package io.privacyresearch.equation.provision;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.gluonhq.snl.NetworkAPI;
import com.gluonhq.snl.NetworkClient;
import com.gluonhq.snl.Response;
import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import io.privacyresearch.clientdata.SqliteStorageBean;
import io.privacyresearch.equation.EquationConfiguration;
import io.privacyresearch.equation.EquationManager;
import io.privacyresearch.equation.WaveStore;
import io.privacyresearch.equation.internal.KeyUtil;
import io.privacyresearch.equation.internal.TrustStoreImpl;
import io.privacyresearch.equation.model.Account;
import java.io.IOException;
import java.net.URI;
import java.net.URLEncoder;
import java.net.http.HttpRequest;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.signal.libsignal.protocol.IdentityKeyPair;
import org.signal.libsignal.protocol.InvalidKeyException;
import org.signal.libsignal.protocol.ecc.Curve;
import org.signal.libsignal.protocol.ecc.ECPrivateKey;
import org.signal.libsignal.protocol.state.KyberPreKeyRecord;
import org.signal.libsignal.protocol.state.SignedPreKeyRecord;
import org.whispersystems.signalservice.api.kbs.MasterKey;
import org.whispersystems.signalservice.api.push.ServiceId;
import org.whispersystems.signalservice.api.push.SignedPreKeyEntity;
import org.whispersystems.signalservice.internal.configuration.SignalUrl;
import org.whispersystems.signalservice.internal.push.KyberPreKeyEntity;
import org.whispersystems.signalservice.internal.push.ProvisioningProtos;
import org.whispersystems.signalservice.internal.websocket.WebSocketProtos;

/* loaded from: input_file:io/privacyresearch/equation/provision/ProvisioningManager.class */
public class ProvisioningManager {
    private final ProvisioningClient provisioningClient;
    private final EquationManager waveManager;
    private final SqliteStorageBean sqliteStorageBean;
    private final TrustStoreImpl trustStore = new TrustStoreImpl();
    private final ProvisioningCipher provisioningCipher;
    private static final String SIGNAL_USER_AGENT = "Signal-Desktop/6.46.0 Linux";
    private NetworkClient provisioningWebSocket;
    private boolean listen;
    private ProvisioningProtos.ProvisionMessage pm;
    private String number;
    private int deviceId;
    private boolean localMode;
    private final NetworkAPI networkAPI;
    private final boolean useQuic;
    private static String destination = "wss://chat.signal.org";
    private static String host = "https://chat.signal.org";
    private static final Logger LOG = Logger.getLogger(ProvisioningManager.class.getName());

    public ProvisioningManager(EquationManager equationManager, SqliteStorageBean sqliteStorageBean, ProvisioningClient provisioningClient, NetworkAPI networkAPI, boolean z) {
        this.provisioningClient = provisioningClient;
        this.waveManager = equationManager;
        this.sqliteStorageBean = sqliteStorageBean;
        this.networkAPI = networkAPI;
        this.useQuic = z;
        this.provisioningCipher = new ProvisioningCipher(this.waveManager);
        processConfiguration(equationManager.getConfiguration());
        LOG.info("EquationConfig = " + String.valueOf(equationManager.getConfiguration()));
    }

    public void start() {
        this.provisioningWebSocket = NetworkClient.createNetworkClient(new SignalUrl(destination + "/v1/websocket/provisioning/", this.trustStore), "", true, this.useQuic);
        this.listen = true;
        while (this.listen) {
            try {
                LOG.log(Level.INFO, "[PM] waiting for reqest... ");
                WebSocketProtos.WebSocketRequestMessage readRequestMessage = this.provisioningWebSocket.readRequestMessage(600000L, TimeUnit.SECONDS);
                LOG.log(Level.INFO, "[PM] got readrequest that I will handle now: " + String.valueOf(readRequestMessage));
                handleRequest(readRequestMessage);
                LOG.log(Level.INFO, "[PM] handled readrequest " + readRequestMessage.getPath());
            } catch (Exception e) {
                System.err.println("[PM] Exception while waiting for incoming request");
                this.listen = false;
                e.printStackTrace();
                this.provisioningClient.gotProvisioningError(e.getMessage());
                return;
            }
        }
    }

    public void stop() {
        this.listen = false;
        LOG.log(Level.INFO, "[PM] we're asked to disconnect the websocket");
        this.provisioningWebSocket.shutdown();
        LOG.log(Level.INFO, "[PM] stopped");
    }

