package lv.euso.mobileeid.device.service.registration.tx;

import java.net.URL;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.LinkedHashMap;
import java.util.Map;
import lv.euso.mobileeid.device.card.TokenCertificate;
import lv.euso.mobileeid.device.card.TokenInfo;
import lv.euso.mobileeid.device.service.HttpBrowser;
import lv.euso.mobileeid.device.service.registration.SignatureServiceRegistration;
import lv.euso.mobileeid.service.pojo.SigningTaskRequest;
import lv.euso.mobileeid.service.pojo.SigningTaskResult;
import lv.euso.mobileeid.util.ByteUtil;
import lv.euso.mobileeid.util.InjectedSignatureTokenBuilder;
import org.bouncycastle.cms.CMSAttributeTableGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes4.dex */
public class RegappAuthenticator implements HttpBrowser.ResponseListener {
    public static final String GET_PRE_JS = "document.getElementsByTagName(\"pre\")[0].innerHTML";
    private static final String MOBILE_EID_AUTHN_PATTERN = "^mobile-eid(|-dev):\\/\\/authenticate\\?.*";
    public static final String POST_SC_PLUGIN_USER_RESPONSE = "<!DOCTYPE html>\n<html>\n\t<body onload=\"document.forms[0].submit();\">\n\t\t<form id=\"form\" action=\"${uri}\" method=\"post\">\n\t\t\t<input type=\"hidden\" name=\"certificate\" value=\"${certificate}\" />\n            <input type=\"hidden\" name=\"signature\" value=\"${signature}\" />\n            <input type=\"hidden\" name=\"error\" value=\"${error}\" />\n\t\t\t<input type=\"submit\" value=\"Submit\" />\n\t\t</form> \n\t</body>\n</html>";
    public static final String POST_URC_PLUGIN_CANCEL = "document.getElementById(\"cancel-link\").click();";
    public static final String POST_URC_PLUGIN_SEND = "var urcForm = document.getElementById(\"urc-form\");\nurcForm.userId.value = \"${userId}\";\nurcForm.urc.value = \"${urc}\";\nurcForm.submit();";
    private static final String REGISTRATION_PATTERN = "^registration:\\/\\/.*";
    private static final String SCPLUGIN_MAGIC = "T44bmG75t44xvKtTcKB3bHT74QQ";
    private static final long TIMEOUT = 30000;
    private static final String TX_ERROR_PATTERN = "^https:\\/\\/.*\\/trustedx-authserver\\/.*\\/error.xhtml";
    private static final String URC_PLUGIN_PATTERN = "^https:\\/\\/.*\\/trustedx-authn-urc\\/authenticate";
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) RegappAuthenticator.class);
    private AuthListener authListener;
    private HttpBrowser browser;
    SignatureServiceRegistration.PlatformDependentTasks platformDependentTasks;
    TokenInfo tokenInfo;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lv.euso.mobileeid.device.service.registration.tx.RegappAuthenticator$2, reason: invalid class name */
    /* loaded from: classes4.dex */
    public class AnonymousClass2 implements SignatureServiceRegistration.PlatformDependentTasks.ResultHandler<String> {
        AnonymousClass2() {
        }

        @Override // lv.euso.mobileeid.device.service.registration.SignatureServiceRegistration.PlatformDependentTasks.ResultHandler
        public void handleResult(final String str) {
            if (str != null) {
                RegappAuthenticator.this.platformDependentTasks.askCode("URC", false, new SignatureServiceRegistration.PlatformDependentTasks.ResultHandler<String>() { // from class: lv.euso.mobileeid.device.service.registration.tx.RegappAuthenticator.2.1
                    @Override // lv.euso.mobileeid.device.service.registration.SignatureServiceRegistration.PlatformDependentTasks.ResultHandler
                    public void handleResult(String str2) {
                        if (str2 == null) {
                            AnonymousClass2.this.postAuthCanceled();
                        } else {
                            RegappAuthenticator.this.browser.evaluateJavaScript(RegappAuthenticator.POST_URC_PLUGIN_SEND.replace("${userId}", str).replace("${urc}", str2), new HttpBrowser.JsExecutionListener() { // from class: lv.euso.mobileeid.device.service.registration.tx.RegappAuthenticator.2.1.1
                                @Override // lv.euso.mobileeid.device.service.HttpBrowser.JsExecutionListener
                                public void error(Exception exc) {
                                    RegappAuthenticator.this.authFailed(exc);
                                }

