package com.samsung.android.app.twatchmanager.sak.gakverify;

import android.os.Handler;
import android.os.Looper;
import android.os.Message;
import com.samsung.android.app.twatchmanager.sak.Constants;
import com.samsung.android.app.twatchmanager.sak.VerificationCallback;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;

/* loaded from: classes.dex */
public class Verifier {
    private static final int CRL_CHECK_TIME_OUT = 5000;
    private static final String TAG = "SAK:GAK_Verifier";
    private static int crlCount = 0;
    private static int crlSuccessCount = 0;
    private static boolean isCrlValid = false;
    private static boolean isVerified = false;
    private static VerificationCallback mCallback = null;
    public static Handler mHandler = new Handler(Looper.getMainLooper()) { // from class: com.samsung.android.app.twatchmanager.sak.gakverify.Verifier.1
        public AnonymousClass1(Looper looper) {
            super(looper);
        }

        @Override // android.os.Handler
        public void handleMessage(Message message) {
            super.handleMessage(message);
            if (Verifier.mIsTimeout) {
                return;
            }
            Verifier.crlCount++;
            if (message.what == 1) {
                Verifier.crlSuccessCount++;
            }
            if (Verifier.crlCount == 4) {
                Verifier.removeCrlTimer();
                if (Verifier.crlSuccessCount == 4) {
                    Verifier.isCrlValid = true;
                }
                b5.a.g(Verifier.TAG, "onFinished: " + Verifier.isVerified + " & " + Verifier.isCrlValid);
                Verifier.mCallback.onFinished(Verifier.isVerified && Verifier.isCrlValid);
            }
        }
    };
    private static boolean mIsTimeout = false;

    /* renamed from: com.samsung.android.app.twatchmanager.sak.gakverify.Verifier$1 */
    /* loaded from: classes.dex */
    public class AnonymousClass1 extends Handler {
        public AnonymousClass1(Looper looper) {
            super(looper);
        }

        @Override // android.os.Handler
        public void handleMessage(Message message) {
            super.handleMessage(message);
            if (Verifier.mIsTimeout) {
                return;
            }
            Verifier.crlCount++;
            if (message.what == 1) {
                Verifier.crlSuccessCount++;
            }
            if (Verifier.crlCount == 4) {
                Verifier.removeCrlTimer();
                if (Verifier.crlSuccessCount == 4) {
                    Verifier.isCrlValid = true;
                }
                b5.a.g(Verifier.TAG, "onFinished: " + Verifier.isVerified + " & " + Verifier.isCrlValid);
                Verifier.mCallback.onFinished(Verifier.isVerified && Verifier.isCrlValid);
            }
        }
    }

    /* renamed from: com.samsung.android.app.twatchmanager.sak.gakverify.Verifier$2 */
    /* loaded from: classes.dex */
    public class AnonymousClass2 extends Thread {
        final /* synthetic */ BigInteger val$serialNumber;

        public AnonymousClass2(BigInteger bigInteger) {
            r1 = bigInteger;
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            Message message = new Message();
            int i2 = -1;
            try {
                CertificateRevocationStatus fetchStatus = CertificateRevocationStatus.fetchStatus(r1);
                if (fetchStatus != null) {
                    b5.a.d(Verifier.TAG, "Exist serial number in CRL List : " + r1);
                    b5.a.d(Verifier.TAG, "Certificate revocation status is " + fetchStatus.status.name());
                } else {
                    b5.a.g(Verifier.TAG, "Not exist serial number in CRL List : " + r1);
                    i2 = 1;
                }
            } catch (IOException e2) {
                b5.a.d(Verifier.TAG, "Unable to fetch certificate status. Check connectivity.");
                e2.printStackTrace();
            }
            message.what = i2;
            Verifier.mHandler.sendMessage(message);
        }
    }

    private static void checkCertificateRevocationStatus(BigInteger bigInteger) {
        new Thread() { // from class: com.samsung.android.app.twatchmanager.sak.gakverify.Verifier.2
            final /* synthetic */ BigInteger val$serialNumber;

            public AnonymousClass2(BigInteger bigInteger2) {
                r1 = bigInteger2;
            }

