package com.appiancorp.process.engine;

import com.appiancorp.ag.ExtendedUserService;
import com.appiancorp.ap2.pushnotifications.FirebasePayload;
import com.appiancorp.ap2.pushnotifications.FirebaseResponse;
import com.appiancorp.ap2.pushnotifications.PushNotificationsLogger;
import com.appiancorp.common.AppToken;
import com.appiancorp.common.monitoring.Stopwatch;
import com.appiancorp.services.ServiceContextFactory;
import com.appiancorp.suiteapi.common.ServiceLocator;
import com.appiancorp.suiteapi.common.exceptions.AppianRuntimeException;
import com.appiancorp.suiteapi.common.exceptions.ErrorCode;
import com.appiancorp.suiteapi.common.exceptions.PrivilegeException;
import com.appiancorp.suiteapi.portal.PortalNotificationService;
import com.appiancorp.tempo.api.UserInfoServlet;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.common.base.Charsets;
import com.google.common.base.Strings;
import com.google.gson.JsonObject;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import org.apache.commons.io.IOUtils;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/appiancorp/process/engine/PushNotificationSender.class */
public class PushNotificationSender {
    private static final int SECRET_KEY_SIZE_IN_BITS = 128;
    static final int AUTHENTICATION_TAG_LENGTH = 128;
    static final String KEY_ENCRYPTION_ALGORITHM = "RSA";
    static final String KEY_ENCRYPTION_MODE = "/ECB/PKCS1Padding";
    static final String PAYLOAD_ENCRYPTION_ALGORITHM = "AES";
    static final String PAYLOAD_ENCRYPTION_MODE = "/GCM/NoPadding";
    public static final String CATEGORY_NEWS_POST = "APPN_NEWS_POST";
    public static final String CATEGORY_NEWS_COMMENT = "APPN_NEWS_COMMENT";
    private final KeyFactory rsaKeyFactory;
    private final KeyGenerator aesKeyGenerator;
    private final Cipher rsaCipher;
    private final Cipher aesCipher;
    private final ExtendedUserService extendedUserService;
    private static final Logger LOG = Logger.getLogger(PushNotificationsLogger.class);
    private static final String MESSAGING_SCOPE = "https://www.googleapis.com/auth/firebase.messaging";
    private static final String[] SCOPES = {MESSAGING_SCOPE};
    private static volatile Map<String, GoogleCredentials> googleCredentialsMap = new HashMap();
    private static final SecureRandom secureRandom = new SecureRandom();
    private static volatile PushNotificationsTestMode testMode = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/appiancorp/process/engine/PushNotificationSender$FirebasePayloadKeys.class */
    public enum FirebasePayloadKeys {
        TOKEN("token"),
        PRIORITY("priority"),
        SILENT_PUSH_IOS("content-available"),
        MUTABLE_CONTENT("mutable-content"),
        NOTIFICATION("notification"),
        NOTIFICATION_TYPE("notification_type"),
        PUSH_TYPE("apns-push-type"),
        PAYLOAD("payload"),
        APNS("apns"),
        ANDROID("android"),
        MESSAGE("message"),
        APS("aps"),
        CATEGORY("category");

        String longName;

        FirebasePayloadKeys(String str) {
            this.longName = str;
        }

        public String getLongName() {
            return this.longName;
        }
    }

    public PushNotificationSender() {
        this((ExtendedUserService) ServiceLocator.getService(ServiceContextFactory.getAdministratorServiceContext(), ExtendedUserService.SERVICE_NAME));
    }

    PushNotificationSender(ExtendedUserService extendedUserService) {
        try {
            this.rsaKeyFactory = KeyFactory.getInstance(KEY_ENCRYPTION_ALGORITHM);
            this.aesKeyGenerator = KeyGenerator.getInstance("AES");
            this.rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            this.aesCipher = Cipher.getInstance("AES/GCM/NoPadding");
            this.extendedUserService = extendedUserService;
        } catch (Exception e) {
            throw new AppianRuntimeException(ErrorCode.INVALID_ENCRYPTION_ALGORITHM, new Object[]{e});
        }
    }

    public static void enableTestMode(PushNotificationsTestMode pushNotificationsTestMode) {
        testMode = pushNotificationsTestMode;
    }

