package gov.loc.nls.dtb.security;

import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Build;
import android.util.Base64;
import gov.loc.nls.dtb.R;
import gov.loc.nls.dtb.log.Log4jHelper;
import gov.loc.nls.dtb.model.AuthorizeDeviceResponse;
import gov.loc.nls.dtb.parser.AuthorizeDeviceResponseParser;
import gov.loc.nls.dtb.service.RESTServiceTask;
import gov.loc.nls.dtb.util.AppUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
import java.util.TimeZone;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes.dex */
public class AuthorizeDeviceUtil {
    private static String NLS_PUB_KEY_NAME = null;
    private static final String OUR_AES_KEY_NAME = "DAISY.us-nls.android.1234567890.bootstrap";
    private static final String OUR_PUB_KEY_NAME = "DAISY.us-nls.android.1234567890";
    private static final String TOKEN_USER_NAME = "[USER_NAME]";
    private SecretKey aesKey;
    private Context context;
    private final Log4jHelper log = Log4jHelper.getLog4JLogger(getClass().getSimpleName());
    private PublicKey nlsRSAPublicKey;
    private KeyPair rsaKeyPair;

    public AuthorizeDeviceUtil(Context context) {
        this.context = context;
        setNlsPubKeyName();
        this.rsaKeyPair = generateRSAKeyPair();
        this.aesKey = generateAESKey();
        this.nlsRSAPublicKey = getManufacturerPublicKey();
    }

    private int bitSizeToByteSize(int i) {
        if (i >= 0) {
            return ((i + 8) - 1) / 8;
        }
        throw new IllegalArgumentException("bitSize (" + i + " should not be negative");
    }

    private String buildRequestXML() {
        String buildUserDataXML;
        String encryptUserDataXML;
        String encryptAESKey = encryptAESKey();
        if (encryptAESKey == null || (buildUserDataXML = buildUserDataXML()) == null || (encryptUserDataXML = encryptUserDataXML(buildUserDataXML)) == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n");
        stringBuffer.append("<bardAPI xmlns=\"http://www.loc.gov/nls/BARD/2012/mobile\">\n");
        stringBuffer.append("<BARDauthentication xmlns=\"http://www.loc.gov/nls/BARD/2012/mobile\"\n");
        stringBuffer.append("    xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\n");
        stringBuffer.append("    xmlns:xe=\"http://www.w3.org/2001/04/xmlenc#\">\n");
        stringBuffer.append("    <Keys>\n");
        stringBuffer.append("        <ds:KeyInfo>\n");
        stringBuffer.append("            <ds:KeyName>");
        stringBuffer.append(NLS_PUB_KEY_NAME);
        stringBuffer.append("</ds:KeyName>\n");
        stringBuffer.append("        </ds:KeyInfo>\n");
        stringBuffer.append("        <ContentKey media=\"text\">\n");
        stringBuffer.append("            <xe:EncryptedKey>\n");
        stringBuffer.append("                <xe:EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#rsa-1_5\"/>\n");
        stringBuffer.append("                <xe:CipherData>\n");
        stringBuffer.append("                    <xe:CipherValue>");
        stringBuffer.append(encryptAESKey);
        stringBuffer.append("</xe:CipherValue>\n");
        stringBuffer.append("                </xe:CipherData>\n");
        stringBuffer.append("                <xe:CarriedKeyName>");
        stringBuffer.append(OUR_AES_KEY_NAME.replace("1234567890", AppUtils.getDeviceIDForLogging(this.context)));
        stringBuffer.append("</xe:CarriedKeyName>\n");
        stringBuffer.append("            </xe:EncryptedKey>\n");
        stringBuffer.append("        </ContentKey>\n");
        stringBuffer.append("    </Keys>\n");
        stringBuffer.append("    <EncryptedData Type=\"http://www.w3.org/2001/04/xmlenc#Element\" xmlns=\"http://www.w3.org/2001/04/xmlenc#\">\n");
        stringBuffer.append("        <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes128-cbc\"/>\n");
        stringBuffer.append("        <CipherData>\n");
        stringBuffer.append("            <CipherValue>");
        stringBuffer.append(encryptUserDataXML);
        stringBuffer.append("</CipherValue>\n");
        stringBuffer.append("        </CipherData>\n");
        stringBuffer.append("    </EncryptedData>\n");
        stringBuffer.append("</BARDauthentication>\n");
        stringBuffer.append("</bardAPI>\n");
        return stringBuffer.toString();
    }

