package lv.euso.mobileeid.device.service.tx;

import com.safelayer.mobileidlib.regapp.RegAppOperation;
import io.jsonwebtoken.security.Keys;
import java.nio.charset.StandardCharsets;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import lv.euso.mobileeid.MobileEidConstants;
import lv.euso.mobileeid.device.card.RegisteredSignatureDevice;
import lv.euso.mobileeid.device.card.TokenCertificate;
import lv.euso.mobileeid.device.service.HttpTransport;
import lv.euso.mobileeid.device.service.SignatureService;
import lv.euso.mobileeid.service.pojo.DevicePropertyUpdateRequest;
import lv.euso.mobileeid.service.pojo.SigningTaskRequest;
import lv.euso.mobileeid.service.pojo.SigningTaskResult;
import lv.euso.mobileeid.util.ByteUtil;
import lv.euso.mobileeid.util.CertUtil;
import lv.euso.mobileeid.util.HttpUtil;
import lv.euso.mobileeid.util.JWTUtil;
import lv.euso.mobileeid.util.Serializer;
import org.bouncycastle.cms.CMSAttributeTableGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes4.dex */
public class TxSignatureServiceImpl extends SignatureService {
    private TxSignatureContext context;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) TxSignatureServiceImpl.class);
    private static final String VALUE_CANCELED_BY_USER = ByteUtil.toBase64MIMEString("canceledByUser".getBytes(StandardCharsets.UTF_8));

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lv.euso.mobileeid.device.service.tx.TxSignatureServiceImpl$2, reason: invalid class name */
    /* loaded from: classes4.dex */
    public class AnonymousClass2 implements SignatureService.SignatureServiceHandler<String> {
        final /* synthetic */ SignatureService.SignatureServiceHandler val$handler;
        final /* synthetic */ String val$signatureProcessId;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* renamed from: lv.euso.mobileeid.device.service.tx.TxSignatureServiceImpl$2$1, reason: invalid class name */
        /* loaded from: classes4.dex */
        public class AnonymousClass1 implements HttpTransport.HttpTransportResponseHandler {
            AnonymousClass1() {
            }

            @Override // lv.euso.mobileeid.device.service.HttpTransport.HttpTransportResponseHandler
            public void error(Exception exc) {
                AnonymousClass2.this.val$handler.error(exc);
            }

            @Override // lv.euso.mobileeid.device.service.HttpTransport.HttpTransportResponseHandler
            public void handle(HttpTransport.HttpTransportResponse httpTransportResponse) {
                if (httpTransportResponse.code == 404 && AnonymousClass2.this.val$signatureProcessId == null) {
                    AnonymousClass2.this.val$handler.handle(null, false);
                    return;
                }
                if (httpTransportResponse.code != 200 && (httpTransportResponse.code != 404 || AnonymousClass2.this.val$signatureProcessId == null)) {
                    error(new Exception("Unexpected response code: " + httpTransportResponse.code));
                    return;
                }
                String str = httpTransportResponse.code == 200 ? Serializer.jsonToStringValueMap(httpTransportResponse.content).get("url") : TxSignatureServiceImpl.this.device.getSignatureProcessUrlBase() + AnonymousClass2.this.val$signatureProcessId;
                TxSignatureServiceImpl.logger.debug("Signature process url: " + str);
                TxSignatureServiceImpl.this.httpTransport.execute(str, HttpTransport.METHOD_GET, null, TxSignatureServiceImpl.this.createAuthorizationToken(), null, new HttpTransport.HttpTransportResponseHandler() { // from class: lv.euso.mobileeid.device.service.tx.TxSignatureServiceImpl.2.1.1
                    @Override // lv.euso.mobileeid.device.service.HttpTransport.HttpTransportResponseHandler
                    public void error(Exception exc) {
                        AnonymousClass2.this.val$handler.error(exc);
                    }

