                } catch (IllegalArgumentException e) {
                    Log.d("clover", ENGINE_CONTENT_URI + " not available");
                }
            }
        }
        return sAuthToken;
    }

    private static boolean keyStoreOkay(KeyStore keyStore, String str) throws Exception {
        if (keyStore.getKey(str, null) == null) {
            Log.w("clover", "USRPKEY missing");
            return false;
        }
        Certificate[] certificateChain = keyStore.getCertificateChain(str);
        if (certificateChain == null || certificateChain.length <= 2) {
            Log.w("clover", "CACERT missing");
            return false;
        }
        if (!certificateChain[0].equals(certificateChain[1])) {
            return true;
        }
        Log.w("clover", "USRCERT missing");
        return false;
    }

    private static KeyStore loadAndroidKeyStore(Context context) {
        KeyStore keyStore;
        if (!IS_CLOVER) {
            return null;
        }
        try {
            String string = CloverSettings.Merchant.getString(context.getContentResolver(), "device_cn");
            if (TextUtils.isEmpty(string)) {
                Log.w("clover", "Failed to get device_cn from CloverSettings, expected on Goldleaf");
                keyStore = null;
            } else {
                String replace = string.replace("-", JsonProperty.USE_DEFAULT_NAME);
                keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                if (validateAndroidKeyStore(context, keyStore, replace, true)) {
                    testKeyStore(keyStore);
                    Log.d("clover", "DeviceClient is using AndroidKeyStore");
                } else {
                    Log.w("clover", "AndroidKeyStore is missing certs or key");
                    keyStore = null;
                }
            }
            return keyStore;
        } catch (Exception e) {
            Log.w("clover", e);
            return null;
        }
    }

    private static KeyStore loadCloverKeyStore(Context context) {
        if (sFoundCloverKeyStore == null) {
            ContentProviderClient acquireContentProviderClient = context.getContentResolver().acquireContentProviderClient(CloverKeyStoreContract.CONTENT_URI);
            if (acquireContentProviderClient != null) {
                try {
                    CloverKeyStoreProvider.install(context, CertificateFactory.getInstance("X.509"));
                    sFoundCloverKeyStore = true;
                } catch (Exception e) {
                    sFoundCloverKeyStore = false;
                    Log.e("clover", "Unable to install CloverKeyStoreProvider!!!", e);
                } finally {
                    acquireContentProviderClient.release();
                }
            } else {
                sFoundCloverKeyStore = false;
            }
        }
        if (!sFoundCloverKeyStore.booleanValue()) {
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(CloverKeyStoreProvider.PROVIDER_NAME);
            keyStore.load(null, null);
            if (keyStore.containsAlias("device_auth")) {
                testKeyStore(keyStore);
                Log.d("clover", "DeviceClient is using CloverKeyStore");
            } else {
                Log.w("clover", "CloverKeyStore missing alias!!!");
                keyStore = null;
            }
            return keyStore;
        } catch (Exception e2) {
            Log.e("clover", "Failed to load CloverKeyStore!!!", e2);
            return null;
        }
    }

    private static KeyStore loadCloverSettingsKeyStore(Context context) {
        try {
            String string = CloverSettings.Merchant.getString(context.getContentResolver(), "device_pkcs12_data");
            String deviceId = getDeviceId(context);
            if (!TextUtils.isEmpty(string) && !TextUtils.isEmpty(deviceId)) {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(new ByteArrayInputStream(Base64.decode(string, 0)), new KeyStore.PasswordProtection(deviceId.toCharArray()).getPassword());
                testKeyStore(keyStore);
                Log.d("clover", "DeviceClient is using CloverSettings KeyStore");
                return keyStore;
            }
        } catch (Exception e) {
            Log.w("clover", e);
        }
        return null;
    }