    private String buildUserDataXML() {
        try {
            RSAPublicKeySpec rSAPublicKeySpec = (RSAPublicKeySpec) KeyFactory.getInstance("RSA").getKeySpec(this.rsaKeyPair.getPublic(), RSAPublicKeySpec.class);
            String replace = Base64.encodeToString(integerToOctetString(rSAPublicKeySpec.getModulus(), 128), 0).replace("\n", "");
            String replace2 = Base64.encodeToString(rSAPublicKeySpec.getPublicExponent().toByteArray(), 0).replace("\n", "");
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("<MobileInitiation xmlns=\"http://www.loc.gov/nls/BARD/2012/mobile\">\n");
            stringBuffer.append("    <KeyExchange xmlns=\"http://www.daisy.org/DRM/2005/KeyExchange\"\n");
            stringBuffer.append("        xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\n");
            stringBuffer.append("        xmlns:xe=\"http://www.w3.org/2001/04/xmldenc#\">\n");
            stringBuffer.append("        <Issuer uid=\"DAISY.us-nls\">National Library Service for the Blind and Physically Handicapped</Issuer>\n");
            stringBuffer.append("        <ds:KeyInfo>\n");
            stringBuffer.append("            <ds:KeyValue>\n");
            stringBuffer.append("                <ds:RSAKeyValue>\n");
            stringBuffer.append("                    <ds:Modulus>");
            stringBuffer.append(replace);
            stringBuffer.append("</ds:Modulus>\n");
            stringBuffer.append("                    <ds:Exponent>");
            stringBuffer.append(replace2);
            stringBuffer.append("</ds:Exponent>\n");
            stringBuffer.append("                </ds:RSAKeyValue>\n");
            stringBuffer.append("            </ds:KeyValue>\n");
            stringBuffer.append("            <ds:KeyName>");
            stringBuffer.append(OUR_PUB_KEY_NAME.replace("1234567890", AppUtils.getDeviceIDForLogging(this.context)));
            stringBuffer.append("</ds:KeyName>\n");
            stringBuffer.append("        </ds:KeyInfo>\n");
            stringBuffer.append("    </KeyExchange>\n");
            stringBuffer.append("    <DeviceUID>");
            stringBuffer.append(AppUtils.getDeviceIDForLogging(this.context));
            stringBuffer.append("</DeviceUID>\n");
            stringBuffer.append("    <DeviceModel>Android</DeviceModel>\n");
            stringBuffer.append("    <DeviceVariant>");
            stringBuffer.append(Build.MODEL);
            stringBuffer.append("</DeviceVariant>\n");
            stringBuffer.append("    <AppVersion>");
            stringBuffer.append(getAppVersion());
            stringBuffer.append("</AppVersion>\n");
            stringBuffer.append("    <ISOdateTime>");
            stringBuffer.append(getCurrentISODateTime());
            stringBuffer.append("</ISOdateTime>\n");
            stringBuffer.append("    <Timezone>");
            stringBuffer.append(getTimezone());
            stringBuffer.append("</Timezone>\n");
            stringBuffer.append("    <Credential>");
            stringBuffer.append(UserSession.getCredential());
            stringBuffer.append("</Credential>\n");
            stringBuffer.append("</MobileInitiation>\n");
            return stringBuffer.toString();
        } catch (NoSuchAlgorithmException e) {
            this.log.error("RSA alg not available", e);
            return null;
        } catch (InvalidKeySpecException e2) {
            this.log.error("invalid key spec", e2);
            return null;
        }
    }

