package com.twofours.surespot.identity;

import android.annotation.TargetApi;
import android.app.Activity;
import android.app.KeyguardManager;
import android.content.Context;
import android.content.Intent;
import android.os.AsyncTask;
import android.os.Build;
import com.google.api.client.http.HttpStatusCodes;
import com.google.common.collect.ComparisonChain;
import com.google.common.collect.Ordering;
import com.twofours.surespot.R;
import com.twofours.surespot.StateController;
import com.twofours.surespot.SurespotApplication;
import com.twofours.surespot.SurespotConstants;
import com.twofours.surespot.SurespotLog;
import com.twofours.surespot.activities.LoginActivity;
import com.twofours.surespot.chat.ChatController;
import com.twofours.surespot.chat.ChatManager;
import com.twofours.surespot.encryption.EncryptionController;
import com.twofours.surespot.encryption.PrivateKeyPairs;
import com.twofours.surespot.encryption.PublicKeys;
import com.twofours.surespot.images.FileCacheController;
import com.twofours.surespot.network.IAsyncCallback;
import com.twofours.surespot.network.IAsyncCallbackTuple;
import com.twofours.surespot.network.NetworkManager;
import com.twofours.surespot.services.CredentialCachingService;
import com.twofours.surespot.utils.ChatUtils;
import com.twofours.surespot.utils.FileUtils;
import com.twofours.surespot.utils.UIUtils;
import com.twofours.surespot.utils.Utils;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.FilenameFilter;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyException;
import java.security.KeyPair;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import okhttp3.Call;
import okhttp3.Callback;
import okhttp3.Cookie;
import okhttp3.Response;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.nick.androidkeystore.android.security.KeyStore;
import org.nick.androidkeystore.android.security.KeyStoreJb43;
import org.nick.androidkeystore.android.security.KeyStoreKk;
import org.nick.androidkeystore.android.security.KeyStoreM;
import org.spongycastle.jce.interfaces.ECPublicKey;

/* loaded from: classes.dex */
public class IdentityController {
    public static final String CACHE_IDENTITY_ID = "_cache_identity";
    public static final String EXPORT_IDENTITY_ID = "_export_identity";
    public static final String IDENTITY_EXTENSION = ".ssi";
    private static final boolean IS_JB;
    private static final boolean IS_JB43;
    private static final boolean IS_KK;
    private static final boolean IS_M;
    public static final String OLD_UNLOCK_ACTION = "android.credentials.UNLOCK";
    public static final String PUBLICKEYPAIR_EXTENSION = ".spk";
    public static final String RESET_ACTION = "com.android.credentials.RESET";
    private static final String TAG = "IdentityController";
    public static final String UNLOCK_ACTION = "com.android.credentials.UNLOCK";
    public static Boolean USE_PUBLIC_KEYSTORE_M;
    private static boolean mHasIdentity;
    private static KeyStore mKs;
    public static final Object IDENTITY_FILE_LOCK = new Object();
    private static Map<String, String> mPasswords = new HashMap(5);

    static {
        IS_JB43 = Build.VERSION.SDK_INT >= 18;
        IS_JB = Build.VERSION.SDK_INT >= 16;
        IS_KK = Build.VERSION.SDK_INT >= 19;
        IS_M = Build.VERSION.SDK_INT >= 23;
        USE_PUBLIC_KEYSTORE_M = false;
    }

    public static String caseInsensitivize(String str) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if (Character.isUpperCase(charAt)) {
                sb.append("_");
                sb.append(charAt);
            } else {
                sb.append(charAt);
            }
        }
        return sb.toString();
    }

    private static String caseSensitivize(String str) {
        StringBuilder sb = new StringBuilder();
        int i = 0;
        while (i < str.length()) {
            char charAt = str.charAt(i);
            if (charAt == '_') {
                i++;
                sb.append(Character.toUpperCase(str.charAt(i)));
            } else {
                sb.append(charAt);
            }
            i++;
        }
        return sb.toString();
    }

    public static boolean clearStoredPasswordForIdentity(Context context, String str) {
        if (str != null) {
            mPasswords.remove(str);
            if (USE_PUBLIC_KEYSTORE_M.booleanValue()) {
                try {
                    java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore");
                    keyStore.load(null);
                    keyStore.deleteEntry(str);
                    return true;
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                    e.printStackTrace();
                    SurespotLog.d(TAG, "Error clearing stored password: " + e.getMessage());
                    return false;
                }
            }
            if (isKeystoreUnlocked(context, str)) {
                return mKs.delete(str);
            }
        }
        return false;
    }

    public static synchronized void createIdentity(Context context, String str, String str2, String str3, KeyPair keyPair, KeyPair keyPair2, Cookie cookie) {
        synchronized (IdentityController.class) {
            SurespotIdentity surespotIdentity = new SurespotIdentity(str, str3);
            surespotIdentity.addKeyPairs("1", keyPair, keyPair2);
            saveIdentity(context, true, surespotIdentity, str2 + CACHE_IDENTITY_ID);
            setLoggedInUser(context, surespotIdentity, cookie, str2);
        }
    }

