package com.amazon.identity.auth.device.appid;

import android.content.Context;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.util.Base64;
import android.util.Log;
import com.amazon.identity.auth.map.device.utils.MAPLog;
import com.amazonaws.AmazonWebServiceClient;
import com.amazonaws.http.HttpRequestFactory;
import com.android.tools.r8.GeneratedOutlineSupport;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public abstract class APIKeyDecoder {
    public static Certificate CERTIFICATE;

    /* loaded from: classes.dex */
    public enum HashAlgorithm {
        MD5("MD5"),
        SHA_256("SHA-256");

        public String algorithmName;

        HashAlgorithm(String str) {
            this.algorithmName = str;
        }
    }

    public static String decodeBase64ToString(String str) throws UnsupportedEncodingException {
        return new String(Base64.decode(str.trim().getBytes(HttpRequestFactory.DEFAULT_ENCODING), 0), HttpRequestFactory.DEFAULT_ENCODING);
    }

    /* JADX WARN: Can't wrap try/catch for region: R(11:1|(1:3)(1:33)|4|(3:16|17|(2:19|(1:(7:30|7|8|9|10|11|12)(2:28|29))(2:23|24)))|6|7|8|9|10|11|12) */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x008e, code lost:
    
        com.amazon.identity.auth.map.device.utils.MAPLog.w("com.amazon.identity.auth.device.appid.APIKeyDecoder", "APIKey does not contain a client id");
        r10 = null;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.amazon.identity.auth.device.dataobject.AppInfo extractAppInfo(org.json.JSONObject r14) throws org.json.JSONException, com.amazon.identity.auth.device.AuthError {
        /*
            com.amazon.identity.auth.device.AuthError$ERROR_TYPE r0 = com.amazon.identity.auth.device.AuthError.ERROR_TYPE.ERROR_BAD_PARAM
            java.lang.String r1 = "ver"
            java.lang.String r1 = r14.getString(r1)
            java.lang.String r2 = "1"
            boolean r2 = r1.equals(r2)
            if (r2 == 0) goto L1a
            java.lang.String r2 = "appId"
            java.lang.String r2 = r14.getString(r2)
            r5 = r2
            r6 = r5
            goto L28
        L1a:
            java.lang.String r2 = "appFamilyId"
            java.lang.String r2 = r14.getString(r2)
            java.lang.String r3 = "appVariantId"
            java.lang.String r3 = r14.getString(r3)
            r5 = r2
            r6 = r3
        L28:
            java.lang.String r2 = "3"
            boolean r1 = r1.equals(r2)
            java.lang.String r2 = "com.amazon.identity.auth.device.appid.APIKeyDecoder"
            r3 = 0
            if (r1 == 0) goto L76
            java.lang.String r1 = "endpoints"
            org.json.JSONObject r1 = r14.getJSONObject(r1)     // Catch: org.json.JSONException -> L3a
            goto L40
        L3a:
            java.lang.String r1 = "APIKey does not contain endpoints object"
            com.amazon.identity.auth.map.device.utils.MAPLog.w(r2, r1)
            r1 = r3
        L40:
            if (r1 == 0) goto L76
            java.lang.String r4 = "authz"
            java.lang.String r4 = r1.getString(r4)
            java.lang.String r7 = "tokenExchange"
            java.lang.String r1 = r1.getString(r7)
            java.lang.String r7 = "https"
            if (r4 == 0) goto L62
            boolean r8 = r4.startsWith(r7)
            if (r8 == 0) goto L5a
            goto L62
        L5a:
            com.amazon.identity.auth.device.AuthError r14 = new com.amazon.identity.auth.device.AuthError
            java.lang.String r1 = "Authorization Host in APIKey is invalid"
            r14.<init>(r1, r0)
            throw r14
        L62:
            if (r1 == 0) goto L73
            boolean r7 = r1.startsWith(r7)
            if (r7 == 0) goto L6b
            goto L73
        L6b:
            com.amazon.identity.auth.device.AuthError r14 = new com.amazon.identity.auth.device.AuthError
            java.lang.String r1 = "Exchange Host in APIKey is invalid"
            r14.<init>(r1, r0)
            throw r14
        L73:
            r12 = r1
            r11 = r4
            goto L78
        L76:
            r11 = r3
            r12 = r11
        L78:
            java.lang.String r0 = "pkg"
            java.lang.String r7 = r14.getString(r0)
            java.lang.String r0 = "scopes"
            java.lang.String[] r8 = getStringArray(r14, r0)
            java.lang.String r0 = "clientId"
            java.lang.String r0 = r14.getString(r0)     // Catch: org.json.JSONException -> L8e
            r10 = r0
            goto L94
        L8e:
            java.lang.String r0 = "APIKey does not contain a client id"
            com.amazon.identity.auth.map.device.utils.MAPLog.w(r2, r0)
            r10 = r3
        L94:
            java.lang.String r0 = "perm"
            java.lang.String[] r9 = getStringArray(r14, r0)
            com.amazon.identity.auth.device.dataobject.AppInfo r0 = new com.amazon.identity.auth.device.dataobject.AppInfo
            r4 = r0
            r13 = r14
            r4.<init>(r5, r6, r7, r8, r9, r10, r11, r12, r13)
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.identity.auth.device.appid.APIKeyDecoder.extractAppInfo(org.json.JSONObject):com.amazon.identity.auth.device.dataobject.AppInfo");
    }

