package ru.mail.auth.util;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.text.TextUtils;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import ru.mail.auth.request.f;
import ru.mail.auth.request.w;
import ru.mail.auth.sdk.Utils;
import ru.mail.mailbox.cmd.CommandStatus;
import ru.mail.mailbox.cmd.b0;
import ru.mail.util.log.Level;
import ru.mail.util.log.Log;
import ru.mail.util.log.LogConfig;

@LogConfig(logLevel = Level.D, logTag = "CertificateChecker")
/* loaded from: classes8.dex */
public class CertificateChecker {
    private static final Log a = Log.getLog((Class<?>) CertificateChecker.class);

    /* renamed from: b, reason: collision with root package name */
    private final d f14625b;

    /* loaded from: classes8.dex */
    public static class InvalidCertificate extends Exception {
    }

    /* loaded from: classes8.dex */
    public static class NotInternalClient extends Exception {
    }

    /* loaded from: classes8.dex */
    public static class UnknownPackage extends Exception {
    }

    /* loaded from: classes8.dex */
    public static class a implements d {
        private final String a;

        /* renamed from: b, reason: collision with root package name */
        private final Context f14626b;

        public a(Context context, String str) {
            this.a = str;
            this.f14626b = context;
        }

        private Map<String, X509Certificate> b(String str) {
            HashMap hashMap = new HashMap();
            try {
                JSONObject jSONObject = new JSONObject(d(str));
                Iterator<String> keys = jSONObject.keys();
                while (keys.hasNext()) {
                    String next = keys.next();
                    X509Certificate c2 = c(jSONObject.getString(next));
                    if (c2 != null) {
                        hashMap.put(next, c2);
                    }
                }
            } catch (IOException | JSONException e2) {
                CertificateChecker.a.e("Unable to parse allowed apps configuration", e2);
            }
            return hashMap;
        }

        private X509Certificate c(String str) {
            try {
                return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(this.f14626b.getAssets().open(str));
            } catch (IOException | CertificateException e2) {
                CertificateChecker.a.e("Unable to read certificate", e2);
                return null;
            }
        }

        private String d(String str) throws IOException {
            BufferedReader bufferedReader;
            BufferedReader bufferedReader2 = null;
            try {
                bufferedReader = new BufferedReader(new InputStreamReader(this.f14626b.getAssets().open(str), "UTF-8"));
            } catch (Throwable th) {
                th = th;
            }
            try {
                StringBuilder sb = new StringBuilder();
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        String sb2 = sb.toString();
                        bufferedReader.close();
                        return sb2;
                    }
                    sb.append(readLine);
                }
            } catch (Throwable th2) {
                th = th2;
                bufferedReader2 = bufferedReader;
                if (bufferedReader2 != null) {
                    bufferedReader2.close();
                }
                throw th;
            }
        }

        @Override // ru.mail.auth.util.CertificateChecker.d
        @SuppressLint({"PackageManagerGetSignatures"})
        public void a(String str) throws InvalidCertificate, UnknownPackage {
            Map<String, X509Certificate> b2 = b(this.a);
            if (!b2.containsKey(str)) {
                throw new UnknownPackage();
            }
            X509Certificate x509Certificate = b2.get(str);
            try {
                for (Signature signature : this.f14626b.getPackageManager().getPackageInfo(str, 64).signatures) {
                    try {
                        if (!((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(signature.toByteArray()))).equals(x509Certificate)) {
                            throw new InvalidCertificate();
                        }
                    } catch (CertificateException e2) {
                        CertificateChecker.a.e("Unable to check certificate", e2);
                        throw new InvalidCertificate();
                    }
                }
            } catch (PackageManager.NameNotFoundException unused) {
                throw new UnknownPackage();
            }
        }
    }

    /* loaded from: classes8.dex */
    public static class b implements d {
        private final Context a;

        /* renamed from: b, reason: collision with root package name */
        private final String f14627b;

        public b(Context context, String str) {
            this.a = context;
            this.f14627b = str;
        }

        @Override // ru.mail.auth.util.CertificateChecker.d
        public void a(String str) throws InvalidCertificate, UnknownPackage, NotInternalClient {
            try {
                CommandStatus<?> orThrow = new f(this.a, new f.c(this.f14627b, str, Utils.c(this.a, str, Utils.DigestAlgorithm.SHA256)[0])).execute(b0.a()).getOrThrow();
                if (!(orThrow instanceof CommandStatus.OK)) {
                    throw new UnknownPackage();
                }
                if (!((Boolean) orThrow.getData()).booleanValue()) {
                    throw new NotInternalClient();
                }
            } catch (Exception e2) {
                CertificateChecker.a.e("Unable to read certificate", e2);
                throw new InvalidCertificate();
            }
        }
    }

    /* loaded from: classes8.dex */
    public static class c implements d {
        private final String a;

        /* renamed from: b, reason: collision with root package name */
        private final Context f14628b;

        public c(int i, Context context) {
            this(context.getString(i), context);
        }

        c(String str, Context context) {
            if (TextUtils.isEmpty(str)) {
                throw new IllegalArgumentException("Specify remoteSlot url");
            }
            this.a = str;
            this.f14628b = context;
        }

        private String b() throws ExecutionException, InterruptedException, InvalidCertificate {
            CommandStatus<?> orThrow = new w(this.f14628b, this.a).execute(b0.a()).getOrThrow();
            if ((orThrow instanceof CommandStatus.OK) && orThrow.hasData() && (orThrow.getData() instanceof String)) {
                return (String) orThrow.getData();
            }
            throw new InvalidCertificate();
        }

        private Map<String, String> c(String str) {
            HashMap hashMap = new HashMap();
            try {
                JSONArray jSONArray = new JSONObject(str).getJSONObject("android-whitelist").getJSONArray("apps");
                for (int i = 0; i < jSONArray.length(); i++) {
                    JSONObject jSONObject = (JSONObject) jSONArray.get(i);
                    hashMap.put(jSONObject.getString("appid"), jSONObject.getString("fingerprint"));
                }
            } catch (JSONException e2) {
                CertificateChecker.a.e("JSON parse error", e2);
            }
            return hashMap;
        }

        @Override // ru.mail.auth.util.CertificateChecker.d
        public void a(String str) throws InvalidCertificate {
            try {
                Map<String, String> c2 = c(b());
                if (!c2.containsKey(str)) {
                    throw new UnknownPackage();
                }
                String str2 = c2.get(str);
                for (String str3 : Utils.c(this.f14628b, str, Utils.DigestAlgorithm.SHA1)) {
                    if (!str2.equalsIgnoreCase(str3)) {
                        throw new InvalidCertificate();
                    }
                }
            } catch (RuntimeException e2) {
                throw e2;
            } catch (Exception unused) {
                throw new InvalidCertificate();
            }
        }
    }

    /* loaded from: classes8.dex */
    public interface d {
        void a(String str) throws InvalidCertificate, UnknownPackage, NotInternalClient;
    }

    public CertificateChecker(d dVar) {
        this.f14625b = dVar;
    }

    public void b(String str) throws InvalidCertificate, UnknownPackage, NotInternalClient {
        this.f14625b.a(str);
    }
}
