package com.arlo.app.security;

import android.text.TextUtils;
import android.util.Base64;
import com.arlo.app.asyncbitmaps.AsyncTask;
import com.arlo.app.camera.BaseStation;
import com.arlo.app.camera.CameraInfo;
import com.arlo.app.communication.DeviceNotification;
import com.arlo.app.communication.HttpApi;
import com.arlo.app.communication.SseUtils;
import com.arlo.app.devices.DeviceUtils;
import com.arlo.app.logger.ArloLog;
import com.arlo.app.utils.AppSingleton;
import com.arlo.app.utils.FeatureAvailability;
import com.arlo.app.utils.MD5Utils;
import com.arlo.app.utils.VuezoneModel;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Collections;
import java.util.HashSet;
import org.apache.commons.lang3.StringUtils;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class SecurityUtils {
    private static final String CERTIFICATE_FOOTER = "-----END CERTIFICATE-----";
    private static final String CERTIFICATE_HEADER = "-----BEGIN CERTIFICATE-----";
    private static final String CERTIFICATE_POSTFIX = ".crt";
    private static final String DEVICE_FOLDER_NAME = "device";
    private static final String ICA_CERTIFICATE_FILE_NAME = "ica.crt";
    private static final int KEY_SIZE = 2048;
    private static final String PEER_FOLDER_NAME = "peer";
    private static final String PKCS1_PRIVATE_KEY_FILE_NAME = "private_pkcs1.pem";
    private static final String PKCS1_PRIVATE_KEY_FOOTER = "-----END PRIVATE KEY-----";
    private static final String PKCS1_PRIVATE_KEY_HEADER = "-----BEGIN PRIVATE KEY-----";
    private static final String PRIVATE_KEY_FILE_NAME = "private.pem";
    private static final String PUBLIC_KEY_FILE_NAME = "public.pem";
    private static final String SECURITY_FOLDER_NAME = "security";
    private static final String TAG = SecurityUtils.class.getSimpleName();
    private static SecurityUtils instance;
    private boolean isInitialized = false;
    private PrivateKey mPrivateKey;
    private PublicKey mPublicKey;

    private boolean checkKeysIntegrity() {
        boolean z;
        File file = new File(getPrivateKeyPath());
        File file2 = new File(getPublicKeyPath());
        File file3 = new File(getPKCS1PrivateKeyPath());
        if (file.exists() && file2.exists() && file3.exists()) {
            z = true;
        } else if (file.exists() && file2.exists()) {
            loadPrivateKey();
            storePrivateKey();
            z = file3.exists();
        } else {
            z = false;
        }
        if (!z) {
            ArloLog.d(TAG, "Keys do not exist or are corrupted. Removing keys and certificates.", true);
            removeDirectory(new File(AppSingleton.getInstance().getApplicationContext().getFilesDir().toString() + File.separator + SECURITY_FOLDER_NAME + File.separator + VuezoneModel.getUserIDFromMemoryOrPreferences()));
            this.mPrivateKey = null;
            this.mPublicKey = null;
        }
        return z;
    }

    private void generateKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            this.mPublicKey = generateKeyPair.getPublic();
            this.mPrivateKey = generateKeyPair.getPrivate();
            storePrivateKey();
            storePublicKey();
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
        }
    }

    public static SecurityUtils getInstance() {
        if (instance == null) {
            instance = new SecurityUtils();
        }
        SecurityUtils securityUtils = instance;
        if (!securityUtils.isInitialized) {
            securityUtils.initialize();
        }
        return instance;
    }

    public static String getRootPath() {
        return AppSingleton.getInstance().getApplicationContext().getFilesDir().toString() + File.separator + SECURITY_FOLDER_NAME;
    }

