package com.amazon.bundle.store.internal.security;

import android.net.http.SslCertificate;
import android.support.annotation.NonNull;
import java.io.BufferedInputStream;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.concurrent.atomic.AtomicBoolean;

/* loaded from: classes.dex */
public final class A2ZCertificateValidator implements CertificateValidator {
    private static final char[] BOUNCY_CASTLE_PASSWORD = "dontcare".toCharArray();
    private CertPathValidator certPathValidator;
    private CertificateFactory certificateFactory;
    private final AtomicBoolean initialized = new AtomicBoolean(false);
    private CertPathParameters trustedCertPathParameters;

    private void checkCertificateChainTrust(CertPath certPath) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        this.certPathValidator.validate(certPath, this.trustedCertPathParameters);
    }

    private void checkCertificateExpiration(X509Certificate x509Certificate) throws CertificateExpiredException, CertificateNotYetValidException {
        x509Certificate.checkValidity();
    }

    private void checkCommonName(X509Certificate x509Certificate) throws CertPathValidatorException {
        String parseCommonName = parseCommonName(x509Certificate);
        if (parseCommonName == null || !parseCommonName.endsWith("-bundlestore.a2z.com")) {
            throw new CertPathValidatorException("Unrecognized common name");
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:18:0x0034  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.security.KeyStore getKeyStore() throws java.lang.Exception {
        /*
            java.lang.String r3 = "H4sIAAAAAAAAAGNgYGBkYGAQCdzcvNdmcmZdCmsaV+jOuvm/Z05RY2Bgvc3IwGgAVJL3R+VvEgMIsEbomRpYMjCwCBs0sfAbNDF9X8DMxMjExMhgwMvGqdXm0fadl5GRlZXBIMOQ24CTjTmUhU2YKTTYUNVAGcThEpYJLkksSstMzUlRCElNzsjLz8lPz0wt1lHwzEvWMzQyMAAp4xbWRChzzkksLlYwUnBOLSrJTMtMTizJzM9TcCwtycgvyiypNJAT5zUwMTAzsjQ0N7Y0NIsS5zVG5tLRJU2MCsjBwMjKwNzEyMsAFOdgamJkZNhudOLfy8JlLK1reQRT7p/zfX+CWaLdfuHq3zbL5n84vPDWlRt52sETfqsssWv5MO9F/Jun6i5fNZbZV997oPXhxPpg/XmnWBkny/WnyVgu9/0Vta2YRTXtdXn988hjXjNVRUJeqx3/XC951aCgf/0GN63/a19rvr0+fxVL++IrPzuXmsTfdp7YZHYzzWbjjp1Nf+dY2QmcsH7PlppWNVtSwvZ/YaCNgV78Ptvy4k2xbDmHlcNmabeqTZJZzrT5iT3veo7Kph1mtq/mXDbdvCfz1Nczc1/8TekVbzDOi/OKnXlSrn3LXKkDV/OETZXj7s+Ot31/7XvZoVd2uyt4ZZzSs1lu/Lh2K7/7k8sCxtVMjMyLG48aNB4ykAWGrSwfixiLyP747RfP3ZVv+xIduubOdYFDfCs7nhs0TgLJK7M0dhk0tjdgVbMwZ0kW/aK2CZjAeUBuEmZhNWBmZPyPltyZQdHLOte+Y+7Fk1KhC9dkfv4ceWs2Y7uUf/jKhZWcWre/62+SO3M8LutGc/vC6e89Te3K2Rwjkvb3RezgSrd/s/muYpr8yZBfRWdsfRxuNK4vn9dctXvR8a8m4n03BR2+/NHR8hWtX54Uq6d6mYFbQUo246f4ji97u99qRN71FesWbz6xKfW4btXSVXuC23Lvhi859UPBkTvjw5ffJfvCYqsqv/6UbX2sO3Xf18IJzmd65WcxcLVrvgxVimBQfvVYyFkz2p3jbo9jVirbiqeKqxy3TFWcurP2oslq4Wtr99x5ZGt5dq9dacFCiUjmk0pb+udcjdO6vnTbFa7cH9sdBN1myVfyJe3nn/7mgb68+BQG+RsvOfwW3kv49ZfRdm78Gv6S2Z++AwDuGJlcYwQAAA=="
            r4 = 0
            byte[] r1 = android.util.Base64.decode(r3, r4)
            java.lang.String r3 = "BKS"
            java.security.KeyStore r0 = java.security.KeyStore.getInstance(r3)
            java.util.zip.GZIPInputStream r2 = new java.util.zip.GZIPInputStream
            java.io.ByteArrayInputStream r3 = new java.io.ByteArrayInputStream
            r3.<init>(r1)
            r2.<init>(r3)
            r5 = 0
            char[] r3 = com.amazon.bundle.store.internal.security.A2ZCertificateValidator.BOUNCY_CASTLE_PASSWORD     // Catch: java.lang.Throwable -> L2e java.lang.Throwable -> L43
            r0.load(r2, r3)     // Catch: java.lang.Throwable -> L2e java.lang.Throwable -> L43
            if (r2 == 0) goto L24
            if (r5 == 0) goto L2a
            r2.close()     // Catch: java.lang.Throwable -> L25
        L24:
            return r0
        L25:
            r3 = move-exception
            r5.addSuppressed(r3)
            goto L24
        L2a:
            r2.close()
            goto L24
        L2e:
            r3 = move-exception
            throw r3     // Catch: java.lang.Throwable -> L30
        L30:
            r4 = move-exception
            r5 = r3
        L32:
            if (r2 == 0) goto L39
            if (r5 == 0) goto L3f
            r2.close()     // Catch: java.lang.Throwable -> L3a
        L39:
            throw r4
        L3a:
            r3 = move-exception
            r5.addSuppressed(r3)
            goto L39
        L3f:
            r2.close()
            goto L39
        L43:
            r3 = move-exception
            r4 = r3
            goto L32
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.bundle.store.internal.security.A2ZCertificateValidator.getKeyStore():java.security.KeyStore");
    }

    private CertPath parseCertificateChain(InputStream inputStream) throws CertificateException {
        Collection<? extends Certificate> generateCertificates = this.certificateFactory.generateCertificates(new BufferedInputStream(inputStream, 8192));
        if (generateCertificates.isEmpty()) {
            throw new CertificateException("Cert Chain error");
        }
        return this.certificateFactory.generateCertPath(new ArrayList(generateCertificates));
    }

    private String parseCommonName(X509Certificate x509Certificate) {
        return new SslCertificate(x509Certificate).getIssuedTo().getCName();
    }

    public void initialize() throws GeneralSecurityException {
        try {
            if (this.initialized.compareAndSet(false, true)) {
                this.certificateFactory = CertificateFactory.getInstance("X.509");
                this.certPathValidator = CertPathValidator.getInstance("PKIX");
                PKIXParameters pKIXParameters = new PKIXParameters(getKeyStore());
                pKIXParameters.setRevocationEnabled(false);
                this.trustedCertPathParameters = pKIXParameters;
            }
        } catch (Exception e) {
            throw new GeneralSecurityException("Root certificate initialization Error", e);
        }
    }

    @Override // com.amazon.bundle.store.internal.security.CertificateValidator
    public void validate(@NonNull InputStream inputStream) throws GeneralSecurityException {
        initialize();
        CertPath parseCertificateChain = parseCertificateChain(inputStream);
        X509Certificate x509Certificate = (X509Certificate) parseCertificateChain.getCertificates().get(0);
        checkCertificateExpiration(x509Certificate);
        checkCommonName(x509Certificate);
        checkCertificateChainTrust(parseCertificateChain);
    }
}
