package com.symantec.ncpv2.jwsverifier;

import android.util.Base64;
import com.facebook.stetho.common.Utf8Charset;
import com.symantec.mobilesecurity.o.e83;
import com.symantec.mobilesecurity.o.r8b;
import com.symantec.mobilesecurity.o.u7b;
import com.symantec.mobilesecurity.o.vbm;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import kotlin.Metadata;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.io.d;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.o;
import kotlinx.serialization.json.JsonElement;
import org.jetbrains.annotations.NotNull;

@Metadata(d1 = {"\u0000D\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010%\n\u0002\u0010\u000e\n\u0002\b\u0005\n\u0002\u0010\u0012\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0002\b\u0004\u0018\u00002\u00020\u0001B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0003¢\u0006\u0002\u0010\u0005J\u0010\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\bH\u0002J\u0010\u0010\u0010\u001a\u00020\u000e2\u0006\u0010\u0011\u001a\u00020\u000eH\u0002J\u0010\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\bH\u0002J \u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u000e2\u0006\u0010\u0018\u001a\u00020\u000e2\u0006\u0010\u0019\u001a\u00020\bH\u0002J\u0006\u0010\u001a\u001a\u00020\u0016J\u0016\u0010\u001b\u001a\u00020\u001c2\f\u0010\u001d\u001a\b\u0012\u0004\u0012\u00020\b0\u001eH\u0002J\r\u0010\u001f\u001a\u00020\u0016H\u0000¢\u0006\u0002\b J\b\u0010!\u001a\u00020\u0016H\u0002R\u001a\u0010\u0006\u001a\u000e\u0012\u0004\u0012\u00020\b\u0012\u0004\u0012\u00020\b0\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\t\u0010\nR\u000e\u0010\u000b\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\bX\u0082D¢\u0006\u0002\n\u0000¨\u0006\""}, d2 = {"Lcom/symantec/ncpv2/jwsverifier/JwsAuthentication;", "", "jws", "Ljava/io/File;", "rootPath", "(Ljava/io/File;Ljava/io/File;)V", "fileSha2Map", "", "", "getJws", "()Ljava/io/File;", "parentPath", "tag", "decode", "", "encodedString", "decodeCert", "encodedBytes", "getCertificate", "Ljava/security/cert/X509Certificate;", "cert", "isSignatureValid", "", "data", "signature", "publicKey", "verify", "verifyCertsChaining", "Ljava/security/cert/PKIXCertPathBuilderResult;", "certs", "", "verifyChaining", "verifyChaining$com_symantec_ncpv2_jwsverifier", "verifyPackage", BuildConfig.LIBRARY_PACKAGE_NAME}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes6.dex */
public final class JwsAuthentication {

    @NotNull
    private final Map<String, String> fileSha2Map;

    @NotNull
    private final File jws;

    @NotNull
    private final File parentPath;

    @NotNull
    private final String tag;

    public JwsAuthentication(@NotNull File jws, @NotNull File rootPath) {
        Intrinsics.checkNotNullParameter(jws, "jws");
        Intrinsics.checkNotNullParameter(rootPath, "rootPath");
        this.jws = jws;
        this.tag = "JwsAuthentication";
        this.fileSha2Map = new LinkedHashMap();
        this.parentPath = rootPath;
    }

    private final byte[] decode(String encodedString) throws UnsupportedEncodingException {
        byte[] decode = Base64.decode(encodedString, 8);
        Intrinsics.checkNotNullExpressionValue(decode, "decode(encodedString, Base64.URL_SAFE)");
        return decode;
    }

    private final byte[] decodeCert(byte[] encodedBytes) throws UnsupportedEncodingException {
        byte[] decode = Base64.decode(encodedBytes, 0);
        Intrinsics.checkNotNullExpressionValue(decode, "decode(encodedBytes, Base64.DEFAULT)");
        return decode;
    }

    private final X509Certificate getCertificate(String cert) throws CertificateException, UnsupportedEncodingException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        byte[] bytes = cert.getBytes(e83.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(decodeCert(bytes)));
        Intrinsics.h(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
        return (X509Certificate) generateCertificate;
    }