    private void initialize() {
        checkKeysIntegrity();
        new File(AppSingleton.getInstance().getApplicationContext().getFilesDir(), SECURITY_FOLDER_NAME + File.separator + VuezoneModel.getUserIDFromMemoryOrPreferences() + File.separator + PEER_FOLDER_NAME).mkdirs();
        new File(AppSingleton.getInstance().getApplicationContext().getFilesDir(), SECURITY_FOLDER_NAME + File.separator + VuezoneModel.getUserIDFromMemoryOrPreferences() + File.separator + DEVICE_FOLDER_NAME).mkdirs();
        if ((this.mPrivateKey == null || this.mPublicKey == null) && FeatureAvailability.isLoggingEnabled()) {
            ArloLog.d(TAG, "Setting up:", true);
            File file = new File(getPrivateKeyPath());
            ArloLog.d(TAG, file.getPath() + " | " + file.exists(), true);
            File file2 = new File(getPKCS1PrivateKeyPath());
            ArloLog.d(TAG, file2.getPath() + " | " + file2.exists(), true);
            File file3 = new File(getPublicKeyPath());
            ArloLog.d(TAG, file3.getPath() + " | " + file3.exists(), true);
        }
        if (this.mPrivateKey == null) {
            loadPrivateKey();
        }
        if (this.mPublicKey == null) {
            loadPublicKey();
        }
        this.isInitialized = true;
    }

    private boolean isCertificateValid(File file) {
        if (!file.exists()) {
            return false;
        }
        try {
            ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(file))).checkValidity();
            return true;
        } catch (FileNotFoundException | CertificateException e) {
            e.printStackTrace();
            if (!(e instanceof CertificateException)) {
                return false;
            }
            byte[] readCertificate = readCertificate(file.getPath());
            if (readCertificate == null) {
                ArloLog.d(TAG, "FileNotFoundException", true);
                return false;
            }
            ArloLog.d(TAG, "Failed check for: " + new String(readCertificate), true);
            return false;
        }
    }

    private void loadPrivateKey() {
        try {
            File file = new File(getPrivateKeyPath());
            if (file.exists()) {
                FileInputStream fileInputStream = new FileInputStream(file);
                byte[] bArr = new byte[(int) file.length()];
                fileInputStream.read(bArr);
                fileInputStream.close();
                this.mPrivateKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
            }
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            e.printStackTrace();
        }
    }

    private void loadPublicKey() {
        try {
            File file = new File(getPublicKeyPath());
            if (file.exists()) {
                FileInputStream fileInputStream = new FileInputStream(file);
                byte[] bArr = new byte[(int) file.length()];
                fileInputStream.read(bArr);
                fileInputStream.close();
                this.mPublicKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr));
            }
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            e.printStackTrace();
        }
    }

    private byte[] readCertificate(String str) {
        FileInputStream fileInputStream;
        File file = new File(str);
        int length = (int) file.length();
        byte[] bArr = new byte[length];
        byte[] bArr2 = new byte[length];
        try {
            fileInputStream = new FileInputStream(file);
            try {
                int read = fileInputStream.read(bArr, 0, length);
                if (read < length) {
                    int i = length - read;
                    while (i > 0) {
                        int read2 = fileInputStream.read(bArr2, 0, i);
                        System.arraycopy(bArr2, 0, bArr, length - i, read2);
                        i -= read2;
                    }
                }
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
                return bArr;
            } catch (IOException unused) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                        e2.printStackTrace();
                    }
                }
                return null;
            } catch (Throwable th) {
                th = th;
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e3) {
                        e3.printStackTrace();
                    }
                }
                throw th;
            }
        } catch (IOException unused2) {
            fileInputStream = null;
        } catch (Throwable th2) {
            th = th2;
            fileInputStream = null;
        }
    }

    private void removeDirectory(File file) {
        if (file.exists()) {
            for (File file2 : file.listFiles()) {
                if (file2.isDirectory()) {
                    removeDirectory(file2);
                } else {
                    file2.delete();
                }
            }
            file.delete();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void sendCameraNotification(String str) {
        CameraInfo cameraInfo = (CameraInfo) DeviceUtils.getInstance().getDeviceByUniqueId(str, CameraInfo.class);
        if (cameraInfo != null) {
            DeviceNotification deviceNotification = new DeviceNotification();
            deviceNotification.setSmartDevice(cameraInfo);
            deviceNotification.setResource(DeviceNotification.RESOURCE_CERTIFICATE);
            SseUtils.notificateSSEListeners(deviceNotification);
        }
    }

