package com.amazon.identity.auth.device.appid;

import android.content.Context;
import android.content.pm.PackageManager;
import android.util.Log;
import com.facebook.AuthenticationTokenClaims;
import com.facebook.internal.security.CertificateUtil;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import org.json.JSONException;
import org.json.JSONObject;
import s0.b.a.a.a.q.i;

/* loaded from: classes.dex */
public final class a {
    public static s0.b.a.a.a.l.b a(String str, String str2, Context context) {
        s0.b.a.a.b.a.b.a.h("com.amazon.identity.auth.device.appid.a", "Begin decoding API Key for packageName=", str);
        JSONObject a = new s0.b.a.a.a.q.c().a(str2);
        s0.b.a.a.b.a.b.a.h("com.amazon.identity.auth.device.appid.a", "APIKey", "payload=" + a);
        if (a != null) {
            try {
                c(str, a, context);
                return b(a);
            } catch (PackageManager.NameNotFoundException e) {
                StringBuilder E = s0.c.a.a.a.E("Failed to decode: ");
                E.append(e.getMessage());
                Log.w("com.amazon.identity.auth.device.appid.a", E.toString());
                s0.c.a.a.a.R("Unable to decode APIKey for pkg=", str, "com.amazon.identity.auth.device.appid.a");
                return null;
            } catch (IOException e2) {
                StringBuilder E2 = s0.c.a.a.a.E("Failed to decode: ");
                E2.append(e2.getMessage());
                Log.w("com.amazon.identity.auth.device.appid.a", E2.toString());
                s0.c.a.a.a.R("Unable to decode APIKey for pkg=", str, "com.amazon.identity.auth.device.appid.a");
                return null;
            } catch (SecurityException e3) {
                StringBuilder E3 = s0.c.a.a.a.E("Failed to decode: ");
                E3.append(e3.getMessage());
                Log.w("com.amazon.identity.auth.device.appid.a", E3.toString());
                s0.c.a.a.a.R("Unable to decode APIKey for pkg=", str, "com.amazon.identity.auth.device.appid.a");
                return null;
            } catch (NoSuchAlgorithmException e4) {
                StringBuilder E4 = s0.c.a.a.a.E("Failed to decode: ");
                E4.append(e4.getMessage());
                Log.w("com.amazon.identity.auth.device.appid.a", E4.toString());
                s0.c.a.a.a.R("Unable to decode APIKey for pkg=", str, "com.amazon.identity.auth.device.appid.a");
                return null;
            } catch (CertificateException e5) {
                StringBuilder E5 = s0.c.a.a.a.E("Failed to decode: ");
                E5.append(e5.getMessage());
                Log.w("com.amazon.identity.auth.device.appid.a", E5.toString());
                s0.c.a.a.a.R("Unable to decode APIKey for pkg=", str, "com.amazon.identity.auth.device.appid.a");
                return null;
            } catch (JSONException e6) {
                StringBuilder E6 = s0.c.a.a.a.E("Failed to decode: ");
                E6.append(e6.getMessage());
                Log.w("com.amazon.identity.auth.device.appid.a", E6.toString());
                s0.c.a.a.a.R("Unable to decode APIKey for pkg=", str, "com.amazon.identity.auth.device.appid.a");
                return null;
            } catch (s0.b.a.a.a.c e7) {
                StringBuilder E7 = s0.c.a.a.a.E("Failed to decode: ");
                E7.append(e7.getMessage());
                Log.w("com.amazon.identity.auth.device.appid.a", E7.toString());
                s0.c.a.a.a.R("Unable to decode APIKey for pkg=", str, "com.amazon.identity.auth.device.appid.a");
                return null;
            }
        }
        s0.c.a.a.a.R("Unable to decode APIKey for pkg=", str, "com.amazon.identity.auth.device.appid.a");
        return null;
    }

    /* JADX WARN: Can't wrap try/catch for region: R(11:1|(1:3)(1:33)|4|(3:16|17|(2:19|(1:(7:30|7|8|9|10|11|12)(2:28|29))(2:23|24)))|6|7|8|9|10|11|12) */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x0090, code lost:
    
