package f.f0.a.f.h;

import android.content.Context;
import android.util.Base64;
import com.privacy.azerothprivacy.AzerothPrivacy;
import com.privacy.azerothprivacy.R$raw;
import f.z.network.HttpConst;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Objects;

/* compiled from: Cert.java */
/* loaded from: classes9.dex */
public class b {
    public static X509Certificate a;
    public static X509Certificate b;

    public static X509Certificate a(Context context) throws GeneralSecurityException {
        int i;
        X509Certificate x509Certificate = a;
        if (x509Certificate != null) {
            return x509Certificate;
        }
        try {
            URL url = new URL(AzerothPrivacy.getSdkConfig().b.a);
            if (Objects.equals(url.getHost(), "alice-boe.bytedance.net")) {
                i = R$raw.boe_server_pk;
            } else if ((Objects.equals(url.getHost(), HttpConst.b) | Objects.equals(url.getHost(), "inhouse.doubao.com")) || Objects.equals(url.getHost(), "api-normal.doubao.com")) {
                i = R$raw.online_server_pk;
            } else if ((Objects.equals(url.getHost(), "www.ciciai.com") | Objects.equals(url.getHost(), "inhouse.ciciai.com") | Objects.equals(url.getHost(), "api-normal-i18n.ciciai.com")) || Objects.equals(url.getHost(), "api-normal-i18n-va.ciciai.com")) {
                i = R$raw.oversea_server_pk;
            } else {
                if (!Objects.equals(url.getHost(), "tgw-boe.byted.org")) {
                    throw new GeneralSecurityException("key agreement config is invalid" + AzerothPrivacy.getSdkConfig().b.a);
                }
                i = R$raw.boe_server_pk;
            }
            try {
                InputStream openRawResource = context.getResources().openRawResource(i);
                try {
                    byte[] bArr = new byte[openRawResource.available()];
                    openRawResource.read(bArr);
                    String str = new String(bArr, StandardCharsets.UTF_8);
                    openRawResource.close();
                    a = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(str, 0)));
                    f.z.trace.f.c.d("CRYPTO", "num iis" + a.getSerialNumber().toString(10));
                    return a;
                } finally {
                }
            } catch (IOException e) {
                throw new GeneralSecurityException(e);
            }
        } catch (MalformedURLException e2) {
            throw new GeneralSecurityException(e2);
        }
    }

    public static boolean b(String str) {
        try {
            b = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(str, 0)));
            try {
                f.z.trace.f.c.d("crypto", "root cert_sn is " + a.getSerialNumber().toString());
                f.z.trace.f.c.d("crypto", "sign cert_sn is " + b.getSerialNumber().toString());
                b.verify(a.getPublicKey());
                return true;
            } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e) {
                e.printStackTrace();
                return false;
            }
        } catch (CertificateException e2) {
            throw new RuntimeException(e2);
        }
    }

    public static boolean c(String str, byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initVerify(b.getPublicKey());
            signature.update(bArr);
            return signature.verify(Base64.decode(str, 0));
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new RuntimeException(e);
        }
    }
}
