package com.airwatch.safetynet;

import android.support.annotation.NonNull;
import android.util.Base64;
import com.airwatch.util.Logger;
import com.airwatch.util.StringUtils;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class JsonWebSignature {
    private static final long a = 120000;
    private final Header b;
    private final Payload c;
    private final byte[] d;
    private final byte[] e;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class Header {
        private static final String a = "alg";
        private static final String b = "x5c";
        private String c;
        private List<String> d;

        private Header() {
        }

        public static Header a(String str) {
            Header header = new Header();
            try {
                JSONObject jSONObject = new JSONObject(str);
                header.c = jSONObject.getString(a);
                JSONArray jSONArray = jSONObject.getJSONArray(b);
                ArrayList arrayList = new ArrayList(jSONArray.length());
                for (int i = 0; i < jSONArray.length(); i++) {
                    arrayList.add(jSONArray.getString(i).toString());
                }
                header.d = arrayList;
                return header;
            } catch (JSONException e) {
                Logger.e("Exception while parsing the mHeader of Json Web Signature");
                return null;
            }
        }

        public final String a() {
            return this.c;
        }

        public final List<String> b() {
            return this.d;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class Payload {
        private static final String a = "nonce";
        private static final String b = "timestampMs";
        private static final String c = "apkPackageName";
        private static final String d = "apkCertificateDigestSha256";
        private static final String e = "apkDigestSha256";
        private static final String f = "ctsProfileMatch";
        private static final String g = "error";
        private String h;
        private long i;
        private String j;
        private String[] k;
        private String l;
        private boolean m;
        private boolean n;

        private Payload() {
        }

        public static Payload a(String str) {
            Payload payload = new Payload();
            try {
                JSONObject jSONObject = new JSONObject(str);
                if (jSONObject.has(a)) {
                    payload.h = jSONObject.getString(a);
                }
                if (jSONObject.has(b)) {
                    payload.i = jSONObject.getLong(b);
                }
                if (jSONObject.has(c)) {
                    payload.j = jSONObject.getString(c);
                }
                if (jSONObject.has(d)) {
                    JSONArray jSONArray = jSONObject.getJSONArray(d);
                    String[] strArr = new String[jSONArray.length()];
                    for (int i = 0; i < jSONArray.length(); i++) {
                        strArr[i] = jSONArray.getString(i);
                    }
                    payload.k = strArr;
                }
                if (jSONObject.has(e)) {
                    payload.l = jSONObject.getString(e);
                }
                if (jSONObject.has(f)) {
                    payload.m = jSONObject.getBoolean(f);
                }
                if (!jSONObject.has("error")) {
                    return payload;
                }
                payload.n = true;
                return payload;
            } catch (JSONException e2) {
                Logger.e("Exception while parsing the payload of Json Web Signature");
                return null;
            }
        }

        public final String a() {
            return this.h;
        }

        public final long b() {
            return this.i;
        }

        public final String c() {
            return this.j;
        }

        public final String[] d() {
            return this.k;
        }

        public final String e() {
            return this.l;
        }

        public final boolean f() {
            return this.m;
        }

        public final boolean g() {
            return this.n;
        }
    }

    private JsonWebSignature(@NonNull Header header, @NonNull Payload payload, @NonNull byte[] bArr, @NonNull byte[] bArr2) {
        this.b = header;
        this.c = payload;
        this.d = bArr;
        this.e = bArr2;
    }

    public static JsonWebSignature a(String str) {
        Payload a2;
        int indexOf = str.indexOf(46);
        int indexOf2 = str.indexOf(46, indexOf + 1);
        int indexOf3 = str.indexOf(46, indexOf2 + 1);
        if (indexOf == -1 || indexOf2 == -1 || indexOf3 != -1) {
            return null;
        }
        byte[] decode = Base64.decode(str.substring(0, indexOf), 11);
        byte[] decode2 = Base64.decode(str.substring(indexOf + 1, indexOf2), 11);
        byte[] decode3 = Base64.decode(str.substring(indexOf2 + 1), 11);
        byte[] a3 = StringUtils.a(str.substring(0, indexOf2));
        Header a4 = Header.a(new String(decode));
        if (a4 == null || (a2 = Payload.a(new String(decode2))) == null) {
            return null;
        }
        return new JsonWebSignature(a4, a2, decode3, a3);
    }

    private static X509TrustManager g() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (TrustManager trustManager : trustManagers) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            return null;
        } catch (KeyStoreException e) {
            return null;
        } catch (NoSuchAlgorithmException e2) {
            return null;
        }
    }

    public final Header a() {
        return this.b;
    }

    public final X509Certificate a(X509TrustManager x509TrustManager) throws GeneralSecurityException {
        List<String> b = a().b();
        if (b == null || b.isEmpty() || !"RS256".equals(a().a())) {
            return null;
        }
        return SafetyNetUtils.a(Signature.getInstance("SHA256withRSA"), x509TrustManager, b, c(), d());
    }

    public boolean a(byte[] bArr, long j, String str, String[] strArr, String str2) {
        Payload b = b();
        if (b.g()) {
            Logger.e("SafetyNetApi response payload contains error: field");
            return false;
        }
        if (!Base64.encodeToString(bArr, 2).equals(b.a())) {
            Logger.e("Mismatch in nonce of SafetyNetApi response and request");
            return false;
        }
        if (!str.equals(b.c())) {
            Logger.e("Mismatch in package name for SafetyNetApi response and request");
            return false;
        }
        if (!Arrays.equals(strArr, b.d())) {
            Logger.e("Mismatch in apk certificate digest for SafetyNetApi response and request");
            return false;
        }
        if (str2.equals(b.e())) {
            return true;
        }
        Logger.e("Mismatch in apk digest for SafetyNetApi response and request");
        return false;
    }

    public final Payload b() {
        return this.c;
    }

    public final byte[] c() {
        return this.d;
    }

    public final byte[] d() {
        return this.e;
    }

    public final X509Certificate e() {
        X509TrustManager g = g();
        if (g == null) {
            return null;
        }
        try {
            return a(g);
        } catch (GeneralSecurityException e) {
            Logger.e("Exception while verifying the signature of JWS");
            return null;
        }
    }

    public boolean f() {
        return b().f();
    }
}
