package com.circleblue.ecrmodel.ecrPki;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Handler;
import android.util.Base64;
import android.util.Log;
import com.circleblue.ecr.cro.BuildConfig;
import com.circleblue.ecr.cro.wizardOnBoarding.wizardBase.WizardActivityCro;
import com.circleblue.ecrmodel.Model;
import com.circleblue.ecrmodel.ecrPki.security.CertificateBuilder;
import com.circleblue.ecrmodel.entity.product.IconProvider;
import com.google.firebase.perf.network.FirebasePerfOkHttpClient;
import com.mongodb.stitch.core.internal.net.ContentTypes;
import com.sun.jna.Callback;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.concurrent.Callable;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import okhttp3.Call;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okhttp3.ResponseBody;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.json.JSONException;
import org.json.JSONObject;
import org.spongycastle.pkcs.PKCS10CertificationRequest;

/* compiled from: EcrPki.kt */
@Metadata(d1 = {"\u0000\u0082\u0001\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010\u0002\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\n\n\u0002\u0018\u0002\n\u0002\b\t\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\f\n\u0002\u0018\u0002\n\u0002\b\n\u0018\u0000 V2\u00020\u0001:\u0002UVBE\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t\u0012\b\b\u0002\u0010\n\u001a\u00020\u000b\u0012\u0014\u0010\f\u001a\u0010\u0012\u0006\u0012\u0004\u0018\u00010\u0000\u0012\u0004\u0012\u00020\u000e0\r¢\u0006\u0002\u0010\u000fJ\b\u00108\u001a\u000209H\u0002J\u0006\u0010:\u001a\u00020\u000eJ\u0010\u0010;\u001a\u00020\u000e2\u0006\u0010<\u001a\u00020=H\u0002J\b\u0010>\u001a\u00020!H\u0002J\b\u0010?\u001a\u00020@H\u0002J\u0018\u0010A\u001a\u00020@2\u0006\u0010/\u001a\u00020\u00072\u0006\u0010B\u001a\u00020\u0007H\u0002J\u0006\u0010C\u001a\u00020\u0007J\u0006\u0010D\u001a\u00020\u0007J\b\u0010E\u001a\u00020\u0007H\u0002J\u0010\u0010F\u001a\u0002092\u0006\u0010\u0004\u001a\u00020\u0005H\u0002J\r\u0010G\u001a\u000209H\u0000¢\u0006\u0002\bHJ \u0010I\u001a\u00020\u000e2\u0006\u0010J\u001a\u00020\u00072\u0006\u0010K\u001a\u00020\u00072\u0006\u0010L\u001a\u00020MH\u0002J0\u0010N\u001a\u00020\u000e2\u0006\u0010J\u001a\u00020\u00072\u0006\u0010K\u001a\u00020\u00072\u0006\u0010/\u001a\u00020\u00072\u0006\u0010B\u001a\u00020\u00072\u0006\u0010L\u001a\u00020MH\u0002J\u0006\u0010O\u001a\u00020\u000eJ\u0006\u0010P\u001a\u00020\u000eJ\u0010\u0010Q\u001a\u00020\u000e2\u0006\u0010R\u001a\u00020\u0007H\u0002J\r\u0010S\u001a\u000209H\u0000¢\u0006\u0002\bTR\u001c\u0010\u0010\u001a\u0004\u0018\u00010\u0007X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u0011\u0010\u0012\"\u0004\b\u0013\u0010\u0014R\u0010\u0010\u0015\u001a\u0004\u0018\u00010\u0016X\u0082