package org.android.spdy;

import com.google.devtools.build.android.desugar.runtime.ThrowableExtension;
import com.taobao.android.tlog.protocol.utils.RSAUtils;
import java.io.ByteArrayInputStream;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.ArrayList;
import java.util.Set;

/* loaded from: classes.dex */
public class QuicProofVerifier {
    private static final int DECODE_C = 1;
    private static final int DECODE_EQ = 3;
    private static final int DECODE_N = 2;
    private static final int DECODE_RIGHT = 4;
    private static String kProofSignatureLabelOld = "QUIC server config signature\u0000";
    private static String kProofSignatureLabel = "QUIC CHLO and server config signature\u0000";

    private static Set<TrustAnchor> LoadFromAndroidSystem(CertificateFactory certificateFactory) {
        return AndroidTrustAnchors.a().getTrustAnchors();
    }

    public static int VerifyProof(String str, int i, String str2, int i2, String str3, String[] strArr, String str4, String str5) {
        CertificateFactory m4182a = AndroidTrustAnchors.a().m4182a();
        if (m4182a == null) {
            return 0;
        }
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = (X509Certificate) m4182a.generateCertificate(new ByteArrayInputStream(strArr[0].getBytes("ISO-8859-1")));
        } catch (UnsupportedEncodingException e) {
            ThrowableExtension.printStackTrace(e);
        } catch (CertificateException e2) {
            ThrowableExtension.printStackTrace(e2);
        } catch (Exception e3) {
            ThrowableExtension.printStackTrace(e3);
        }
        if (verifySignature(str2, i2, str3, x509Certificate, str5) == 0) {
            return 0;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        Set<TrustAnchor> LoadFromAndroidSystem = LoadFromAndroidSystem(m4182a);
        if (LoadFromAndroidSystem == null) {
            return 0;
        }
        for (int i3 = 1; i3 < strArr.length; i3++) {
            try {
                arrayList.add((X509Certificate) m4182a.generateCertificate(new ByteArrayInputStream(strArr[1].getBytes("ISO-8859-1"))));
            } catch (UnsupportedEncodingException e4) {
                ThrowableExtension.printStackTrace(e4);
            } catch (InvalidAlgorithmParameterException e5) {
                ThrowableExtension.printStackTrace(e5);
            } catch (NoSuchAlgorithmException e6) {
                ThrowableExtension.printStackTrace(e6);
            } catch (CertPathValidatorException e7) {
                ThrowableExtension.printStackTrace(e7);
            } catch (CertificateException e8) {
                ThrowableExtension.printStackTrace(e8);
            }
        }
        CertPath generateCertPath = m4182a.generateCertPath(arrayList);
        PKIXParameters pKIXParameters = new PKIXParameters(LoadFromAndroidSystem);
        pKIXParameters.setRevocationEnabled(false);
        CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
        String[] split = x509Certificate.getSubjectDN().toString().split(",");
        StringBuilder sb = new StringBuilder();
        int length = split.length;
        for (int i4 = 0; i4 < length && !getCNfromSubject(split[i4], sb); i4++) {
        }
        String sb2 = sb.toString();
        if (!str.equals(sb2)) {
            if (sb2.startsWith("*")) {
                if (str.endsWith(sb2.substring(2))) {
                }
            }
            return 0;
        }
        return 1;
    }

    private static boolean getCNfromSubject(String str, StringBuilder sb) {
        char[] charArray = str.toCharArray();
        boolean z = false;
        char c = 1;
        sb.setLength(0);
        for (char c2 : charArray) {
            switch (c) {
                case 1:
                    if (c2 == 'C') {
                        c = 2;
                        break;
                    } else {
                        break;
                    }
                case 2:
                    if (c2 != 'N') {
                    }
                    c = 3;
                    break;
                case 3:
                    if (c2 == ' ') {
                        break;
                    } else if (c2 != '=') {
                        c = 1;
                        break;
                    } else {
                        c = 4;
                        z = true;
                        break;
                    }
                case 4:
                    if (c2 != ' ') {
                        sb.append(c2);
                        break;
                    } else {
                        break;
                    }
            }
        }
        return z;
    }

    private static int verifySignature(String str, int i, String str2, X509Certificate x509Certificate, String str3) {
        if (x509Certificate != null) {
            try {
                x509Certificate.checkValidity();
                PublicKey publicKey = x509Certificate.getPublicKey();
                Signature signature = null;
                try {
                    if (publicKey.getAlgorithm().contains(RSAUtils.KEY_ALGORITHM)) {
                        signature = Signature.getInstance("SHA256withRSA/PSS");
                        signature.setParameter(new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, 1));
                    } else {
                        signature = Signature.getInstance(publicKey.getAlgorithm());
                    }
                } catch (InvalidAlgorithmParameterException e) {
                    signature = null;
                    ThrowableExtension.printStackTrace(e);
                } catch (NoSuchAlgorithmException e2) {
                    ThrowableExtension.printStackTrace(e2);
                }
                if (signature != null) {
                    try {
                        signature.initVerify(publicKey);
                        signature.update(kProofSignatureLabel.getBytes("ISO-8859-1"));
                        byte[] bArr = new byte[4];
                        bArr[0] = (byte) str2.length();
                        signature.update(bArr);
                        signature.update(str2.getBytes("ISO-8859-1"));
                        signature.update(str.getBytes("ISO-8859-1"));
                        if (signature.verify(str3.getBytes("ISO-8859-1"))) {
                            return 1;
                        }
                    } catch (UnsupportedEncodingException e3) {
                        ThrowableExtension.printStackTrace(e3);
                    } catch (InvalidKeyException e4) {
                        ThrowableExtension.printStackTrace(e4);
                    } catch (SignatureException e5) {
                        ThrowableExtension.printStackTrace(e5);
                    }
                }
            } catch (CertificateExpiredException e6) {
                ThrowableExtension.printStackTrace(e6);
                return 0;
            } catch (CertificateNotYetValidException e7) {
                ThrowableExtension.printStackTrace(e7);
                return 0;
            }
        }
        return 0;
    }
}
