package com.amazon.identity.auth.device.a;

import android.content.Context;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;

/* loaded from: classes.dex */
public final class a {

    /* renamed from: a, reason: collision with root package name */
    static final /* synthetic */ boolean f2503a = true;

    /* renamed from: b, reason: collision with root package name */
    private static final String f2504b = "com.amazon.identity.auth.device.a.a";

    /* renamed from: c, reason: collision with root package name */
    private static Certificate f2505c;

    /* renamed from: com.amazon.identity.auth.device.a.a$a, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public enum EnumC0054a {
        MD5("MD5"),
        SHA_256("SHA-256");


        /* renamed from: c, reason: collision with root package name */
        private String f2513c;

        EnumC0054a(String str) {
            this.f2513c = str;
        }

        public String a() {
            return this.f2513c;
        }
    }

    private a() throws Exception {
        throw new Exception("This class is not instantiable!");
    }

    public static com.amazon.identity.auth.device.b.b a(String str, String str2, Context context) {
        return a(str, str2, true, context);
    }

    static com.amazon.identity.auth.device.b.b a(String str, String str2, boolean z, Context context) {
        com.amazon.identity.auth.a.a.b.a.c(f2504b, "Begin decoding API Key for packageName=" + str);
        if (!f2503a && (str == null || str2 == null)) {
            throw new AssertionError();
        }
        if (str2 == null || str == null) {
            com.amazon.identity.auth.a.a.b.a.a(f2504b, "ApiKey/PackageName is null. pkg=" + str, "apiKey=" + str2 + "");
        } else {
            try {
                String[] a2 = a(str, str2.trim());
                org.d.c cVar = new org.d.c(a(a2[0]));
                org.d.c cVar2 = new org.d.c(a(a2[1]));
                com.amazon.identity.auth.a.a.b.a.a(f2504b, "APIKey", "payload=" + cVar2);
                a(str, a2, cVar.h("alg"), context);
                if (z) {
                    a(str, cVar2, context);
                }
                return a(cVar2);
            } catch (PackageManager.NameNotFoundException e) {
                com.amazon.identity.auth.a.a.b.a.d(f2504b, "Failed to decode: " + e.getMessage());
            } catch (com.amazon.identity.auth.device.a e2) {
                com.amazon.identity.auth.a.a.b.a.d(f2504b, "Failed to decode: " + e2.getMessage());
            } catch (UnsupportedEncodingException e3) {
                com.amazon.identity.auth.a.a.b.a.d(f2504b, "Failed to decode: " + e3.getMessage());
            } catch (IOException e4) {
                com.amazon.identity.auth.a.a.b.a.d(f2504b, "Failed to decode: " + e4.getMessage());
            } catch (IllegalArgumentException e5) {
                com.amazon.identity.auth.a.a.b.a.d(f2504b, "Failed to decode: " + e5.getMessage());
            } catch (SecurityException e6) {
                com.amazon.identity.auth.a.a.b.a.d(f2504b, "Failed to decode: " + e6.getMessage());
            } catch (InvalidKeyException e7) {
                com.amazon.identity.auth.a.a.b.a.d(f2504b, "Failed to decode: " + e7.getMessage());
            } catch (NoSuchAlgorithmException e8) {
                com.amazon.identity.auth.a.a.b.a.d(f2504b, "Failed to decode: " + e8.getMessage());
            } catch (NoSuchProviderException e9) {
                com.amazon.identity.auth.a.a.b.a.d(f2504b, "Failed to decode: " + e9.getMessage());
            } catch (SignatureException e10) {
                com.amazon.identity.auth.a.a.b.a.d(f2504b, "Failed to decode: " + e10.getMessage());
            } catch (CertificateException e11) {
                com.amazon.identity.auth.a.a.b.a.d(f2504b, "Failed to decode: " + e11.getMessage());
            } catch (org.d.b e12) {
                com.amazon.identity.auth.a.a.b.a.d(f2504b, "Failed to decode: " + e12.getMessage());
            }
        }
        com.amazon.identity.auth.a.a.b.a.d(f2504b, "Unable to decode APIKEy for pkg=" + str);
        return null;
    }