\u000e¢\u0006\u0002\n\u0000R(\u0010\u0018\u001a\u0004\u0018\u00010\u00162\b\u0010\u0017\u001a\u0004\u0018\u00010\u00168F@@X\u0086\u000e¢\u0006\f\u001a\u0004\b\u0019\u0010\u001a\"\u0004\b\u001b\u0010\u001cR\u0010\u0010\u001d\u001a\u0004\u0018\u00010\u0016X\u0082\u000e¢\u0006\u0002\n\u0000R(\u0010\u0017\u001a\u0004\u0018\u00010\u00162\b\u0010\u0017\u001a\u0004\u0018\u00010\u00168F@@X\u0086\u000e¢\u0006\f\u001a\u0004\b\u001e\u0010\u001a\"\u0004\b\u001f\u0010\u001cR\u0011\u0010 \u001a\u00020!¢\u0006\b\n\u0000\u001a\u0004\b\"\u0010#R\u001c\u0010\f\u001a\u0010\u0012\u0006\u0012\u0004\u0018\u00010\u0000\u0012\u0004\u0012\u00020\u000e0\rX\u0082\u0004¢\u0006\u0002\n\u0000R\u0014\u0010\u0004\u001a\u00020\u0005X\u0080\u0004¢\u0006\b\n\u0000\u001a\u0004\b$\u0010%R\u0014\u0010\n\u001a\u00020\u000bX\u0080\u0004¢\u0006\b\n\u0000\u001a\u0004\b&\u0010'R\u0014\u0010\u0002\u001a\u00020\u0003X\u0080\u0004¢\u0006\b\n\u0000\u001a\u0004\b(\u0010)R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u0016\u0010*\u001a\n ,*\u0004\u0018\u00010+0+X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010-\u001a\u00020.X\u0082\u0004¢\u0006\u0002\n\u0000R\u001c\u0010/\u001a\u0004\u0018\u00010\u0007X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b0\u0010\u0012\"\u0004\b1\u0010\u0014R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u00102\u001a\u000203X\u0082\u0004¢\u0006\u0002\n\u0000R\u0014\u00104\u001a\u0002058@X\u0080\u0004¢\u0006\u0006\u001a\u0004\b6\u00107¨\u0006W"}, d2 = {"Lcom/circleblue/ecrmodel/ecrPki/EcrPki;", "", "ecrModel", "Lcom/circleblue/ecrmodel/Model;", "context", "Landroid/content/Context;", "ecrPkiUrl", "", "keyStore", "Ljava/security/KeyStore;", "controller", "Lcom/circleblue/ecrmodel/ecrPki/EcrPkiController;", "completion", "Lkotlin/Function1;", "", "(Lcom/circleblue/ecrmodel/Model;Landroid/content/Context;Ljava/lang/String;Ljava/security/KeyStore;Lcom/circleblue/ecrmodel/ecrPki/EcrPkiController;Lkotlin/jvm/functions/Function1;)V", "base64certificate", "getBase64certificate", "()Ljava/lang/String;", "setBase64certificate", "(Ljava/lang/String;)V", "caCachedCertificate", "Ljava/security/cert/X509Certificate;", EcrPki.KEY_CERTIFICATE, "caCertificate", "getCaCertificate", "()Ljava/security/cert/X509Certificate;", "setCaCertificate$model_release", "(Ljava/security/cert/X509Certificate;)V", "cachedCertificate", "getCertificate", "setCertificate$model_release", "client", "Lokhttp3/OkHttpClient$Builder;", "getClient", "()Lokhttp3/OkHttpClient$Builder;", "getContext$model_release", "()Landroid/content/Context;", "getController$model_release", "()Lcom/circleblue/ecrmodel/ecrPki/EcrPkiController;", "getEcrModel$model_release", "()Lcom/circleblue/ecrmodel/Model;", "executor", "Ljava/util/concurrent/ScheduledExecutorService;", "kotlin.jvm.PlatformType", "handler", "Landroid/os/Handler;", "identityId", "getIdentityId", "setIdentityId", "periodicRunnable", "Ljava/lang/Runnable;", "sharedPreferences", "Landroid/content/SharedPreferences;", "getSharedPreferences$model_release", "()Landroid/content/SharedPreferences;", "doesPrivateKeyExists", "", "enroll", "enrollCertificateRequestPki", "certificate_request", "Lorg/spongycastle/pkcs/PKCS10CertificationRequest;", "getClientBuilderPki", "getEcrPkiCertificateHeaders", "Lokhttp3/Request$Builder;", "getEcrPkiVerifyCertificateHeader", "licenseId", "getIdentity", "getIdentityIdFromSharedPrefs", "getLicenseIdFromSharedPrefs", "isConnectedToNetwork", "load", "load$model_release", "postEcrPkiCertificate", IconProvider.FNPath, "json", Callback.METHOD_NAME, "Lokhttp3/Callback;", "postEcrPkiVerifier", "renew", "retryEnrollment", "verifyCertificate", "certB64", "verifyCertificateTimings", "verifyCertificateTimings$model_release", "Broadcasts", "Companion", "model_release"}, k = 1, mv = {1, 7, 1}, xi = 48)
/* loaded from: classes2.dex */
public final class EcrPki {
    public static final String ACTION_IDENTITY_ENROLLED = "IDENTITY_ENROLLED";
    public static final String ACTION_IDENTITY_RENEW = "IDENTITY_RENEW";
    public static final String ACTION_IDENTITY_REVOKED = "IDENTITY_REVOKED";
    public static final String KEY_CA = "ca";
    public static final String KEY_CERTIFICATE = "certificate";
    public static final String KEY_CERTIFICATE_DATA = "data";
    public static final String KEY_IDENTITY_ID = "identityId";
    public static final String KEY_RESPONSE_DATA = "data";
    public static final int KEY_SIZE = 2048;
    public static final long ONLINE_DELAY = 3000;
    public static final String PREF_CA_CERTIFICATE = "ca_certificate";
    public static final String PREF_CERTIFICATE_BASE_64 = "base64_cert";
    public static final String PREF_IDENTITY_CERTIFICATE = "identity_certificate";
    public static final String PREF_IDENTITY_ID = "identity_ID";
    public static final long RETRY_TIME = 10000;
    public static final String SHARED_PREF_KEY = "SHARED_PREFS";
    public static final String TAG = "EcrPki";
    public static final String caAlias = "ca";
    private String base64certificate;
    private X509Certificate caCachedCertificate;
    private X509Certificate cachedCertificate;
    private final OkHttpClient.Builder client;
    private final Function1<EcrPki, Unit> completion;
    private final Context context;
    private final EcrPkiController controller;
    private final Model ecrModel;
    private final String ecrPkiUrl;
    private final ScheduledExecutorService executor;
    private final Handler handler;
    private String identityId;
    private final KeyStore keyStore;
    private final Runnable periodicRunnable;