    public static void disableTestMode() {
        testMode = null;
    }

    void sendIOSSilentPushToFirebase(FirebasePayload firebasePayload, String str) throws IOException {
        sendRealRequest(buildSilentPushFirebasePayloadJsonForIos(firebasePayload), str);
    }

    private boolean shouldSendSilentPush(FirebasePayload firebasePayload) {
        return firebasePayload.getAppToken().isPlatformIOS() && PortalNotificationService.PROCESS_NEW_TASK_ME_NOTIFICATION_TYPE.equals(firebasePayload.getNotifType());
    }

    public FirebaseResponse sendRequestToFirebase(FirebasePayload firebasePayload) throws IOException {
        String buildFirebasePayloadJson = buildFirebasePayloadJson(firebasePayload);
        String projectId = firebasePayload.getAppToken().getProjectId();
        PushNotificationsTestMode pushNotificationsTestMode = testMode;
        if (pushNotificationsTestMode != null) {
            return pushNotificationsTestMode.getFakeFirebaseResponse();
        }
        if (shouldSendSilentPush(firebasePayload)) {
            sendIOSSilentPushToFirebase(firebasePayload, projectId);
        }
        return sendRealRequest(buildFirebasePayloadJson, projectId);
    }

    private static GoogleCredentials getGoogleCredentials(String str) {
        try {
            if (googleCredentialsMap.get(str) == null) {
                URL resource = PushNotificationSender.class.getResource("/server-auth");
                if (resource == null) {
                    throw new IOException("Unable to locate server-auth directory");
                }
                Path path = (Path) ((Set) Files.list(Paths.get(resource.getPath(), new String[0])).filter(path2 -> {
                    return path2.toString().contains(str);
                }).collect(Collectors.toSet())).iterator().next();
                if (path == null) {
                    LOG.info("Missing firebase service account credentials for project: " + str);
                    return null;
                }
                FileInputStream fileInputStream = new FileInputStream(path.toFile());
                Throwable th = null;
                try {
                    try {
                        googleCredentialsMap.put(str, GoogleCredentials.fromStream(fileInputStream).createScoped(Arrays.asList(SCOPES)));
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            }
            return googleCredentialsMap.get(str);
        } catch (IOException e) {
            LOG.error("Failed to read Firebase credentials from disk", e);
            return null;
        }
    }

    private static String getAccessToken(String str) throws IOException {
        GoogleCredentials googleCredentials = getGoogleCredentials(str);
        if (googleCredentials == null) {
            return "";
        }
        googleCredentials.refreshIfExpired();
        return googleCredentials.getAccessToken().getTokenValue();
    }

    private String getFirebaseMessagingUrl(String str) {
        return "https://fcm.googleapis.com/v1/projects/" + str + "/messages:send";
    }

    private FirebaseResponse sendRealRequest(String str, String str2) throws IOException {
        if (Strings.isNullOrEmpty(str2)) {
            str2 = AppToken.getDefaultFirebaseProjectId();
        }
        String accessToken = getAccessToken(str2);
        String firebaseMessagingUrl = getFirebaseMessagingUrl(str2);
        if (Strings.isNullOrEmpty(accessToken)) {
            return FirebaseResponse.EMPTY_RESPONSE;
        }
        HttpPost httpPost = new HttpPost(firebaseMessagingUrl);
        httpPost.setEntity(new StringEntity(str, ContentType.APPLICATION_JSON));
        httpPost.setHeader("Authorization", "Bearer " + accessToken);
        CloseableHttpClient createDefault = HttpClients.createDefault();
        try {
            try {
                Stopwatch stopwatch = new Stopwatch();
                CloseableHttpResponse execute = createDefault.execute(httpPost);
                long measureMillis = stopwatch.measureMillis();
                String iOUtils = IOUtils.toString(execute.getEntity().getContent(), "UTF-8");
                createDefault.close();
                return new FirebaseResponse(execute.getStatusLine().getStatusCode(), iOUtils, execute.getHeaders("Retry-After"), measureMillis);
            } catch (IOException e) {
                throw e;
            }
        } catch (Throwable th) {
            createDefault.close();
            throw th;
        }
    }

