package com.connection.b.a;

import com.connection.auth2.ak;
import com.connection.d.m;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.TimeZone;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class a implements e {

    /* renamed from: a, reason: collision with root package name */
    private static final BigInteger f12837a = new BigInteger("167609434410335061345139523764350090260135525329813904557420930309800865859473551531551523800013916573891864789934747039010546328480848979516637673776605610374669426214776197828492691384519453218253702788022233205683635831626913357154941914129985489522629902540768368409482248290641036967659389658897350067939");

    /* renamed from: b, reason: collision with root package name */
    private static final BigInteger f12838b = new BigInteger("2");

    /* renamed from: c, reason: collision with root package name */
    private final BigInteger f12839c = e();

    /* renamed from: d, reason: collision with root package name */
    private final BigInteger f12840d = new BigInteger(256, ak.f12651a);

    /* renamed from: e, reason: collision with root package name */
    private final BigInteger f12841e = f12838b.modPow(this.f12840d, f12837a);

    /* renamed from: f, reason: collision with root package name */
    private byte[] f12842f;

    /* renamed from: g, reason: collision with root package name */
    private byte[] f12843g;

    /* renamed from: h, reason: collision with root package name */
    private byte[] f12844h;

    /* renamed from: i, reason: collision with root package name */
    private byte[] f12845i;

    /* renamed from: j, reason: collision with root package name */
    private byte[] f12846j;

    /* renamed from: k, reason: collision with root package name */
    private byte[] f12847k;

    /* renamed from: l, reason: collision with root package name */
    private d f12848l;

    /* renamed from: m, reason: collision with root package name */
    private final com.connection.connect.f f12849m;

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: com.connection.b.a.a$a, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public enum EnumC0165a {
        PROD { // from class: com.connection.b.a.a.a.1
            @Override // com.connection.b.a.a.EnumC0165a
            public String a() {
                return "PROD";
            }

            @Override // com.connection.b.a.a.EnumC0165a
            public String b() {
                return "CN=prod.ckg.ibllc.com,";
            }

            @Override // com.connection.b.a.a.EnumC0165a
            public String c() {
                return "CN=tws.ibllc.com,";
            }
        },
        TEST { // from class: com.connection.b.a.a.a.2
            @Override // com.connection.b.a.a.EnumC0165a
            public String a() {
                return "TEST";
            }

            @Override // com.connection.b.a.a.EnumC0165a
            public String b() {
                return "CN=test.ckg.ibllc.com,";
            }

            @Override // com.connection.b.a.a.EnumC0165a
            public String c() {
                return "CN=tws.ibllc.com,";
            }
        };

        public abstract String a();

        public abstract String b();

        public abstract String c();
    }

    public a(com.connection.connect.f fVar) {
        this.f12849m = fVar;
    }

    private d a(List<X509Certificate> list) {
        int size = list.size();
        if (size == 0) {
            return d.f12863c;
        }
        for (int i2 = 0; i2 < size; i2++) {
            X509Certificate x509Certificate = list.get(i2);
            com.connection.d.c.a("cert #" + i2 + " subject:" + x509Certificate.getSubjectX500Principal().getName() + "\tissuer:" + x509Certificate.getIssuerX500Principal().getName() + "\tnotBefore:" + a(x509Certificate.getNotBefore()) + "\tnotAfter:" + a(x509Certificate.getNotAfter()));
        }
        try {
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initVerify(list.get(0).getPublicKey());
            signature.verify(this.f12844h);
            if (size < 3) {
                com.connection.d.c.c("Error: too short cert chain");
                return d.f12863c;
            }
            com.connection.c.a a2 = com.connection.c.a.a(list.get(0));
            com.connection.d.c.a("Current time is: " + a(new Date()));
            if (a2 != com.connection.c.a.OK) {
                switch (a2) {
                    case NOT_YET_VALID:
                        com.connection.d.c.c("Error: first cert is not yet valid");
                        break;
                    case EXPIRED:
                        com.connection.d.c.c("Error: first cert is expired");
                        break;
                }
                return d.a(a2);
            }
            StringBuilder sb = new StringBuilder();
            if (this.f12849m.h()) {
                com.connection.d.c.a("CipherAlgorithm.validateCerts: expects connect to QA-conman:" + this.f12849m.g(), true);
                String a3 = a(list, EnumC0165a.TEST);
                if (a3 != null) {
                    sb.append(a3);
                }
            } else {
                String a4 = a(list, EnumC0165a.PROD);
                if (a4 != null) {
                    sb.append(a4);
                    String a5 = a(list, EnumC0165a.TEST);
                    if (a5 != null) {
                        if (sb.length() > 0) {
                            sb.append(";");
                        }
                        sb.append(a5);
                    } else {
                        sb.setLength(0);
                    }
                }
            }
            if (sb.length() > 0) {
                com.connection.d.c.c("Error: " + ((Object) sb));
                return d.f12863c;
            }
            try {
                list.get(0).verify(list.get(1).getPublicKey());
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    List<X509Certificate> subList = list.subList(1, size);
                    ArrayList arrayList = new ArrayList();
                    for (int size2 = subList.size() - 2; size2 >= 0; size2--) {
                        arrayList.add(subList.get(size2));
                    }
                    CertPath generateCertPath = certificateFactory.generateCertPath(arrayList);
                    PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(list.get(size - 1), null)));
                    pKIXParameters.setRevocationEnabled(false);
                    CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
                    return d.f12861a;
                } catch (Exception e2) {
                    com.connection.d.c.c("Error: chain verification failed: " + e2.getMessage());
                    return d.f12863c;
                }
            } catch (Exception e3) {
                com.connection.d.c.c("Error: first was not signed with second: " + e3.getMessage());
                return d.f12863c;
            }
        } catch (Exception e4) {
            com.connection.d.c.c("signature verification failed: " + e4.getMessage());
            return d.f12863c;
        }
    }