    /* compiled from: EcrPki.kt */
    @Metadata(d1 = {"\u0000\u0012\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\bÆ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n\u0000¨\u0006\u0005"}, d2 = {"Lcom/circleblue/ecrmodel/ecrPki/EcrPki$Broadcasts;", "", "()V", "CATEGORY_ECR_PKI", "", "model_release"}, k = 1, mv = {1, 7, 1}, xi = 48)
    /* loaded from: classes2.dex */
    public static final class Broadcasts {
        public static final String CATEGORY_ECR_PKI = "com.circleblue.ecrmodel.category.ECRPKI";
        public static final Broadcasts INSTANCE = new Broadcasts();

        private Broadcasts() {
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public EcrPki(Model ecrModel, Context context, String ecrPkiUrl, KeyStore keyStore, EcrPkiController controller, Function1<? super EcrPki, Unit> completion) {
        Intrinsics.checkNotNullParameter(ecrModel, "ecrModel");
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(ecrPkiUrl, "ecrPkiUrl");
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        Intrinsics.checkNotNullParameter(controller, "controller");
        Intrinsics.checkNotNullParameter(completion, "completion");
        this.ecrModel = ecrModel;
        this.context = context;
        this.ecrPkiUrl = ecrPkiUrl;
        this.keyStore = keyStore;
        this.controller = controller;
        this.completion = completion;
        ScheduledExecutorService newSingleThreadScheduledExecutor = Executors.newSingleThreadScheduledExecutor();
        this.executor = newSingleThreadScheduledExecutor;
        this.client = getClientBuilderPki();
        Handler handler = new Handler();
        this.handler = handler;
        Runnable runnable = new Runnable() { // from class: com.circleblue.ecrmodel.ecrPki.EcrPki$periodicRunnable$1
            @Override // java.lang.Runnable
            public void run() {
                Handler handler2;
                EcrPki.this.cachedCertificate = null;
                String base64certificate = EcrPki.this.getBase64certificate();
                if (base64certificate != null) {
                    EcrPki.this.verifyCertificate(base64certificate);
                }
                handler2 = EcrPki.this.handler;
                handler2.postDelayed(this, 21600000L);
            }
        };
        this.periodicRunnable = runnable;
        if (!load$model_release()) {
            newSingleThreadScheduledExecutor.submit(new Callable() { // from class: com.circleblue.ecrmodel.ecrPki.EcrPki$$ExternalSyntheticLambda0
                @Override // java.util.concurrent.Callable
                public final Object call() {
                    Unit _init_$lambda$0;
                    _init_$lambda$0 = EcrPki._init_$lambda$0(EcrPki.this);
                    return _init_$lambda$0;
                }
            });
        }
        handler.postDelayed(runnable, 60000L);
    }

    public /* synthetic */ EcrPki(Model model, Context context, String str, KeyStore keyStore, EcrPkiController ecrPkiController, Function1 function1, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this(model, context, str, keyStore, (i & 16) != 0 ? new EcrPkiController(context) : ecrPkiController, function1);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final Unit _init_$lambda$0(EcrPki this$0) {
        Intrinsics.checkNotNullParameter(this$0, "this$0");
        this$0.renew();
        return Unit.INSTANCE;
    }

    private final boolean doesPrivateKeyExists() {
        try {
            return this.keyStore.getKey("Circle Blue", null) != null;
        } catch (GeneralSecurityException unused) {
            return false;
        }
    }

    private final void enrollCertificateRequestPki(PKCS10CertificationRequest certificate_request) {
        postEcrPkiCertificate(EcrPkiEndpoints.INSTANCE.sign(), "{ \"data\": \"" + new EcrPkiHelper().encode(new EcrPkiHelper().writeToPEM(certificate_request)) + "\"}", new okhttp3.Callback() { // from class: com.circleblue.ecrmodel.ecrPki.EcrPki$enrollCertificateRequestPki$1
            @Override // okhttp3.Callback
            public void onFailure(Call call, IOException e) {
                Intrinsics.checkNotNullParameter(call, "call");
                Intrinsics.checkNotNullParameter(e, "e");
                Log.e(EcrPki.TAG, "Failed generating cert from response, try again");
                if (EcrPki.this.getIdentityId() == null || StringsKt.equals$default(EcrPki.this.getIdentityId(), BuildConfig.SOFTWARE_VERSION_NUMBER, false, 2, null) || StringsKt.equals$default(EcrPki.this.getIdentityId(), "", false, 2, null)) {
                    EcrPki.this.retryEnrollment();
                }
            }