                    @Override // lv.euso.mobileeid.device.service.HttpTransport.HttpTransportResponseHandler
                    public void handle(HttpTransport.HttpTransportResponse httpTransportResponse2) {
                        if (httpTransportResponse2.code != 200) {
                            AnonymousClass2.this.val$handler.handle(null, false);
                            return;
                        }
                        String str2 = httpTransportResponse2.content;
                        TxSignatureServiceImpl.logger.debug("Signature process data: " + str2);
                        try {
                            final TxSignatureProcessData txSignatureProcessData = (TxSignatureProcessData) Serializer.fromJson(str2, TxSignatureProcessData.class, false);
                            if (txSignatureProcessData.result != null) {
                                AnonymousClass2.this.val$handler.handle(null, false);
                                return;
                            }
                            OperationType operationType = txSignatureProcessData.getOperationType();
                            TxSignatureServiceImpl.logger.debug("Signature process operationType: " + operationType);
                            if (operationType == OperationType.authentication) {
                                TxSignatureServiceImpl.this.httpTransport.execute(txSignatureProcessData.getDeviceConfigurationUrl(TxSignatureServiceImpl.this.device.getDeviceType()), HttpTransport.METHOD_GET, null, TxSignatureServiceImpl.this.createAuthorizationToken(), null, new HttpTransport.HttpTransportResponseHandler() { // from class: lv.euso.mobileeid.device.service.tx.TxSignatureServiceImpl.2.1.1.1
                                    @Override // lv.euso.mobileeid.device.service.HttpTransport.HttpTransportResponseHandler
                                    public void error(Exception exc) {
                                        AnonymousClass2.this.val$handler.error(exc);
                                    }

                                    @Override // lv.euso.mobileeid.device.service.HttpTransport.HttpTransportResponseHandler
                                    public void handle(HttpTransport.HttpTransportResponse httpTransportResponse3) {
                                        if (httpTransportResponse3.code != 200) {
                                            error(new Exception("Unexpected response code: " + httpTransportResponse3.code));
                                            return;
                                        }
                                        String inputServiceId = txSignatureProcessData.getInputServiceId();
                                        String inputServiceName = txSignatureProcessData.getInputServiceName();
                                        String inputServiceDomain = txSignatureProcessData.getInputServiceDomain();
                                        String domain = txSignatureProcessData.getDomain();
                                        TokenCertificate authCert = TxSignatureServiceImpl.this.getTokenInfo().getAuthCert();
                                        try {
                                            TxDeviceConfiguration txDeviceConfiguration = (TxDeviceConfiguration) Serializer.fromJson(httpTransportResponse3.content, TxDeviceConfiguration.class, false);
                                            TxXmlSignature txXmlSignature = new TxXmlSignature(txDeviceConfiguration.getDefaultDigestAlgorithm(), authCert.getCertificate(), new Date(), inputServiceId, inputServiceName, inputServiceDomain, txSignatureProcessData.id, domain);
                                            SigningTaskRequest signingTaskRequest = new SigningTaskRequest(txSignatureProcessData.id, authCert.getId(), inputServiceName, "authenticationOperation", Collections.singletonMap(CMSAttributeTableGenerator.DIGEST, txXmlSignature.getDigest()), "", false, false);
                                            TxSignatureServiceImpl.this.context = new TxSignatureContext(txSignatureProcessData.id, txXmlSignature, authCert.getCertificate(), txDeviceConfiguration.getDefaultDigestAlgorithm(), txSignatureProcessData);
                                            AnonymousClass2.this.val$handler.handle(signingTaskRequest, true);
                                        } catch (Exception e) {
                                            error(e);
                                        }
                                    }
                                });
                                return;
                            }
                            if (operationType != OperationType.sign_raw) {
                                TxSignatureServiceImpl.logger.debug("Unsupported operationType: " + operationType);
                                error(new Exception("Unsupported operationType: " + operationType));
                                return;
                            }
                            try {
                                byte[] certificate = txSignatureProcessData.getCertificate();
                                X509Certificate generateCertificate = CertUtil.generateCertificate(certificate);
                                boolean isSigningCertificate = CertUtil.isSigningCertificate(generateCertificate);
                                TokenCertificate signCert = isSigningCertificate ? TxSignatureServiceImpl.this.getTokenInfo().getSignCert() : TxSignatureServiceImpl.this.getTokenInfo().getAuthCert();
                                if (!Arrays.equals(certificate, signCert.getCertEncoded())) {
                                    AnonymousClass2.this.val$handler.error(new Exception("Wrong certificate requested: " + generateCertificate));
                                    return;
                                }
                                RawData inputRawData = txSignatureProcessData.getInputRawData();
                                SigningTaskRequest signingTaskRequest = new SigningTaskRequest(txSignatureProcessData.id, signCert.getId(), txSignatureProcessData.getServiceName(), inputRawData.message, Collections.singletonMap(CMSAttributeTableGenerator.DIGEST, txSignatureProcessData.getInputDigestValue()), inputRawData.code, inputRawData.params.force_pin.booleanValue(), isSigningCertificate);
                                TxSignatureServiceImpl.this.context = new TxSignatureContext(txSignatureProcessData.id, null, signCert.getCertificate(), txSignatureProcessData.getInputDigestAlgorithm(), txSignatureProcessData);
                                AnonymousClass2.this.val$handler.handle(signingTaskRequest, true);
                            } catch (Exception e) {
                                error(e);
                            }
                        } catch (Exception e2) {
                            error(e2);
                        }
                    }
                });
            }
        }

