package d3;

import android.content.Context;
import com.huawei.wisesecurity.ucs.common.exception.UcsException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

/* renamed from: d3.n, reason: case insensitive filesystem */
/* loaded from: classes2.dex */
public class C0639n {

    /* renamed from: a, reason: collision with root package name */
    public static volatile X509Certificate f10146a;

    public static X509Certificate a(Context context, String str) throws UcsException {
        try {
            InputStream open = context.getAssets().open(str);
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(open);
                if (open != null) {
                    open.close();
                }
                return x509Certificate;
            } finally {
            }
        } catch (IOException | CertificateException e9) {
            String a9 = C0635j.a(e9, C0637l.a("Read root cert error "));
            throw C0641p.a("CertVerifier", a9, new Object[0], 1012L, a9);
        }
    }

    public static X509Certificate b(String str) throws UcsException {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(c3.c.a(str, 0));
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                byteArrayInputStream.close();
                return x509Certificate;
            } finally {
            }
        } catch (IOException | CertificateException e9) {
            throw new UcsException(1012L, e9.getMessage());
        }
    }

    public static void c(Context context, M m9) throws UcsException {
        int i9;
        if (f10146a == null) {
            synchronized (C0639n.class) {
                try {
                    if (f10146a == null) {
                        f10146a = a(context, "cbg_root.cer");
                    }
                } finally {
                }
            }
        }
        String[] strArr = m9.f10113a.f10118b;
        if (strArr == null || strArr.length == 0) {
            throw new UcsException(1012L, "verify cert chain failed , certs is empty..");
        }
        int length = strArr.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i10 = 0; i10 < strArr.length; i10++) {
            x509CertificateArr[i10] = b(strArr[i10]);
        }
        StringBuilder a9 = C0637l.a("Start verify cert chain using root ca: ");
        a9.append(f10146a.getSubjectDN().getName());
        a3.b.e("CertVerifier", a9.toString(), new Object[0]);
        int i11 = 0;
        while (true) {
            i9 = length - 1;
            if (i11 >= i9) {
                break;
            }
            try {
                a3.b.e("CertVerifier", "verify cert " + x509CertificateArr[i11].getSubjectDN().getName(), new Object[0]);
                StringBuilder sb = new StringBuilder();
                sb.append("using ");
                int i12 = i11 + 1;
                sb.append(x509CertificateArr[i12].getSubjectDN().getName());
                a3.b.e("CertVerifier", sb.toString(), new Object[0]);
                x509CertificateArr[i11].checkValidity();
                x509CertificateArr[i11].verify(x509CertificateArr[i12].getPublicKey());
                i11 = i12;
            } catch (RuntimeException e9) {
                e = e9;
                String a10 = C0635j.a(e, C0637l.a("verify cert chain failed , exception "));
                throw C0641p.a("CertVerifier", a10, new Object[0], 1012L, a10);
            } catch (InvalidKeyException e10) {
                e = e10;
                String a102 = C0635j.a(e, C0637l.a("verify cert chain failed , exception "));
                throw C0641p.a("CertVerifier", a102, new Object[0], 1012L, a102);
            } catch (NoSuchAlgorithmException e11) {
                e = e11;
                String a1022 = C0635j.a(e, C0637l.a("verify cert chain failed , exception "));
                throw C0641p.a("CertVerifier", a1022, new Object[0], 1012L, a1022);
            } catch (NoSuchProviderException e12) {
                e = e12;
                String a10222 = C0635j.a(e, C0637l.a("verify cert chain failed , exception "));
                throw C0641p.a("CertVerifier", a10222, new Object[0], 1012L, a10222);
            } catch (SignatureException e13) {
                e = e13;
                String a102222 = C0635j.a(e, C0637l.a("verify cert chain failed , exception "));
                throw C0641p.a("CertVerifier", a102222, new Object[0], 1012L, a102222);
            } catch (CertificateException e14) {
                e = e14;
                String a1022222 = C0635j.a(e, C0637l.a("verify cert chain failed , exception "));
                throw C0641p.a("CertVerifier", a1022222, new Object[0], 1012L, a1022222);
            }
        }
        x509CertificateArr[i9].verify(f10146a.getPublicKey());
        for (String str : x509CertificateArr[0].getSubjectDN().getName().split(",")) {
            if (str.startsWith("OU=") && "Huawei CBG Cloud Security Signer".equals(str.substring(3))) {
                X509Certificate x509Certificate = x509CertificateArr[0];
                try {
                    Signature signature = Signature.getInstance("RS256".equals(m9.f10113a.f10117a) ? "SHA256WithRSA" : "SHA256WithRSA/PSS");
                    signature.initVerify(x509Certificate.getPublicKey());
                    signature.update(m9.f10116d.getBytes(StandardCharsets.UTF_8));
                    if (signature.verify(m9.f10115c)) {
                        return;
                    } else {
                        throw new UcsException(1012L, "signature not verify");
                    }
                } catch (RuntimeException e15) {
                    e = e15;
                    String a11 = C0635j.a(e, C0637l.a("verify signature of c1 failed, exception "));
                    throw C0641p.a("CertVerifier", a11, new Object[0], 1012L, a11);
                } catch (InvalidKeyException e16) {
                    e = e16;
                    String a112 = C0635j.a(e, C0637l.a("verify signature of c1 failed, exception "));
                    throw C0641p.a("CertVerifier", a112, new Object[0], 1012L, a112);
                } catch (NoSuchAlgorithmException e17) {
                    e = e17;
                    String a1122 = C0635j.a(e, C0637l.a("verify signature of c1 failed, exception "));
                    throw C0641p.a("CertVerifier", a1122, new Object[0], 1012L, a1122);
                } catch (SignatureException e18) {
                    e = e18;
                    String a11222 = C0635j.a(e, C0637l.a("verify signature of c1 failed, exception "));
                    throw C0641p.a("CertVerifier", a11222, new Object[0], 1012L, a11222);
                }
            }
        }
        throw new UcsException(1012L, "Subject OU not verify");
    }
}
