package com.lookout.micropush;

import com.e.a.c.c;
import com.lookout.i.a.b;
import com.lookout.network.e;
import com.lookout.network.l;
import java.io.IOException;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;

/* loaded from: classes.dex */
public class CertificateFetcher {

    /* renamed from: a, reason: collision with root package name */
    final e f7101a;

    /* renamed from: b, reason: collision with root package name */
    final CertificateUtils f7102b;

    public CertificateFetcher(e eVar) {
        this(eVar, new CertificateUtils());
    }

    CertificateFetcher(e eVar, CertificateUtils certificateUtils) {
        this.f7101a = eVar;
        this.f7102b = certificateUtils;
    }

    public byte[] fetchCertificateDer(URL url) {
        return this.f7102b.convertPemCertificateToDer(this.f7101a.a(new l(null).a(url.toString()).b()).a());
    }

    public MicropushPublicKeyRecord retrieveLatestMicropushPublicKeyRecord(URL url, c cVar, X509Certificate x509Certificate) {
        if (url == null) {
            throw new MalformedMessageException("Empty certURL in jws, can't fetch certificate.");
        }
        byte[] a2 = cVar.a();
        try {
            byte[] fetchCertificateDer = fetchCertificateDer(url);
            try {
                if (!Arrays.equals(a2, b.a(fetchCertificateDer))) {
                    throw new SecurityException("The retrieved certificate hash doesn't match the one in the jws, means there was a server error.");
                }
                X509Certificate certificateFromByteArray = this.f7102b.getCertificateFromByteArray(fetchCertificateDer);
                if (!this.f7102b.validateCertificate(x509Certificate, certificateFromByteArray)) {
                    throw new SecurityException("Couldn't verify fetched certificate.");
                }
                byte[] rSAPublicKeyModulusFromPublicKey = this.f7102b.getRSAPublicKeyModulusFromPublicKey((RSAPublicKey) certificateFromByteArray.getPublicKey());
                if (rSAPublicKeyModulusFromPublicKey == null) {
                    throw new SecurityException("Couldn't get public key modulus from fetched certificate.");
                }
                return new MicropushPublicKeyRecord(rSAPublicKeyModulusFromPublicKey, a2, fetchCertificateDer);
            } catch (IOException | NoSuchAlgorithmException e2) {
                throw new IllegalStateException("Couldn't verify that retrieved certificate thumbprint matches the one from the jws", e2);
            }
        } catch (IllegalArgumentException e3) {
            throw new MalformedMessageException("Fetched certificate not base64 encoded", e3);
        }
    }
}
