package com.samsung.android.iccclib;

import android.content.Context;
import android.os.RemoteException;
import android.util.Base64;
import android.util.Log;
import com.samsung.android.knox.tima.iccc.SemIntegrityControlCheckCenterServiceManager;
import java.io.ByteArrayInputStream;
import java.io.Closeable;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.List;

/* loaded from: classes8.dex */
public class ICCC {
    private static String sDeviceId;
    private Context mContext;

    public ICCC(Context context) {
        this.mContext = context;
    }

    private static String bytesToHex(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            sb.append(String.format("%02x", Byte.valueOf(b)));
        }
        return sb.toString();
    }

    private void closeQuietly(Closeable closeable) {
        if (closeable != null) {
            try {
                closeable.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }

    private String createNonce() throws ICCCParserException {
        FileInputStream fileInputStream;
        byte[] bArr = new byte[32];
        Closeable closeable = null;
        try {
            try {
                fileInputStream = new FileInputStream(new File("/dev/urandom"));
            } catch (Throwable th) {
                th = th;
            }
        } catch (FileNotFoundException e) {
            e = e;
        } catch (IOException e2) {
            e = e2;
        }
        try {
            if (fileInputStream.read(bArr) != 32) {
                throw new ICCCParserException("Failure to generate a random nonce.");
            }
            String bytesToHex = bytesToHex(bArr);
            closeQuietly(fileInputStream);
            return bytesToHex;
        } catch (FileNotFoundException e3) {
            e = e3;
            closeable = fileInputStream;
            e.printStackTrace();
            closeQuietly(closeable);
            throw new ICCCParserException("Failure to generate a random nonce.");
        } catch (IOException e4) {
            e = e4;
            closeable = fileInputStream;
            e.printStackTrace();
            closeQuietly(closeable);
            throw new ICCCParserException("Failure to generate a random nonce.");
        } catch (Throwable th2) {
            th = th2;
            closeable = fileInputStream;
            closeQuietly(closeable);
            throw th;
        }
    }

    private X509Certificate generateX509Certificate(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    private String getJavaSignAlgorithm(String str) throws ICCCParserException {
        if ("PS256".equals(str)) {
            return "SHA256withRSA/PSS";
        }
        throw new ICCCParserException("Unsupported Signature Algorithm: " + str);
    }

    private X509Certificate getRootCA() {
        Throwable th;
        InputStream inputStream;
        try {
            try {
                inputStream = this.mContext.getAssets().open("SamsungRootCA.crt");
                try {
                    byte[] bArr = new byte[inputStream.available()];
                    inputStream.read(bArr);
                    X509Certificate generateX509Certificate = generateX509Certificate(bArr);
                    closeQuietly(inputStream);
                    return generateX509Certificate;
                } catch (IOException e) {
                    e = e;
                    e.printStackTrace();
                    closeQuietly(inputStream);
                    return null;
                } catch (CertificateException e2) {
                    e = e2;
                    e.printStackTrace();
                    closeQuietly(inputStream);
                    return null;
                }
            } catch (Throwable th2) {
                th = th2;
                closeQuietly(null);
                throw th;
            }
        } catch (IOException e3) {
            e = e3;
            inputStream = null;
        } catch (CertificateException e4) {
            e = e4;
            inputStream = null;
        } catch (Throwable th3) {
            th = th3;
            closeQuietly(null);
            throw th;
        }
    }

    private boolean isValidComponentType(int i) {
        return i == 1 || i == 2;
    }

    private boolean verifyCertificateChain(List<X509Certificate> list) throws ICCCParserException {
        if (list.size() < 2) {
            return false;
        }
        if (new CertificateVerifier().verifyCertificateChain(list.get(list.size() - 1), list.subList(0, list.size() - 1), getRootCA())) {
            return true;
        }
        throw new ICCCParserException("Invalid Certificate Chain in ICCC response.");
    }

    private boolean verifyComponentType(int i, int i2) throws ICCCParserException {
        if (i == i2) {
            return true;
        }
        throw new ICCCParserException("Wrong Component Type in ICCC response.");
    }

