package com.samsung.android.mirrorlink.acms.utils;

import android.content.Context;
import android.content.pm.PackageManager;
import android.content.res.AssetManager;
import android.content.res.Resources;
import android.os.Build;
import android.os.SemSystemProperties;
import com.samsung.android.mirrorlink.acms.manager.AcmsCertificateMngr;
import com.samsung.android.mirrorlink.acms.provider.AppEntry;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.crypto.BadPaddingException;
import javax.security.auth.x500.X500Principal;
import org.xmlpull.v1.XmlPullParserException;

/* loaded from: classes.dex */
public class CertificateValidator {
    private static final String ISSUER_CN = "CN=ACMS CA";
    private static final String LOG_TAG = "AcmsCertificateValidator";
    private static final String PLATFORM_ANDROID = "Android";
    private static final String RUNTIME_NATIVE = "Native";
    private X509Certificate cccRootCert = null;
    private X509Certificate ctsRootCert = null;
    private Context mContext;
    private PackageManager sPackageManager;

    public CertificateValidator(Context context) {
        this.mContext = context;
        setRootCert();
    }

    private boolean setRootCert() {
        InputStream inputStream = null;
        AcmsLog.d(LOG_TAG, "setRootCert() Getting The root cert from asset ");
        if (this.mContext == null) {
            AcmsLog.d(LOG_TAG, "setRootCert(): context passed is null ");
            return false;
        }
        this.sPackageManager = this.mContext.getPackageManager();
        if (this.sPackageManager == null) {
            AcmsLog.d(LOG_TAG, "setRootCert(): sPackageManager is null");
            return false;
        }
        Resources resources = this.mContext.getResources();
        if (resources == null) {
            AcmsLog.e(LOG_TAG, "Resources is null. return");
            return false;
        }
        AssetManager assets = resources.getAssets();
        try {
            if (assets == null) {
                AcmsLog.d(LOG_TAG, "Assets Manager is null. return");
                return false;
            }
            try {
                inputStream = assets.open(AcmsUtil.CCC_ROOT_CERT_FILENAME);
                this.cccRootCert = AcmsCertificateMngr.getAcmsCertificateMngr(this.mContext).getCertificateFromInputStream(inputStream);
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                        e.printStackTrace();
                    }
                }
                try {
                    try {
                        inputStream = assets.open(AcmsUtil.CTS_ROOT_CERT_FILENAME);
                        this.ctsRootCert = AcmsCertificateMngr.getAcmsCertificateMngr(this.mContext).getCertificateFromInputStream(inputStream);
                        if (inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (IOException e2) {
                                e2.printStackTrace();
                            }
                        }
                        resources.flushLayoutCache();
                        resources.finishPreloading();
                        return true;
                    } catch (Throwable th) {
                        if (inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (IOException e3) {
                                e3.printStackTrace();
                            }
                        }
                        throw th;
                    }
                } catch (IOException e4) {
                    AcmsLog.e(LOG_TAG, " Unable to open the file " + AcmsUtil.CTS_ROOT_CERT_FILENAME);
                    e4.printStackTrace();
                    resources.flushLayoutCache();
                    resources.finishPreloading();
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e5) {
                            e5.printStackTrace();
                        }
                    }
                    return false;
                } catch (CertificateException e6) {
                    AcmsLog.e(LOG_TAG, " CTS Root Cert is expired ");
                    e6.printStackTrace();
                    resources.flushLayoutCache();
                    resources.finishPreloading();
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e7) {
                            e7.printStackTrace();
                        }
                    }
                    return false;
                }
            } catch (IOException e8) {
                AcmsLog.e(LOG_TAG, " Unable to open the file " + AcmsUtil.CCC_ROOT_CERT_FILENAME);
                e8.printStackTrace();
                resources.flushLayoutCache();
                resources.finishPreloading();
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e9) {
                        e9.printStackTrace();
                    }
                }
                return false;
            } catch (CertificateException e10) {
                AcmsLog.e(LOG_TAG, " CCC Root Cert is expired ");
                e10.printStackTrace();
                resources.flushLayoutCache();
                resources.finishPreloading();
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e11) {
                        e11.printStackTrace();
                    }
                }
                return false;
            }
        } catch (Throwable th2) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e12) {
                    e12.printStackTrace();
                }
            }
            throw th2;
        }
    }

