package com.amazon.mobile.ssnap.internal.security;

import android.net.http.SslCertificate;
import android.util.Base64InputStream;
import com.facebook.common.util.ByteConstants;
import com.google.common.base.Charsets;
import com.google.common.base.Preconditions;
import com.google.common.base.Supplier;
import com.google.common.io.ByteStreams;
import com.google.common.io.Closeables;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import org.apache.commons.lang3.StringEscapeUtils;

/* loaded from: classes10.dex */
public class SecureContentValidator {
    public static final String AMAZON_CERT_COMMON_NAME = "Amazon.com, Inc.";
    private static final String SIG_ALG_NAME = "SHA256withRSA";
    private final CertPathValidator mCertPathValidator;
    private final CertificateFactory mCertificateFactory;
    private final Throwable mInitError;
    private final CertPathParameters mTrustedCertPathParameters;

    public SecureContentValidator(Supplier<CertificateFactory> supplier, Supplier<CertPathValidator> supplier2, Supplier<CertPathParameters> supplier3) {
        CertificateFactory certificateFactory;
        CertPathValidator certPathValidator;
        CertPathParameters certPathParameters = null;
        try {
            certificateFactory = (CertificateFactory) Preconditions.checkNotNull(supplier.get(), "certificateFactory cannot be null");
            try {
                certPathValidator = (CertPathValidator) Preconditions.checkNotNull(supplier2.get(), "certPathValidator cannot be null");
                try {
                    certPathParameters = (CertPathParameters) Preconditions.checkNotNull(supplier3.get(), "trustedCertPathParameters cannot be null");
                    e = null;
                } catch (Exception e) {
                    e = e;
                }
            } catch (Exception e2) {
                e = e2;
                certPathValidator = null;
            }
        } catch (Exception e3) {
            e = e3;
            certificateFactory = null;
            certPathValidator = null;
        }
        this.mCertificateFactory = certificateFactory;
        this.mCertPathValidator = certPathValidator;
        this.mTrustedCertPathParameters = certPathParameters;
        this.mInitError = e;
    }

    private void checkCertificateChainTrust(CertPath certPath) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        this.mCertPathValidator.validate(certPath, this.mTrustedCertPathParameters);
    }

    private void checkCertificateExpiration(X509Certificate x509Certificate) throws CertificateExpiredException, CertificateNotYetValidException {
        x509Certificate.checkValidity();
    }

    private void checkCommonName(X509Certificate x509Certificate) throws CertPathValidatorException {
        if (!AMAZON_CERT_COMMON_NAME.equals(StringEscapeUtils.unescapeJava(parseCommonName(x509Certificate)))) {
            throw new CertPathValidatorException("Unrecognized common name");
        }
    }

    private void checkSignature(X509Certificate x509Certificate, byte[] bArr, InputStream inputStream) throws NoSuchAlgorithmException, InvalidKeyException, IOException, SignatureException {
        Signature signature = Signature.getInstance(SIG_ALG_NAME);
        signature.initVerify(x509Certificate);
        BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
        byte[] bArr2 = new byte[ByteConstants.KB];
        while (bufferedInputStream.available() != 0) {
            signature.update(bArr2, 0, bufferedInputStream.read(bArr2));
        }
        if (!signature.verify(bArr)) {
            throw new SignatureException("Signature verification failed");
        }
    }

    private byte[] extractSignatureBytes(InputStream inputStream) throws IOException {
        return ByteStreams.toByteArray(inputStream);
    }

    private CertPath parseCertificateChain(InputStream inputStream) throws CertificateException {
        Collection<? extends Certificate> generateCertificates = this.mCertificateFactory.generateCertificates(new BufferedInputStream(inputStream));
        if (generateCertificates.size() != 0) {
            return this.mCertificateFactory.generateCertPath(new ArrayList(generateCertificates));
        }
        throw new CertificateException("Certificates input is empty");
    }

    String parseCommonName(X509Certificate x509Certificate) {
        return new SslCertificate(x509Certificate).getIssuedTo().getCName();
    }

    public synchronized void validate(InputStream inputStream, InputStream inputStream2, InputStream inputStream3) throws IOException, GeneralSecurityException {
        if (this.mInitError != null) {
            throw new GeneralSecurityException("Initialization failed", this.mInitError);
        }
        CertPath parseCertificateChain = parseCertificateChain(inputStream);
        X509Certificate x509Certificate = (X509Certificate) parseCertificateChain.getCertificates().get(0);
        byte[] extractSignatureBytes = extractSignatureBytes(inputStream2);
        checkCertificateExpiration(x509Certificate);
        checkCommonName(x509Certificate);
        checkCertificateChainTrust(parseCertificateChain);
        checkSignature(x509Certificate, extractSignatureBytes, inputStream3);
    }

    public synchronized void validate(InputStream inputStream, String str, File file) throws IOException, GeneralSecurityException {
        Base64InputStream base64InputStream;
        FileInputStream fileInputStream = null;
        try {
            FileInputStream fileInputStream2 = new FileInputStream(file);
            try {
                base64InputStream = new Base64InputStream(new ByteArrayInputStream(str.getBytes(Charsets.UTF_8)), 0);
                try {
                    validate(fileInputStream2, base64InputStream, inputStream);
                    Closeables.closeQuietly(fileInputStream2);
                    Closeables.closeQuietly(base64InputStream);
                } catch (Throwable th) {
                    th = th;
                    fileInputStream = fileInputStream2;
                    Closeables.closeQuietly(fileInputStream);
                    Closeables.closeQuietly(base64InputStream);
                    throw th;
                }
            } catch (Throwable th2) {
                th = th2;
                base64InputStream = null;
            }
        } catch (Throwable th3) {
            th = th3;
            base64InputStream = null;
        }
    }
}
