package com.fido.android.framework.service;

import android.util.Base64;
import com.fido.android.framework.service.WLManifest;
import com.fido.android.utils.Logger;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.TimeZone;

/* loaded from: classes2.dex */
public class VerifyTrustServerIdentity {
    private static final String SIG_ALGORITHM = "SHA1withECDSA";
    private static final String aTAG = VerifyTrustServerIdentity.class.getSimpleName();

    /* loaded from: classes2.dex */
    class TSICert {
        private static final String rootCertBase64 = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUI5ekNDQVo4Q0NRQ0U3ak44bDhsN1BEQUpCZ2NxaGtqT1BRUUJNSUdFTVFzd0NRWURWUVFHRXdKVlV6RUwKTUFrR0ExVUVDQXdDUTBFeEVqQVFCZ05WQkFjTUNWQmhiRzhnUVd4MGJ6RWJNQmtHQTFVRUNnd1NUbTlySUU1dgpheUJNWVdKekxDQkpibU11TVJRd0VnWURWUVFEREF0VVUwa2dVbTl2ZENCMk1URWhNQjhHQ1NxR1NJYjNEUUVKCkFSWVNjM1Z3Y0c5eWRFQnViMnR1YjJzdVkyOXRNQjRYRFRFME1ESXdOekUyTWpReU5sb1hEVFEwTURFek1URTIKTWpReU5sb3dnWVF4Q3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSURBSkRRVEVTTUJBR0ExVUVCd3dKVUdGcwpieUJCYkhSdk1Sc3dHUVlEVlFRS0RCSk9iMnNnVG05cklFeGhZbk1zSUVsdVl5NHhGREFTQmdOVkJBTU1DMVJUClNTQlNiMjkwSUhZeE1TRXdId1lKS29aSWh2Y05BUWtCRmhKemRYQndiM0owUUc1dmEyNXZheTVqYjIwd1dUQVQKQmdjcWhrak9QUUlCQmdncWhrak9QUU1CQndOQ0FBU24yODdsQnFFWnNJcFgwcEdYSk1ZclpEWCtGV2JmeWdkbQpmdE50UW1tNXVKN3Z2cGZnY3BaOEQ4emRVV0g3TjAxRGVWeTFlU25uWnVsMUZxcHZySERkTUFrR0J5cUdTTTQ5CkJBRURSd0F3UkFJZ0RrcEwxYWQ0WE5wUXgxRjdrcDBWTDRmcjlvVHE4MW5aZFRlazdxWDFoUThDSUFTbkt4MHYKeEtPTkhKM2tscG9qcGdQVnQvOVRtZTBFbkQwWVYxQnAxTFJwCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K";

        TSICert() {
        }

        public static X509Certificate getX509CertFromBase64(String str) {
            return readCertFromBase64String(str);
        }

        public static X509Certificate getX509RootCert() {
            return readCertFromBase64String(rootCertBase64);
        }

        /* JADX WARN: Removed duplicated region for block: B:31:0x007c A[EXC_TOP_SPLITTER, SYNTHETIC] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        private static java.security.cert.X509Certificate readCertFromBase64String(java.lang.String r6) {
            /*
                r1 = 0
                r0 = 0
                byte[] r0 = android.util.Base64.decode(r6, r0)
                java.io.ByteArrayInputStream r2 = new java.io.ByteArrayInputStream     // Catch: java.security.cert.CertificateException -> L39 java.lang.Throwable -> L78
                r2.<init>(r0)     // Catch: java.security.cert.CertificateException -> L39 java.lang.Throwable -> L78
                java.lang.String r0 = "X.509"
                java.security.cert.CertificateFactory r0 = java.security.cert.CertificateFactory.getInstance(r0)     // Catch: java.lang.Throwable -> L9c java.security.cert.CertificateException -> L9e
                java.security.cert.Certificate r0 = r0.generateCertificate(r2)     // Catch: java.lang.Throwable -> L9c java.security.cert.CertificateException -> L9e
                java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0     // Catch: java.lang.Throwable -> L9c java.security.cert.CertificateException -> L9e
                if (r2 == 0) goto L1c
                r2.close()     // Catch: java.io.IOException -> L1d
            L1c:
                return r0
            L1d:
                r1 = move-exception
                java.lang.String r2 = com.fido.android.framework.service.VerifyTrustServerIdentity.access$0()
                java.lang.StringBuilder r3 = new java.lang.StringBuilder
                java.lang.String r4 = "Error closing stream :"
                r3.<init>(r4)
                java.lang.String r1 = r1.getMessage()
                java.lang.StringBuilder r1 = r3.append(r1)
                java.lang.String r1 = r1.toString()
                com.fido.android.utils.Logger.e(r2, r1)
                goto L1c
            L39:
                r0 = move-exception
                r2 = r1
            L3b:
                java.lang.String r3 = com.fido.android.framework.service.VerifyTrustServerIdentity.access$0()     // Catch: java.lang.Throwable -> L9c
                java.lang.StringBuilder r4 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L9c
                java.lang.String r5 = "Failed loading cert :"
                r4.<init>(r5)     // Catch: java.lang.Throwable -> L9c
                java.lang.String r0 = r0.getMessage()     // Catch: java.lang.Throwable -> L9c
                java.lang.StringBuilder r0 = r4.append(r0)     // Catch: java.lang.Throwable -> L9c
                java.lang.String r0 = r0.toString()     // Catch: java.lang.Throwable -> L9c
                com.fido.android.utils.Logger.e(r3, r0)     // Catch: java.lang.Throwable -> L9c
                if (r2 == 0) goto L5a
                r2.close()     // Catch: java.io.IOException -> L5c
            L5a:
                r0 = r1
                goto L1c
            L5c:
                r0 = move-exception
                java.lang.String r2 = com.fido.android.framework.service.VerifyTrustServerIdentity.access$0()
                java.lang.StringBuilder r3 = new java.lang.StringBuilder
                java.lang.String r4 = "Error closing stream :"
                r3.<init>(r4)
                java.lang.String r0 = r0.getMessage()
                java.lang.StringBuilder r0 = r3.append(r0)
                java.lang.String r0 = r0.toString()
                com.fido.android.utils.Logger.e(r2, r0)
                goto L5a
            L78:
                r0 = move-exception
                r2 = r1
            L7a:
                if (r2 == 0) goto L7f
                r2.close()     // Catch: java.io.IOException -> L80
            L7f:
                throw r0
            L80:
                r1 = move-exception
                java.lang.String r2 = com.fido.android.framework.service.VerifyTrustServerIdentity.access$0()
                java.lang.StringBuilder r3 = new java.lang.StringBuilder
                java.lang.String r4 = "Error closing stream :"
                r3.<init>(r4)
                java.lang.String r1 = r1.getMessage()
                java.lang.StringBuilder r1 = r3.append(r1)
                java.lang.String r1 = r1.toString()
                com.fido.android.utils.Logger.e(r2, r1)
                goto L7f
            L9c:
                r0 = move-exception
                goto L7a
            L9e:
                r0 = move-exception
                goto L3b
            */
            throw new UnsupportedOperationException("Method not decompiled: com.fido.android.framework.service.VerifyTrustServerIdentity.TSICert.readCertFromBase64String(java.lang.String):java.security.cert.X509Certificate");
        }
    }

