package com.microsoft.identity.common.internal.broker;

import android.content.Context;
import android.content.pm.PackageManager;
import com.microsoft.identity.common.adal.internal.AuthenticationSettings;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.exception.ErrorStrings;
import com.microsoft.identity.common.internal.logging.Logger;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import java.util.Set;

/* compiled from: PG */
/* loaded from: classes.dex */
public class BrokerValidator {
    private static final String TAG = "BrokerValidator";
    private final String mCompanyPortalSignature = AuthenticationSettings.INSTANCE.getBrokerSignature();
    private final Context mContext;

    public BrokerValidator(Context context) {
        this.mContext = context;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Found unreachable blocks
        	at jadx.core.dex.visitors.blocks.DominatorTree.sortBlocks(DominatorTree.java:34)
        	at jadx.core.dex.visitors.blocks.DominatorTree.compute(DominatorTree.java:24)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.computeDominators(BlockProcessor.java:209)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:50)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private java.security.cert.X509Certificate getSelfSignedCert(java.util.List<java.security.cert.X509Certificate> r6) throws com.microsoft.identity.common.exception.ClientException {
        /*
            r5 = this;
            java.util.Iterator r6 = r6.iterator()
            r0 = 0
            r1 = 0
        L6:
            boolean r2 = r6.hasNext()
            if (r2 == 0) goto L24
            java.lang.Object r2 = r6.next()
            java.security.cert.X509Certificate r2 = (java.security.cert.X509Certificate) r2
            java.security.Principal r3 = r2.getSubjectDN()
            java.security.Principal r4 = r2.getIssuerDN()
            boolean r3 = r3.equals(r4)
            if (r3 == 0) goto L6
            int r0 = r0 + 1
            r1 = r2
            goto L6
        L24:
            r6 = 1
            if (r0 > r6) goto L2a
            if (r1 == 0) goto L2a
            return r1
        L2a:
            com.microsoft.identity.common.exception.ClientException r6 = new com.microsoft.identity.common.exception.ClientException
            java.lang.String r0 = "Calling app could not be verified"
            java.lang.String r1 = "Multiple self signed certs found or no self signed cert existed."
            r6.<init>(r0, r1)
            throw r6
        L34:
            goto L34
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.identity.common.internal.broker.BrokerValidator.getSelfSignedCert(java.util.List):java.security.cert.X509Certificate");
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Found unreachable blocks
        	at jadx.core.dex.visitors.blocks.DominatorTree.sortBlocks(DominatorTree.java:34)
        	at jadx.core.dex.visitors.blocks.DominatorTree.compute(DominatorTree.java:24)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.computeDominators(BlockProcessor.java:209)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:50)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    @android.annotation.SuppressLint({"PackageManagerGetSignatures"})
    private java.util.List<java.security.cert.X509Certificate> readCertDataForBrokerApp(java.lang.String r7) throws android.content.pm.PackageManager.NameNotFoundException, com.microsoft.identity.common.exception.ClientException, java.io.IOException, java.security.GeneralSecurityException {
        /*
            r6 = this;
            android.content.Context r0 = r6.mContext
            android.content.pm.PackageManager r0 = r0.getPackageManager()
            r1 = 64
            android.content.pm.PackageInfo r7 = r0.getPackageInfo(r7, r1)
            if (r7 == 0) goto L53
            android.content.pm.Signature[] r0 = r7.signatures
            java.lang.String r1 = "Calling app could not be verified"
            if (r0 == 0) goto L4b
            android.content.pm.Signature[] r0 = r7.signatures
            int r0 = r0.length
            if (r0 == 0) goto L4b
            java.util.ArrayList r0 = new java.util.ArrayList
            android.content.pm.Signature[] r2 = r7.signatures
            int r2 = r2.length
            r0.<init>(r2)
            android.content.pm.Signature[] r7 = r7.signatures
            int r2 = r7.length
            r3 = 0
        L25:
            if (r3 >= r2) goto L4a
            r4 = r7[r3]
            byte[] r4 = r4.toByteArray()
            java.io.ByteArrayInputStream r5 = new java.io.ByteArrayInputStream
            r5.<init>(r4)
            java.lang.String r4 = "X509"
            java.security.cert.CertificateFactory r4 = java.security.cert.CertificateFactory.getInstance(r4)     // Catch: java.security.cert.CertificateException -> L44
            java.security.cert.Certificate r4 = r4.generateCertificate(r5)     // Catch: java.security.cert.CertificateException -> L44
            java.security.cert.X509Certificate r4 = (java.security.cert.X509Certificate) r4     // Catch: java.security.cert.CertificateException -> L44
            r0.add(r4)     // Catch: java.security.cert.CertificateException -> L44
            int r3 = r3 + 1
            goto L25
        L44:
            com.microsoft.identity.common.exception.ClientException r7 = new com.microsoft.identity.common.exception.ClientException
            r7.<init>(r1)
            throw r7
        L4a:
            return r0
        L4b:
            com.microsoft.identity.common.exception.ClientException r7 = new com.microsoft.identity.common.exception.ClientException
            java.lang.String r0 = "No signature associated with the broker package."
            r7.<init>(r1, r0)
            throw r7
        L53:
            com.microsoft.identity.common.exception.ClientException r7 = new com.microsoft.identity.common.exception.ClientException
            java.lang.String r0 = "App package name is not found in the package manager"
            java.lang.String r1 = "No broker package existed."
            r7.<init>(r0, r1)
            throw r7
        L5d:
            goto L5d
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.identity.common.internal.broker.BrokerValidator.readCertDataForBrokerApp(java.lang.String):java.util.List");
    }