    private static SurespotIdentity decryptIdentity(byte[] bArr, String str, String str2, boolean z) {
        String symmetricDecryptSyncPK = EncryptionController.symmetricDecryptSyncPK(str2, bArr);
        if (symmetricDecryptSyncPK == null) {
            SurespotLog.w(TAG, "could not decrypt identity: %s", str);
            return null;
        }
        try {
            JSONObject jSONObject = new JSONObject(symmetricDecryptSyncPK);
            SurespotIdentity surespotIdentity = new SurespotIdentity(jSONObject.getString("username"), jSONObject.getString("salt"));
            JSONArray jSONArray = jSONObject.getJSONArray("keys");
            for (int i = 0; i < jSONArray.length(); i++) {
                JSONObject jSONObject2 = jSONArray.getJSONObject(i);
                surespotIdentity.addKeyPairs(jSONObject2.getString("version"), new KeyPair(EncryptionController.recreatePublicKey("ECDH", jSONObject2.getString("dhPub")), EncryptionController.recreatePrivateKey("ECDH", jSONObject2.getString("dhPriv"))), new KeyPair(EncryptionController.recreatePublicKey("ECDSA", jSONObject2.getString("dsaPub")), EncryptionController.recreatePrivateKey("ECDSA", jSONObject2.getString("dsaPriv"))));
            }
            return surespotIdentity;
        } catch (JSONException unused) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized void deleteIdentity(Context context, String str, boolean z) {
        synchronized (IdentityController.class) {
            mHasIdentity = false;
            boolean equals = str.equals(getLoggedInUser());
            CredentialCachingService cachingService = SurespotApplication.getCachingService(context);
            if (cachingService != null) {
                cachingService.clearIdentityData(str, true);
            }
            logout(context, str, true);
            NetworkManager.getNetworkController(context, str).clearCache();
            FileCacheController fileCacheController = SurespotApplication.getFileCacheController();
            if (fileCacheController != null) {
                fileCacheController.clearCache();
            }
            StateController.wipeState(context, str);
            synchronized (IDENTITY_FILE_LOCK) {
                new File(FileUtils.getIdentityDir(context) + File.separator + str + IDENTITY_EXTENSION).delete();
                if (!z) {
                    new File(FileUtils.getIdentityExportDir() + File.separator + caseInsensitivize(str) + IDENTITY_EXTENSION).delete();
                }
            }
            if (equals) {
                UIUtils.launchMainActivityDeleted(context);
            }
        }
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [com.twofours.surespot.identity.IdentityController$8] */
    public static void destroyKeystore() {
        if (USE_PUBLIC_KEYSTORE_M.booleanValue()) {
            AndroidMKeystoreController.destroyMKeystore();
        }
        if (mKs != null) {
            new AsyncTask<Void, Void, Void>() { // from class: com.twofours.surespot.identity.IdentityController.8
                /* JADX INFO: Access modifiers changed from: protected */
                @Override // android.os.AsyncTask
                public Void doInBackground(Void... voidArr) {
                    for (String str : IdentityController.mKs.saw("")) {
                        boolean delete = IdentityController.mKs.delete(str);
                        SurespotLog.d(IdentityController.TAG, String.format("delete key '%s' success: %s", str, Boolean.valueOf(delete)));
                        if (!delete && IdentityController.IS_JB) {
                            SurespotLog.d(IdentityController.TAG, String.format("delKey '%s' success: %s", str, Boolean.valueOf(IdentityController.mKs.delKey(str))));
                        }
                    }
                    KeyStore unused = IdentityController.mKs = null;
                    return null;
                }
            }.execute(new Void[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] encryptIdentity(SurespotIdentity surespotIdentity, String str) {
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put("username", surespotIdentity.getUsername());
            jSONObject.put("salt", surespotIdentity.getSalt());
            JSONArray jSONArray = new JSONArray();
            for (PrivateKeyPairs privateKeyPairs : surespotIdentity.getKeyPairs()) {
                JSONObject jSONObject2 = new JSONObject();
                jSONObject2.put("version", privateKeyPairs.getVersion());
                jSONObject2.put("dhPriv", new String(ChatUtils.base64EncodeNowrap(privateKeyPairs.getKeyPairDH().getPrivate().getEncoded())));
                jSONObject2.put("dhPub", EncryptionController.encodePublicKey(privateKeyPairs.getKeyPairDH().getPublic()));
                jSONObject2.put("dsaPriv", new String(ChatUtils.base64EncodeNowrap(privateKeyPairs.getKeyPairDSA().getPrivate().getEncoded())));
                jSONObject2.put("dsaPub", EncryptionController.encodePublicKey(privateKeyPairs.getKeyPairDSA().getPublic()));
                jSONArray.put(jSONObject2);
            }
            jSONObject.put("keys", jSONArray);
            return EncryptionController.symmetricEncryptSyncPK(str, jSONObject.toString());
        } catch (JSONException e) {
            SurespotLog.w(TAG, e, "encryptIdentity", new Object[0]);
            return null;
        }
    }

    public static boolean ensureIdentityFile(Context context, String str, boolean z) {
        String identityDir = getIdentityDir(context);
        File file = new File(identityDir);
        file.mkdirs();
        if (!file.isDirectory()) {
            return false;
        }
        File file2 = new File(identityDir + File.separator + (str + IDENTITY_EXTENSION));
        boolean exists = file2.exists();
        if (exists && !z) {
            return false;
        }
        if (exists) {
            return file2.isFile() && file2.canWrite();
        }
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(file2);
            fileOutputStream.write(new byte[10000]);
            fileOutputStream.close();
            file2.delete();
            return true;
        } catch (IOException unused) {
            return false;
        }
    }

    public static void exportIdentity(final Context context, String str, final String str2, final IAsyncCallback<String> iAsyncCallback) {
        final SurespotIdentity identity = getIdentity(context, str, str2);
        if (identity == null) {
            iAsyncCallback.handleResponse(null);
            return;
        }
        final String username = identity.getUsername();
        if (!FileUtils.ensureDir(FileUtils.getIdentityExportDir().getPath())) {
            iAsyncCallback.handleResponse(null);
        } else {
            String str3 = new String(ChatUtils.base64EncodeNowrap(EncryptionController.derive(str2, ChatUtils.base64DecodeNowrap(identity.getSalt()))));
            NetworkManager.getNetworkController(context, str).validate(str, str3, EncryptionController.sign(identity.getKeyPairDSA().getPrivate(), str, str3), new Callback() { // from class: com.twofours.surespot.identity.IdentityController.4
                @Override // okhttp3.Callback
                public void onFailure(Call call, IOException iOException) {
                    IAsyncCallback.this.handleResponse(null);
                }

