package com.android.tools.build.bundletool.transparency;

import com.android.tools.build.bundletool.model.exceptions.CommandExecutionException;
import com.android.tools.build.bundletool.model.exceptions.InvalidCommandException;
import com.google.common.hash.Hashing;
import com.google.common.io.ByteSource;
import com.google.common.primitives.Bytes;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.stream.Collectors;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:com/android/tools/build/bundletool/transparency/CodeTransparencyCryptoUtils.class */
public final class CodeTransparencyCryptoUtils {
    public static JsonWebSignature parseJws(ByteSource byteSource) {
        try {
            return JsonWebSignature.fromCompactSerialization(byteSource.asCharSource(Charset.defaultCharset()).read());
        } catch (JoseException | IOException e) {
            throw CommandExecutionException.builder().withInternalMessage("Unable to deserialize JWS from code transparency file.").withCause(e).build();
        }
    }

    public static boolean verifySignature(JsonWebSignature jsonWebSignature) {
        try {
            jsonWebSignature.setKey(jsonWebSignature.getLeafCertificateHeaderValue().getPublicKey());
            jsonWebSignature.setAlgorithmConstraints(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, new String[]{"RS256"}));
            return jsonWebSignature.verifySignature();
        } catch (JoseException e) {
            throw CommandExecutionException.builder().withInternalMessage("Exception while verifying code transparency signature.").withCause(e).build();
        }
    }

    public static String getCertificateFingerprint(JsonWebSignature jsonWebSignature) {
        try {
            return getCertificateFingerprint(jsonWebSignature.getLeafCertificateHeaderValue());
        } catch (JoseException e) {
            throw CommandExecutionException.builder().withInternalMessage("Unable to retrieve certificate header value from JWS.").withCause(e).build();
        }
    }

    public static String getCertificateFingerprint(X509Certificate x509Certificate) {
        return (String) Bytes.asList(getCertificateFingerprintBytes(x509Certificate)).stream().map(b -> {
            return String.format("%02X", b);
        }).collect(Collectors.joining(" "));
    }

    public static X509Certificate getX509Certificate(Path path) {
        try {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            Throwable th = null;
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(newInputStream);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return x509Certificate;
            } catch (Throwable th3) {
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                throw th3;
            }
        } catch (IOException e) {
            throw InvalidCommandException.builder().withInternalMessage("Unable to read public key certificate from the provided path.").withCause(e).build();
        } catch (CertificateException e2) {
            throw InvalidCommandException.builder().withInternalMessage("Unable to generate X509Certificate.").withCause(e2).build();
        }
    }

    private static byte[] getCertificateFingerprintBytes(X509Certificate x509Certificate) {
        try {
            return ByteSource.wrap(x509Certificate.getEncoded()).hash(Hashing.sha256()).asBytes();
        } catch (IOException | CertificateEncodingException e) {
            throw CommandExecutionException.builder().withInternalMessage("Unable to get certificate fingerprint value.").withCause(e).build();
        }
    }

    private CodeTransparencyCryptoUtils() {
    }
}
