package org.commcare.utils;

import android.util.Pair;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.regex.Pattern;
import net.sqlcipher.database.SQLiteDatabase;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.commcare.activities.DrawActivity;
import org.commcare.util.Base64;
import org.commcare.util.Base64DecoderException;
import org.conscrypt.SSLUtils;

/* loaded from: classes.dex */
public class SigningUtil {
    public static final Pattern WHITELISTED_URL_HOSTS_REGEX = Pattern.compile("\\.commcarehq\\.org$");

    /* loaded from: classes.dex */
    public static class DisallowedSMSInstallURLException extends RuntimeException {
        public DisallowedSMSInstallURLException(String str) {
            super(str);
        }
    }

    public static void assertWhitelistedUrlHost(String str) {
        try {
            URL url = new URL(str);
            if (WHITELISTED_URL_HOSTS_REGEX.matcher(url.getHost()).find()) {
                return;
            }
            throw new DisallowedSMSInstallURLException(url + " is not an approved URL.");
        } catch (MalformedURLException unused) {
            throw new RuntimeException(str + " is not a valid URL.");
        }
    }

    public static String convertEncodedUrlToPayload(String str) throws IOException, Base64DecoderException {
        return readURL(decodeUrl(str));
    }

    public static String decodeUrl(String str) throws Base64DecoderException, UnsupportedEncodingException {
        if (!str.startsWith("http://") && !str.startsWith("https://")) {
            str = new String(Base64.decode(str), SQLiteDatabase.KEY_ENCODING);
        }
        assertWhitelistedUrlHost(str);
        return str;
    }

    public static byte[] getBytesFromString(String str) throws Exception {
        return Base64.decode(str);
    }

    public static String getDownloadLink(byte[] bArr) throws Exception {
        String str = new String(bArr, SQLiteDatabase.KEY_ENCODING);
        return str.substring(str.indexOf("ccapp: ") + 7, str.indexOf(DrawActivity.OPTION_SIGNATURE) - 1);
    }

    public static byte[] getMessageBytes(byte[] bArr) {
        byte[] bArr2 = new byte[getSignatureStartIndex(bArr)];
        for (int i = 0; i < getSignatureStartIndex(bArr); i++) {
            bArr2[i] = bArr[i];
        }
        return bArr2;
    }

    public static PublicKey getPublicKey(String str) throws Base64DecoderException, NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance(SSLUtils.KEY_TYPE_RSA).generatePublic(new X509EncodedKeySpec(Base64.decode(str)));
    }

    public static byte[] getSignatureBytes(byte[] bArr) {
        int signatureStartIndex = getSignatureStartIndex(bArr);
        int length = bArr.length - signatureStartIndex;
        byte[] bArr2 = new byte[length];
        for (int i = 0; i < length; i++) {
            bArr2[i] = bArr[i + signatureStartIndex];
        }
        return bArr2;
    }

    public static int getSignatureStartIndex(byte[] bArr) {
        int i = 0;
        int i2 = 0;
        for (byte b : bArr) {
            if (b == 32) {
                if (i == 2) {
                    return i2 + 1;
                }
                i++;
            }
            i2++;
        }
        return -1;
    }

    public static Pair<String, byte[]> getUrlAndSignatureFromPayload(byte[] bArr) throws Exception {
        return new Pair<>(getDownloadLink(getMessageBytes(bArr)), getSignatureBytes(bArr));
    }

    public static String readURL(String str) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new URL(str).openStream()));
        String readLine = bufferedReader.readLine();
        if (readLine == null) {
            readLine = "";
        }
        bufferedReader.close();
        return readLine;
    }

    public static String trimMessagePayload(String str) {
        return str.substring(str.indexOf(GlobalConstants.SMS_INSTALL_KEY_STRING) + 30 + 1);
    }

    public static String verifyMessageAndBytes(String str, String str2, byte[] bArr) throws Exception {
        if (verifyMessageSignatureHelper(str, str2, bArr)) {
            return str2;
        }
        return null;
    }

    public static String verifyMessageAndBytes(String str, byte[] bArr) throws Exception {
        return verifyMessageAndBytes("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHiuy2ULV4pobkuQN2TEjmR1tnHJ+F335hm/lVdaFQzvBmeq64MUMbumheVLDJaSUiAVzqSHDKJWH01ZQRowqBYjwoycVSQSeO2glc6XZZ+CJudAPXe8iFWLQp3kBBnBmVcBXCOQFO7aLgQMv4nqKZsLW0HaAJkjpnc165Os+aYwIDAQAB", str, bArr);
    }

    public static boolean verifyMessageSignature(PublicKey publicKey, String str, byte[] bArr) throws SignatureException, NoSuchAlgorithmException, InvalidKeyException {
        Signature signature = Signature.getInstance("SHA256withRSA/PSS", new BouncyCastleProvider());
        byte[] bytes = str.getBytes();
        signature.initVerify(publicKey);
        signature.update(bytes);
        return signature.verify(bArr);
    }

    public static boolean verifyMessageSignatureHelper(String str, String str2, byte[] bArr) throws Base64DecoderException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException, InvalidKeyException {
        return verifyMessageSignature(getPublicKey(str), str2, bArr);
    }
}