            @Override // okhttp3.Callback
            public void onResponse(Call call, Response response) {
                KeyStore keyStore;
                KeyStore keyStore2;
                Intrinsics.checkNotNullParameter(call, "call");
                Intrinsics.checkNotNullParameter(response, "response");
                try {
                    try {
                        if (response.code() != 200) {
                            Log.e(EcrPki.TAG, "Error response enroll certificate ecr pki: " + response.code());
                            EcrPki.this.retryEnrollment();
                            ResponseBody body = response.body();
                            if (body != null) {
                                body.close();
                                return;
                            }
                            return;
                        }
                        ResponseBody body2 = response.body();
                        Object obj = new JSONObject(String.valueOf(body2 != null ? body2.string() : null)).get("data");
                        JSONObject jSONObject = obj instanceof JSONObject ? (JSONObject) obj : null;
                        Object obj2 = jSONObject != null ? jSONObject.get(EcrPki.KEY_CERTIFICATE) : null;
                        JSONObject jSONObject2 = obj instanceof JSONObject ? (JSONObject) obj : null;
                        Object obj3 = jSONObject2 != null ? jSONObject2.get("identityId") : null;
                        String str = obj3 instanceof String ? (String) obj3 : null;
                        Intrinsics.checkNotNull(obj2, "null cannot be cast to non-null type org.json.JSONObject");
                        Object obj4 = ((JSONObject) obj2).getJSONArray("ca").get(0);
                        Intrinsics.checkNotNull(obj4, "null cannot be cast to non-null type kotlin.String");
                        String str2 = (String) obj4;
                        JSONObject jSONObject3 = obj2 instanceof JSONObject ? (JSONObject) obj2 : null;
                        Object obj5 = jSONObject3 != null ? jSONObject3.get("data") : null;
                        Intrinsics.checkNotNull(obj5, "null cannot be cast to non-null type kotlin.String");
                        String str3 = (String) obj5;
                        X509Certificate build = new CertificateBuilder().build(str2);
                        X509Certificate build2 = new CertificateBuilder().build(str3);
                        EcrPki.this.setIdentityId(str);
                        EcrPki.this.setCaCertificate$model_release(build);
                        EcrPki.this.setCertificate$model_release(build2);
                        EcrPki.this.getSharedPreferences$model_release().edit().putString(EcrPki.PREF_CERTIFICATE_BASE_64, str3).putString(EcrPki.PREF_IDENTITY_ID, str).apply();
                        keyStore = EcrPki.this.keyStore;
                        EcrPkiHelper ecrPkiHelper = new EcrPkiHelper();
                        keyStore2 = EcrPki.this.keyStore;
                        keyStore.setKeyEntry("Circle Blue", ecrPkiHelper.generateKeyPair(keyStore2).getPrivate(), null, new X509Certificate[]{build2, build});
                        EcrPki.this.load$model_release();
                        ResponseBody body3 = response.body();
                        if (body3 != null) {
                            body3.close();
                        }
                    } catch (JSONException e) {
                        Log.e(EcrPki.TAG, "Can't parse the response: " + e);
                        ResponseBody body4 = response.body();
                        if (body4 != null) {
                            body4.close();
                        }
                    }
                } catch (Throwable th) {
                    ResponseBody body5 = response.body();
                    if (body5 != null) {
                        body5.close();
                    }
                    throw th;
                }
            }
        });
    }

    private final OkHttpClient.Builder getClientBuilderPki() {
        TrustManager[] trustManager = new EcrPkiHelper().getTrustManager();
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        SSLSocketFactory createSSLContext = new EcrPkiHelper().createSSLContext(new EcrPkiHelper().createKeyManager(this.keyStore), trustManager);
        TrustManager trustManager2 = trustManager[0];
        Intrinsics.checkNotNull(trustManager2, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        return builder.sslSocketFactory(createSSLContext, (X509TrustManager) trustManager2).hostnameVerifier(new HostnameVerifier() { // from class: com.circleblue.ecrmodel.ecrPki.EcrPki$$ExternalSyntheticLambda1
            @Override // javax.net.ssl.HostnameVerifier
            public final boolean verify(String str, SSLSession sSLSession) {
                boolean clientBuilderPki$lambda$1;
                clientBuilderPki$lambda$1 = EcrPki.getClientBuilderPki$lambda$1(str, sSLSession);
                return clientBuilderPki$lambda$1;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final boolean getClientBuilderPki$lambda$1(String str, SSLSession sSLSession) {
        return true;
    }

    private final Request.Builder getEcrPkiCertificateHeaders() {
        return new Request.Builder().addHeader("accept", "*/*").addHeader("Content-Type", ContentTypes.APPLICATION_JSON);
    }

