package com.opensignal.sdk.framework;

import android.content.Context;
import android.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class TUSecurity {
    private static final String defaultCertificate = "MIIGfzCCBGegAwIBAgIQDnRvyvE6sGlgHqDJOO4EQjANBgkqhkiG9w0BAQsFADBi\nMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xOjA4BgNVBAMT\nMURpZ2lDZXJ0IEFzc3VyZWQgRzIgU01JTUUgUlNBNDA5NiBTSEEzODQgMjAyNCBD\nQTEwHhcNMjQxMTE4MDAwMDAwWhcNMjcxMTE3MjM1OTU5WjCBlTEYMBYGA1UEYRMP\nTlRSQ0EtQkMxMjIxMTAwMQswCQYDVQQGEwJDQTEZMBcGA1UECBMQQnJpdGlzaCBD\nb2x1bWJpYTESMBAGA1UEBxMJVmFuY291dmVyMSAwHgYDVQQKExdUdXRlbGEgVGVj\naG5vbG9naWVzIEx0ZDEbMBkGA1UEAxMSVHV0ZWxhIFNpZ25pbmcyMDI0MIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA68p3uMzz7t85eI/PrXBL7RcNPU3t\n0oAtKg88zgRCbYkOHonEJL7stdP7WpuQdgL1rlMmExJ8ltUVeZlor0azEuEmpH+J\nZ/O2oEl7mNw9Y+jmAHj8ugjPGY0xQteqOhGnO9tIYTtdhoOygM1V+BdkUsTBGfoQ\npq4Y7Lt9rn7gtfgkMWDp1MdiIputMRXqccRI8kvGsJa/+p/PiteTKHjvjeGg+SpL\ny2M9PIkiWqEkmtaH6we7TKxwLcLbZNfl3OnNKSrYOJS9NkQvllKXAqZOKCVRBtcC\nnU/ph/dBecTvr+t7tipXDQW7EInYprOx8ErkRApiIr33Zm2UcamlTe5/qwIDAQAB\no4IB+zCCAfcwHwYDVR0jBBgwFoAU95uiTtOXxfQ0D0MOgYXOkZMyr/kwHQYDVR0O\nBBYEFOsVwbxONEpZDj7+hfSIv0H40rqBMDQGA1UdEQQtMCuBKXR1dGVsYStzaWdu\naW5nMjAyNEB0dXRlbGF0ZWNobm9sb2dpZXMuY29tMBQGA1UdIAQNMAswCQYHZ4EM\nAQUDATAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUF\nBwMEMIGpBgNVHR8EgaEwgZ4wTaBLoEmGR2h0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNv\nbS9EaWdpQ2VydEFzc3VyZWRHMlNNSU1FUlNBNDA5NlNIQTM4NDIwMjRDQTEuY3Js\nME2gS6BJhkdodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk\nRzJTTUlNRVJTQTQwOTZTSEEzODQyMDI0Q0ExLmNybDCBjQYIKwYBBQUHAQEEgYAw\nfjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFYGCCsGAQUF\nBzAChkpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk\nRzJTTUlNRVJTQTQwOTZTSEEzODQyMDI0Q0ExLmNydDANBgkqhkiG9w0BAQsFAAOC\nAgEAPZnLxWRtOV03/AOJYkKOvSYF9dqK4jiDI5U6GiLno8arF6C4yIg98cUmpjix\n78t6PHBsMi4veTZKYlG44+7OqEwfWZ0039ufrXPfb+Qof1bVkg9aqiEpiBFcOsnU\nV6CSHQUwqn9MJ6BtSxDNYKTCFKTtGnMEY9Y/0XxBYJ/1GppOdtWT//ZF0Nc0lc2W\nZuTa74Kvz0xGlRyJ3OePMZVawdMMFzXEjDk9bz66JazL0lcId/Tp5rxTIplfXy9C\nwt1I2r3nKorDYpotLjOl3G5lhumdzmWcR0LIGLlV4JtSIu/ZDe69uRMGBgBNf3eM\nUyJwBVqnDQm1oBpy4llS0ng2mFJAflqQyYfWZ90eJKLsqtS+ekIJfPyyL/70D1aG\nAapROw+Cu8OiBNORh4/ZGV7xjQH2/87d/V+SWj/Ei34Bn3cG4+9sCdpTBnII2yA0\nninQ3Pbat5lbwY5hwVxcxhX6npKLm4FzXCRmDMYfYKYuXP1+Y8XSasmvLNqjmnyX\nRGsYlB9o/34nN1IOcazhQ2xsNKxihoDd9vCuH6T/vGFbb0IGYj77ze6GpEIaNUXZ\nzxAzvl1foUuHLulVSAZI9MQEona2BaFrpdiW1YJuPTb91B9qCFENOWVgJ7bLBNyI\n4mVGXoVlAWtuH6xVlTpO1RvK1vCZSFf/z64JOMkuqEkcaaM=";
    private static final String TAG = TUSecurity.class.getClass().getSimpleName();
    private static String sharedPreferenceGetNonTutelaUploadCertificate = "CustomUploadCertificate";

