package com.psiphon3.psiphonlibrary;

import com.psiphon3.psiphonlibrary.Utils;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class ServerEntryAuth {

    /* loaded from: classes.dex */
    public static class ServerEntryAuthException extends Exception {
        private static final long serialVersionUID = 1;

        public ServerEntryAuthException() {
        }

        public ServerEntryAuthException(String str) {
            super(str);
        }

        public ServerEntryAuthException(String str, Throwable th) {
            super(str, th);
        }

        public ServerEntryAuthException(Throwable th) {
            super(th);
        }
    }

    public static String validateAndExtractServerList(String str) throws ServerEntryAuthException {
        try {
            JSONObject jSONObject = new JSONObject(str);
            String string = jSONObject.getString("data");
            String string2 = jSONObject.getString("signature");
            if (Utils.Base64.encode(MessageDigest.getInstance("SHA256").digest(EmbeddedValues.REMOTE_SERVER_LIST_SIGNATURE_PUBLIC_KEY.getBytes())).compareTo(jSONObject.getString("signingPublicKeyDigest")) != 0) {
                Utils.MyLog.w(R.string.ServerEntryAuth_WrongPublicKey, Utils.MyLog.Sensitivity.NOT_SENSITIVE, new Object[0]);
                throw new ServerEntryAuthException();
            }
            PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Utils.Base64.decode(EmbeddedValues.REMOTE_SERVER_LIST_SIGNATURE_PUBLIC_KEY)));
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(generatePublic);
            signature.update(string.getBytes());
            if (signature.verify(Utils.Base64.decode(string2))) {
                return string;
            }
            Utils.MyLog.w(R.string.ServerEntryAuth_InvalidSignature, Utils.MyLog.Sensitivity.NOT_SENSITIVE, new Object[0]);
            throw new ServerEntryAuthException();
        } catch (InvalidKeyException e) {
            throw new ServerEntryAuthException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new ServerEntryAuthException(e2);
        } catch (SignatureException e3) {
            throw new ServerEntryAuthException(e3);
        } catch (InvalidKeySpecException e4) {
            throw new ServerEntryAuthException(e4);
        } catch (JSONException e5) {
            Utils.MyLog.w(R.string.ServerEntryAuth_FailedToParseRemoteServerEntry, Utils.MyLog.Sensitivity.NOT_SENSITIVE, e5);
            throw new ServerEntryAuthException(e5);
        }
    }
}
