package q4;

import android.content.Context;
import com.huawei.hms.network.embedded.b0;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import m4.C2354c;
import n4.C2403b;

/* renamed from: q4.c, reason: case insensitive filesystem */
/* loaded from: classes2.dex */
public class C2581c {

    /* renamed from: a, reason: collision with root package name */
    public static volatile X509Certificate f44412a;

    public static X509Certificate a(Context context, String str) throws C2354c {
        try {
            InputStream open = context.getAssets().open(str);
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(open);
                if (open != null) {
                    open.close();
                }
                return x509Certificate;
            } finally {
            }
        } catch (IOException | CertificateException e10) {
            C2403b.b(b0.f17620d, "Read root cert error " + e10.getMessage(), new Object[0]);
            throw new C2354c(1012L, "Read root cert error " + e10.getMessage());
        }
    }

    public static void b(Context context, n nVar) throws C2354c {
        int i10;
        Charset charset;
        if (f44412a == null) {
            synchronized (C2581c.class) {
                try {
                    if (f44412a == null) {
                        f44412a = a(context, "cbg_root.cer");
                    }
                } finally {
                }
            }
        }
        String[] strArr = nVar.f44425a.f44430b;
        if (strArr == null || strArr.length == 0) {
            throw new C2354c(1012L, "verify cert chain failed , certs is empty..");
        }
        int length = strArr.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i11 = 0; i11 < strArr.length; i11++) {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(p4.c.a(strArr[i11], 0));
                try {
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                    byteArrayInputStream.close();
                    x509CertificateArr[i11] = x509Certificate;
                } finally {
                }
            } catch (IOException | CertificateException e10) {
                throw new C2354c(1012L, e10.getMessage());
            }
        }
        C2403b.e(b0.f17620d, "Start verify cert chain using root ca: " + f44412a.getSubjectDN().getName(), new Object[0]);
        int i12 = 0;
        while (true) {
            i10 = length - 1;
            if (i12 >= i10) {
                break;
            }
            try {
                C2403b.e(b0.f17620d, "verify cert " + x509CertificateArr[i12].getSubjectDN().getName(), new Object[0]);
                StringBuilder sb2 = new StringBuilder();
                sb2.append("using ");
                int i13 = i12 + 1;
                sb2.append(x509CertificateArr[i13].getSubjectDN().getName());
                C2403b.e(b0.f17620d, sb2.toString(), new Object[0]);
                x509CertificateArr[i12].checkValidity();
                x509CertificateArr[i12].verify(x509CertificateArr[i13].getPublicKey());
                i12 = i13;
            } catch (RuntimeException e11) {
                e = e11;
                C2403b.b(b0.f17620d, "verify cert chain failed , exception " + e.getMessage(), new Object[0]);
                throw new C2354c(1012L, "verify cert chain failed , exception " + e.getMessage());
            } catch (InvalidKeyException e12) {
                e = e12;
                C2403b.b(b0.f17620d, "verify cert chain failed , exception " + e.getMessage(), new Object[0]);
                throw new C2354c(1012L, "verify cert chain failed , exception " + e.getMessage());
            } catch (NoSuchAlgorithmException e13) {
                e = e13;
                C2403b.b(b0.f17620d, "verify cert chain failed , exception " + e.getMessage(), new Object[0]);
                throw new C2354c(1012L, "verify cert chain failed , exception " + e.getMessage());
            } catch (NoSuchProviderException e14) {
                e = e14;
                C2403b.b(b0.f17620d, "verify cert chain failed , exception " + e.getMessage(), new Object[0]);
                throw new C2354c(1012L, "verify cert chain failed , exception " + e.getMessage());
            } catch (SignatureException e15) {
                e = e15;
                C2403b.b(b0.f17620d, "verify cert chain failed , exception " + e.getMessage(), new Object[0]);
                throw new C2354c(1012L, "verify cert chain failed , exception " + e.getMessage());
            } catch (CertificateException e16) {
                e = e16;
                C2403b.b(b0.f17620d, "verify cert chain failed , exception " + e.getMessage(), new Object[0]);
                throw new C2354c(1012L, "verify cert chain failed , exception " + e.getMessage());
            }
        }
        x509CertificateArr[i10].verify(f44412a.getPublicKey());
        for (String str : x509CertificateArr[0].getSubjectDN().getName().split(",")) {
            if (str.startsWith("OU=") && "Huawei CBG Cloud Security Signer".equals(str.substring(3))) {
                X509Certificate x509Certificate2 = x509CertificateArr[0];
                try {
                    Signature signature = Signature.getInstance("RS256".equals(nVar.f44425a.f44429a) ? "SHA256WithRSA" : "SHA256WithRSA/PSS");
                    signature.initVerify(x509Certificate2.getPublicKey());
                    String str2 = nVar.f44428d;
                    charset = StandardCharsets.UTF_8;
                    signature.update(str2.getBytes(charset));
                    if (signature.verify(nVar.f44427c)) {
                        return;
                    } else {
                        throw new C2354c(1012L, "signature not verify");
                    }
                } catch (RuntimeException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e17) {
                    C2403b.b(b0.f17620d, "verify signature failed , exception " + e17.getMessage(), new Object[0]);
                    throw new C2354c(1012L, "verify signature of c1 failed!");
                }
            }
        }
        throw new C2354c(1012L, "Subject OU not verify");
    }
}
