package com.lookout.micropush.internal;

import com.lookout.d.b.g;
import com.lookout.micropush.internal.MicropushPublicKeysSQLiteOpenHelper;
import com.lookout.network.j;
import com.lookout.u;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;

/* loaded from: classes.dex */
public class CertificateFetcher {

    /* renamed from: a, reason: collision with root package name */
    private final com.lookout.network.d f1921a;

    public CertificateFetcher(com.lookout.network.d dVar) {
        this.f1921a = dVar;
    }

    private byte[] a(URL url) {
        return CertificateUtils.b(this.f1921a.a(new j(null).a(url.toString()).a()).a());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(MicropushCommand micropushCommand, URL url, com.d.a.c.c cVar) {
        if (cVar == null) {
            throw new IllegalArgumentException("Certificate thumbprint (x5t) is empty, can't verify jws");
        }
        byte[] a2 = cVar.a();
        byte[] certificateThumbprint = micropushCommand.getCertificateThumbprint();
        if (Arrays.equals(a2, certificateThumbprint)) {
            u.b("The x5t's match, we have the latest certificate.");
            return;
        }
        u.b("The x5t's don't match, continuing to fetch a new certificate.  Currently stored x5t length [" + (certificateThumbprint == null ? "NULL" : g.b(certificateThumbprint)) + "] fetched [" + (a2 == null ? "NULL" : g.b(a2)) + "] ");
        if (url == null) {
            throw new MalformedMessageException("Empty certURL in jws, can't fetch certificate.");
        }
        try {
            byte[] a3 = a(url);
            try {
                if (!Arrays.equals(a2, g.a(a3))) {
                    throw new SecurityException("The retrieved certificate hash doesn't match the one in the jws, means there was a server error.");
                }
                X509Certificate a4 = CertificateUtils.a(a3);
                if (!CertificateUtils.a(micropushCommand.getCertificateAuthority(), a4)) {
                    throw new SecurityException("Couldn't verify fetched certificate.");
                }
                byte[] a5 = CertificateUtils.a((RSAPublicKey) a4.getPublicKey());
                if (a5 == null) {
                    throw new SecurityException("Couldn't get public key modulus from fetched certificate.");
                }
                micropushCommand.setPublicKeyRecord(new MicropushPublicKeysSQLiteOpenHelper.MicropushPublicKeyRecord(a5, a2, a3));
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException("Couldn't verify that retrieved certificate thumbprint matches the one from the jws", e);
            }
        } catch (IllegalArgumentException e2) {
            throw new MalformedMessageException("Fetched certificate not base64 encoded", e2);
        }
    }
}