    /* JADX WARN: Removed duplicated region for block: B:6:0x003c  */
    /* JADX WARN: Removed duplicated region for block: B:9:0x0051  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.util.List<java.lang.String> getAllSignaturesFor(java.lang.String r9, com.amazon.identity.auth.device.appid.APIKeyDecoder.HashAlgorithm r10, android.content.Context r11) {
        /*
            java.util.ArrayList r0 = new java.util.ArrayList
            r0.<init>()
            android.content.pm.PackageManager r11 = r11.getPackageManager()
            java.lang.String r1 = "Can't find app signatures as pkgMgr is null "
            r2 = 0
            java.lang.String r3 = "com.amazon.identity.auth.device.appid.APIKeyDecoder"
            if (r11 != 0) goto L14
            com.amazon.identity.auth.map.device.utils.MAPLog.d(r3, r1)
            goto L36
        L14:
            r4 = 64
            android.content.pm.PackageInfo r11 = r11.getPackageInfo(r9, r4)     // Catch: android.content.pm.PackageManager.NameNotFoundException -> L1b
            goto L31
        L1b:
            java.lang.StringBuilder r11 = new java.lang.StringBuilder
            r11.<init>()
            java.lang.String r4 = "packageName not found for package "
            r11.append(r4)
            r11.append(r9)
            java.lang.String r11 = r11.toString()
            com.amazon.identity.auth.map.device.utils.MAPLog.d(r3, r11)
            r11 = r2
        L31:
            if (r11 != 0) goto L38
            com.amazon.identity.auth.map.device.utils.MAPLog.d(r3, r1)
        L36:
            r11 = r2
            goto L3a
        L38:
            android.content.pm.Signature[] r11 = r11.signatures
        L3a:
            if (r11 != 0) goto L51
            java.lang.StringBuilder r10 = new java.lang.StringBuilder
            r10.<init>()
            java.lang.String r11 = " appSignature is null. pkg="
            r10.append(r11)
            r10.append(r9)
            java.lang.String r9 = r10.toString()
            com.amazon.identity.auth.map.device.utils.MAPLog.d(r3, r9)
            return r0
        L51:
            java.lang.String r1 = "num sigs = "
            java.lang.StringBuilder r1 = com.android.tools.r8.GeneratedOutlineSupport.outline18(r1)
            int r4 = r11.length
            r1.append(r4)
            java.lang.String r1 = r1.toString()
            com.amazon.identity.auth.map.device.utils.MAPLog.i(r3, r1)
            int r1 = r11.length
            r4 = 0
        L65:
            if (r4 >= r1) goto La8
            r5 = r11[r4]
            java.lang.String r5 = getSignatureFingerprint(r5, r10)     // Catch: java.lang.Exception -> L79
            java.util.Locale r6 = java.util.Locale.US     // Catch: java.lang.Exception -> L77
            java.lang.String r6 = r5.toLowerCase(r6)     // Catch: java.lang.Exception -> L77
            r0.add(r6)     // Catch: java.lang.Exception -> L77
            goto L8f
        L77:
            r6 = move-exception
            goto L7b
        L79:
            r6 = move-exception
            r5 = r2
        L7b:
            java.lang.StringBuilder r7 = new java.lang.StringBuilder
            r7.<init>()
            java.lang.String r8 = "Encountered error while finding signatures for "
            r7.append(r8)
            r7.append(r9)
            java.lang.String r7 = r7.toString()
            android.util.Log.e(r3, r7, r6)
        L8f:
            java.lang.StringBuilder r6 = new java.lang.StringBuilder
            r6.<init>()
            java.lang.String r7 = "fingerprint = "
            r6.append(r7)
            r6.append(r5)
            java.lang.String r5 = r6.toString()
            java.lang.String r6 = "Fingerprint checking"
            com.amazon.identity.auth.map.device.utils.MAPLog.pii(r3, r6, r5)
            int r4 = r4 + 1
            goto L65
        La8:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.identity.auth.device.appid.APIKeyDecoder.getAllSignaturesFor(java.lang.String, com.amazon.identity.auth.device.appid.APIKeyDecoder$HashAlgorithm, android.content.Context):java.util.List");
    }

