package com.samsung.android.app.twatchmanager.sak.gakverify;

import android.os.Handler;
import android.os.Looper;
import android.os.Message;
import com.samsung.android.app.twatchmanager.sak.Constants;
import com.samsung.android.app.twatchmanager.sak.VerificationCallback;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;

/* loaded from: classes.dex */
public class Verifier {
    private static final int CRL_CHECK_TIME_OUT = 5000;
    private static final String TAG = "SAK:GAK_Verifier";
    private static int crlCount = 0;
    private static int crlSuccessCount = 0;
    private static boolean isCrlValid = false;
    private static boolean isVerified = false;
    private static VerificationCallback mCallback = null;
    public static Handler mHandler = new Handler(Looper.getMainLooper()) { // from class: com.samsung.android.app.twatchmanager.sak.gakverify.Verifier.1
        @Override // android.os.Handler
        public void handleMessage(Message message) {
            super.handleMessage(message);
            if (message == null || Verifier.mIsTimeout) {
                return;
            }
            Verifier.access$108();
            if (message.what == 1) {
                Verifier.access$208();
            }
            if (Verifier.crlCount == 4) {
                Verifier.removeCrlTimer();
                if (Verifier.crlSuccessCount == 4) {
                    boolean unused = Verifier.isCrlValid = true;
                }
                j3.a.h(Verifier.TAG, "onFinished: " + Verifier.isVerified + " & " + Verifier.isCrlValid);
                Verifier.mCallback.onFinished(Verifier.isVerified && Verifier.isCrlValid);
            }
        }
    };
    private static boolean mIsTimeout = false;

    static /* synthetic */ int access$108() {
        int i8 = crlCount;
        crlCount = i8 + 1;
        return i8;
    }

    static /* synthetic */ int access$208() {
        int i8 = crlSuccessCount;
        crlSuccessCount = i8 + 1;
        return i8;
    }

    private static void checkCertificateRevocationStatus(final BigInteger bigInteger) {
        new Thread() { // from class: com.samsung.android.app.twatchmanager.sak.gakverify.Verifier.2
            /* JADX WARN: Multi-variable type inference failed */
            /* JADX WARN: Type inference failed for: r0v0, types: [java.lang.String] */
            /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.String] */
            /* JADX WARN: Type inference failed for: r0v3 */
            /* JADX WARN: Type inference failed for: r0v4 */
            /* JADX WARN: Type inference failed for: r0v5 */
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                ?? r02 = Verifier.TAG;
                Message message = new Message();
                int i8 = -1;
                try {
                    CertificateRevocationStatus fetchStatus = CertificateRevocationStatus.fetchStatus(bigInteger);
                    if (fetchStatus != null) {
                        j3.a.e(Verifier.TAG, "Exist serial number in CRL List : " + bigInteger);
                        j3.a.e(Verifier.TAG, "Certificate revocation status is " + fetchStatus.status.name());
                        r02 = r02;
                    } else {
                        j3.a.h(Verifier.TAG, "Not exist serial number in CRL List : " + bigInteger);
                        r02 = 1;
                        i8 = 1;
                    }
                } catch (IOException e8) {
                    j3.a.e(r02, "Unable to fetch certificate status. Check connectivity.");
                    e8.printStackTrace();
                }
                message.what = i8;
                Verifier.mHandler.sendMessage(message);
            }
        }.start();
    }

    private static boolean checkChallengeOfAttestationCert(AttestatedCertParser attestatedCertParser, byte[] bArr) {
        byte[] challenge = attestatedCertParser.getChallenge();
        if (challenge != null && challenge.length != 0) {
            return Arrays.equals(bArr, challenge);
        }
        j3.a.h(TAG, "checkChallengeOfAttestationCertNo challenge in the certificate");
        return false;
    }

    private static boolean checkKeyGeneratedInKeyMaster(AttestatedCertParser attestatedCertParser) {
        if (attestatedCertParser.getOrigin() == 0) {
            return true;
        }
        j3.a.h(TAG, "checkKeyGeneratedInKeyMasterorigin type error : " + attestatedCertParser.getOrigin());
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void lambda$setCrlTimer$0() {
        j3.a.h(TAG, "CRL timeout!");
        if (crlCount != 4) {
            mIsTimeout = true;
            mCallback.onFinished(false);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void removeCrlTimer() {
        Handler handler = mHandler;
        if (handler != null) {
            handler.removeCallbacksAndMessages(null);
        }
    }

    private static void setCrlTimer() {
        j3.a.h(TAG, "set CRL check timer = 5000");
        mHandler.postDelayed(new Runnable() { // from class: com.samsung.android.app.twatchmanager.sak.gakverify.a
            @Override // java.lang.Runnable
            public final void run() {
                Verifier.lambda$setCrlTimer$0();
            }
        }, 5000L);
    }

    private static boolean validateRootCert(List<X509Certificate> list) {
        int size = list.size();
        X509Certificate[] x509CertificateArr = new X509Certificate[size];
        for (int i8 = 0; i8 < list.size(); i8++) {
            x509CertificateArr[i8] = list.get(i8);
        }
        try {
            return Arrays.equals(((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Constants.GOOGLE_ROOT_CERTIFICATE.getBytes(StandardCharsets.UTF_8)))).getPublicKey().getEncoded(), x509CertificateArr[size - 1].getPublicKey().getEncoded());
        } catch (NullPointerException | CertificateException e8) {
            j3.a.h(TAG, "Error when generate certificate from google root cert");
            e8.printStackTrace();
            return false;
        }
    }

    public static boolean verifyCertificate(List<X509Certificate> list, byte[] bArr, VerificationCallback verificationCallback) {
        mCallback = verificationCallback;
        crlCount = 0;
        crlSuccessCount = 0;
        isCrlValid = false;
        isVerified = true;
        mIsTimeout = false;
        int size = list.size();
        if (size != 4) {
            j3.a.h(TAG, "verifyCertificateInvalid certification chain size: " + size);
            isVerified = false;
        }
        setCrlTimer();
        for (int i8 = size - 1; i8 >= 0; i8--) {
            checkCertificateRevocationStatus(list.get(i8).getSerialNumber());
        }
        try {
            AttestatedCertParser attestatedCertParser = new AttestatedCertParser(list.get(0));
            if (!checkChallengeOfAttestationCert(attestatedCertParser, bArr)) {
                j3.a.h(TAG, "verifyCertificateThe challenge is not same.");
                isVerified = false;
            }
            if (!checkKeyGeneratedInKeyMaster(attestatedCertParser)) {
                j3.a.h(TAG, "verifyCertificateThe key was not generated in keyMaster");
                isVerified = false;
            }
        } catch (CertificateParsingException e8) {
            j3.a.h(TAG, "verifyCertificateCertificateParsingException : " + e8.getMessage());
            isVerified = false;
        }
        if (!validateRootCert(list)) {
            j3.a.h(TAG, "verifyCertificate, ");
            isVerified = false;
        }
        j3.a.h(TAG, "verifyCertificate, Certificate chain is verified.");
        return isVerified;
    }
}
