package com.cisco.webex.spark.authenticator;

import android.content.Context;
import com.cisco.webex.meetings.app.MeetingApplication;
import com.cisco.webex.spark.core.ApiClientProvider;
import com.cisco.webex.spark.core.ApiUrlProvider;
import com.cisco.webex.spark.core.IRestApiRequest;
import com.cisco.webex.spark.core.IRestApiResponse;
import com.cisco.webex.spark.core.RestApiClient;
import com.google.gson.Gson;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.annotations.SerializedName;
import com.microsoft.identity.client.PublicClientApplicationConfiguration;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftIdToken;
import com.webex.util.Logger;
import defpackage.gf4;
import defpackage.ka;
import defpackage.kf4;
import defpackage.re4;
import defpackage.sf4;
import defpackage.te4;
import defpackage.w6;
import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;

/* loaded from: classes2.dex */
public class WCAClient extends RestApiClient {
    private static final String TAG = "W_PROXIMITY_WCAClient";
    public static final String U2CServiceLinksNode = "serviceLinks";
    public static final String WCAServerURLNode = "webex-certificate-authority";
    public static int WCA_STATE_GETTING = 1;
    public static int WCA_STATE_INVALID = 2;
    public static int WCA_STATE_UNKOWN = 3;
    public static int WCA_STATE_VALID = 0;
    public static final Object sState = new Object();
    public static int sWCAState = 2;
    public String mAccessToken;
    public String mCIS_UUID;
    public String mU2CDNS;
    private String mWCAServerUrl;

    /* loaded from: classes2.dex */
    public class JWTTokenInfo {

        @SerializedName("cis_uuid")
        public String mCIS_UUID;

        @SerializedName("client_id")
        public String mClientID;

        @SerializedName("cluster")
        public String mCluster;

        @SerializedName("expiry_time")
        public long mExpiryTime;

        @SerializedName(MicrosoftIdToken.ISSUER)
        public String mISS;

        @SerializedName("private")
        public String mPrivate;

        @SerializedName("realm")
        public String mRealm;

        @SerializedName("token_id")
        public String mTokenID;

        @SerializedName("token_type")
        public String mTokenType;
        public user_info mUserInfo;

        @SerializedName("user_type")
        public String mUserType;

        @SerializedName("user_info")
        private String user_info;

        /* loaded from: classes2.dex */
        public class user_info {

            @SerializedName("email")
            public String mEMail;

            @SerializedName("name")
            public String mName;

            public user_info() {
            }
        }

        public JWTTokenInfo() {
        }

        public void updateUserInfo() {
            this.mUserInfo = (user_info) new Gson().fromJson(this.user_info, user_info.class);
        }
    }

    public WCAClient(String str, String str2, String str3) {
        String trim = str.toLowerCase().trim();
        if (trim.length() <= 0 || trim.indexOf(PublicClientApplicationConfiguration.SerializedNames.HTTP) == 0) {
            this.mU2CDNS = str;
        } else {
            this.mU2CDNS = AuthenticationConstants.Broker.REDIRECT_SSL_PREFIX + str;
        }
        if (str2 == null) {
            Logger.e(TAG, "ModernizeE2EE WCAClient(): accessToken == null.");
            this.mAccessToken = "";
        } else {
            this.mAccessToken = str2;
        }
        if (str3 != null) {
            this.mCIS_UUID = str3;
        } else {
            Logger.e(TAG, "ModernizeE2EE WCAClient(): cisUuid == null.");
            this.mCIS_UUID = "";
        }
    }