        AnonymousClass2(String str, SignatureService.SignatureServiceHandler signatureServiceHandler) {
            this.val$signatureProcessId = str;
            this.val$handler = signatureServiceHandler;
        }

        @Override // lv.euso.mobileeid.device.service.SignatureService.SignatureServiceHandler
        public void error(Exception exc) {
            TxSignatureServiceImpl.logger.error("synchronize task error: ", (Throwable) exc);
            this.val$handler.error(exc);
        }

        @Override // lv.euso.mobileeid.device.service.SignatureService.SignatureServiceHandler
        public void handle(String str, boolean z) {
            TxSignatureServiceImpl.logger.debug("synchronize task result: " + str);
            TxSignatureServiceImpl.this.httpTransport.execute(TxSignatureServiceImpl.this.device.getUri() + "/signature", HttpTransport.METHOD_GET, null, TxSignatureServiceImpl.this.createAuthorizationToken(), null, new AnonymousClass1());
        }
    }

    /* renamed from: lv.euso.mobileeid.device.service.tx.TxSignatureServiceImpl$5, reason: invalid class name */
    /* loaded from: classes4.dex */
    static /* synthetic */ class AnonymousClass5 {
        static final /* synthetic */ int[] $SwitchMap$lv$euso$mobileeid$service$pojo$SigningTaskResult$Status;

        static {
            int[] iArr = new int[SigningTaskResult.Status.values().length];
            $SwitchMap$lv$euso$mobileeid$service$pojo$SigningTaskResult$Status = iArr;
            try {
                iArr[SigningTaskResult.Status.ok.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$lv$euso$mobileeid$service$pojo$SigningTaskResult$Status[SigningTaskResult.Status.error.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public enum OperationType {
        authentication,
        sign_raw
    }

    public TxSignatureServiceImpl(RegisteredSignatureDevice registeredSignatureDevice, HttpTransport httpTransport) throws Exception {
        super(registeredSignatureDevice, httpTransport);
        this.key = Keys.hmacShaKeyFor(registeredSignatureDevice.getSecretKey());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String createAuthorizationToken() {
        return JWTUtil.createSfyDeviceJWS(this.key, this.device.getId());
    }

    @Override // lv.euso.mobileeid.device.service.SignatureService
    public void acquire(String str, SignatureService.SignatureServiceHandler<String> signatureServiceHandler) {
        signatureServiceHandler.handle(SignatureService.SignatureServiceHandler.RESULT_OK, false);
    }

    @Override // lv.euso.mobileeid.device.service.SignatureService
    public void getSigningTaskRequest(String str, SignatureService.SignatureServiceHandler<SigningTaskRequest> signatureServiceHandler) {
        try {
            this.context = null;
            synchronize(new String[]{this.device.getSignIdentityGroup()}, new AnonymousClass2(str, signatureServiceHandler));
        } catch (Exception e) {
            signatureServiceHandler.error(e);
        }
    }