        s0.b.a.a.b.a.b.a.j("com.amazon.identity.auth.device.appid.a", "APIKey does not contain a client id");
        r10 = null;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static s0.b.a.a.a.l.b b(org.json.JSONObject r14) throws org.json.JSONException, s0.b.a.a.a.c {
        /*
            java.lang.String r0 = "com.amazon.identity.auth.device.appid.a"
            java.lang.String r1 = "ver"
            java.lang.String r1 = r14.getString(r1)
            java.lang.String r2 = "1"
            boolean r2 = r1.equals(r2)
            if (r2 == 0) goto L1a
            java.lang.String r2 = "appId"
            java.lang.String r2 = r14.getString(r2)
            r5 = r2
            r6 = r5
            goto L28
        L1a:
            java.lang.String r2 = "appFamilyId"
            java.lang.String r2 = r14.getString(r2)
            java.lang.String r3 = "appVariantId"
            java.lang.String r3 = r14.getString(r3)
            r5 = r2
            r6 = r3
        L28:
            java.lang.String r2 = "3"
            boolean r1 = r1.equals(r2)
            r2 = 0
            if (r1 == 0) goto L78
            java.lang.String r1 = "endpoints"
            org.json.JSONObject r1 = r14.getJSONObject(r1)     // Catch: org.json.JSONException -> L38
            goto L3e
        L38:
            java.lang.String r1 = "APIKey does not contain endpoints object"
            s0.b.a.a.b.a.b.a.j(r0, r1)
            r1 = r2
        L3e:
            if (r1 == 0) goto L78
            java.lang.String r3 = "authz"
            java.lang.String r3 = r1.getString(r3)
            java.lang.String r4 = "tokenExchange"
            java.lang.String r1 = r1.getString(r4)
            java.lang.String r4 = "https"
            if (r3 == 0) goto L62
            boolean r7 = r3.startsWith(r4)
            if (r7 == 0) goto L58
            goto L62
        L58:
            s0.b.a.a.a.c r14 = new s0.b.a.a.a.c
            s0.b.a.a.a.c$c r0 = s0.b.a.a.a.c.EnumC0406c.ERROR_BAD_PARAM
            java.lang.String r1 = "Authorization Host in APIKey is invalid"
            r14.<init>(r1, r0)
            throw r14
        L62:
            if (r1 == 0) goto L75
            boolean r4 = r1.startsWith(r4)
            if (r4 == 0) goto L6b
            goto L75
        L6b:
            s0.b.a.a.a.c r14 = new s0.b.a.a.a.c
            s0.b.a.a.a.c$c r0 = s0.b.a.a.a.c.EnumC0406c.ERROR_BAD_PARAM
            java.lang.String r1 = "Exchange Host in APIKey is invalid"
            r14.<init>(r1, r0)
            throw r14
        L75:
            r12 = r1
            r11 = r3
            goto L7a
        L78:
            r11 = r2
            r12 = r11
        L7a:
            java.lang.String r1 = "pkg"
            java.lang.String r7 = r14.getString(r1)
            java.lang.String r1 = "scopes"
            java.lang.String[] r8 = s0.b.a.a.a.q.b.a(r14, r1)
            java.lang.String r1 = "clientId"
            java.lang.String r0 = r14.getString(r1)     // Catch: org.json.JSONException -> L90
            r10 = r0
            goto L96
        L90:
            java.lang.String r1 = "APIKey does not contain a client id"
            s0.b.a.a.b.a.b.a.j(r0, r1)
            r10 = r2
        L96:
            java.lang.String r0 = "perm"
            java.lang.String[] r9 = s0.b.a.a.a.q.b.a(r14, r0)
            s0.b.a.a.a.l.b r0 = new s0.b.a.a.a.l.b
            r4 = r0
            r13 = r14
            r4.<init>(r5, r6, r7, r8, r9, r10, r11, r12, r13)
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.identity.auth.device.appid.a.b(org.json.JSONObject):s0.b.a.a.a.l.b");
    }

    private static void c(String str, JSONObject jSONObject, Context context) throws SecurityException, JSONException, PackageManager.NameNotFoundException, CertificateException, NoSuchAlgorithmException, IOException {
        s0.b.a.a.b.a.b.a.h("com.amazon.identity.auth.device.appid.a", "verifyPayload for packageName=", str);
        if (!jSONObject.getString(AuthenticationTokenClaims.JSON_KEY_ISS).equals("Amazon")) {
            StringBuilder E = s0.c.a.a.a.E("Decoding fails: issuer (");
            E.append(jSONObject.getString(AuthenticationTokenClaims.JSON_KEY_ISS));
            E.append(") is not = ");
            E.append("Amazon");
            throw new SecurityException(s0.c.a.a.a.y(E, " pkg=", str));
        }
        if (str != null && !str.equals(jSONObject.getString("pkg"))) {
            StringBuilder K = s0.c.a.a.a.K("Decoding fails: package names don't match! - ", str, " != ");
            K.append(jSONObject.getString("pkg"));
            throw new SecurityException(K.toString());
        }
        if (jSONObject.has("appsig")) {
            String string = jSONObject.getString("appsig");
            s0.b.a.a.b.a.b.a.h("com.amazon.identity.auth.device.appid.a", "Validating MD5 signature in API key", String.format("pkg = %s and signature %s", str, string));
            d(string, str, s0.b.a.a.a.q.a.MD5, context);
        }
        if (jSONObject.has("appsigSha256")) {
            String string2 = jSONObject.getString("appsigSha256");
            s0.b.a.a.b.a.b.a.h("com.amazon.identity.auth.device.appid.a", "Validating SHA256 signature in API key", String.format("pkg = %s and signature %s", str, string2));
            d(string2, str, s0.b.a.a.a.q.a.SHA_256, context);
        }
    }

    private static void d(String str, String str2, s0.b.a.a.a.q.a aVar, Context context) {
        if (str == null) {
            s0.b.a.a.b.a.b.a.a("com.amazon.identity.auth.device.appid.a", "App Signature is null. pkg=" + str2);
            throw new SecurityException(s0.c.a.a.a.r("Decoding failed: certificate fingerprint can't be verified! pkg=", str2));
        }
        String replace = str.replace(CertificateUtil.DELIMITER, "");
        List<String> a = i.a(str2, aVar, context);
        StringBuilder E = s0.c.a.a.a.E("Number of signatures = ");
        ArrayList arrayList = (ArrayList) a;
        E.append(arrayList.size());
        s0.b.a.a.b.a.b.a.e("com.amazon.identity.auth.device.appid.a", E.toString());
        s0.b.a.a.b.a.b.a.h("com.amazon.identity.auth.device.appid.a", "Fingerprint checking", a.toString());
        if (!arrayList.contains(replace.toLowerCase(Locale.US))) {
            throw new SecurityException(s0.c.a.a.a.r("Decoding failed: certificate fingerprint can't be verified! pkg=", str2));
        }
    }
}