    public static boolean checkWCACertificate(String str) {
        Context applicationContext = MeetingApplication.b0().getApplicationContext();
        String d1 = ka.d1(applicationContext, "WCA.Certificates");
        String d12 = ka.d1(applicationContext, "WCA.CSRData");
        String d13 = ka.d1(applicationContext, "WCA.CSRPrivateKey");
        if (d12.isEmpty() || d13.isEmpty() || d1.isEmpty()) {
            Logger.i(TAG, "ModernizeE2EE checkWCACertificate data is empty, need to refresh certificate.");
            return false;
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(d1.getBytes()));
            if (x509Certificate == null) {
                Logger.e(TAG, "ModernizeE2EE checkWCACertificate failed: ca==null");
                return false;
            }
            Principal subjectDN = x509Certificate.getSubjectDN();
            Logger.d(TAG, "ModernizeE2EE checkWCACertificate DN is " + subjectDN.getName() + " cisUUID:" + str);
            if (!kf4.s0(str) && subjectDN.getName().endsWith(str)) {
                SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
                Date notBefore = x509Certificate.getNotBefore();
                Date notAfter = x509Certificate.getNotAfter();
                Date a = re4.a(new Date(System.currentTimeMillis()), 1);
                Logger.i(TAG, "ModernizeE2EE checkWCACertificate valid in:(" + simpleDateFormat.format(notBefore) + " -> " + simpleDateFormat.format(notAfter) + ")");
                StringBuilder sb = new StringBuilder();
                sb.append("ModernizeE2EE checkWCACertificate current + 1 = ");
                sb.append(simpleDateFormat.format(a));
                Logger.i(TAG, sb.toString());
                if (x509Certificate.getNotBefore().before(a) && x509Certificate.getNotAfter().after(a)) {
                    return true;
                }
                Logger.e(TAG, "ModernizeE2EE checkWCACertificate failed: expired.");
                return false;
            }
            Logger.i(TAG, "ModernizeE2EE checkWCACertificate DN is not same as request user's DN");
            return false;
        } catch (CertificateException e) {
            Logger.e(TAG, "ModernizeE2EE checkWCACertificate failed with CertificateException: " + e);
            return false;
        }
    }

    public static void clearWCAInfo() {
        te4.i("ModernizeE2EE", "", "WCAClient", "clearWCAInfo");
        Context applicationContext = MeetingApplication.b0().getApplicationContext();
        ka.Q1(applicationContext, "WCA.Certificates", "");
        ka.Q1(applicationContext, "WCA.CSRData", "");
        ka.Q1(applicationContext, "WCA.CSRPrivateKey", "");
        setWCAState(WCA_STATE_INVALID);
    }

    private String getWCACertificates(final String str) {
        updateWCAServerUrl();
        IRestApiRequest iRestApiRequest = new IRestApiRequest() { // from class: com.cisco.webex.spark.authenticator.WCAClient.2
            @Override // com.cisco.webex.spark.core.IRestApiRequest
            public String getBody() {
                return "{\"csr\":\"" + str + "\"}";
            }

            @Override // com.cisco.webex.spark.core.IRestApiRequest
            public Map<String, String> getHeaders() {
                HashMap hashMap = new HashMap();
                hashMap.put("Authorization", "Bearer " + WCAClient.this.mAccessToken);
                hashMap.put("Content-Type", "application/json; charset=UTF-8");
                hashMap.put("Accept", "application/json; charset=UTF-8");
                return hashMap;
            }

            @Override // com.cisco.webex.spark.core.IRestApiRequest
            public String getMethod() {
                return "POST";
            }

            @Override // com.cisco.webex.spark.core.IRestApiRequest
            public String getUrl() {
                if (kf4.s0(WCAClient.this.mWCAServerUrl)) {
                    return "https://webex-certificate-authority-intb.ciscospark.com/wca/api/v1/certificates";
                }
                return WCAClient.this.mWCAServerUrl + "/certificates";
            }
        };
        w6.g("14003");
        IRestApiResponse request = request(iRestApiRequest);
        if (request == null) {
            Logger.e(TAG, "ModernizeE2EE getWCACertificates failed. No response.");
        } else {
            if (request.getResponseCode() == 201) {
                Logger.i(TAG, "ModernizeE2EE getWCACertificates success, cert len = " + request.getBody().length());
                return request.getBody();
            }
            Logger.e(TAG, "ModernizeE2EE getWCACertificates failed, error = " + request.getResponseCode());
        }
        w6.g("14004");
        return "";
    }

    public static int getWCAState(String str) {
        int i = sWCAState;
        if (i == WCA_STATE_GETTING) {
            return i;
        }
        if (kf4.s0(str)) {
            return setWCAState(WCA_STATE_UNKOWN);
        }
        if (checkWCACertificate(str)) {
            return setWCAState(WCA_STATE_VALID);
        }
        clearWCAInfo();
        return setWCAState(WCA_STATE_INVALID);
    }

    public static boolean requestUserWCACertificate(String str, String str2, String str3) {
        Logger.i("W_PROXIMITY", "ModernizeE2EE requestUserWCACertificate");
        setWCAState(WCA_STATE_GETTING);
        if (ApiClientProvider.get().getWCAClient(str, str2, str3).ensureWCACertificates(str3)) {
            setWCAState(WCA_STATE_VALID);
            return true;
        }
        Logger.e("W_PROXIMITY", "ModernizeE2EE requestUserWCACertificate failed. wcaCertificate==null");
        clearWCAInfo();
        setWCAState(WCA_STATE_INVALID);
        return false;
    }

