package com.samsung.android.mirrorlink.acms.http;

import android.content.Context;
import android.os.RemoteException;
import com.samsung.android.mirrorlink.acms.api.AcmsManager;
import com.samsung.android.mirrorlink.acms.api.AcmsServiceMonitor;
import com.samsung.android.mirrorlink.acms.manager.AcmsRevocationMngr;
import com.samsung.android.mirrorlink.acms.provider.AppEntry;
import com.samsung.android.mirrorlink.acms.utils.AcmsLog;
import com.samsung.android.mirrorlink.acms.utils.AcmsUtil;
import com.samsung.android.mirrorlink.acms.utils.CertificateValidator;
import com.samsung.android.mirrorlink.acms.utils.OcspServerResponseData;
import java.io.BufferedOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.Random;
import java.util.Set;
import java.util.Vector;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.CertificateStatus;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPReq;
import org.bouncycastle.ocsp.OCSPReqGenerator;
import org.bouncycastle.ocsp.OCSPResp;
import org.bouncycastle.ocsp.RevokedStatus;
import org.bouncycastle.ocsp.SingleResp;
import org.bouncycastle.ocsp.UnknownStatus;

/* loaded from: classes.dex */
public class AcmsHttpRevokationHandler {
    private static final String CERT_EXTENSION_AIA = "1.3.6.1.5.5.7.1.1";
    private static final String CHARSET_US_ASCII = "US-ASCII";
    private static final String CHARSET_UTF_8 = "UTF-8";
    private static final String HTTP = "http";
    private static final String LDAP = "ldap";
    private static final String NO_PACKAGE_NAME = "no_package_to_show";
    private static final String OCSP_RESP_EXTENSION_BASE_GRACE_PERIOD = "1.3.6.1.4.1.41577.1.3";
    private static final String OCSP_RESP_EXTENSION_DRIVE_GRACE_PERIOD = "1.3.6.1.4.1.41577.1.2";
    private static final String OCSP_RESP_EXTENSION_NONCE = "1.3.6.1.5.5.7.48.1.2";
    private static final String OCSP_RESP_EXTENSION_QUERY_PERIOD = "1.3.6.1.4.1.41577.1.1";
    private static final String TAG = "AcmsHttpRevokationHandler";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class RevocationtHttpThread extends Thread {
        private ArrayList<AppEntry> mAppEntries;
        private AcmsRevocationMngr.Callback mCallback;
        private Context mContext;
        private boolean mIsManualRevoc;

        private RevocationtHttpThread() {
        }

        /* synthetic */ RevocationtHttpThread(AcmsHttpRevokationHandler acmsHttpRevokationHandler, RevocationtHttpThread revocationtHttpThread) {
            this();
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            AcmsLog.d(AcmsHttpRevokationHandler.TAG, "RevocationtHttpThread.run() Enter ");
            AcmsHttpRevokationHandler.this.httpRevocation(this.mAppEntries, this.mCallback, this.mContext, this.mIsManualRevoc);
            AcmsServiceMonitor acmsSvcMonitor = AcmsServiceMonitor.getAcmsSvcMonitor();
            if (acmsSvcMonitor != null) {
                acmsSvcMonitor.decrementSvcCounter();
            }
            AcmsLog.d(AcmsHttpRevokationHandler.TAG, "Decremented Counter Value : RevocationtHttpThread.run");
            AcmsLog.d(AcmsHttpRevokationHandler.TAG, "RevocationtHttpThread.run() Exit");
        }

        public void start(ArrayList<AppEntry> arrayList, AcmsRevocationMngr.Callback callback, Context context, boolean z) {
            AcmsLog.d(AcmsHttpRevokationHandler.TAG, "RevocationtHttpThread.start() size= " + arrayList.size());
            this.mAppEntries = arrayList;
            this.mCallback = callback;
            this.mContext = context;
            this.mIsManualRevoc = z;
            AcmsServiceMonitor.getAcmsSvcMonitor().incrementSvcCounter();
            AcmsLog.d(AcmsHttpRevokationHandler.TAG, "Incremented Counter Value : RevocationtHttpThread.start");
            super.start();
        }
    }