                                @Override // lv.euso.mobileeid.device.service.HttpBrowser.JsExecutionListener
                                public void result(Object obj) {
                                    RegappAuthenticator.logger.debug("Send URC result: " + obj);
                                }
                            });
                        }
                    }
                });
            } else {
                postAuthCanceled();
            }
        }

        void postAuthCanceled() {
            RegappAuthenticator.this.browser.evaluateJavaScript(RegappAuthenticator.POST_URC_PLUGIN_CANCEL, new HttpBrowser.JsExecutionListener() { // from class: lv.euso.mobileeid.device.service.registration.tx.RegappAuthenticator.2.2
                @Override // lv.euso.mobileeid.device.service.HttpBrowser.JsExecutionListener
                public void error(Exception exc) {
                    RegappAuthenticator.this.authCanceled();
                }

                @Override // lv.euso.mobileeid.device.service.HttpBrowser.JsExecutionListener
                public void result(Object obj) {
                    RegappAuthenticator.logger.debug("Cancel JS result: " + obj);
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lv.euso.mobileeid.device.service.registration.tx.RegappAuthenticator$3, reason: invalid class name */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$lv$euso$mobileeid$service$pojo$SigningTaskResult$Status;

        static {
            int[] iArr = new int[SigningTaskResult.Status.values().length];
            $SwitchMap$lv$euso$mobileeid$service$pojo$SigningTaskResult$Status = iArr;
            try {
                iArr[SigningTaskResult.Status.ok.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$lv$euso$mobileeid$service$pojo$SigningTaskResult$Status[SigningTaskResult.Status.user_refused.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes4.dex */
    public interface AuthListener {
        void authCanceled();

        void authCompleted(String str);

        void authFailed(Exception exc);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RegappAuthenticator(HttpBrowser httpBrowser, TokenInfo tokenInfo, SignatureServiceRegistration.PlatformDependentTasks platformDependentTasks, AuthListener authListener) {
        this.tokenInfo = tokenInfo;
        this.platformDependentTasks = platformDependentTasks;
        String userAgent = httpBrowser.getUserAgent();
        if (!userAgent.contains(SCPLUGIN_MAGIC)) {
            httpBrowser.setUserAgent(userAgent + " T44bmG75t44xvKtTcKB3bHT74QQ");
        }
        this.browser = httpBrowser;
        this.authListener = authListener;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void authCanceled() {
        this.authListener.authCanceled();
    }

    private void authCompleted(String str) {
        this.authListener.authCompleted(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void authFailed(Exception exc) {
        this.authListener.authFailed(exc);
    }

    private void handleRegistration(String str) {
        try {
            Map<String, String> parseQuery = parseQuery(str);
            logger.debug("Registration map: " + parseQuery);
            String str2 = parseQuery.get("status");
            if ("failed".equals(str2)) {
                authFailed(new Exception(new Exception("Registration failed")));
            } else if ("cancelled_by_user".equals(str2)) {
                authCanceled();
            } else {
                if (!"finished".equals(str2)) {
                    throw new Exception("Registration status unknown");
                }
                authCompleted(parseQuery.get("issuanceProcessUri"));
            }
        } catch (Exception e) {
            e.printStackTrace();
            authFailed(e);
        }
    }

    private void handleSCPLuginInternal(String str) {
        Logger logger2 = logger;
        logger2.debug("handleSCPLuginInternal: " + str);
        try {
            Map<String, String> parseQuery = parseQuery(str);
            logger2.debug("Query map: " + parseQuery);
            signTask(parseQuery);
        } catch (Exception e) {
            e.printStackTrace();
            authFailed(e);
        }
    }

    private void handleURCPLugin(String str) {
        this.platformDependentTasks.askCode("Username", false, new AnonymousClass2());
    }

    private boolean isMatching(String str, String str2) {
        boolean matches = str.matches(str2);
        logger.debug("isMatching " + str + " " + str2 + " result: " + matches);
        return matches;
    }

    private Map<String, String> parseQuery(String str) throws Exception {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (String str2 : new URL(str).getQuery().split("&")) {
            int indexOf = str2.indexOf("=");
            linkedHashMap.put(URLDecoder.decode(str2.substring(0, indexOf), StandardCharsets.UTF_8.name()), URLDecoder.decode(str2.substring(indexOf + 1), StandardCharsets.UTF_8.name()));
        }
        return linkedHashMap;
    }