    String buildFirebasePayloadJson(FirebasePayload firebasePayload) {
        return (firebasePayload.getAppToken().isPlatformIOS() ? buildFirebasePayloadJsonForIos(firebasePayload) : buildFirebasePayloadJsonForAndroid(firebasePayload)).toString();
    }

    private JsonObject buildFirebasePayloadJsonForIos(FirebasePayload firebasePayload) {
        JsonObject jsonObject = new JsonObject();
        jsonObject.addProperty(FirebasePayloadKeys.TOKEN.getLongName(), firebasePayload.getAppToken().getToken());
        JsonObject jsonObject2 = new JsonObject();
        jsonObject2.addProperty("body", firebasePayload.getFallbackTitle());
        JsonObject encryptNotificationJson = encryptNotificationJson(buildBaseNotificationJson(firebasePayload), firebasePayload.getAppToken(), "payload");
        encryptNotificationJson.addProperty("body", firebasePayload.getFallbackTitle());
        jsonObject.add("data", encryptNotificationJson);
        jsonObject.add(FirebasePayloadKeys.NOTIFICATION.getLongName(), jsonObject2);
        JsonObject jsonObject3 = new JsonObject();
        JsonObject jsonObject4 = new JsonObject();
        jsonObject4.addProperty(FirebasePayloadKeys.MUTABLE_CONTENT.getLongName(), 1);
        if (PushNotificationRequest.isForTasksPushNotification(firebasePayload.getNotifType()).booleanValue()) {
            jsonObject4.addProperty(FirebasePayloadKeys.CATEGORY.getLongName(), firebasePayload.getNotifType());
        } else if (PushNotificationRequest.isForNewsPostPushNotification(firebasePayload.getNotifType()).booleanValue()) {
            jsonObject4.addProperty(FirebasePayloadKeys.CATEGORY.getLongName(), CATEGORY_NEWS_POST);
        } else if (PushNotificationRequest.isForNewsCommentPushNotification(firebasePayload.getNotifType()).booleanValue()) {
            jsonObject4.addProperty(FirebasePayloadKeys.CATEGORY.getLongName(), CATEGORY_NEWS_COMMENT);
        }
        JsonObject jsonObject5 = new JsonObject();
        jsonObject5.add(FirebasePayloadKeys.APS.getLongName(), jsonObject4);
        jsonObject3.add(FirebasePayloadKeys.PAYLOAD.getLongName(), jsonObject5);
        jsonObject.add(FirebasePayloadKeys.APNS.getLongName(), jsonObject3);
        JsonObject jsonObject6 = new JsonObject();
        jsonObject6.add(FirebasePayloadKeys.MESSAGE.getLongName(), jsonObject);
        return jsonObject6;
    }

    private String buildSilentPushFirebasePayloadJsonForIos(FirebasePayload firebasePayload) {
        JsonObject jsonObject = new JsonObject();
        jsonObject.addProperty(FirebasePayloadKeys.TOKEN.getLongName(), firebasePayload.getAppToken().getToken());
        JsonObject jsonObject2 = new JsonObject();
        jsonObject2.addProperty(FirebasePayloadKeys.NOTIFICATION_TYPE.getLongName(), firebasePayload.getNotifType());
        JsonObject jsonObject3 = new JsonObject();
        JsonObject jsonObject4 = new JsonObject();
        JsonObject jsonObject5 = new JsonObject();
        jsonObject5.addProperty(FirebasePayloadKeys.SILENT_PUSH_IOS.getLongName(), 1);
        jsonObject5.addProperty(FirebasePayloadKeys.PUSH_TYPE.getLongName(), "background");
        jsonObject4.add(FirebasePayloadKeys.APS.getLongName(), jsonObject5);
        jsonObject3.add(FirebasePayloadKeys.PAYLOAD.getLongName(), jsonObject4);
        jsonObject.add(FirebasePayloadKeys.APNS.getLongName(), jsonObject3);
        jsonObject.add("data", jsonObject2);
        JsonObject jsonObject6 = new JsonObject();
        jsonObject6.add(FirebasePayloadKeys.MESSAGE.getLongName(), jsonObject);
        return jsonObject6.toString();
    }