    private boolean checkResponseSignature(ArrayList<AppEntry> arrayList, AcmsRevocationMngr.Callback callback, X509Certificate x509Certificate, BasicOCSPResp basicOCSPResp, boolean z) {
        if (basicOCSPResp == null) {
            return false;
        }
        String signatureAlgName = basicOCSPResp.getSignatureAlgName();
        AcmsLog.d(TAG, "respAlgName= " + signatureAlgName);
        String sigAlgName = x509Certificate.getSigAlgName();
        AcmsLog.d(TAG, "rootCertAlgName= " + sigAlgName);
        if (!signatureAlgName.equalsIgnoreCase(sigAlgName)) {
            callback.onError(arrayList, 6, z);
            return false;
        }
        try {
            if (basicOCSPResp.verify(x509Certificate.getPublicKey(), BouncyCastleProvider.PROVIDER_NAME)) {
                AcmsLog.d(TAG, " checkResponseSignature successfull ");
                return true;
            }
            AcmsLog.d(TAG, "checkRevocation() Ocsp Revocation Not signed");
            callback.onError(arrayList, 6, z);
            return false;
        } catch (NoSuchProviderException e) {
            e.printStackTrace();
            AcmsLog.d(TAG, "checkRevocation() Ocsp Signing Exception");
            callback.onError(arrayList, 6, z);
            return false;
        } catch (OCSPException e2) {
            e2.printStackTrace();
            AcmsLog.d(TAG, "checkRevocation() OCSPException Exception");
            callback.onError(arrayList, 6, z);
            return false;
        }
    }

    private boolean checkResponseStatus(ArrayList<AppEntry> arrayList, AcmsRevocationMngr.Callback callback, OCSPResp oCSPResp, boolean z) throws IOException, OCSPException {
        int status = oCSPResp.getStatus();
        AcmsLog.d(TAG, "ocspResp.getStatus(): " + status);
        if (status != 0) {
            AcmsLog.d(TAG, "ocsp response is not success");
            if (status == 3) {
                callback.onError(arrayList, 7, z);
                return false;
            }
            if (status == 1) {
                callback.onError(arrayList, 8, z);
                return false;
            }
            if (status == 2) {
                callback.onError(arrayList, 9, z);
                return false;
            }
            if (status == 5) {
                callback.onError(arrayList, 12, z);
                return false;
            }
            if (status == 6) {
                callback.onError(arrayList, 13, z);
                return false;
            }
        }
        AcmsLog.d(TAG, " OCSP_RESP_SUCCESSFUL ");
        return true;
    }

    private OcspServerResponseData extractExtensionValues(ArrayList<AppEntry> arrayList, AcmsRevocationMngr.Callback callback, BigInteger bigInteger, BasicOCSPResp basicOCSPResp, boolean z) {
        AcmsLog.d(TAG, "checkRevocation() Version " + basicOCSPResp.getVersion());
        AcmsLog.d(TAG, "checkRevocation() ResponderId " + basicOCSPResp.getResponderId());
        Set<String> nonCriticalExtensionOIDs = basicOCSPResp.getNonCriticalExtensionOIDs();
        OcspServerResponseData ocspServerResponseData = new OcspServerResponseData();
        DEROctetString dEROctetString = new DEROctetString(bigInteger.toByteArray());
        for (String str : nonCriticalExtensionOIDs) {
            AcmsLog.d(TAG, "checkRevocation() nonCritOid " + str);
            byte[] extensionValue = basicOCSPResp.getExtensionValue(str);
            if (extensionValue == null) {
                AcmsLog.d(TAG, str + " No Value ");
            } else {
                if (str.equals(OCSP_RESP_EXTENSION_QUERY_PERIOD)) {
                    ocspServerResponseData.setQueryPeriod(getIntegerFromOcspExtensionValue(extensionValue));
                    AcmsLog.d(TAG, "checkRevocation() OCSP_RESP_EXTENSION_QUERY_PERIOD=" + ocspServerResponseData.getQueryPeriod());
                }
                if (str.equals(OCSP_RESP_EXTENSION_BASE_GRACE_PERIOD)) {
                    ocspServerResponseData.setBaseGracePeriod(getIntegerFromOcspExtensionValue(extensionValue));
                    AcmsLog.d(TAG, "checkRevocation() OCSP_RESP_EXTENSION_BASE_GRACE_PERIOD=" + ocspServerResponseData.getBaseGracePeriod());
                }
                if (str.equals(OCSP_RESP_EXTENSION_DRIVE_GRACE_PERIOD)) {
                    ocspServerResponseData.setDriveGracePeriod(getIntegerFromOcspExtensionValue(extensionValue));
                    AcmsLog.d(TAG, "checkRevocation() OCSP_RESP_EXTENSION_DRIVE_GRACE_PERIOD=" + ocspServerResponseData.getDriveGracePeriod());
                }
                if (str.equals(OCSP_RESP_EXTENSION_NONCE) && !Arrays.equals(extensionValue, dEROctetString.getDEREncoded())) {
                    AcmsLog.d(TAG, "checkRevocation() OCSP_RESP_EXTENSION_NONCE Error ");
                    callback.onError(arrayList, 5, z);
                    return null;
                }
            }
        }
        ocspServerResponseData.setDriveGracePeriod(ocspServerResponseData.getDriveGracePeriod() - ocspServerResponseData.getQueryPeriod());
        ocspServerResponseData.setBaseGracePeriod((ocspServerResponseData.getBaseGracePeriod() - ocspServerResponseData.getDriveGracePeriod()) - ocspServerResponseData.getQueryPeriod());
        AcmsLog.d(TAG, "checkRevocation() \n Query[" + ocspServerResponseData.getQueryPeriod() + "] \n Base[" + ocspServerResponseData.getBaseGracePeriod() + "] \n Drive[" + ocspServerResponseData.getDriveGracePeriod() + "]");
        return ocspServerResponseData;
    }

