package com.booking.pulse.core.network;

import android.annotation.SuppressLint;
import android.content.Context;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import com.booking.hotelmanager.B;
import com.booking.hotelmanager.PulseApplication;
import com.booking.pulse.core.network.ContextCall;
import com.booking.pulse.features.extranet.ExtranetPinService;
import com.booking.pulse.features.extranet.support.AccountDb;
import com.booking.pulse.features.login.LoginService;
import com.google.gson.JsonObject;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.crypto.Cipher;

/* loaded from: classes.dex */
public class CallSigning {
    public static final String TAG = CallSigning.class.getSimpleName();
    private final KeyStore keyStore;
    private PrivateKey privateKey = null;
    private PublicKey publicKey = null;
    private Cipher encryptingCipher = null;
    private MessageDigest digestCipher = null;
    private boolean keysCreatedInThisInstance = false;
    private final Lock cipherLock = new ReentrantLock();
    private final Object digestSyncObject = new Object();
    private final AtomicBoolean uploadingPK = new AtomicBoolean(false);
    private final AtomicLong uploadedPKFinished = new AtomicLong(0);
    private final RequestTimer pkUploadTimer = new RequestTimer(TimeUnit.SECONDS.toMillis(1));
    private final AtomicBoolean trackTooManyRequests = new AtomicBoolean(false);

    /* loaded from: classes.dex */
    public interface KeyStore {
        PrivateKey loadPrivateKey() throws Exception;

        PublicKey loadPublicKey() throws Exception;

        void savePrivateKey(PrivateKey privateKey) throws Exception;

        void savePublicKey(PublicKey publicKey) throws Exception;
    }

    public CallSigning(KeyStore keyStore) {
        this.keyStore = keyStore;
    }

    private void createKeyPair() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        this.privateKey = generateKeyPair.getPrivate();
        this.publicKey = generateKeyPair.getPublic();
        this.keyStore.savePrivateKey(this.privateKey);
        this.keyStore.savePublicKey(this.publicKey);
        this.keysCreatedInThisInstance = true;
    }

    public static CallSigning getDefaultCallSigning(Context context) {
        return new CallSigning(new KeyStore() { // from class: com.booking.pulse.core.network.CallSigning.2
            AccountDb accountDb = ExtranetPinService.get().getAccountDb();

            @Override // com.booking.pulse.core.network.CallSigning.KeyStore
            public PrivateKey loadPrivateKey() throws Exception {
                if (!this.accountDb.nameExists("#key1")) {
                    return null;
                }
                return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(this.accountDb.getSecret("#key1"), 0)));
            }

            @Override // com.booking.pulse.core.network.CallSigning.KeyStore
            public PublicKey loadPublicKey() throws Exception {
                if (!this.accountDb.nameExists("#key2")) {
                    return null;
                }
                return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode(this.accountDb.getSecret("#key2"), 0)));
            }

            @Override // com.booking.pulse.core.network.CallSigning.KeyStore
            public void savePrivateKey(PrivateKey privateKey) throws Exception {
                this.accountDb.update("#key1", Base64.encodeToString(privateKey.getEncoded(), 3), "#key1", AccountDb.OtpType.TOTP, 0);
            }

            @Override // com.booking.pulse.core.network.CallSigning.KeyStore
            public void savePublicKey(PublicKey publicKey) throws Exception {
                this.accountDb.update("#key2", Base64.encodeToString(publicKey.getEncoded(), 3), "#key2", AccountDb.OtpType.TOTP, 0);
            }
        });
    }

    public static CallSigning getFallbackCallSigning() {
        return new CallSigning(new KeyStore() { // from class: com.booking.pulse.core.network.CallSigning.1
            @Override // com.booking.pulse.core.network.CallSigning.KeyStore
            public PrivateKey loadPrivateKey() throws Exception {
                return null;
            }

            @Override // com.booking.pulse.core.network.CallSigning.KeyStore
            public PublicKey loadPublicKey() throws Exception {
                return null;
            }

            @Override // com.booking.pulse.core.network.CallSigning.KeyStore
            public void savePrivateKey(PrivateKey privateKey) throws Exception {
            }

            @Override // com.booking.pulse.core.network.CallSigning.KeyStore
            public void savePublicKey(PublicKey publicKey) throws Exception {
            }
        });
    }

    public byte[] digest(byte[] bArr) throws SignatureException {
        byte[] digest;
        synchronized (this.digestSyncObject) {
            digest = this.digestCipher.digest(bArr);
        }
        return digest;
    }

    public Cipher getEncryptingCipher() {
        this.cipherLock.lock();
        return this.encryptingCipher;
    }

    public String getPEMEncodedPublicKey() {
        return "-----BEGIN PUBLIC KEY-----\n" + Base64.encodeToString(new X509EncodedKeySpec(this.publicKey.getEncoded()).getEncoded(), 1) + "-----END PUBLIC KEY-----";
    }