    @Override // lv.euso.mobileeid.device.service.SignatureService
    public SignatureService.ServiceDeepLink parseDeeplink(String str) throws Exception {
        String urlComponent = HttpUtil.getUrlComponent(str, 1);
        if (!SignatureService.MOBILE_EID_SCHEME.equals(urlComponent) && !SignatureService.MOBILE_EID_DEV_SCHEME.equals(urlComponent)) {
            return null;
        }
        String replace = HttpUtil.getUrlComponent(str, 5).replace("/signatures/", "");
        Map<String, String> parseQueryString = HttpUtil.parseQueryString(HttpUtil.getUrlComponent(str, 6));
        return new SignatureService.ServiceDeepLink(replace, parseQueryString.get("successurl"), parseQueryString.get("failureurl"), parseQueryString.get("browserpackage"));
    }

    @Override // lv.euso.mobileeid.device.service.SignatureService
    public void setSigningTaskResult(SigningTaskResult signingTaskResult, String str, final SignatureService.SignatureServiceHandler<String> signatureServiceHandler) {
        byte[] normalizeSignature;
        String str2;
        TxSignatureResponse txSignatureResponse;
        try {
            if (!this.context.id.equals(str)) {
                throw new Exception("Wrong signature context");
            }
            TxSignatureContext txSignatureContext = this.context;
            int i = AnonymousClass5.$SwitchMap$lv$euso$mobileeid$service$pojo$SigningTaskResult$Status[signingTaskResult.getStatus().ordinal()];
            if (i == 1) {
                X509Certificate x509Certificate = txSignatureContext.certificate;
                TxXmlSignature txXmlSignature = txSignatureContext.xmlSignature;
                if (txXmlSignature != null) {
                    txXmlSignature.setSignatureValue(signingTaskResult.getSignatures().get(CMSAttributeTableGenerator.DIGEST));
                    normalizeSignature = txXmlSignature.getSignedDocument();
                } else {
                    normalizeSignature = CertUtil.normalizeSignature(signingTaskResult.getSignatures().get(CMSAttributeTableGenerator.DIGEST), x509Certificate.getPublicKey());
                }
                String base64MIMENoLFString = ByteUtil.toBase64MIMENoLFString(normalizeSignature);
                String base64MIMENoLFString2 = ByteUtil.toBase64MIMENoLFString(x509Certificate.getEncoded());
                String str3 = (CertUtil.getKeyAlgorithm(x509Certificate).equals("EC") ? "ecdsa-" : "rsa-") + (txXmlSignature != null ? txXmlSignature.getDigestAlgorithm() : txSignatureContext.digestAlgorithm);
                str2 = txSignatureContext.finishUrl;
                txSignatureResponse = new TxSignatureResponse(base64MIMENoLFString, str3, base64MIMENoLFString2);
            } else if (i != 2) {
                String str4 = txSignatureContext.cancelUrl;
                txSignatureResponse = new TxSignatureResponse(VALUE_CANCELED_BY_USER, null, null);
                str2 = str4;
            } else {
                str2 = txSignatureContext.failUrl;
                txSignatureResponse = new TxSignatureResponse(ByteUtil.toBase64MIMEString(signingTaskResult.getError().getBytes(StandardCharsets.UTF_8)), null, null);
            }
            this.context = null;
            this.httpTransport.execute(str2, HttpTransport.METHOD_PUT, HttpTransport.CONTENT_TYPE_JSON, createAuthorizationToken(), Serializer.toJson(txSignatureResponse), new HttpTransport.HttpTransportResponseHandler() { // from class: lv.euso.mobileeid.device.service.tx.TxSignatureServiceImpl.3
                @Override // lv.euso.mobileeid.device.service.HttpTransport.HttpTransportResponseHandler
                public void error(Exception exc) {
                    signatureServiceHandler.error(exc);
                }

                @Override // lv.euso.mobileeid.device.service.HttpTransport.HttpTransportResponseHandler
                public void handle(HttpTransport.HttpTransportResponse httpTransportResponse) {
                    int i2 = httpTransportResponse.code;
                    if (i2 != 204) {
                        if (i2 != 404) {
                            error(new Exception("Unexpected response code: " + httpTransportResponse.code));
                            return;
                        }
                        TxSignatureServiceImpl.logger.debug("Signature process is not existing (expired). Silencing.");
                    }
                    signatureServiceHandler.handle(SignatureService.SignatureServiceHandler.RESULT_OK, false);
                }
            });
        } catch (Exception e) {
            signatureServiceHandler.error(e);
        }
    }