                @Override // okhttp3.Callback
                public void onResponse(Call call, Response response) throws IOException {
                    if (response.isSuccessful()) {
                        String saveIdentity = IdentityController.saveIdentity(null, false, identity, str2 + IdentityController.EXPORT_IDENTITY_ID);
                        IAsyncCallback.this.handleResponse(saveIdentity != null ? context.getString(R.string.backed_up_identity_to_path, username, saveIdentity) : null);
                        return;
                    }
                    switch (response.code()) {
                        case HttpStatusCodes.STATUS_CODE_FORBIDDEN /* 403 */:
                            IAsyncCallback.this.handleResponse(context.getString(R.string.incorrect_password_or_key));
                            return;
                        case HttpStatusCodes.STATUS_CODE_NOT_FOUND /* 404 */:
                            IAsyncCallback.this.handleResponse(context.getString(R.string.incorrect_password_or_key));
                            return;
                        default:
                            SurespotLog.i(IdentityController.TAG, "importIdentity unexpected HTTP response code: %d", Integer.valueOf(response.code()));
                            IAsyncCallback.this.handleResponse(null);
                            return;
                    }
                }
            });
        }
    }

    public static Cookie getCookieForUser(Context context, String str) {
        CredentialCachingService cachingService = SurespotApplication.getCachingService(context);
        if (cachingService == null || str == null) {
            return null;
        }
        SurespotLog.d(TAG, "getting cookie for %s", str);
        Cookie cookie = cachingService.getCookie(str);
        SurespotLog.d(TAG, "returning cookie: %s", cookie);
        return cookie;
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [com.twofours.surespot.identity.IdentityController$1] */
    public static void getExportIdentity(final Activity activity, final String str, final String str2, final IAsyncCallbackTuple<byte[], String> iAsyncCallbackTuple) {
        new AsyncTask<Void, Void, Void>() { // from class: com.twofours.surespot.identity.IdentityController.1
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // android.os.AsyncTask
            public Void doInBackground(Void... voidArr) {
                final SurespotIdentity identity = IdentityController.getIdentity(activity, str, str2);
                if (identity == null) {
                    iAsyncCallbackTuple.handleResponse(null, null);
                }
                String str3 = new String(ChatUtils.base64EncodeNowrap(EncryptionController.derive(str2, ChatUtils.base64DecodeNowrap(identity.getSalt()))));
                NetworkManager.getNetworkController(activity, str).validate(str, str3, EncryptionController.sign(identity.getKeyPairDSA().getPrivate(), str, str3), new Callback() { // from class: com.twofours.surespot.identity.IdentityController.1.1
                    @Override // okhttp3.Callback
                    public void onFailure(Call call, IOException iOException) {
                        iAsyncCallbackTuple.handleResponse(null, null);
                    }

                    @Override // okhttp3.Callback
                    public void onResponse(Call call, Response response) throws IOException {
                        if (response.isSuccessful()) {
                            iAsyncCallbackTuple.handleResponse(IdentityController.encryptIdentity(identity, str2 + IdentityController.EXPORT_IDENTITY_ID), null);
                            return;
                        }
                        switch (response.code()) {
                            case HttpStatusCodes.STATUS_CODE_FORBIDDEN /* 403 */:
                                iAsyncCallbackTuple.handleResponse(null, activity.getString(R.string.incorrect_password_or_key));
                                return;
                            case HttpStatusCodes.STATUS_CODE_NOT_FOUND /* 404 */:
                                iAsyncCallbackTuple.handleResponse(null, activity.getString(R.string.incorrect_password_or_key));
                                return;
                            default:
                                SurespotLog.i(IdentityController.TAG, "exportIdentity unexpected http response: %d", Integer.valueOf(response.code()));
                                iAsyncCallbackTuple.handleResponse(null, null);
                                return;
                        }
                    }
                });
                return null;
            }
        }.execute(new Void[0]);
    }

    public static File[] getExportIdentityFiles(Context context, String str) {
        return new File(str).listFiles(new FilenameFilter() { // from class: com.twofours.surespot.identity.IdentityController.7
            @Override // java.io.FilenameFilter
            public boolean accept(File file, String str2) {
                return str2.endsWith(IdentityController.IDENTITY_EXTENSION);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SurespotIdentity getIdentity(Context context, String str) {
        return getIdentity(context, str, null);
    }

    public static SurespotIdentity getIdentity(Context context, String str, String str2) {
        CredentialCachingService cachingService;
        if (str == null || (cachingService = SurespotApplication.getCachingService(context)) == null) {
            return null;
        }
        return cachingService.getIdentity(context, str, str2);
    }

    public static synchronized int getIdentityCount(Context context) {
        int size;
        synchronized (IdentityController.class) {
            size = getIdentityNames(context, FileUtils.getIdentityDir(context)).size();
        }
        return size;
    }

    private static String getIdentityDir(Context context) {
        return FileUtils.getIdentityDir(context);
    }

    public static String getIdentityNameFromFile(File file) {
        return getIdentityNameFromFilename(file.getName());
    }

    public static String getIdentityNameFromFilename(String str) {
        return caseSensitivize(str.substring(0, str.length() - IDENTITY_EXTENSION.length()));
    }

    public static List<String> getIdentityNames(Context context) {
        return getIdentityNames(context, FileUtils.getIdentityDir(context));
    }

    public static List<String> getIdentityNames(Context context, String str) {
        ArrayList arrayList = new ArrayList();
        File[] listFiles = new File(str).listFiles(new FilenameFilter() { // from class: com.twofours.surespot.identity.IdentityController.5
            @Override // java.io.FilenameFilter
            public boolean accept(File file, String str2) {
                return str2.endsWith(IdentityController.IDENTITY_EXTENSION);
            }
        });
        if (listFiles != null) {
            for (File file : listFiles) {
                arrayList.add(caseSensitivize(file.getName().substring(0, file.getName().length() - IDENTITY_EXTENSION.length())));
            }
        }
        Collections.sort(arrayList, new Comparator<String>() { // from class: com.twofours.surespot.identity.IdentityController.6
            @Override // java.util.Comparator
            public int compare(String str2, String str3) {
                return ComparisonChain.start().compare(str2.toLowerCase(), str3.toLowerCase(), Ordering.natural()).result();
            }
        });
        return arrayList;
    }

