package com.aetherpal.core.utils;

import android.content.Context;
import com.aetherpal.core.logger.ApLog;
import com.google.android.gms.common.util.AndroidUtilsLight;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;

/* loaded from: classes.dex */
public class CertUtils {
    public static final int ARCHIVE_CERTIFICATE_PARAM_INVALID = -1;
    public static final int ARCHIVE_SIGNATURE_MATCHED = 0;
    public static final int ARCHIVE_SIGNATURE_MISMATCH = -4;
    public static final int ARCHIVE_TAMPERED = -3;
    public static final int ARCHIVE_UNSIGNED = -2;
    public static final int SIGNATURE_MATCHED = 0;
    public static final int SIGNATURE_MISMATCH = -1;
    public static final int SIGNATURE_VERIFY_INTERNAL_ERROR = -2;
    protected static final char[] hexArray = "0123456789ABCDEF".toCharArray();

    private static X509Certificate[] orderCertChain(X509Certificate[] x509CertificateArr) throws CertificateException, NoSuchAlgorithmException {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        int length = x509CertificateArr.length;
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            MessageDigest messageDigest = MessageDigest.getInstance(AndroidUtilsLight.DIGEST_ALGORITHM_SHA1);
            messageDigest.update(x509Certificate.getIssuerX500Principal().getEncoded());
            byte[] digest = messageDigest.digest();
            MessageDigest messageDigest2 = MessageDigest.getInstance(AndroidUtilsLight.DIGEST_ALGORITHM_SHA1);
            messageDigest2.update(x509Certificate.getSubjectX500Principal().getEncoded());
            if (Arrays.equals(digest, messageDigest2.digest())) {
                x509CertificateArr2[length - 1] = x509Certificate;
            } else {
                arrayList.add(x509Certificate);
            }
        }
        for (int i = length - 2; i >= 0; i--) {
            X509Certificate x509Certificate2 = x509CertificateArr2[i + 1];
            if (x509Certificate2 == null) {
                throw new CertificateException("Certificate Chain Invalid");
            }
            MessageDigest messageDigest3 = MessageDigest.getInstance(AndroidUtilsLight.DIGEST_ALGORITHM_SHA1);
            messageDigest3.update(x509Certificate2.getSubjectX500Principal().getEncoded());
            byte[] digest2 = messageDigest3.digest();
            Iterator it = arrayList.iterator();
            while (true) {
                if (it.hasNext()) {
                    X509Certificate x509Certificate3 = (X509Certificate) it.next();
                    MessageDigest messageDigest4 = MessageDigest.getInstance(AndroidUtilsLight.DIGEST_ALGORITHM_SHA1);
                    messageDigest4.update(x509Certificate3.getIssuerX500Principal().getEncoded());
                    if (Arrays.equals(digest2, messageDigest4.digest())) {
                        x509CertificateArr2[i] = x509Certificate3;
                        arrayList.remove(x509Certificate3);
                        break;
                    }
                }
            }
        }
        return x509CertificateArr2;
    }

    public static String toHexString(byte[] bArr) {
        if (bArr == null || bArr.length <= 0) {
            return "";
        }
        char[] cArr = new char[((bArr.length - 1) * 6) + 4];
        int i = 0;
        while (i < bArr.length - 1) {
            int i2 = bArr[i] & 255;
            cArr[i * 6] = '0';
            cArr[(i * 6) + 1] = 'x';
            cArr[(i * 6) + 2] = hexArray[i2 >>> 4];
            cArr[(i * 6) + 3] = hexArray[i2 & 15];
            cArr[(i * 6) + 4] = ',';
            cArr[(i * 6) + 5] = ' ';
            i++;
        }
        int i3 = bArr[i] & 255;
        cArr[i * 6] = '0';
        cArr[(i * 6) + 1] = 'x';
        cArr[(i * 6) + 2] = hexArray[i3 >>> 4];
        cArr[(i * 6) + 3] = hexArray[i3 & 15];
        return new String(cArr);
    }

    private static X509Certificate validateCertPath(CertPath certPath, X509Certificate x509Certificate, X509Certificate... x509CertificateArr) {
        try {
            CertificateFactory.getInstance("X.509");
            CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(x509Certificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            if (x509CertificateArr != null) {
                pKIXParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(x509CertificateArr)), "BC"));
            }
            return (X509Certificate) certPath.getCertificates().get(0);
        } catch (Exception e) {
            ApLog.printStackTrace(e);
            return null;
        }
    }