    private final boolean isSignatureValid(byte[] data, byte[] signature, String publicKey) throws GeneralSecurityException, UnsupportedEncodingException {
        X509Certificate certificate = getCertificate(publicKey);
        PublicKey publicKey2 = certificate.getPublicKey();
        String sigAlgName = certificate.getSigAlgName();
        if (sigAlgName == null) {
            sigAlgName = "SHA256withRSA";
        }
        Signature signature2 = Signature.getInstance(sigAlgName);
        signature2.initVerify(publicKey2);
        signature2.update(data);
        return signature2.verify(signature);
    }

    private final PKIXCertPathBuilderResult verifyCertsChaining(List<String> certs) throws IOException, GeneralSecurityException {
        ArrayList<X509Certificate> arrayList = new ArrayList<>();
        Iterator<String> it = certs.iterator();
        while (it.hasNext()) {
            arrayList.add(getCertificate(it.next()));
        }
        LocalKeyStore localKeyStore = LocalKeyStore.INSTANCE;
        return localKeyStore.verifyCertsChaining(arrayList, localKeyStore.getRootCerts());
    }

    private final boolean verifyPackage() {
        int s;
        for (Map.Entry<String, String> entry : this.fileSha2Map.entrySet()) {
            String entryPath = new File(this.parentPath, entry.getKey()).getAbsolutePath();
            Sha256 sha256 = new Sha256();
            Intrinsics.checkNotNullExpressionValue(entryPath, "entryPath");
            s = o.s(sha256.calcFileSha2(entryPath), entry.getValue(), true);
            if (s != 0) {
                return false;
            }
        }
        return true;
    }

    @NotNull
    public final File getJws() {
        return this.jws;
    }

    public final boolean verify() {
        boolean verifyChaining$com_symantec_ncpv2_jwsverifier = verifyChaining$com_symantec_ncpv2_jwsverifier();
        return verifyChaining$com_symantec_ncpv2_jwsverifier ? verifyPackage() : verifyChaining$com_symantec_ncpv2_jwsverifier;
    }

    public final boolean verifyChaining$com_symantec_ncpv2_jwsverifier() {
        String e;
        List<String> d1;
        if (this.jws.length() > 104857600) {
            return false;
        }
        e = d.e(this.jws, null, 1, null);
        u7b.Companion companion = u7b.INSTANCE;
        JsonWebSignature jsonWebSignature = (JsonWebSignature) companion.d(JsonWebSignature.INSTANCE.serializer(), e);
        Signatures[] signatures = jsonWebSignature.getSignatures();
        String str = signatures[0].getProtected();
        String payload = jsonWebSignature.getPayload();
        byte[] decode = decode(str);
        Charset forName = Charset.forName(Utf8Charset.NAME);
        Intrinsics.checkNotNullExpressionValue(forName, "forName(\"UTF-8\")");
        d1 = ArraysKt___ArraysKt.d1(((X5cMap) companion.d(X5cMap.INSTANCE.serializer(), new String(decode, forName))).getX5c());
        if (d1.size() != 2) {
            return false;
        }
        vbm.c(this.tag, "before chain validation");
        verifyCertsChaining(d1);
        vbm.c(this.tag, "after chain validation");
        byte[] decode2 = decode(signatures[0].getSignature());
        vbm.c(this.tag, "before signature verification");
        byte[] bytes = (str + "." + payload).getBytes(e83.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        boolean isSignatureValid = isSignatureValid(bytes, decode2, d1.get(0));
        vbm.c(this.tag, "after signature verification");
        if (isSignatureValid) {
            vbm.c(this.tag, "before payload retrieval");
            byte[] decode3 = decode(payload);
            Charset forName2 = Charset.forName(Utf8Charset.NAME);
            Intrinsics.checkNotNullExpressionValue(forName2, "forName(\"UTF-8\")");
            for (Map.Entry<String, JsonElement> entry : r8b.m(companion.j(new String(decode3, forName2))).entrySet()) {
                this.fileSha2Map.put(entry.getKey(), r8b.n(entry.getValue()).getContent());
            }
            vbm.c(this.tag, "after payload retrieval");
        }
        return isSignatureValid;
    }
}
