package com.huawei.wisesecurity.a;

import android.content.Context;
import com.huawei.wisesecurity.ucs.common.exception.UcsException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

/* loaded from: classes2.dex */
public class n {

    /* renamed from: a, reason: collision with root package name */
    public static final String f6987a = "q";

    /* renamed from: b, reason: collision with root package name */
    public static volatile X509Certificate f6988b;

    public static X509Certificate a(Context context, String str) {
        try {
            InputStream open = context.getAssets().open(str);
            Throwable th = null;
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(open);
                if (open != null) {
                    open.close();
                }
                return x509Certificate;
            } catch (Throwable th2) {
                if (open != null) {
                    if (th != null) {
                        try {
                            open.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        open.close();
                    }
                }
                throw th2;
            }
        } catch (IOException | CertificateException e) {
            String str2 = f6987a;
            StringBuilder a2 = a.a("Read root cert error ");
            a2.append(e.getMessage());
            com.huawei.wisesecurity.ucs.common.a.b.d(str2, a2.toString(), new Object[0]);
            StringBuilder a3 = a.a("Read root cert error ");
            a3.append(e.getMessage());
            throw new UcsException(com.huawei.wisesecurity.ucs.common.exception.a.m, a3.toString());
        }
    }

    public static void a(Context context, b bVar) {
        boolean z;
        if (f6988b == null) {
            synchronized (n.class) {
                if (f6988b == null) {
                    f6988b = a(context, "cbg_root.cer");
                }
            }
        }
        String[] strArr = bVar.f6971a.f6974b;
        if (strArr == null || strArr.length == 0) {
            throw new UcsException(com.huawei.wisesecurity.ucs.common.exception.a.m, "verify cert chain failed , certs is empty..");
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(com.huawei.wisesecurity.ucs.common.b.c.b(strArr[i], 0));
                Throwable th = null;
                try {
                    try {
                        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                        byteArrayInputStream.close();
                        x509CertificateArr[i] = x509Certificate;
                    } finally {
                    }
                } finally {
                }
            } catch (IOException | CertificateException e) {
                throw new UcsException(com.huawei.wisesecurity.ucs.common.exception.a.m, e.getMessage());
            }
        }
        String str = f6987a;
        StringBuilder a2 = a.a("Start verify cert chain using root ca: ");
        a2.append(f6988b.getSubjectDN().getName());
        com.huawei.wisesecurity.ucs.common.a.b.b(str, a2.toString(), new Object[0]);
        int i2 = 0;
        while (true) {
            try {
                z = true;
                if (i2 >= x509CertificateArr.length - 1) {
                    break;
                }
                String str2 = f6987a;
                StringBuilder sb = new StringBuilder();
                sb.append("verify cert ");
                sb.append(x509CertificateArr[i2].getSubjectDN().getName());
                com.huawei.wisesecurity.ucs.common.a.b.b(str2, sb.toString(), new Object[0]);
                String str3 = f6987a;
                StringBuilder sb2 = new StringBuilder();
                sb2.append("using ");
                int i3 = i2 + 1;
                sb2.append(x509CertificateArr[i3].getSubjectDN().getName());
                com.huawei.wisesecurity.ucs.common.a.b.b(str3, sb2.toString(), new Object[0]);
                x509CertificateArr[i2].checkValidity();
                x509CertificateArr[i2].verify(x509CertificateArr[i3].getPublicKey());
                i2 = i3;
            } catch (RuntimeException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e2) {
                String str4 = f6987a;
                StringBuilder a3 = a.a("verify cert chain failed , exception ");
                a3.append(e2.getMessage());
                com.huawei.wisesecurity.ucs.common.a.b.d(str4, a3.toString(), new Object[0]);
                StringBuilder a4 = a.a("verify cert chain failed , exception ");
                a4.append(e2.getMessage());
                throw new UcsException(com.huawei.wisesecurity.ucs.common.exception.a.m, a4.toString());
            }
        }
        x509CertificateArr[x509CertificateArr.length - 1].verify(f6988b.getPublicKey());
        String[] split = x509CertificateArr[0].getSubjectDN().getName().split(",");
        int length = split.length;
        int i4 = 0;
        while (true) {
            if (i4 >= length) {
                z = false;
                break;
            }
            String str5 = split[i4];
            if (str5.startsWith("OU=") && "Huawei CBG Cloud Security Signer".equals(str5.substring(3))) {
                break;
            } else {
                i4++;
            }
        }
        if (!z) {
            throw new UcsException(com.huawei.wisesecurity.ucs.common.exception.a.m, "Subject OU not verify");
        }
        X509Certificate x509Certificate2 = x509CertificateArr[0];
        try {
            Signature signature = Signature.getInstance("RS256".equals(bVar.f6971a.f6973a) ? "SHA256WithRSA" : "SHA256WithRSA/PSS");
            signature.initVerify(x509Certificate2.getPublicKey());
            signature.update(bVar.d.getBytes(StandardCharsets.UTF_8));
            if (!signature.verify(bVar.c)) {
                throw new UcsException(com.huawei.wisesecurity.ucs.common.exception.a.m, "signature not verify");
            }
        } catch (RuntimeException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e3) {
            String str6 = f6987a;
            StringBuilder a5 = a.a("verify signature failed , exception ");
            a5.append(e3.getMessage());
            com.huawei.wisesecurity.ucs.common.a.b.d(str6, a5.toString(), new Object[0]);
            throw new UcsException(com.huawei.wisesecurity.ucs.common.exception.a.m, "verify signature of c1 failed!");
        }
    }
}