    public static boolean checkSignature(String str, String str2, String str3, String str4) throws TUException {
        PublicKey publicKeyFromCertificate = getPublicKeyFromCertificate(defaultCertificate);
        if (str2 == null || str == null || publicKeyFromCertificate == null || str3 == null || str4 == null) {
            throw new TUException("Device has failed security check.");
        }
        byte[] decode = TUConversions.decode(str3);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(str.length() + str2.length() + decode.length);
        try {
            byteArrayOutputStream.write(str2.getBytes("UTF-8"));
            byteArrayOutputStream.write(decode);
            byteArrayOutputStream.write(str.getBytes("UTF-8"));
            return verifySignature(byteArrayOutputStream.toByteArray(), str4, publicKeyFromCertificate);
        } catch (Exception e4) {
            TULog.utilitiesLog(TUBaseLogCode.WARNING.low, TAG, e4.getMessage(), e4);
            return false;
        }
    }

    private static InputStream getCertificateInputStream(String str) throws TUException {
        try {
            return new ByteArrayInputStream(Base64.decode(str, 0));
        } catch (Exception unused) {
            throw new TUException("The Certificate provided failed during Base64 decode.");
        }
    }

    public static String getCustomUploadCertificate(Context context) {
        String valueFromPreferenceKey = TUConfiguration.getValueFromPreferenceKey(context, sharedPreferenceGetNonTutelaUploadCertificate);
        if (valueFromPreferenceKey == null || valueFromPreferenceKey.isEmpty()) {
            return null;
        }
        return valueFromPreferenceKey;
    }

    private static PublicKey getPublicKeyFromCertificate(String str) {
        try {
            return loadCertificate(str).getPublicKey();
        } catch (Exception unused) {
            return null;
        }
    }

    public static SSLSocketFactory getSSLFactory(Context context) throws Exception {
        X509Certificate loadCertificate = loadCertificate(getCustomUploadCertificate(context));
        KeyStore keyStore = KeyStore.getInstance("BKS");
        keyStore.load(null, null);
        keyStore.setCertificateEntry("nat", loadCertificate);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
        return sSLContext.getSocketFactory();
    }

    private static X509Certificate loadCertificate(String str) throws CertificateException, TUException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(getCertificateInputStream(str));
    }

    public static boolean passesSecurityCheck(String str, String str2, String str3, String str4) throws TUException {
        return checkSignature(str2, str, str3, str4);
    }

    private static void removeCustomUploadCertificate(Context context) {
        TUConfiguration.removeValueFromPreferenceKey(context, TUConfiguration.getConfigurationPreferenceFileName(context), sharedPreferenceGetNonTutelaUploadCertificate);
    }

    public static void setCustomUploadCertificate(Context context, String str) throws TUException {
        if (str == null) {
            removeCustomUploadCertificate(context);
            return;
        }
        try {
            loadCertificate(str).checkValidity();
            TUConfiguration.setValueFromPreferenceKey(context, sharedPreferenceGetNonTutelaUploadCertificate, str);
        } catch (CertificateExpiredException unused) {
            throw new TUException("The Certificate provided has already expired. Please check the validity of the provided certificate.");
        } catch (CertificateNotYetValidException unused2) {
            throw new TUException("The Certificate provided is not valid yet.");
        } catch (CertificateException unused3) {
            throw new TUException("The Certificate provided is not a valid Base64 encoded certificate.");
        } catch (Exception unused4) {
        }
    }

    private static boolean verifySignature(byte[] bArr, String str, PublicKey publicKey) {
        return verifySignature(bArr, publicKey, TUConversions.hexStringToByteArray(str));
    }

    private static boolean verifySignature(byte[] bArr, PublicKey publicKey, byte[] bArr2) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (Exception e4) {
            TULog.utilitiesLog(TUBaseLogCode.WARNING.high, TAG, "Error verify signature.2", e4);
            return false;
        }
    }
}
