package com.insidesecure.dasland;

import android.util.Base64;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.Signature;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.Collection;
import java.util.LinkedList;
import java.util.List;
import org.json.JSONArray;
import org.json.JSONObject;

/* compiled from: SafetyNetAttestResultJava.java */
/* loaded from: classes3.dex */
class c {

    /* renamed from: a, reason: collision with root package name */
    private static final String f4485a = "c";

    /* renamed from: a, reason: collision with other field name */
    private boolean f2a;

    /* renamed from: a, reason: collision with other field name */
    private byte[] f3a;

    /* renamed from: b, reason: collision with root package name */
    private String f4486b;

    /* renamed from: b, reason: collision with other field name */
    private byte[] f4b;

    /* renamed from: c, reason: collision with root package name */
    private String f4487c;

    /* renamed from: c, reason: collision with other field name */
    private byte[] f5c;

    /* renamed from: d, reason: collision with root package name */
    private String f4488d;

    /* renamed from: d, reason: collision with other field name */
    private byte[] f6d;

    private static X509Certificate a(JSONArray jSONArray) throws ParseException {
        if (jSONArray == null || jSONArray.length() <= 0) {
            throw new ParseException("No certificate chain found.", 0);
        }
        LinkedList linkedList = new LinkedList();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (int i10 = 0; i10 < jSONArray.length(); i10++) {
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(jSONArray.getString(i10), 0)));
                x509Certificate.checkValidity();
                linkedList.add(x509Certificate);
            }
            CertPath generateCertPath = certificateFactory.generateCertPath(linkedList);
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            keyStore.load(null);
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
            pKIXBuilderParameters.setRevocationEnabled(false);
            CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXBuilderParameters);
            X509Certificate x509Certificate2 = (X509Certificate) linkedList.getFirst();
            Collection<List<?>> subjectAlternativeNames = ((X509Certificate) linkedList.getFirst()).getSubjectAlternativeNames();
            boolean z10 = true;
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    if (list.size() == 2 && ((Integer) list.get(0)).intValue() == 2 && "attest.android.com".equals(list.get(1))) {
                        break;
                    }
                }
            }
            z10 = false;
            if (z10) {
                return x509Certificate2;
            }
            throw new ParseException("Unable to validate sender certificate DNS name.", 0);
        } catch (Exception unused) {
            throw new ParseException("Certificate chain validation failed.", 0);
        }
    }

    private boolean a() {
        boolean z10;
        byte[] bArr;
        if (this.f3a.length == this.f6d.length) {
            int i10 = 0;
            while (true) {
                bArr = this.f3a;
                if (i10 >= bArr.length || bArr[i10] != this.f6d[i10]) {
                    break;
                }
                i10++;
            }
            if (i10 == bArr.length) {
                z10 = true;
                return !z10 && this.f2a;
            }
        }
        z10 = false;
        if (z10) {
        }
    }

    public final void a(byte[] bArr) {
        this.f6d = bArr;
    }

    public final boolean a(String str) throws ParseException {
        this.f4486b = str;
        String[] split = str.split("\\.");
        if (split.length != 3) {
            throw new ParseException("Wrong number of jws segments", 0);
        }
        try {
            JSONObject jSONObject = new JSONObject(new String(Base64.decode(split[0], 8), "UTF-8"));
            String string = jSONObject.getString("alg");
            X509Certificate a10 = a(jSONObject.getJSONArray("x5c"));
            try {
                byte[] decode = Base64.decode(split[2], 8);
                String str2 = split[0];
                String str3 = split[1];
                if (string != null) {
                    try {
                        if (string.compareTo("RS256") == 0) {
                            String str4 = str2 + '.' + str3;
                            Signature signature = Signature.getInstance("SHA256withRSA");
                            signature.initVerify(a10);
                            signature.update(str4.getBytes("UTF-8"));
                            if (!signature.verify(decode)) {
                                throw new ParseException("Signature verification failed.", 0);
                            }
                            try {
                                JSONObject jSONObject2 = new JSONObject(new String(Base64.decode(split[1], 8), "UTF-8"));
                                this.f3a = Base64.decode(jSONObject2.getString("nonce"), 0);
                                this.f4487c = jSONObject2.getString("timestampMs");
                                this.f4488d = jSONObject2.getString("apkPackageName");
                                this.f4b = Base64.decode(jSONObject2.getString("apkCertificateDigestSha256"), 0);
                                this.f5c = Base64.decode(jSONObject2.getString("apkDigestSha256"), 0);
                                this.f2a = jSONObject2.getBoolean("ctsProfileMatch");
                                return a();
                            } catch (Exception unused) {
                                throw new ParseException("jws payload parsing failed", 0);
                            }
                        }
                    } catch (Exception unused2) {
                        throw new ParseException("Signature verification failed.", 0);
                    }
                }
                throw new ParseException("jws header parsing failed: Invalid signature algorithm.", 0);
            } catch (ParseException e10) {
                throw e10;
            } catch (Exception unused3) {
                throw new ParseException("jws signature parsing failed", 0);
            }
        } catch (ParseException e11) {
            throw e11;
        } catch (Exception unused4) {
            throw new ParseException("jws Header parsing failed", 0);
        }
    }
}
