package com.psiphon3.psiphonlibrary;

import android.content.Context;
import android.os.Bundle;
import android.os.SystemClock;
import android.provider.Settings;
import android.text.TextUtils;
import com.google.android.gms.common.ConnectionResult;
import com.google.android.gms.common.api.GoogleApiClient;
import com.google.android.gms.common.api.Status;
import com.google.android.gms.common.api.g;
import com.google.android.gms.safetynet.a;
import com.google.android.gms.safetynet.b;
import com.psiphon3.psiphonlibrary.Utils;
import com.psiphon3.psiphonlibrary.obfuscation.AESObfuscator;
import com.psiphon3.psiphonlibrary.obfuscation.Base64;
import com.psiphon3.psiphonlibrary.obfuscation.Base64DecoderException;
import com.psiphon3.psiphonlibrary.obfuscation.Obfuscator;
import com.psiphon3.psiphonlibrary.obfuscation.ValidationException;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.lang.ref.WeakReference;
import java.security.SecureRandom;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class GoogleSafetyNetApiWrapper implements GoogleApiClient.ConnectionCallbacks, GoogleApiClient.OnConnectionFailedListener {
    private static final int API_CONNECT_FAILED = 2;
    private static final int API_REQUEST_FAILED = 1;
    private static final int API_REQUEST_OK = 0;
    private static final String ATTESTATION_RESULT_CACHE_FILE = "attestationResultCacheFile";
    private static final String KEY_ATTESTATION_RESULT = "keyAttestationResult";
    private static final int MAX_CACHED_ENTRIES = 20;
    private static final byte[] SALT = {18, 43, -35, 57, -14, 121, Byte.MAX_VALUE, -59, 58, -29, 11, -108, 103, 87, 72, -17, 104, -121, -111, 53};
    private static GoogleSafetyNetApiWrapper mInstance;
    private GoogleApiClient mGoogleApiClient;
    private String mLastServerNonce;
    private long mLastTtlSeconds;
    private Obfuscator mObfuscator;
    private WeakReference<TunnelManager> mTunnelManager;
    private AtomicBoolean mCheckInFlight = new AtomicBoolean(false);
    private CacheMap<String, CacheEntry> mCacheMap = new CacheMap<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class CacheEntry implements Serializable {
        private static final long serialVersionUID = 1;
        private long expirationTimestamp;
        private String payload;

        CacheEntry(String str, long j) {
            this.payload = str;
            this.expirationTimestamp = j;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class CacheMap<K, V> extends LinkedHashMap<K, V> {
        private CacheMap() {
        }

        @Override // java.util.LinkedHashMap
        protected boolean removeEldestEntry(Map.Entry entry) {
            return size() > 20;
        }
    }

    private GoogleSafetyNetApiWrapper(Context context) {
        this.mGoogleApiClient = new GoogleApiClient.Builder(context).addApi(a.c).addConnectionCallbacks(this).addOnConnectionFailedListener(this).build();
        this.mObfuscator = new AESObfuscator(SALT, context.getPackageName(), Settings.Secure.getString(context.getContentResolver(), "android_id"));
        loadSavedCache(context);
    }

    private void doSafetyNetCheck() {
        byte[] bArr;
        byte[] bArr2 = new byte[32];
        new SecureRandom().nextBytes(bArr2);
        byte[] decode = !TextUtils.isEmpty(this.mLastServerNonce) ? Utils.Base64.decode(this.mLastServerNonce) : null;
        if (decode != null) {
            bArr = new byte[decode.length + 32];
            System.arraycopy(bArr2, 0, bArr, 0, bArr2.length);
            System.arraycopy(decode, 0, bArr, bArr2.length, decode.length);
        } else {
            bArr = bArr2;
        }
        a.d.a(this.mGoogleApiClient, bArr).a(new g<b.a>() { // from class: com.psiphon3.psiphonlibrary.GoogleSafetyNetApiWrapper.1
            @Override // com.google.android.gms.common.api.g
            public void onResult(b.a aVar) {
                Status a = aVar.a();
                String b = aVar.b();
                if (!a.e() || TextUtils.isEmpty(b)) {
                    GoogleSafetyNetApiWrapper.this.onSafetyNetCheckNotify(1, a.toString());
                } else {
                    GoogleSafetyNetApiWrapper.this.onSafetyNetCheckNotify(0, b);
                }
            }
        });
    }

