package com.psiphon3.psiphonlibrary;

import android.util.Base64;
import android.util.Base64OutputStream;
import com.fasterxml.jackson.core.Base64Variants;
import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonToken;
import com.psiphon3.psiphonlibrary.Utils;
import com.psiphon3.subscription.R;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FilterOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;

/* loaded from: classes.dex */
public class AuthenticatedDataPackage {

    /* loaded from: classes.dex */
    public static class AuthenticatedDataPackageException extends Exception {
        private static final long serialVersionUID = 1;

        public AuthenticatedDataPackageException() {
        }

        public AuthenticatedDataPackageException(String str) {
            super(str);
        }

        public AuthenticatedDataPackageException(String str, Throwable th) {
            super(str, th);
        }

        public AuthenticatedDataPackageException(Throwable th) {
            super(th);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class VerifyingOutputStream extends FilterOutputStream {
        private boolean dataIsBase64;
        private OutputStream verifyOutputStream;

        /* loaded from: classes.dex */
        private static class SignatureOutputStream extends OutputStream {
            private Signature signature;

            public SignatureOutputStream(Signature signature) {
                this.signature = signature;
            }

            @Override // java.io.OutputStream
            public void write(int i) {
                try {
                    this.signature.update((byte) i);
                } catch (SignatureException unused) {
                }
            }

            @Override // java.io.OutputStream
            public void write(byte[] bArr) {
                try {
                    this.signature.update(bArr);
                } catch (SignatureException unused) {
                }
            }

            @Override // java.io.OutputStream
            public void write(byte[] bArr, int i, int i2) {
                try {
                    this.signature.update(bArr, i, i2);
                } catch (SignatureException unused) {
                }
            }
        }

        public VerifyingOutputStream(boolean z, OutputStream outputStream, Signature signature) {
            super(outputStream);
            this.dataIsBase64 = z;
            this.verifyOutputStream = new SignatureOutputStream(signature);
            if (this.dataIsBase64) {
                this.verifyOutputStream = new Base64OutputStream(this.verifyOutputStream, 2);
            }
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream, java.io.Closeable, java.lang.AutoCloseable
        public void close() {
            this.out.close();
            this.verifyOutputStream.close();
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(int i) {
            this.out.write(i);
            this.verifyOutputStream.write(i);
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(byte[] bArr) {
            this.out.write(bArr);
            this.verifyOutputStream.write(bArr);
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) {
            this.out.write(bArr, i, i2);
            this.verifyOutputStream.write(bArr, i, i2);
        }
    }

    public static String extractAndVerifyData(String str, boolean z, String str2) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            extractAndVerifyData(str, new ByteArrayInputStream(str2.getBytes("UTF-8")), z, byteArrayOutputStream);
            return byteArrayOutputStream.toString("UTF-8");
        } catch (UnsupportedEncodingException unused) {
            Utils.MyLog.w(R.string.res_0x7f0f000f_authenticateddatapackage_invalidencoding, Utils.MyLog.Sensitivity.NOT_SENSITIVE, new Object[0]);
            throw new AuthenticatedDataPackageException();
        }
    }

