package com.samsung.android.app.twatchmanager.sak;

import b5.a;
import com.samsung.android.app.twatchmanager.sak.gakverify.CryptoHelper;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;

/* loaded from: classes.dex */
public class GAKVerifier implements VerifierInterface {
    private static final String TAG = "SAK:GAKVerifier";
    private static CryptoHelper mCryptoHelper;
    private static GAKVerifier sInstance;
    private byte[] mCertificateChain;
    private KeyPair mLocalKeyPair;
    private byte[] mLocalPublicKey;
    private PublicKey mRemotePublicKey;

    public static synchronized GAKVerifier getInstance() {
        GAKVerifier gAKVerifier;
        synchronized (GAKVerifier.class) {
            try {
                if (sInstance == null) {
                    sInstance = new GAKVerifier();
                    mCryptoHelper = CryptoHelper.getInstance();
                }
                gAKVerifier = sInstance;
            } catch (Throwable th) {
                throw th;
            }
        }
        return gAKVerifier;
    }

    private byte[] makeCertificateChain() {
        PublicKey publicKey = this.mRemotePublicKey;
        if (publicKey == null) {
            a.g(TAG, "makeCertificate, No remote publicKey");
            return null;
        }
        List<X509Certificate> certificateChain = mCryptoHelper.getCertificateChain(publicKey.getEncoded());
        if (certificateChain.isEmpty()) {
            a.g(TAG, "makeCertificate, No certificate chain");
            return null;
        }
        byte[] serializeCertificateChain = CryptoHelper.serializeCertificateChain(certificateChain);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            GZIPOutputStream gZIPOutputStream = new GZIPOutputStream(byteArrayOutputStream);
            try {
                gZIPOutputStream.write(serializeCertificateChain);
                gZIPOutputStream.flush();
                gZIPOutputStream.close();
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                a.g(TAG, "makeCertificate, GZIP compress " + serializeCertificateChain.length + " to " + byteArray.length);
                gZIPOutputStream.close();
                return byteArray;
            } finally {
            }
        } catch (IOException e2) {
            a.g(TAG, "makeCertificate, IOException : " + e2.getMessage());
            return null;
        }
    }

    private void setCertificateChain(byte[] bArr) {
        this.mCertificateChain = bArr;
    }

    @Override // com.samsung.android.app.twatchmanager.sak.VerifierInterface
    public void generateLocalKeyPair() {
        this.mLocalKeyPair = mCryptoHelper.generateKeyPair();
        this.mLocalPublicKey = getLocalPublicKey();
    }

    @Override // com.samsung.android.app.twatchmanager.sak.VerifierInterface
    public byte[] getCertificateChain() {
        return this.mCertificateChain;
    }

    public byte[] getLocalPublicKey() {
        return CryptoHelper.getPublicKeyFromKeyPair(this.mLocalKeyPair);
    }

    @Override // com.samsung.android.app.twatchmanager.sak.VerifierInterface
    public byte[] getPublicKey() {
        if (this.mLocalPublicKey == null) {
            this.mLocalPublicKey = getLocalPublicKey();
        }
        return this.mLocalPublicKey;
    }

    @Override // com.samsung.android.app.twatchmanager.sak.VerifierInterface
    public void setRemotePublicKey(byte[] bArr) {
        a.g(TAG, "Set remote public key and make certificate");
        this.mRemotePublicKey = mCryptoHelper.getPublicKeyFromEncoded(bArr);
        setCertificateChain(makeCertificateChain());
    }

    @Override // com.samsung.android.app.twatchmanager.sak.VerifierInterface
    public boolean verifyCertificate(byte[] bArr, VerificationCallback verificationCallback) {
        if (this.mLocalKeyPair == null) {
            a.g(TAG, "verifyCertificate, LocalKeyPair is not set");
            return false;
        }
        a.g(TAG, "verifyCertificate, read byte: " + Arrays.toString(bArr));
        try {
            GZIPInputStream gZIPInputStream = new GZIPInputStream(new ByteArrayInputStream(bArr));
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                byte[] bArr2 = new byte[1024];
                while (true) {
                    int read = gZIPInputStream.read(bArr2);
                    if (read == -1) {
                        gZIPInputStream.close();
                        byte[] byteArray = byteArrayOutputStream.toByteArray();
                        gZIPInputStream.close();
                        return CryptoHelper.verifyCertificate(CryptoHelper.deserializeCertificateChain(byteArray), this.mLocalKeyPair.getPublic().getEncoded(), verificationCallback);
                    }
                    byteArrayOutputStream.write(bArr2, 0, read);
                }
            } finally {
            }
        } catch (IOException e2) {
            a.g(TAG, "verifyCertificate, IOException : " + e2.getMessage());
            return false;
        }
    }
}
