package defpackage;

import android.content.Context;
import com.huawei.hbu.foundation.utils.aq;
import com.huawei.hbu.foundation.utils.e;
import com.huawei.hbu.foundation.utils.j;
import com.huawei.hbu.foundation.utils.log.Log;
import com.huawei.hbu.foundation.utils.u;
import com.huawei.secure.android.common.util.SafeBase64;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;

/* compiled from: X509CertificateUtils.java */
/* loaded from: classes6.dex */
public class jw {
    private static final String a = "X509CertificateUtils";
    private static final int b = 5;
    private static final String c = "X.509";
    private static final String d = "bks";
    private static final String e = "OU";
    private static final String f = "CN";
    private static final String g = "052root";
    private static final String h = "hmsrootcas.bks";
    private static final String i = "updatesdkcas_test.bks";
    private static final int j = -1;
    private static final String k = "=";
    private static final String l = ",";
    private static final String m = "Huawei CBG HUAWEI Books";
    private static final String n = "Huawei CBG Cloud Security Signer";

    private jw() {
    }

    private static String a(String str, String str2) {
        if (aq.isEmpty(str) || aq.isEmpty(str2)) {
            Log.e(a, "getValueByKey, subject distinguished name or key is empty");
            return null;
        }
        int indexOf = str.toUpperCase(Locale.ROOT).indexOf(str2 + "=");
        if (indexOf == -1) {
            Log.e(a, "getValueByKey, the key is not exist");
            return null;
        }
        int indexOf2 = str.indexOf(",", indexOf);
        return indexOf2 != -1 ? str.substring(indexOf + str2.length() + 1, indexOf2) : str.substring(indexOf + str2.length() + 1);
    }

    private static X509Certificate a(String str) {
        if (aq.isEmpty(str)) {
            Log.e(a, "getCertificate, base64 encoded certificate string is empty");
            return null;
        }
        try {
            return a(SafeBase64.decode(str, 0));
        } catch (IllegalArgumentException unused) {
            Log.e(a, "getCertificate, failed illegalArgumentException");
            return null;
        }
    }

    private static X509Certificate a(byte[] bArr) {
        if (e.isEmpty(bArr)) {
            Log.e(a, "getCertificate, certificate bytes is empty");
            return null;
        }
        try {
            return (X509Certificate) j.cast((Object) CertificateFactory.getInstance(c).generateCertificate(new ByteArrayInputStream(bArr)), X509Certificate.class);
        } catch (CertificateException unused) {
            Log.e(a, "getCertificate, generateCertificate failed by certificateException");
            return null;
        }
    }

    private static boolean a(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            Log.e(a, "isCanCertificateSign, certificate is null");
            return false;
        }
        if (x509Certificate.getBasicConstraints() == -1) {
            Log.e(a, "isCanCertificateSign, certificate basicConstraints is -1");
            return false;
        }
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        return keyUsage != null && keyUsage.length > 5 && keyUsage[5];
    }

    private static boolean a(X509Certificate x509Certificate, String str, String str2) {
        if (x509Certificate != null && !aq.isEmpty(str) && !aq.isEmpty(str2)) {
            return aq.isEqual(str2, a(x509Certificate.getSubjectX500Principal().getName(), str));
        }
        Log.e(a, "certificate is null or key is empty or value is empty");
        return false;
    }

    private static boolean a(X509Certificate x509Certificate, PublicKey publicKey) {
        if (x509Certificate == null) {
            return false;
        }
        try {
            x509Certificate.verify(publicKey);
            return true;
        } catch (GeneralSecurityException unused) {
            Log.e(a, "isVerifySuccess verify failed");
            return false;
        }
    }

    private static boolean a(X509Certificate x509Certificate, byte[] bArr, byte[] bArr2) {
        try {
            Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
            signature.initVerify(x509Certificate.getPublicKey());
            signature.update(bArr);
            boolean verify = signature.verify(bArr2);
            Log.i(a, "checkSignature isVerifySuccess:" + verify);
            return verify;
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException unused) {
            Log.e(a, "checkSignature failed");
            return false;
        }
    }

