package defpackage;

import android.content.Context;
import android.text.TextUtils;
import com.huawei.hms.feature.dynamic.f.e;
import com.huawei.secure.android.common.ssl.util.j;
import com.huawei.secure.android.common.util.SafeBase64;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;

/* loaded from: classes3.dex */
public class gd3 {
    /* JADX WARN: Multi-variable type inference failed */
    public static X509Certificate a(Context context, String str) {
        InputStream inputStream;
        KeyStore keyStore;
        Context context2 = null;
        if (context == null || TextUtils.isEmpty(str)) {
            ot.e("ReaderCommon_X509CertUtils", "getCertFromBks context is null or alias is empty");
            return null;
        }
        try {
            try {
                try {
                    keyStore = KeyStore.getInstance("bks");
                    inputStream = context.getAssets().open(ce3.getInstance().enableTestUrl() ? "updatesdkcas_test.bks" : "hmsrootcas.bks");
                    try {
                        keyStore.load(inputStream, new char[0]);
                    } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException unused) {
                        ot.e("ReaderCommon_X509CertUtils", "getCertFromBks exception");
                        qd3.closeStream(inputStream);
                        return null;
                    }
                } catch (Throwable th) {
                    th = th;
                    context2 = context;
                    qd3.closeStream(context2);
                    throw th;
                }
            } catch (Throwable th2) {
                th = th2;
                qd3.closeStream(context2);
                throw th;
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException unused2) {
            inputStream = null;
        }
        if (!keyStore.containsAlias(str)) {
            ot.e("ReaderCommon_X509CertUtils", "getCertFromBks keyStore not include this alias");
            qd3.closeStream(inputStream);
            return null;
        }
        X509Certificate x509Certificate = (X509Certificate) iw.cast((Object) keyStore.getCertificate(str), X509Certificate.class);
        if (x509Certificate == null) {
            qd3.closeStream(inputStream);
            return null;
        }
        x509Certificate.checkValidity();
        qd3.closeStream(inputStream);
        return x509Certificate;
    }

    public static X509Certificate b(String str) {
        ot.i("ReaderCommon_X509CertUtils", "getCert");
        if (TextUtils.isEmpty(str)) {
            ot.e("ReaderCommon_X509CertUtils", "getCert base64Cert is empty");
            return null;
        }
        try {
            return c(SafeBase64.decode(str, 0));
        } catch (IllegalArgumentException unused) {
            ot.e("ReaderCommon_X509CertUtils", "getCert failed illegalArgumentException");
            return null;
        }
    }

    public static X509Certificate c(byte[] bArr) {
        ot.i("ReaderCommon_X509CertUtils", "getCert");
        if (dw.isEmpty(bArr)) {
            ot.e("ReaderCommon_X509CertUtils", "getCert bytesCert is empty");
            return null;
        }
        try {
            return (X509Certificate) iw.cast((Object) CertificateFactory.getInstance(e.b).generateCertificate(new ByteArrayInputStream(bArr)), X509Certificate.class);
        } catch (CertificateException unused) {
            ot.e("ReaderCommon_X509CertUtils", "getCert failed by certificateException");
            return null;
        }
    }

    public static boolean checkSignature(X509Certificate x509Certificate, String str, String str2) {
        ot.i("ReaderCommon_X509CertUtils", "checkSignature");
        if (x509Certificate == null) {
            ot.e("ReaderCommon_X509CertUtils", "checkSignature certificate is null");
            return false;
        }
        if (vx.isEmpty(str) || vx.isEmpty(str2)) {
            ot.e("ReaderCommon_X509CertUtils", "checkSignature plainText or signedText is empty");
            return false;
        }
        try {
            return g(x509Certificate, str.getBytes("UTF-8"), SafeBase64.decode(str2, 0));
        } catch (UnsupportedEncodingException | IllegalArgumentException unused) {
            ot.e("ReaderCommon_X509CertUtils", "checkSignature exception");
            return false;
        }
    }

    public static boolean checkSubjectCN(X509Certificate x509Certificate, String str) {
        return e(x509Certificate, "CN", str);
    }

    public static boolean checkSubjectDefaultCN(X509Certificate x509Certificate) {
        return e(x509Certificate, "CN", "Huawei CBG HUAWEI Books");
    }