    public static X509Certificate verifyCert(Context context, InputStream inputStream, int i, int i2) throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(context.getResources().openRawResource(i));
        X509Certificate x509Certificate2 = i2 > 0 ? (X509Certificate) certificateFactory.generateCertificate(context.getResources().openRawResource(i2)) : null;
        X509Certificate x509Certificate3 = (X509Certificate) certificateFactory.generateCertificate(inputStream);
        FileOutputStream openFileOutput = new File(new StringBuilder().append(context.getFilesDir()).append("/tenantCert.cert").toString()).exists() ? context.openFileOutput("tenantCert1.cert", 0) : context.openFileOutput("tenantCert.cert", 0);
        openFileOutput.write(x509Certificate3.getEncoded());
        openFileOutput.close();
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate3);
        if (x509Certificate2 != null) {
            arrayList.add(x509Certificate2);
        }
        arrayList.add(x509Certificate);
        return validateCertPath(certificateFactory.generateCertPath(arrayList), x509Certificate, x509Certificate2);
    }

    public static X509Certificate verifyCertChain(Context context, InputStream inputStream, int i) throws Exception {
        return verifyCertChain(context, inputStream, i, -1);
    }

    public static X509Certificate verifyCertChain(Context context, InputStream inputStream, int i, int i2) throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        return verifyCertChain(certificateFactory.generateCertPath(inputStream, "PKCS7"), (X509Certificate) certificateFactory.generateCertificate(context.getResources().openRawResource(i)), i2 > 0 ? (X509Certificate) certificateFactory.generateCertificate(context.getResources().openRawResource(i2)) : null);
    }

    public static X509Certificate verifyCertChain(CertPath certPath, X509Certificate x509Certificate, X509Certificate... x509CertificateArr) {
        try {
            ApLog.d("Root CN:", x509Certificate.getSubjectDN());
            ApLog.d("Intermediate CN:", x509CertificateArr[0].getSubjectDN());
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            X509Certificate[] x509CertificateArr2 = new X509Certificate[certPath.getCertificates().size()];
            ArrayList arrayList = new ArrayList();
            Iterator<? extends Certificate> it = certPath.getCertificates().iterator();
            while (it.hasNext()) {
                X509Certificate x509Certificate2 = (X509Certificate) it.next();
                MessageDigest messageDigest = MessageDigest.getInstance(AndroidUtilsLight.DIGEST_ALGORITHM_SHA1);
                messageDigest.update(x509Certificate2.getIssuerX500Principal().getEncoded());
                byte[] digest = messageDigest.digest();
                MessageDigest messageDigest2 = MessageDigest.getInstance(AndroidUtilsLight.DIGEST_ALGORITHM_SHA1);
                messageDigest2.update(x509Certificate2.getSubjectX500Principal().getEncoded());
                if (Arrays.equals(digest, messageDigest2.digest())) {
                    x509CertificateArr2[x509CertificateArr2.length - 1] = x509Certificate2;
                } else {
                    arrayList.add(x509Certificate2);
                }
            }
            for (int length = x509CertificateArr2.length - 2; length >= 0; length--) {
                X509Certificate x509Certificate3 = x509CertificateArr2[length + 1];
                MessageDigest messageDigest3 = MessageDigest.getInstance(AndroidUtilsLight.DIGEST_ALGORITHM_SHA1);
                messageDigest3.update(x509Certificate3.getSubjectX500Principal().getEncoded());
                byte[] digest2 = messageDigest3.digest();
                Iterator it2 = arrayList.iterator();
                while (true) {
                    if (it2.hasNext()) {
                        X509Certificate x509Certificate4 = (X509Certificate) it2.next();
                        MessageDigest messageDigest4 = MessageDigest.getInstance(AndroidUtilsLight.DIGEST_ALGORITHM_SHA1);
                        messageDigest4.update(x509Certificate4.getIssuerX500Principal().getEncoded());
                        if (Arrays.equals(digest2, messageDigest4.digest())) {
                            x509CertificateArr2[length] = x509Certificate4;
                            arrayList.remove(x509Certificate4);
                            break;
                        }
                    }
                }
            }
            for (X509Certificate x509Certificate5 : x509CertificateArr2) {
                ApLog.d("LIST CERT", x509Certificate5.getSubjectDN());
            }
            int length2 = x509CertificateArr2.length - 1;
            x509CertificateArr2[length2] = x509Certificate;
            for (X509Certificate x509Certificate6 : x509CertificateArr) {
                length2--;
                x509CertificateArr2[length2] = x509Certificate6;
            }
            return validateCertPath(certificateFactory.generateCertPath(Arrays.asList(x509CertificateArr2)), x509Certificate, x509CertificateArr);
        } catch (Exception e) {
            ApLog.printStackTrace(e);
            return null;
        }
    }