    private boolean verifyDeviceId(String str, String str2) throws ICCCParserException {
        if (str != null && str2 != null) {
            try {
                if (Long.decode(str).longValue() == Long.decode(str2).longValue()) {
                    return true;
                }
                sDeviceId = null;
            } catch (NumberFormatException e) {
                e.printStackTrace();
            }
        }
        throw new ICCCParserException("Wrong DeviceID in ICCC response.");
    }

    private boolean verifyNonce(String str, String str2) throws ICCCParserException {
        if (str2 == null || !str.equals(str2)) {
            throw new ICCCParserException("Wrong Nonce in ICCC response.");
        }
        return true;
    }

    private boolean verifySignature(RSAPublicKey rSAPublicKey, String str, byte[] bArr, String str2) throws ICCCParserException {
        try {
            Signature signature = Signature.getInstance(str2);
            signature.initVerify(rSAPublicKey);
            signature.update(str.getBytes());
            return signature.verify(bArr);
        } catch (InvalidKeyException e) {
            e.printStackTrace();
            throw new ICCCParserException("Invalid ICCC response signature.");
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            throw new ICCCParserException("Invalid ICCC response signature.");
        } catch (SignatureException e3) {
            e3.printStackTrace();
            throw new ICCCParserException("Invalid ICCC response signature.");
        }
    }

    private boolean verifyVersionSupported(String str) {
        if (str.equals("1.0")) {
            return true;
        }
        Log.d("ICCClib", "Protocol Version " + str + " not fully supported. ICCCLib needs to be updated.");
        Log.d("ICCClib", "Current ICCCLib supports only Protocol Version 1.0");
        return true;
    }

    public List<X509Certificate> generateX509Certificates(List<String> list) throws ICCCParserException {
        ArrayList arrayList = new ArrayList();
        try {
            for (String str : list) {
                if (str != null) {
                    arrayList.add(generateX509Certificate(Base64.decode(str.getBytes(), 8)));
                }
            }
            if (arrayList.size() != 0) {
                return arrayList;
            }
            throw new ICCCParserException("Invalid Certificate Chain in ICCC response.");
        } catch (CertificateException e) {
            e.printStackTrace();
            throw new ICCCParserException("Invalid Certificate Chain in ICCC response.", e);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:11:0x0015, code lost:
    
        r1.waitFor();
        r2 = r1.getInputStream();
        r0 = r2.available();
     */
    /* JADX WARN: Code restructure failed: missing block: B:12:0x0020, code lost:
    
        if (r0 <= 0) goto L24;
     */
    /* JADX WARN: Code restructure failed: missing block: B:13:0x0022, code lost:
    
        r0 = new byte[r0];
        r2.read(r0);
        r0 = new java.lang.String(r0).replace("\n", "");
        com.samsung.android.iccclib.ICCC.sDeviceId = r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x0039, code lost:
    
