package com.google.android.finsky.api;

import android.content.Context;
import android.text.TextUtils;
import android.util.Base64;
import com.google.android.finsky.utils.AndroidKeyczarReader;
import com.google.android.finsky.utils.DfeLog;
import java.io.File;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import org.keyczar.KeyczarFileReader;
import org.keyczar.Verifier;
import org.keyczar.exceptions.KeyczarException;
import org.keyczar.interfaces.KeyczarReader;

/* loaded from: classes.dex */
public class DfeResponseVerifier {
    private static final SecureRandom SECURE_RANDOM;
    private static KeyczarReader sFallbackReader;
    private static boolean sFallbackReaderInitialized;
    private static KeyczarReader sProdReader;
    private final Context mContext;
    private byte[] mNonce = new byte[256];
    private boolean mNonceInitialized;
    private static final String PROD_KEYS_ASSETS_SUBDIR = "keys" + File.separator + "dfe-response-auth";
    private static final String FALLBACK_KEYS_FILES_SUBDIR = "keys" + File.separator + "dfe-response-auth-dev";

    /* loaded from: classes.dex */
    public static class DfeResponseVerifierException extends Exception {
        private DfeResponseVerifierException(String str) {
            super(str);
        }
    }

    static {
        SecureRandom secureRandom;
        try {
            secureRandom = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            DfeLog.e("Could not initialize SecureRandom, SHA1PRNG not supported. %s", e);
            secureRandom = null;
        }
        SECURE_RANDOM = secureRandom;
    }

    public DfeResponseVerifier(Context context) {
        this.mContext = context;
    }

    private static byte[] extractResponseSignature(String str) throws DfeResponseVerifierException {
        if (TextUtils.isEmpty(str)) {
            DfeLog.e("No signing response found.", new Object[0]);
            throw new DfeResponseVerifierException("No signing response found.");
        }
        for (String str2 : str.split(";")) {
            String trim = str2.trim();
            if (trim.startsWith("signature=")) {
                return Base64.decode(trim.substring(10), 11);
            }
        }
        throw new DfeResponseVerifierException("Signature not found in response: " + str);
    }

    private static synchronized KeyczarReader getFallbackReader(Context context) {
        KeyczarReader keyczarReader;
        synchronized (DfeResponseVerifier.class) {
            if (!sFallbackReaderInitialized) {
                File file = new File(context.getFilesDir(), FALLBACK_KEYS_FILES_SUBDIR);
                if (file.exists()) {
                    sFallbackReader = new KeyczarFileReader(file.getAbsolutePath());
                }
                sFallbackReaderInitialized = true;
            }
            keyczarReader = sFallbackReader;
        }
        return keyczarReader;
    }

    private static synchronized KeyczarReader getProdReader(Context context) {
        KeyczarReader keyczarReader;
        synchronized (DfeResponseVerifier.class) {
            if (sProdReader == null) {
                sProdReader = new AndroidKeyczarReader(context.getResources(), PROD_KEYS_ASSETS_SUBDIR);
            }
            keyczarReader = sProdReader;
        }
        return keyczarReader;
    }

    private boolean internalVerify(KeyczarReader keyczarReader, byte[] bArr, byte[] bArr2, String str) throws DfeResponseVerifierException {
        try {
            Verifier verifier = new Verifier(keyczarReader);
            byte[] bArr3 = new byte[bArr.length + bArr2.length];
            System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
            System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
            return verifier.verify(bArr3, extractResponseSignature(str));
        } catch (KeyczarException e) {
            DfeLog.d("Keyczar exception during signature verification: %s", e);
            return false;
        }
    }

    public synchronized String getSignatureRequest() throws DfeResponseVerifierException {
        if (SECURE_RANDOM == null) {
            throw new DfeResponseVerifierException("Uninitialized SecureRandom.");
        }
        if (!this.mNonceInitialized) {
            SECURE_RANDOM.nextBytes(this.mNonce);
            this.mNonceInitialized = true;
        }
        return "nonce=" + Base64.encodeToString(this.mNonce, 11);
    }

    public void verify(byte[] bArr, String str) throws DfeResponseVerifierException {
        KeyczarReader fallbackReader;
        boolean internalVerify = internalVerify(getProdReader(this.mContext), this.mNonce, bArr, str);
        if (!internalVerify && (fallbackReader = getFallbackReader(this.mContext)) != null) {
            DfeLog.d("Retry verification using fallback keys.", new Object[0]);
            internalVerify = internalVerify(fallbackReader, this.mNonce, bArr, str);
        }
        if (!internalVerify || DfeLog.DEBUG) {
            DfeLog.d("Response signature verified: %b", Boolean.valueOf(internalVerify));
        }
        if (!internalVerify) {
            throw new DfeResponseVerifierException("Response signature mismatch.");
        }
    }
}