    public static synchronized GoogleSafetyNetApiWrapper getInstance(Context context) {
        GoogleSafetyNetApiWrapper googleSafetyNetApiWrapper;
        synchronized (GoogleSafetyNetApiWrapper.class) {
            if (mInstance == null) {
                mInstance = new GoogleSafetyNetApiWrapper(context);
            }
            googleSafetyNetApiWrapper = mInstance;
        }
        return googleSafetyNetApiWrapper;
    }

    private boolean isValidJWTResult(String str) {
        String[] split = str.split("\\.");
        if (split.length != 3) {
            return false;
        }
        for (int i = 0; i < split.length; i++) {
            try {
                byte[] decodeWebSafe = Base64.decodeWebSafe(split[i]);
                if (i < 2) {
                    try {
                        new JSONObject(new String(decodeWebSafe, "UTF-8"));
                    } catch (UnsupportedEncodingException e) {
                        return false;
                    } catch (JSONException e2) {
                        return false;
                    }
                }
            } catch (Base64DecoderException e3) {
                return false;
            }
        }
        return true;
    }

    private void loadSavedCache(Context context) {
        try {
            FileInputStream openFileInput = context.openFileInput(ATTESTATION_RESULT_CACHE_FILE);
            ObjectInputStream objectInputStream = new ObjectInputStream(openFileInput);
            this.mCacheMap = (CacheMap) objectInputStream.readObject();
            objectInputStream.close();
            openFileInput.close();
        } catch (IOException e) {
        } catch (ClassNotFoundException e2) {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onSafetyNetCheckNotify(int i, String str) {
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put("status", i);
            jSONObject.put("payload", str);
            setPayload(jSONObject.toString(), i == 0 && isValidJWTResult(str));
        } catch (JSONException e) {
            throw new RuntimeException(e);
        }
    }

    private void setPayload(String str, boolean z) {
        if (z) {
            this.mCacheMap.put(this.mLastServerNonce, new CacheEntry(this.mObfuscator.obfuscate(str, KEY_ATTESTATION_RESULT), SystemClock.elapsedRealtime() + (this.mLastTtlSeconds * 1000)));
        }
        TunnelManager tunnelManager = this.mTunnelManager.get();
        if (tunnelManager != null) {
            tunnelManager.setClientVerificationResult(str);
        }
        this.mCheckInFlight.set(false);
    }

    private boolean setPayloadFromCache() {
        CacheEntry cacheEntry = this.mCacheMap.get(this.mLastServerNonce);
        if (cacheEntry == null) {
            return false;
        }
        if (SystemClock.elapsedRealtime() > cacheEntry.expirationTimestamp) {
            this.mCacheMap.remove(this.mLastServerNonce);
            return false;
        }
        try {
            setPayload(this.mObfuscator.unobfuscate(cacheEntry.payload, KEY_ATTESTATION_RESULT), false);
            return true;
        } catch (ValidationException e) {
            return false;
        }
    }

    public Object clone() {
        throw new CloneNotSupportedException();
    }

    public void disconnect() {
        if (this.mGoogleApiClient.isConnected()) {
            this.mGoogleApiClient.disconnect();
        }
        this.mCheckInFlight.set(false);
    }

    @Override // com.google.android.gms.common.api.GoogleApiClient.ConnectionCallbacks
    public void onConnected(Bundle bundle) {
        doSafetyNetCheck();
    }

    @Override // com.google.android.gms.common.api.GoogleApiClient.OnConnectionFailedListener
    public void onConnectionFailed(ConnectionResult connectionResult) {
        onSafetyNetCheckNotify(2, connectionResult.toString());
    }

    @Override // com.google.android.gms.common.api.GoogleApiClient.ConnectionCallbacks
    public void onConnectionSuspended(int i) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void saveCache(Context context) {
        if (this.mCacheMap == null || this.mCacheMap.size() <= 0) {
            return;
        }
        try {
            FileOutputStream openFileOutput = context.openFileOutput(ATTESTATION_RESULT_CACHE_FILE, 0);
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(openFileOutput);
            objectOutputStream.writeObject(this.mCacheMap);
            objectOutputStream.close();
            openFileOutput.flush();
            openFileOutput.close();
        } catch (IOException e) {
        }
    }

    public void verify(TunnelManager tunnelManager, String str, int i, boolean z) {
        this.mTunnelManager = new WeakReference<>(tunnelManager);
        if (this.mCheckInFlight.compareAndSet(false, true)) {
            if (z) {
                this.mCacheMap.remove(str);
            }
            this.mLastServerNonce = str;
            this.mLastTtlSeconds = i;
            if (setPayloadFromCache() || this.mGoogleApiClient.isConnecting() || this.mGoogleApiClient.isConnected()) {
                return;
            }
            this.mGoogleApiClient.connect();
        }
    }
}