    public static String getKeyStorePasswordForIdentity(Context context, String str) {
        SurespotLog.d(TAG, "getKeyStorePasswordForIdentity: %s", str);
        if (USE_PUBLIC_KEYSTORE_M.booleanValue()) {
            try {
                return AndroidMKeystoreController.loadEncryptedPassword(context, str, false);
            } catch (InvalidKeyException e) {
                SurespotLog.d(TAG, "InvalidKeyException loading encrypted password for %s: " + e.getMessage(), str);
                return null;
            }
        }
        if (isKeystoreUnlocked(context, str)) {
            byte[] bArr = mKs.get(str);
            if (bArr != null) {
                SurespotLog.d(TAG, "getStoredPasswordForIdentity...found password for %s", str);
                return new String(bArr);
            }
        } else {
            SurespotLog.d(TAG, "getStoredPasswordForIdentity...keystore locked");
        }
        return null;
    }

    public static KeyStore getKeystore() {
        return mKs;
    }

    public static String getLastLoggedInUser(Context context) {
        return Utils.getSharedPrefsString(context, SurespotConstants.PrefNames.LAST_USER);
    }

    public static String getLoggedInUser() {
        return ChatManager.getLoggedInUser();
    }

    public static String getOurLatestVersion(Context context, String str) {
        SurespotIdentity identity;
        CredentialCachingService cachingService = SurespotApplication.getCachingService(context);
        if (cachingService == null || (identity = cachingService.getIdentity(context, str, null)) == null) {
            return null;
        }
        return identity.getLatestVersion();
    }

    private static PublicKeys getPublicKeyPair(Context context, String str, String str2, JSONObject jSONObject) {
        JSONObject verifyPublicKeyPair;
        try {
            if (!jSONObject.getString("version").equals(str2) || (verifyPublicKeyPair = verifyPublicKeyPair(jSONObject)) == null) {
                return null;
            }
            String string = verifyPublicKeyPair.getString("dhPub");
            String string2 = verifyPublicKeyPair.getString("dsaPub");
            ECPublicKey recreatePublicKey = EncryptionController.recreatePublicKey("ECDH", string);
            ECPublicKey recreatePublicKey2 = EncryptionController.recreatePublicKey("ECDSA", string2);
            savePublicKeyPair(context, str, str2, verifyPublicKeyPair.toString());
            SurespotLog.i(TAG, "loaded public keys from server for username %s", str);
            return new PublicKeys(str2, recreatePublicKey, recreatePublicKey2, new Date().getTime());
        } catch (JSONException e) {
            SurespotLog.w(TAG, e, "recreatePublicKeyPair", new Object[0]);
            return null;
        }
    }

    public static PublicKeys getPublicKeyPair2(Context context, String str, String str2, String str3) {
        PublicKeys publicKeys;
        if (context == null) {
            return null;
        }
        int parseInt = Integer.parseInt(str3, 10);
        Hashtable hashtable = new Hashtable();
        Hashtable hashtable2 = new Hashtable();
        Hashtable hashtable3 = new Hashtable();
        int i = parseInt;
        while (true) {
            if (i <= 0) {
                publicKeys = null;
                i = 0;
                break;
            }
            publicKeys = loadPublicKeyPair(context, str2, Integer.toString(i, 10));
            if (publicKeys != null) {
                break;
            }
            i--;
        }
        if (publicKeys != null && parseInt == i) {
            return publicKeys;
        }
        int i2 = i + 1;
        String publicKeysSync = NetworkManager.getNetworkController(context, str).getPublicKeysSync(str2, Integer.toString(i2, 10));
        if (publicKeysSync == null) {
            return null;
        }
        try {
            JSONArray jSONArray = new JSONArray(publicKeysSync);
            for (int i3 = 0; i3 < jSONArray.length(); i3++) {
                JSONObject jSONObject = jSONArray.getJSONObject(i3);
                int i4 = jSONObject.getInt("version");
                String string = jSONObject.getString("dsaPub");
                String string2 = jSONObject.getString("dhPub");
                hashtable.put(Integer.valueOf(i4), EncryptionController.recreatePublicKey("ECDSA", string));
                hashtable2.put(Integer.valueOf(i4), EncryptionController.recreatePublicKey("ECDH", string2));
                hashtable3.put(Integer.valueOf(i4), jSONObject);
            }
            JSONObject jSONObject2 = (JSONObject) hashtable3.get(Integer.valueOf(parseInt));
            if (jSONObject2.has("clientSig2")) {
                SurespotLog.d(TAG, "Validating username: %s, version: %s, keys using v3 code", str2, str3);
                PublicKey dSAKey = publicKeys != null ? publicKeys.getDSAKey() : (PublicKey) hashtable.get(1);
                int i5 = i2;
                PublicKey publicKey = null;
                PublicKey publicKey2 = null;
                while (i5 <= parseInt) {
                    PublicKey publicKey3 = (PublicKey) hashtable2.get(Integer.valueOf(i5));
                    PublicKey publicKey4 = (PublicKey) hashtable.get(Integer.valueOf(i5));
                    String str4 = new String(ChatUtils.base64EncodeNowrap(publicKey3.getEncoded()));
                    String str5 = new String(ChatUtils.base64EncodeNowrap(publicKey4.getEncoded()));
                    if (!EncryptionController.verifySig(EncryptionController.ServerPublicKey, ((JSONObject) hashtable3.get(Integer.valueOf(i5))).getString("serverSig2"), str2, i5, str4, str5) || !EncryptionController.verifySig(dSAKey, ((JSONObject) hashtable3.get(Integer.valueOf(i5))).getString("clientSig2"), str2, i5, str4, str5)) {
                        return null;
                    }
                    savePublicKeyPair(context, str2, String.valueOf(i5), ((JSONObject) hashtable3.get(Integer.valueOf(i5))).toString());
                    dSAKey = (PublicKey) hashtable.get(Integer.valueOf(i5));
                    i5++;
                    publicKey = publicKey3;
                    publicKey2 = publicKey4;
                }
                SurespotLog.i(TAG, "loaded and verified public keys from server for username %s", str2);
                return new PublicKeys(str3, publicKey, publicKey2, new Date().getTime());
            }
            if (!jSONObject2.has("clientSig")) {
                SurespotLog.d(TAG, "Validating username: %s, version: %s, keys using v1 code", str2, str3);
                return getPublicKeyPair(context, str2, str3, jSONObject2);
            }
            SurespotLog.d(TAG, "Validating username: %s, version: %s, keys using v2 code", str2, str3);
            PublicKey dSAKey2 = publicKeys != null ? publicKeys.getDSAKey() : (PublicKey) hashtable.get(1);
            for (int i6 = i2; i6 <= parseInt; i6++) {
                JSONObject jSONObject3 = (JSONObject) hashtable3.get(Integer.valueOf(i6));
                String string3 = jSONObject3.getString("dhPub");
                String string4 = jSONObject3.getString("dsaPub");
                if (!EncryptionController.verifySig(EncryptionController.ServerPublicKey, ((JSONObject) hashtable3.get(Integer.valueOf(i6))).getString("serverSig"), str2, i6, string3, string4) || !EncryptionController.verifySig(dSAKey2, ((JSONObject) hashtable3.get(Integer.valueOf(i6))).getString("clientSig"), str2, i6, string3, string4)) {
                    return null;
                }
                savePublicKeyPair(context, str2, String.valueOf(i6), jSONObject3.toString());
                dSAKey2 = (PublicKey) hashtable.get(Integer.valueOf(i6));
            }
            PublicKey publicKey5 = (PublicKey) hashtable2.get(Integer.valueOf(parseInt));
            PublicKey publicKey6 = (PublicKey) hashtable.get(Integer.valueOf(parseInt));
            SurespotLog.i(TAG, "loaded and verified public keys from server for username %s", str2);
            return new PublicKeys(str3, publicKey5, publicKey6, new Date().getTime());
        } catch (JSONException e) {
            SurespotLog.w(TAG, e, "recreatePublicKeyPair", new Object[0]);
            return null;
        }
    }

