package com.huawei.hms.fwkcom.utils.signverification;

import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.os.Bundle;
import com.huawei.hms.fwkcom.eventlog.Logger;
import com.huawei.hms.fwkcom.utils.IOUtils;
import com.huawei.hms.fwkcom.utils.StringUtils;
import com.huawei.secure.android.common.intent.SafeBundle;
import com.huawei.secure.android.common.sign.HiPkgSignManager;
import com.huawei.wiseplayer.playerinterface.parameter.HAPlayerConstant;
import java.io.UnsupportedEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes3.dex */
public class SignVerificationUtils {
    private static final String CBG_ROOT_CA = "CBG_CA.cer";
    private static final String DEFAULT_CHARSET = "UTF-8";
    private static final String METADATA_HMS_CERT_CHAIN = "com.huawei.hms.sign_certchain";
    private static final String METADATA_HMS_SIGNATURE = "com.huawei.hms.fingerprint_signature";
    private static final String METADATA_HMS_VERIFY_CERT_NAME = "com.huawei.hms.fwk.verify_subapp_cert_names";
    private static final String TAG = "SV_Utils";

    private static boolean checkCertChain(String str, String str2, List<X509Certificate> list, X509Certificate x509Certificate, List<String> list2) {
        boolean z;
        String str3;
        if (X509CertUtil.verifyCertChain(x509Certificate, list)) {
            X509Certificate x509Certificate2 = list.get(0);
            Iterator<String> it = list2.iterator();
            while (true) {
                if (!it.hasNext()) {
                    z = false;
                    break;
                }
                if (X509CertUtil.checkSubjectCN(x509Certificate2, it.next())) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                str3 = "Cert name verify failed";
            } else if (X509CertUtil.checkSubjectOU(x509Certificate2, "Huawei CBG Cloud Security Signer")) {
                byte[] bArr = null;
                try {
                    bArr = str2.getBytes("UTF-8");
                } catch (UnsupportedEncodingException e) {
                    Logger.e(TAG, "checkCertChain UnsupportedEncodingException:", e);
                }
                if (X509CertUtil.checkSignature(x509Certificate2, bArr, Base64.decode(str))) {
                    return true;
                }
                str3 = "signature is invalid: ";
            } else {
                str3 = "OU is invalid";
            }
        } else {
            str3 = "failed to verify cert chain";
        }
        Logger.e(TAG, str3);
        return false;
    }

    public static boolean checkSign(Context context, String str) {
        String str2;
        Bundle bundle;
        if (context == null || StringUtils.isEmpty(str)) {
            str2 = "Invalid param.";
        } else {
            PackageManager packageManager = context.getPackageManager();
            if (packageManager == null) {
                str2 = "Get pkg Manager failed.";
            } else {
                PackageInfo packageArchiveInfo = packageManager.getPackageArchiveInfo(str, HAPlayerConstant.ErrorCode.MEDIA_ERROR_INVALID_STREAM);
                if (packageArchiveInfo == null) {
                    str2 = "Get pkg info failed.";
                } else {
                    String str3 = packageArchiveInfo.packageName;
                    if (StringUtils.isEmpty(str3)) {
                        str2 = "Get pkgName failed.";
                    } else {
                        ApplicationInfo applicationInfo = packageArchiveInfo.applicationInfo;
                        if (applicationInfo == null || (bundle = applicationInfo.metaData) == null) {
                            Logger.e(TAG, "Get metaData failed.");
                            return false;
                        }
                        if (bundle == null) {
                            Logger.e(TAG, "Get metaData failed.");
                            return false;
                        }
                        SafeBundle safeBundle = new SafeBundle(bundle);
                        String string = safeBundle.getString(METADATA_HMS_SIGNATURE);
                        String string2 = safeBundle.getString(METADATA_HMS_CERT_CHAIN);
                        if (StringUtils.isEmpty(string) || StringUtils.isEmpty(string2)) {
                            str2 = "Get sign info failed, signature" + string + ", certChain:" + string2;
                        } else {
                            String unInstalledAppHash = HiPkgSignManager.getUnInstalledAppHash(context, str);
                            if (StringUtils.isEmpty(unInstalledAppHash)) {
                                str2 = "Get fingerPrint failed.";
                            } else if (BlackListManager.inBlackList(context, unInstalledAppHash)) {
                                str2 = "Apk signature is in blocklist";
                            } else {
                                List<X509Certificate> certChain = X509CertUtil.getCertChain(string2);
                                if (certChain.isEmpty()) {
                                    str2 = "Get certChain failed.";
                                } else {
                                    byte[] readAssetsFile = IOUtils.readAssetsFile(context.getAssets(), CBG_ROOT_CA);
                                    if (readAssetsFile.length != 0) {
                                        return checkCertChain(string, str3 + "&" + unInstalledAppHash, certChain, X509CertUtil.getCert(readAssetsFile), getVerifyCertNameList(context));
                                    }
                                    str2 = "Get root cert is invalid.";
                                }
                            }
                        }
                    }
                }
            }
        }
        Logger.e(TAG, str2);
        return false;
    }

    private static List<String> getVerifyCertNameList(Context context) {
        List<String> asList = Arrays.asList("Huawei CBG HMS Kit");
        try {
            Bundle bundle = context.getPackageManager().getApplicationInfo(context.getPackageName(), 128).metaData;
            if (bundle == null) {
                Logger.e(TAG, "No cert name meta data found");
                return asList;
            }
            String string = bundle.getString(METADATA_HMS_VERIFY_CERT_NAME);
            if (StringUtils.isEmpty(string)) {
                Logger.e(TAG, "Verify cert name is not configured, use default");
                return asList;
            }
            List<String> asList2 = Arrays.asList(string.split(","));
            if (asList2.size() > 0) {
                return asList2;
            }
            Logger.e(TAG, "Verify cert name split error, use default");
            return asList;
        } catch (PackageManager.NameNotFoundException unused) {
            Logger.e(TAG, "Get cert name meta data error");
            return asList;
        }
    }
}
