package defpackage;

import android.content.Context;
import android.util.Base64;
import android.util.Log;
import com.google.android.gms.R;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;

/* compiled from: :com.google.android.gms@244762004@24.47.62 (040400-705963428) */
/* loaded from: classes6.dex */
public final class ddrc {
    public final X509Certificate a;
    private final List b;
    private final ddrg c;

    public ddrc(byte[] bArr) {
        try {
            lrp b = ddrk.b(lrd.c(bArr));
            lrp a = ddrk.c(b).a(new lrz("fmt"));
            lrr lrrVar = a.c;
            if (lrrVar != lrr.UNICODE_STRING) {
                throw new ddrj("Expected a String, got ".concat(String.valueOf(String.valueOf(lrrVar))));
            }
            String str = ((lrz) a).a;
            if (!str.equals("apple-appattest")) {
                throw new ddrf(a.a(str, "Incorrect Format (", ")."));
            }
            lrp a2 = ddrk.c(ddrk.c(b).a(new lrz("attStmt"))).a(new lrz("x5c"));
            lrr lrrVar2 = a2.c;
            if (lrrVar2 != lrr.ARRAY) {
                throw new ddrj("Expected a Array, got ".concat(String.valueOf(String.valueOf(lrrVar2))));
            }
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ArrayList arrayList = new ArrayList();
            Iterator it = ((lrm) a2).a.iterator();
            while (it.hasNext()) {
                arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(ddrk.a((lrp) it.next()).a())));
            }
            this.b = arrayList;
            if (arrayList.size() <= 0) {
                throw new ddrf("Missing credential certificate");
            }
            this.a = (X509Certificate) arrayList.get(0);
            this.c = new ddrg(ddrk.a(ddrk.c(b).a(new lrz("authData"))).a());
        } catch (ddrh | ddrj | CertificateException | lre e) {
            throw new ddrf(e);
        }
    }

    private static final void b(String str) {
        if (Log.isLoggable("AppAttestAttestation", 3)) {
            Log.d("AppAttestAttestation", str);
        }
    }

    private final boolean c(Context context, ddre ddreVar, byte[] bArr, String str, String str2, eavr eavrVar) {
        HttpURLConnection httpURLConnection;
        BufferedInputStream bufferedInputStream;
        try {
            b("Updating certificate...");
            ddreVar.c.acquire();
            if (ddreVar.a() <= 3600.0d) {
                ddreVar.c.release();
            } else {
                ddreVar.d.b(new eail() { // from class: ddrd
                    @Override // defpackage.eail
                    public final Object apply(Object obj) {
                        ddzr ddzrVar = (ddzr) obj;
                        evbl evblVar = (evbl) ddzrVar.iA(5, null);
                        evblVar.ac(ddzrVar);
                        evbl w = evek.a.w();
                        long seconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
                        if (!w.b.M()) {
                            w.Z();
                        }
                        ((evek) w.b).b = seconds;
                        if (!evblVar.b.M()) {
                            evblVar.Z();
                        }
                        ddzr ddzrVar2 = (ddzr) evblVar.b;
                        evek evekVar = (evek) w.V();
                        ddzr ddzrVar3 = ddzr.a;
                        evekVar.getClass();
                        ddzrVar2.c = evekVar;
                        ddzrVar2.b |= 1;
                        return (ddzr) evblVar.V();
                    }
                }, efoa.a).get();
                FileOutputStream fileOutputStream = null;
                try {
                    httpURLConnection = (HttpURLConnection) ddreVar.b.a(new URL("https://www.apple.com/certificateauthority/Apple_App_Attestation_Root_CA.pem"), "wearable");
                    try {
                        bufferedInputStream = new BufferedInputStream(httpURLConnection.getInputStream());
                        try {
                            FileOutputStream fileOutputStream2 = new FileOutputStream(ddreVar.b());
                            try {
                                ebuj.a(bufferedInputStream, fileOutputStream2);
                                ddreVar.c.release();
                                fileOutputStream2.close();
                                bufferedInputStream.close();
                                if (httpURLConnection != null) {
                                    bsdj.b(httpURLConnection);
                                }
                            } catch (Throwable th) {
                                th = th;
                                fileOutputStream = fileOutputStream2;
                                ddreVar.c.release();
                                if (fileOutputStream != null) {
                                    fileOutputStream.close();
                                }
                                if (bufferedInputStream != null) {
                                    bufferedInputStream.close();
                                }
                                if (httpURLConnection != null) {
                                    bsdj.b(httpURLConnection);
                                }
                                throw th;
                            }
                        } catch (Throwable th2) {
                            th = th2;
                        }
                    } catch (Throwable th3) {
                        th = th3;
                        bufferedInputStream = null;
                    }
                } catch (Throwable th4) {
                    th = th4;
                    httpURLConnection = null;
                    bufferedInputStream = null;
                }
            }
            return a(context, ddreVar, bArr, str, str2, eavrVar, false);
        } catch (IOException | InterruptedException | ExecutionException unused) {
            b("Failed to download updated certificate.");
            return false;
        }
    }