    public static String getStoredPasswordForIdentity(Context context, String str) {
        SurespotLog.d(TAG, "getStoredPasswordForIdentity: %s", str);
        if (str == null) {
            return null;
        }
        String str2 = mPasswords.get(str);
        return str2 != null ? str2 : getKeyStorePasswordForIdentity(context, str);
    }

    public static String getTheirLatestVersion(Context context, String str, String str2) {
        CredentialCachingService cachingService = SurespotApplication.getCachingService(context);
        if (cachingService != null) {
            return cachingService.getLatestVersion(str, str2);
        }
        return null;
    }

    public static boolean hasIdentity(Context context) {
        if (!mHasIdentity) {
            mHasIdentity = getIdentityNames(context).size() > 0;
        }
        return mHasIdentity;
    }

    public static boolean hasLoggedInUser() {
        return getLoggedInUser() != null;
    }

    public static boolean identityFileExists(Context context, String str) {
        return new File(getIdentityDir(context) + File.separator + (str + IDENTITY_EXTENSION)).exists();
    }

    public static void importIdentity(final Activity activity, File file, String str, final String str2, final IAsyncCallback<IdentityOperationResult> iAsyncCallback) {
        final SurespotIdentity loadIdentity = loadIdentity(activity, false, str, str2 + EXPORT_IDENTITY_ID);
        if (loadIdentity == null) {
            iAsyncCallback.handleResponse(new IdentityOperationResult(activity.getString(R.string.could_not_restore_identity_name, new Object[]{str}), false));
            return;
        }
        byte[] base64DecodeNowrap = ChatUtils.base64DecodeNowrap(loadIdentity.getSalt());
        final String username = loadIdentity.getUsername();
        String str3 = new String(ChatUtils.base64EncodeNowrap(EncryptionController.derive(str2, base64DecodeNowrap)));
        NetworkManager.getNetworkController(activity, str).validate(username, str3, EncryptionController.sign(loadIdentity.getKeyPairDSA().getPrivate(), username, str3), new Callback() { // from class: com.twofours.surespot.identity.IdentityController.2
            @Override // okhttp3.Callback
            public void onFailure(Call call, IOException iOException) {
                IAsyncCallback.this.handleResponse(new IdentityOperationResult(activity.getString(R.string.could_not_restore_identity_name, new Object[]{username}), false));
            }

            @Override // okhttp3.Callback
            public void onResponse(Call call, Response response) throws IOException {
                if (!response.isSuccessful()) {
                    switch (response.code()) {
                        case HttpStatusCodes.STATUS_CODE_FORBIDDEN /* 403 */:
                            IAsyncCallback.this.handleResponse(new IdentityOperationResult(activity.getString(R.string.incorrect_password_or_key), false));
                            return;
                        case HttpStatusCodes.STATUS_CODE_NOT_FOUND /* 404 */:
                            IAsyncCallback.this.handleResponse(new IdentityOperationResult(activity.getString(R.string.no_such_user), false));
                            return;
                        default:
                            SurespotLog.i(IdentityController.TAG, "importIdentity unexpected HTTP response code: %d", Integer.valueOf(response.code()));
                            IAsyncCallback.this.handleResponse(new IdentityOperationResult(activity.getString(R.string.could_not_restore_identity_name, new Object[]{username}), false));
                            return;
                    }
                }
                if (IdentityController.saveIdentity(activity, true, loadIdentity, str2 + IdentityController.CACHE_IDENTITY_ID) == null) {
                    IAsyncCallback.this.handleResponse(new IdentityOperationResult(activity.getString(R.string.could_not_restore_identity_name, new Object[]{username}), false));
                    return;
                }
                IdentityController.updateKeychainPassword(activity, username, str2);
                CredentialCachingService cachingService = SurespotApplication.getCachingService(activity);
                if (cachingService != null) {
                    cachingService.updateIdentity(loadIdentity, true);
                }
                IAsyncCallback.this.handleResponse(new IdentityOperationResult(activity.getString(R.string.identity_imported_successfully, new Object[]{username}), true));
            }
        });
    }

