package mozilla.components.service.fretboard.source.kinto;

import android.util.Base64;
import androidx.transition.CanvasUtils;
import com.android.tools.r8.GeneratedOutlineSupport;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import kotlin.TypeCastException;
import kotlin.Unit;
import kotlin.collections.CollectionsKt__CollectionsKt;
import kotlin.io.TextStreamsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.StringsKt__StringNumberConversionsKt;
import mozilla.components.concept.fetch.Client;
import mozilla.components.concept.fetch.Request;
import mozilla.components.concept.fetch.Response;
import mozilla.components.service.fretboard.Experiment;
import mozilla.components.service.fretboard.ExperimentDownloadException;
import mozilla.components.service.fretboard.JSONExperimentParser;
import org.json.JSONArray;
import org.json.JSONObject;

/* compiled from: SignatureVerifier.kt */
/* loaded from: classes.dex */
public final class SignatureVerifier {
    public final Client client;
    public final Date currentDate;
    public final KintoClient kintoClient;

    public /* synthetic */ SignatureVerifier(Client client, KintoClient kintoClient, Date date, int i) {
        date = (i & 4) != 0 ? new Date() : date;
        if (client == null) {
            Intrinsics.throwParameterIsNullException("client");
            throw null;
        }
        if (kintoClient == null) {
            Intrinsics.throwParameterIsNullException("kintoClient");
            throw null;
        }
        if (date == null) {
            Intrinsics.throwParameterIsNullException("currentDate");
            throw null;
        }
        this.client = client;
        this.kintoClient = kintoClient;
        this.currentDate = date;
    }

