package com.scottyab.safetynet;

import android.content.Context;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import com.google.android.gms.common.ConnectionResult;
import com.google.android.gms.common.api.GoogleApiClient;
import com.google.android.gms.common.api.ResultCallback;
import com.google.android.gms.safetynet.SafetyNet;
import com.google.android.gms.safetynet.SafetyNetApi;
import com.scottyab.safetynet.AndroidDeviceVerifier;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.List;

/* loaded from: classes2.dex */
public class SafetyNetHelper implements GoogleApiClient.ConnectionCallbacks, GoogleApiClient.OnConnectionFailedListener {
    private List<String> apkCertificateDigests;
    private String apkDigest;
    private SafetyNetWrapperCallback callback;
    private GoogleApiClient googleApiClient;
    private String googleDeviceVerificationApiKey;
    private SafetyNetResponse lastResponse;
    private String packageName;
    private byte[] requestNonce;
    private long requestTimestamp;
    private final SecureRandom secureRandom = new SecureRandom();
    private static final String TAG = SafetyNetHelper.class.getSimpleName();
    private static int MAX_TIMESTAMP_DURATION = 120000;

    /* loaded from: classes2.dex */
    public interface SafetyNetWrapperCallback {
        void error(int i, String str);

        void success(boolean z, boolean z2);
    }

    public SafetyNetHelper(String str) {
        if (TextUtils.isEmpty(str)) {
            Log.w(TAG, "Google Device Verification Api Key not defined, cannot properly validate safety net response without it. See https://developer.android.com/google/play/safetynet/start.html#verify-compat-check");
        }
        this.googleDeviceVerificationApiKey = str;
    }

    private synchronized void buildGoogleApiClient(Context context) {
        this.googleApiClient = new GoogleApiClient.Builder(context).addApi(SafetyNet.API).addConnectionCallbacks(this).addOnConnectionFailedListener(this).build();
    }

    private byte[] generateOneTimeRequestNonce() {
        byte[] bArr = new byte[32];
        this.secureRandom.nextBytes(bArr);
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SafetyNetResponse parseJsonWebSignature(String str) {
        if (str == null) {
            return null;
        }
        String[] split = str.split("\\.");
        if (split.length == 3) {
            return SafetyNetResponse.parse(new String(Base64.decode(split[1], 0)));
        }
        return null;
    }

    private void runSaftyNetTest() {
        Log.v(TAG, "running SafetyNet.API Test");
        this.requestNonce = generateOneTimeRequestNonce();
        this.requestTimestamp = System.currentTimeMillis();
        SafetyNet.SafetyNetApi.attest(this.googleApiClient, this.requestNonce).setResultCallback(new ResultCallback<SafetyNetApi.AttestationResult>() { // from class: com.scottyab.safetynet.SafetyNetHelper.1
            @Override // com.google.android.gms.common.api.ResultCallback
            public void onResult(SafetyNetApi.AttestationResult attestationResult) {
                if (SafetyNetHelper.this.validateResultStatus(attestationResult)) {
                    String jwsResult = attestationResult.getJwsResult();
                    final SafetyNetResponse parseJsonWebSignature = SafetyNetHelper.this.parseJsonWebSignature(jwsResult);
                    SafetyNetHelper.this.lastResponse = parseJsonWebSignature;
                    if (!parseJsonWebSignature.isCtsProfileMatch() || !parseJsonWebSignature.isBasicIntegrity()) {
                        SafetyNetHelper.this.callback.success(parseJsonWebSignature.isCtsProfileMatch(), parseJsonWebSignature.isBasicIntegrity());
                        return;
                    }
                    if (!SafetyNetHelper.this.validateSafetyNetResponsePayload(parseJsonWebSignature)) {
                        SafetyNetHelper.this.callback.error(1001, "Response payload validation failed");
                    } else if (!TextUtils.isEmpty(SafetyNetHelper.this.googleDeviceVerificationApiKey)) {
                        new AndroidDeviceVerifier(SafetyNetHelper.this.googleDeviceVerificationApiKey, jwsResult).verify(new AndroidDeviceVerifier.AndroidDeviceVerifierCallback() { // from class: com.scottyab.safetynet.SafetyNetHelper.1.1
                            @Override // com.scottyab.safetynet.AndroidDeviceVerifier.AndroidDeviceVerifierCallback
                            public void error(String str) {
                                SafetyNetHelper.this.callback.error(1000, "Response signature validation error: " + str);
                            }

