package com.lookout.micropush.internal;

import android.text.TextUtils;
import com.lookout.af;
import com.lookout.u;
import com.lookout.w;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPublicKeySpec;
import java.text.ParseException;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class MicropushJwtParser {
    public static final int POSITIVE = 1;
    public static final String RSA_PROVIDER_NAME = "RSA";

    /* renamed from: a, reason: collision with root package name */
    protected static final byte[] f1927a = {1, 0, 1};

    /* renamed from: b, reason: collision with root package name */
    private final MicropushCommandFactory f1928b;
    private String c;
    private CertificateFetcher d;

    public MicropushJwtParser() {
        this(new MicropushCommandFactory(), new CertificateFetcher(af.a()));
    }

    public MicropushJwtParser(MicropushCommandFactory micropushCommandFactory, CertificateFetcher certificateFetcher) {
        this.f1928b = micropushCommandFactory;
        this.d = certificateFetcher;
    }

    private MicropushCommand a(String str, String str2, com.d.b.b bVar, String str3) {
        try {
            MicropushCommand micropushCommand = this.f1928b.getMicropushCommand(str, str2, new JSONObject(bVar.g("payload")), str3, bVar.h());
            if (micropushCommand != null) {
                return micropushCommand;
            }
            u.d("Couldn't get micropush command from json.");
            return micropushCommand;
        } catch (IllegalArgumentException e) {
            u.d("Invalid micropush command issuer [" + str + "] subject [" + str2 + "]");
            return null;
        } catch (ParseException e2) {
            u.d("Couldn't find claim in claimset.", e2);
            return null;
        } catch (JSONException e3) {
            u.d("Couldn't get micropush payload json from jwt.", e3);
            return null;
        }
    }

    private void a(String str, String str2, com.d.b.b bVar, com.d.b.c cVar) {
        MicropushCommand prototype = this.f1928b.getPrototype(str, str2);
        com.d.a.u b2 = cVar.b();
        if (b2 == null) {
            throw new MalformedMessageException("Couldn't get jws header.");
        }
        this.d.a(prototype, b2.c(), b2.d());
        if (!cVar.a(new com.d.a.a.c((RSAPublicKey) KeyFactory.getInstance(RSA_PROVIDER_NAME).generatePublic(new RSAPublicKeySpec(new BigInteger(1, prototype.getPublicKey()), new BigInteger(1, f1927a)))))) {
            throw new SecurityException("Invalid signature on jwt.");
        }
        if (!a(bVar)) {
            throw new SecurityException("Invalid guid.");
        }
    }

    private boolean a(com.d.b.b bVar) {
        String a2 = a();
        if (TextUtils.isEmpty(a2)) {
            u.c("Our guid not available, skipping check.");
        } else if (!bVar.d().contains(a2)) {
            u.d("Guid doesn't match.");
            return false;
        }
        return true;
    }

    protected String a() {
        if (TextUtils.isEmpty(this.c)) {
            this.c = w.b().b("./flexilis/config/general/DeviceGuid");
        }
        return this.c;
    }

    public MicropushCommand newVerifiedCommand(String str, String str2) {
        if (com.lookout.e.a()) {
            u.b("About to parse jwt [" + str2 + "] for command id [" + str + "]");
        }
        com.d.b.c b2 = com.d.b.c.b(str2);
        if (b2 == null) {
            throw new MalformedMessageException("Couldn't get signed jwt.");
        }
        com.d.b.b e = b2.e();
        if (e == null) {
            throw new MalformedMessageException("Couldn't get jwt claims set.");
        }
        String b3 = e.b();
        String c = e.c();
        if (TextUtils.isEmpty(b3) || TextUtils.isEmpty(c)) {
            throw new MalformedMessageException("Didn't contain issuer/subject.");
        }
        try {
            a(b3, c, e, b2);
            return a(b3, c, e, str);
        } catch (SecurityException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new SecurityException("Invalid signature.", e3);
        }
    }
}