    public Account createAccount(String str, String str2, WaveStore waveStore, WaveStore waveStore2) throws IOException {
        LOG.info("Creating device " + str2 + " for number " + this.number);
        if (!str.equals(this.number)) {
            throw new IllegalArgumentException("Can't create account for " + str);
        }
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        String encodeToString = Base64.getEncoder().encodeToString(new String(bArr, StandardCharsets.UTF_8).getBytes());
        String substring = encodeToString.substring(0, encodeToString.length() - 2);
        String num = Integer.toString(new SecureRandom().nextInt(16384) & 16383);
        String num2 = Integer.toString(new SecureRandom().nextInt(16384) & 16383);
        ServiceId.ACI createAciServiceId = createAciServiceId();
        waveStore.setServiceId(createAciServiceId);
        ServiceId.PNI createPniServiceId = createPniServiceId();
        waveStore2.setServiceId(createPniServiceId);
        IdentityKeyPair aciIdentityKey = this.sqliteStorageBean.account().getAciIdentityKey();
        try {
            cleanupKeys(waveStore);
            cleanupKeys(waveStore2);
            ECPrivateKey decodePrivatePoint = Curve.decodePrivatePoint(this.pm.getAciIdentityKeyPrivate().toByteArray());
            SignedPreKeyRecord generateSignedPreKey = KeyUtil.generateSignedPreKey(decodePrivatePoint);
            waveStore.storeSignedPreKey(generateSignedPreKey.getId(), generateSignedPreKey);
            KyberPreKeyRecord generateKyberPreKey = KeyUtil.generateKyberPreKey(decodePrivatePoint);
            waveStore.storeLastResortKyberPreKey(generateKyberPreKey.getId(), generateKyberPreKey);
            SignedPreKeyEntity signedPreKeyEntity = new SignedPreKeyEntity(generateSignedPreKey.getId(), generateSignedPreKey.getKeyPair().getPublicKey(), generateSignedPreKey.getSignature());
            LOG.info("aciPreKeyRecord = " + String.valueOf(generateSignedPreKey) + ", spke = " + String.valueOf(signedPreKeyEntity));
            KyberPreKeyEntity kyberPreKeyEntity = new KyberPreKeyEntity(generateKyberPreKey.getId(), generateKyberPreKey.getKeyPair().getPublicKey(), generateKyberPreKey.getSignature());
            ECPrivateKey decodePrivatePoint2 = Curve.decodePrivatePoint(this.pm.getPniIdentityKeyPrivate().toByteArray());
            SignedPreKeyRecord generateSignedPreKey2 = KeyUtil.generateSignedPreKey(decodePrivatePoint2);
            waveStore2.storeSignedPreKey(generateSignedPreKey2.getId(), generateSignedPreKey2);
            KyberPreKeyRecord generateKyberPreKey2 = KeyUtil.generateKyberPreKey(decodePrivatePoint2);
            waveStore2.storeLastResortKyberPreKey(generateKyberPreKey2.getId(), generateKyberPreKey2);
            SignedPreKeyEntity signedPreKeyEntity2 = new SignedPreKeyEntity(generateSignedPreKey2.getId(), generateSignedPreKey2.getKeyPair().getPublicKey(), generateSignedPreKey2.getSignature());
            KyberPreKeyEntity kyberPreKeyEntity2 = new KyberPreKeyEntity(generateKyberPreKey2.getId(), generateKyberPreKey2.getKeyPair().getPublicKey(), generateKyberPreKey2.getSignature());
            this.deviceId = confirmCode(this.pm, substring, num, num2, DeviceNameCipher.encryptDeviceName(str2, aciIdentityKey), signedPreKeyEntity, signedPreKeyEntity2, kyberPreKeyEntity, kyberPreKeyEntity2);
        } catch (InvalidKeyException e) {
            LOG.log(Level.SEVERE, (String) null, e);
        }
        LOG.info("Code confirmed!");
        this.sqliteStorageBean.account().setServicePassword(substring);
        this.sqliteStorageBean.account().setE164(this.number);
        this.sqliteStorageBean.account().setDeviceId(this.deviceId);
        this.sqliteStorageBean.account().setRegistrationId(num);
        this.sqliteStorageBean.account().setPniRegistrationId(num2);
        Account account = new Account(createAciServiceId, createPniServiceId);
        account.setProfileKey(this.pm.getProfileKey().toByteArray());
        byte[] byteArray = this.pm.getMasterKey().toByteArray();
        if (byteArray.length == 32) {
            this.sqliteStorageBean.account().setMasterKey(byteArray);
            this.sqliteStorageBean.storage().setStorageKey(new MasterKey(byteArray).deriveStorageServiceKey());
        } else {
            LOG.warning("Got masterkey length " + byteArray.length + " instead of 32, skipping");
        }
        LOG.info("user created");
        return account;
    }

    private void cleanupKeys(WaveStore waveStore) {
        waveStore.loadSignedPreKeys().stream().forEach(signedPreKeyRecord -> {
            waveStore.removeSignedPreKey(signedPreKeyRecord.getId());
        });
        waveStore.loadLastResortKyberPreKeys().forEach(kyberPreKeyRecord -> {
            waveStore.removeKyberPreKey(kyberPreKeyRecord.getId());
        });
        waveStore.loadKyberPreKeys().forEach(kyberPreKeyRecord2 -> {
            waveStore.removePreKey(kyberPreKeyRecord2.getId());
        });
    }

