package ap;

import android.content.Context;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import ri1.o1;

/* loaded from: classes2.dex */
public final class d {

    /* renamed from: a, reason: collision with root package name */
    public static volatile X509Certificate f9343a;

    public static X509Certificate a(Context context) throws wo.b {
        try {
            InputStream open = context.getAssets().open("cbg_root.cer");
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(open);
                if (open != null) {
                    open.close();
                }
                return x509Certificate;
            } finally {
            }
        } catch (IOException | CertificateException e15) {
            StringBuilder a15 = a.a.a("Read root cert error ");
            a15.append(e15.getMessage());
            o1.b("b0", a15.toString(), new Object[0]);
            StringBuilder a16 = a.a.a("Read root cert error ");
            a16.append(e15.getMessage());
            throw new wo.b(1012L, a16.toString());
        }
    }

    public static void b(Context context, l lVar) throws wo.b {
        int i15;
        boolean z15;
        if (f9343a == null) {
            synchronized (d.class) {
                if (f9343a == null) {
                    f9343a = a(context);
                }
            }
        }
        String[] strArr = lVar.f9356a.f9361b;
        if (strArr == null || strArr.length == 0) {
            throw new wo.b(1012L, "verify cert chain failed , certs is empty..");
        }
        int length = strArr.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i16 = 0; i16 < strArr.length; i16++) {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(zo.c.a(strArr[i16], 0));
                try {
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                    byteArrayInputStream.close();
                    x509CertificateArr[i16] = x509Certificate;
                } finally {
                }
            } catch (IOException | CertificateException e15) {
                throw new wo.b(1012L, e15.getMessage());
            }
        }
        StringBuilder a15 = a.a.a("Start verify cert chain using root ca: ");
        a15.append(f9343a.getSubjectDN().getName());
        o1.e("b0", a15.toString(), new Object[0]);
        int i17 = 0;
        while (true) {
            i15 = length - 1;
            if (i17 >= i15) {
                break;
            }
            try {
                o1.e("b0", "verify cert " + x509CertificateArr[i17].getSubjectDN().getName(), new Object[0]);
                StringBuilder sb5 = new StringBuilder();
                sb5.append("using ");
                int i18 = i17 + 1;
                sb5.append(x509CertificateArr[i18].getSubjectDN().getName());
                o1.e("b0", sb5.toString(), new Object[0]);
                x509CertificateArr[i17].checkValidity();
                x509CertificateArr[i17].verify(x509CertificateArr[i18].getPublicKey());
                i17 = i18;
            } catch (RuntimeException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e16) {
                StringBuilder a16 = a.a.a("verify cert chain failed , exception ");
                a16.append(e16.getMessage());
                o1.b("b0", a16.toString(), new Object[0]);
                StringBuilder a17 = a.a.a("verify cert chain failed , exception ");
                a17.append(e16.getMessage());
                throw new wo.b(1012L, a17.toString());
            }
            StringBuilder a162 = a.a.a("verify cert chain failed , exception ");
            a162.append(e16.getMessage());
            o1.b("b0", a162.toString(), new Object[0]);
            StringBuilder a172 = a.a.a("verify cert chain failed , exception ");
            a172.append(e16.getMessage());
            throw new wo.b(1012L, a172.toString());
        }
        x509CertificateArr[i15].verify(f9343a.getPublicKey());
        String[] split = x509CertificateArr[0].getSubjectDN().getName().split(",");
        int length2 = split.length;
        int i19 = 0;
        while (true) {
            if (i19 >= length2) {
                z15 = false;
                break;
            }
            String str = split[i19];
            if (str.startsWith("OU=") && "Huawei CBG Cloud Security Signer".equals(str.substring(3))) {
                z15 = true;
                break;
            }
            i19++;
        }
        if (!z15) {
            throw new wo.b(1012L, "Subject OU not verify");
        }
        X509Certificate x509Certificate2 = x509CertificateArr[0];
        try {
            Signature signature = Signature.getInstance("RS256".equals(lVar.f9356a.f9360a) ? "SHA256WithRSA" : "SHA256WithRSA/PSS");
            signature.initVerify(x509Certificate2.getPublicKey());
            signature.update(lVar.f9359d.getBytes(StandardCharsets.UTF_8));
            if (!signature.verify(lVar.f9358c)) {
                throw new wo.b(1012L, "signature not verify");
            }
        } catch (RuntimeException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e17) {
            StringBuilder a18 = a.a.a("verify signature failed , exception ");
            a18.append(e17.getMessage());
            o1.b("b0", a18.toString(), new Object[0]);
            throw new wo.b(1012L, "verify signature of c1 failed!");
        }
    }
}