    public final boolean a(Context context, ddre ddreVar, byte[] bArr, String str, String str2, eavr eavrVar, boolean z) {
        Certificate generateCertificate;
        byte[] bArr2;
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(this.b);
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            if (fjvo.e() && ddreVar.b().isFile()) {
                try {
                    generateCertificate = certificateFactory.generateCertificate(new FileInputStream(ddreVar.b()));
                } catch (FileNotFoundException e) {
                    throw new CertificateException("Root certificate not found", e);
                }
            } else {
                generateCertificate = certificateFactory.generateCertificate(ddreVar.a.getResources().openRawResource(R.raw.AppAttestRootCA));
            }
            PKIXParameters pKIXParameters = new PKIXParameters(new ebeb(new TrustAnchor((X509Certificate) generateCertificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            pKIXParameters.setDate(this.a.getNotBefore());
            CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            byte[] digest = messageDigest.digest();
            byte[] bArr3 = this.c.d;
            ByteBuffer allocate = ByteBuffer.allocate(bArr3.length + digest.length);
            allocate.put(bArr3);
            allocate.put(digest);
            MessageDigest messageDigest2 = MessageDigest.getInstance("SHA-256");
            messageDigest2.update(allocate.array());
            byte[] digest2 = messageDigest2.digest();
            byte[] extensionValue = this.a.getExtensionValue("1.2.840.113635.100.8.2");
            if (extensionValue == null) {
                ddrr.a("Certificate extension is null.");
                bArr2 = new byte[0];
            } else {
                ddrr.a("Cert extension: ".concat(String.valueOf(Base64.encodeToString(extensionValue, 0))));
                ByteBuffer wrap = ByteBuffer.wrap(extensionValue, 6, 34);
                byte b = wrap.get();
                if (b != 4) {
                    ddrr.a(a.j(b, "Unexpected type in the extension. Expecting 0x04 (OCTETSTRING, got "));
                    bArr2 = new byte[0];
                } else {
                    byte b2 = wrap.get();
                    if (b2 != 32) {
                        ddrr.a(a.j(b2, "Unexpected size. Expecting 32, got "));
                        bArr2 = new byte[0];
                    } else {
                        byte[] bArr4 = new byte[32];
                        wrap.get(bArr4);
                        bArr2 = bArr4;
                    }
                }
            }
            if (!Arrays.equals(digest2, bArr2)) {
                b("Certificate extension and Nonce are not matching.");
                return false;
            }
            if (!Arrays.equals(Base64.decode(str, 0), ddrr.b(this.a))) {
                b("Public key hash and key id don't match.");
                return false;
            }
            if (!this.c.a(str2)) {
                b("Invalid app ID.");
                return false;
            }
            if (!Arrays.equals(this.c.b, Base64.decode(str, 0))) {
                b("Invalid credential ID.");
                return false;
            }
            ddrg ddrgVar = this.c;
            int i = ddrgVar.c;
            if (i != 0) {
                b(a.j(i, "Counter is not zero: "));
                return false;
            }
            if (eavrVar.contains(ddrgVar.a)) {
                b("Authenticator data is valid.");
                return true;
            }
            b(a.x(this.c.a, "Invalid AAGUID: "));
            return false;
        } catch (InvalidAlgorithmParameterException e2) {
            e = e2;
            throw new IllegalStateException(e);
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            throw new IllegalStateException(e);
        } catch (CertPathValidatorException unused) {
            b("The certificate chain is not valid.");
            if (z) {
                return c(context, ddreVar, bArr, str, str2, eavrVar);
            }
            ddreVar.c();
            return false;
        } catch (CertificateException unused2) {
            b("Failed to verify certificates.");
            if (z) {
                return c(context, ddreVar, bArr, str, str2, eavrVar);
            }
            ddreVar.c();
            return false;
        }
    }
}
