package com.box.android.clientadmin;

import android.support.v4.app.FragmentActivity;
import android.text.TextUtils;
import com.box.android.analytics.AnalyticsParams;
import com.box.android.analytics.BoxAnalytics;
import com.box.android.application.BoxApplication;
import com.box.androidsdk.content.utils.BoxLogUtils;
import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import com.google.android.gms.common.ConnectionResult;
import com.google.android.gms.common.api.GoogleApiClient;
import com.google.android.gms.common.api.PendingResult;
import com.google.android.gms.common.api.ResultCallback;
import com.google.android.gms.common.api.Status;
import com.google.android.gms.safetynet.SafetyNetApi;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.util.Base64;
import com.google.api.client.util.Key;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Locale;
import java.util.Random;
import java.util.StringTokenizer;
import java.util.concurrent.atomic.AtomicLong;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;

/* loaded from: classes.dex */
public class SafetyNet {
    GoogleApiClient mGoogleApiClient;
    private Boolean mPassedJailBroken;
    private PendingResult<SafetyNetApi.AttestationResult> mPendingResult;
    String statusCode;
    String statusMessage;
    private AtomicLong mStartTime = new AtomicLong(0);
    Random mRandom = new Random();

    /* loaded from: classes.dex */
    public static class AttestationStatement extends JsonWebToken.Payload {

        @Key
        private String apkDigestSha256;

        @Key
        private String apkPackageName;

        @Key
        private boolean basicIntegrity;

        @Key
        private boolean ctsProfileMatch;

        @Key
        private String nonce;

        @Key
        private long timestampMs;

        public byte[] getApkDigestSha256() {
            return Base64.decodeBase64(this.apkDigestSha256);
        }

        public String getApkPackageName() {
            return this.apkPackageName;
        }

        public byte[] getNonce() {
            return Base64.decodeBase64(this.nonce);
        }

        public long getTimestampMs() {
            return this.timestampMs;
        }

        public boolean isBasicIntegriy() {
            return this.basicIntegrity;
        }

        public boolean isCtsProfileMatch() {
            return this.ctsProfileMatch;
        }
    }

    public SafetyNet(FragmentActivity fragmentActivity) {
        try {
            buildGoogleApiClient(fragmentActivity);
        } catch (Exception e) {
            BoxLogUtils.e("Google Client builder failed", e);
            BoxAnalytics.getInstance().trackEvent(AnalyticsParams.CATEGORY_EXPERIMENTS, AnalyticsParams.ACTION_SAFETY_NET, "GoogleApiClientBuilder failed");
        }
    }

    private static String getFirstCn(X509Certificate x509Certificate) {
        StringTokenizer stringTokenizer = new StringTokenizer(x509Certificate.getSubjectX500Principal().toString(), ",");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            int indexOf = nextToken.indexOf("CN=");
            if (indexOf >= 0) {
                return nextToken.substring(indexOf + 3);
            }
        }
        return null;
    }

    private byte[] getRequestNonce(String str) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[24];
        this.mRandom.nextBytes(bArr);
        try {
            byteArrayOutputStream.write(bArr);
            byteArrayOutputStream.write(str.getBytes());
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static AttestationStatement parseAndVerify(String str) {
        try {
            JsonWebSignature parse = JsonWebSignature.parser(JacksonFactory.getDefaultInstance()).setPayloadClass(AttestationStatement.class).parse(str);
            try {
                X509Certificate verifySignature = parse.verifySignature();
                if (verifySignature == null) {
                    System.err.println("Failure: Signature verification failed.");
                    return null;
                }
                if ("attest.android.com".equals(getFirstCn(verifySignature))) {
                    return (AttestationStatement) parse.getPayload();
                }
                return null;
            } catch (GeneralSecurityException e) {
                System.err.println("Failure: Error during cryptographic verification of the JWS signature.");
                return null;
            }
        } catch (IOException e2) {
            System.err.println("Failure: " + str + " is not valid JWS format.");
            return null;
        }
    }

