package u7;

import Ba0.C1857d;
import S1.C2955c;
import android.content.Context;
import com.huawei.wisesecurity.ucs.common.exception.UcsException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

/* loaded from: classes2.dex */
public final class j {

    /* renamed from: a, reason: collision with root package name */
    public static volatile X509Certificate f115699a;

    public static X509Certificate a(Context context) throws UcsException {
        try {
            InputStream open = context.getAssets().open("cbg_root.cer");
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(open);
                if (open != null) {
                    open.close();
                }
                return x509Certificate;
            } finally {
            }
        } catch (IOException | CertificateException e11) {
            String h10 = C2955c.h(e11, C1857d.b("Read root cert error "));
            throw BA.a.e("CertVerifier", h10, new Object[0], 1012L, h10);
        }
    }

    public static X509Certificate b(String str) throws UcsException {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(t7.c.a(0, str));
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                byteArrayInputStream.close();
                return x509Certificate;
            } finally {
            }
        } catch (IOException | CertificateException e11) {
            throw new UcsException(1012L, e11.getMessage());
        }
    }

    public static void c(Context context, C c11) throws UcsException {
        int i11;
        if (f115699a == null) {
            synchronized (j.class) {
                try {
                    if (f115699a == null) {
                        f115699a = a(context);
                    }
                } finally {
                }
            }
        }
        String[] strArr = c11.f115669a.f115674b;
        if (strArr == null || strArr.length == 0) {
            throw new UcsException(1012L, "verify cert chain failed , certs is empty..");
        }
        int length = strArr.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i12 = 0; i12 < strArr.length; i12++) {
            x509CertificateArr[i12] = b(strArr[i12]);
        }
        StringBuilder b2 = C1857d.b("Start verify cert chain using root ca: ");
        b2.append(f115699a.getSubjectDN().getName());
        Ax0.a.t("CertVerifier", b2.toString(), new Object[0]);
        int i13 = 0;
        while (true) {
            i11 = length - 1;
            if (i13 >= i11) {
                break;
            }
            try {
                Ax0.a.t("CertVerifier", "verify cert " + x509CertificateArr[i13].getSubjectDN().getName(), new Object[0]);
                StringBuilder sb2 = new StringBuilder();
                sb2.append("using ");
                int i14 = i13 + 1;
                sb2.append(x509CertificateArr[i14].getSubjectDN().getName());
                Ax0.a.t("CertVerifier", sb2.toString(), new Object[0]);
                x509CertificateArr[i13].checkValidity();
                x509CertificateArr[i13].verify(x509CertificateArr[i14].getPublicKey());
                i13 = i14;
            } catch (RuntimeException e11) {
                e = e11;
                String h10 = C2955c.h(e, C1857d.b("verify cert chain failed , exception "));
                throw BA.a.e("CertVerifier", h10, new Object[0], 1012L, h10);
            } catch (InvalidKeyException e12) {
                e = e12;
                String h102 = C2955c.h(e, C1857d.b("verify cert chain failed , exception "));
                throw BA.a.e("CertVerifier", h102, new Object[0], 1012L, h102);
            } catch (NoSuchAlgorithmException e13) {
                e = e13;
                String h1022 = C2955c.h(e, C1857d.b("verify cert chain failed , exception "));
                throw BA.a.e("CertVerifier", h1022, new Object[0], 1012L, h1022);
            } catch (NoSuchProviderException e14) {
                e = e14;
                String h10222 = C2955c.h(e, C1857d.b("verify cert chain failed , exception "));
                throw BA.a.e("CertVerifier", h10222, new Object[0], 1012L, h10222);
            } catch (SignatureException e15) {
                e = e15;
                String h102222 = C2955c.h(e, C1857d.b("verify cert chain failed , exception "));
                throw BA.a.e("CertVerifier", h102222, new Object[0], 1012L, h102222);
            } catch (CertificateException e16) {
                e = e16;
                String h1022222 = C2955c.h(e, C1857d.b("verify cert chain failed , exception "));
                throw BA.a.e("CertVerifier", h1022222, new Object[0], 1012L, h1022222);
            }
        }
        x509CertificateArr[i11].verify(f115699a.getPublicKey());
        for (String str : x509CertificateArr[0].getSubjectDN().getName().split(",")) {
            if (str.startsWith("OU=") && "Huawei CBG Cloud Security Signer".equals(str.substring(3))) {
                X509Certificate x509Certificate = x509CertificateArr[0];
                try {
                    Signature signature = Signature.getInstance("RS256".equals(c11.f115669a.f115673a) ? "SHA256WithRSA" : "SHA256WithRSA/PSS");
                    signature.initVerify(x509Certificate.getPublicKey());
                    signature.update(c11.f115672d.getBytes(StandardCharsets.UTF_8));
                    if (signature.verify(c11.f115671c)) {
                        return;
                    } else {
                        throw new UcsException(1012L, "signature not verify");
                    }
                } catch (RuntimeException e17) {
                    e = e17;
                    String h11 = C2955c.h(e, C1857d.b("verify signature of c1 failed, exception "));
                    throw BA.a.e("CertVerifier", h11, new Object[0], 1012L, h11);
                } catch (InvalidKeyException e18) {
                    e = e18;
                    String h112 = C2955c.h(e, C1857d.b("verify signature of c1 failed, exception "));
                    throw BA.a.e("CertVerifier", h112, new Object[0], 1012L, h112);
                } catch (NoSuchAlgorithmException e19) {
                    e = e19;
                    String h1122 = C2955c.h(e, C1857d.b("verify signature of c1 failed, exception "));
                    throw BA.a.e("CertVerifier", h1122, new Object[0], 1012L, h1122);
                } catch (SignatureException e21) {
                    e = e21;
                    String h11222 = C2955c.h(e, C1857d.b("verify signature of c1 failed, exception "));
                    throw BA.a.e("CertVerifier", h11222, new Object[0], 1012L, h11222);
                }
            }
        }
        throw new UcsException(1012L, "Subject OU not verify");
    }
}