    private static String a(Date date) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMdd-HH:mm:ss");
        Calendar calendar = Calendar.getInstance();
        TimeZone timeZone = TimeZone.getTimeZone("Europe/London");
        calendar.setTimeZone(timeZone);
        calendar.setTime(date);
        return simpleDateFormat.format(calendar.getTime()) + "(" + timeZone.getID() + ")";
    }

    private static String a(List<X509Certificate> list, EnumC0165a enumC0165a) {
        X509Certificate x509Certificate = list.get(0);
        String name = x509Certificate.getIssuerDN().getName();
        String b2 = enumC0165a.b();
        if (!name.startsWith(b2)) {
            return String.format("the first cert '%s' is NOT %s cert", name, enumC0165a.a());
        }
        if (enumC0165a == EnumC0165a.TEST) {
            String name2 = x509Certificate.getSubjectDN().getName();
            String c2 = enumC0165a.c();
            if (name2 != null && c2 != null && !name2.startsWith(c2)) {
                return String.format("the first '%s' cert(Subj DN)='%s' is invalid ", enumC0165a.a(), name2);
            }
        }
        String name3 = list.get(1).getSubjectDN().getName();
        if (name3.startsWith(b2)) {
            return null;
        }
        return name3.startsWith(enumC0165a == EnumC0165a.TEST ? EnumC0165a.PROD.b() : EnumC0165a.TEST.b()) ? String.format("the second cert '%s' is invalid (NOT %s): test and production mixed", name3, enumC0165a.a()) : String.format("the second cert '%s' is invalid (NOT %s)", name3, enumC0165a.a());
    }

    private static Mac a(MessageDigest messageDigest, byte[] bArr) {
        Mac mac;
        if ("MD5".equals(messageDigest.getAlgorithm())) {
            mac = Mac.getInstance("HMACMD5");
        } else {
            if (!"SHA1".equals(messageDigest.getAlgorithm())) {
                throw new Exception("Unexected digest algorithm:" + messageDigest.getAlgorithm());
            }
            mac = Mac.getInstance("HMACSHA1");
        }
        mac.init(new SecretKeySpec(bArr, mac.getAlgorithm()));
        return mac;
    }

    private static boolean a(MessageDigest messageDigest, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5) {
        if (messageDigest == null) {
            return false;
        }
        try {
            if (com.connection.d.d.a((Object) bArr5)) {
                return false;
            }
            byte[] bArr6 = new byte[64];
            int digestLength = messageDigest.getDigestLength();
            int length = bArr5.length;
            Mac a2 = a(messageDigest, bArr);
            a(messageDigest, bArr);
            a2.update(bArr2);
            a2.update(bArr3);
            a2.update(bArr4);
            byte[] doFinal = a2.doFinal();
            byte[] bArr7 = doFinal;
            int length2 = doFinal.length;
            int i2 = length;
            int i3 = 0;
            while (true) {
                Mac a3 = a(messageDigest, bArr);
                a3.update(bArr7, 0, length2);
                Mac a4 = a(messageDigest, bArr);
                a4.update(bArr7, 0, length2);
                a3.update(bArr2);
                a3.update(bArr3);
                a3.update(bArr4);
                if (i2 <= digestLength) {
                    byte[] doFinal2 = a3.doFinal();
                    int length3 = doFinal2.length;
                    System.arraycopy(doFinal2, 0, bArr5, i3, i2);
                    return true;
                }
                byte[] doFinal3 = a3.doFinal();
                int length4 = doFinal3.length;
                System.arraycopy(doFinal3, 0, bArr5, i3, length4);
                i3 += length4;
                i2 -= length4;
                bArr7 = a4.doFinal();
                length2 = bArr7.length;
            }
        } catch (Exception e2) {
            return false;
        }
    }

