package e.c.f.c;

import android.content.Context;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

/* loaded from: classes2.dex */
public class c {
    public static volatile X509Certificate a;

    public static X509Certificate a(Context context, String str) throws e.c.f.b.a.a.c {
        try {
            InputStream open = context.getAssets().open(str);
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(open);
                if (open != null) {
                    open.close();
                }
                return x509Certificate;
            } catch (Throwable th) {
                try {
                    throw th;
                } catch (Throwable th2) {
                    if (open != null) {
                        try {
                            open.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    }
                    throw th2;
                }
            }
        } catch (IOException | CertificateException e2) {
            e.c.f.b.a.b.b.b("b0", "Read root cert error " + e2.getMessage(), new Object[0]);
            throw new e.c.f.b.a.a.c(1012L, "Read root cert error " + e2.getMessage());
        }
    }

    public static void b(Context context, k kVar) throws e.c.f.b.a.a.c {
        boolean z;
        int i2;
        if (a == null) {
            synchronized (c.class) {
                if (a == null) {
                    a = a(context, "cbg_root.cer");
                }
            }
        }
        String[] strArr = kVar.a.b;
        if (strArr == null || strArr.length == 0) {
            throw new e.c.f.b.a.a.c(1012L, "verify cert chain failed , certs is empty..");
        }
        int length = strArr.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i3 = 0; i3 < strArr.length; i3++) {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(e.c.f.b.a.d.c.a(strArr[i3], 0));
                try {
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                    byteArrayInputStream.close();
                    x509CertificateArr[i3] = x509Certificate;
                } finally {
                }
            } catch (IOException | CertificateException e2) {
                throw new e.c.f.b.a.a.c(1012L, e2.getMessage());
            }
        }
        e.c.f.b.a.b.b.e("b0", "Start verify cert chain using root ca: " + a.getSubjectDN().getName(), new Object[0]);
        int i4 = 0;
        while (true) {
            z = true;
            i2 = length - 1;
            if (i4 >= i2) {
                break;
            }
            try {
                e.c.f.b.a.b.b.e("b0", "verify cert " + x509CertificateArr[i4].getSubjectDN().getName(), new Object[0]);
                StringBuilder sb = new StringBuilder();
                sb.append("using ");
                int i5 = i4 + 1;
                sb.append(x509CertificateArr[i5].getSubjectDN().getName());
                e.c.f.b.a.b.b.e("b0", sb.toString(), new Object[0]);
                x509CertificateArr[i4].checkValidity();
                x509CertificateArr[i4].verify(x509CertificateArr[i5].getPublicKey());
                i4 = i5;
            } catch (RuntimeException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e3) {
                e.c.f.b.a.b.b.b("b0", "verify cert chain failed , exception " + e3.getMessage(), new Object[0]);
                throw new e.c.f.b.a.a.c(1012L, "verify cert chain failed , exception " + e3.getMessage());
            }
            e.c.f.b.a.b.b.b("b0", "verify cert chain failed , exception " + e3.getMessage(), new Object[0]);
            throw new e.c.f.b.a.a.c(1012L, "verify cert chain failed , exception " + e3.getMessage());
        }
        x509CertificateArr[i2].verify(a.getPublicKey());
        String[] split = x509CertificateArr[0].getSubjectDN().getName().split(",");
        int length2 = split.length;
        int i6 = 0;
        while (true) {
            if (i6 >= length2) {
                z = false;
                break;
            }
            String str = split[i6];
            if (str.startsWith("OU=") && "Huawei CBG Cloud Security Signer".equals(str.substring(3))) {
                break;
            } else {
                i6++;
            }
        }
        if (!z) {
            throw new e.c.f.b.a.a.c(1012L, "Subject OU not verify");
        }
        X509Certificate x509Certificate2 = x509CertificateArr[0];
        try {
            Signature signature = Signature.getInstance("RS256".equals(kVar.a.a) ? "SHA256WithRSA" : "SHA256WithRSA/PSS");
            signature.initVerify(x509Certificate2.getPublicKey());
            signature.update(kVar.f15568d.getBytes(StandardCharsets.UTF_8));
            if (!signature.verify(kVar.f15567c)) {
                throw new e.c.f.b.a.a.c(1012L, "signature not verify");
            }
        } catch (RuntimeException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e4) {
            e.c.f.b.a.b.b.b("b0", "verify signature failed , exception " + e4.getMessage(), new Object[0]);
            throw new e.c.f.b.a.a.c(1012L, "verify signature of c1 failed!");
        }
    }
}