    public void synchronize(String[] strArr, final SignatureService.SignatureServiceHandler<String> signatureServiceHandler) {
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            arrayList.add(Collections.singletonMap(RegAppOperation.PARAMETER_ID, str));
        }
        hashMap.put("device_id", this.device.getId());
        hashMap.put("sign_identities_groups", arrayList);
        this.httpTransport.execute(this.device.getSyncronizationUri(), HttpTransport.METHOD_POST, HttpTransport.CONTENT_TYPE_JSON, createAuthorizationToken(), Serializer.toJson(hashMap), new HttpTransport.HttpTransportResponseHandler() { // from class: lv.euso.mobileeid.device.service.tx.TxSignatureServiceImpl.4
            @Override // lv.euso.mobileeid.device.service.HttpTransport.HttpTransportResponseHandler
            public void error(Exception exc) {
                signatureServiceHandler.error(exc);
            }

            @Override // lv.euso.mobileeid.device.service.HttpTransport.HttpTransportResponseHandler
            public void handle(HttpTransport.HttpTransportResponse httpTransportResponse) {
                if (httpTransportResponse.code == 200) {
                    signatureServiceHandler.handle(SignatureService.SignatureServiceHandler.RESULT_OK, false);
                    return;
                }
                if (httpTransportResponse.code != 401) {
                    error(new Exception("Unexpected response code: " + httpTransportResponse.code));
                    return;
                }
                Exception exc = new Exception("Unexpected response code: " + httpTransportResponse.code);
                String str2 = httpTransportResponse.headers.get("Www-Authenticate");
                if (str2 != null) {
                    String str3 = "";
                    String str4 = str3;
                    for (String str5 : str2.split("\\s*,\\s*")) {
                        if (str5.startsWith("error=")) {
                            str3 = str5.substring("error=".length(), str5.length()).replace("\"", "");
                        }
                        if (str5.startsWith("error_description=")) {
                            str4 = str5.substring("error_description=".length(), str5.length()).replace("\"", "");
                        }
                    }
                    TxSignatureServiceImpl.logger.debug("error: " + str3);
                    TxSignatureServiceImpl.logger.debug("errorDescription: " + str4);
                    if ("invalid_token".equals(str3) && "device_not_found".equals(str4)) {
                        exc = new SignatureService.InvalidTokenException("deviceRegistrationCanceled");
                    }
                }
                error(exc);
            }
        });
    }

    @Override // lv.euso.mobileeid.device.service.SignatureService
    public void unregister(SignatureService.SignatureServiceHandler<String> signatureServiceHandler) {
        synchronize(new String[0], signatureServiceHandler);
    }

    @Override // lv.euso.mobileeid.device.service.SignatureService
    public void update(DevicePropertyUpdateRequest devicePropertyUpdateRequest, final SignatureService.SignatureServiceHandler<String> signatureServiceHandler) {
        try {
            Map<String, String> properties = devicePropertyUpdateRequest.getProperties();
            HashMap hashMap = new HashMap();
            hashMap.put(RegAppOperation.PARAMETER_ID, properties.get(MobileEidConstants.KEY_PROXY_SUBSCRIBER));
            hashMap.put("type", properties.get(MobileEidConstants.KEY_PROXY_SUBSCRIBER_TYPE));
            this.httpTransport.execute(this.device.getUri() + "/notifications", HttpTransport.METHOD_PUT, HttpTransport.CONTENT_TYPE_JSON, createAuthorizationToken(), Serializer.toJson(hashMap), new HttpTransport.HttpTransportResponseHandler() { // from class: lv.euso.mobileeid.device.service.tx.TxSignatureServiceImpl.1
                @Override // lv.euso.mobileeid.device.service.HttpTransport.HttpTransportResponseHandler
                public void error(Exception exc) {
                    signatureServiceHandler.error(exc);
                }

                @Override // lv.euso.mobileeid.device.service.HttpTransport.HttpTransportResponseHandler
                public void handle(HttpTransport.HttpTransportResponse httpTransportResponse) {
                    if (httpTransportResponse.code != 204) {
                        error(new Exception("Unexpected response code: " + httpTransportResponse.code));
                    } else {
                        signatureServiceHandler.handle(null, false);
                    }
                }
            });
        } catch (Exception e) {
            signatureServiceHandler.error(e);
        }
    }
}
