package defpackage;

import com.huawei.hms.app.CoreApplication;
import com.huawei.hms.tss.exception.TssException;
import com.huawei.openalliance.ad.ppskit.constant.ag;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.List;

/* renamed from: Ew, reason: case insensitive filesystem */
/* loaded from: classes.dex */
public class C0198Ew {
    private static volatile X509Certificate b;
    private static final String e = C0198Ew.class.getSimpleName();

    public static X509Certificate a(String str) throws TssException {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(C0202Fa.e(str, 0));
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                byteArrayInputStream.close();
                return x509Certificate;
            } finally {
            }
        } catch (IOException | CertificateException e2) {
            throw new TssException(201016L, e2.getMessage());
        }
    }

    public static void a(X509Certificate x509Certificate) throws TssException {
        try {
            X509Certificate b2 = ag.d.equalsIgnoreCase(C1520rc.b("ro.product.manufacturer", "")) ? b("Zhixin_RootCa.cer") : b("cbg_root.cer");
            C0200Ey.a(e, "verify equip CA cert " + x509Certificate.getSubjectDN().getName());
            C0200Ey.a(e, "using root cert " + b2.getSubjectDN().getName());
            x509Certificate.checkValidity();
            x509Certificate.verify(b2.getPublicKey());
        } catch (RuntimeException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e2) {
            C0200Ey.e(e, "verify equip CA cert " + e2.getMessage());
            throw new TssException(201027L, e2.getMessage());
        }
    }

    private static X509Certificate b(String str) throws TssException {
        try {
            InputStream open = CoreApplication.getCoreBaseContext().getAssets().open(str);
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(open);
                if (open != null) {
                    open.close();
                }
                return x509Certificate;
            } finally {
            }
        } catch (IOException | CertificateException e2) {
            C0200Ey.e(e, "Read root cert error " + e2.getMessage());
            throw new TssException(201016L, "Read root cert error " + e2.getMessage());
        }
    }

    public static void b(List<X509Certificate> list) throws TssException {
        if (b == null) {
            synchronized (C0198Ew.class) {
                if (b == null) {
                    b = b("cbg_root.cer");
                }
            }
        }
        X509Certificate[] x509CertificateArr = (X509Certificate[]) list.toArray(new X509Certificate[list.size()]);
        e(x509CertificateArr);
        c(x509CertificateArr[0]);
    }

    public static void c(C0197Ev c0197Ev) throws TssException {
        if (b == null) {
            synchronized (C0198Ew.class) {
                if (b == null) {
                    b = b("cbg_root.cer");
                }
            }
        }
        String[] d = c0197Ev.e().d();
        if (d == null || d.length == 0) {
            throw new TssException(201016L, "verify cert chain failed , certs is empty..");
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[d.length];
        for (int i = 0; i < d.length; i++) {
            x509CertificateArr[i] = a(d[i]);
        }
        e(x509CertificateArr);
        c(x509CertificateArr[0]);
        d(c0197Ev, x509CertificateArr[0]);
    }

    private static void c(X509Certificate x509Certificate) throws TssException {
        String[] split = x509Certificate.getSubjectDN().getName().split(",");
        int length = split.length;
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            String str = split[i];
            if (str.startsWith("OU=") && "Huawei CBG Cloud Security Signer".equals(str.substring(3))) {
                z = true;
                break;
            }
            i++;
        }
        if (!z) {
            throw new TssException(201016L, "Subject OU not verify");
        }
    }

    public static void d(C0197Ev c0197Ev, X509Certificate x509Certificate) throws TssException {
        try {
            Signature signature = Signature.getInstance("RS256".equals(c0197Ev.e().c()) ? "SHA256WithRSA" : "SHA256WithRSA/PSS");
            signature.initVerify(x509Certificate.getPublicKey());
            signature.update(c0197Ev.a().getBytes(StandardCharsets.UTF_8));
            if (signature.verify(c0197Ev.b())) {
            } else {
                throw new TssException(201016L, "signature not verify");
            }
        } catch (RuntimeException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e2) {
            C0200Ey.e(e, "verify signature failed , exception " + e2.getMessage());
            throw new TssException(201016L, "verify signature of c1 failed!");
        }
    }

    private static void e(X509Certificate[] x509CertificateArr) throws TssException {
        C0200Ey.a(e, "Start verify cert chain using root ca: " + b.getSubjectDN().getName());
        int i = 0;
        while (i < x509CertificateArr.length - 1) {
            try {
                C0200Ey.a(e, "verify cert " + x509CertificateArr[i].getSubjectDN().getName());
                String str = e;
                StringBuilder sb = new StringBuilder();
                sb.append("using ");
                int i2 = i + 1;
                sb.append(x509CertificateArr[i2].getSubjectDN().getName());
                C0200Ey.a(str, sb.toString());
                x509CertificateArr[i].checkValidity();
                x509CertificateArr[i].verify(x509CertificateArr[i2].getPublicKey());
                i = i2;
            } catch (RuntimeException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e2) {
                C0200Ey.e(e, "verify cert chain failed , exception " + e2.getMessage());
                throw new TssException(201016L, "verify cert chain failed , exception " + e2.getMessage());
            }
        }
        x509CertificateArr[x509CertificateArr.length - 1].verify(b.getPublicKey());
    }
}