    private ArrayList<AppEntry> getAppListEntries() {
        return new ArrayList<>();
    }

    private int getIntegerFromOcspExtensionValue(byte[] bArr) {
        int i = 0;
        if (bArr[0] != 4) {
            AcmsLog.d(TAG, " getIntegerFromOcspExtensionValue: Not Octect String");
            return -1;
        }
        try {
            String str = new String(bArr, "UTF-8");
            byte[] bytes = str.getBytes(Charset.forName("UTF-8"));
            AcmsLog.d(TAG, "Array in string from OCSP Response: " + str);
            for (int i2 = 2; i2 < bytes.length; i2++) {
                i += ((int) Math.pow(10.0d, (bytes.length - i2) - 1)) * (bytes[i2] - 48);
            }
            return i;
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
            return -1;
        }
    }

    private OCSPReqGenerator getRequestGenerator(X509Certificate x509Certificate, X509Certificate x509Certificate2, OCSPReqGenerator oCSPReqGenerator) throws OCSPException {
        Security.addProvider(new BouncyCastleProvider());
        oCSPReqGenerator.addRequest(new CertificateID(CertificateID.HASH_SHA1, x509Certificate2, x509Certificate.getSerialNumber()));
        return oCSPReqGenerator;
    }

    private HttpURLConnection getResponseForRequest(ArrayList<AppEntry> arrayList, AcmsRevocationMngr.Callback callback, byte[] bArr, OCSPReq oCSPReq, boolean z, Context context) throws IOException, MalformedURLException {
        int i;
        String str;
        if (bArr != null) {
            try {
                String str2 = new String(bArr, CHARSET_US_ASCII);
                int indexOf = str2.indexOf(HTTP);
                if (indexOf == -1) {
                    i = str2.indexOf(LDAP);
                } else {
                    AcmsLog.d(TAG, "httpRevocation index of http is not -1 ");
                    i = indexOf;
                }
                if (i != -1) {
                    str = new String(bArr, i, bArr[i - 1], Charset.forName(CHARSET_US_ASCII));
                    if (str != null || (!str.startsWith(HTTP))) {
                        return null;
                    }
                    byte[] encoded = oCSPReq.getEncoded();
                    AcmsLog.d(TAG, "OCSP Request array: " + new String(encoded, Charset.forName(CHARSET_US_ASCII)));
                    URL url = new URL(str);
                    HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
                    httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
                    httpURLConnection.setRequestProperty("Accept", "application/ocsp-response");
                    httpURLConnection.setRequestProperty("User-Agent", AcmsUtil.getDefaultUserAgent(context));
                    httpURLConnection.setDoOutput(true);
                    AcmsLog.d(TAG, "OCSP Request URL: " + url.toString());
                    DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
                    AcmsLog.d(TAG, "checkRevocation() Sending Request ");
                    dataOutputStream.write(encoded);
                    dataOutputStream.flush();
                    dataOutputStream.close();
                    AcmsLog.d(TAG, "checkRevocation() Received Response ");
                    int responseCode = httpURLConnection.getResponseCode();
                    if (responseCode / 100 == 2) {
                        AcmsLog.d(TAG, "checkRevocation() Http Resp " + responseCode);
                        return httpURLConnection;
                    }
                    AcmsLog.e(TAG, "Http Error " + responseCode);
                    callback.onError(arrayList, 2, z);
                    return null;
                }
            } catch (UnsupportedEncodingException e) {
                throw new IllegalStateException(e.toString());
            }
        }
        str = null;
        if (str != null) {
        }
        return null;
    }

