package ru.mail.auth.util;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.support.annotation.Nullable;
import android.support.annotation.StringRes;
import android.text.TextUtils;
import com.google.firebase.perf.network.FirebasePerfUrlConnection;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.sanselan.formats.jpeg.iptc.IPTCConstants;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import ru.mail.auth.request.e;
import ru.mail.auth.sdk.Utils;
import ru.mail.mailbox.cmd.bu;
import ru.mail.mailbox.cmd.server.CommandStatus;
import ru.mail.util.log.Level;
import ru.mail.util.log.Log;
import ru.mail.util.log.LogConfig;

/* compiled from: ProGuard */
@LogConfig(logLevel = Level.D, logTag = "CertificateChecker")
/* loaded from: classes2.dex */
public class CertificateChecker {
    private static final Log a = Log.getLog((Class<?>) CertificateChecker.class);
    private final d b;

    /* compiled from: ProGuard */
    /* loaded from: classes2.dex */
    public static class InvalidCertificate extends Exception {
    }

    /* compiled from: ProGuard */
    /* loaded from: classes2.dex */
    public static class NotInternalClient extends Exception {
    }

    /* compiled from: ProGuard */
    /* loaded from: classes2.dex */
    public static class UnknownPackage extends Exception {
    }

    /* compiled from: ProGuard */
    /* loaded from: classes2.dex */
    public static class a implements d {
        private final String a;
        private final Context b;

        public a(Context context, String str) {
            this.a = str;
            this.b = context;
        }

        private Map<String, X509Certificate> b(String str) {
            HashMap hashMap = new HashMap();
            try {
                JSONObject jSONObject = new JSONObject(c(str));
                Iterator<String> keys = jSONObject.keys();
                while (keys.hasNext()) {
                    String next = keys.next();
                    X509Certificate d = d(jSONObject.getString(next));
                    if (d != null) {
                        hashMap.put(next, d);
                    }
                }
            } catch (IOException | JSONException e) {
                CertificateChecker.a.e("Unable to parse allowed apps configuration", e);
            }
            return hashMap;
        }

        private String c(String str) throws IOException {
            BufferedReader bufferedReader;
            BufferedReader bufferedReader2 = null;
            try {
                bufferedReader = new BufferedReader(new InputStreamReader(this.b.getAssets().open(str), "UTF-8"));
            } catch (Throwable th) {
                th = th;
            }
            try {
                StringBuilder sb = new StringBuilder();
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        String sb2 = sb.toString();
                        bufferedReader.close();
                        return sb2;
                    }
                    sb.append(readLine);
                }
            } catch (Throwable th2) {
                th = th2;
                bufferedReader2 = bufferedReader;
                if (bufferedReader2 != null) {
                    bufferedReader2.close();
                }
                throw th;
            }
        }

        @Nullable
        private X509Certificate d(String str) {
            try {
                return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(this.b.getAssets().open(str));
            } catch (IOException | CertificateException e) {
                CertificateChecker.a.e("Unable to read certificate", e);
                return null;
            }
        }

        @Override // ru.mail.auth.util.CertificateChecker.d
        @SuppressLint({"PackageManagerGetSignatures"})
        public void a(String str) throws InvalidCertificate, UnknownPackage {
            Map<String, X509Certificate> b = b(this.a);
            if (!b.containsKey(str)) {
                throw new UnknownPackage();
            }
            X509Certificate x509Certificate = b.get(str);
            try {
                for (Signature signature : this.b.getPackageManager().getPackageInfo(str, 64).signatures) {
                    try {
                        if (!((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(signature.toByteArray()))).equals(x509Certificate)) {
                            throw new InvalidCertificate();
                        }
                    } catch (CertificateException e) {
                        CertificateChecker.a.e("Unable to check certificate", e);
                        throw new InvalidCertificate();
                    }
                }
            } catch (PackageManager.NameNotFoundException unused) {
                throw new UnknownPackage();
            }
        }
    }