    /* JADX WARN: Can't wrap try/catch for region: R(11:1|(1:3)(1:33)|4|(3:16|17|(2:19|(1:(7:30|7|8|9|10|11|12)(2:28|29))(2:23|24)))|6|7|8|9|10|11|12) */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x008c, code lost:
    
        com.amazon.identity.auth.a.a.b.a.d(com.amazon.identity.auth.device.a.a.f2504b, "APIKey does not contain a client id");
        r9 = null;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.amazon.identity.auth.device.b.b a(org.d.c r13) throws org.d.b, com.amazon.identity.auth.device.a {
        /*
            java.lang.String r0 = "ver"
            java.lang.String r0 = r13.h(r0)
            java.lang.String r1 = "1"
            boolean r1 = r0.equals(r1)
            if (r1 == 0) goto L17
            java.lang.String r1 = "appId"
            java.lang.String r1 = r13.h(r1)
            r4 = r1
            r5 = r4
            goto L25
        L17:
            java.lang.String r1 = "appFamilyId"
            java.lang.String r1 = r13.h(r1)
            java.lang.String r2 = "appVariantId"
            java.lang.String r2 = r13.h(r2)
            r4 = r1
            r5 = r2
        L25:
            java.lang.String r1 = "3"
            boolean r0 = r0.equals(r1)
            r1 = 0
            if (r0 == 0) goto L76
            java.lang.String r0 = "endpoints"
            org.d.c r0 = r13.f(r0)     // Catch: org.d.b -> L35
            goto L3d
        L35:
            java.lang.String r0 = com.amazon.identity.auth.device.a.a.f2504b
            java.lang.String r2 = "APIKey does not contain endpoints object"
            com.amazon.identity.auth.a.a.b.a.d(r0, r2)
            r0 = r1
        L3d:
            if (r0 == 0) goto L76
            java.lang.String r2 = "authz"
            java.lang.String r2 = r0.h(r2)
            java.lang.String r3 = "tokenExchange"
            java.lang.String r0 = r0.h(r3)
            if (r2 == 0) goto L5f
            java.lang.String r3 = "https"
            boolean r3 = r2.startsWith(r3)
            if (r3 != 0) goto L5f
            com.amazon.identity.auth.device.a r13 = new com.amazon.identity.auth.device.a
            java.lang.String r0 = "Authorization Host in APIKey is invalid"
            com.amazon.identity.auth.device.a$b r1 = com.amazon.identity.auth.device.a.b.ERROR_BAD_PARAM
            r13.<init>(r0, r1)
            throw r13
        L5f:
            if (r0 == 0) goto L73
            java.lang.String r3 = "https"
            boolean r3 = r0.startsWith(r3)
            if (r3 != 0) goto L73
            com.amazon.identity.auth.device.a r13 = new com.amazon.identity.auth.device.a
            java.lang.String r0 = "Exchange Host in APIKey is invalid"
            com.amazon.identity.auth.device.a$b r1 = com.amazon.identity.auth.device.a.b.ERROR_BAD_PARAM
            r13.<init>(r0, r1)
            throw r13
        L73:
            r11 = r0
            r10 = r2
            goto L78
        L76:
            r10 = r1
            r11 = r10
        L78:
            java.lang.String r0 = "pkg"
            java.lang.String r6 = r13.h(r0)
            java.lang.String r0 = "scopes"
            java.lang.String[] r7 = a(r13, r0)
            java.lang.String r0 = "clientId"
            java.lang.String r0 = r13.h(r0)     // Catch: org.d.b -> L8c
            r9 = r0
            goto L94
        L8c:
            java.lang.String r0 = com.amazon.identity.auth.device.a.a.f2504b
            java.lang.String r2 = "APIKey does not contain a client id"
            com.amazon.identity.auth.a.a.b.a.d(r0, r2)
            r9 = r1
        L94:
            java.lang.String r0 = "perm"
            java.lang.String[] r8 = a(r13, r0)
            com.amazon.identity.auth.device.b.b r0 = new com.amazon.identity.auth.device.b.b
            r3 = r0
            r12 = r13
            r3.<init>(r4, r5, r6, r7, r8, r9, r10, r11, r12)
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.identity.auth.device.a.a.a(org.d.c):com.amazon.identity.auth.device.b.b");
    }

    public static String a(Signature signature, EnumC0054a enumC0054a) throws IOException, CertificateException, NoSuchAlgorithmException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(signature.toByteArray());
        Certificate a2 = a("X.509", byteArrayInputStream);
        byteArrayInputStream.close();
        return com.amazon.identity.auth.device.i.c.a(a(enumC0054a, a2.getEncoded()));
    }

    private static String a(String str) throws UnsupportedEncodingException {
        return new String(b(str), "UTF-8");
    }

