package com.qihoo360.common.utils;

import android.content.Context;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;

/* compiled from: dragonking */
/* loaded from: classes.dex */
public class CertChainVerify {
    public static final int CHNERR_CERT = -2;
    public static final int CHNERR_CHAIN = -8;
    public static final int CHNERR_INVARG = -1;
    public static final int CHNERR_INVKEY = -3;
    public static final int CHNERR_NOALGO = -4;
    public static final int CHNERR_NOPROV = -5;
    public static final int CHNERR_OK = 0;
    public static final int CHNERR_ROOT = -7;
    public static final int CHNERR_SIGN = -6;

    /* renamed from: a, reason: collision with root package name */
    public static final String f3202a = "CertChainVerify";

    public static int a(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return -1;
        }
        int i = 0;
        while (i < x509CertificateArr.length - 1) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            i++;
            X509Certificate x509Certificate2 = x509CertificateArr[i];
            try {
                x509Certificate.checkValidity();
                x509Certificate2.checkValidity();
                try {
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                } catch (InvalidKeyException unused) {
                    return -3;
                } catch (NoSuchAlgorithmException unused2) {
                    return -4;
                } catch (NoSuchProviderException unused3) {
                    return -5;
                } catch (SignatureException unused4) {
                    return -8;
                } catch (CertificateException unused5) {
                    return -2;
                }
            } catch (CertificateException unused6) {
                return -2;
            }
        }
        X509Certificate x509Certificate3 = x509CertificateArr[x509CertificateArr.length - 1];
        try {
            x509Certificate3.checkValidity();
            return isSelfSigned(x509Certificate3) ? 0 : -7;
        } catch (NoSuchAlgorithmException unused7) {
            return -4;
        } catch (NoSuchProviderException unused8) {
            return -5;
        } catch (CertificateException unused9) {
            return -2;
        }
    }

    public static String a(String str) {
        if (str == null || !str.startsWith("OID.1.2.840.113549.1.9.1")) {
            return str;
        }
        String substring = str.substring(0, str.indexOf(","));
        if (!substring.contains("=#")) {
            return str;
        }
        String substring2 = substring.substring(substring.indexOf("=#") + 2);
        if (substring2.length() <= 5) {
            return str;
        }
        int i = 4;
        String substring3 = substring2.substring(2, 4);
        int length = (substring2.length() - 4) / 2;
        if (Integer.valueOf(substring3, 16).intValue() != length) {
            return str;
        }
        byte[] bArr = new byte[length];
        while (i < substring2.length()) {
            int i2 = i + 2;
            bArr[(i - 4) / 2] = Byte.valueOf(substring2.substring(i, i2), 16).byteValue();
            i = i2;
        }
        return "EMAILADDRESS=" + new String(bArr) + str.substring(str.indexOf(","));
    }

    public static X509Certificate a(Signature signature) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(signature.toByteArray()));
        } catch (CertificateException unused) {
            return null;
        }
    }

    public static void a(X509Certificate x509Certificate) {
    }

    public static X509Certificate[] a(Certificate[] certificateArr, int i) {
        if (i > certificateArr.length - 1) {
            return null;
        }
        int i2 = i;
        while (i2 < certificateArr.length - 1) {
            int i3 = i2 + 1;
            if (!((X509Certificate) certificateArr[i3]).getSubjectDN().equals(((X509Certificate) certificateArr[i2]).getIssuerDN())) {
                break;
            }
            i2 = i3;
        }
        int i4 = (i2 - i) + 1;
        X509Certificate[] x509CertificateArr = new X509Certificate[i4];
        for (int i5 = 0; i5 < i4; i5++) {
            x509CertificateArr[i5] = (X509Certificate) certificateArr[i + i5];
        }
        return x509CertificateArr;
    }

    public static void b(Signature signature) {
        a(a(signature));
    }

    public static Certificate[] getCertChain(String str) {
        JarFile jarFile;
        try {
            jarFile = new JarFile(str);
        } catch (Throwable unused) {
            jarFile = null;
        }
        try {
            Certificate[] certChain = getCertChain(jarFile);
            IoUtils.silentlyClose(jarFile);
            return certChain;
        } catch (Throwable unused2) {
            IoUtils.silentlyClose(jarFile);
            return null;
        }
    }

    public static Certificate[] getCertChain(JarFile jarFile) {
        InputStream inputStream;
        Enumeration<JarEntry> entries;
        try {
            entries = jarFile.entries();
        } catch (Throwable unused) {
        }
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            if (!nextElement.isDirectory() && !nextElement.getName().startsWith("META-INF/")) {
                byte[] bArr = new byte[4096];
                inputStream = jarFile.getInputStream(nextElement);
                do {
                } while (inputStream.read(bArr, 0, bArr.length) != -1);
                Certificate[] certificates = nextElement.getCertificates();
                if (certificates != null) {
                    if (certificates.length > 0) {
                        IoUtils.silentlyClose(inputStream);
                        return certificates;
                    }
                }
                IoUtils.silentlyClose(inputStream);
                return null;
            }
        }
        inputStream = null;
        IoUtils.silentlyClose(inputStream);
        return null;
    }

    public static String getSigPrincipal(Signature signature) {
        return a(((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(signature.toByteArray()))).getIssuerX500Principal().toString());
    }

    public static String getSigPrincipal(JarFile jarFile) {
        return a(a(getCertChain(jarFile), 0)[0].getIssuerX500Principal().toString());
    }

    public static boolean isSelfSigned(X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException | SignatureException unused) {
            return false;
        }
    }

    public static int verifyApk(String str) {
        Certificate[] certChain = getCertChain(str);
        if (certChain == null) {
            return -2;
        }
        return verifyChain(certChain);
    }

    public static int verifyChain(Certificate[] certificateArr) {
        int i = 0;
        while (i < certificateArr.length) {
            X509Certificate[] a2 = a(certificateArr, i);
            int a3 = a(a2);
            if (a3 != 0) {
                return a3;
            }
            i += a2.length;
        }
        return 0;
    }

    public static int verifyJarFile(JarFile jarFile) {
        Certificate[] certChain = getCertChain(jarFile);
        if (certChain == null) {
            return -2;
        }
        return verifyChain(certChain);
    }

    public static int verifyPackage(Context context, String str) {
        try {
            return verifySignature(context.getPackageManager().getPackageInfo(str, 64).signatures);
        } catch (PackageManager.NameNotFoundException unused) {
            return -1;
        }
    }

    public static int verifySignature(Signature[] signatureArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[signatureArr.length];
        int i = 0;
        for (Signature signature : signatureArr) {
            X509Certificate a2 = a(signature);
            if (a2 == null) {
                return -2;
            }
            x509CertificateArr[i] = a2;
            i++;
        }
        return verifyChain(x509CertificateArr);
    }
}