    public static boolean checkSubjectDefaultOU(X509Certificate x509Certificate) {
        return e(x509Certificate, e.d, "Huawei CBG Cloud Security Signer");
    }

    public static boolean checkSubjectOU(X509Certificate x509Certificate, String str) {
        return e(x509Certificate, e.d, str);
    }

    public static boolean d(X509Certificate x509Certificate) {
        ot.i("ReaderCommon_X509CertUtils", "isCanCertSign");
        if (x509Certificate == null) {
            ot.e("ReaderCommon_X509CertUtils", "isCanCertSign cert is null");
            return false;
        }
        if (x509Certificate.getBasicConstraints() == -1) {
            ot.e("ReaderCommon_X509CertUtils", "isCanCertSign cert basicConstraints = -1");
            return false;
        }
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        return keyUsage != null && keyUsage.length > 5 && keyUsage[5];
    }

    public static boolean e(X509Certificate x509Certificate, String str, String str2) {
        if (x509Certificate != null && !TextUtils.isEmpty(str) && !TextUtils.isEmpty(str2)) {
            return vx.isEqual(str2, getValueByKey(x509Certificate.getSubjectDN().getName(), str));
        }
        ot.e("ReaderCommon_X509CertUtils", "cert is null or key is empty or value is empty");
        return false;
    }

    public static boolean f(X509Certificate x509Certificate, PublicKey publicKey) {
        if (x509Certificate == null) {
            return false;
        }
        try {
            x509Certificate.verify(publicKey);
            return true;
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused) {
            ot.e("ReaderCommon_X509CertUtils", "isVerifySuccess verify failed");
            return false;
        }
    }

    public static boolean g(X509Certificate x509Certificate, byte[] bArr, byte[] bArr2) {
        ot.i("ReaderCommon_X509CertUtils", "checkSignature");
        try {
            Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
            signature.initVerify(x509Certificate.getPublicKey());
            signature.update(bArr);
            boolean verify = signature.verify(bArr2);
            ot.i("ReaderCommon_X509CertUtils", "checkSignature isVerifySuccess:" + verify);
            return verify;
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException unused) {
            ot.e("ReaderCommon_X509CertUtils", "checkSignature failed");
            return false;
        }
    }

    public static X509Certificate getCBGRootCA(Context context) {
        return a(context, j.f);
    }

    public static List<X509Certificate> getCertChain(List<String> list) {
        ot.i("ReaderCommon_X509CertUtils", "getCertChain");
        if (dw.isEmpty(list)) {
            return new ArrayList(0);
        }
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(b(it.next()));
        }
        return arrayList;
    }

    public static String getValueByKey(String str, String str2) {
        ot.i("ReaderCommon_X509CertUtils", "getValueByKey");
        if (vx.isEmpty(str) || vx.isEmpty(str2)) {
            ot.e("ReaderCommon_X509CertUtils", "getValueByKey dnName or key is empty");
            return null;
        }
        int indexOf = str.toUpperCase(Locale.getDefault()).indexOf(str2 + "=");
        if (indexOf == -1) {
            ot.e("ReaderCommon_X509CertUtils", "getValueByKey dnNameBegin = -1");
            return null;
        }
        int indexOf2 = str.indexOf(",", indexOf);
        return indexOf2 != -1 ? str.substring(indexOf + str2.length() + 1, indexOf2) : str.substring(indexOf + str2.length() + 1);
    }

    public static boolean h(List<X509Certificate> list) {
        for (int i = 0; i < list.size() - 1; i++) {
            if (!d(list.get(i))) {
                return false;
            }
        }
        return true;
    }

    public static boolean verifyCertChain(X509Certificate x509Certificate, List<X509Certificate> list) {
        if (dw.isEmpty(list)) {
            ot.e("ReaderCommon_X509CertUtils", "verifyCertChain certChain is empty,verify failed");
            return false;
        }
        if (x509Certificate == null) {
            ot.e("ReaderCommon_X509CertUtils", "verifyCertChain rootCert is null,verify failed");
            return false;
        }
        PublicKey publicKey = x509Certificate.getPublicKey();
        for (X509Certificate x509Certificate2 : list) {
            if (!f(x509Certificate2, publicKey)) {
                return false;
            }
            publicKey = x509Certificate2.getPublicKey();
        }
        return h(list);
    }
}
