package com.intuit.config.signing;

import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import com.intuit.config.signing.validation.ErrorType;
import com.intuit.config.signing.validation.MatchedSignature;
import com.intuit.config.signing.validation.Status;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.codec.binary.Hex;

/* loaded from: classes3.dex */
public class Validator {
    protected static String[] VERSIONS_IN_ORDER = {"4.0.0", "2.0.0", "1.0.0"};
    protected SignatureMaterielList signatureMateriels;
    protected boolean verifySignature;

    public Validator(SignatureMaterielList signatureMaterielList, boolean z) {
        this.verifySignature = true;
        this.signatureMateriels = new SignatureMaterielList();
        this.signatureMateriels = signatureMaterielList;
        this.verifySignature = z;
    }

    public ValidationResponse process(ValidationResponseState validationResponseState, ValidationResponseState validationResponseState2, double d) {
        ValidationResponse validationResponse = new ValidationResponse(validationResponseState, validationResponseState2, d);
        if (this.verifySignature && validationResponseState2.httpStatusCode == -1) {
            validationResponse.status = Status.Unverified;
            validationResponse.errorType = ErrorType.None;
            return validationResponse;
        }
        if (validationResponseState.wasTLSError() || validationResponseState.httpStatusCode == -1) {
            validationResponse.status = Status.Error;
            validationResponse.errorType = validationResponseState.wasTLSError() ? ErrorType.DataDownloadTLSError : ErrorType.DataDownloadError;
            return validationResponse;
        }
        if (validationResponseState.invalidHTTPStatusCode()) {
            validationResponse.status = Status.Error;
            validationResponse.errorType = ErrorType.DataDownloadError;
            return validationResponse;
        }
        if (this.verifySignature) {
            if (validationResponseState2.wasTLSError() || validationResponseState2.httpStatusCode == -1) {
                validationResponse.status = Status.Error;
                validationResponse.errorType = validationResponseState2.wasTLSError() ? ErrorType.SignatureDownloadTLSError : ErrorType.SignatureDownloadError;
                return validationResponse;
            }
            if (validationResponseState2.invalidHTTPStatusCode()) {
                validationResponse.status = Status.Error;
                validationResponse.errorType = ErrorType.SignatureDownloadError;
                return validationResponse;
            }
        }
        if (validationResponseState.data == null) {
            validationResponse.status = Status.Error;
            validationResponse.errorType = ErrorType.DataDownloadError;
            return validationResponse;
        }
        if (!this.verifySignature) {
            validationResponse.status = Status.Unverified;
            validationResponse.errorType = ErrorType.None;
            return validationResponse;
        }
        if (this.signatureMateriels.isEmpty()) {
            validationResponse.status = Status.Error;
            validationResponse.errorType = ErrorType.NoKeys;
            return validationResponse;
        }
        if (validationResponseState2.data != null) {
            validateSignature(validationResponse);
            return validationResponse;
        }
        validationResponse.status = Status.Error;
        validationResponse.errorType = ErrorType.SignatureDownloadError;
        return validationResponse;
    }

    ValidationResponse validateSignature(ValidationResponse validationResponse) {
        char c;
        ValidationResponseState validationResponseState = validationResponse.primary;
        ValidationResponseState validationResponseState2 = validationResponse.signature;
        ArrayList<SignatureMateriel> secrets = this.signatureMateriels.secrets();
        ArrayList<SignatureMateriel> publicKeys = this.signatureMateriels.publicKeys();
        if (publicKeys.isEmpty() && secrets.isEmpty()) {
            validationResponse.status = Status.Error;
            validationResponse.errorType = ErrorType.NoKeys;
            return validationResponse;
        }
        try {
            Map map = (Map) new Gson().fromJson(validationResponse.signature.stringData.trim(), new TypeToken<Map<String, String>>() { // from class: com.intuit.config.signing.Validator.1
            }.getType());
            if (map == null) {
                validationResponse.status = Status.Error;
                validationResponse.errorType = ErrorType.SignatureJSONConversionError;
                return validationResponse;
            }
            Signer signer = new Signer();
            for (String str : VERSIONS_IN_ORDER) {
                if (map.containsKey(str)) {
                    String str2 = (String) map.get(str);
                    int hashCode = str.hashCode();
                    if (hashCode == 46670517) {
                        if (str.equals("1.0.0")) {
                            c = 2;
                        }
                        c = 65535;
                    } else if (hashCode != 47594038) {
                        if (hashCode == 49441080 && str.equals("4.0.0")) {
                            c = 0;
                        }
                        c = 65535;
                    } else {
                        if (str.equals("2.0.0")) {
                            c = 1;
                        }
                        c = 65535;
                    }
                    if (c == 0) {
                        Iterator<SignatureMateriel> it = publicKeys.iterator();
                        while (it.hasNext()) {
                            if (signer.rsaVerify(validationResponse.primary.data, Hex.decodeHex(str2.toCharArray()), it.next().getPublicKey(), HashType.SHA256).booleanValue()) {
                                validationResponse.status = Status.Verified;
                                validationResponse.errorType = ErrorType.None;
                                validationResponse.matchedSignature = new MatchedSignature(SignatureType.V_4_0_0, HashType.SHA256, str2);
                                return validationResponse;
                            }
                            continue;
                        }
                    } else if (c == 1) {
                        Iterator<SignatureMateriel> it2 = secrets.iterator();
                        while (it2.hasNext()) {
                            try {
                            } catch (Exception unused) {
                            }
                            if (signer.hmac(validationResponse.primary.data, new String(it2.next().getSecretData(), "UTF-8").getBytes("UTF-8"), HashType.SHA256).equals(str2)) {
                                validationResponse.status = Status.Verified;
                                validationResponse.errorType = ErrorType.None;
                                validationResponse.matchedSignature = new MatchedSignature(SignatureType.V_2_0_0, HashType.SHA256, str2);
                                return validationResponse;
                            }
                            continue;
                        }
                    } else if (c == 2) {
                        try {
                            if (signer.hash(validationResponse.primary.stringData, HashType.SHA256).equals(str2)) {
                                validationResponse.status = Status.Verified;
                                validationResponse.errorType = ErrorType.None;
                                validationResponse.matchedSignature = new MatchedSignature(SignatureType.V_1_0_0, HashType.SHA256, str2);
                                return validationResponse;
                            }
                            continue;
                        } catch (Exception unused2) {
                            continue;
                        }
                    }
                }
            }
            validationResponse.status = Status.Error;
            validationResponse.errorType = ErrorType.SignatureMismatch;
            return validationResponse;
        } catch (Exception unused3) {
            validationResponse.status = Status.Error;
            validationResponse.errorType = ErrorType.SignatureJSONConversionError;
            return validationResponse;
        }
    }
}