    public static void extractAndVerifyData(String str, InputStream inputStream, boolean z, OutputStream outputStream) {
        JsonParser jsonParser;
        VerifyingOutputStream verifyingOutputStream;
        Signature signature;
        try {
            try {
                PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode(str, 2)));
                signature = Signature.getInstance("SHA256withRSA");
                signature.initVerify(generatePublic);
                verifyingOutputStream = new VerifyingOutputStream(z, outputStream, signature);
                try {
                    jsonParser = new JsonFactory().createParser(inputStream);
                } catch (UnsupportedEncodingException e) {
                    e = e;
                } catch (IOException e2) {
                    e = e2;
                } catch (InvalidKeyException e3) {
                    e = e3;
                } catch (NoSuchAlgorithmException e4) {
                    e = e4;
                } catch (SignatureException e5) {
                    e = e5;
                } catch (InvalidKeySpecException e6) {
                    e = e6;
                }
            } catch (Throwable th) {
                th = th;
                jsonParser = null;
            }
        } catch (UnsupportedEncodingException e7) {
            e = e7;
        } catch (IOException e8) {
            e = e8;
        } catch (InvalidKeyException e9) {
            e = e9;
        } catch (NoSuchAlgorithmException e10) {
            e = e10;
        } catch (SignatureException e11) {
            e = e11;
        } catch (InvalidKeySpecException e12) {
            e = e12;
        } catch (Throwable th2) {
            th = th2;
            jsonParser = null;
            verifyingOutputStream = null;
        }
        try {
            if (jsonParser.nextToken() != JsonToken.START_OBJECT) {
                throw new AuthenticatedDataPackageException();
            }
            String str2 = null;
            String str3 = null;
            boolean z2 = false;
            while (true) {
                JsonToken nextToken = jsonParser.nextToken();
                if (nextToken == JsonToken.END_OBJECT) {
                    if (z2 && str2 != null && str3 != null) {
                        if (Base64.encodeToString(MessageDigest.getInstance("SHA256").digest(str.getBytes()), 2).compareTo(str3) != 0) {
                            Utils.MyLog.w(R.string.res_0x7f0f0012_authenticateddatapackage_wrongpublickey, Utils.MyLog.Sensitivity.NOT_SENSITIVE, new Object[0]);
                            throw new AuthenticatedDataPackageException();
                        }
                        signature.verify(Base64.decode(str2, 2));
                        if (1 == 0) {
                            Utils.MyLog.w(R.string.res_0x7f0f0010_authenticateddatapackage_invalidsignature, Utils.MyLog.Sensitivity.NOT_SENSITIVE, new Object[0]);
                            throw new AuthenticatedDataPackageException();
                        }
                        if (jsonParser != null) {
                            try {
                                jsonParser.close();
                            } catch (IOException unused) {
                            }
                        }
                        if (verifyingOutputStream != null) {
                            try {
                                verifyingOutputStream.close();
                            } catch (IOException unused2) {
                            }
                        }
                        return;
                    }
                    Utils.MyLog.w(R.string.res_0x7f0f0011_authenticateddatapackage_missingvalue, Utils.MyLog.Sensitivity.NOT_SENSITIVE, new Object[0]);
                    throw new AuthenticatedDataPackageException();
                }
                if (nextToken != JsonToken.FIELD_NAME) {
                    throw new AuthenticatedDataPackageException();
                }
                String currentName = jsonParser.getCurrentName();
                if (jsonParser.nextToken() != JsonToken.VALUE_STRING) {
                    jsonParser.skipChildren();
                } else if (currentName.equals("data")) {
                    if (z) {
                        try {
                            jsonParser.readBinaryValue(Base64Variants.MIME, verifyingOutputStream);
                        } catch (IllegalArgumentException e13) {
                            throw new AuthenticatedDataPackageException(e13);
                        }
                    } else {
                        verifyingOutputStream.write(jsonParser.getValueAsString().getBytes());
                    }
                    verifyingOutputStream.close();
                    z2 = true;
                } else if (currentName.equals("signature")) {
                    str2 = jsonParser.getValueAsString();
                } else if (currentName.equals("signingPublicKeyDigest")) {
                    str3 = jsonParser.getValueAsString();
                }
            }
        } catch (UnsupportedEncodingException e14) {
            e = e14;
            throw new AuthenticatedDataPackageException(e);
        } catch (IOException e15) {
            e = e15;
            throw new AuthenticatedDataPackageException(e);
        } catch (InvalidKeyException e16) {
            e = e16;
            throw new AuthenticatedDataPackageException(e);
        } catch (NoSuchAlgorithmException e17) {
            e = e17;
            throw new AuthenticatedDataPackageException(e);
        } catch (SignatureException e18) {
            e = e18;
            throw new AuthenticatedDataPackageException(e);
        } catch (InvalidKeySpecException e19) {
            e = e19;
            throw new AuthenticatedDataPackageException(e);
        } catch (Throwable th3) {
            th = th3;
            if (jsonParser != null) {
                try {
                    jsonParser.close();
                } catch (IOException unused3) {
                }
            }
            if (verifyingOutputStream != null) {
                try {
                    verifyingOutputStream.close();
                } catch (IOException unused4) {
                }
            }
            throw th;
        }
    }
}
