package com.samsung.android.pluginplatform.service.packagemanager.security;

import com.samsung.android.pluginplatform.data.CertificateInfo;
import com.samsung.android.pluginplatform.service.packagemanager.security.SignatureData;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.codehaus.jackson.util.MinimalPrettyPrinter;

/* loaded from: classes7.dex */
public class a {
    public static boolean a(SignatureData.b bVar, Collection<String> collection) {
        if (collection == null) {
            com.samsung.android.pluginplatform.b.a.b("CertificateValidator", "checkDistributorMnID", "Invalid parameter, mdId can not be null");
            return false;
        }
        if (bVar.e().a() == CertificateInfo.Type.DEVELOPMENT) {
            Set<String> f2 = f(bVar.h());
            if (f2 == null || f2.isEmpty()) {
                com.samsung.android.pluginplatform.b.a.b("CertificateValidator", "checkDistributorMnID", "MN-ID is not found from distributor signer");
            } else {
                for (String str : collection) {
                    com.samsung.android.pluginplatform.b.a.c("CertificateValidator", "checkDistributorMnID", "Registered MnId : " + str);
                    if (f2.contains(str)) {
                        com.samsung.android.pluginplatform.b.a.a("CertificateValidator", "checkDistributorMnID", "Found matched MN-ID " + str);
                        return true;
                    }
                }
            }
        }
        com.samsung.android.pluginplatform.b.a.b("CertificateValidator", "checkDistributorMnID", "MN-ID mistmatched ");
        return false;
    }

    private static CertificateInfo b(List<X509Certificate> list) throws NoSuchAlgorithmException, CertificateException {
        CertificateInfo.Type type = CertificateInfo.Type.NONE;
        CertificateInfo.Visibility b2 = PPKCertificateConfig.d(list.get(1)).b();
        if (b2 != CertificateInfo.Visibility.AUTHOR) {
            b2 = h(list.get(0).getSubjectDN().getName());
            type = CertificateInfo.Type.DEVELOPMENT;
        }
        return new CertificateInfo(b2, type);
    }

    private static String c(X509Certificate x509Certificate) {
        return "Subject : " + x509Certificate.getSubjectDN() + "\nIssuer : " + x509Certificate.getIssuerDN() + "\nNot Befor : " + x509Certificate.getNotBefore() + "\nNot After : " + x509Certificate.getNotAfter() + "\n";
    }

    private static String d(List<X509Certificate> list) {
        if (list.isEmpty()) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            sb.append(c(it.next()));
        }
        return sb.toString();
    }

    private static Date e(Date date, Date date2) {
        return new Date((date.getTime() + date2.getTime()) / 2);
    }

    private static Set<String> f(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        try {
            for (List<?> list : g(x509Certificate)) {
                if (((Integer) list.get(0)).intValue() == 6) {
                    String str = (String) list.get(1);
                    if (str.startsWith("URN:ppk:mnid=")) {
                        com.samsung.android.pluginplatform.b.a.c("CertificateValidator", "getMnIDFromX509Certificate", "mnid : " + str);
                        hashSet.add(str.substring(13));
                    }
                }
            }
        } catch (CertificateParsingException e2) {
            com.samsung.android.pluginplatform.b.a.i("CertificateValidator", "getMnIDFromX509Certificate", "CertificateParsingException:", e2);
        }
        return hashSet;
    }

    private static Collection<List<?>> g(X509Certificate x509Certificate) throws CertificateParsingException {
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames != null) {
            return subjectAlternativeNames;
        }
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.17");
        return extensionValue == null ? Collections.EMPTY_LIST : b.a(extensionValue);
    }

    private static CertificateInfo.Visibility h(String str) throws CertificateException {
        int indexOf = str.indexOf("CN=Plugin Distributor ");
        if (indexOf < 0) {
            throw new CertificateException("Unknown or Invalid distributor CN");
        }
        String substring = str.substring(indexOf + 22);
        if (substring.startsWith("Public TEST Signer")) {
            return CertificateInfo.Visibility.PUBLIC;
        }
        if (substring.startsWith("Partner TEST Signer")) {
            return CertificateInfo.Visibility.PARTNER;
        }
        if (substring.startsWith("Platform TEST Signer")) {
            return CertificateInfo.Visibility.PLATFORM;
        }
        throw new CertificateException("Unknown or Invalid distributor CN");
    }

    private static CertificateInfo i(List<X509Certificate> list) throws NoSuchAlgorithmException, CertificateException {
        return PPKCertificateConfig.d(list.get(0));
    }

    private static boolean j(CertificateInfo.Type type) {
        return type == CertificateInfo.Type.DEVELOPMENT || type == CertificateInfo.Type.VERIFY;
    }

