package com.nordvpn.android.certificates;

import android.content.Context;
import android.util.Log;
import com.nordvpn.android.analytics.CrashLogger;
import com.nordvpn.android.communicator.CertCommunicator;
import com.nordvpn.android.utils.IOHelper;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Nullable;
import javax.inject.Inject;

/* loaded from: classes2.dex */
public class CertificateFileManager {
    private static final String FILE_NAME = "signature.pem";
    private static final String FOLDER_NAME = "/certificates";
    private CertCommunicator certCommunicator;
    private final Context context;
    private final String path;

    @Inject
    public CertificateFileManager(Context context, CertCommunicator certCommunicator) {
        this.context = context;
        this.path = context.getFilesDir().getParent() + FOLDER_NAME;
        this.certCommunicator = certCommunicator;
    }

    private List<Certificate> getCertificates(InputStream inputStream) {
        try {
            return new ArrayList(CertificateFactory.getInstance("X.509").generateCertificates(inputStream));
        } catch (Exception e) {
            e.printStackTrace();
            Log.e(getClass().getName(), "Failed to get certificate ", e);
            return null;
        }
    }

    private Certificate getRootCertificate(Context context) {
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(context.getAssets().open("root.pem"));
        } catch (Exception e) {
            e.printStackTrace();
            Log.e(getClass().getName(), "Failed to get certificate ", e);
            return null;
        }
    }

    private boolean isValidCertificates(List<Certificate> list) {
        if (list == null || list.size() <= 0) {
            return false;
        }
        Certificate rootCertificate = getRootCertificate(this.context);
        int i = 0;
        while (i < list.size()) {
            try {
                list.get(i).verify(i == list.size() - 1 ? rootCertificate.getPublicKey() : list.get(i + 1).getPublicKey());
                i++;
            } catch (Exception unused) {
                return false;
            }
        }
        return true;
    }

    private void prepareFolder(String str) {
        File file = new File(str);
        if ((file.exists() && file.isDirectory()) || file.mkdirs()) {
            return;
        }
        throw new RuntimeException("Failed to create certificates folder in '" + file.getPath() + "' path");
    }

    private void saveCertificate(InputStream inputStream) {
        prepareFolder(this.path);
        try {
            File file = new File(this.path, FILE_NAME);
            file.createNewFile();
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            IOHelper.copyStream(inputStream, fileOutputStream);
            inputStream.close();
            fileOutputStream.flush();
            fileOutputStream.close();
        } catch (IOException e) {
            CrashLogger.logException(e);
        }
    }

    public PublicKey getPublicKey() {
        File file = new File(this.path, FILE_NAME);
        List<Certificate> list = null;
        try {
            if (file.exists() && !file.isDirectory()) {
                list = getCertificates(new FileInputStream(file));
            }
        } catch (Exception unused) {
        }
        try {
            return (list == null || list.size() <= 0) ? getCertificates(this.context.getAssets().open(FILE_NAME)).get(0).getPublicKey() : list.get(0).getPublicKey();
        } catch (IOException e) {
            throw new RuntimeException("Failed to get certificate file ", e);
        }
    }

    @Nullable
    public PublicKey loadNewPublicKey(String str) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        InputStream certificate = this.certCommunicator.getCertificate(str);
        if (certificate == null) {
            return null;
        }
        try {
            IOHelper.copyStream(certificate, byteArrayOutputStream);
        } catch (IOException e) {
            e.printStackTrace();
        }
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        List<Certificate> certificates = getCertificates(new ByteArrayInputStream(byteArray));
        if (!isValidCertificates(certificates)) {
            return null;
        }
        saveCertificate(new ByteArrayInputStream(byteArray));
        return certificates.get(0).getPublicKey();
    }
}