    private static boolean a(List<X509Certificate> list) {
        for (int i2 = 0; i2 < list.size() - 1; i2++) {
            if (!a(list.get(i2))) {
                return false;
            }
        }
        return true;
    }

    public static boolean checkSignature(X509Certificate x509Certificate, String str, String str2) {
        if (x509Certificate == null) {
            Log.e(a, "checkSignature certificate is null");
            return false;
        }
        if (aq.isEmpty(str) || aq.isEmpty(str2)) {
            Log.e(a, "checkSignature plainText or signedText is empty");
            return false;
        }
        try {
            return a(x509Certificate, str.getBytes(StandardCharsets.UTF_8), SafeBase64.decode(str2, 0));
        } catch (IllegalArgumentException unused) {
            Log.e(a, "checkSignature exception");
            return false;
        }
    }

    public static boolean checkSubjectCN(X509Certificate x509Certificate, String str) {
        return a(x509Certificate, "CN", str);
    }

    public static boolean checkSubjectDefaultCN(X509Certificate x509Certificate) {
        return a(x509Certificate, "CN", m);
    }

    public static boolean checkSubjectDefaultOU(X509Certificate x509Certificate) {
        return a(x509Certificate, e, n);
    }

    public static boolean checkSubjectOU(X509Certificate x509Certificate, String str) {
        return a(x509Certificate, e, str);
    }

    public static X509Certificate getCBGRootCertificate(Context context, boolean z) {
        return getCertificateFromBks(context, "052root", z ? i : "hmsrootcas.bks");
    }

    public static List<X509Certificate> getCertificateChain(List<String> list) {
        if (e.isEmpty(list)) {
            Log.w(a, "getCertChain, no base64 encoded certificate strings");
            return new ArrayList(0);
        }
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(a(it.next()));
        }
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static X509Certificate getCertificateFromBks(Context context, String str, String str2) {
        InputStream inputStream;
        KeyStore keyStore;
        Context context2 = null;
        if (context == null || aq.isEmpty(str)) {
            Log.e(a, "getCertificateFromBks context is null or alias is empty");
            return null;
        }
        try {
            try {
                keyStore = KeyStore.getInstance("bks");
                inputStream = context.getAssets().open(str2);
                try {
                    keyStore.load(inputStream, new char[0]);
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException unused) {
                    Log.e(a, "getCertificateFromBks exception");
                    u.closeStream(inputStream);
                    return null;
                }
            } catch (Throwable th) {
                th = th;
                context2 = context;
                u.closeStream(context2);
                throw th;
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException unused2) {
            inputStream = null;
        } catch (Throwable th2) {
            th = th2;
            u.closeStream(context2);
            throw th;
        }
        if (!keyStore.containsAlias(str)) {
            Log.e(a, "getCertificateFromBks keyStore not include this alias");
            u.closeStream(inputStream);
            return null;
        }
        X509Certificate x509Certificate = (X509Certificate) j.cast((Object) keyStore.getCertificate(str), X509Certificate.class);
        if (x509Certificate == null) {
            u.closeStream(inputStream);
            return null;
        }
        x509Certificate.checkValidity();
        u.closeStream(inputStream);
        return x509Certificate;
    }

    public static boolean verifyCertChain(X509Certificate x509Certificate, List<X509Certificate> list) {
        if (e.isEmpty(list)) {
            Log.e(a, "verifyCertChain, certChain is empty,verify failed");
            return false;
        }
        if (x509Certificate == null) {
            Log.e(a, "verifyCertChain, rootCert is null,verify failed");
            return false;
        }
        PublicKey publicKey = x509Certificate.getPublicKey();
        for (X509Certificate x509Certificate2 : list) {
            if (!a(x509Certificate2, publicKey)) {
                return false;
            }
            publicKey = x509Certificate2.getPublicKey();
        }
        return a(list);
    }
}