        return r0;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String getDeviceId() throws com.samsung.android.iccclib.ICCCParserException {
        /*
            r4 = this;
            java.lang.String r0 = com.samsung.android.iccclib.ICCC.sDeviceId
            if (r0 != 0) goto L58
            r0 = 0
        L5:
            r1 = 3
            r2 = 0
            if (r0 >= r1) goto L4d
            java.lang.Runtime r1 = java.lang.Runtime.getRuntime()     // Catch: java.lang.Throwable -> L3d java.lang.InterruptedException -> L3f java.io.IOException -> L44
            java.lang.String r3 = "/system/bin/getprop ro.boot.ap_serial"
            java.lang.Process r1 = r1.exec(r3)     // Catch: java.lang.Throwable -> L3d java.lang.InterruptedException -> L3f java.io.IOException -> L44
            if (r1 == 0) goto L3a
            r1.waitFor()     // Catch: java.lang.Throwable -> L3d java.lang.InterruptedException -> L3f java.io.IOException -> L44
            java.io.InputStream r2 = r1.getInputStream()     // Catch: java.lang.Throwable -> L3d java.lang.InterruptedException -> L3f java.io.IOException -> L44
            int r0 = r2.available()     // Catch: java.lang.Throwable -> L3d java.lang.InterruptedException -> L3f java.io.IOException -> L44
            if (r0 <= 0) goto L4d
            byte[] r0 = new byte[r0]     // Catch: java.lang.Throwable -> L3d java.lang.InterruptedException -> L3f java.io.IOException -> L44
            r2.read(r0)     // Catch: java.lang.Throwable -> L3d java.lang.InterruptedException -> L3f java.io.IOException -> L44
            java.lang.String r1 = new java.lang.String     // Catch: java.lang.Throwable -> L3d java.lang.InterruptedException -> L3f java.io.IOException -> L44
            r1.<init>(r0)     // Catch: java.lang.Throwable -> L3d java.lang.InterruptedException -> L3f java.io.IOException -> L44
            java.lang.String r0 = "\n"
            java.lang.String r3 = ""
            java.lang.String r0 = r1.replace(r0, r3)     // Catch: java.lang.Throwable -> L3d java.lang.InterruptedException -> L3f java.io.IOException -> L44
            com.samsung.android.iccclib.ICCC.sDeviceId = r0     // Catch: java.lang.Throwable -> L3d java.lang.InterruptedException -> L3f java.io.IOException -> L44
            r4.closeQuietly(r2)
            return r0
        L3a:
            int r0 = r0 + 1
            goto L5
        L3d:
            r0 = move-exception
            goto L49
        L3f:
            r0 = move-exception
            r0.printStackTrace()     // Catch: java.lang.Throwable -> L3d
            goto L4d
        L44:
            r0 = move-exception
            r0.printStackTrace()     // Catch: java.lang.Throwable -> L3d
            goto L4d
        L49:
            r4.closeQuietly(r2)
            throw r0
        L4d:
            r4.closeQuietly(r2)
            com.samsung.android.iccclib.ICCCParserException r0 = new com.samsung.android.iccclib.ICCCParserException
            java.lang.String r1 = "Failure to read device id."
            r0.<init>(r1)
            throw r0
        L58:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.samsung.android.iccclib.ICCC.getDeviceId():java.lang.String");
    }

    public ICCCResponse getDeviceStatus(int i) throws RemoteException, ICCCParserException {
        SemIntegrityControlCheckCenterServiceManager semIntegrityControlCheckCenterServiceManager = new SemIntegrityControlCheckCenterServiceManager();
        String createNonce = createNonce();
        String deviceStatus = semIntegrityControlCheckCenterServiceManager.getDeviceStatus(i, createNonce);
        return deviceStatus != null ? parseICCCResponse(deviceStatus, createNonce, i) : !isValidComponentType(i) ? ICCCResponse.createInvalidComponentTypeICCCErrorResponse() : ICCCResponse.createNullICCCErrorResponse();
    }

    ICCCResponse parseICCCResponse(String str, String str2, int i) throws ICCCParserException {
        String[] split = str.split("\\.");
        if (split.length != 3) {
            throw new ICCCParserException("Invalid JWS in ICCC response.");
        }
        String str3 = split[0];
        String str4 = split[1];
        String str5 = split[2];
        ModelHeader parseJson = ModelHeader.parseJson(new String(Base64.decode(str3.getBytes(), 8)));
        verifyVersionSupported(parseJson.getVersion());
        ModelPayload parseJson2 = ModelPayload.parseJson(parseJson.getVersion(), new String(Base64.decode(str4.getBytes(), 8)));
        List<X509Certificate> generateX509Certificates = generateX509Certificates(parseJson2.getCertChain());
        verifyCertificateChain(generateX509Certificates);
        verifySignature((RSAPublicKey) generateX509Certificates.get(1).getPublicKey(), str3 + "." + str4, Base64.decode(str5.getBytes(), 8), getJavaSignAlgorithm(parseJson.getAlgorithm()));
        verifyNonce(str2, parseJson2.getNonce());
        verifyDeviceId(getDeviceId(), parseJson2.getDeviceId());
        verifyComponentType(i, parseJson2.getComponentType());
        if (i == 3) {
            parseJson2.setResultMessage(new String(Base64.decode(parseJson2.getResultMessage(), 8)));
        }
        return new ICCCResponse(parseJson2, parseJson);
    }
}