    private boolean isOCSPCertValid(ArrayList<AppEntry> arrayList, AcmsRevocationMngr.Callback callback, Context context, BasicOCSPResp basicOCSPResp, boolean z) throws OCSPException {
        try {
            X509Certificate[] certs = basicOCSPResp.getCerts("BC");
            CertificateValidator certificateValidator = new CertificateValidator(context);
            if (certs.length <= 0 || !(!certificateValidator.verifyOCSPChain(certs))) {
                return true;
            }
            AcmsLog.d(TAG, "checkRevocation() verifyOCSPChain for OCSP failed");
            callback.onError(arrayList, 14, z);
            return false;
        } catch (InvalidKeyException e) {
            e.printStackTrace();
            AcmsLog.d(TAG, "checkRevocation() InvalidKeyException Error ");
            callback.onError(arrayList, 2, z);
            return false;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            AcmsLog.d(TAG, "checkRevocation() NoSuchAlgorithmException Error ");
            callback.onError(arrayList, 2, z);
            return false;
        } catch (NoSuchProviderException e3) {
            e3.printStackTrace();
            AcmsLog.d(TAG, "checkRevocation() NoSuchProviderException Error ");
            callback.onError(arrayList, 2, z);
            return false;
        } catch (SignatureException e4) {
            e4.printStackTrace();
            AcmsLog.d(TAG, "checkRevocation() SignatureException Error ");
            callback.onError(arrayList, 14, z);
            return false;
        } catch (CertificateException e5) {
            e5.printStackTrace();
            AcmsLog.d(TAG, "checkRevocation() CertificateException Error ");
            callback.onError(arrayList, 14, z);
            return false;
        }
    }

    private boolean isUpdated(Date date, Date date2) {
        if (date != null) {
            return date.before(date2);
        }
        AcmsLog.d(TAG, "Next Update is null");
        return false;
    }

    public boolean checkRevocation(ArrayList<AppEntry> arrayList, AcmsRevocationMngr.Callback callback, Context context, boolean z) {
        AcmsLog.d(TAG, "checkRevocation() Enter " + arrayList.size());
        new RevocationtHttpThread(this, null).start(arrayList, callback, context, z);
        AcmsLog.d(TAG, "checkRevocation Exit");
        return true;
    }