    private static String combine(long j, String str) {
        return String.valueOf(j) + ":" + str;
    }

    private static boolean isCertVerified(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        if (x509Certificate2 == null || x509Certificate == null) {
            return false;
        }
        try {
            x509Certificate.checkValidity();
            x509Certificate2.checkValidity();
            x509Certificate.verify(x509Certificate2.getPublicKey());
            return true;
        } catch (GeneralSecurityException e) {
            Logger.e(aTAG, "Cannot verify certificate:" + e.getMessage());
            return false;
        }
    }

    private static boolean isEmptyString(String str) {
        return str == null || str.trim().length() == 0;
    }

    private static boolean isServerUrlMatch(String str, String str2) {
        return !isEmptyString(str) && str.compareTo(str2) == 0;
    }

    private static boolean isTSIBlockValid(WLManifest.TSIBlock tSIBlock) {
        return (tSIBlock == null || isEmptyString(tSIBlock.AppID) || isEmptyString(tSIBlock.Cert) || isEmptyString(tSIBlock.Sig)) ? false : true;
    }

    private static boolean isTSIExpired(long j) {
        if (j <= 0) {
            return true;
        }
        Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
        calendar.clear();
        calendar.setTime(new Date());
        long timeInMillis = calendar.getTimeInMillis() / 1000;
        return timeInMillis > 0 && timeInMillis > j;
    }

    public static boolean isTSIValid(WLManifest.TSIBlock tSIBlock, String str) {
        return isTSIBlockValid(tSIBlock) && !isEmptyString(str) && !isTSIExpired(tSIBlock.Exp) && isServerUrlMatch(tSIBlock.AppID, str) && isCertVerified(TSICert.getX509CertFromBase64(tSIBlock.Cert), TSICert.getX509RootCert()) && testSignatureWithCert(tSIBlock.Sig, combine(tSIBlock.Exp, tSIBlock.AppID), tSIBlock.Cert);
    }

    private static boolean testSignatureWithCert(String str, String str2, String str3) {
        ByteArrayInputStream byteArrayInputStream;
        GeneralSecurityException e;
        boolean z;
        byte[] decode = Base64.decode(str3, 0);
        byte[] decode2 = Base64.decode(str, 0);
        byte[] bytes = str2.getBytes();
        try {
            Signature signature = Signature.getInstance(SIG_ALGORITHM);
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            byteArrayInputStream = new ByteArrayInputStream(decode);
            try {
                try {
                    signature.initVerify(certificateFactory.generateCertificate(byteArrayInputStream).getPublicKey());
                    signature.update(bytes);
                    z = signature.verify(decode2);
                    try {
                        Logger.i(aTAG, "verifies :" + z);
                        try {
                            byteArrayInputStream.close();
                        } catch (IOException e2) {
                            Logger.e(aTAG, "Cannot close stream.");
                        }
                    } catch (GeneralSecurityException e3) {
                        e = e3;
                        Logger.e(aTAG, "Cannot verify signature of TSI:" + e.getMessage());
                        try {
                            byteArrayInputStream.close();
                        } catch (IOException e4) {
                            Logger.e(aTAG, "Cannot close stream.");
                        }
                        return z;
                    }
                } catch (GeneralSecurityException e5) {
                    e = e5;
                    z = false;
                }
            } catch (Throwable th) {
                th = th;
                try {
                    byteArrayInputStream.close();
                } catch (IOException e6) {
                    Logger.e(aTAG, "Cannot close stream.");
                }
                throw th;
            }
        } catch (GeneralSecurityException e7) {
            byteArrayInputStream = null;
            e = e7;
            z = false;
        } catch (Throwable th2) {
            th = th2;
            byteArrayInputStream = null;
            byteArrayInputStream.close();
            throw th;
        }
        return z;
    }
}