                            @Override // com.scottyab.safetynet.AndroidDeviceVerifier.AndroidDeviceVerifierCallback
                            public void success(boolean z) {
                                if (z) {
                                    SafetyNetHelper.this.callback.success(parseJsonWebSignature.isCtsProfileMatch(), parseJsonWebSignature.isBasicIntegrity());
                                } else {
                                    SafetyNetHelper.this.callback.error(1002, "Response signature invalid");
                                }
                            }
                        });
                    } else {
                        Log.w(SafetyNetHelper.TAG, "No google Device Verification ApiKey defined");
                        SafetyNetHelper.this.callback.error(1003, "No Google Device Verification ApiKey defined. Marking as failed. SafetyNet CtsProfileMatch: " + parseJsonWebSignature.isCtsProfileMatch());
                    }
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean validateResultStatus(SafetyNetApi.AttestationResult attestationResult) {
        boolean isSuccess = attestationResult.getStatus().isSuccess();
        if (!isSuccess) {
            this.callback.error(999, "Call to SafetyNetApi.attest was not successful");
        }
        return isSuccess;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean validateSafetyNetResponsePayload(SafetyNetResponse safetyNetResponse) {
        if (safetyNetResponse == null) {
            Log.e(TAG, "SafetyNetResponse is null.");
            return false;
        }
        String trim = Base64.encodeToString(this.requestNonce, 0).trim();
        if (!trim.equals(safetyNetResponse.getNonce())) {
            Log.e(TAG, "invalid nonce, expected = \"" + trim + "\"");
            Log.e(TAG, "invalid nonce, response   = \"" + safetyNetResponse.getNonce() + "\"");
            return false;
        }
        if (!this.packageName.equalsIgnoreCase(safetyNetResponse.getApkPackageName())) {
            Log.e(TAG, "invalid packageName, expected = \"" + this.packageName + "\"");
            Log.e(TAG, "invalid packageName, response = \"" + safetyNetResponse.getApkPackageName() + "\"");
            return false;
        }
        long timestampMs = safetyNetResponse.getTimestampMs() - this.requestTimestamp;
        if (timestampMs > MAX_TIMESTAMP_DURATION) {
            Log.e(TAG, "Duration calculated from the timestamp of response \"" + timestampMs + " \" exceeds permitted duration of \"" + MAX_TIMESTAMP_DURATION + "\"");
            return false;
        }
        if (!Arrays.equals(this.apkCertificateDigests.toArray(), safetyNetResponse.getApkCertificateDigestSha256())) {
            Log.e(TAG, "invalid apkCertificateDigest, local/expected = " + Arrays.asList(this.apkCertificateDigests));
            Log.e(TAG, "invalid apkCertificateDigest, response = " + Arrays.asList(safetyNetResponse.getApkCertificateDigestSha256()));
            return false;
        }
        if (this.apkDigest.equals(safetyNetResponse.getApkDigestSha256())) {
            return true;
        }
        Log.e(TAG, "invalid ApkDigest, local/expected = \"" + this.apkDigest + "\"");
        Log.e(TAG, "invalid ApkDigest, response = \"" + safetyNetResponse.getApkDigestSha256() + "\"");
        return false;
    }

    @Override // com.google.android.gms.common.api.GoogleApiClient.ConnectionCallbacks
    public void onConnected(Bundle bundle) {
        Log.v(TAG, "Google play services connected");
        runSaftyNetTest();
    }

    @Override // com.google.android.gms.common.api.GoogleApiClient.OnConnectionFailedListener
    public void onConnectionFailed(ConnectionResult connectionResult) {
        this.callback.error(connectionResult.getErrorCode(), "Google Play services connection failed");
    }

    @Override // com.google.android.gms.common.api.GoogleApiClient.ConnectionCallbacks
    public void onConnectionSuspended(int i) {
    }

    public void requestTest(Context context, SafetyNetWrapperCallback safetyNetWrapperCallback) {
        buildGoogleApiClient(context);
        this.googleApiClient.connect();
        this.packageName = context.getPackageName();
        this.callback = safetyNetWrapperCallback;
        this.apkCertificateDigests = Utils.calcApkCertificateDigests(context, this.packageName);
        Log.d(TAG, "apkCertificateDigests:" + this.apkCertificateDigests);
        this.apkDigest = Utils.calcApkDigest(context);
        Log.d(TAG, "apkDigest:" + this.apkDigest);
    }
}
