package com.cisco.umbrella.fips;

import android.os.Build;
import android.webkit.CookieManager;
import com.cisco.anyconnect.vpn.android.ui.Globals;
import com.cisco.anyconnect.vpn.android.util.AppLog;
import com.cisco.anyconnect.vpn.android.util.CustLogComponent;
import com.cisco.umbrella.util.ConfigHelper;
import com.cisco.umbrella.util.Constant;
import com.cisco.umbrella.util.Helper;
import com.cisco.umbrella.util.ISharedPreferencesController;
import com.cisco.umbrella.util.ValidationHelper;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import io.jsonwebtoken.Claims;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.util.Base64;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class SAMLAuthHelper {
    private static final String ATH_VALUE = "BA096Jay0UNxbS5W2O7vJRTmpr_rfQ39bSPuTvDW53g";
    private static final String BODY_HASH_VALUE = "Q538uwYcnePUSObkA_3JKbOUlTbCTEiL6ERx5YD9iaw=";
    private static final String GUID_VALUE = "testconfiguration1";
    private static final String HTU_VALUE = "https://devices.api.dev-umbrellagov.com/deployments/v2/roamingmodule";
    private static final String SRC_VALUE = "SECURE-CLIENT";
    private static final String TAG = "SAMLAuthHelper";
    private static final String TID_VALUE = "8f5fe810+1667+4259+b660+eb85983aeae5";

    private SAMLAuthHelper() {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "SAMLAuthHelper private constructor called");
    }

    public static String generateDPOPtoken(ECPrivateKey eCPrivateKey, JWK jwk, Base64URL base64URL) throws JOSEException {
        ECDSASigner eCDSASigner = new ECDSASigner(eCPrivateKey, Curve.P_256);
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.ES256).keyID(base64URL.toString()).jwk(jwk.toPublicJWK()).type(new JOSEObjectType("dpop+jwt")).build(), new JWTClaimsSet.Builder().claim("ath", ATH_VALUE).claim("body_hash", BODY_HASH_VALUE).claim("htu", HTU_VALUE).claim("htm", "POST").claim(Claims.ISSUED_AT, Long.valueOf(System.currentTimeMillis())).claim(Claims.ID, "50").build());
        signedJWT.sign(eCDSASigner);
        return signedJWT.serialize();
    }

    public static KeyPair generateECKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(256);
        return keyPairGenerator.generateKeyPair();
    }

    public static JWK generateJWK(ECPublicKey eCPublicKey) throws JOSEException {
        return new ECKey.Builder(Curve.P_256, eCPublicKey).keyIDFromThumbprint(MessageDigestAlgorithms.SHA_256).algorithm(JWSAlgorithm.ES256).keyUse(KeyUse.SIGNATURE).build();
    }

    public static String generateVtoken(String str, String str2, String str3) throws JSONException {
        String str4;
        Base64.Encoder urlEncoder;
        JSONObject jSONObject = new JSONObject();
        String valueOf = String.valueOf(System.currentTimeMillis());
        jSONObject.put("guid", GUID_VALUE);
        jSONObject.put("tid", TID_VALUE);
        jSONObject.put("org", str);
        jSONObject.put("idp", "0");
        jSONObject.put("ts", valueOf);
        jSONObject.put("url", Base64URL.m1146encode(ConfigHelper.getBaseConfig().getManagedRegistrationUrl()));
        jSONObject.put("dbg", Globals.AC_PREFERENCE_VALUE_FALSE);
        jSONObject.put("src", SRC_VALUE);
        jSONObject.put("deviceKey", str2);
        jSONObject.put("pubHash", str3);
        byte[] bytes = jSONObject.toString().getBytes(StandardCharsets.UTF_8);
        if (Build.VERSION.SDK_INT >= 26) {
            urlEncoder = Base64.getUrlEncoder();
            str4 = urlEncoder.encodeToString(bytes);
        } else {
            str4 = null;
        }
        AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "base64Vtoken: " + str4);
        return str4;
    }

    public static String getCookie(String str) {
        String cookie = CookieManager.getInstance().getCookie(str);
        String str2 = "";
        if (cookie != null) {
            try {
                for (String str3 : cookie.split(";")) {
                    String[] split = str3.trim().split("=");
                    String str4 = split[0];
                    String str5 = split[1];
                    str2 = "Cookie name: " + str4 + "\n Values :" + str5;
                    AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "finalCookies =" + str2);
                    if (str4.equals("x-access-token")) {
                        return str5;
                    }
                }
            } catch (Exception unused) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, "Exception occured in cookies extraction");
            }
        }
        return str2;
    }

    public static Base64URL getPubKeyThumbprint(JWK jwk) throws JOSEException {
        return jwk.computeThumbprint(MessageDigestAlgorithms.SHA_256);
    }

    public static boolean isTTLExpired(ISharedPreferencesController iSharedPreferencesController) {
        Base64.Decoder urlDecoder;
        byte[] decode;
        String str = (String) iSharedPreferencesController.fetch(Constant.ACCESS_TOKEN, String.class);
        if (ValidationHelper.isNonNullOrNotEmpty(str)) {
            try {
                String[] split = str.split("\\.");
                urlDecoder = Base64.getUrlDecoder();
                decode = urlDecoder.decode(split[0]);
                long j = new JSONObject(new String(decode)).getLong("ttl");
                AppLog.logVerboseMessage(CustLogComponent.UMBRELLA_CONFIG, AppLog.Severity.DBG_INFO, TAG, "TTL time is : " + Helper.convertEpochTimeToReadableTime(j));
                return j < System.currentTimeMillis() / 1000;
            } catch (JSONException e) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, TAG, e.getMessage(), e);
            }
        }
        return true;
    }
}