    public static int setWCAState(int i) {
        synchronized (sState) {
            Logger.i("W_PROXIMITY", "ModernizeE2EE setWCAState from " + sWCAState + " to " + i);
            sWCAState = i;
        }
        return i;
    }

    public static void updateWCAInfo(String str, String str2, String str3) {
        Context applicationContext = MeetingApplication.b0().getApplicationContext();
        ka.Q1(applicationContext, "WCA.Certificates", str);
        ka.Q1(applicationContext, "WCA.CSRData", str2);
        ka.Q1(applicationContext, "WCA.CSRPrivateKey", str3);
    }

    private void updateWCAServerUrl() {
        IRestApiRequest iRestApiRequest = new IRestApiRequest() { // from class: com.cisco.webex.spark.authenticator.WCAClient.1
            @Override // com.cisco.webex.spark.core.IRestApiRequest
            public String getBody() {
                return "";
            }

            @Override // com.cisco.webex.spark.core.IRestApiRequest
            public Map<String, String> getHeaders() {
                HashMap hashMap = new HashMap();
                hashMap.put("Authorization", "Bearer " + WCAClient.this.mAccessToken);
                hashMap.put("Content-Type", "application/json; charset=UTF-8");
                hashMap.put("Accept", "application/json; charset=UTF-8");
                return hashMap;
            }

            @Override // com.cisco.webex.spark.core.IRestApiRequest
            public String getMethod() {
                return "GET";
            }

            @Override // com.cisco.webex.spark.core.IRestApiRequest
            public String getUrl() {
                if (kf4.s0(WCAClient.this.mU2CDNS)) {
                    return "https://u2c.wbx2.com/u2c/api/v1/catalog?format=hostmap";
                }
                return WCAClient.this.mU2CDNS + "/u2c/api/v1/catalog?format=hostmap";
            }
        };
        this.mWCAServerUrl = "";
        w6.g("14001");
        IRestApiResponse request = request(iRestApiRequest);
        boolean z = false;
        if (request == null) {
            Logger.e(TAG, "ModernizeE2EE updateWCAServerUrl failed. No response.");
        } else if (request.getResponseCode() == 200) {
            try {
                JsonObject asJsonObject = new JsonParser().parse(request.getBody()).getAsJsonObject();
                if (asJsonObject.has(U2CServiceLinksNode)) {
                    JsonObject asJsonObject2 = asJsonObject.getAsJsonObject(U2CServiceLinksNode);
                    Logger.i(TAG, "ModernizeE2EE updateWCAServerUrl success, maps size = " + asJsonObject2.size());
                    if (asJsonObject2.has(WCAServerURLNode)) {
                        this.mWCAServerUrl = asJsonObject2.get(WCAServerURLNode).getAsString();
                        z = true;
                    }
                }
            } catch (Exception e) {
                Logger.e(TAG, "might MalformedJsonException ", e);
            }
        } else {
            Logger.e(TAG, "ModernizeE2EE updateWCAServerUrl failed, error = " + request.getResponseCode());
        }
        if (!z) {
            w6.g("14002");
        }
        if (kf4.s0(this.mWCAServerUrl)) {
            this.mWCAServerUrl = ApiUrlProvider.DEFAULT_WCA_API_URL;
            Logger.e(TAG, "ModernizeE2EE updateWCAServerUrl failed, no WCA Server url, use default: " + this.mWCAServerUrl);
            if (request != null) {
                Logger.e(TAG, "ModernizeE2EE updateWCAServerUrl U2C return: " + request.getBody());
            }
        }
    }

    public boolean ensureWCACertificates(String str) {
        if (checkWCACertificate(str)) {
            Logger.i("ModernizeE2EE", "ensureWCACertificates end with exist certificates");
            return true;
        }
        String str2 = this.mCIS_UUID;
        sf4 sf4Var = new sf4();
        String g = gf4.g(this.mAccessToken.getBytes(StandardCharsets.UTF_8));
        Logger.i("ModernizeE2EE", "ensureWCACertificates create wca for: " + str2);
        if (!sf4Var.c(str2, "webex", "webex", "webex", "webex", g)) {
            Logger.e(TAG, "ModernizeE2EE getCertificate failed. CreateX509CSR==null");
            return false;
        }
        String str3 = new String(sf4Var.q());
        String str4 = new String(sf4Var.r());
        String wCACertificates = getWCACertificates(str3);
        if (kf4.s0(wCACertificates)) {
            return false;
        }
        updateWCAInfo(wCACertificates, str3, str4);
        return true;
    }
}