    private void verifyCertificateChain(List<X509Certificate> list) throws GeneralSecurityException, ClientException {
        PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(getSelfSignedCert(list), null)));
        pKIXParameters.setRevocationEnabled(false);
        CertPathValidator.getInstance("PKIX").validate(CertificateFactory.getInstance("X.509").generateCertPath(list), pKIXParameters);
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Found unreachable blocks
        	at jadx.core.dex.visitors.blocks.DominatorTree.sortBlocks(DominatorTree.java:34)
        	at jadx.core.dex.visitors.blocks.DominatorTree.compute(DominatorTree.java:24)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.computeDominators(BlockProcessor.java:209)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:50)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private void verifySignatureHash(java.util.List<java.security.cert.X509Certificate> r3) throws java.security.NoSuchAlgorithmException, java.security.cert.CertificateEncodingException, com.microsoft.identity.common.exception.ClientException {
        /*
            r2 = this;
            java.util.Iterator r3 = r3.iterator()
        L4:
            boolean r0 = r3.hasNext()
            if (r0 == 0) goto L37
            java.lang.Object r0 = r3.next()
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0
            java.lang.String r1 = "SHA"
            java.security.MessageDigest r1 = java.security.MessageDigest.getInstance(r1)
            byte[] r0 = r0.getEncoded()
            r1.update(r0)
            byte[] r0 = r1.digest()
            r1 = 2
            java.lang.String r0 = android.util.Base64.encodeToString(r0, r1)
            java.lang.String r1 = r2.mCompanyPortalSignature
            boolean r1 = r1.equals(r0)
            if (r1 != 0) goto L36
            java.lang.String r1 = "ho040S3ffZkmxqtQrSwpTVOn9r0="
            boolean r0 = r1.equals(r0)
            if (r0 == 0) goto L4
        L36:
            return
        L37:
            com.microsoft.identity.common.exception.ClientException r3 = new com.microsoft.identity.common.exception.ClientException
            java.lang.String r0 = "Calling app could not be verified"
            r3.<init>(r0)
            throw r3
        L3f:
            goto L3f
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.identity.common.internal.broker.BrokerValidator.verifySignatureHash(java.util.List):void");
    }

    public boolean verifySignature(String str) {
        try {
            List<X509Certificate> readCertDataForBrokerApp = readCertDataForBrokerApp(str);
            verifySignatureHash(readCertDataForBrokerApp);
            if (readCertDataForBrokerApp.size() > 1) {
                verifyCertificateChain(readCertDataForBrokerApp);
            }
            return true;
        } catch (PackageManager.NameNotFoundException e) {
            Logger.error("BrokerValidator:verifySignature", "Broker related package does not exist", e);
            return false;
        } catch (ClientException | IOException | GeneralSecurityException e2) {
            Logger.error("BrokerValidator:verifySignature", ErrorStrings.BROKER_VERIFICATION_FAILED, e2);
            return false;
        } catch (NoSuchAlgorithmException e3) {
            Logger.error("BrokerValidator:verifySignature", "Digest SHA algorithm does not exists", e3);
            return false;
        }
    }
}