    public boolean validateCert(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            AcmsLog.d(LOG_TAG, "Input Certificate is null");
            return false;
        }
        AcmsLog.d(LOG_TAG, "validateCert() " + x509Certificate.getType());
        try {
            x509Certificate.checkValidity();
            return true;
        } catch (CertificateExpiredException e) {
            AcmsLog.e(LOG_TAG, "Self-signed certificate is expired.");
            e.printStackTrace();
            return false;
        } catch (CertificateNotYetValidException e2) {
            AcmsLog.e(LOG_TAG, "Self-signed certificate's issue date is in future Hence its invalid.");
            e2.printStackTrace();
            return false;
        }
    }

    public boolean validateCertChain(X509Certificate[] x509CertificateArr, String str) throws InvalidKeyException, CertificateException, CertificateExpiredException, CertificateNotYetValidException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, PackageManager.NameNotFoundException, IOException, XmlPullParserException {
        AcmsLog.d(LOG_TAG, "validateCertChain() Enter " + x509CertificateArr.length);
        if (str == null) {
            AcmsLog.d(LOG_TAG, "AppInfo xml is null; Hence return");
            return false;
        }
        AppData dataFromAppInfo = AppInfoParser.getDataFromAppInfo(str);
        if (x509CertificateArr[x509CertificateArr.length - 1].getSubjectDN() != null && dataFromAppInfo.getAppId() != null && !x509CertificateArr[x509CertificateArr.length - 1].getSubjectDN().toString().contains(dataFromAppInfo.getAppId())) {
            AcmsLog.d(LOG_TAG, "AppID in AppInfo is different form CN's App ID");
            return false;
        }
        X500Principal issuerX500Principal = x509CertificateArr[x509CertificateArr.length - 1].getIssuerX500Principal();
        if (issuerX500Principal == null) {
            AcmsLog.d(LOG_TAG, "Issuer CN is null");
            return false;
        }
        AcmsLog.d(LOG_TAG, "Issuer CN: " + issuerX500Principal.toString());
        if (!issuerX500Principal.toString().contains(ISSUER_CN)) {
            AcmsLog.d(LOG_TAG, "Issuer CN: " + issuerX500Principal.toString() + " does not contain ACMS CA. Hence returning false");
            return false;
        }
        if (x509CertificateArr.length <= 1) {
            AcmsLog.e(LOG_TAG, "Only One Certificate Received");
            throw new IllegalArgumentException();
        }
        AcmsUtil.printCerts(x509CertificateArr);
        for (X509Certificate x509Certificate : x509CertificateArr) {
            x509Certificate.checkValidity();
        }
        if (x509CertificateArr.length >= 2) {
            AcmsLog.d(LOG_TAG, "validateCert() Entered to verify the cert chain");
            for (int length = x509CertificateArr.length - 1; length > 0; length--) {
                AcmsLog.d(LOG_TAG, "validateCert() Checking validity " + length);
                x509CertificateArr[length].verify(x509CertificateArr[length - 1].getPublicKey());
            }
        }
        if (this.cccRootCert == null || this.ctsRootCert == null) {
            AcmsLog.e(LOG_TAG, "root Cert is null: Might be Manupulated");
            return false;
        }
        X500Principal issuerX500Principal2 = x509CertificateArr[0].getIssuerX500Principal();
        X500Principal issuerX500Principal3 = this.cccRootCert.getIssuerX500Principal();
        X500Principal issuerX500Principal4 = this.ctsRootCert.getIssuerX500Principal();
        AcmsLog.d(LOG_TAG, "Verifying Root Cert");
        if (issuerX500Principal2.equals(issuerX500Principal4)) {
            AcmsLog.d(LOG_TAG, "Root is CTS: verifying last certificate and root certificate");
            x509CertificateArr[0].verify(this.ctsRootCert.getPublicKey());
            this.ctsRootCert.verify(this.ctsRootCert.getPublicKey());
            AcmsLog.d(LOG_TAG, "Root Cert Verification Success");
            return true;
        }
        if (!issuerX500Principal2.equals(issuerX500Principal3)) {
            return false;
        }
        AcmsLog.d(LOG_TAG, "Root is CCC: verifying last certificate and root certificate");
        x509CertificateArr[0].verify(this.cccRootCert.getPublicKey());
        this.cccRootCert.verify(this.cccRootCert.getPublicKey());
        AcmsLog.d(LOG_TAG, "Root Cert Verification Success");
        return true;
    }