    public static int verifyFileSignature(File file, X509Certificate x509Certificate, byte[] bArr) throws FileNotFoundException {
        int i = 0;
        FileInputStream fileInputStream = null;
        BufferedInputStream bufferedInputStream = null;
        try {
            try {
                Signature signature = Signature.getInstance("SHA256withRSA");
                signature.initVerify(x509Certificate.getPublicKey());
                byte[] bArr2 = new byte[2048];
                FileInputStream fileInputStream2 = new FileInputStream(file);
                try {
                    BufferedInputStream bufferedInputStream2 = new BufferedInputStream(fileInputStream2);
                    while (true) {
                        try {
                            int read = bufferedInputStream2.read(bArr2);
                            if (read == -1) {
                                break;
                            }
                            signature.update(bArr2, 0, read);
                        } catch (IOException e) {
                            e = e;
                            bufferedInputStream = bufferedInputStream2;
                            fileInputStream = fileInputStream2;
                            ApLog.printStackTrace(e);
                            if (fileInputStream != null) {
                                try {
                                    fileInputStream.close();
                                } catch (IOException e2) {
                                    ApLog.printStackTrace(e2);
                                    i = -2;
                                    return i;
                                }
                            }
                            if (bufferedInputStream != null) {
                                bufferedInputStream.close();
                            }
                            i = -2;
                            return i;
                        } catch (InvalidKeyException e3) {
                            e = e3;
                            bufferedInputStream = bufferedInputStream2;
                            fileInputStream = fileInputStream2;
                            ApLog.printStackTrace(e);
                            if (fileInputStream != null) {
                                try {
                                    fileInputStream.close();
                                } catch (IOException e4) {
                                    ApLog.printStackTrace(e4);
                                    i = -2;
                                    return i;
                                }
                            }
                            if (bufferedInputStream != null) {
                                bufferedInputStream.close();
                            }
                            i = -2;
                            return i;
                        } catch (NoSuchAlgorithmException e5) {
                            e = e5;
                            bufferedInputStream = bufferedInputStream2;
                            fileInputStream = fileInputStream2;
                            ApLog.printStackTrace(e);
                            if (fileInputStream != null) {
                                try {
                                    fileInputStream.close();
                                } catch (IOException e6) {
                                    ApLog.printStackTrace(e6);
                                    i = -2;
                                    return i;
                                }
                            }
                            if (bufferedInputStream != null) {
                                bufferedInputStream.close();
                            }
                            i = -2;
                            return i;
                        } catch (SignatureException e7) {
                            e = e7;
                            bufferedInputStream = bufferedInputStream2;
                            fileInputStream = fileInputStream2;
                            ApLog.printStackTrace(e);
                            if (fileInputStream != null) {
                                try {
                                    fileInputStream.close();
                                } catch (IOException e8) {
                                    ApLog.printStackTrace(e8);
                                    i = -1;
                                    return i;
                                }
                            }
                            if (bufferedInputStream != null) {
                                bufferedInputStream.close();
                            }
                            i = -1;
                            return i;
                        } catch (Throwable th) {
                            th = th;
                            bufferedInputStream = bufferedInputStream2;
                            fileInputStream = fileInputStream2;
                            if (fileInputStream != null) {
                                try {
                                    fileInputStream.close();
                                } catch (IOException e9) {
                                    ApLog.printStackTrace(e9);
                                    throw th;
                                }
                            }
                            if (bufferedInputStream != null) {
                                bufferedInputStream.close();
                            }
                            throw th;
                        }
                    }
                    if (signature.verify(bArr)) {
                        if (fileInputStream2 != null) {
                            try {
                                fileInputStream2.close();
                            } catch (IOException e10) {
                                ApLog.printStackTrace(e10);
                            }
                        }
                        if (bufferedInputStream2 != null) {
                            bufferedInputStream2.close();
                        }
                        bufferedInputStream = bufferedInputStream2;
                        fileInputStream = fileInputStream2;
                    } else {
                        if (fileInputStream2 != null) {
                            try {
                                fileInputStream2.close();
                            } catch (IOException e11) {
                                ApLog.printStackTrace(e11);
                            }
                        }
                        if (bufferedInputStream2 != null) {
                            bufferedInputStream2.close();
                        }
                        bufferedInputStream = bufferedInputStream2;
                        fileInputStream = fileInputStream2;
                        i = -1;
                    }
                } catch (IOException e12) {
                    e = e12;
                    fileInputStream = fileInputStream2;
                } catch (InvalidKeyException e13) {
                    e = e13;
                    fileInputStream = fileInputStream2;
                } catch (NoSuchAlgorithmException e14) {
                    e = e14;
                    fileInputStream = fileInputStream2;
                } catch (SignatureException e15) {
                    e = e15;
                    fileInputStream = fileInputStream2;
                } catch (Throwable th2) {
                    th = th2;
                    fileInputStream = fileInputStream2;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (IOException e16) {
            e = e16;
        } catch (InvalidKeyException e17) {
            e = e17;
        } catch (NoSuchAlgorithmException e18) {
            e = e18;
        } catch (SignatureException e19) {
            e = e19;
        }
        return i;
    }