    private void storePrivateKey() {
        try {
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(this.mPrivateKey.getEncoded());
            FileOutputStream fileOutputStream = new FileOutputStream(getPrivateKeyPath());
            fileOutputStream.write(pKCS8EncodedKeySpec.getEncoded());
            fileOutputStream.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
        try {
            FileOutputStream fileOutputStream2 = new FileOutputStream(getPKCS1PrivateKeyPath());
            fileOutputStream2.write(("-----BEGIN PRIVATE KEY-----\n" + Base64.encodeToString(this.mPrivateKey.getEncoded(), 2) + StringUtils.LF + PKCS1_PRIVATE_KEY_FOOTER).getBytes());
            fileOutputStream2.close();
        } catch (IOException e2) {
            e2.printStackTrace();
        }
    }

    private void storePublicKey() {
        try {
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(this.mPublicKey.getEncoded());
            FileOutputStream fileOutputStream = new FileOutputStream(getPublicKeyPath());
            fileOutputStream.write(x509EncodedKeySpec.getEncoded());
            fileOutputStream.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    public void checkCertificates(final String str, final String str2, final HashSet<String> hashSet) {
        BaseStation baseStation = (BaseStation) DeviceUtils.getInstance().getDeviceByUniqueId(str, BaseStation.class);
        if (baseStation != null && !baseStation.isLoadingCertificates()) {
            byte[] readCertificate = readCertificate(getDeviceCertificatePath(str));
            if (readCertificate != null) {
                MD5Utils.calculateMD5(new String(readCertificate).replace(CERTIFICATE_HEADER, "").replace(CERTIFICATE_FOOTER, "").trim().getBytes(), new MD5Utils.OnCalculatedListener() { // from class: com.arlo.app.security.-$$Lambda$SecurityUtils$cFzZ_arPzW17WJiYBM8GhgDbGTU
                    @Override // com.arlo.app.utils.MD5Utils.OnCalculatedListener
                    public final void onCalculated(String str3) {
                        SecurityUtils.this.lambda$checkCertificates$1$SecurityUtils(str2, str, hashSet, str3);
                    }
                });
                return;
            } else {
                recreateCertificates(str);
                return;
            }
        }
        if (baseStation != null) {
            ArloLog.d(TAG, "Tried to check certificates, but create request is already running for: " + str, true);
        }
    }

    public boolean deviceCertificateExists(String str) {
        return new File(getDeviceCertificatePath(str)).exists();
    }

    public X509Certificate getDeviceCertificate(String str) {
        File file = new File(getDeviceCertificatePath(str));
        if (!file.exists()) {
            return null;
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(file));
        } catch (FileNotFoundException | CertificateException e) {
            e.printStackTrace();
            return null;
        }
    }

    public String getDeviceCertificatePath(String str) {
        return AppSingleton.getInstance().getApplicationContext().getFilesDir().toString() + File.separator + SECURITY_FOLDER_NAME + File.separator + VuezoneModel.getUserIDFromMemoryOrPreferences() + File.separator + DEVICE_FOLDER_NAME + File.separator + str + CERTIFICATE_POSTFIX;
    }

    public String getICACertificatePath() {
        return AppSingleton.getInstance().getApplicationContext().getFilesDir().toString() + File.separator + SECURITY_FOLDER_NAME + File.separator + ICA_CERTIFICATE_FILE_NAME;
    }

    public X509Certificate getIcaCertificate() {
        File file = new File(getICACertificatePath());
        if (!file.exists()) {
            return null;
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(file));
        } catch (FileNotFoundException | CertificateException e) {
            e.printStackTrace();
            return null;
        }
    }

    public String getPKCS1PrivateKeyPath() {
        return AppSingleton.getInstance().getApplicationContext().getFilesDir().toString() + File.separator + SECURITY_FOLDER_NAME + File.separator + VuezoneModel.getUserIDFromMemoryOrPreferences() + File.separator + PKCS1_PRIVATE_KEY_FILE_NAME;
    }

    public X509Certificate getPeerCertificate(String str) {
        File file = new File(getPeerCertificatePath(str));
        if (!file.exists()) {
            return null;
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(file));
        } catch (FileNotFoundException | CertificateException e) {
            e.printStackTrace();
            return null;
        }
    }

