package com.samsung.android.app.twatchmanager.sak;

import com.samsung.android.app.twatchmanager.sak.sakverify.CryptoHelper;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;

/* loaded from: classes.dex */
public class SAKVerifier implements VerifierInterface {
    private static final String TAG = "SAK:SAKVerifier";
    private static CryptoHelper mCryptoHelper;
    private static SAKVerifier sInstance;
    private byte[] mCertificateChain;
    private KeyPair mLocalKeyPair;
    private byte[] mLocalPublicKey;
    private PublicKey mRemotePublicKey;

    private String byteArrayToHex(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        for (byte b9 : bArr) {
            sb.append(String.format("%02x ", Integer.valueOf(b9 & 255)));
        }
        return sb.toString();
    }

    public static synchronized SAKVerifier getInstance() {
        SAKVerifier sAKVerifier;
        synchronized (SAKVerifier.class) {
            if (sInstance == null) {
                sInstance = new SAKVerifier();
                mCryptoHelper = CryptoHelper.getInstance();
            }
            sAKVerifier = sInstance;
        }
        return sAKVerifier;
    }

    private void setCertificateChain(byte[] bArr) {
        this.mCertificateChain = bArr;
    }

    @Override // com.samsung.android.app.twatchmanager.sak.VerifierInterface
    public void generateLocalKeyPair() {
        this.mLocalKeyPair = mCryptoHelper.generateKeyPair();
        this.mLocalPublicKey = getLocalPublicKey();
    }

    @Override // com.samsung.android.app.twatchmanager.sak.VerifierInterface
    public byte[] getCertificateChain() {
        return this.mCertificateChain;
    }

    public byte[] getLocalPublicKey() {
        return CryptoHelper.getPublicKeyFromKeyPair(this.mLocalKeyPair);
    }

    @Override // com.samsung.android.app.twatchmanager.sak.VerifierInterface
    public byte[] getPublicKey() {
        if (this.mLocalPublicKey == null) {
            this.mLocalPublicKey = getLocalPublicKey();
        }
        return this.mLocalPublicKey;
    }

    public byte[] getRemotePublicKey() {
        return this.mRemotePublicKey.getEncoded();
    }

    public byte[] makeCertificateChain() {
        String str;
        PublicKey publicKey = this.mRemotePublicKey;
        if (publicKey == null) {
            str = "makeCertificate, No remote publicKey";
        } else {
            List<X509Certificate> certificateChain = mCryptoHelper.getCertificateChain(publicKey.getEncoded());
            if (certificateChain.isEmpty()) {
                str = "makeCertificate, No certificate chain";
            } else {
                byte[] serializeCertificateChain = CryptoHelper.serializeCertificateChain(certificateChain);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    GZIPOutputStream gZIPOutputStream = new GZIPOutputStream(byteArrayOutputStream);
                    try {
                        gZIPOutputStream.write(serializeCertificateChain);
                        gZIPOutputStream.flush();
                        gZIPOutputStream.close();
                        byte[] byteArray = byteArrayOutputStream.toByteArray();
                        n4.a.h(TAG, "makeCertificate, GZIP compress " + serializeCertificateChain.length + " to " + byteArray.length);
                        gZIPOutputStream.close();
                        n4.a.h(TAG, "compressed: " + byteArrayToHex(byteArray));
                        return byteArray;
                    } finally {
                    }
                } catch (IOException e9) {
                    str = "makeCertificate, IOException : " + e9.getMessage();
                }
            }
        }
        n4.a.h(TAG, str);
        return null;
    }

    @Override // com.samsung.android.app.twatchmanager.sak.VerifierInterface
    public void setRemotePublicKey(byte[] bArr) {
        n4.a.h(TAG, "Set remote public key and make certificate");
        this.mRemotePublicKey = mCryptoHelper.getPublicKeyFromEncoded(bArr);
        setCertificateChain(makeCertificateChain());
    }

    @Override // com.samsung.android.app.twatchmanager.sak.VerifierInterface
    public boolean verifyCertificate(byte[] bArr, VerificationCallback verificationCallback) {
        String str;
        if (this.mLocalKeyPair == null) {
            str = "verifyCertificate, LocalKeyPair is not set";
        } else {
            n4.a.h(TAG, "verifyCertificate, read byte: " + Arrays.toString(bArr));
            try {
                GZIPInputStream gZIPInputStream = new GZIPInputStream(new ByteArrayInputStream(bArr));
                try {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    byte[] bArr2 = new byte[1024];
                    while (true) {
                        int read = gZIPInputStream.read(bArr2);
                        if (read == -1) {
                            gZIPInputStream.close();
                            byte[] byteArray = byteArrayOutputStream.toByteArray();
                            gZIPInputStream.close();
                            return CryptoHelper.verifyCertificate(CryptoHelper.deserializeCertificateChain(byteArray), this.mLocalKeyPair.getPublic().getEncoded());
                        }
                        byteArrayOutputStream.write(bArr2, 0, read);
                    }
                } finally {
                }
            } catch (IOException e9) {
                str = "verifyCertificate, IOException : " + e9.getMessage();
            }
        }
        n4.a.h(TAG, str);
        return false;
    }
}