    private static synchronized Certificate a(Context context) throws CertificateException, IOException {
        Certificate certificate;
        synchronized (a.class) {
            if (f2505c == null) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream("-----BEGIN CERTIFICATE-----\nMIIEiTCCA3GgAwIBAgIJANVIFteXvjkPMA0GCSqGSIb3DQEBBQUAMIGJMQswCQYD\nVQQGEwJVUzEQMA4GA1UEBxMHU2VhdHRsZTETMBEGA1UEChMKQW1hem9uLmNvbTEZ\nMBcGA1UECxMQSWRlbnRpdHkgYW5kIFRheDETMBEGA1UEAxMKQW1hem9uLmNvbTEj\nMCEGCSqGSIb3DQEJARYUYXV0aC10ZWFtQGFtYXpvbi5jb20wHhcNMTIwODE0MDY1\nMDM5WhcNNzYwNjE0MDAyMjIzWjCBiTELMAkGA1UEBhMCVVMxEDAOBgNVBAcTB1Nl\nYXR0bGUxEzARBgNVBAoTCkFtYXpvbi5jb20xGTAXBgNVBAsTEElkZW50aXR5IGFu\nZCBUYXgxEzARBgNVBAMTCkFtYXpvbi5jb20xIzAhBgkqhkiG9w0BCQEWFGF1dGgt\ndGVhbUBhbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nr4LlDpmlK1+mYGXqhvY3Kcd093eUwOQhQM0cb5Y9FjkXvJiCCoLSR9L8QYm2Jz06\nL/546eF/eMegvej93VGjz9JsW+guUIGkDuyCPwBn3u/PvTVKZD67Cep66qT3xnB3\nLfMFt5ln4T5LuoqJ95s8t9P0fULBU52kPR1hwdSo7G4KRVgyXtMmqjp3PK4EbrPB\ndvXCYxVeR31yDPS0BRENC3SGrzlVzrSWYFhxuxRcfyoMJYsOt/9T5QlO2KmJoTy2\nJQtqo7rlc6rORiJH7i2x+QW14bV3miJe/p4ZHWpOT5Z4hAqMBldc0FufaED1YH/Y\nnNCethI/GrXkgzCJRU5asQIDAQABo4HxMIHuMB0GA1UdDgQWBBQBvx8zbG7Sg/MZ\nOuZ31GeYDkhqozCBvgYDVR0jBIG2MIGzgBQBvx8zbG7Sg/MZOuZ31GeYDkhqo6GB\nj6SBjDCBiTELMAkGA1UEBhMCVVMxEDAOBgNVBAcTB1NlYXR0bGUxEzARBgNVBAoT\nCkFtYXpvbi5jb20xGTAXBgNVBAsTEElkZW50aXR5IGFuZCBUYXgxEzARBgNVBAMT\nCkFtYXpvbi5jb20xIzAhBgkqhkiG9w0BCQEWFGF1dGgtdGVhbUBhbWF6b24uY29t\nggkA1UgW15e+OQ8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAjOV/\nVDxeAuBqdPgoBGz8AyDtMR4Qyxpe7P0M9umtr8S0PmvYOVs5YuMbEAPUYGsBnWVJ\nn7ErwCF20bkd4x0gHzkOpEzQJnjlO9vJzJcnZH4ZwhVs5jF4IkPN8N68jawPvh5/\nLyWJuwyNY5nGvN5nEecTdUQqT1aa7+Vv3Y1ZQlTEKQtdaoXUjLG86jq9xpanNj/G\nX4VYW+m7mY7Kv7mdfAE4zeECqOY5yAqSfP1M/a5fSfHLQiCTt3mrZfOuj8Hd3Pp5\nVn1e4/UxQQCwZcvAFljEYie6CXD3U1AgzIFiv4/r2M+rDo0T7eqIqCsyG6VCgRAb\ndry4esK8/BdPhyuiZg==\n-----END CERTIFICATE-----\n".getBytes("UTF-8"));
                f2505c = a("X.509", byteArrayInputStream);
                byteArrayInputStream.close();
            }
            certificate = f2505c;
        }
        return certificate;
    }

    private static Certificate a(String str, InputStream inputStream) throws CertificateException {
        return CertificateFactory.getInstance(str).generateCertificate(inputStream);
    }

    public static List<String> a(String str, EnumC0054a enumC0054a, Context context) {
        Exception e;
        String str2;
        ArrayList arrayList = new ArrayList();
        Signature[] a2 = a(str, context);
        if (a2 == null) {
            com.amazon.identity.auth.a.a.b.a.a(f2504b, " appSignature is null. pkg=" + str);
            return arrayList;
        }
        com.amazon.identity.auth.a.a.b.a.c(f2504b, "num sigs = " + a2.length);
        for (Signature signature : a2) {
            try {
                str2 = a(signature, enumC0054a);
            } catch (Exception e2) {
                e = e2;
                str2 = null;
            }
            try {
                arrayList.add(str2.toLowerCase(Locale.US));
            } catch (Exception e3) {
                e = e3;
                com.amazon.identity.auth.a.a.b.a.a(f2504b, "Encountered error while finding signatures for " + str, e);
                com.amazon.identity.auth.a.a.b.a.a(f2504b, "Fingerprint checking", "fingerprint = " + str2);
            }
            com.amazon.identity.auth.a.a.b.a.a(f2504b, "Fingerprint checking", "fingerprint = " + str2);
        }
        return arrayList;
    }

