package com.scanmarker.license.client;

import android.content.Context;
import android.content.SharedPreferences;
import android.content.res.Resources;
import android.util.Base64;
import android.util.Log;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.HashSet;

/* loaded from: classes.dex */
public class CryptoHandler {
    private static Certificate root1cf;
    private static Certificate root2cf;
    private static HashSet<X509Certificate> s_additionalCerts;
    public static SharedPreferences s_preferences;

    private static boolean checkCertificate(X509Certificate x509Certificate) throws Resources.NotFoundException, CertificateException, CertificateVerificationException {
        if (s_additionalCerts == null) {
            return false;
        }
        try {
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(x509Certificate);
            HashSet hashSet = new HashSet();
            hashSet.add(new TrustAnchor((X509Certificate) root2cf, null));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            HashSet<X509Certificate> hashSet2 = s_additionalCerts;
            hashSet2.add(x509Certificate);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(hashSet2)));
            PKIXCertPathBuilderResult pKIXCertPathBuilderResult = (PKIXCertPathBuilderResult) CertPathBuilder.getInstance("PKIX", "BC").build(pKIXBuilderParameters);
            CRLVerifier.verifyCertificateCRLs(x509Certificate);
            if (pKIXCertPathBuilderResult != null) {
                return pKIXCertPathBuilderResult.getCertPath() != null;
            }
            return false;
        } catch (Exception e) {
            Log.e("licence-client", "Exception occurred: " + e);
            return false;
        }
    }

    public static int checkSignature(String str, String str2, String str3) {
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(str3, 0)));
            if (!checkCertificate((X509Certificate) generateCertificate)) {
                Log.e("license-client", "certificate validation failed");
                return -1080;
            }
            PublicKey publicKey = generateCertificate.getPublicKey();
            byte[] decode = Base64.decode(str, 0);
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(publicKey);
            signature.update(str2.getBytes("UTF-8"));
            if (signature.verify(decode)) {
                Log.d("license-client", "signature check succeeded");
                return 0;
            }
            Log.d("license-client", "signature check failed");
            return -1030;
        } catch (CertificateVerificationException e) {
            Log.e("license-client", "checkSignature got CertificateVerificationException: " + e.getMessage());
            return -1034;
        } catch (UnsupportedEncodingException e2) {
            Log.e("license-client", "checkSignature got UnsupportedEncodingException: " + e2.getMessage());
            return -1033;
        } catch (IllegalArgumentException e3) {
            Log.e("license-client", "checkSignature got IllegalArgumentException: " + e3.getMessage());
            return -1081;
        } catch (InvalidKeyException e4) {
            Log.e("license-client", "checkSignature got InvalidKeyException: " + e4.getMessage());
            return -1082;
        } catch (NoSuchAlgorithmException e5) {
            Log.e("license-client", "checkSignature got NoSuchAlgorithmException: " + e5.getMessage());
            return -1031;
        } catch (SignatureException e6) {
            e6.printStackTrace();
            return -1032;
        } catch (CertificateException e7) {
            Log.e("license-client", "checkSignature got CertificateException: " + e7.getMessage());
            return -1083;
        }
    }

    public static void initCryptoHandler(Context context) {
        try {
            s_preferences = context.getSharedPreferences("com.scanmarker.settings.Prefs", 0);
            Resources resources = context.getResources();
            InputStream openRawResource = resources.openRawResource(resources.getIdentifier("root1", "raw", context.getPackageName()));
            s_additionalCerts = new HashSet<>();
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            root1cf = certificateFactory.generateCertificate(openRawResource);
            s_additionalCerts.add((X509Certificate) root1cf);
            root2cf = certificateFactory.generateCertificate(resources.openRawResource(resources.getIdentifier("root2", "raw", context.getPackageName())));
            s_additionalCerts.add((X509Certificate) root2cf);
        } catch (CertificateException e) {
            Log.e("license-client", "checkSignature got CertificateException: " + e.getMessage());
        }
    }
}