    public String getPeerCertificatePEM(String str) {
        try {
            return "-----BEGIN CERTIFICATE-----\n" + new String(Base64.encode(((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(new File(getPeerCertificatePath(str))))).getEncoded(), 0)) + CERTIFICATE_FOOTER;
        } catch (IOException | CertificateException e) {
            e.printStackTrace();
            return null;
        }
    }

    public String getPeerCertificatePath(String str) {
        return AppSingleton.getInstance().getApplicationContext().getFilesDir().toString() + File.separator + SECURITY_FOLDER_NAME + File.separator + VuezoneModel.getUserIDFromMemoryOrPreferences() + File.separator + PEER_FOLDER_NAME + File.separator + str + CERTIFICATE_POSTFIX;
    }

    public PrivateKey getPrivateKey() {
        if (this.mPrivateKey == null) {
            generateKeyPair();
        }
        return this.mPrivateKey;
    }

    public String getPrivateKeyPEM() {
        return "-----BEGIN PRIVATE KEY-----\n" + new String(new X509EncodedKeySpec(Base64.encode(getPrivateKey().getEncoded(), 0)).getEncoded()) + PKCS1_PRIVATE_KEY_FOOTER;
    }

    public String getPrivateKeyPath() {
        return AppSingleton.getInstance().getApplicationContext().getFilesDir().toString() + File.separator + SECURITY_FOLDER_NAME + File.separator + VuezoneModel.getUserIDFromMemoryOrPreferences() + File.separator + PRIVATE_KEY_FILE_NAME;
    }

    public PublicKey getPublicKey() {
        if (this.mPublicKey == null) {
            generateKeyPair();
        }
        return this.mPublicKey;
    }

    public String getPublicKeyPEM() {
        return new String(new X509EncodedKeySpec(Base64.encode(getPublicKey().getEncoded(), 2)).getEncoded());
    }

    public String getPublicKeyPath() {
        return AppSingleton.getInstance().getApplicationContext().getFilesDir().toString() + File.separator + SECURITY_FOLDER_NAME + File.separator + VuezoneModel.getUserIDFromMemoryOrPreferences() + File.separator + PUBLIC_KEY_FILE_NAME;
    }

    public boolean icaCertificateExists() {
        return new File(getICACertificatePath()).exists();
    }

    public boolean isCertificateReady(String str) {
        return isCertificateValid(new File(getPeerCertificatePath(str))) && isCertificateValid(new File(getDeviceCertificatePath(str))) && isCertificateValid(new File(getICACertificatePath()));
    }

    public boolean isPKCS1PrivateKeyReady() {
        return new File(getPKCS1PrivateKeyPath()).exists();
    }

    public /* synthetic */ void lambda$checkCertificates$1$SecurityUtils(String str, final String str2, final HashSet hashSet, String str3) {
        if (str.equalsIgnoreCase(str3)) {
            byte[] readCertificate = readCertificate(getPeerCertificatePath(str2));
            if (readCertificate != null) {
                MD5Utils.calculateMD5(new String(readCertificate).replace(CERTIFICATE_HEADER, "").replace(CERTIFICATE_FOOTER, "").trim().getBytes(), new MD5Utils.OnCalculatedListener() { // from class: com.arlo.app.security.-$$Lambda$SecurityUtils$g57Wa4-Rz1YeVMEtiIZcyvcTt1o
                    @Override // com.arlo.app.utils.MD5Utils.OnCalculatedListener
                    public final void onCalculated(String str4) {
                        SecurityUtils.this.lambda$null$0$SecurityUtils(hashSet, str2, str4);
                    }
                });
                return;
            } else {
                recreateCertificates(str2);
                return;
            }
        }
        ArloLog.d(TAG, "MD5 sum invalid for: " + getDeviceCertificatePath(str2), true);
        ArloLog.d(TAG, "Expected: " + str + "; Calculated: " + str3, true);
        recreateCertificates(str2);
    }