    public static int verifyFileSignature(String str, X509Certificate x509Certificate, byte[] bArr) throws FileNotFoundException {
        File file = new File(str);
        if (file.exists()) {
            return verifyFileSignature(file, x509Certificate, bArr);
        }
        throw new FileNotFoundException(str + " is not found");
    }

    public static int verifySignedArchive(X509Certificate x509Certificate, String str) throws IOException {
        X509Certificate[] x509CertificateArr;
        X509Certificate[] orderCertChain;
        JarFile jarFile = new JarFile(str, true);
        if (x509Certificate == null) {
            return -1;
        }
        Vector vector = new Vector();
        if (jarFile.getManifest() == null) {
            return -2;
        }
        byte[] bArr = new byte[8192];
        Enumeration<JarEntry> entries = jarFile.entries();
        while (entries.hasMoreElements()) {
            try {
                JarEntry nextElement = entries.nextElement();
                if (!nextElement.isDirectory()) {
                    vector.addElement(nextElement);
                    InputStream inputStream = jarFile.getInputStream(nextElement);
                    do {
                    } while (inputStream.read(bArr) != -1);
                    inputStream.close();
                }
            } catch (SecurityException e) {
                ApLog.printStackTrace(e);
                return -3;
            }
        }
        Enumeration elements = vector.elements();
        while (elements.hasMoreElements()) {
            JarEntry jarEntry = (JarEntry) elements.nextElement();
            Certificate[] certificates = jarEntry.getCertificates();
            if (certificates != null && certificates.length != 0) {
                try {
                    x509CertificateArr = new X509Certificate[certificates.length];
                    int i = 0;
                    int length = certificates.length;
                    int i2 = 0;
                    while (true) {
                        int i3 = i;
                        if (i2 >= length) {
                            break;
                        }
                        i = i3 + 1;
                        x509CertificateArr[i3] = (X509Certificate) certificates[i2];
                        i2++;
                    }
                } catch (ClassCastException e2) {
                    ApLog.printStackTrace(e2);
                    x509CertificateArr = null;
                }
                boolean z = false;
                try {
                    orderCertChain = orderCertChain(x509CertificateArr);
                } catch (NoSuchAlgorithmException e3) {
                    ApLog.printStackTrace(e3);
                } catch (CertificateException e4) {
                    ApLog.printStackTrace(e4);
                }
                if (orderCertChain == null || orderCertChain[0] == null) {
                    return -2;
                }
                z = orderCertChain[0].equals(x509Certificate);
                if (!z) {
                    return -4;
                }
            } else if (!jarEntry.getName().startsWith("META-INF")) {
                return -2;
            }
        }
        jarFile.close();
        return 0;
    }
}