    public boolean validateCertInfo(X509Certificate[] x509CertificateArr, String str) throws IOException, XmlPullParserException {
        int parseInt;
        AcmsLog.d(LOG_TAG, "validateCertInfo() Enter " + x509CertificateArr.length);
        String str2 = Build.VERSION.RELEASE;
        int i = Build.VERSION.SDK_INT;
        if (str == null) {
            AcmsLog.d(LOG_TAG, "AppInfo xml is null; Hence return");
            return false;
        }
        AppData dataFromAppInfo = AppInfoParser.getDataFromAppInfo(str);
        if (!PLATFORM_ANDROID.equals(dataFromAppInfo.getPlatformId())) {
            AcmsLog.d(LOG_TAG, "validateCertInfo() Fails. The application is not for Android Platform");
            return false;
        }
        if (!RUNTIME_NATIVE.equals(dataFromAppInfo.getRunTimeId())) {
            AcmsLog.d(LOG_TAG, "validateCertInfo() Fails. The application runtime Id is not Native");
            return false;
        }
        if (dataFromAppInfo.getBlackListedPlatform() == null) {
            AcmsLog.d(LOG_TAG, "validateCertInfo() Fails. blacklistedplatform tag is not present in the xml");
            return false;
        }
        String[] split = dataFromAppInfo.getBlackListedPlatform().split(",");
        for (String str3 : split) {
            try {
                parseInt = Integer.parseInt(str3);
            } catch (NumberFormatException e) {
                if (str2.equals(str3)) {
                    AcmsLog.d(LOG_TAG, "validateCertInfo() Fails. The device platform version is a blacklisted version for this application" + str2);
                    return false;
                }
            }
            if (i == parseInt) {
                AcmsLog.d(LOG_TAG, "validateCertInfo() Fails. The device platform version is a blacklisted version for this application" + parseInt);
                return false;
            }
            continue;
        }
        return true;
    }

    public boolean validateDevIdCertChain(X509Certificate[] x509CertificateArr, AppEntry appEntry) throws InvalidKeyException, CertificateExpiredException, CertificateNotYetValidException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, BadPaddingException {
        AcmsLog.d(LOG_TAG, "validateDevIdCertChain() " + x509CertificateArr.length);
        for (X509Certificate x509Certificate : x509CertificateArr) {
            x509Certificate.checkValidity();
        }
        if (x509CertificateArr.length >= 2) {
            AcmsLog.d(LOG_TAG, "validateDevIdCertChain() Entered to verify the cert chain");
            for (int length = x509CertificateArr.length - 1; length > 0; length--) {
                AcmsLog.d(LOG_TAG, "validateDevIdCertChain() Checking validity " + length);
                x509CertificateArr[length].verify(x509CertificateArr[length - 1].getPublicKey());
            }
        }
        if (this.cccRootCert == null || this.ctsRootCert == null) {
            AcmsLog.e(LOG_TAG, "root Cert is null: Might be Manupulated");
            return false;
        }
        X500Principal issuerX500Principal = x509CertificateArr[0].getIssuerX500Principal();
        X500Principal issuerX500Principal2 = this.cccRootCert.getIssuerX500Principal();
        X500Principal issuerX500Principal3 = this.ctsRootCert.getIssuerX500Principal();
        AcmsLog.d(LOG_TAG, "Verifying Root Cert");
        if (issuerX500Principal.equals(issuerX500Principal3)) {
            AcmsLog.d(LOG_TAG, "Root is CTS: verifying last certificate and root certificate");
            x509CertificateArr[0].verify(this.ctsRootCert.getPublicKey());
            this.ctsRootCert.verify(this.ctsRootCert.getPublicKey());
            AcmsLog.d(LOG_TAG, "Root Cert Verification Success");
        } else {
            if (!issuerX500Principal.equals(issuerX500Principal2)) {
                return false;
            }
            AcmsLog.d(LOG_TAG, "Root is CCC: verifying last certificate and root certificate");
            x509CertificateArr[0].verify(this.cccRootCert.getPublicKey());
            this.cccRootCert.verify(this.cccRootCert.getPublicKey());
            AcmsLog.d(LOG_TAG, "Root Cert Verification Success");
        }
        X500Principal issuerX500Principal4 = x509CertificateArr[x509CertificateArr.length - 1].getIssuerX500Principal();
        if (issuerX500Principal4 == null) {
            AcmsLog.d(LOG_TAG, "Issuer CN is null");
            return false;
        }
        AcmsLog.d(LOG_TAG, "Issuer CN: " + issuerX500Principal4.toString());
        if (!issuerX500Principal4.toString().contains(ISSUER_CN)) {
            AcmsLog.d(LOG_TAG, "Issuer CN: " + issuerX500Principal4.toString() + " does not contain ACMS CA. Hence returning false");
            return false;
        }
        try {
            String serverIdFromCert = AppInfoParser.getServerIdFromCert(x509CertificateArr[x509CertificateArr.length - 1]);
            String str = SemSystemProperties.get("ril.serialnumber");
            if ((str == null || str.equals("00000000000")) && (str = SemSystemProperties.get("ro.serialno")) == null) {
                AcmsLog.e(LOG_TAG, "serialnumber is null! so exit");
                return false;
            }
            if (AcmsUtil.getDeviceUUID(str) == null) {
                AcmsLog.e(LOG_TAG, "server id is null! so exit");
                return false;
            }
            if (serverIdFromCert == null || (!serverIdFromCert.contains(r0))) {
                AcmsLog.d(LOG_TAG, "validateDevIdCertChain(): Device Server Id is not in the Server Id list of DevId Cert ");
                return false;
            }
            String appId = appEntry.getAppId();
            X509Certificate[] fromKeyStore = AcmsCertificateMngr.getAcmsCertificateMngr(this.mContext).getFromKeyStore(appId);
            if (fromKeyStore == null) {
                AcmsLog.d(LOG_TAG, "No Entry present in keystore for the appId: " + appId);
                return false;
            }
            String devIdFromCert = AppInfoParser.getDevIdFromCert(fromKeyStore[0]);
            if (AppInfoParser.getDevIdFromCert(x509CertificateArr[x509CertificateArr.length - 1]) != null && !(!r2.equals(devIdFromCert))) {
                return true;
            }
            AcmsLog.d(LOG_TAG, "validateDevIdCertChain(): DevId from Self-signed Cert and from DevId Cert are not matching ");
            return false;
        } catch (IOException e) {
            e.printStackTrace();
            return false;
        } catch (XmlPullParserException e2) {
            e2.printStackTrace();
            return false;
        }
    }