    public /* synthetic */ void lambda$null$0$SecurityUtils(HashSet hashSet, String str, String str2) {
        if (hashSet.contains(str2)) {
            ArloLog.d(TAG, "Certificates good for: " + str, true);
            return;
        }
        ArloLog.d(TAG, "MD5 sum invalid for: " + getPeerCertificatePath(str), true);
        ArloLog.d(TAG, "Expected: [" + TextUtils.join(", ", hashSet) + "]; Calculated: " + str2, true);
        recreateCertificates(str);
    }

    public void parseCertificates(final JSONObject jSONObject) {
        new AsyncTask<Void, Void, Void>() { // from class: com.arlo.app.security.SecurityUtils.1
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // com.arlo.app.asyncbitmaps.AsyncTask
            public Void doInBackground(Void... voidArr) {
                CheckCertificatesUtil checkCertificatesUtil = new CheckCertificatesUtil();
                String optString = jSONObject.optString("icaCert");
                if (checkCertificatesUtil.isCertificateValid(optString)) {
                    SecurityUtils.this.storeICACertificate(optString);
                } else {
                    ArloLog.e(SecurityUtils.TAG, "ICA certificate not found.");
                }
                JSONArray optJSONArray = jSONObject.optJSONArray("certsData");
                if (optJSONArray == null) {
                    return null;
                }
                for (int i = 0; i < optJSONArray.length(); i++) {
                    try {
                        JSONObject jSONObject2 = optJSONArray.getJSONObject(i);
                        String string = jSONObject2.getString("uniqueId");
                        String string2 = jSONObject2.getString("peerCert");
                        if (checkCertificatesUtil.isCertificateValid(string2)) {
                            SecurityUtils.this.storePeerCertificate(string, string2);
                        } else {
                            ArloLog.e(SecurityUtils.TAG, String.format("Peer certificate not found for %s.", string));
                        }
                        String string3 = jSONObject2.getString("deviceCert");
                        if (checkCertificatesUtil.isCertificateValid(string3)) {
                            SecurityUtils.this.storeDeviceCertificate(string, string3);
                        } else {
                            ArloLog.e(SecurityUtils.TAG, String.format("BS certificate not found for %s.", string));
                        }
                        SecurityUtils.this.sendCameraNotification(string);
                    } catch (JSONException e) {
                        e.printStackTrace();
                    }
                }
                return null;
            }
        }.executeOnExecutor(AsyncTask.DUAL_THREAD_EXECUTOR, new Void[0]);
    }

    public boolean peerCertificateExists(String str) {
        return new File(getPeerCertificatePath(str)).exists();
    }

    public boolean privateKeyExists() {
        return new File(getPrivateKeyPath()).exists();
    }

    public void recreateCertificates(String str) {
        removeCertificates(str);
        HttpApi.getInstance().getDeviceCertificates(Collections.singleton(str), null);
    }

    public void removeCertificates(String str) {
        File file = new File(getPeerCertificatePath(str));
        if (file.exists()) {
            file.delete();
        }
        File file2 = new File(getDeviceCertificatePath(str));
        if (file2.exists()) {
            file2.delete();
        }
    }

    public void reset() {
        this.mPrivateKey = null;
        this.mPublicKey = null;
        this.isInitialized = false;
    }

    public void storeDeviceCertificate(String str, String str2) {
        String str3 = "-----BEGIN CERTIFICATE-----\n" + str2 + StringUtils.LF + CERTIFICATE_FOOTER;
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(getDeviceCertificatePath(str));
            fileOutputStream.write(str3.getBytes());
            fileOutputStream.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    public void storeICACertificate(String str) {
        String str2 = "-----BEGIN CERTIFICATE-----\n" + str + StringUtils.LF + CERTIFICATE_FOOTER;
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(getICACertificatePath());
            fileOutputStream.write(str2.getBytes());
            fileOutputStream.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    public void storePeerCertificate(String str, String str2) {
        String str3 = "-----BEGIN CERTIFICATE-----\n" + str2 + StringUtils.LF + CERTIFICATE_FOOTER;
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(getPeerCertificatePath(str));
            fileOutputStream.write(str3.getBytes());
            fileOutputStream.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}
