package com.lookout.micropush;

import c.f.a.u.c;
import com.lookout.restclient.LookoutRestRequest;
import com.lookout.restclient.e;
import com.lookout.shaded.slf4j.Logger;
import com.lookout.shaded.slf4j.b;
import java.io.IOException;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;

/* loaded from: classes.dex */
public class CertificateFetcher {

    /* renamed from: a, reason: collision with root package name */
    final e f16033a;

    /* renamed from: b, reason: collision with root package name */
    final CertificateUtils f16034b;

    /* renamed from: c, reason: collision with root package name */
    final Logger f16035c;

    public CertificateFetcher(e eVar) {
        this(eVar, new CertificateUtils());
    }

    CertificateFetcher(e eVar, CertificateUtils certificateUtils) {
        this.f16035c = b.a(CertificateFetcher.class);
        this.f16033a = eVar;
        this.f16034b = certificateUtils;
    }

    public byte[] fetchCertificateDer(URL url) {
        LookoutRestRequest.b bVar = new LookoutRestRequest.b(null);
        bVar.a(url.toString());
        return this.f16034b.convertPemCertificateToDer(this.f16033a.a(bVar.a()).a());
    }

    public MicropushPublicKeyRecord retrieveLatestMicropushPublicKeyRecord(URL url, c cVar, X509Certificate x509Certificate) {
        if (url == null) {
            throw new MalformedMessageException("Empty certURL in jws, can't fetch certificate.");
        }
        this.f16035c.info("retrieving cert for: " + url);
        byte[] a2 = cVar.a();
        try {
            byte[] fetchCertificateDer = fetchCertificateDer(url);
            try {
                if (!Arrays.equals(a2, com.lookout.o0.b.b.a(fetchCertificateDer))) {
                    throw new SecurityException("The retrieved certificate hash doesn't match the one in the jws, means there was a server error.");
                }
                X509Certificate certificateFromByteArray = this.f16034b.getCertificateFromByteArray(fetchCertificateDer);
                if (this.f16034b.validateCertificate(x509Certificate, certificateFromByteArray)) {
                    byte[] rSAPublicKeyModulusFromPublicKey = this.f16034b.getRSAPublicKeyModulusFromPublicKey((RSAPublicKey) certificateFromByteArray.getPublicKey());
                    if (rSAPublicKeyModulusFromPublicKey != null) {
                        return new MicropushPublicKeyRecord(rSAPublicKeyModulusFromPublicKey, a2, fetchCertificateDer);
                    }
                    throw new SecurityException("Couldn't get public key modulus from fetched certificate.");
                }
                throw new SecurityException("Couldn't verify fetched certificate. {Domain Name:} " + certificateFromByteArray.getIssuerDN().getName() + " {Issuer Name:} " + certificateFromByteArray.getIssuerX500Principal().getName());
            } catch (IOException | NoSuchAlgorithmException e2) {
                throw new IllegalStateException("Couldn't verify that retrieved certificate thumbprint matches the one from the jws", e2);
            }
        } catch (IllegalArgumentException e3) {
            throw new MalformedMessageException("Fetched certificate not base64 encoded", e3);
        }
    }
}
