package com.samsung.android.pluginplatform.service.packagemanager.security;

import com.samsung.android.pluginplatform.service.packagemanager.security.CertificateInfo;
import com.samsung.android.pluginplatform.service.packagemanager.security.SignatureData;
import com.samsung.android.pluginplatform.utils.PPLog;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes3.dex */
public class CertificateValidator {
    private static final String a = "CertificateValidator";

    private static CertificateInfo.Visibility a(String str) throws CertificateException {
        int indexOf = str.indexOf(PPKCertificateConfig.a);
        if (indexOf < 0) {
            throw new CertificateException("Unknown or Invalid distributor CN");
        }
        String substring = str.substring(indexOf + PPKCertificateConfig.a.length());
        if (substring.startsWith("Public TEST Signer")) {
            return CertificateInfo.Visibility.PUBLIC;
        }
        if (substring.startsWith("Partner TEST Signer")) {
            return CertificateInfo.Visibility.PARTNER;
        }
        if (substring.startsWith("Platform TEST Signer")) {
            return CertificateInfo.Visibility.PLATFORM;
        }
        throw new CertificateException("Unknown or Invalid distributor CN");
    }

    private static CertificateInfo a(List<X509Certificate> list) throws NoSuchAlgorithmException, CertificateException {
        return PPKCertificateConfig.a(list.get(0));
    }

    public static PKIXCertPathValidatorResult a(List<X509Certificate> list, Set<TrustAnchor> set) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, CertPathValidatorException, CertificateException {
        X509Certificate x509Certificate = list.get(0);
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(x509Certificate);
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(set, x509CertSelector);
        pKIXBuilderParameters.setRevocationEnabled(false);
        pKIXBuilderParameters.setDate(a(x509Certificate.getNotBefore(), x509Certificate.getNotAfter()));
        return (PKIXCertPathValidatorResult) CertPathValidator.getInstance("PKIX").validate(CertificateFactory.getInstance("X.509").generateCertPath(list), pKIXBuilderParameters);
    }

    private static Date a(Date date, Date date2) {
        return new Date((date.getTime() + date2.getTime()) / 2);
    }

    public static void a(SignatureData signatureData) {
        PPKCertificateConfig.a();
        Set<TrustAnchor> b = PPKCertificateConfig.b();
        if (a(signatureData.a(), b)) {
            Iterator<SignatureData.SignerInfo> it = signatureData.b().iterator();
            while (it.hasNext()) {
                if (!a(it.next(), b)) {
                    return;
                }
            }
            if (signatureData.a().c().a() != CertificateInfo.Visibility.AUTHOR) {
                signatureData.a(SignatureData.Issue.SIG_INVALID_SIGNER, 1, "Author signer is not signed by author domain certificate");
                return;
            }
            Iterator<SignatureData.SignerInfo> it2 = signatureData.b().iterator();
            int i = 1;
            while (it2.hasNext()) {
                i++;
                CertificateInfo.Visibility a2 = it2.next().c().a();
                if (a2 == CertificateInfo.Visibility.AUTHOR || a2 == CertificateInfo.Visibility.NONE) {
                    signatureData.a(SignatureData.Issue.SIG_INVALID_SIGNER, Integer.valueOf(i), "Not allowed signing author domain certificate to distributor signer");
                    return;
                }
            }
        }
    }

    private static boolean a(CertificateInfo.Type type) {
        return type == CertificateInfo.Type.DEVELOPMENT || type == CertificateInfo.Type.VERIFY;
    }

    public static boolean a(SignatureData.SignerInfo signerInfo, Collection<String> collection) {
        if (collection == null) {
            PPLog.f(a, "checkDistributorMnID", "Invalid parameter, mdId can not be null");
            return false;
        }
        if (signerInfo.c().b() != CertificateInfo.Type.DEVELOPMENT) {
            return false;
        }
        Set<String> c = c(signerInfo.b());
        if (c.isEmpty()) {
            PPLog.f(a, "checkDistributorMnID", "MN-ID is not found from distributor signer");
            return false;
        }
        for (String str : collection) {
            PPLog.c(a, "checkDistributorMnID", "Registered MnId : " + str);
            if (c.contains(str)) {
                PPLog.c(a, "checkDistributorMnID", "Found matched MN-ID " + str);
                return true;
            }
        }
        PPLog.c(a, "checkDistributorMnID", "MN-ID mistmatched ");
        return false;
    }

