package com.amazon.identity.auth.device.appid;

import android.content.Context;
import android.content.pm.PackageManager;
import com.amazon.identity.auth.device.AuthError;
import com.amazon.identity.auth.device.dataobject.AppInfo;
import com.amazon.identity.auth.device.utils.HashAlgorithm;
import com.amazon.identity.auth.device.utils.JWTDecoder;
import com.amazon.identity.auth.device.utils.PackageSignatureUtil;
import com.amazon.identity.auth.map.device.utils.MAPLog;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.List;
import java.util.Locale;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public final class APIKeyDecoder {

    /* renamed from: a, reason: collision with root package name */
    public static final String f10329a = "com.amazon.identity.auth.device.appid.APIKeyDecoder";

    private APIKeyDecoder() throws Exception {
        throw new Exception("This class is not instantiable!");
    }

    public static AppInfo a(String str, String str2, Context context) {
        return b(str, str2, true, context);
    }

    public static AppInfo b(String str, String str2, boolean z10, Context context) {
        String str3 = f10329a;
        MAPLog.k(str3, "Begin decoding API Key for packageName=", str);
        JSONObject a10 = new JWTDecoder().a(str2);
        MAPLog.k(str3, "APIKey", "payload=" + a10);
        if (a10 == null) {
            MAPLog.m(str3, "Unable to decode APIKey for pkg=" + str);
            return null;
        }
        if (z10) {
            try {
                d(str, a10, context);
            } catch (PackageManager.NameNotFoundException e10) {
                MAPLog.m(f10329a, "Failed to decode: " + e10.getMessage());
                MAPLog.m(f10329a, "Unable to decode APIKey for pkg=" + str);
                return null;
            } catch (AuthError e11) {
                MAPLog.m(f10329a, "Failed to decode: " + e11.getMessage());
                MAPLog.m(f10329a, "Unable to decode APIKey for pkg=" + str);
                return null;
            } catch (IOException e12) {
                MAPLog.m(f10329a, "Failed to decode: " + e12.getMessage());
                MAPLog.m(f10329a, "Unable to decode APIKey for pkg=" + str);
                return null;
            } catch (SecurityException e13) {
                MAPLog.m(f10329a, "Failed to decode: " + e13.getMessage());
                MAPLog.m(f10329a, "Unable to decode APIKey for pkg=" + str);
                return null;
            } catch (NoSuchAlgorithmException e14) {
                MAPLog.m(f10329a, "Failed to decode: " + e14.getMessage());
                MAPLog.m(f10329a, "Unable to decode APIKey for pkg=" + str);
                return null;
            } catch (CertificateException e15) {
                MAPLog.m(f10329a, "Failed to decode: " + e15.getMessage());
                MAPLog.m(f10329a, "Unable to decode APIKey for pkg=" + str);
                return null;
            } catch (JSONException e16) {
                MAPLog.m(f10329a, "Failed to decode: " + e16.getMessage());
                MAPLog.m(f10329a, "Unable to decode APIKey for pkg=" + str);
                return null;
            }
        }
        return c(a10);
    }

    /* JADX WARN: Can't wrap try/catch for region: R(11:1|(1:3)(1:35)|4|(4:16|17|18|(2:20|(8:(2:30|31)|32|7|8|9|10|11|12)(2:24|25)))|6|7|8|9|10|11|12) */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x00bf, code lost:
    
        com.amazon.identity.auth.map.device.utils.MAPLog.m(com.amazon.identity.auth.device.appid.APIKeyDecoder.f10329a, "APIKey does not contain a client id");
        r9 = null;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.amazon.identity.auth.device.dataobject.AppInfo c(org.json.JSONObject r14) throws org.json.JSONException, com.amazon.identity.auth.device.AuthError {
        /*
            Method dump skipped, instructions count: 223
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.identity.auth.device.appid.APIKeyDecoder.c(org.json.JSONObject):com.amazon.identity.auth.device.dataobject.AppInfo");
    }

    public static void d(String str, JSONObject jSONObject, Context context) throws SecurityException, JSONException, PackageManager.NameNotFoundException, CertificateException, NoSuchAlgorithmException, IOException {
        String str2 = f10329a;
        MAPLog.k(str2, "verifyPayload for packageName=", str);
        if (!jSONObject.getString("iss").equals("Amazon")) {
            throw new SecurityException("Decoding fails: issuer (" + jSONObject.getString("iss") + ") is not = Amazon pkg=" + str);
        }
        if (str != null && !str.equals(jSONObject.getString("pkg"))) {
            throw new SecurityException("Decoding fails: package names don't match! - " + str + " != " + jSONObject.getString("pkg"));
        }
        if (jSONObject.has("appsig")) {
            String string = jSONObject.getString("appsig");
            MAPLog.k(str2, "Validating MD5 signature in API key", String.format("pkg = %s and signature %s", str, string));
            e(string, str, HashAlgorithm.MD5, context);
        }
        if (jSONObject.has("appsigSha256")) {
            String string2 = jSONObject.getString("appsigSha256");
            MAPLog.k(str2, "Validating SHA256 signature in API key", String.format("pkg = %s and signature %s", str, string2));
            e(string2, str, HashAlgorithm.SHA_256, context);
        }
    }

    public static void e(String str, String str2, HashAlgorithm hashAlgorithm, Context context) {
        if (str == null) {
            MAPLog.c(f10329a, "App Signature is null. pkg=" + str2);
            throw new SecurityException("Decoding failed: certificate fingerprint can't be verified! pkg=" + str2);
        }
        String replace = str.replace(":", "");
        List<String> a10 = PackageSignatureUtil.a(str2, hashAlgorithm, context);
        String str3 = f10329a;
        MAPLog.g(str3, "Number of signatures = " + a10.size());
        MAPLog.k(str3, "Fingerprint checking", a10.toString());
        if (a10.contains(replace.toLowerCase(Locale.US))) {
            return;
        }
        throw new SecurityException("Decoding failed: certificate fingerprint can't be verified! pkg=" + str2);
    }
}
