package com.facebook.mobilenetwork.internal.certificateverifier;

import X.AbstractC02200Bj;
import X.AnonymousClass000;
import X.AnonymousClass001;
import X.C02180Bh;
import X.C02240Bn;
import X.C0Q3;
import X.C28J;
import X.InterfaceC02210Bk;
import X.InterfaceC02220Bl;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Set;
import javax.net.ssl.X509TrustManager;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class CertificateVerifier {
    public final C28J mFbPinningSSLContextFactory;
    public Set revokedCertificateSerials = AnonymousClass001.A0v();
    public final C02240Bn mFbHostnameVerifier = new C02240Bn();

    /* JADX WARN: Type inference failed for: r0v1, types: [X.28J] */
    public CertificateVerifier(final long j, final boolean z) {
        this.mFbPinningSSLContextFactory = new C02180Bh(j, z) { // from class: X.28J
            {
                if (z) {
                    X509TrustManager[] x509TrustManagerArr = this.A00;
                    x509TrustManagerArr[0] = new C78233ro((InterfaceC02220Bl) x509TrustManagerArr[0]);
                }
            }
        };
    }

    public void setCertificateRevocationList(String str) {
        Boolean bool;
        if (str == null || str.isEmpty()) {
            return;
        }
        try {
            JSONObject jSONObject = new JSONObject(str);
            String string = jSONObject.getString(AnonymousClass000.A00(114));
            boolean equalsIgnoreCase = jSONObject.getJSONObject("signature_algorithm").getString(AnonymousClass000.A00(159)).equalsIgnoreCase("sha256_rsa");
            if (equalsIgnoreCase && string.length() != 512) {
                throw new Exception("Invalid CRL signature length.");
            }
            for (char c : string.toCharArray()) {
                if (c < '0' || (c > '9' && (c < 'A' || (c > 'F' && (c < 'a' || c > 'f'))))) {
                    bool = false;
                    break;
                }
            }
            bool = true;
            if (!bool.booleanValue()) {
                throw new Exception("Invalid CRL signature format.");
            }
            String string2 = jSONObject.getString("tbs_cert_list");
            if (equalsIgnoreCase) {
                PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu245oVDlI0G/yQVL4QYTcYntsHgtNk/SqqMyPy81aeQju4hnuO/3lgJ1fvGNVgOT9fxMmKTh+SwxZbHzQOrFphQUpoImDDWUjyewf30qRrqUpnkDTpmuSwZvlnxE6bs+jg5koVQkk7wraaEsgjy0Gs4nNkYbk1lvfm9evH7DZeVpVS7+xTdARgUWynKSn1dTBZnErE1xeBmoqGaSu76nfdiDhghUsL9Anh/QG/gc1sJ6LW+7L8j07BPzf5hVR/IcwR9Wup2MSn9Iv0L97exjxG/IGExX569kCBAp7O2l/0igncakwMhXdOyYYAlY3o8FtcwBDQNkiK/cX6PJnG6SvQIDAQAB")));
                Signature signature = Signature.getInstance(AnonymousClass000.A00(74));
                signature.initVerify(generatePublic);
                signature.update(string2.getBytes(StandardCharsets.UTF_8));
                int length = string.length();
                byte[] bArr = new byte[length / 2];
                for (int i = 0; i < length; i += 2) {
                    bArr[i / 2] = (byte) ((Character.digit(string.charAt(i), 16) << 4) + Character.digit(string.charAt(i + 1), 16));
                }
                if (signature.verify(bArr)) {
                    JSONArray jSONArray = new JSONObject(string2).getJSONArray("revoked_certificates");
                    for (int i2 = 0; i2 < jSONArray.length(); i2++) {
                        String string3 = jSONArray.getJSONObject(i2).getString("user_certificate");
                        if (!string3.substring(0, 2).equalsIgnoreCase("0x")) {
                            throw new Exception("Invalid CRL serial number format.");
                        }
                        if (string3.substring(2).length() > 40) {
                            throw new Exception("Invalid CRL serial number length.");
                        }
                        this.revokedCertificateSerials.add(new BigInteger(string3.substring(2), 16));
                    }
                }
            }
        } catch (Exception e) {
            throw new CertificateException(C0Q3.A14("Invalid CRL: ", e));
        }
    }

    public void verify(byte[][] bArr, String str) {
        verify(bArr, str, true);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void verify(byte[][] bArr, String str, boolean z) {
        int length = bArr.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        for (int i = 0; i < length; i++) {
            x509CertificateArr[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(bArr[i]));
        }
        BigInteger serialNumber = x509CertificateArr[0].getSerialNumber();
        if (serialNumber != null && this.revokedCertificateSerials.contains(serialNumber)) {
            throw new CertificateException("Certificate present in the CRL.");
        }
        X509TrustManager x509TrustManager = this.mFbPinningSSLContextFactory.A00[0];
        boolean z2 = x509TrustManager instanceof InterfaceC02210Bk;
        String A00 = AnonymousClass000.A00(133);
        if (z2) {
            ((InterfaceC02210Bk) x509TrustManager).ADr(A00, str, x509CertificateArr, z);
        } else if (x509TrustManager instanceof AbstractC02200Bj) {
            AbstractC02200Bj abstractC02200Bj = (AbstractC02200Bj) x509TrustManager;
            abstractC02200Bj.A02.checkServerTrusted(x509CertificateArr, A00);
            if (z) {
                abstractC02200Bj.A02(x509CertificateArr);
            }
        } else if (x509TrustManager instanceof InterfaceC02220Bl) {
            ((InterfaceC02220Bl) x509TrustManager).ADq(A00, str, x509CertificateArr);
        } else {
            x509TrustManager.checkServerTrusted(x509CertificateArr, A00);
        }
        if (!this.mFbHostnameVerifier.A01(str, x509CertificateArr[0])) {
            throw new CertificateException("Hostname verification failed.");
        }
    }
}
