package network.bigmama.service;

import a7.t;
import android.util.Base64;
import f7.a0;
import f7.w;
import f7.y;
import f7.z;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.util.Map;
import network.bigmama.protocol.ProtoModel;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class g {

    /* renamed from: c, reason: collision with root package name */
    private static final String f10942c = b7.d.b(g.class);

    /* renamed from: d, reason: collision with root package name */
    private static final Map<String, String> f10943d = l4.g.h("local", "FOUJkX+UHVfI7IBk6Wvnaz3jcQHD9ejgwJRx3fPKqbg=", "stage", "FOUJkX+UHVfI7IBk6Wvnaz3jcQHD9ejgwJRx3fPKqbg=", "prod", "wFRBTcH4N40elGKUgbz6Wkl/3/dE5QyfdQDkY0vuTgA=");

    /* renamed from: e, reason: collision with root package name */
    private static final u6.d f10944e = u6.c.b("Ed25519");

    /* renamed from: a, reason: collision with root package name */
    private final w f10945a;

    /* renamed from: b, reason: collision with root package name */
    private final r6.d f10946b;

    public g(VpnService vpnService) {
        this.f10945a = t.c(vpnService, 15000L);
        this.f10946b = new r6.d(new u6.f(Base64.decode(f10943d.get(vpnService.c().k()), 0), f10944e));
    }

    private boolean a(byte[] bArr, r6.d dVar, String str) {
        try {
            byte[] decode = Base64.decode(str, 0);
            try {
                byte[] digest = MessageDigest.getInstance("SHA256").digest(bArr);
                r6.a aVar = new r6.a(MessageDigest.getInstance(f10944e.c()));
                aVar.initVerify(dVar);
                aVar.update(digest);
                return aVar.verify(decode);
            } catch (InvalidKeyException e8) {
                throw new IllegalStateException(e8);
            } catch (NoSuchAlgorithmException e9) {
                throw new IllegalStateException(e9);
            } catch (SignatureException e10) {
                throw new IllegalStateException(e10);
            }
        } catch (IllegalArgumentException unused) {
            throw new a7.n("invalid signature (base64 failed)");
        }
    }

    private a0 b(y yVar) {
        return this.f10945a.v(yVar).d();
    }

    private String d(ProtoModel.AtlasNode atlasNode) {
        return "https://" + atlasNode.getProperties().getApiEndpoint().getHost() + ':' + atlasNode.getProperties().getApiEndpoint().getPort();
    }

    private r6.d e(ProtoModel.AtlasNode atlasNode) {
        try {
            return new r6.d(new u6.f(Base64.decode(atlasNode.getProperties().getPublicKey(), 0), f10944e));
        } catch (IllegalArgumentException e8) {
            throw new a7.f("failed to decode node public key from base64", e8);
        }
    }

    private byte[] g(ProtoModel.AtlasNode atlasNode, a0 a0Var) {
        byte[] a8 = a0Var.a().a();
        String M = a0Var.M("Signature");
        if (M == null) {
            throw new a7.n("no Signature header");
        }
        if (a(a8, e(atlasNode), M)) {
            return a8;
        }
        throw new a7.n("signature verification failed");
    }

    public ProtoModel.FullAtlas c(ProtoModel.AtlasNode atlasNode) {
        a0 b8 = b(new y.a().n(d(atlasNode) + "/atlas").b().a());
        try {
            if (b8.z() != 200) {
                throw new IOException("Failed to get the atlas, status: " + b8.z());
            }
            byte[] g8 = g(atlasNode, b8);
            String M = b8.M("X-Registry-Signature");
            if (M == null) {
                throw new a7.n("no registry signature");
            }
            if (a(g8, this.f10946b, M)) {
                ProtoModel.FullAtlas parseFrom = ProtoModel.FullAtlas.parseFrom(g8);
                b8.close();
                return parseFrom;
            }
            throw new a7.n("registry signature verification failed (provided=" + M + ")");
        } catch (Throwable th) {
            if (b8 != null) {
                try {
                    b8.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public ProtoModel.VpnConfig f(ProtoModel.AtlasNode atlasNode, o5.b bVar) {
        a0 b8 = b(new y.a().n(d(atlasNode) + "/client").g(z.c(ProtoModel.ClientIntro.newBuilder().setPublicKey(bVar.g()).build().toByteArray())).a());
        try {
            if (b8.z() == 200) {
                ProtoModel.VpnConfig parseFrom = ProtoModel.VpnConfig.parseFrom(g(atlasNode, b8));
                b8.close();
                return parseFrom;
            }
            throw new IOException("Failed to get the VPN config: status " + b8.z());
        } catch (Throwable th) {
            if (b8 != null) {
                try {
                    b8.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
