package com.tutelatechnologies.utilities.security;

import android.content.Context;
import android.util.Base64;
import com.tutelatechnologies.utilities.R;
import com.tutelatechnologies.utilities.TUConfiguration;
import com.tutelatechnologies.utilities.TUException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: classes3.dex */
public class TUSecurity {
    public static final String VERSION_NUMBER = "_4";
    private static final String defaultCertificate = "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApFT5CClGFiJPF3rPDb9FJatQ8fRw/S6ov/t/X/jr9YMD9gPY2TpRviJ7Z1z99tFYOJSKdUgbCVMIxhbqiV/h/1Z/QfGSmxWnLIwxgODSezH6M9EJ0OhIIUbWcCVf/ejWv4nD6d3QZyI1uRy7AgGAcl7cdk72ri5ibSZ8WqOopM6f2hFFSqcRNI+FdRSGpsfel9GSO9lf9oacMJVl1YuAxaq4xF7p7/0jvITnEVfDcJ9yBQd46RXWAA932D/htYDLqYgM4MweW08HiakZXaqGtMzdtxtlzDnz9beQklpQH64IBkDbOBk9qVmOBcxpEo8hgU0T3dmCVqaSuStr/nS7E4rhs+frszY3f+JZMR0GHy7rkswvahBHEkd/DGj1KmSQPKQoNuoPPPnToMEqhQCDzmQzxEeT0H1+KdD933SYkRGpnUDVs1H99TBcoHORL7R9JtHRWW31sTx3LaZMHNAO55Ya1vHzJE1ARbBj9zxlo3W9jDQuFyIF1yVux4lO8mqWJrzDj53LgnzUbxhiJe7axOOl2qQ0ytl7SacARfF1ZtU5hI0uI/u70akZiQFZab7j43n/Ohtopcktehl5hLEHnGgCb3vIm2uWRHMRSKOLw9HJKmVg3GjAtjlRyjcg3W+OMfiUlMlS7lTYXnLBqRmewXbEezLGiveZjm5WBjajoBkCAwEAAQ==";
    private static final String sharedPreferenceGetCertificate = "GetCertificate";
    static String DefaultCoSigningCertificate = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqns8TpoJkrcvZX4AZa33W/4NSdagbgi5VBBSwB1WUu1vq/Clx4RQb6tZCxEfBd9upYDEnETxfj/Vqw0KkmIq5+4/60NXFrX2Rde8uuv+Bh3ikHqI+SjFAmQlZrl9jftpjenGQHQcGvjzN3WaY8hwXGzCJl9S2jtzP5kVGLg677gRc0ctCEYonBiwCgnGJJx78K5iSY/DLCrCRkxGddQU0T4qY16xejp0FA/h8yAE9u60vtsbLt0k4ihqKTy8FogdrBHiglDycZkGGvptI8AJJxRDPVZ2HDIl9NmjunMZxSbi4Ytw7UFUWyvxCIZKIuL40DK6Aa83pRUpj9NUN+xC0QIDAQAB";
    private static String sharedPreferenceGetNonTutelaUploadCertificate = "GetNonTutelaUploadCertificate";

    public static boolean checkSignature(String str, String str2, String str3, String str4, String str5) throws TUException {
        try {
            if (str == null || str2 == null || str3 == null || str4 == null || str5 == null) {
                throw new TUException(TUException.SecurityCheckException);
            }
            byte[] decode = Base64.decode(str3, 0);
            byte[] bytes = str2.getBytes("UTF-8");
            byte[] decode2 = TUConversions.decode(TUConversions.encode(str.getBytes("UTF-8")));
            byte[] decode3 = TUConversions.decode(str4);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(decode2.length + decode3.length + bytes.length);
            byteArrayOutputStream.write(decode2, 0, decode2.length);
            byteArrayOutputStream.write(decode3, 0, decode3.length);
            byteArrayOutputStream.write(bytes, 0, bytes.length);
            return verifySignature(byteArrayOutputStream.toByteArray(), decode, TUConversions.hexStringToByteArray(str5));
        } catch (Exception e) {
            return false;
        }
    }

    private static String getCertificate(Context context) {
        String valueFromPreferenceKey = TUConfiguration.getValueFromPreferenceKey(context, sharedPreferenceGetCertificate);
        return (valueFromPreferenceKey == null || valueFromPreferenceKey.equals("")) ? DefaultCoSigningCertificate : valueFromPreferenceKey;
    }

    public static KeyStore getKeyStore() {
        try {
            return KeyStore.getInstance("BKS");
        } catch (KeyStoreException e) {
            return null;
        }
    }

    public static String getNonTutelaUploadDataCertificate(Context context) {
        String valueFromPreferenceKey = TUConfiguration.getValueFromPreferenceKey(context, sharedPreferenceGetNonTutelaUploadCertificate);
        if (valueFromPreferenceKey == null || valueFromPreferenceKey.equals("")) {
            return null;
        }
        return valueFromPreferenceKey;
    }

    public static SSLSocketFactory getSSLFactory(Context context, InputStream inputStream) throws Exception {
        KeyStore loadKeyStore = loadKeyStore(context, getKeyStore(), "", inputStream);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(loadKeyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
        return sSLContext.getSocketFactory();
    }

    public static KeyStore loadKeyStore(Context context, KeyStore keyStore, String str, InputStream inputStream) throws TUException, NoSuchAlgorithmException, CertificateException, IOException {
        InputStream openStream;
        if (inputStream == null) {
            try {
                URL resource = TUSecurity.class.getClassLoader().getResource("tutelastore.bks");
                if (resource == null) {
                    openStream = context.getResources().openRawResource(context.getApplicationContext().getResources().getIdentifier("tutelastore", "raw", context.getApplicationContext().getPackageName()));
                    if (openStream == null) {
                        openStream = context.getResources().openRawResource(R.raw.tutelastore);
                    }
                } else {
                    openStream = resource.openStream();
                }
            } catch (Exception e) {
                throw new TUException(TUException.InvalidCertificateException);
            }
        } else {
            openStream = inputStream;
        }
        keyStore.load(openStream, str != null ? str.toCharArray() : "".toCharArray());
        openStream.close();
        return keyStore;
    }

    public static boolean passesSecurityCheck(Context context, String str, String str2, String str3, String str4) throws TUException {
        if (!checkSignature(str + VERSION_NUMBER, str2, defaultCertificate, str3, str4)) {
            return false;
        }
        String certificate = getCertificate(context);
        int lastIndexOf = str2.lastIndexOf("}") + 1;
        return checkSignature("", str2.substring(0, lastIndexOf), certificate, "", str2.substring(lastIndexOf, str2.length()));
    }

    public static void removeCertificate(Context context) {
        TUConfiguration.removeValueFromPreferenceKey(context, sharedPreferenceGetCertificate);
    }

    public static void setCertificate(Context context, String str) {
        TUConfiguration.setValueFromPreferenceKey(context, sharedPreferenceGetCertificate, str);
    }

    public static void setNonTutelaUploadCertificate(Context context, int i) {
        TUConfiguration.setValueFromPreferenceKey(context, sharedPreferenceGetNonTutelaUploadCertificate, String.valueOf(i));
    }

    private static boolean verifySignature(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr2));
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(generatePublic);
            signature.update(bArr, 0, bArr.length);
            return signature.verify(bArr3);
        } catch (InvalidKeyException e) {
            return false;
        } catch (NoSuchAlgorithmException e2) {
            return false;
        } catch (SignatureException e3) {
            return false;
        } catch (InvalidKeySpecException e4) {
            return false;
        }
    }
}