    public static PKIXCertPathValidatorResult k(List<X509Certificate> list, Set<TrustAnchor> set) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, CertPathValidatorException, CertificateException {
        X509Certificate x509Certificate = list.get(0);
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(x509Certificate);
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(set, x509CertSelector);
        pKIXBuilderParameters.setRevocationEnabled(false);
        pKIXBuilderParameters.setDate(e(x509Certificate.getNotBefore(), x509Certificate.getNotAfter()));
        return (PKIXCertPathValidatorResult) CertPathValidator.getInstance("PKIX").validate(CertificateFactory.getInstance("X.509").generateCertPath(list), pKIXBuilderParameters);
    }

    public static boolean l(SignatureData.b bVar, Set<TrustAnchor> set) {
        try {
            List<X509Certificate> f2 = bVar.f();
            PKIXCertPathValidatorResult k = k(f2, set);
            CertificateInfo i2 = i(bVar.f());
            if (i2 == null) {
                i2 = b(bVar.f());
            }
            bVar.f().add(k.getTrustAnchor().getTrustedCert());
            bVar.i(i2);
            com.samsung.android.pluginplatform.b.a.a("CertificateValidator", "verifySignerCertificateChain", "Certificate type " + bVar.e().b().name() + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + bVar.e().a().name());
            StringBuilder sb = new StringBuilder();
            sb.append("Verified certificates : \n");
            sb.append(d(bVar.f()));
            com.samsung.android.pluginplatform.b.a.a("CertificateValidator", "verifySignerCertificateChain", sb.toString());
            if (!j(i2.a())) {
                return true;
            }
            f2.get(0).checkValidity();
            return true;
        } catch (InvalidAlgorithmParameterException e2) {
            e = e2;
            bVar.b(SignatureData.Issue.SIG_UNKNOWN_SIG_ALGORITHM, new Object[0]);
            com.samsung.android.pluginplatform.b.a.i("CertificateValidator", "verifySignerCertificateChain", "InvalidAlgorithmParameterException | NoSuchAlgorithmException:", e);
            return false;
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
            bVar.b(SignatureData.Issue.SIG_UNKNOWN_SIG_ALGORITHM, new Object[0]);
            com.samsung.android.pluginplatform.b.a.i("CertificateValidator", "verifySignerCertificateChain", "InvalidAlgorithmParameterException | NoSuchAlgorithmException:", e);
            return false;
        } catch (CertPathValidatorException e4) {
            e = e4;
            bVar.b(SignatureData.Issue.SIG_INVALID_CERTIFICATE_CHAIN, e.getMessage() + "\n" + d(bVar.f()));
            com.samsung.android.pluginplatform.b.a.i("CertificateValidator", "verifySignerCertificateChain", "CertificateException | CertPathValidatorException:", e);
            return false;
        } catch (CertificateExpiredException e5) {
            e = e5;
            bVar.b(SignatureData.Issue.SIG_INVALID_CERTIFICATE_EXPIRED_OR_NOT_YET_VALID, "Certificate has expired or not yet valid\n" + c(bVar.f().get(0)));
            com.samsung.android.pluginplatform.b.a.i("CertificateValidator", "verifySignerCertificateChain", "CertificateExpiredException | CertificateNotYetValidException:", e);
            return false;
        } catch (CertificateNotYetValidException e6) {
            e = e6;
            bVar.b(SignatureData.Issue.SIG_INVALID_CERTIFICATE_EXPIRED_OR_NOT_YET_VALID, "Certificate has expired or not yet valid\n" + c(bVar.f().get(0)));
            com.samsung.android.pluginplatform.b.a.i("CertificateValidator", "verifySignerCertificateChain", "CertificateExpiredException | CertificateNotYetValidException:", e);
            return false;
        } catch (CertificateException e7) {
            e = e7;
            bVar.b(SignatureData.Issue.SIG_INVALID_CERTIFICATE_CHAIN, e.getMessage() + "\n" + d(bVar.f()));
            com.samsung.android.pluginplatform.b.a.i("CertificateValidator", "verifySignerCertificateChain", "CertificateException | CertPathValidatorException:", e);
            return false;
        }
    }

    public static void m(SignatureData signatureData) {
        PPKCertificateConfig.b();
        Set<TrustAnchor> c2 = PPKCertificateConfig.c();
        if (l(signatureData.c(), c2)) {
            Iterator<SignatureData.b> it = signatureData.d().iterator();
            while (it.hasNext()) {
                if (!l(it.next(), c2)) {
                    return;
                }
            }
            if (signatureData.c().e().b() != CertificateInfo.Visibility.AUTHOR) {
                signatureData.a(SignatureData.Issue.SIG_INVALID_SIGNER, 1, "Author signer is not signed by author domain certificate");
                return;
            }
            Iterator<SignatureData.b> it2 = signatureData.d().iterator();
            int i2 = 1;
            while (it2.hasNext()) {
                i2++;
                CertificateInfo.Visibility b2 = it2.next().e().b();
                if (b2 == CertificateInfo.Visibility.AUTHOR || b2 == CertificateInfo.Visibility.NONE) {
                    signatureData.a(SignatureData.Issue.SIG_INVALID_SIGNER, Integer.valueOf(i2), "Not allowed signing author domain certificate to distributor signer");
                    return;
                }
            }
        }
    }
}
