package com.huawei.wisesecurity.ucs_credential;

import android.content.Context;
import com.huawei.location.lite.common.log.logwrite.LogWriteConstants;
import com.huawei.wisesecurity.ucs.common.exception.UcsErrorCode;
import com.huawei.wisesecurity.ucs.common.exception.UcsException;
import com.huawei.wisesecurity.ucs.common.log.LogUcs;
import com.huawei.wisesecurity.ucs.common.utils.StringUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

/* loaded from: classes.dex */
public class f {

    /* renamed from: a, reason: collision with root package name */
    public static volatile X509Certificate f13714a;

    public static X509Certificate a(Context context, String str) throws UcsException {
        try {
            InputStream open = context.getAssets().open(str);
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(open);
                if (open != null) {
                    open.close();
                }
                return x509Certificate;
            } finally {
            }
        } catch (IOException | CertificateException e3) {
            String a3 = d.a(e3, e.a("Read root cert error "));
            throw g.a("CertVerifier", a3, new Object[0], UcsErrorCode.VERIFY_JWS_ERROR, a3);
        }
    }

    public static void a(Context context, q qVar) throws UcsException {
        int i6;
        if (f13714a == null) {
            synchronized (f.class) {
                try {
                    if (f13714a == null) {
                        f13714a = a(context, "cbg_root.cer");
                    }
                } finally {
                }
            }
        }
        String[] strArr = qVar.f13724a.f13729b;
        if (strArr == null || strArr.length == 0) {
            throw new UcsException(UcsErrorCode.VERIFY_JWS_ERROR, "verify cert chain failed , certs is empty..");
        }
        int length = strArr.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i7 = 0; i7 < strArr.length; i7++) {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(StringUtil.base64Decode(strArr[i7], 0));
                try {
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                    byteArrayInputStream.close();
                    x509CertificateArr[i7] = x509Certificate;
                } finally {
                }
            } catch (IOException | CertificateException e3) {
                throw new UcsException(UcsErrorCode.VERIFY_JWS_ERROR, e3.getMessage());
            }
        }
        StringBuilder a3 = e.a("Start verify cert chain using root ca: ");
        a3.append(f13714a.getSubjectDN().getName());
        LogUcs.i("CertVerifier", a3.toString(), new Object[0]);
        int i8 = 0;
        while (true) {
            i6 = length - 1;
            if (i8 >= i6) {
                break;
            }
            try {
                LogUcs.i("CertVerifier", "verify cert " + x509CertificateArr[i8].getSubjectDN().getName(), new Object[0]);
                StringBuilder sb = new StringBuilder();
                sb.append("using ");
                int i9 = i8 + 1;
                sb.append(x509CertificateArr[i9].getSubjectDN().getName());
                LogUcs.i("CertVerifier", sb.toString(), new Object[0]);
                x509CertificateArr[i8].checkValidity();
                x509CertificateArr[i8].verify(x509CertificateArr[i9].getPublicKey());
                i8 = i9;
            } catch (RuntimeException e6) {
                e = e6;
                String a6 = d.a(e, e.a("verify cert chain failed , exception "));
                throw g.a("CertVerifier", a6, new Object[0], UcsErrorCode.VERIFY_JWS_ERROR, a6);
            } catch (InvalidKeyException e7) {
                e = e7;
                String a62 = d.a(e, e.a("verify cert chain failed , exception "));
                throw g.a("CertVerifier", a62, new Object[0], UcsErrorCode.VERIFY_JWS_ERROR, a62);
            } catch (NoSuchAlgorithmException e8) {
                e = e8;
                String a622 = d.a(e, e.a("verify cert chain failed , exception "));
                throw g.a("CertVerifier", a622, new Object[0], UcsErrorCode.VERIFY_JWS_ERROR, a622);
            } catch (NoSuchProviderException e9) {
                e = e9;
                String a6222 = d.a(e, e.a("verify cert chain failed , exception "));
                throw g.a("CertVerifier", a6222, new Object[0], UcsErrorCode.VERIFY_JWS_ERROR, a6222);
            } catch (SignatureException e10) {
                e = e10;
                String a62222 = d.a(e, e.a("verify cert chain failed , exception "));
                throw g.a("CertVerifier", a62222, new Object[0], UcsErrorCode.VERIFY_JWS_ERROR, a62222);
            } catch (CertificateException e11) {
                e = e11;
                String a622222 = d.a(e, e.a("verify cert chain failed , exception "));
                throw g.a("CertVerifier", a622222, new Object[0], UcsErrorCode.VERIFY_JWS_ERROR, a622222);
            }
        }
        x509CertificateArr[i6].verify(f13714a.getPublicKey());
        for (String str : x509CertificateArr[0].getSubjectDN().getName().split(LogWriteConstants.SPLIT)) {
            if (str.startsWith("OU=") && "Huawei CBG Cloud Security Signer".equals(str.substring(3))) {
                X509Certificate x509Certificate2 = x509CertificateArr[0];
                try {
                    Signature signature = Signature.getInstance("RS256".equals(qVar.f13724a.f13728a) ? "SHA256WithRSA" : "SHA256WithRSA/PSS");
                    signature.initVerify(x509Certificate2.getPublicKey());
                    signature.update(qVar.f13727d.getBytes(StandardCharsets.UTF_8));
                    if (signature.verify(qVar.f13726c)) {
                        return;
                    } else {
                        throw new UcsException(UcsErrorCode.VERIFY_JWS_ERROR, "signature not verify");
                    }
                } catch (RuntimeException e12) {
                    e = e12;
                    String a7 = d.a(e, e.a("verify signature of c1 failed, exception "));
                    throw g.a("CertVerifier", a7, new Object[0], UcsErrorCode.VERIFY_JWS_ERROR, a7);
                } catch (InvalidKeyException e13) {
                    e = e13;
                    String a72 = d.a(e, e.a("verify signature of c1 failed, exception "));
                    throw g.a("CertVerifier", a72, new Object[0], UcsErrorCode.VERIFY_JWS_ERROR, a72);
                } catch (NoSuchAlgorithmException e14) {
                    e = e14;
                    String a722 = d.a(e, e.a("verify signature of c1 failed, exception "));
                    throw g.a("CertVerifier", a722, new Object[0], UcsErrorCode.VERIFY_JWS_ERROR, a722);
                } catch (SignatureException e15) {
                    e = e15;
                    String a7222 = d.a(e, e.a("verify signature of c1 failed, exception "));
                    throw g.a("CertVerifier", a7222, new Object[0], UcsErrorCode.VERIFY_JWS_ERROR, a7222);
                }
            }
        }
        throw new UcsException(UcsErrorCode.VERIFY_JWS_ERROR, "Subject OU not verify");
    }
}