    private final Request.Builder getEcrPkiVerifyCertificateHeader(String identityId, String licenseId) {
        return new Request.Builder().addHeader("accept", "*/*").addHeader("Content-Type", ContentTypes.APPLICATION_JSON).addHeader("X-SeaCat-Identity", identityId).addHeader("x-license-id", licenseId);
    }

    private final String getLicenseIdFromSharedPrefs() {
        String string = this.context.getSharedPreferences("SHARED_PREFERENCES", 0).getString(WizardActivityCro.LICENSE_ID, "");
        return string == null ? "" : string;
    }

    private final boolean isConnectedToNetwork(Context context) {
        return NetworkConnection.INSTANCE.isConnectedToNetwork(context);
    }

    private final void postEcrPkiCertificate(String path, String json, okhttp3.Callback callback) {
        Log.d(TAG, "postEcrPkiCertificate, client " + this.client);
        FirebasePerfOkHttpClient.enqueue(this.client.build().newCall(getEcrPkiCertificateHeaders().url(this.ecrPkiUrl + path).post(RequestBody.INSTANCE.create(MediaType.INSTANCE.get(ContentTypes.APPLICATION_JSON), json)).build()), callback);
    }

    private final void postEcrPkiVerifier(String path, String json, String identityId, String licenseId, okhttp3.Callback callback) {
        FirebasePerfOkHttpClient.enqueue(this.client.build().newCall(getEcrPkiVerifyCertificateHeader(identityId, licenseId).url(this.ecrPkiUrl + path).post(RequestBody.INSTANCE.create(MediaType.INSTANCE.get("application/json; charset=utf-8"), json)).build()), callback);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void verifyCertificate(String certB64) {
        String identityIdFromSharedPrefs = getIdentityIdFromSharedPrefs();
        String licenseIdFromSharedPrefs = getLicenseIdFromSharedPrefs();
        Log.d(TAG, "license id --------------> " + licenseIdFromSharedPrefs);
        if (!(identityIdFromSharedPrefs.length() > 0) || Intrinsics.areEqual(identityIdFromSharedPrefs, BuildConfig.SOFTWARE_VERSION_NUMBER)) {
            return;
        }
        postEcrPkiVerifier(EcrPkiEndpoints.INSTANCE.verifyCertificate(), "{ \"data\": \"" + certB64 + "\"}", identityIdFromSharedPrefs, licenseIdFromSharedPrefs, new EcrPki$verifyCertificate$1(this));
    }

    public final void enroll() {
        Log.d(TAG, "Generate CSR to Enroll PKI");
        enrollCertificateRequestPki(new EcrPkiHelper().generateCSR(this.keyStore));
    }

    public final String getBase64certificate() {
        return this.base64certificate;
    }

    public final X509Certificate getCaCertificate() {
        X509Certificate x509Certificate = this.caCachedCertificate;
        if (x509Certificate != null) {
            return x509Certificate;
        }
        String string = getSharedPreferences$model_release().getString(PREF_CA_CERTIFICATE, null);
        if (string != null) {
            X509Certificate x509Certificate2 = (X509Certificate) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificate(new ByteArrayInputStream(Base64.decode(string, 0)));
            this.caCachedCertificate = x509Certificate2;
            if (x509Certificate2 != null) {
                return x509Certificate2;
            }
        }
        return null;
    }

    public final X509Certificate getCertificate() {
        X509Certificate x509Certificate = this.cachedCertificate;
        if (x509Certificate != null) {
            return x509Certificate;
        }
        String string = getSharedPreferences$model_release().getString(PREF_IDENTITY_CERTIFICATE, null);
        if (string != null) {
            X509Certificate x509Certificate2 = (X509Certificate) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificate(new ByteArrayInputStream(Base64.decode(string, 0)));
            this.cachedCertificate = x509Certificate2;
            if (x509Certificate2 != null) {
                return x509Certificate2;
            }
        }
        return null;
    }

    public final OkHttpClient.Builder getClient() {
        return this.client;
    }

    /* renamed from: getContext$model_release, reason: from getter */
    public final Context getContext() {
        return this.context;
    }