    private JsonObject buildFirebasePayloadJsonForAndroid(FirebasePayload firebasePayload) {
        JsonObject jsonObject = new JsonObject();
        jsonObject.addProperty(FirebasePayloadKeys.TOKEN.getLongName(), firebasePayload.getAppToken().getToken());
        JsonObject jsonObject2 = new JsonObject();
        jsonObject2.addProperty(FirebasePayloadKeys.PRIORITY.getLongName(), "high");
        jsonObject.add(FirebasePayloadKeys.ANDROID.getLongName(), jsonObject2);
        JsonObject buildBaseNotificationJson = buildBaseNotificationJson(firebasePayload);
        buildBaseNotificationJson.addProperty(UserInfoServlet.UP_KEY_AVATAR_LINK, firebasePayload.getAvatarUrl());
        jsonObject.add("data", encryptNotificationJson(buildBaseNotificationJson, firebasePayload.getAppToken(), "payload"));
        JsonObject jsonObject3 = new JsonObject();
        jsonObject3.add(FirebasePayloadKeys.MESSAGE.getLongName(), jsonObject);
        return jsonObject3;
    }

    private JsonObject buildBaseNotificationJson(FirebasePayload firebasePayload) {
        JsonObject jsonObject = new JsonObject();
        jsonObject.addProperty("title", firebasePayload.getTitle());
        String subTitle = firebasePayload.getSubTitle();
        if (subTitle != null) {
            jsonObject.addProperty("subTitle", subTitle);
        }
        jsonObject.addProperty("body", firebasePayload.getBody());
        jsonObject.addProperty("link", firebasePayload.getLink());
        jsonObject.addProperty("user", firebasePayload.getAppToken().getUsername());
        return jsonObject;
    }

    private JsonObject encryptNotificationJson(JsonObject jsonObject, AppToken appToken, String str) {
        SecretKey generateSecretKey = generateSecretKey();
        try {
            String encryptSecretKey = encryptSecretKey(generateSecretKey.getEncoded(), appToken);
            byte[] generateRandomBytes = generateRandomBytes(this.aesCipher.getBlockSize());
            String encryptPayload = encryptPayload(jsonObject, generateSecretKey, generateRandomBytes);
            JsonObject jsonObject2 = new JsonObject();
            jsonObject2.addProperty(str, encryptPayload);
            jsonObject2.addProperty("key", encryptSecretKey);
            jsonObject2.addProperty("iv", Base64.getEncoder().encodeToString(generateRandomBytes));
            return jsonObject2;
        } catch (InvalidKeyException | InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException e) {
            deregisterAppToken(appToken);
            throw new AppianRuntimeException(ErrorCode.PUSH_NOTIFICATION_ENCRYPTION_FAILED, new Object[]{e});
        }
    }

    private SecretKey generateSecretKey() {
        this.aesKeyGenerator.init(128);
        return this.aesKeyGenerator.generateKey();
    }

    private String encryptSecretKey(byte[] bArr, AppToken appToken) throws InvalidKeySpecException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        this.rsaCipher.init(1, deserializePublicKey(appToken.getPublicKey()));
        return Base64.getEncoder().encodeToString(this.rsaCipher.doFinal(bArr));
    }

    private String encryptPayload(JsonObject jsonObject, SecretKey secretKey, byte[] bArr) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        try {
            this.aesCipher.init(1, secretKey, new GCMParameterSpec(128, bArr));
            return Base64.getEncoder().encodeToString(this.aesCipher.doFinal(jsonObject.toString().getBytes(Charsets.UTF_8)));
        } catch (InvalidAlgorithmParameterException e) {
            throw new AppianRuntimeException(ErrorCode.PUSH_NOTIFICATION_ENCRYPTION_FAILED, new Object[]{e});
        }
    }

    private PublicKey deserializePublicKey(String str) throws InvalidKeySpecException {
        return this.rsaKeyFactory.generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str)));
    }

    private void deregisterAppToken(AppToken appToken) {
        try {
            this.extendedUserService.deregisterAppTokenForUser(appToken.getUsername(), appToken.getToken());
        } catch (PrivilegeException e) {
            throw new AppianRuntimeException(ErrorCode.APP_TOKEN_DEREGISTRATION_FAILED, new Object[]{e});
        }
    }

    private byte[] generateRandomBytes(int i) {
        byte[] bArr = new byte[i];
        secureRandom.nextBytes(bArr);
        return bArr;
    }
}