    public static boolean a(SignatureData.SignerInfo signerInfo, Set<TrustAnchor> set) {
        try {
            List<X509Certificate> a2 = signerInfo.a();
            if (a(a2.get(0))) {
                throw new CertPathValidatorException("Invalid Certificate, Self signed");
            }
            PKIXCertPathValidatorResult a3 = a(a2, set);
            CertificateInfo a4 = a(signerInfo.a());
            CertificateInfo b = a4 == null ? b(signerInfo.a()) : a4;
            if (a(b.b())) {
                a2.get(0).checkValidity();
            }
            signerInfo.a().add(a3.getTrustAnchor().getTrustedCert());
            signerInfo.a(b);
            PPLog.c(a, "verifySignerCertificateChain", "Certificate type " + signerInfo.c().a().name() + " " + signerInfo.c().b().name());
            PPLog.c(a, "verifySignerCertificateChain", "Verified certificates : \n" + c(signerInfo.a()));
            return true;
        } catch (InvalidAlgorithmParameterException e) {
            signerInfo.a(SignatureData.Issue.SIG_UNKNOWN_SIG_ALGORITHM, new Object[0]);
            return false;
        } catch (NoSuchAlgorithmException e2) {
            signerInfo.a(SignatureData.Issue.SIG_UNKNOWN_SIG_ALGORITHM, new Object[0]);
            return false;
        } catch (NoSuchProviderException e3) {
            signerInfo.a(SignatureData.Issue.SIG_VERIFY_EXCEPTION, new Object[0]);
            return false;
        } catch (CertPathValidatorException e4) {
            e = e4;
            signerInfo.a(SignatureData.Issue.SIG_INVALID_CERTIFICATE_CHAIN, e.getMessage() + StringUtils.LF + c(signerInfo.a()));
            return false;
        } catch (CertificateExpiredException e5) {
            signerInfo.a(SignatureData.Issue.SIG_INVALID_CERTIFICATE_EXPIRED_OR_NOT_YET_VALID, "Certificate has expired\n" + d(signerInfo.a().get(0)));
            return false;
        } catch (CertificateNotYetValidException e6) {
            signerInfo.a(SignatureData.Issue.SIG_INVALID_CERTIFICATE_EXPIRED_OR_NOT_YET_VALID, "Certificate is not yet valid\n" + d(signerInfo.a().get(0)));
            return false;
        } catch (CertificateException e7) {
            e = e7;
            signerInfo.a(SignatureData.Issue.SIG_INVALID_CERTIFICATE_CHAIN, e.getMessage() + StringUtils.LF + c(signerInfo.a()));
            return false;
        }
    }

    public static boolean a(X509Certificate x509Certificate) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException e) {
            return false;
        } catch (SignatureException e2) {
            return false;
        }
    }

    private static CertificateInfo b(List<X509Certificate> list) throws NoSuchAlgorithmException, CertificateException {
        CertificateInfo.Type type = CertificateInfo.Type.NONE;
        CertificateInfo.Visibility a2 = PPKCertificateConfig.a(list.get(1)).a();
        if (a2 != CertificateInfo.Visibility.AUTHOR) {
            a2 = a(list.get(0).getSubjectDN().getName());
            type = CertificateInfo.Type.DEVELOPMENT;
        }
        return new CertificateInfo(a2, type);
    }

    private static Collection<List<?>> b(X509Certificate x509Certificate) throws CertificateParsingException {
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        return subjectAlternativeNames == null ? SimpleAlternativeAsn1Parser.a(x509Certificate.getExtensionValue("2.5.29.17")) : subjectAlternativeNames;
    }

    private static String c(List<X509Certificate> list) {
        if (list.size() == 0) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            sb.append(d(it.next()));
        }
        return sb.toString();
    }

    private static Set<String> c(X509Certificate x509Certificate) {
        Collection<List<?>> b;
        if (x509Certificate == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        try {
            b = b(x509Certificate);
        } catch (CertificateParsingException e) {
            PPLog.c(a, "getMnIDFromX509Certificate", e.getMessage());
        }
        if (b == null) {
            return hashSet;
        }
        for (List<?> list : b) {
            if (((Integer) list.get(0)).intValue() == 6) {
                String str = (String) list.get(1);
                if (str.startsWith("URN:ppk:mnid=")) {
                    PPLog.c(a, "getMnIDFromX509Certificate", "mnid : " + str);
                    hashSet.add(str.substring("URN:ppk:mnid=".length()));
                }
            }
        }
        return hashSet;
    }

    private static String d(X509Certificate x509Certificate) {
        return "Subject : " + x509Certificate.getSubjectDN() + "\nIssuer : " + x509Certificate.getIssuerDN() + "\nNot Befor : " + x509Certificate.getNotBefore() + "\nNot After : " + x509Certificate.getNotAfter() + StringUtils.LF;
    }
}