    public final boolean validSignature$service_fretboard_release(List<Experiment> list, Long l) {
        if (list == null) {
            Intrinsics.throwParameterIsNullException("experiments");
            throw null;
        }
        List sortedWith = CollectionsKt__CollectionsKt.sortedWith(list, new Comparator<T>() { // from class: mozilla.components.service.fretboard.source.kinto.SignatureVerifier$validSignature$$inlined$sortedBy$1
            /* JADX WARN: Multi-variable type inference failed */
            @Override // java.util.Comparator
            public final int compare(T t, T t2) {
                return CanvasUtils.compareValues(((Experiment) t).id, ((Experiment) t2).id);
            }
        });
        JSONArray jSONArray = new JSONArray();
        JSONExperimentParser jSONExperimentParser = new JSONExperimentParser();
        Iterator it = sortedWith.iterator();
        while (it.hasNext()) {
            jSONArray.put(jSONExperimentParser.toJson((Experiment) it.next()));
        }
        KintoClient kintoClient = this.kintoClient;
        String fetch$service_fretboard_release = kintoClient.fetch$service_fretboard_release(kintoClient.collectionUrl());
        if (fetch$service_fretboard_release == null) {
            return true;
        }
        JSONObject jSONObject = new JSONObject(fetch$service_fretboard_release).getJSONObject("data").getJSONObject("signature");
        String signature = jSONObject.getString("signature");
        String string = jSONObject.getString("x5u");
        Intrinsics.checkExpressionValueIsNotNull(string, "signatureJson.getString(X5U_KEY)");
        final ArrayList arrayList = new ArrayList();
        final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        Response.Body.useBufferedReader$default(this.client.fetch(new Request(string, null, null, null, null, null, null, null, false, 510)).getBody(), null, new Function1<BufferedReader, Unit>() { // from class: mozilla.components.service.fretboard.source.kinto.SignatureVerifier$getX5U$1
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            @Override // kotlin.jvm.functions.Function1
            public Unit invoke(BufferedReader bufferedReader) {
                BufferedReader bufferedReader2 = bufferedReader;
                if (bufferedReader2 == null) {
                    Intrinsics.throwParameterIsNullException("it");
                    throw null;
                }
                String readLine = bufferedReader2.readLine();
                if (!Intrinsics.areEqual(readLine, "-----BEGIN CERTIFICATE-----")) {
                    throw new ExperimentDownloadException("");
                }
                String certPem = readLine + '\n';
                for (String str : TextStreamsKt.readLines(bufferedReader2)) {
                    certPem = GeneratedOutlineSupport.outline6(certPem, str) + '\n';
                    if (Intrinsics.areEqual(str, "-----END CERTIFICATE-----")) {
                        CertificateFactory certificateFactory2 = certificateFactory;
                        Intrinsics.checkExpressionValueIsNotNull(certPem, "certPem");
                        byte[] bytes = certPem.getBytes(Charsets.UTF_8);
                        Intrinsics.checkExpressionValueIsNotNull(bytes, "(this as java.lang.String).getBytes(charset)");
                        Certificate generateCertificate = certificateFactory2.generateCertificate(new ByteArrayInputStream(bytes));
                        ArrayList arrayList2 = arrayList;
                        if (generateCertificate == null) {
                            throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
                        }
                        arrayList2.add((X509Certificate) generateCertificate);
                        certPem = "";
                    }
                }
                if (arrayList.size() < 2) {
                    throw new ExperimentDownloadException("The chain must contain at least 2 certificates");
                }
                SignatureVerifier.this.verifyCertChain(arrayList);
                return Unit.INSTANCE;
            }
        }, 1, null);
        Object obj = arrayList.get(0);
        Intrinsics.checkExpressionValueIsNotNull(obj, "certs[0]");
        PublicKey publicKey = ((X509Certificate) obj).getPublicKey();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "certs[0].publicKey");
        String jSONArray2 = jSONArray.toString();
        Intrinsics.checkExpressionValueIsNotNull(jSONArray2, "resultJson.toString()");
        String str = "Content-Signature:\u0000{\"data\":" + StringsKt__StringNumberConversionsKt.replace$default(jSONArray2, "\\/", "/", false, 4) + ",\"last_modified\":\"" + l + "\"}";
        Intrinsics.checkExpressionValueIsNotNull(signature, "signature");
        Signature signature2 = Signature.getInstance("SHA384withECDSA");
        signature2.initVerify(publicKey);
        Charset charset = StandardCharsets.UTF_8;
        Intrinsics.checkExpressionValueIsNotNull(charset, "StandardCharsets.UTF_8");
        if (str == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        byte[] bytes = str.getBytes(charset);
        Intrinsics.checkExpressionValueIsNotNull(bytes, "(this as java.lang.String).getBytes(charset)");
        signature2.update(bytes);
        byte[] signatureBytes = Base64.decode(StringsKt__StringNumberConversionsKt.replace$default(StringsKt__StringNumberConversionsKt.replace$default(signature, "-", "+", false, 4), "_", "/", false, 4), 0);
        Intrinsics.checkExpressionValueIsNotNull(signatureBytes, "signatureBytes");
        if (signatureBytes.length == 0 || signatureBytes.length % 2 != 0) {
            throw new ExperimentDownloadException("Invalid signature");
        }
        byte[] bArr = new byte[signatureBytes.length / 2];
        int length = signatureBytes.length / 2;
        byte[] bArr2 = bArr;
        for (int i = 0; i < length; i++) {
            bArr2 = CanvasUtils.plus(bArr2, signatureBytes[i]);
        }
        byte[] bArr3 = new byte[signatureBytes.length / 2];
        int length2 = signatureBytes.length;
        for (int length3 = signatureBytes.length / 2; length3 < length2; length3++) {
            bArr3 = CanvasUtils.plus(bArr3, signatureBytes[length3]);
        }
        BigInteger bigInteger = new BigInteger(bArr2);
        BigInteger bigInteger2 = new BigInteger(bArr3);
        byte[] byteArray = bigInteger.toByteArray();
        Intrinsics.checkExpressionValueIsNotNull(byteArray, "r.toByteArray()");
        byte[] byteArray2 = bigInteger2.toByteArray();
        Intrinsics.checkExpressionValueIsNotNull(byteArray2, "s.toByteArray()");
        byte[] bArr4 = new byte[byteArray.length + 6 + byteArray2.length];
        bArr4[0] = 48;
        bArr4[1] = (byte) (byteArray.length + 4 + byteArray2.length);
        bArr4[2] = 2;
        bArr4[3] = (byte) byteArray.length;
        System.arraycopy(byteArray, 0, bArr4, 4, byteArray.length);
        bArr4[byteArray.length + 4] = 2;
        bArr4[byteArray.length + 5] = (byte) byteArray2.length;
        System.arraycopy(byteArray2, 0, bArr4, byteArray.length + 6, byteArray2.length);
        return signature2.verify(bArr4);
    }

