package org.whispersystems.signalservice.internal.contacts.crypto;

import java.io.ByteArrayInputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.LinkedList;
import org.signal.core.util.Base64;

/* loaded from: classes6.dex */
public class SigningCertificate {
    private final CertPath path;

    public SigningCertificate(String str, KeyStore keyStore) throws CertificateException, CertPathValidatorException {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            LinkedList linkedList = new LinkedList(certificateFactory.generateCertificates(new ByteArrayInputStream(str.getBytes())));
            PKIXParameters pKIXParameters = new PKIXParameters(keyStore);
            CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
            if (linkedList.isEmpty()) {
                throw new CertificateException("No certificates available! Badly-formatted cert chain?");
            }
            CertPath generateCertPath = certificateFactory.generateCertPath(linkedList);
            this.path = generateCertPath;
            pKIXParameters.setRevocationEnabled(false);
            certPathValidator.validate(generateCertPath, pKIXParameters);
            verifyDistinguishedName(generateCertPath);
        } catch (InvalidAlgorithmParameterException | KeyStoreException | NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    private void verifyDistinguishedName(CertPath certPath) throws CertificateException {
        String name = ((X509Certificate) certPath.getCertificates().get(0)).getSubjectX500Principal().getName();
        if ("CN=Intel SGX Attestation Report Signing,O=Intel Corporation,L=Santa Clara,ST=CA,C=US".equals(name)) {
            return;
        }
        throw new CertificateException("Bad DN: " + name);
    }

    public void verifySignature(String str, String str2) throws SignatureException {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(this.path.getCertificates().get(0));
            signature.update(str.getBytes());
            if (signature.verify(Base64.decode(str2.getBytes()))) {
            } else {
                throw new SignatureException("Signature verification failed.");
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }
}