    public static String[] getKeyParts(String str, String str2) {
        MAPLog.i("com.amazon.identity.auth.device.appid.APIKeyDecoder", "getKeyParts for packageName=" + str);
        String[] split = str2.split("[.]");
        if (split.length == 3) {
            return split;
        }
        throw new IllegalArgumentException(GeneratedOutlineSupport.outline11("Decoding fails: API Key must have 3 parts {header}.{payload}.{signature} pkg=", str));
    }

    public static String getSignatureFingerprint(Signature signature, HashAlgorithm hashAlgorithm) throws IOException, CertificateException, NoSuchAlgorithmException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(signature.toByteArray());
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        byte[] digest = MessageDigest.getInstance(hashAlgorithm.algorithmName).digest(generateCertificate.getEncoded());
        if (digest == null) {
            return null;
        }
        StringBuilder outline18 = GeneratedOutlineSupport.outline18("data length = ");
        outline18.append(digest.length);
        MAPLog.w("com.amazon.identity.auth.device.utils.MAPUtils", outline18.toString());
        StringBuffer stringBuffer = new StringBuffer();
        for (byte b : digest) {
            String hexString = Integer.toHexString(b & 255);
            if (hexString.length() == 1) {
                Log.w("com.amazon.identity.auth.device.utils.MAPUtils", "appended 0");
                stringBuffer.append("0");
            }
            stringBuffer.append(hexString);
        }
        return stringBuffer.toString();
    }

    public static String[] getStringArray(JSONObject jSONObject, String str) throws JSONException {
        try {
            JSONArray jSONArray = jSONObject.getJSONArray(str);
            String[] strArr = new String[jSONArray.length()];
            for (int i = 0; i < jSONArray.length(); i++) {
                strArr[i] = jSONArray.getString(i);
            }
            return strArr;
        } catch (JSONException unused) {
            MAPLog.i("com.amazon.identity.auth.device.appid.APIKeyDecoder", str + " has no mapping in json, returning null array");
            return null;
        }
    }

    public static void verifyPayload(String str, JSONObject jSONObject, Context context) throws SecurityException, JSONException, PackageManager.NameNotFoundException, CertificateException, NoSuchAlgorithmException, IOException {
        MAPLog.i("com.amazon.identity.auth.device.appid.APIKeyDecoder", "verifyPayload for packageName=" + str);
        if (!jSONObject.getString("iss").equals(AmazonWebServiceClient.AMAZON)) {
            StringBuilder outline18 = GeneratedOutlineSupport.outline18("Decoding fails: issuer (");
            outline18.append(jSONObject.getString("iss"));
            outline18.append(") is not = ");
            outline18.append(AmazonWebServiceClient.AMAZON);
            throw new SecurityException(GeneratedOutlineSupport.outline15(outline18, " pkg=", str));
        }
        if (!str.equals(jSONObject.getString("pkg"))) {
            StringBuilder outline21 = GeneratedOutlineSupport.outline21("Decoding fails: package names don't match! - ", str, " != ");
            outline21.append(jSONObject.getString("pkg"));
            throw new SecurityException(outline21.toString());
        }
        String string = jSONObject.getString("appsig");
        if (string == null) {
            throw new SecurityException(GeneratedOutlineSupport.outline11("Decoding fails: certificate fingerprint can't be verified! pkg=", str));
        }
        String replace = string.replace(":", "");
        MAPLog.pii("com.amazon.identity.auth.device.appid.APIKeyDecoder", "Signature checking.", "appSignature = " + replace);
        List<String> allSignaturesFor = getAllSignaturesFor(str, HashAlgorithm.MD5, context);
        StringBuilder outline182 = GeneratedOutlineSupport.outline18(" num sigs = ");
        ArrayList arrayList = (ArrayList) allSignaturesFor;
        outline182.append(arrayList.size());
        Log.i("com.amazon.identity.auth.device.appid.APIKeyDecoder", outline182.toString());
        MAPLog.pii("com.amazon.identity.auth.device.appid.APIKeyDecoder", "Fingerpirints checking", allSignaturesFor.toString());
        if (!arrayList.contains(replace.toLowerCase(Locale.US))) {
            throw new SecurityException(GeneratedOutlineSupport.outline11("Decoding fails: certificate fingerprint can't be verified! pkg=", str));
        }
    }