    private static void a(String str, org.d.c cVar, Context context) throws SecurityException, org.d.b, PackageManager.NameNotFoundException, CertificateException, NoSuchAlgorithmException, IOException {
        com.amazon.identity.auth.a.a.b.a.c(f2504b, "verifyPayload for packageName=" + str);
        if (!cVar.h("iss").equals("Amazon")) {
            throw new SecurityException("Decoding fails: issuer (" + cVar.h("iss") + ") is not = Amazon pkg=" + str);
        }
        if (!str.equals(cVar.h("pkg"))) {
            throw new SecurityException("Decoding fails: package names don't match! - " + str + " != " + cVar.h("pkg"));
        }
        String h = cVar.h("appsig");
        if (h == null) {
            com.amazon.identity.auth.a.a.b.a.a(f2504b, " appSignature is null. pkg=" + str);
            throw new SecurityException("Decoding fails: certificate fingerprint can't be verified! pkg=" + str);
        }
        String replace = h.replace(":", "");
        com.amazon.identity.auth.a.a.b.a.a(f2504b, "Signature checking.", "appSignature = " + replace);
        List<String> a2 = a(str, EnumC0054a.MD5, context);
        com.amazon.identity.auth.a.a.b.a.c(f2504b, " num sigs = " + a2.size());
        com.amazon.identity.auth.a.a.b.a.a(f2504b, "Fingerpirints checking", a2.toString());
        if (a2.contains(replace.toLowerCase(Locale.US))) {
            return;
        }
        throw new SecurityException("Decoding fails: certificate fingerprint can't be verified! pkg=" + str);
    }

    private static void a(String str, String[] strArr, String str2, Context context) throws InvalidKeyException, NoSuchProviderException, SignatureException, NoSuchAlgorithmException, CertificateException, IOException {
        com.amazon.identity.auth.a.a.b.a.c(f2504b, "verifySignature for packageName=" + str);
        if (!str2.equalsIgnoreCase("RSA-SHA256")) {
            throw new NoSuchAlgorithmException("Unsupported algorithm : " + str2);
        }
        if (a(str, b(strArr[2]), (strArr[0].trim() + "." + strArr[1].trim()).getBytes("UTF-8"), a(context))) {
            return;
        }
        throw new SecurityException("Decoding fails: signature mismatch! pkg=" + str);
    }

    private static boolean a(String str, byte[] bArr, byte[] bArr2, Certificate certificate) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        com.amazon.identity.auth.a.a.b.a.c(f2504b, "verifySignature Sha256 for packageName=" + str);
        java.security.Signature signature = java.security.Signature.getInstance("SHA256withRSA", "BC");
        signature.initVerify(certificate);
        signature.update(bArr2);
        return signature.verify(bArr);
    }

    private static byte[] a(EnumC0054a enumC0054a, byte[] bArr) throws NoSuchAlgorithmException {
        if (f2503a || bArr != null) {
            return MessageDigest.getInstance(enumC0054a.a()).digest(bArr);
        }
        throw new AssertionError();
    }

    private static Signature[] a(String str, Context context) {
        PackageInfo packageInfo;
        PackageManager packageManager = context.getPackageManager();
        if (packageManager == null) {
            com.amazon.identity.auth.a.a.b.a.a(f2504b, "Can't find app signatures as pkgMgr is null ");
            return null;
        }
        try {
            packageInfo = packageManager.getPackageInfo(str, 64);
        } catch (PackageManager.NameNotFoundException unused) {
            com.amazon.identity.auth.a.a.b.a.a(f2504b, "packageName not found for package " + str);
            packageInfo = null;
        }
        if (packageInfo != null) {
            return packageInfo.signatures;
        }
        com.amazon.identity.auth.a.a.b.a.a(f2504b, "Can't find app signatures as pkgMgr is null ");
        return null;
    }

    private static String[] a(String str, String str2) {
        com.amazon.identity.auth.a.a.b.a.c(f2504b, "getKeyParts for packageName=" + str);
        if (!f2503a && str2 == null) {
            throw new AssertionError();
        }
        String[] split = str2.split("[.]");
        if (split.length == 3) {
            return split;
        }
        throw new IllegalArgumentException("Decoding fails: API Key must have 3 parts {header}.{payload}.{signature} pkg=" + str);
    }

    private static String[] a(org.d.c cVar, String str) throws org.d.b {
        try {
            org.d.a e = cVar.e(str);
            String[] strArr = new String[e.a()];
            for (int i = 0; i < e.a(); i++) {
                strArr[i] = e.e(i);
            }
            return strArr;
        } catch (org.d.b unused) {
            com.amazon.identity.auth.a.a.b.a.c(f2504b, str + " has no mapping in json, returning null array");
            return null;
        }
    }

    private static byte[] b(String str) throws UnsupportedEncodingException {
        return Base64.decode(str.trim().getBytes("UTF-8"), 0);
    }
}