    public void httpRevocation(ArrayList<AppEntry> arrayList, AcmsRevocationMngr.Callback callback, Context context, boolean z) {
        HttpURLConnection responseForRequest;
        if (arrayList == null) {
            AcmsLog.d(TAG, "AppEntries is null: Hence ignore");
            return;
        }
        Iterator<AppEntry> it = arrayList.iterator();
        OCSPReqGenerator oCSPReqGenerator = new OCSPReqGenerator();
        byte[] bArr = null;
        ArrayList<AppEntry> arrayList2 = new ArrayList<>();
        X509Certificate x509Certificate = null;
        OCSPReqGenerator oCSPReqGenerator2 = oCSPReqGenerator;
        boolean z2 = true;
        while (it.hasNext()) {
            AppEntry next = it.next();
            if (next.getPackageName() == null) {
                AcmsLog.d(TAG, "Packagename is null: Hence ignore");
            } else {
                String appId = next.getAppId();
                X509Certificate[] certs = AcmsUtil.getCerts(next, context);
                if (certs != null && certs.length >= 2) {
                    z2 = false;
                    AcmsLog.d(TAG, "checkRevocation() Number of certs " + certs.length);
                    X509Certificate x509Certificate2 = certs[certs.length - 1];
                    X509Certificate x509Certificate3 = certs[certs.length - 2];
                    bArr = x509Certificate2.getExtensionValue("1.3.6.1.5.5.7.1.1");
                    try {
                        AcmsLog.d(TAG, "checkRevocation(): Generating request for:  " + appId);
                        oCSPReqGenerator2 = getRequestGenerator(x509Certificate2, x509Certificate3, oCSPReqGenerator2);
                        arrayList2.add(next);
                    } catch (OCSPException e) {
                        callback.onError(arrayList, 1, z);
                        e.printStackTrace();
                    }
                    x509Certificate = x509Certificate3;
                    oCSPReqGenerator2 = oCSPReqGenerator2;
                }
            }
        }
        if (z2) {
            AcmsLog.d(TAG, "None of the apps have entry in KeyStore. Hence Revocation wont be performed. ");
            if (z) {
                try {
                    AcmsManager.getAcmsManager(context).notifyRevocationCheckResult(NO_PACKAGE_NAME, AcmsRevocationMngr.Callback.Result.NO_VALIDAPPS_TO_PERFORM_REVOCATION.ordinal());
                    AcmsLog.d(TAG, "notifyResult.RemoteException()  ");
                    return;
                } catch (RemoteException e2) {
                    e2.printStackTrace();
                    return;
                }
            }
            return;
        }
        BigInteger bigInteger = new BigInteger(128, new Random());
        AcmsLog.d(TAG, "requestNonce= " + bigInteger);
        Vector vector = new Vector();
        Vector vector2 = new Vector();
        vector.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
        vector2.add(new X509Extension(false, (ASN1OctetString) new DEROctetString(bigInteger.toByteArray())));
        oCSPReqGenerator2.setRequestExtensions(new X509Extensions(vector, vector2));
        try {
            responseForRequest = getResponseForRequest(arrayList2, callback, bArr, oCSPReqGenerator2.generate(), z, context);
        } catch (IOException e3) {
            callback.onError(arrayList, 1, z);
            e3.printStackTrace();
        } catch (OCSPException e4) {
            callback.onError(arrayList, 1, z);
            e4.printStackTrace();
        }
        if (responseForRequest == null) {
            AcmsLog.d(TAG, "Response is null for OCSP Request ");
            return;
        }
        InputStream inputStream = (InputStream) responseForRequest.getContent();
        OCSPResp oCSPResp = new OCSPResp(inputStream);
        if (inputStream != null) {
            inputStream.close();
        }
        if (!checkResponseStatus(arrayList2, callback, oCSPResp, z)) {
            AcmsLog.d(TAG, "Response Status is not good");
            return;
        }
        BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
        if (basicOCSPResp == null) {
            AcmsLog.d(TAG, "Response is not proper for OCSP Request ");
            return;
        }
        SingleResp[] responses = basicOCSPResp.getResponses();
        AcmsLog.d(TAG, "checkRevocation() Number of responses " + responses.length);
        if (arrayList2.size() != responses.length) {
            AcmsLog.d(TAG, "checkRevocation() Number of responses and Number of request are not same" + responses.length);
            return;
        }
        OcspServerResponseData extractExtensionValues = extractExtensionValues(arrayList2, callback, bigInteger, basicOCSPResp, z);
        if (extractExtensionValues != null && isOCSPCertValid(arrayList2, callback, context, basicOCSPResp, z)) {
            if (!checkResponseSignature(arrayList2, callback, x509Certificate, basicOCSPResp, z)) {
                AcmsLog.d(TAG, "Response signature is not proper for app ");
                return;
            }
            Date producedAt = basicOCSPResp.getProducedAt();
            AcmsLog.d(TAG, "checkRevocation() Produced at " + producedAt.toString());
            Iterator<AppEntry> it2 = arrayList2.iterator();
            for (SingleResp singleResp : responses) {
                if (it2.hasNext()) {
                    BigInteger serialNumber = singleResp.getCertID().getSerialNumber();
                    AppEntry next2 = it2.next();
                    X509Certificate[] certs2 = AcmsUtil.getCerts(next2, context);
                    if (certs2 != null) {
                        AcmsLog.d(TAG, "checkRevocation() Number of certs " + certs2.length);
                        if (serialNumber.intValue() == certs2[certs2.length - 1].getSerialNumber().intValue()) {
                            AcmsLog.d(TAG, " Serial Number Matching the cert being validated");
                        }
                        Date nextUpdate = singleResp.getNextUpdate();
                        CertificateStatus certificateStatus = (CertificateStatus) singleResp.getCertStatus();
                        ArrayList<AppEntry> appListEntries = getAppListEntries();
                        appListEntries.add(next2);
                        if (certificateStatus == null && (!isUpdated(nextUpdate, producedAt))) {
                            AcmsLog.d(TAG, "Cert Status is Good ");
                            callback.onSuccess(appListEntries, extractExtensionValues, z);
                        } else if (certificateStatus == null && isUpdated(nextUpdate, producedAt)) {
                            AcmsRevocationMngr.getAcmsRevocationMngr(context).updateProtocol(next2);
                        } else if (certificateStatus instanceof RevokedStatus) {
                            RevokedStatus revokedStatus = (RevokedStatus) certificateStatus;
                            if (revokedStatus.hasRevocationReason()) {
                                AcmsLog.d(TAG, "Revocation Reason " + revokedStatus.getRevocationReason());
                            }
                            AcmsLog.d(TAG, "Revocation Date " + revokedStatus.getRevocationTime().toString());
                            callback.onError(appListEntries, 10, z);
                        } else if (certificateStatus instanceof UnknownStatus) {
                            callback.onError(appListEntries, 11, z);
                            AcmsLog.d(TAG, "Unknown Status ");
                        } else {
                            AcmsLog.d(TAG, "INVALID Status ");
                            callback.onError(appListEntries, 11, z);
                        }
                    }
                }
            }
            AcmsLog.d(TAG, "-------------OCSP END---------------");
        }
    }
}
