package com.amazon.bundle.store.internal.security;

import android.net.http.SslCertificate;
import android.support.annotation.NonNull;
import java.io.BufferedInputStream;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;

/* loaded from: classes.dex */
public final class A2ZCertificateValidator implements CertificateValidator {
    private static final char[] BOUNCY_CASTLE_PASSWORD = "dontcare".toCharArray();
    private CertPathValidator certPathValidator;
    private CertificateFactory certificateFactory;
    private boolean initialized = false;
    private CertPathParameters trustedCertPathParameters;

    private void checkCertificateChainTrust(CertPath certPath) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        this.certPathValidator.validate(certPath, this.trustedCertPathParameters);
    }

    private void checkCertificateExpiration(X509Certificate x509Certificate) throws CertificateExpiredException, CertificateNotYetValidException {
        x509Certificate.checkValidity();
    }

    private void checkCommonName(X509Certificate x509Certificate) throws CertPathValidatorException {
        String parseCommonName = parseCommonName(x509Certificate);
        if (parseCommonName == null || !parseCommonName.endsWith("-bundlestore.a2z.com")) {
            throw new CertPathValidatorException("Unrecognized common name");
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:18:0x0034  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.security.KeyStore getKeyStore() throws java.lang.Exception {
        /*
            java.lang.String r3 = "H4sIAAAAAAAAAGNgYGBkYGAQYczVvZodt/fhpQN3p9zSZ177s/RjFwMDmzEjA6MBUEnumvRLDxhAgDVCz9TAkoGBRdigiYXfoInp+wJmJkYmJkYGA142Tq02j7bvvIyMrKwMBhmG3AacbMyhLGzCTKHBhqoGyiAOl7BMcEliUVpmak6KQkhqckZefk5+emZqsY6CZ16ynqGRgQFIGbewJkKZc05icbGCkYJzalFJZlpmcmJJZn6egmNpSUZ+UWZJpYGcOK+BiYGZkaWhubGloVmUOK8xMpeOLmliVEAOBkZWBuYmRl4GoDgHUxMjI8N2oxP/XhYuY2ldyyOYcv+c7/sTzBLt9gtX/7ZZNv/D4YW3rtzI0w6e8FtliV3Lh3kv4t88VXf5qrHMvvreA60PJ9YH6887xco4Wa4/TcZyue+vqG3FLKppr8vrn0ce85qpKhLyWu3453rJqwYF/es3uGn9X/ta8+31+atY2hdf+dm51CT+tvPEJrObaTYbd+xs+jvHyk7ghPV7ttS0qtmSErb/CwNtDPTi99mWF2+KZcs5rBw2S7tVbZLMcqbNT+x513NUNu0ws30157Lp5j2Zp76emfvib0qveINxXpxX7MyTcu1b5koduJonbKocd392vO37a9/LDr2y213BK+OUns1y48e1W/ndn1wWMK5mYmRe3HjUoPGQgSwwbGX5WMRYRPbHb7947q5825fo0DV3rgsc4lvZ8dygcRJIXpmlscugsb0Bq5qFOUuy6Be1TcAEzgNykzALqwEzI+N/tOTODIpe1rn2HXMvnpQKXbgm8/PnyFuzGdul/MNXLqzk1Lr9XX+T3JnjcVk3mtsXTn/vaWpXzuYYkbS/L2IHV7r9m813FdPkT4b8Kjpj6+Nwo3F9+bzmqt2Ljn81Ee+7Kejw5Y+Olq9o/fKkWD3VywzcClKyGT/Fd3zZ2/1WI/Kur1i3ePOJTanHdauWrtoT3JZ7N3zJqR8KjtwZH778LtkXFltV+fWnbOtj3an7vhZOcD7TKz+Lgatd82WoUgSD8qvHQs6a0e4cd3scs1LZVjxVXOW4Zari1J21F01WC19bu+fOI1vLs3vtSgsWSkQyn1Ta0j/napzW9aXbrnDl/tjuIOg2S76SL2k///Q3D/Tlxacw7Nj1Rl384XH7uL+vu7YebUg93n/LGwCEjrT3YwQAAA=="
            r4 = 0
            byte[] r1 = android.util.Base64.decode(r3, r4)
            java.lang.String r3 = "BKS"
            java.security.KeyStore r0 = java.security.KeyStore.getInstance(r3)
            java.util.zip.GZIPInputStream r2 = new java.util.zip.GZIPInputStream
            java.io.ByteArrayInputStream r3 = new java.io.ByteArrayInputStream
            r3.<init>(r1)
            r2.<init>(r3)
            r5 = 0
            char[] r3 = com.amazon.bundle.store.internal.security.A2ZCertificateValidator.BOUNCY_CASTLE_PASSWORD     // Catch: java.lang.Throwable -> L2e java.lang.Throwable -> L43
            r0.load(r2, r3)     // Catch: java.lang.Throwable -> L2e java.lang.Throwable -> L43
            if (r2 == 0) goto L24
            if (r5 == 0) goto L2a
            r2.close()     // Catch: java.lang.Throwable -> L25
        L24:
            return r0
        L25:
            r3 = move-exception
            r5.addSuppressed(r3)
            goto L24
        L2a:
            r2.close()
            goto L24
        L2e:
            r3 = move-exception
            throw r3     // Catch: java.lang.Throwable -> L30
        L30:
            r4 = move-exception
            r5 = r3
        L32:
            if (r2 == 0) goto L39
            if (r5 == 0) goto L3f
            r2.close()     // Catch: java.lang.Throwable -> L3a
        L39:
            throw r4
        L3a:
            r3 = move-exception
            r5.addSuppressed(r3)
            goto L39
        L3f:
            r2.close()
            goto L39
        L43:
            r3 = move-exception
            r4 = r3
            goto L32
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.bundle.store.internal.security.A2ZCertificateValidator.getKeyStore():java.security.KeyStore");
    }

    private void initialize() throws Exception {
        if (this.initialized) {
            return;
        }
        this.certificateFactory = CertificateFactory.getInstance("X.509");
        this.certPathValidator = CertPathValidator.getInstance("PKIX");
        PKIXParameters pKIXParameters = new PKIXParameters(getKeyStore());
        pKIXParameters.setRevocationEnabled(false);
        this.trustedCertPathParameters = pKIXParameters;
        this.initialized = true;
    }

    private CertPath parseCertificateChain(InputStream inputStream) throws CertificateException {
        Collection<? extends Certificate> generateCertificates = this.certificateFactory.generateCertificates(new BufferedInputStream(inputStream));
        if (generateCertificates.isEmpty()) {
            throw new CertificateException("Cert Chain error");
        }
        return this.certificateFactory.generateCertPath(new ArrayList(generateCertificates));
    }

    private String parseCommonName(X509Certificate x509Certificate) {
        return new SslCertificate(x509Certificate).getIssuedTo().getCName();
    }

    @Override // com.amazon.bundle.store.internal.security.CertificateValidator
    public void validate(@NonNull InputStream inputStream) throws GeneralSecurityException {
        try {
            initialize();
            CertPath parseCertificateChain = parseCertificateChain(inputStream);
            X509Certificate x509Certificate = (X509Certificate) parseCertificateChain.getCertificates().get(0);
            checkCertificateExpiration(x509Certificate);
            checkCommonName(x509Certificate);
            checkCertificateChainTrust(parseCertificateChain);
        } catch (Exception e) {
            throw new GeneralSecurityException("Initialization Error", e);
        }
    }
}