    public static void importIdentityBytes(final Activity activity, final String str, final String str2, byte[] bArr, final IAsyncCallback<IdentityOperationResult> iAsyncCallback) {
        final SurespotIdentity decryptIdentity = decryptIdentity(bArr, str, str2 + EXPORT_IDENTITY_ID, true);
        if (decryptIdentity == null) {
            iAsyncCallback.handleResponse(new IdentityOperationResult(activity.getString(R.string.could_not_restore_identity_name, new Object[]{str}), false));
            return;
        }
        byte[] base64DecodeNowrap = ChatUtils.base64DecodeNowrap(decryptIdentity.getSalt());
        final String username = decryptIdentity.getUsername();
        String str3 = new String(ChatUtils.base64EncodeNowrap(EncryptionController.derive(str2, base64DecodeNowrap)));
        NetworkManager.getNetworkController(activity, str).validate(username, str3, EncryptionController.sign(decryptIdentity.getKeyPairDSA().getPrivate(), username, str3), new Callback() { // from class: com.twofours.surespot.identity.IdentityController.3
            @Override // okhttp3.Callback
            public void onFailure(Call call, IOException iOException) {
                IAsyncCallback.this.handleResponse(new IdentityOperationResult(activity.getString(R.string.could_not_restore_identity_name, new Object[]{str}), false));
            }

            @Override // okhttp3.Callback
            public void onResponse(Call call, Response response) throws IOException {
                if (!response.isSuccessful()) {
                    switch (response.code()) {
                        case HttpStatusCodes.STATUS_CODE_FORBIDDEN /* 403 */:
                            IAsyncCallback.this.handleResponse(new IdentityOperationResult(activity.getString(R.string.incorrect_password_or_key), false));
                            return;
                        case HttpStatusCodes.STATUS_CODE_NOT_FOUND /* 404 */:
                            IAsyncCallback.this.handleResponse(new IdentityOperationResult(activity.getString(R.string.no_such_user), false));
                            return;
                        default:
                            SurespotLog.i(IdentityController.TAG, "importIdentityBytes unexpected HTTP response code: %d", Integer.valueOf(response.code()));
                            IAsyncCallback.this.handleResponse(new IdentityOperationResult(activity.getString(R.string.could_not_restore_identity_name, new Object[]{str}), false));
                            return;
                    }
                }
                if (IdentityController.saveIdentity(activity, true, decryptIdentity, str2 + IdentityController.CACHE_IDENTITY_ID) == null) {
                    IAsyncCallback.this.handleResponse(new IdentityOperationResult(activity.getString(R.string.could_not_restore_identity_name, new Object[]{str}), false));
                    return;
                }
                IdentityController.updateKeychainPassword(activity, username, str2);
                CredentialCachingService cachingService = SurespotApplication.getCachingService(activity);
                if (cachingService != null) {
                    cachingService.updateIdentity(decryptIdentity, true);
                }
                IAsyncCallback.this.handleResponse(new IdentityOperationResult(activity.getString(R.string.identity_imported_successfully, new Object[]{username}), true));
            }
        });
    }

    public static void initKeystore() {
        SurespotLog.d(TAG, "initKeyStore");
        if (mKs == null) {
            if (IS_M) {
                USE_PUBLIC_KEYSTORE_M = true;
                if (USE_PUBLIC_KEYSTORE_M.booleanValue()) {
                    return;
                }
                mKs = KeyStoreM.getInstance();
                return;
            }
            if (IS_KK) {
                mKs = KeyStoreKk.getInstance();
            } else if (IS_JB43) {
                mKs = KeyStoreJb43.getInstance();
            } else {
                mKs = KeyStore.getInstance();
            }
        }
    }

    @TargetApi(16)
    private static boolean isAndroidMKeystoreSecure(Context context) {
        return ((KeyguardManager) context.getSystemService("keyguard")).isKeyguardSecure();
    }

    public static boolean isKeystoreUnlocked(Context context, String str) {
        if (USE_PUBLIC_KEYSTORE_M.booleanValue()) {
            if (!isAndroidMKeystoreSecure(context)) {
                Utils.makeLongToast(context, context.getString(R.string.secure_lock_screen_not_set_up));
            }
            try {
                AndroidMKeystoreController.loadEncryptedPassword(context, str, true);
            } catch (InvalidKeyException unused) {
            }
            return true;
        }
        if (mKs == null) {
            initKeystore();
        }
        if (mKs == null) {
            return false;
        }
        try {
            mKs.state();
            KeyStore.State state = KeyStore.State.UNINITIALIZED;
            return mKs.state() == KeyStore.State.UNLOCKED;
        } catch (Exception unused2) {
            return false;
        }
    }

    private static void launchLoginActivity(Context context) {
        Intent intent = new Intent(context, (Class<?>) LoginActivity.class);
        intent.putExtra("401", true);
        intent.addFlags(268468224);
        context.startActivity(intent);
    }

    public static synchronized SurespotIdentity loadIdentity(Context context, String str, String str2) {
        SurespotIdentity loadIdentity;
        synchronized (IdentityController.class) {
            loadIdentity = loadIdentity(context, true, str, str2 + CACHE_IDENTITY_ID);
        }
        return loadIdentity;
    }