    public boolean verifyOCSPChain(X509Certificate[] x509CertificateArr) throws InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
        AcmsLog.d(LOG_TAG, "verifyOCSPChain() " + x509CertificateArr.length);
        AcmsUtil.printCerts(x509CertificateArr);
        for (X509Certificate x509Certificate : x509CertificateArr) {
            x509Certificate.checkValidity();
        }
        if (x509CertificateArr.length >= 2) {
            AcmsLog.d(LOG_TAG, "verifyOCSPChain() Entered to verify the cert chain");
            for (int length = x509CertificateArr.length - 1; length > 0; length--) {
                AcmsLog.d(LOG_TAG, "verifyOCSPChain() Checking validity " + length);
                x509CertificateArr[length].verify(x509CertificateArr[length - 1].getPublicKey());
            }
        }
        if (this.cccRootCert == null || this.ctsRootCert == null) {
            AcmsLog.e(LOG_TAG, "root Cert is null: Might be Manupulated");
            return false;
        }
        X500Principal issuerX500Principal = x509CertificateArr[0].getIssuerX500Principal();
        X500Principal issuerX500Principal2 = this.cccRootCert.getIssuerX500Principal();
        X500Principal issuerX500Principal3 = this.ctsRootCert.getIssuerX500Principal();
        AcmsLog.d(LOG_TAG, "Verifying Root Cert");
        if (issuerX500Principal.equals(issuerX500Principal3)) {
            AcmsLog.d(LOG_TAG, "Root is CTS: verifying last certificate and root certificate");
            x509CertificateArr[0].verify(this.ctsRootCert.getPublicKey());
            this.ctsRootCert.verify(this.ctsRootCert.getPublicKey());
            AcmsLog.d(LOG_TAG, "Root Cert Verification Success");
            return true;
        }
        if (!issuerX500Principal.equals(issuerX500Principal2)) {
            return false;
        }
        AcmsLog.d(LOG_TAG, "Root is CCC: verifying last certificate and root certificate");
        x509CertificateArr[0].verify(this.cccRootCert.getPublicKey());
        this.cccRootCert.verify(this.cccRootCert.getPublicKey());
        AcmsLog.d(LOG_TAG, "Root Cert Verification Success");
        return true;
    }
}