    private static KeyStore loadEngineKeyStore(Context context) {
        Bundle bundle = null;
        try {
            try {
                bundle = context.getContentResolver().call(ENGINE_CONTENT_URI, SimpleSyncClient.METHOD_GET, "keyStore", (Bundle) null);
            } catch (IllegalArgumentException e) {
                Log.d("clover", ENGINE_CONTENT_URI + " not available");
            }
            if (bundle != null) {
                byte[] byteArray = bundle.getByteArray("data");
                char[] charArray = bundle.getCharArray("password");
                String string = bundle.getString("deviceId");
                String string2 = bundle.getString("token");
                if (byteArray != null && charArray != null) {
                    KeyStore keyStore = KeyStore.getInstance("PKCS12");
                    keyStore.load(new ByteArrayInputStream(byteArray), new KeyStore.PasswordProtection(charArray).getPassword());
                    testKeyStore(keyStore);
                    sDeviceId = string;
                    sAuthToken = string2;
                    Log.d("clover", "DeviceClient is using engine KeyStore");
                    return keyStore;
                }
            }
        } catch (Exception e2) {
            Log.w("clover", e2);
        }
        return null;
    }

    public static KeyStore loadKeyStore(Context context) {
        KeyStore loadCloverKeyStore = loadCloverKeyStore(context);
        if (loadCloverKeyStore == null) {
            loadCloverKeyStore = loadAndroidKeyStore(context);
        }
        if (loadCloverKeyStore == null) {
            loadCloverKeyStore = loadCloverSettingsKeyStore(context);
        }
        if (loadCloverKeyStore == null) {
            loadCloverKeyStore = loadEngineKeyStore(context);
        }
        if (loadCloverKeyStore != null) {
            return loadCloverKeyStore;
        }
        try {
            Log.e("clover", "DeviceClient is using empty KeyStore!!!");
            return KeyStore.getInstance("PKCS12");
        } catch (Exception e) {
            Log.e("clover", "DevceClient is using null KeyStore!!!", e);
            return loadCloverKeyStore;
        }
    }

    private static void testKeyStore(KeyStore keyStore) throws GeneralSecurityException {
        if (Boolean.TRUE.equals(sKeyStoreTestPassed)) {
            return;
        }
        KeyPair keyPair = null;
        try {
            Iterator it = Collections.list(keyStore.aliases()).iterator();
            if (it.hasNext()) {
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry((String) it.next(), null);
                keyPair = new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
            }
            if (keyPair == null) {
                throw new Exception("Missing key pair in keystore");
            }
            if (keyPair.getPrivate() == null) {
                throw new Exception("Missing private key in keystore");
            }
            if (keyPair.getPrivate() == null) {
                throw new Exception("Missing public key in keystore");
            }
            byte[] bytes = "CloverClover".getBytes();
            Signature signature = Signature.getInstance("NONEwithRSA");
            signature.initSign(keyPair.getPrivate());
            signature.update(bytes);
            byte[] sign = signature.sign();
            Signature signature2 = Signature.getInstance("NONEwithRSA");
            signature2.initVerify(keyPair.getPublic());
            signature2.update(bytes);
            if (!signature2.verify(sign)) {
                throw new Exception("Keystore validation failed");
            }
            sKeyStoreTestPassed = true;
        } catch (Exception e) {
            throw new GeneralSecurityException("KeyStore test failed", e);
        }
    }

    private static boolean validateAndroidKeyStore(Context context, KeyStore keyStore, String str, boolean z) throws KeyStoreException {
        boolean z2;
        try {
            if (!keyStore.containsAlias(str)) {
                CloverSettings.Merchant.keyStoreUnlock(context.getContentResolver());
            }
        } catch (Exception e) {
            Log.w("clover", e.toString());
            z2 = false;
        }
        if (!keyStore.containsAlias(str)) {
            Log.w("clover", "AndroidKeyStore unlock/duplicate failed, cannot repair!");
            return false;
        }
        z2 = keyStoreOkay(keyStore, str);
        if (!z2 && z) {
            keyStore.deleteEntry(str);
            z2 = validateAndroidKeyStore(context, keyStore, str, false);
            if (z2) {
                Log.i("clover", "AndroidKeyStore repair succeeded");
            } else {
                Log.w("clover", "AndroidKeyStore repair failed");
            }
        }
        return z2;
    }
}