    private void signTask(Map<String, String> map) throws Exception {
        String str = map.get("lv.euso.trustedx.scplugin.challenge");
        final String str2 = map.get("lv.euso.trustedx.scplugin.redirect");
        String str3 = map.get("lv.euso.trustedx.scplugin.origin");
        String str4 = map.get("lv.euso.trustedx.scplugin.error");
        if (str4 != null && !"".equals(str4)) {
            throw new Exception(str4);
        }
        Date date = new Date();
        Calendar calendar = Calendar.getInstance();
        calendar.add(12, 5);
        byte[] fromHexString = ByteUtil.fromHexString(str);
        final InjectedSignatureTokenBuilder injectedSignatureTokenBuilder = new InjectedSignatureTokenBuilder();
        injectedSignatureTokenBuilder.setHeaderParam("typ", (Object) "eparaksts-token").setId(ByteUtil.toBase64MIMEString(fromHexString)).setIssuedAt(date).setExpiration(calendar.getTime()).setIssuer("eparaksts-token-signing").claim("origin", (Object) str3);
        final TokenCertificate authCert = this.tokenInfo.getAuthCert();
        byte[] initSign = injectedSignatureTokenBuilder.initSign(InjectedSignatureTokenBuilder.TokenKey.getInstace(authCert.getCertificate()), false);
        String id = authCert.getId();
        final String str5 = CMSAttributeTableGenerator.DIGEST;
        this.platformDependentTasks.calculateSignature(new SigningTaskRequest(null, id, "", "registrationStep2", Collections.singletonMap(CMSAttributeTableGenerator.DIGEST, initSign), "", true, false), new SignatureServiceRegistration.PlatformDependentTasks.ResultHandler<SigningTaskResult>() { // from class: lv.euso.mobileeid.device.service.registration.tx.RegappAuthenticator.1
            @Override // lv.euso.mobileeid.device.service.registration.SignatureServiceRegistration.PlatformDependentTasks.ResultHandler
            public void handleResult(SigningTaskResult signingTaskResult) {
                int i = AnonymousClass3.$SwitchMap$lv$euso$mobileeid$service$pojo$SigningTaskResult$Status[signingTaskResult.getStatus().ordinal()];
                if (i != 1) {
                    if (i != 2) {
                        RegappAuthenticator.this.authFailed(new Exception(signingTaskResult.getError()));
                        return;
                    } else {
                        RegappAuthenticator.this.authCanceled();
                        return;
                    }
                }
                byte[] bArr = signingTaskResult.getSignatures().get(str5);
                String finalizeSign = bArr != null ? injectedSignatureTokenBuilder.finalizeSign(bArr) : "";
                String hexString = ByteUtil.toHexString(authCert.getCertEncoded());
                String str6 = bArr != null ? "" : "user_cancel";
                String str7 = str2;
                RegappAuthenticator.this.browser.loadContent(RegappAuthenticator.POST_SC_PLUGIN_USER_RESPONSE.replace("${uri}", str7 != null ? str7 : "").replace("${signature}", finalizeSign).replace("${certificate}", hexString).replace("${error}", str6), RegappAuthenticator.this);
            }
        });
    }

    public void authenticate(String str) {
        this.browser.loadContent(str, this);
    }

    @Override // lv.euso.mobileeid.device.service.HttpBrowser.ResponseListener
    public void error(String str, Throwable th) {
        if (th instanceof Exception) {
            authFailed((Exception) th);
        } else {
            authFailed(new Exception(th));
        }
    }

    @Override // lv.euso.mobileeid.device.service.HttpBrowser.ResponseListener
    public void loaded(String str) {
        Logger logger2 = logger;
        logger2.debug("loaded: " + str);
        if (isMatching(str, MOBILE_EID_AUTHN_PATTERN)) {
            handleSCPLuginInternal(str);
            return;
        }
        if (isMatching(str, URC_PLUGIN_PATTERN)) {
            handleURCPLugin(str);
            return;
        }
        if (isMatching(str, REGISTRATION_PATTERN)) {
            handleRegistration(str);
        } else if (isMatching(str, TX_ERROR_PATTERN)) {
            authFailed(new Exception("txError"));
        } else {
            logger2.debug("not handled: " + str);
        }
    }
}