    /* renamed from: getController$model_release, reason: from getter */
    public final EcrPkiController getController() {
        return this.controller;
    }

    /* renamed from: getEcrModel$model_release, reason: from getter */
    public final Model getEcrModel() {
        return this.ecrModel;
    }

    public final String getIdentity() {
        String str;
        return (getCertificate() == null || (str = this.identityId) == null) ? "" : str;
    }

    public final String getIdentityId() {
        return this.identityId;
    }

    public final String getIdentityIdFromSharedPrefs() {
        String string = getSharedPreferences$model_release().getString(PREF_IDENTITY_ID, "");
        return string == null ? "" : string;
    }

    public final SharedPreferences getSharedPreferences$model_release() {
        SharedPreferences sharedPreferences = this.context.getSharedPreferences(SHARED_PREF_KEY, 0);
        Intrinsics.checkNotNullExpressionValue(sharedPreferences, "context.getSharedPrefere…EY, Context.MODE_PRIVATE)");
        return sharedPreferences;
    }

    public final boolean load$model_release() {
        Log.d(TAG, "load ");
        this.identityId = getIdentityIdFromSharedPrefs();
        Log.d(TAG, "identityId " + this.identityId);
        this.base64certificate = getSharedPreferences$model_release().getString(PREF_CERTIFICATE_BASE_64, null);
        if (getCertificate() == null || !doesPrivateKeyExists()) {
            return false;
        }
        String str = this.base64certificate;
        if (str != null) {
            verifyCertificate(str);
        }
        if (!this.controller.getReEnroll()) {
            this.completion.invoke(this);
        }
        Log.d(TAG, "ACTION_IDENTITY_ENROLLED");
        this.controller.onAction(ACTION_IDENTITY_ENROLLED);
        return true;
    }

    public final void renew() {
        Log.d(TAG, "Renew");
        this.controller.onAction(ACTION_IDENTITY_RENEW);
        if (getCertificate() == null) {
            Log.d(TAG, "Certificate is Null");
            this.controller.onInitialEnrollmentRequested(this);
        } else {
            Log.d(TAG, "Certificate is Expired");
            this.controller.onReEnrollmentRequested(this);
        }
    }

    public final void retryEnrollment() {
        Log.d(TAG, "Retry enrollment start");
        Thread.sleep(10000L);
        renew();
        Log.d(TAG, "Retry enrollment finished");
    }

    public final void setBase64certificate(String str) {
        this.base64certificate = str;
    }

    public final void setCaCertificate$model_release(X509Certificate x509Certificate) {
        SharedPreferences.Editor edit = getSharedPreferences$model_release().edit();
        if (x509Certificate != null) {
            edit.putString(PREF_CA_CERTIFICATE, Base64.encodeToString(x509Certificate.getEncoded(), 0)).apply();
        } else {
            edit.remove(PREF_CA_CERTIFICATE).apply();
            this.keyStore.deleteEntry("caCa Certificate");
        }
        this.caCachedCertificate = x509Certificate;
    }

    public final void setCertificate$model_release(X509Certificate x509Certificate) {
        SharedPreferences.Editor edit = getSharedPreferences$model_release().edit();
        if (x509Certificate != null) {
            edit.putString(PREF_IDENTITY_CERTIFICATE, Base64.encodeToString(x509Certificate.getEncoded(), 0)).apply();
        }
        this.cachedCertificate = x509Certificate;
    }

    public final void setIdentityId(String str) {
        this.identityId = str;
    }

    public final boolean verifyCertificateTimings$model_release() {
        X509Certificate certificate = getCertificate();
        if (certificate == null) {
            return false;
        }
        Log.d(TAG, "verify cert time expiry");
        long time = certificate.getNotBefore().getTime();
        long time2 = certificate.getNotAfter().getTime();
        long time3 = new Date().getTime();
        boolean z = time3 <= time2 - 2592000000L;
        if (time > time3) {
            z = false;
        }
        if (time2 < time3) {
            return false;
        }
        return z;
    }
}