    private String encryptAESKey() {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            try {
                cipher.init(3, this.nlsRSAPublicKey);
                try {
                    return Base64.encodeToString(cipher.wrap(this.aesKey), 0).replace("\n", "");
                } catch (InvalidKeyException e) {
                    this.log.error("AES key invalid", e);
                    return null;
                } catch (IllegalBlockSizeException e2) {
                    this.log.error("illegal block size", e2);
                    return null;
                }
            } catch (InvalidKeyException e3) {
                this.log.error("NLS RSA public key invalid", e3);
                return null;
            }
        } catch (NoSuchAlgorithmException e4) {
            this.log.error("RSA alg not available", e4);
            return null;
        } catch (NoSuchPaddingException e5) {
            this.log.error("PKCS1Padding not available", e5);
            return null;
        }
    }

    private String encryptUserDataXML(String str) {
        byte[] iv;
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            try {
                cipher.init(1, this.aesKey);
                AlgorithmParameters parameters = cipher.getParameters();
                try {
                    if (parameters == null) {
                        try {
                            SecureRandom secureRandom = getSecureRandom();
                            byte[] bArr = new byte[16];
                            secureRandom.nextBytes(bArr);
                            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
                            cipher.init(1, this.aesKey, ivParameterSpec, secureRandom);
                            iv = ivParameterSpec.getIV();
                        } catch (Exception e) {
                            this.log.error("AES key invalid", e);
                            return null;
                        }
                    } else {
                        iv = ((IvParameterSpec) parameters.getParameterSpec(IvParameterSpec.class)).getIV();
                    }
                    try {
                        byte[] doFinal = cipher.doFinal(str.getBytes("UTF-8"));
                        byte[] bArr2 = new byte[iv.length + doFinal.length];
                        System.arraycopy(iv, 0, bArr2, 0, iv.length);
                        System.arraycopy(doFinal, 0, bArr2, iv.length, doFinal.length);
                        return Base64.encodeToString(bArr2, 0).replace("\n", "");
                    } catch (UnsupportedEncodingException e2) {
                        this.log.error("unsupported encoding", e2);
                        return null;
                    } catch (BadPaddingException e3) {
                        this.log.error("bad padding", e3);
                        return null;
                    } catch (IllegalBlockSizeException e4) {
                        this.log.error("illegal block size", e4);
                        return null;
                    }
                } catch (InvalidParameterSpecException e5) {
                    this.log.error("invalid parameter spec", e5);
                    return null;
                }
            } catch (InvalidKeyException e6) {
                this.log.error("AES key invalid", e6);
                return null;
            }
        } catch (NoSuchAlgorithmException e7) {
            this.log.error("AES alg not available", e7);
            return null;
        } catch (NoSuchPaddingException e8) {
            this.log.error("PKCS5Padding not available", e8);
            return null;
        }
    }

    private SecretKey generateAESKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            try {
                keyGenerator.init(128, SecureRandom.getInstance("SHA1PRNG"));
                return keyGenerator.generateKey();
            } catch (NoSuchAlgorithmException e) {
                this.log.error("SHA1PRNG alg not available", e);
                return null;
            }
        } catch (NoSuchAlgorithmException e2) {
            this.log.error("AES alg not available", e2);
            return null;
        }
    }

    private KeyPair generateRSAKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(1024);
            return keyPairGenerator.genKeyPair();
        } catch (NoSuchAlgorithmException e) {
            this.log.error("RSA alg not available", e);
            return null;
        }
    }

    private String getAppVersion() {
        try {
            return "Android-" + this.context.getPackageManager().getPackageInfo(this.context.getPackageName(), 0).versionName;
        } catch (PackageManager.NameNotFoundException unused) {
            this.log.error("getAppVersion: can't get app version");
            return "Android";
        }
    }

    private String getAuthorizeDeviceURL(String str) {
        return (AppUtils.getApiServerUrl(this.context) + this.context.getString(R.string.nls_authorizedevice_rest_url)).replace("[USER_NAME]", AppUtils.getEncodedUrlParameter(str));
    }

    private String getCurrentISODateTime() {
        return new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ", Locale.US).format(new Date());
    }