    public ServiceId.ACI createAciServiceId() {
        ServiceId.ACI parseOrNull = ServiceId.ACI.parseOrNull(this.pm.getAci());
        this.sqliteStorageBean.account().setAci(parseOrNull);
        this.sqliteStorageBean.account().setAciIdentityPrivateKey(this.pm.getAciIdentityKeyPrivate().toByteArray());
        this.sqliteStorageBean.account().setAciIdentityPublicKey(this.pm.getAciIdentityKeyPublic().toByteArray());
        return parseOrNull;
    }

    public ServiceId.PNI createPniServiceId() {
        ServiceId.PNI parseOrNull = ServiceId.PNI.parseOrNull(this.pm.getPni());
        this.sqliteStorageBean.account().setPni(parseOrNull);
        this.sqliteStorageBean.account().setPniIdentityPrivateKey(this.pm.getPniIdentityKeyPrivate().toByteArray());
        this.sqliteStorageBean.account().setPniIdentityPublicKey(this.pm.getPniIdentityKeyPublic().toByteArray());
        return parseOrNull;
    }

    private void handleRequest(WebSocketProtos.WebSocketRequestMessage webSocketRequestMessage) throws Exception {
        String path = webSocketRequestMessage.getPath();
        LOG.log(Level.INFO, "[PM] we need to handle a request for path " + path);
        ByteString body = webSocketRequestMessage.getBody();
        if (!"/v1/address".equals(path)) {
            if (!"/v1/message".equals(path)) {
                System.err.println("[PM] UNKNOWNPROVISIONINGMESSAGE");
                throw new IllegalArgumentException("UnknownProvisioningMessage");
            }
            this.pm = this.provisioningCipher.decrypt(ProvisioningProtos.ProvisionEnvelope.parseFrom(body));
            LOG.info("Verification = " + this.pm.getProvisioningCode());
            LOG.info("Do we have a backup ephemeral key? " + String.valueOf(this.pm.getEphemeralBackupKey()));
            this.number = this.pm.getNumber();
            this.provisioningClient.gotProvisionMessage(this.pm);
            this.listen = false;
            return;
        }
        String str = "";
        try {
            str = ProvisioningProtos.ProvisioningUuid.parseFrom(body).getUuid();
        } catch (InvalidProtocolBufferException e) {
            e.printStackTrace();
        }
        LOG.log(Level.INFO, "[PM] we got a uuid: " + str);
        String str2 = "sgnl://linkdevice?uuid=" + str + "&pub_key=" + URLEncoder.encode(Base64.getEncoder().encodeToString(this.provisioningCipher.getOurKeyPair().getPublicKey().serialize()), StandardCharsets.UTF_8) + "&capabilities=backup";
        LOG.log(Level.INFO, "pass url " + str2 + " to our provisioningClient " + String.valueOf(this.provisioningClient));
        if (this.localMode) {
            LOG.info("But first, inform local testserver about our QR code url");
            this.networkAPI.sendProvisionUrl(Base64.getUrlEncoder().encodeToString(str2.getBytes()));
            LOG.info("LM4");
        }
        this.provisioningClient.gotProvisioningUrl(str2);
    }

    private int confirmCode(ProvisioningProtos.ProvisionMessage provisionMessage, String str, String str2, String str3, String str4, SignedPreKeyEntity signedPreKeyEntity, SignedPreKeyEntity signedPreKeyEntity2, KyberPreKeyEntity kyberPreKeyEntity, KyberPreKeyEntity kyberPreKeyEntity2) throws JsonProcessingException, IOException {
        LOG.info("Confirming code");
        String linkDevice = getLinkDevice(provisionMessage, str4, str2, str3, signedPreKeyEntity, signedPreKeyEntity2, kyberPreKeyEntity, kyberPreKeyEntity2);
        String encodeToString = Base64.getEncoder().encodeToString((provisionMessage.getNumber() + ":" + str).getBytes());
        try {
            HashMap hashMap = new HashMap(4);
            hashMap.put("Authorization", "Basic " + encodeToString);
            hashMap.put("User-Agent", SIGNAL_USER_AGENT);
            LOG.fine("REG, headers = " + String.valueOf(hashMap));
            HttpRequest.Builder newBuilder = HttpRequest.newBuilder();
            newBuilder.header("Authorization", "Basic " + encodeToString);
            newBuilder.header("User-Agent", SIGNAL_USER_AGENT);
            newBuilder.header("X-Signal-Agent", SIGNAL_USER_AGENT);
            newBuilder.header("Content-Type", "application/json");
            newBuilder.PUT(HttpRequest.BodyPublishers.ofString(linkDevice));
            LOG.finer("BODY = " + linkDevice);
            newBuilder.uri(new URI(host + "/v1/devices/link"));
            Response sendRequest = this.provisioningWebSocket.sendRequest(newBuilder.build(), linkDevice.getBytes());
            String string = sendRequest.body().string();
            LOG.info("accountresponse = " + string + " and statuscode = " + sendRequest.getStatusCode());
            JsonNode jsonNode = new ObjectMapper().readTree(string).get("deviceId");
            if (jsonNode == null) {
                throw new IllegalArgumentException("No deviceId in provisioning response");
            }
            if (!jsonNode.isNumber()) {
                throw new IllegalArgumentException("DeviceId " + String.valueOf(jsonNode) + " is not a number");
            }
            this.deviceId = jsonNode.asInt();
            LOG.info("Stored deviceId " + this.deviceId + " in account KV store");
            return this.deviceId;
        } catch (Exception e) {
            LOG.info("confirmcode Got error: " + e.getMessage());
            e.printStackTrace();
            throw new IOException(e);
        }
    }