    public static void verifySignature(String str, String[] strArr, String str2, Context context) throws InvalidKeyException, NoSuchProviderException, SignatureException, NoSuchAlgorithmException, CertificateException, IOException {
        Certificate certificate;
        MAPLog.i("com.amazon.identity.auth.device.appid.APIKeyDecoder", "verifySignature for packageName=" + str);
        if (!str2.equalsIgnoreCase("RSA-SHA256")) {
            throw new NoSuchAlgorithmException(GeneratedOutlineSupport.outline11("Unsupported algorithm : ", str2));
        }
        byte[] bytes = (strArr[0].trim() + "." + strArr[1].trim()).getBytes(HttpRequestFactory.DEFAULT_ENCODING);
        byte[] decode = Base64.decode(strArr[2].trim().getBytes(HttpRequestFactory.DEFAULT_ENCODING), 0);
        synchronized (APIKeyDecoder.class) {
            if (CERTIFICATE == null) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream("-----BEGIN CERTIFICATE-----\nMIIEiTCCA3GgAwIBAgIJANVIFteXvjkPMA0GCSqGSIb3DQEBBQUAMIGJMQswCQYD\nVQQGEwJVUzEQMA4GA1UEBxMHU2VhdHRsZTETMBEGA1UEChMKQW1hem9uLmNvbTEZ\nMBcGA1UECxMQSWRlbnRpdHkgYW5kIFRheDETMBEGA1UEAxMKQW1hem9uLmNvbTEj\nMCEGCSqGSIb3DQEJARYUYXV0aC10ZWFtQGFtYXpvbi5jb20wHhcNMTIwODE0MDY1\nMDM5WhcNNzYwNjE0MDAyMjIzWjCBiTELMAkGA1UEBhMCVVMxEDAOBgNVBAcTB1Nl\nYXR0bGUxEzARBgNVBAoTCkFtYXpvbi5jb20xGTAXBgNVBAsTEElkZW50aXR5IGFu\nZCBUYXgxEzARBgNVBAMTCkFtYXpvbi5jb20xIzAhBgkqhkiG9w0BCQEWFGF1dGgt\ndGVhbUBhbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nr4LlDpmlK1+mYGXqhvY3Kcd093eUwOQhQM0cb5Y9FjkXvJiCCoLSR9L8QYm2Jz06\nL/546eF/eMegvej93VGjz9JsW+guUIGkDuyCPwBn3u/PvTVKZD67Cep66qT3xnB3\nLfMFt5ln4T5LuoqJ95s8t9P0fULBU52kPR1hwdSo7G4KRVgyXtMmqjp3PK4EbrPB\ndvXCYxVeR31yDPS0BRENC3SGrzlVzrSWYFhxuxRcfyoMJYsOt/9T5QlO2KmJoTy2\nJQtqo7rlc6rORiJH7i2x+QW14bV3miJe/p4ZHWpOT5Z4hAqMBldc0FufaED1YH/Y\nnNCethI/GrXkgzCJRU5asQIDAQABo4HxMIHuMB0GA1UdDgQWBBQBvx8zbG7Sg/MZ\nOuZ31GeYDkhqozCBvgYDVR0jBIG2MIGzgBQBvx8zbG7Sg/MZOuZ31GeYDkhqo6GB\nj6SBjDCBiTELMAkGA1UEBhMCVVMxEDAOBgNVBAcTB1NlYXR0bGUxEzARBgNVBAoT\nCkFtYXpvbi5jb20xGTAXBgNVBAsTEElkZW50aXR5IGFuZCBUYXgxEzARBgNVBAMT\nCkFtYXpvbi5jb20xIzAhBgkqhkiG9w0BCQEWFGF1dGgtdGVhbUBhbWF6b24uY29t\nggkA1UgW15e+OQ8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAjOV/\nVDxeAuBqdPgoBGz8AyDtMR4Qyxpe7P0M9umtr8S0PmvYOVs5YuMbEAPUYGsBnWVJ\nn7ErwCF20bkd4x0gHzkOpEzQJnjlO9vJzJcnZH4ZwhVs5jF4IkPN8N68jawPvh5/\nLyWJuwyNY5nGvN5nEecTdUQqT1aa7+Vv3Y1ZQlTEKQtdaoXUjLG86jq9xpanNj/G\nX4VYW+m7mY7Kv7mdfAE4zeECqOY5yAqSfP1M/a5fSfHLQiCTt3mrZfOuj8Hd3Pp5\nVn1e4/UxQQCwZcvAFljEYie6CXD3U1AgzIFiv4/r2M+rDo0T7eqIqCsyG6VCgRAb\ndry4esK8/BdPhyuiZg==\n-----END CERTIFICATE-----\n".getBytes(HttpRequestFactory.DEFAULT_ENCODING));
                CERTIFICATE = CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                byteArrayInputStream.close();
            }
            certificate = CERTIFICATE;
        }
        Log.i("com.amazon.identity.auth.device.appid.APIKeyDecoder", "verifySignature Sha256 for packageName=" + str);
        java.security.Signature signature = java.security.Signature.getInstance("SHA256withRSA", "BC");
        signature.initVerify(certificate);
        signature.update(bytes);
        if (!signature.verify(decode)) {
            throw new SecurityException(GeneratedOutlineSupport.outline11("Decoding fails: signature mismatch! pkg=", str));
        }
    }
}
