package com.lookout.micropush;

import com.lookout.javacommons.util.HashUtils;
import com.lookout.restclient.LookoutRestClient;
import com.lookout.restclient.LookoutRestRequest;
import com.lookout.shaded.slf4j.Logger;
import com.lookout.shaded.slf4j.LoggerFactory;
import com.nimbusds.jose.util.Base64URL;
import java.io.IOException;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;

/* loaded from: classes6.dex */
public final class a {
    final LookoutRestClient a;
    final CertificateUtils b;
    final Logger c;

    public a(LookoutRestClient lookoutRestClient) {
        this(lookoutRestClient, new CertificateUtils());
    }

    private a(LookoutRestClient lookoutRestClient, CertificateUtils certificateUtils) {
        this.c = LoggerFactory.getLogger(getClass());
        this.a = lookoutRestClient;
        this.b = certificateUtils;
    }

    public final h a(URL url, Base64URL base64URL, X509Certificate x509Certificate) {
        if (url == null) {
            throw new d("Empty certURL in jws, can't fetch certificate.");
        }
        new StringBuilder("retrieving cert for: ").append(url);
        byte[] decode = base64URL.decode();
        try {
            byte[] convertPemCertificateToDer = this.b.convertPemCertificateToDer(this.a.dispatchRequest(new LookoutRestRequest.GetRequestBuilder(null).baseUrl(url.toString()).build()).getBody());
            try {
                if (!Arrays.equals(decode, HashUtils.SHA1(convertPemCertificateToDer))) {
                    throw new SecurityException("The retrieved certificate hash doesn't match the one in the jws, means there was a server error.");
                }
                X509Certificate certificateFromByteArray = this.b.getCertificateFromByteArray(convertPemCertificateToDer);
                if (this.b.validateCertificate(x509Certificate, certificateFromByteArray)) {
                    byte[] rSAPublicKeyModulusFromPublicKey = this.b.getRSAPublicKeyModulusFromPublicKey((RSAPublicKey) certificateFromByteArray.getPublicKey());
                    if (rSAPublicKeyModulusFromPublicKey != null) {
                        return new h(rSAPublicKeyModulusFromPublicKey, decode, convertPemCertificateToDer);
                    }
                    throw new SecurityException("Couldn't get public key modulus from fetched certificate.");
                }
                throw new SecurityException("Couldn't verify fetched certificate. {Domain Name:} " + certificateFromByteArray.getIssuerDN().getName() + " {Issuer Name:} " + certificateFromByteArray.getIssuerX500Principal().getName());
            } catch (IOException | NoSuchAlgorithmException e) {
                throw new IllegalStateException("Couldn't verify that retrieved certificate thumbprint matches the one from the jws", e);
            }
        } catch (IllegalArgumentException e2) {
            throw new d("Fetched certificate not base64 encoded", e2);
        }
    }
}
