package ru.mail.auth.util;

import android.content.Context;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.text.TextUtils;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import ru.mail.auth.AuthenticatorConfig;
import ru.mail.auth.request.ClientCheckRequest;
import ru.mail.auth.request.RemoteFingerprintRequest;
import ru.mail.auth.sdk.Utils;
import ru.mail.mailbox.cmd.CommandStatus;
import ru.mail.mailbox.cmd.ExecutorSelectors;
import ru.mail.util.log.Log;

/* compiled from: ProGuard */
/* loaded from: classes14.dex */
public class CertificateChecker {

    /* renamed from: b, reason: collision with root package name */
    private static final Log f43006b = Log.getLog("CertificateChecker");

    /* renamed from: a, reason: collision with root package name */
    private final CheckStrategy f43007a;

    /* compiled from: ProGuard */
    /* loaded from: classes14.dex */
    public static class CheckLocalAllowedAppsConfig implements CheckStrategy {

        /* renamed from: a, reason: collision with root package name */
        private final String f43008a;

        /* renamed from: b, reason: collision with root package name */
        private final Context f43009b;

        public CheckLocalAllowedAppsConfig(Context context, String str) {
            this.f43008a = str;
            this.f43009b = context;
        }

        private Map a(String str) {
            HashMap hashMap = new HashMap();
            try {
                JSONObject jSONObject = new JSONObject(c(str));
                Iterator<String> keys = jSONObject.keys();
                while (keys.hasNext()) {
                    String next = keys.next();
                    X509Certificate b3 = b(jSONObject.getString(next));
                    if (b3 != null) {
                        hashMap.put(next, b3);
                    }
                }
            } catch (IOException | JSONException e3) {
                CertificateChecker.f43006b.e("Unable to parse allowed apps configuration", e3);
            }
            return hashMap;
        }

        private X509Certificate b(String str) {
            try {
                return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(this.f43009b.getAssets().open(str));
            } catch (IOException | CertificateException e3) {
                CertificateChecker.f43006b.e("Unable to read certificate", e3);
                return null;
            }
        }

        private String c(String str) {
            BufferedReader bufferedReader;
            BufferedReader bufferedReader2 = null;
            try {
                bufferedReader = new BufferedReader(new InputStreamReader(this.f43009b.getAssets().open(str), "UTF-8"));
            } catch (Throwable th) {
                th = th;
            }
            try {
                StringBuilder sb = new StringBuilder();
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        String sb2 = sb.toString();
                        bufferedReader.close();
                        return sb2;
                    }
                    sb.append(readLine);
                }
            } catch (Throwable th2) {
                th = th2;
                bufferedReader2 = bufferedReader;
                if (bufferedReader2 != null) {
                    bufferedReader2.close();
                }
                throw th;
            }
        }

        @Override // ru.mail.auth.util.CertificateChecker.CheckStrategy
        public void check(String str) {
            Map a3 = a(this.f43008a);
            if (!a3.containsKey(str)) {
                throw new UnknownPackage();
            }
            X509Certificate x509Certificate = (X509Certificate) a3.get(str);
            try {
                for (Signature signature : this.f43009b.getPackageManager().getPackageInfo(str, 64).signatures) {
                    try {
                        if (!((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(signature.toByteArray()))).equals(x509Certificate)) {
                            throw new InvalidCertificate();
                        }
                    } catch (CertificateException e3) {
                        CertificateChecker.f43006b.e("Unable to check certificate", e3);
                        throw new InvalidCertificate();
                    }
                }
            } catch (PackageManager.NameNotFoundException unused) {
                throw new UnknownPackage();
            }
        }
    }

    /* compiled from: ProGuard */
    /* loaded from: classes14.dex */
    public static class CheckRemoteFingerprint implements CheckStrategy {

        /* renamed from: a, reason: collision with root package name */
        private final Context f43010a;

        /* renamed from: b, reason: collision with root package name */
        private final String f43011b;

        public CheckRemoteFingerprint(Context context, String str) {
            this.f43010a = context;
            this.f43011b = str;
        }