    private ObjectNode createDefaultCapabilities() {
        ObjectNode createObjectNode = new ObjectMapper().createObjectNode();
        createObjectNode.put("paymentActivation", true);
        createObjectNode.put("deleteSync", true);
        createObjectNode.put("versionedExpirationTimer", true);
        createObjectNode.put("ssre2", true);
        return createObjectNode;
    }

    private String getLinkDevice(ProvisioningProtos.ProvisionMessage provisionMessage, String str, String str2, String str3, SignedPreKeyEntity signedPreKeyEntity, SignedPreKeyEntity signedPreKeyEntity2, KyberPreKeyEntity kyberPreKeyEntity, KyberPreKeyEntity kyberPreKeyEntity2) throws JsonProcessingException {
        ObjectMapper objectMapper = new ObjectMapper();
        ObjectNode createObjectNode = objectMapper.createObjectNode();
        createObjectNode.put("verificationCode", provisionMessage.getProvisioningCode());
        createObjectNode.set("accountAttributes", getAccountAttributes(str, str2, str3));
        createObjectNode.set("aciSignedPreKey", getPreKeyNode(signedPreKeyEntity));
        createObjectNode.set("pniSignedPreKey", getPreKeyNode(signedPreKeyEntity2));
        createObjectNode.set("aciPqLastResortPreKey", getPreKeyNode(kyberPreKeyEntity));
        createObjectNode.set("pniPqLastResortPreKey", getPreKeyNode(kyberPreKeyEntity2));
        return objectMapper.writeValueAsString(createObjectNode);
    }

    private ObjectNode getAccountAttributes(String str, String str2, String str3) {
        ObjectMapper objectMapper = new ObjectMapper();
        ObjectNode createDefaultCapabilities = createDefaultCapabilities();
        ObjectNode createObjectNode = objectMapper.createObjectNode();
        createObjectNode.set("capabilities", createDefaultCapabilities);
        createObjectNode.put("fetchesMessages", true);
        createObjectNode.put("name", str);
        createObjectNode.put("registrationId", str2);
        createObjectNode.put("pniRegistrationId", str3);
        return createObjectNode;
    }

    private ObjectNode getPreKeyNode(SignedPreKeyEntity signedPreKeyEntity) {
        ObjectNode createObjectNode = new ObjectMapper().createObjectNode();
        createObjectNode.put("keyId", signedPreKeyEntity.getKeyId());
        createObjectNode.put("publicKey", signedPreKeyEntity.getPublicKey().serialize());
        createObjectNode.put("signature", signedPreKeyEntity.getSignature());
        return createObjectNode;
    }

    private ObjectNode getPreKeyNode(KyberPreKeyEntity kyberPreKeyEntity) {
        ObjectNode createObjectNode = new ObjectMapper().createObjectNode();
        createObjectNode.put("keyId", kyberPreKeyEntity.getKeyId());
        createObjectNode.put("publicKey", kyberPreKeyEntity.getPublicKey().serialize());
        createObjectNode.put("signature", kyberPreKeyEntity.getSignature());
        return createObjectNode;
    }

    private void processConfiguration(Map<String, Object> map) {
        Boolean bool = (Boolean) map.get(EquationConfiguration.USE_STAGING);
        if (bool != null && bool.booleanValue()) {
            destination = "wss://chat.staging.signal.org";
            host = "https://chat.staging.signal.org";
        }
        if (((String) map.get(EquationConfiguration.SERVER_HOST)) != null) {
            this.localMode = true;
            LOG.warning("Running in local mode, this should not be used in production!");
            destination = "ws://localhost:8079";
            host = "http://localhost:8079";
        }
    }
}