    public boolean isKeysCreatedInThisInstance() {
        return this.keysCreatedInThisInstance;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final /* synthetic */ void lambda$uploadPublicKey$0$CallSigning(ContextCall.ResultListener resultListener, JsonObject jsonObject) {
        this.uploadedPKFinished.compareAndSet(0L, System.currentTimeMillis());
        this.uploadingPK.compareAndSet(true, false);
        if (resultListener != null) {
            resultListener.onResult(jsonObject);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final /* synthetic */ void lambda$uploadPublicKey$1$CallSigning(ContextCall.ErrorListener errorListener, ContextError contextError) {
        this.uploadedPKFinished.compareAndSet(0L, System.currentTimeMillis());
        this.uploadingPK.compareAndSet(true, false);
        if (contextError.getStatusCode() != 401) {
            PulseApplication.getInstance().forceSigningFallback(true);
            B.Tracking.Events.pulse_upload_key_error.sendError();
        }
        if (errorListener != null) {
            errorListener.onError(contextError);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final /* synthetic */ void lambda$uploadPublicKey$2$CallSigning(ContextCall.CallFailedListener callFailedListener, Throwable th) {
        this.uploadingPK.compareAndSet(true, false);
        B.Tracking.Events.pulse_upload_key_error.sendError(th);
        if (callFailedListener != null) {
            callFailedListener.onCallFailed(th);
        }
    }

    @SuppressLint({"GetInstance"})
    public boolean loadKeys() throws Exception {
        try {
            this.encryptingCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            this.digestCipher = MessageDigest.getInstance("SHA256");
            this.privateKey = this.keyStore.loadPrivateKey();
            this.publicKey = this.keyStore.loadPublicKey();
            boolean z = true;
            if (this.publicKey == null || this.privateKey == null) {
                createKeyPair();
                z = false;
            }
            this.encryptingCipher.init(1, this.privateKey);
            this.privateKey = null;
            return z;
        } catch (Exception e) {
            PulseApplication.getInstance().forceSigningFallback(true);
            return false;
        }
    }

    public void releaseEncryptingCipher() {
        this.cipherLock.unlock();
    }

    public void uploadPublicKey(String str, final ContextCall.ResultListener resultListener, final ContextCall.ErrorListener errorListener, final ContextCall.CallFailedListener callFailedListener) {
        if (PulseApplication.isFallbackToOldURL()) {
            Log.d(TAG, "Using fallback, not uploading public key");
            if (resultListener != null) {
                resultListener.onResult(new JsonObject());
                return;
            }
            return;
        }
        if (LoginService.isLoggedIn() || !TextUtils.isEmpty(str)) {
            if (!this.pkUploadTimer.isStale()) {
                if (this.trackTooManyRequests.compareAndSet(false, true)) {
                    B.Tracking.Events.pulse_too_many_key_requests.sendError();
                }
            } else if (this.uploadingPK.compareAndSet(false, true)) {
                this.pkUploadTimer.requestCompleted();
                ContextCall onFailed = ContextCall.build("pulse.context_upload_pk.1").priority().dontSign().toPath("/upload_pk").add("public_key", getPEMEncodedPublicKey()).onResult(new ContextCall.ResultListener(this, resultListener) { // from class: com.booking.pulse.core.network.CallSigning$$Lambda$0
                    private final CallSigning arg$1;
                    private final ContextCall.ResultListener arg$2;

                    /* JADX INFO: Access modifiers changed from: package-private */
                    {
                        this.arg$1 = this;
                        this.arg$2 = resultListener;
                    }

                    @Override // com.booking.pulse.core.network.ContextCall.ResultListener
                    public void onResult(JsonObject jsonObject) {
                        this.arg$1.lambda$uploadPublicKey$0$CallSigning(this.arg$2, jsonObject);
                    }
                }).onError(new ContextCall.ErrorListener(this, errorListener) { // from class: com.booking.pulse.core.network.CallSigning$$Lambda$1
                    private final CallSigning arg$1;
                    private final ContextCall.ErrorListener arg$2;

                    /* JADX INFO: Access modifiers changed from: package-private */
                    {
                        this.arg$1 = this;
                        this.arg$2 = errorListener;
                    }

                    @Override // com.booking.pulse.core.network.ContextCall.ErrorListener
                    public void onError(ContextError contextError) {
                        this.arg$1.lambda$uploadPublicKey$1$CallSigning(this.arg$2, contextError);
                    }
                }).onFailed(new ContextCall.CallFailedListener(this, callFailedListener) { // from class: com.booking.pulse.core.network.CallSigning$$Lambda$2
                    private final CallSigning arg$1;
                    private final ContextCall.CallFailedListener arg$2;

                    /* JADX INFO: Access modifiers changed from: package-private */
                    {
                        this.arg$1 = this;
                        this.arg$2 = callFailedListener;
                    }

                    @Override // com.booking.pulse.core.network.ContextCall.CallFailedListener
                    public void onCallFailed(Throwable th) {
                        this.arg$1.lambda$uploadPublicKey$2$CallSigning(this.arg$2, th);
                    }
                });
                if (!TextUtils.isEmpty(str)) {
                    onFailed.addHttpHeader("X-PulseToken", str);
                }
                onFailed.call();
            }
        }
    }

    public long uploadedPublicKeyInSessionTime() {
        return this.uploadedPKFinished.get();
    }
}