    /* JADX WARN: Removed duplicated region for block: B:39:0x00b6 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:9:0x0052  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void verifyCertChain(java.util.List<? extends java.security.cert.X509Certificate> r15) {
        /*
            r14 = this;
            int r0 = r15.size()
            r1 = 0
            r2 = 0
        L6:
            if (r2 >= r0) goto Lbe
            java.lang.Object r3 = r15.get(r2)
            java.security.cert.X509Certificate r3 = (java.security.cert.X509Certificate) r3
            java.util.Date r4 = r3.getNotBefore()
            java.util.Date r5 = r3.getNotAfter()
            java.util.Date r6 = r14.currentDate
            long r6 = r6.getTime()
            java.lang.String r8 = "notBefore"
            kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(r4, r8)
            long r8 = r4.getTime()
            java.util.concurrent.TimeUnit r4 = java.util.concurrent.TimeUnit.DAYS
            r10 = 30
            long r12 = r4.toMillis(r10)
            long r8 = r8 - r12
            r4 = 1
            int r12 = (r6 > r8 ? 1 : (r6 == r8 ? 0 : -1))
            if (r12 < 0) goto L4f
            java.lang.String r6 = "notAfter"
            kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(r5, r6)
            long r5 = r5.getTime()
            java.util.concurrent.TimeUnit r7 = java.util.concurrent.TimeUnit.DAYS
            long r7 = r7.toMillis(r10)
            long r7 = r7 + r5
            java.util.Date r5 = r14.currentDate
            long r5 = r5.getTime()
            int r9 = (r7 > r5 ? 1 : (r7 == r5 ? 0 : -1))
            if (r9 < 0) goto L4f
            r5 = 1
            goto L50
        L4f:
            r5 = 0
        L50:
            if (r5 == 0) goto Lb6
            int r2 = r2 + 1
            int r5 = r15.size()
            if (r2 != r5) goto L84
            java.security.Principal r5 = r3.getSubjectDN()
            java.lang.String r6 = "certificate.subjectDN"
            kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(r5, r6)
            java.lang.String r5 = r5.getName()
            java.security.Principal r3 = r3.getIssuerDN()
            java.lang.String r6 = "certificate.issuerDN"
            kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(r3, r6)
            java.lang.String r3 = r3.getName()
            boolean r3 = kotlin.jvm.internal.Intrinsics.areEqual(r5, r3)
            r3 = r3 ^ r4
            if (r3 != 0) goto L7c
            goto L6
        L7c:
            mozilla.components.service.fretboard.ExperimentDownloadException r15 = new mozilla.components.service.fretboard.ExperimentDownloadException
            java.lang.String r0 = "subject does not match issuer"
            r15.<init>(r0)
            throw r15
        L84:
            java.lang.Object r4 = r15.get(r2)     // Catch: java.security.SignatureException -> L93 java.security.NoSuchProviderException -> L9a java.security.InvalidKeyException -> La1 java.security.NoSuchAlgorithmException -> La8 java.security.cert.CertificateException -> Laf
            java.security.cert.X509Certificate r4 = (java.security.cert.X509Certificate) r4     // Catch: java.security.SignatureException -> L93 java.security.NoSuchProviderException -> L9a java.security.InvalidKeyException -> La1 java.security.NoSuchAlgorithmException -> La8 java.security.cert.CertificateException -> Laf
            java.security.PublicKey r4 = r4.getPublicKey()     // Catch: java.security.SignatureException -> L93 java.security.NoSuchProviderException -> L9a java.security.InvalidKeyException -> La1 java.security.NoSuchAlgorithmException -> La8 java.security.cert.CertificateException -> Laf
            r3.verify(r4)     // Catch: java.security.SignatureException -> L93 java.security.NoSuchProviderException -> L9a java.security.InvalidKeyException -> La1 java.security.NoSuchAlgorithmException -> La8 java.security.cert.CertificateException -> Laf
            goto L6
        L93:
            r15 = move-exception
            mozilla.components.service.fretboard.ExperimentDownloadException r0 = new mozilla.components.service.fretboard.ExperimentDownloadException
            r0.<init>(r15)
            throw r0
        L9a:
            r15 = move-exception
            mozilla.components.service.fretboard.ExperimentDownloadException r0 = new mozilla.components.service.fretboard.ExperimentDownloadException
            r0.<init>(r15)
            throw r0
        La1:
            r15 = move-exception
            mozilla.components.service.fretboard.ExperimentDownloadException r0 = new mozilla.components.service.fretboard.ExperimentDownloadException
            r0.<init>(r15)
            throw r0
        La8:
            r15 = move-exception
            mozilla.components.service.fretboard.ExperimentDownloadException r0 = new mozilla.components.service.fretboard.ExperimentDownloadException
            r0.<init>(r15)
            throw r0
        Laf:
            r15 = move-exception
            mozilla.components.service.fretboard.ExperimentDownloadException r0 = new mozilla.components.service.fretboard.ExperimentDownloadException
            r0.<init>(r15)
            throw r0
        Lb6:
            mozilla.components.service.fretboard.ExperimentDownloadException r15 = new mozilla.components.service.fretboard.ExperimentDownloadException
            java.lang.String r0 = "Certificate expired or not yet valid"
            r15.<init>(r0)
            throw r15
        Lbe:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: mozilla.components.service.fretboard.source.kinto.SignatureVerifier.verifyCertChain(java.util.List):void");
    }
}