    private boolean a(byte[] bArr) {
        return a(this.f12845i, "master secret".getBytes(), com.connection.d.d.a(ak.a(this.f12839c.toByteArray()), 32), com.connection.d.d.a(this.f12842f, 32), bArr);
    }

    private static boolean a(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5) {
        MessageDigest[] messageDigestArr = new MessageDigest[2];
        try {
            messageDigestArr[0] = MessageDigest.getInstance("MD5");
            messageDigestArr[1] = MessageDigest.getInstance("SHA1");
            int length = bArr.length / 2;
            byte[] bArr6 = new byte[bArr5.length];
            int i2 = 0;
            while (true) {
                int i3 = i2;
                if (i3 >= 2) {
                    return true;
                }
                int length2 = (bArr.length & 1) + length;
                byte[] bArr7 = new byte[length2];
                System.arraycopy(bArr, i3 * length, bArr7, 0, length2);
                if (!a(messageDigestArr[i3], bArr7, bArr2, bArr3, bArr4, bArr6)) {
                    return false;
                }
                for (int i4 = 0; i4 < bArr5.length; i4++) {
                    bArr5[i4] = (byte) (bArr5[i4] ^ bArr6[i4]);
                }
                i2 = i3 + 1;
            }
        } catch (NoSuchAlgorithmException e2) {
            return false;
        }
    }

    private d b(String str) {
        try {
            StringTokenizer stringTokenizer = new StringTokenizer(str, com.connection.b.f.f12879a);
            this.f12842f = com.connection.d.d.b(stringTokenizer.nextToken());
            this.f12843g = com.connection.d.d.b(stringTokenizer.nextToken());
            this.f12844h = com.connection.d.d.b(stringTokenizer.nextToken());
            int parseInt = Integer.parseInt(stringTokenizer.nextToken());
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ArrayList arrayList = new ArrayList(parseInt);
            for (int i2 = 0; i2 < parseInt; i2++) {
                arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(com.connection.d.d.b(stringTokenizer.nextToken()))));
            }
            d a2 = a(arrayList);
            if (!a2.a()) {
                return a2;
            }
            if (!f()) {
                com.connection.d.c.c("CipherContext error while initialization from msg: generatePreMasterSecret");
                return d.f12863c;
            }
            this.f12846j = new byte[48];
            if (!a(this.f12846j)) {
                com.connection.d.c.c("CipherContext error while initialization from msg: generateMasterSecret");
                return d.f12863c;
            }
            this.f12847k = new byte[104];
            if (b(this.f12847k)) {
                return d.f12861a;
            }
            com.connection.d.c.c("CipherContext error while initialization from msg: generateKeyBlock");
            return d.f12863c;
        } catch (Exception e2) {
            com.connection.d.c.d("CipherContext error while initialization from msg: " + e2.getMessage());
            return d.f12863c;
        }
    }

    private boolean b(byte[] bArr) {
        return a(this.f12846j, "key expansion".getBytes(), com.connection.d.d.a(ak.a(this.f12839c.toByteArray()), 32), com.connection.d.d.a(this.f12842f, 32), bArr);
    }

    private static BigInteger e() {
        byte[] bArr = new byte[32];
        int currentTimeMillis = (int) (System.currentTimeMillis() / 1000);
        int i2 = 24;
        int i3 = 0;
        while (i3 < 4) {
            bArr[i3] = (byte) ((currentTimeMillis >> i2) & 255);
            i3++;
            i2 -= 8;
        }
        System.arraycopy(com.connection.d.d.a(ak.a(new BigInteger(224, ak.f12651a).toByteArray()), 28), 0, bArr, 4, 28);
        return new BigInteger(bArr);
    }

    private boolean f() {
        this.f12845i = ak.a(new BigInteger(m.b(this.f12843g), 16).modPow(this.f12840d, f12837a).toByteArray());
        return true;
    }

    @Override // com.connection.b.a.e
    public d a(String str) {
        this.f12848l = d.f12862b;
        try {
            this.f12848l = b(str);
            return this.f12848l;
        } finally {
            if (this.f12848l.a()) {
                com.connection.d.c.a("CipherContext initialization successed.");
            } else {
                com.connection.d.c.a("CipherContext initialization failed.");
            }
        }
    }

    public boolean a() {
        return this.f12847k != null && this.f12848l.a();
    }

    @Override // com.connection.b.a.e
    public BigInteger b() {
        return this.f12839c;
    }

    @Override // com.connection.b.a.e
    public BigInteger c() {
        return this.f12841e;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] d() {
        return this.f12847k;
    }
}