            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                Message message = new Message();
                int i2 = -1;
                try {
                    CertificateRevocationStatus fetchStatus = CertificateRevocationStatus.fetchStatus(r1);
                    if (fetchStatus != null) {
                        b5.a.d(Verifier.TAG, "Exist serial number in CRL List : " + r1);
                        b5.a.d(Verifier.TAG, "Certificate revocation status is " + fetchStatus.status.name());
                    } else {
                        b5.a.g(Verifier.TAG, "Not exist serial number in CRL List : " + r1);
                        i2 = 1;
                    }
                } catch (IOException e2) {
                    b5.a.d(Verifier.TAG, "Unable to fetch certificate status. Check connectivity.");
                    e2.printStackTrace();
                }
                message.what = i2;
                Verifier.mHandler.sendMessage(message);
            }
        }.start();
    }

    private static boolean checkChallengeOfAttestationCert(AttestatedCertParser attestatedCertParser, byte[] bArr) {
        byte[] challenge = attestatedCertParser.getChallenge();
        if (challenge != null && challenge.length != 0) {
            return Arrays.equals(bArr, challenge);
        }
        b5.a.g(TAG, "checkChallengeOfAttestationCertNo challenge in the certificate");
        return false;
    }

    private static boolean checkKeyGeneratedInKeyMaster(AttestatedCertParser attestatedCertParser) {
        if (attestatedCertParser.getOrigin() == 0) {
            return true;
        }
        b5.a.g(TAG, "checkKeyGeneratedInKeyMasterorigin type error : " + attestatedCertParser.getOrigin());
        return false;
    }

    public static /* synthetic */ void lambda$setCrlTimer$0() {
        b5.a.g(TAG, "CRL timeout!");
        if (crlCount != 4) {
            mIsTimeout = true;
            mCallback.onFinished(false);
        }
    }

    public static void removeCrlTimer() {
        Handler handler = mHandler;
        if (handler != null) {
            handler.removeCallbacksAndMessages(null);
        }
    }

    private static void setCrlTimer() {
        b5.a.g(TAG, "set CRL check timer = 5000");
        mHandler.postDelayed(new a(0), 5000L);
    }

    private static boolean validateRootCert(List<X509Certificate> list) {
        int size = list.size();
        X509Certificate[] x509CertificateArr = new X509Certificate[size];
        for (int i2 = 0; i2 < list.size(); i2++) {
            x509CertificateArr[i2] = list.get(i2);
        }
        try {
            return Arrays.equals(((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Constants.GOOGLE_ROOT_CERTIFICATE.getBytes(StandardCharsets.UTF_8)))).getPublicKey().getEncoded(), x509CertificateArr[size - 1].getPublicKey().getEncoded());
        } catch (NullPointerException | CertificateException e2) {
            b5.a.g(TAG, "Error when generate certificate from google root cert");
            e2.printStackTrace();
            return false;
        }
    }

    public static boolean verifyCertificate(List<X509Certificate> list, byte[] bArr, VerificationCallback verificationCallback) {
        mCallback = verificationCallback;
        crlCount = 0;
        crlSuccessCount = 0;
        isCrlValid = false;
        isVerified = true;
        mIsTimeout = false;
        int size = list.size();
        if (size != 4) {
            b5.a.g(TAG, "verifyCertificateInvalid certification chain size: " + size);
            isVerified = false;
        }
        setCrlTimer();
        for (int i2 = size - 1; i2 >= 0; i2--) {
            checkCertificateRevocationStatus(list.get(i2).getSerialNumber());
        }
        try {
            AttestatedCertParser attestatedCertParser = new AttestatedCertParser(list.get(0));
            if (!checkChallengeOfAttestationCert(attestatedCertParser, bArr)) {
                b5.a.g(TAG, "verifyCertificateThe challenge is not same.");
                isVerified = false;
            }
            if (!checkKeyGeneratedInKeyMaster(attestatedCertParser)) {
                b5.a.g(TAG, "verifyCertificateThe key was not generated in keyMaster");
                isVerified = false;
            }
        } catch (CertificateParsingException e2) {
            b5.a.g(TAG, "verifyCertificateCertificateParsingException : " + e2.getMessage());
            isVerified = false;
        }
        if (!validateRootCert(list)) {
            b5.a.g(TAG, "verifyCertificate, ");
            isVerified = false;
        }
        b5.a.g(TAG, "verifyCertificate, Certificate chain is verified.");
        return isVerified;
    }
}