    private static synchronized SurespotIdentity loadIdentity(Context context, boolean z, String str, String str2) {
        String absolutePath;
        String str3;
        boolean z2;
        byte[] gunzipIfNecessary;
        synchronized (IdentityController.class) {
            try {
                if (z) {
                    absolutePath = FileUtils.getIdentityDir(context);
                    str3 = absolutePath + File.separator + str + IDENTITY_EXTENSION;
                    z2 = true;
                } else {
                    absolutePath = FileUtils.getIdentityExportDir().getAbsolutePath();
                    str3 = absolutePath + File.separator + caseInsensitivize(str) + IDENTITY_EXTENSION;
                    z2 = false;
                }
                if (str3 != null && absolutePath != null) {
                    if (new File(str3).canRead() || z) {
                        try {
                            synchronized (IDENTITY_FILE_LOCK) {
                                gunzipIfNecessary = FileUtils.gunzipIfNecessary(FileUtils.readFileNoGzip(str3));
                            }
                            if (gunzipIfNecessary != null) {
                                return decryptIdentity(gunzipIfNecessary, str, str2, z2);
                            }
                        } catch (Exception e) {
                            SurespotLog.w(TAG, e, "loadIdentity", new Object[0]);
                        }
                        return null;
                    }
                    SurespotLog.i(TAG, "identity file: %s not present", str3);
                    String str4 = absolutePath + File.separator + str + IDENTITY_EXTENSION;
                    if (!new File(str4).canRead()) {
                        SurespotLog.i(TAG, "identity file: %s not present", str4);
                    }
                    return null;
                }
                return null;
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    private static synchronized PublicKeys loadPublicKeyPair(Context context, String str, String str2) {
        synchronized (IdentityController.class) {
            String str3 = FileUtils.getPublicKeyDir(context) + File.separator + str + File.separator + str2 + PUBLICKEYPAIR_EXTENSION;
            File file = new File(str3);
            if (!file.canRead()) {
                SurespotLog.v(TAG, "Could not load public key pair file: %s", str3);
                return null;
            }
            long lastModified = file.lastModified();
            try {
                JSONObject jSONObject = new JSONObject(new String(FileUtils.readFile(str3)));
                return new PublicKeys(jSONObject.getString("version"), EncryptionController.recreatePublicKey("ECDH", jSONObject.getString("dhPub")), EncryptionController.recreatePublicKey("ECDSA", jSONObject.getString("dsaPub")), lastModified);
            } catch (Exception e) {
                SurespotLog.w(TAG, "loadPublicKeyPair", e);
                return null;
            }
        }
    }

    public static synchronized void logout(Context context) {
        synchronized (IdentityController.class) {
            if (getLoggedInUser() != null) {
                logout(context, getLoggedInUser(), false);
            }
        }
    }

    public static synchronized void logout(Context context, String str, boolean z) {
        synchronized (IdentityController.class) {
            ChatController chatController = ChatManager.getChatController(str);
            if (chatController != null) {
                chatController.logout();
            }
            if (!z) {
                NetworkManager.getNetworkController(context, str).logout();
            }
            CredentialCachingService cachingService = SurespotApplication.getCachingService(context);
            if (cachingService != null) {
                cachingService.logout(str, z);
            }
            clearStoredPasswordForIdentity(context, str);
        }
    }

    public static void rollKeys(Context context, SurespotIdentity surespotIdentity, String str, String str2, String str3, KeyPair keyPair, KeyPair keyPair2) {
        if (surespotIdentity == null) {
            SurespotLog.e(TAG, new Exception("could not save identity after rolling keys"), "could not save identity after rolling keys", new Object[0]);
            return;
        }
        surespotIdentity.addKeyPairs(str3, keyPair, keyPair2);
        if (saveIdentity(context, true, surespotIdentity, str2 + CACHE_IDENTITY_ID) == null) {
            SurespotLog.e(TAG, new Exception("could not save identity after rolling keys"), "could not save identity after rolling keys", new Object[0]);
        }
        CredentialCachingService cachingService = SurespotApplication.getCachingService(context);
        if (cachingService != null) {
            cachingService.updateIdentity(surespotIdentity, true);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static synchronized String saveIdentity(Context context, boolean z, SurespotIdentity surespotIdentity, String str) {
        String str2;
        String absolutePath;
        synchronized (IdentityController.class) {
            try {
                if (z) {
                    str2 = surespotIdentity.getUsername() + IDENTITY_EXTENSION;
                    absolutePath = FileUtils.getIdentityDir(context);
                } else {
                    str2 = caseInsensitivize(surespotIdentity.getUsername()) + IDENTITY_EXTENSION;
                    absolutePath = FileUtils.getIdentityExportDir().getAbsolutePath();
                }
                if (absolutePath != null && str2 != null) {
                    byte[] encryptIdentity = encryptIdentity(surespotIdentity, str);
                    if (encryptIdentity == null) {
                        return null;
                    }
                    String str3 = absolutePath + File.separator + str2;
                    try {
                        synchronized (IDENTITY_FILE_LOCK) {
                            SurespotLog.v(TAG, "saving identity: %s, salt: %s", str3, surespotIdentity.getSalt());
                            if (FileUtils.ensureDir(absolutePath)) {
                                FileUtils.writeFile(str3, encryptIdentity);
                                if (context != null) {
                                    SurespotLog.v(TAG, "telling com.twofours.surespot.backup manager data changed");
                                }
                                return str3;
                            }
                            SurespotLog.e(TAG, new RuntimeException("Could not create identity dir: " + absolutePath), "Could not create identity dir: %s", absolutePath);
                            return null;
                        }
                    } catch (FileNotFoundException e) {
                        SurespotLog.w(TAG, e, "saveIdentity", new Object[0]);
                        return null;
                    } catch (IOException e2) {
                        SurespotLog.w(TAG, e2, "saveIdentity", new Object[0]);
                        return null;
                    }
                }
                return null;
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    private static synchronized String savePublicKeyPair(Context context, String str, String str2, String str3) {
        synchronized (IdentityController.class) {
            try {
                String str4 = FileUtils.getPublicKeyDir(context) + File.separator + str;
                if (!FileUtils.ensureDir(str4)) {
                    SurespotLog.e(TAG, new RuntimeException("Could not create public key pair dir: %s" + str4), "Could not create public key pair dir: %s", str4);
                    return null;
                }
                String str5 = str4 + File.separator + str2 + PUBLICKEYPAIR_EXTENSION;
                SurespotLog.v(TAG, "saving public key pair: %s", str5);
                FileUtils.writeFile(str5, str3);
                return str5;
            } catch (IOException e) {
                SurespotLog.w(TAG, e, "saveIdentity", new Object[0]);
                return null;
            }
        }
    }