        @Override // ru.mail.auth.util.CertificateChecker.CheckStrategy
        public void check(String str) {
            try {
                CommandStatus<?> orThrow = new ClientCheckRequest(this.f43010a, new ClientCheckRequest.Params(this.f43011b, str, Utils.getCertificateFingerprint(this.f43010a, str, Utils.DigestAlgorithm.SHA256)[0]), AuthenticatorConfig.getInstance().a().getIs12181Enabled()).execute(ExecutorSelectors.a()).getOrThrow();
                if (!(orThrow instanceof CommandStatus.OK)) {
                    throw new UnknownPackage();
                }
                if (!((Boolean) orThrow.getData()).booleanValue()) {
                    throw new NotInternalClient();
                }
            } catch (Exception e3) {
                CertificateChecker.f43006b.e("Unable to read certificate", e3);
                throw new InvalidCertificate();
            }
        }
    }

    /* compiled from: ProGuard */
    /* loaded from: classes14.dex */
    public static class CheckRemoteFingerprintConfigLegacy implements CheckStrategy {

        /* renamed from: a, reason: collision with root package name */
        private final String f43012a;

        /* renamed from: b, reason: collision with root package name */
        private final Context f43013b;

        public CheckRemoteFingerprintConfigLegacy(int i3, Context context) {
            this(context.getString(i3), context);
        }

        CheckRemoteFingerprintConfigLegacy(String str, Context context) {
            if (TextUtils.isEmpty(str)) {
                throw new IllegalArgumentException("Specify remoteSlot url");
            }
            this.f43012a = str;
            this.f43013b = context;
        }

        private String a() {
            CommandStatus<?> orThrow = new RemoteFingerprintRequest(this.f43013b, this.f43012a).execute(ExecutorSelectors.a()).getOrThrow();
            if ((orThrow instanceof CommandStatus.OK) && orThrow.hasData() && (orThrow.getData() instanceof String)) {
                return (String) orThrow.getData();
            }
            throw new InvalidCertificate();
        }

        private Map b(String str) {
            HashMap hashMap = new HashMap();
            try {
                JSONArray jSONArray = new JSONObject(str).getJSONObject("android-whitelist").getJSONArray("apps");
                for (int i3 = 0; i3 < jSONArray.length(); i3++) {
                    JSONObject jSONObject = (JSONObject) jSONArray.get(i3);
                    hashMap.put(jSONObject.getString("appid"), jSONObject.getString("fingerprint"));
                }
            } catch (JSONException e3) {
                CertificateChecker.f43006b.e("JSON parse error", e3);
            }
            return hashMap;
        }

        @Override // ru.mail.auth.util.CertificateChecker.CheckStrategy
        public void check(String str) {
            try {
                Map b3 = b(a());
                if (!b3.containsKey(str)) {
                    throw new UnknownPackage();
                }
                String str2 = (String) b3.get(str);
                for (String str3 : Utils.getCertificateFingerprint(this.f43013b, str, Utils.DigestAlgorithm.SHA1)) {
                    if (!str2.equalsIgnoreCase(str3)) {
                        throw new InvalidCertificate();
                    }
                }
            } catch (RuntimeException e3) {
                throw e3;
            } catch (Exception unused) {
                throw new InvalidCertificate();
            }
        }
    }

    /* compiled from: ProGuard */
    /* loaded from: classes14.dex */
    public interface CheckStrategy {
        void check(String str);
    }

    /* compiled from: ProGuard */
    /* loaded from: classes14.dex */
    public static class InvalidCertificate extends Exception {
    }

    /* compiled from: ProGuard */
    /* loaded from: classes14.dex */
    public static class NotInternalClient extends Exception {
    }

    /* compiled from: ProGuard */
    /* loaded from: classes14.dex */
    public static class UnknownPackage extends Exception {
    }

    public CertificateChecker(CheckStrategy checkStrategy) {
        this.f43007a = checkStrategy;
    }

    public void check(String str) throws InvalidCertificate, UnknownPackage, NotInternalClient {
        this.f43007a.check(str);
    }
}