    private void sendSafetyNetRequest() {
        this.mStartTime.set(System.currentTimeMillis());
        final long currentTimeMillis = System.currentTimeMillis();
        final byte[] requestNonce = getRequestNonce("Safety Net Sample: " + currentTimeMillis);
        if (this.mGoogleApiClient == null) {
            return;
        }
        this.mPendingResult = com.google.android.gms.safetynet.SafetyNet.SafetyNetApi.attest(this.mGoogleApiClient, requestNonce);
        this.mPendingResult.setResultCallback(new ResultCallback<SafetyNetApi.AttestationResult>() { // from class: com.box.android.clientadmin.SafetyNet.2
            @Override // com.google.android.gms.common.api.ResultCallback
            public void onResult(SafetyNetApi.AttestationResult attestationResult) {
                Status status = attestationResult.getStatus();
                BoxAnalytics.getInstance().trackEvent(AnalyticsParams.CATEGORY_EXPERIMENTS, AnalyticsParams.ACTION_SAFETY_NET, "time to get result ", ((int) (System.currentTimeMillis() - currentTimeMillis)) / 1000);
                if (!status.isSuccess()) {
                    SafetyNet.this.mPassedJailBroken = false;
                    BoxAnalytics.getInstance().trackEvent(AnalyticsParams.CATEGORY_EXPERIMENTS, AnalyticsParams.ACTION_SAFETY_NET, "ERROR " + status.getStatusCode() + " : " + status.getStatus().getStatusMessage());
                    return;
                }
                AttestationStatement parseAndVerify = SafetyNet.parseAndVerify(attestationResult.getJwsResult());
                if (parseAndVerify == null) {
                    SafetyNet.this.mPassedJailBroken = false;
                    BoxAnalytics.getInstance().trackEvent(AnalyticsParams.CATEGORY_EXPERIMENTS, AnalyticsParams.ACTION_SAFETY_NET, "parsing error ");
                    return;
                }
                if (TextUtils.isEmpty(parseAndVerify.getApkPackageName())) {
                    SafetyNet.this.mPassedJailBroken = false;
                    BoxAnalytics.getInstance().trackEvent(AnalyticsParams.CATEGORY_EXPERIMENTS, AnalyticsParams.ACTION_SAFETY_NET, "No package name returned");
                    return;
                }
                if (!(parseAndVerify.getApkPackageName().equals(BoxApplication.getInstance().getPackageName()) && Arrays.equals(requestNonce, parseAndVerify.getNonce()))) {
                    SafetyNet.this.mPassedJailBroken = false;
                    BoxAnalytics.getInstance().trackEvent(AnalyticsParams.CATEGORY_EXPERIMENTS, AnalyticsParams.ACTION_SAFETY_NET, "ERROR failed consistency");
                    return;
                }
                if (parseAndVerify.isCtsProfileMatch()) {
                    SafetyNet.this.mPassedJailBroken = true;
                    BoxAnalytics.getInstance().trackEvent(AnalyticsParams.CATEGORY_EXPERIMENTS, AnalyticsParams.ACTION_SAFETY_NET, "Passed CTS Match");
                } else if (!parseAndVerify.isBasicIntegriy() || parseAndVerify.isCtsProfileMatch()) {
                    SafetyNet.this.mPassedJailBroken = false;
                    BoxAnalytics.getInstance().trackEvent(AnalyticsParams.CATEGORY_EXPERIMENTS, AnalyticsParams.ACTION_SAFETY_NET, "Failed Tests");
                } else {
                    SafetyNet.this.mPassedJailBroken = true;
                    BoxAnalytics.getInstance().trackEvent(AnalyticsParams.CATEGORY_EXPERIMENTS, AnalyticsParams.ACTION_SAFETY_NET, "Passed only Basic Integrity");
                }
            }
        });
    }

    private static boolean verify(String str, SSLSession sSLSession) {
        try {
            X509Certificate x509Certificate = (X509Certificate) sSLSession.getPeerCertificates()[0];
            str.trim().toLowerCase(Locale.ENGLISH);
            System.out.println("matchies " + getFirstCn(x509Certificate) + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + str);
        } catch (SSLException e) {
        }
        return false;
    }

    protected synchronized void buildGoogleApiClient(FragmentActivity fragmentActivity) {
        this.mGoogleApiClient = new GoogleApiClient.Builder(BoxApplication.getInstance()).addApi(com.google.android.gms.safetynet.SafetyNet.API).enableAutoManage(fragmentActivity, new GoogleApiClient.OnConnectionFailedListener() { // from class: com.box.android.clientadmin.SafetyNet.1
            @Override // com.google.android.gms.common.api.GoogleApiClient.OnConnectionFailedListener
            public void onConnectionFailed(ConnectionResult connectionResult) {
                BoxAnalytics.getInstance().trackEvent(AnalyticsParams.CATEGORY_EXPERIMENTS, AnalyticsParams.ACTION_SAFETY_NET, "connectionFailed " + connectionResult.getErrorCode() + " : " + connectionResult.getErrorMessage());
                SafetyNet.this.mPassedJailBroken = false;
            }
        }).build();
    }

    public PendingResult<SafetyNetApi.AttestationResult> getPendingResult() {
        return this.mPendingResult;
    }

    public long getStartCheckTime() {
        return this.mStartTime.get();
    }

    public Boolean isPassedJailBroken() {
        return this.mPassedJailBroken;
    }

    public void testSafetyNetApi() {
        sendSafetyNetRequest();
    }
}