    /* compiled from: ProGuard */
    /* loaded from: classes2.dex */
    public static class b implements d {
        private final Context a;
        private final String b;

        public b(Context context, String str) {
            this.a = context;
            this.b = str;
        }

        @Override // ru.mail.auth.util.CertificateChecker.d
        public void a(String str) throws InvalidCertificate, UnknownPackage, NotInternalClient {
            try {
                CommandStatus<?> commandStatus = new e(this.a, new e.b(this.b, str, Utils.a(this.a, str, Utils.DigestAlgorithm.SHA256)[0])).execute(bu.a()).get();
                if (!(commandStatus instanceof CommandStatus.OK)) {
                    throw new UnknownPackage();
                }
                if (!((Boolean) commandStatus.getData()).booleanValue()) {
                    throw new NotInternalClient();
                }
            } catch (Exception e) {
                CertificateChecker.a.e("Unable to read certificate", e);
                throw new InvalidCertificate();
            }
        }
    }

    /* compiled from: ProGuard */
    /* loaded from: classes2.dex */
    public static class c implements d {
        private final String a;
        private final Context b;

        public c(@StringRes int i, Context context) {
            this(context.getString(i), context);
        }

        c(String str, Context context) {
            if (TextUtils.isEmpty(str)) {
                throw new IllegalArgumentException("Specify remoteSlot url");
            }
            this.a = str;
            this.b = context;
        }

        private String a() throws IOException, InvalidCertificate {
            HttpURLConnection httpURLConnection = (HttpURLConnection) ((URLConnection) FirebasePerfUrlConnection.instrument(new URL(this.a).openConnection()));
            httpURLConnection.setRequestMethod("GET");
            httpURLConnection.setConnectTimeout(7000);
            httpURLConnection.setReadTimeout(IPTCConstants.IMAGE_RESOURCE_BLOCK_PRINT_FLAGS_INFO);
            httpURLConnection.connect();
            if (httpURLConnection.getResponseCode() != 200) {
                throw new InvalidCertificate();
            }
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream(), "UTF-8"));
            StringBuilder sb = new StringBuilder();
            while (true) {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        bufferedReader.close();
                        return sb.toString();
                    }
                    sb.append(readLine);
                } catch (Throwable th) {
                    bufferedReader.close();
                    throw th;
                }
            }
        }

        private Map<String, String> b(String str) {
            HashMap hashMap = new HashMap();
            try {
                JSONArray jSONArray = new JSONObject(str).getJSONObject("android-whitelist").getJSONArray("apps");
                for (int i = 0; i < jSONArray.length(); i++) {
                    JSONObject jSONObject = (JSONObject) jSONArray.get(i);
                    hashMap.put(jSONObject.getString("appid"), jSONObject.getString("fingerprint"));
                }
            } catch (JSONException e) {
                CertificateChecker.a.e("JSON parse error", e);
            }
            return hashMap;
        }

        @Override // ru.mail.auth.util.CertificateChecker.d
        public void a(String str) throws InvalidCertificate {
            try {
                Map<String, String> b = b(a());
                if (!b.containsKey(str)) {
                    throw new UnknownPackage();
                }
                String str2 = b.get(str);
                for (String str3 : Utils.a(this.b, str, Utils.DigestAlgorithm.SHA1)) {
                    if (!str2.equalsIgnoreCase(str3)) {
                        throw new InvalidCertificate();
                    }
                }
            } catch (RuntimeException e) {
                throw e;
            } catch (Exception unused) {
                throw new InvalidCertificate();
            }
        }
    }

    /* compiled from: ProGuard */
    /* loaded from: classes2.dex */
    public interface d {
        void a(String str) throws InvalidCertificate, UnknownPackage, NotInternalClient;
    }

    public CertificateChecker(d dVar) {
        this.b = dVar;
    }

    public void a(String str) throws InvalidCertificate, UnknownPackage, NotInternalClient {
        this.b.a(str);
    }
}