    private PublicKey getManufacturerPublicKey() {
        try {
            InputStream open = this.context.getResources().getAssets().open(NLS_PUB_KEY_NAME + ".public.der");
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                for (int read = open.read(); read > -1; read = open.read()) {
                    byteArrayOutputStream.write(read);
                }
                byteArrayOutputStream.flush();
                return (Build.VERSION.SDK_INT <= 27 ? KeyFactory.getInstance("RSA", "BC") : KeyFactory.getInstance("RSA")).generatePublic(new X509EncodedKeySpec(byteArrayOutputStream.toByteArray()));
            } catch (Exception e) {
                this.log.error("error reading NLS RSA public key resource: " + e.getMessage(), e);
                return null;
            }
        } catch (IOException e2) {
            this.log.error("error opening NLS RSA public key resource: " + e2.getMessage(), e2);
            return null;
        }
    }

    private SecureRandom getSecureRandom() {
        try {
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            secureRandom.setSeed(secureRandom.generateSeed(5));
            return secureRandom;
        } catch (Exception e) {
            this.log.error("unknown error occurred while generating random iv", e);
            return null;
        }
    }

    private String getTimezone() {
        int rawOffset = TimeZone.getDefault().getRawOffset();
        Locale locale = Locale.US;
        Object[] objArr = new Object[2];
        objArr[0] = rawOffset >= 0 ? "+" : "";
        objArr[1] = Integer.valueOf(rawOffset / 3600000);
        return String.format(locale, "%s%d", objArr);
    }

    private byte[] integerToOctetString(BigInteger bigInteger, int i) {
        if (bigInteger.signum() < 0) {
            throw new IllegalArgumentException("argument i should not be negative");
        }
        if (i <= 0) {
            throw new IllegalArgumentException("octetStringSize argument (" + i + ") should be higher than 0 to store any integer");
        }
        if (bigInteger.bitLength() > i * 8) {
            throw new IllegalArgumentException("argument i (" + bigInteger + ") does not fit into " + i + " octets");
        }
        byte[] byteArray = bigInteger.toByteArray();
        int length = byteArray.length;
        if (length == i) {
            return byteArray;
        }
        byte[] bArr = new byte[i];
        if (byteArray[0] == 0) {
            System.arraycopy(byteArray, 1, bArr, (i - length) + 1, length - 1);
        } else {
            System.arraycopy(byteArray, 0, bArr, i - length, length);
        }
        return bArr;
    }

    private BigInteger octetStringToInteger(byte[] bArr) {
        return new BigInteger(1, bArr);
    }

    private boolean processResponse(String str) {
        AuthorizeDeviceResponse parse = new AuthorizeDeviceResponseParser(this.rsaKeyPair.getPrivate()).parse(str);
        if (!parse.getCode().equals(AuthorizeDeviceResponse.RESULT_SUCCESS_CODE)) {
            this.log.error("got failure code");
            return false;
        }
        if (parse.getRsaPrivateKey() == null || parse.getRsaPrivateKeyName() == null) {
            this.log.error("no key or key name");
            return false;
        }
        SecurityUtil.setRSAPrivateKeyName(this.context, parse.getRsaPrivateKeyName());
        SecurityUtil.storeRSAPrivateKey(this.context, parse.getRsaPrivateKey());
        return true;
    }

    private void setNlsPubKeyName() {
        if (AppUtils.getApiServer(this.context).equals(this.context.getString(R.string.apiServerProduction_text))) {
            NLS_PUB_KEY_NAME = "us-nls.mfgr.Android001";
        } else {
            NLS_PUB_KEY_NAME = "us-nls.mfgr.devShinano";
        }
    }

    public boolean authorizeDevice(String str) {
        String buildRequestXML;
        if (this.rsaKeyPair == null || this.aesKey == null || this.nlsRSAPublicKey == null || (buildRequestXML = buildRequestXML()) == null) {
            return false;
        }
        this.log.debug("get authorize device xml-response: " + buildRequestXML);
        Context context = this.context;
        try {
            String executeGet = new RESTServiceTask(context, AppUtils.getBARDUrl(context, getAuthorizeDeviceURL(str)), 2, null, buildRequestXML).executeGet();
            this.log.debug("get authorize device xml-response: " + executeGet);
            return processResponse(executeGet);
        } catch (Exception e) {
            this.log.error("Error occurred processing authorize device: " + e.getMessage(), e);
            return false;
        }
    }
}