    public static synchronized void setLastUser(Context context, String str) {
        synchronized (IdentityController.class) {
            Utils.putSharedPrefsString(context, SurespotConstants.PrefNames.LAST_USER, str);
        }
    }

    private static synchronized void setLoggedInUser(Context context, SurespotIdentity surespotIdentity, Cookie cookie, String str) {
        synchronized (IdentityController.class) {
            try {
                if (surespotIdentity != null) {
                    setLastUser(context, surespotIdentity.getUsername());
                    Utils.putSharedPrefsString(context, "referrer", null);
                    CredentialCachingService cachingService = SurespotApplication.getCachingService(context);
                    if (cachingService != null) {
                        cachingService.login(surespotIdentity, cookie, str);
                    }
                    mPasswords.put(surespotIdentity.getUsername(), str);
                } else {
                    SurespotLog.w(TAG, "getIdentity null");
                }
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    public static boolean storePasswordForIdentity(Context context, String str, String str2) throws InvalidKeyException {
        if (context == null) {
            return false;
        }
        if (!isKeystoreUnlocked(context, str)) {
            return unlock(context);
        }
        if (str != null && str2 != null) {
            Utils.putSharedPrefsBoolean(context, SurespotConstants.PrefNames.KEYSTORE_ENABLED, true);
            if (!USE_PUBLIC_KEYSTORE_M.booleanValue()) {
                return mKs.put(str, str2.getBytes());
            }
            AndroidMKeystoreController.saveEncryptedPassword(context, str, str2);
        }
        return false;
    }

    public static boolean unlock(Context context) {
        SurespotLog.d(TAG, "unlock");
        if (USE_PUBLIC_KEYSTORE_M.booleanValue()) {
            return true;
        }
        if (mKs == null) {
            return false;
        }
        if (mKs.state() == KeyStore.State.UNLOCKED) {
            return true;
        }
        Intent intent = new Intent(context, (Class<?>) SurespotKeystoreActivity.class);
        intent.setFlags(1073741824);
        context.startActivity(intent);
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void updateKeychainPassword(Context context, String str, String str2) {
        mPasswords.put(str, str2);
        if (getKeyStorePasswordForIdentity(context, str) != null) {
            try {
                storePasswordForIdentity(context, str, str2);
            } catch (InvalidKeyException unused) {
                Intent intent = new Intent(context, (Class<?>) SurespotKeystoreActivity.class);
                intent.setFlags(1073741824);
                context.startActivity(intent);
            }
        }
    }

    public static void updateLatestVersion(Context context, String str, String str2) {
        boolean equals = str.equals(getLoggedInUser());
        SurespotLog.d(TAG, "updateLatestVersion, username: %s, version: %s, sameUser: %b", str, str2, Boolean.valueOf(equals));
        if (!equals) {
            CredentialCachingService cachingService = SurespotApplication.getCachingService(context);
            if (cachingService != null) {
                cachingService.updateLatestVersion(getLoggedInUser(), str, str2);
                return;
            }
            return;
        }
        if (Integer.parseInt(str2) > Integer.parseInt(getOurLatestVersion(context, str))) {
            SurespotLog.v(TAG, "user revoked, deleting data and logging out");
            deleteIdentity(context, str, false);
            launchLoginActivity(context);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void updatePassword(Context context, SurespotIdentity surespotIdentity, String str, String str2, String str3) {
        if (surespotIdentity != null) {
            surespotIdentity.setSalt(str3);
            saveIdentity(context, true, surespotIdentity, str2 + CACHE_IDENTITY_ID);
            updateKeychainPassword(context, str, str2);
        }
    }

    public static JSONObject updateSignatures(Context context, String str) {
        SurespotIdentity identity = getIdentity(context, str);
        PrivateKey privateKey = identity.getKeyPairDSA("1").getPrivate();
        JSONObject jSONObject = new JSONObject();
        try {
            int parseInt = Integer.parseInt(identity.getLatestVersion());
            PrivateKey privateKey2 = privateKey;
            String str2 = "1";
            for (int i = 1; i <= parseInt; i++) {
                String num = Integer.toString(i);
                SurespotLog.d(TAG, "Signing version %s with version %s", num, str2);
                jSONObject.put(num, EncryptionController.sign(privateKey2, identity.getUsername(), i, new String(ChatUtils.base64EncodeNowrap(identity.getKeyPairDH(num).getPublic().getEncoded())), new String(ChatUtils.base64EncodeNowrap(identity.getKeyPairDSA(num).getPublic().getEncoded()))));
                if (i > 1) {
                    str2 = Integer.toString(i);
                    privateKey2 = identity.getKeyPairDSA(str2).getPrivate();
                }
            }
        } catch (JSONException e) {
            SurespotLog.e(TAG, e, "error generating update signatures", new Object[0]);
        }
        return jSONObject;
    }

    public static void userLoggedIn(Context context, SurespotIdentity surespotIdentity, Cookie cookie, String str) {
        setLoggedInUser(context, surespotIdentity, cookie, str);
    }

    private static JSONObject verifyPublicKeyPair(JSONObject jSONObject) {
        try {
            String string = jSONObject.getString("dhPub");
            String string2 = jSONObject.getString("dhPubSig");
            String string3 = jSONObject.getString("dsaPub");
            String string4 = jSONObject.getString("dsaPubSig");
            if (!EncryptionController.verifyPublicKey(string2, string)) {
                SurespotLog.w(TAG, new KeyException("Could not verify DH key against server signature."), "could not verify DH key against server signature", new Object[0]);
                return null;
            }
            SurespotLog.i(TAG, "DH key successfully verified");
            if (EncryptionController.verifyPublicKey(string4, string3)) {
                SurespotLog.i(TAG, "DSA key successfully verified");
                return jSONObject;
            }
            SurespotLog.w(TAG, new KeyException("Could not verify DSA key against server signature."), "could not verify DSA key against server signature", new Object[0]);
            return null;
        } catch (JSONException e) {
            SurespotLog.w(TAG, e, "recreatePublicIdentity", new Object[0]);
            return null;
        }
    }
}
