package com.cisco.android.nchs.codesign;

import com.cisco.android.filesignerlib.BinaryFile;
import com.cisco.android.filesignerlib.CodeSignException;
import com.cisco.android.filesignerlib.CodeSignTlv;
import com.cisco.android.filesignerlib.LogInterface;
import com.cisco.android.nchs.support.CertificateManager;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

/* loaded from: classes.dex */
public class VerifyFileSignatureJava {
    private static boolean isOsIsLinux;
    private CertificateManager mCertMgr;
    private String mCatalogPath = null;
    private LogInterface mLogger = new JavaLogger();

    static {
        isOsIsLinux = System.getProperty("os.name").toLowerCase().indexOf("linux") != -1;
    }

    public VerifyFileSignatureJava(CertificateManager certificateManager) {
        this.mCertMgr = certificateManager;
    }

    private boolean CheckSigner(Certificate certificate, String str) {
        int length;
        String name = ((X509Certificate) certificate).getSubjectDN().getName();
        int indexOf = name.indexOf("CN=");
        if (-1 == indexOf) {
            this.mLogger.log("could not find CN= element, cannot parse");
            return false;
        }
        int indexOf2 = name.indexOf(61, "CN=".length() + indexOf);
        if (-1 == indexOf2) {
            this.mLogger.log("could not find another element at the end of the DN, using from " + indexOf + " to end of string: " + name.length());
            length = name.length();
        } else {
            int lastIndexOf = name.substring("CN=".length() + indexOf, indexOf2).lastIndexOf(",");
            if (-1 == lastIndexOf) {
                this.mLogger.log("No last comman found in CN, cert is not structured as expected");
                return false;
            }
            length = lastIndexOf + indexOf + "CN=".length();
        }
        return str.compareTo(name.substring("CN=".length() + indexOf, length).replace("\\", "").replace("\"", "")) == 0;
    }

    private CodeSignTlv ExtractTlv_Catalog() throws FileNotFoundException {
        CodeSignTlv codeSignTlv = new CodeSignTlv(new JavaLogger());
        this.mLogger.debuglog("Extract tlv from file: " + this.mCatalogPath);
        codeSignTlv.SetCodeSignTlv(BinaryFile.Read(this.mCatalogPath));
        return codeSignTlv;
    }

    private CodeSignTlv ExtractTlv_File(String str) throws FileNotFoundException, CodeSignException {
        VerifySignFile verifySignFile = new VerifySignFile(new JavaLogger());
        verifySignFile.open(str);
        return verifySignFile.GetTlv();
    }

    private Certificate GenerateCertificate(byte[] bArr) throws IllegalArgumentException, CertificateException {
        if (bArr == null) {
            throw new IllegalArgumentException("Cert byte array must not be null");
        }
        return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    private boolean ValidateCertificate(Certificate certificate, Certificate certificate2) throws IllegalArgumentException {
        X509Certificate[] x509CertificateArr;
        if (certificate == null) {
            throw new IllegalArgumentException("Cert must not be null");
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            if (certificate2 != null) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(certificate.getEncoded());
                byteArrayInputStream.close();
                ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(certificate2.getEncoded());
                x509CertificateArr = new X509Certificate[]{(X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream), (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream2)};
                byteArrayInputStream2.close();
            } else {
                ByteArrayInputStream byteArrayInputStream3 = new ByteArrayInputStream(certificate.getEncoded());
                x509CertificateArr = new X509Certificate[]{(X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream3)};
                byteArrayInputStream3.close();
            }
            return this.mCertMgr.verifyX509CertForSigning(x509CertificateArr) == 0;
        } catch (Exception e) {
            this.mLogger.log("ValidateCertificate Exception " + e);
            return false;
        }
    }

    public boolean IsValid(String str, String str2) throws IllegalArgumentException, FileNotFoundException {
        if (isOsIsLinux) {
            return IsValidProprietary(str, str2);
        }
        this.mLogger.log("No signature checking on this OS");
        return false;
    }

    public boolean IsValidProprietary(String str, String str2) throws IllegalArgumentException, FileNotFoundException {
        try {
            if (str == null || str2 == null) {
                throw new IllegalArgumentException("Path/common name variables must not be null");
            }
            CodeSignTlv ExtractTlv_Catalog = this.mCatalogPath != null ? ExtractTlv_Catalog() : ExtractTlv_File(str);
            if (!ExtractTlv_Catalog.IsValid()) {
                this.mLogger.log("Invalid signature structure attached to file");
                return false;
            }
            byte[] GetSignatureForFileType = ExtractTlv_Catalog.GetSignatureForFileType(ExtractTlv_Catalog.GetTlvFileTypeFromFile(str));
            byte[] GetCert = ExtractTlv_Catalog.GetCert();
            byte[] GetImCert = ExtractTlv_Catalog.GetImCert();
            try {
                Certificate GenerateCertificate = GenerateCertificate(GetCert);
                Certificate GenerateCertificate2 = GetImCert != null ? GenerateCertificate(GetImCert) : null;
                if (!CheckSigner(GenerateCertificate, str2)) {
                    this.mLogger.log("Validation failed because common name did not match");
                    return false;
                }
                if (!ValidateCertificate(GenerateCertificate, GenerateCertificate2)) {
                    this.mLogger.log("Certificate did not pass validation, file is untrusted");
                    return false;
                }
                VerifySignFile verifySignFile = new VerifySignFile(this.mLogger);
                if (this.mCatalogPath != null) {
                    verifySignFile.SetTlv(ExtractTlv_Catalog);
                }
                verifySignFile.open(str);
                try {
                    Signature signature = Signature.getInstance("Sha1withRSA");
                    signature.initVerify(GenerateCertificate.getPublicKey());
                    verifySignFile.addFileContentsToSignatureHash(signature);
                    boolean verify = signature.verify(GetSignatureForFileType);
                    if (verify) {
                        return true;
                    }
                    this.mLogger.log(str + " failed code signature validation");
                    return verify;
                } catch (InvalidKeyException e) {
                    this.mLogger.log("InvalidKeyException " + e);
                    return false;
                } catch (NoSuchAlgorithmException e2) {
                    this.mLogger.log("NoSuchAlgorithmException " + e2);
                    return false;
                } catch (SignatureException e3) {
                    this.mLogger.log("SignatureException " + e3);
                    return false;
                }
            } catch (CertificateException e4) {
                this.mLogger.log("GenerateCertificate threw CertificateException " + e4);
                return false;
            }
        } catch (CodeSignException e5) {
            this.mLogger.log("When validating signature a CodeSignException occurred " + e5);
            return false;
        } catch (FileNotFoundException e6) {
            this.mLogger.log("IsValid FileNotFoundException " + e6);
            throw e6;
        }
    }

    public void SetCatalog(String str) throws IllegalArgumentException, FileNotFoundException {
        if (str == null) {
            throw new IllegalArgumentException("Catalog Path must not be null");
        }
        if (!new File(str).exists()) {
            throw new FileNotFoundException("Catalog files does not exist");
        }
        this.mCatalogPath = new String(str);
    }
}
