package g.b.i.m.i.f0;

import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.os.Bundle;
import com.huawei.hms.fwkcom.eventlog.Logger;
import com.huawei.openalliance.ad.ppskit.constant.av;
import g.b.i.m.i.d0;
import g.b.i.m.i.n;
import java.io.UnsupportedEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;

/* compiled from: SignVerificationUtils.java */
/* loaded from: classes.dex */
public class c {
    public static int a(String str, String str2, List<X509Certificate> list, X509Certificate x509Certificate, List<String> list2) {
        boolean z;
        if (!d.m(x509Certificate, list)) {
            Logger.d("SV_Utils", "failed to verify cert chain");
            return 12;
        }
        X509Certificate x509Certificate2 = list.get(0);
        Iterator<String> it = list2.iterator();
        while (true) {
            if (!it.hasNext()) {
                z = false;
                break;
            }
            if (d.e(x509Certificate2, it.next())) {
                z = true;
                break;
            }
        }
        if (!z) {
            Logger.d("SV_Utils", "Cert name verify failed");
            return 13;
        }
        if (!d.f(x509Certificate2, "Huawei CBG Cloud Security Signer")) {
            Logger.d("SV_Utils", "OU is invalid");
            return 14;
        }
        byte[] bArr = null;
        try {
            bArr = str2.getBytes(av.f3200m);
        } catch (UnsupportedEncodingException e2) {
            Logger.e("SV_Utils", "checkCertChain UnsupportedEncodingException:", e2);
        }
        if (d.c(x509Certificate2, bArr, a.a(str))) {
            return 0;
        }
        Logger.d("SV_Utils", "signature is invalid: " + str2);
        return 15;
    }

    public static boolean b(Context context, String str) {
        return c(context, str) == 0;
    }

    public static int c(Context context, String str) {
        Bundle bundle;
        if (d0.f(str)) {
            Logger.d("SV_Utils", "Invalid param.");
            return 1;
        }
        PackageManager packageManager = context.getPackageManager();
        if (packageManager == null) {
            Logger.d("SV_Utils", "Get pkg Manager failed.");
            return 2;
        }
        PackageInfo packageArchiveInfo = packageManager.getPackageArchiveInfo(str, 132);
        if (packageArchiveInfo == null) {
            Logger.d("SV_Utils", "Get pkg info failed.");
            return 3;
        }
        String str2 = packageArchiveInfo.packageName;
        if (d0.f(str2)) {
            Logger.d("SV_Utils", "Get pkgName failed.");
            return 4;
        }
        ApplicationInfo applicationInfo = packageArchiveInfo.applicationInfo;
        if (applicationInfo == null || (bundle = applicationInfo.metaData) == null) {
            Logger.d("SV_Utils", "Get metaData failed.");
            return 5;
        }
        g.b.n.a.a.d.b bVar = new g.b.n.a.a.d.b(bundle);
        String f2 = bVar.f("com.huawei.hms.fingerprint_signature");
        String f3 = bVar.f("com.huawei.hms.sign_certchain");
        if (d0.f(f2)) {
            Logger.d("SV_Utils", "Get sign info failed");
            return 6;
        }
        if (d0.f(f3)) {
            Logger.d("SV_Utils", "Get singCertChain failed");
            return 7;
        }
        String g2 = g.b.n.a.a.e.a.g(context, str);
        if (d0.f(g2)) {
            Logger.d("SV_Utils", "Get fingerPrint failed.");
            return 8;
        }
        if (b.d(context, g2)) {
            Logger.d("SV_Utils", "Apk signature is in blocklist");
            return 9;
        }
        List<X509Certificate> i2 = d.i(f3);
        if (i2.isEmpty()) {
            Logger.d("SV_Utils", "Get certChain failed.");
            return 10;
        }
        byte[] c2 = n.c(context.getAssets(), "CBG_CA.cer");
        if (c2.length == 0) {
            Logger.d("SV_Utils", "Get root cert is invalid.");
            return 11;
        }
        return a(f2, str2 + av.dp + g2, i2, d.h(c2), d(context));
    }

    public static List<String> d(Context context) {
        List<String> asList = Arrays.asList("Huawei CBG HMS Kit");
        try {
            Bundle bundle = context.getPackageManager().getApplicationInfo(context.getPackageName(), 128).metaData;
            if (bundle == null) {
                Logger.d("SV_Utils", "No cert name meta data found");
                return asList;
            }
            String string = bundle.getString("com.huawei.hms.fwk.verify_subapp_cert_names");
            if (d0.f(string)) {
                Logger.d("SV_Utils", "Verify cert name is not configured, use default");
                return asList;
            }
            List<String> asList2 = Arrays.asList(string.split(","));
            if (asList2.size() > 0) {
                return asList2;
            }
            Logger.d("SV_Utils", "Verify cert name split error, use default");
            return asList;
        } catch (PackageManager.NameNotFoundException unused) {
            Logger.d("SV_Utils", "Get cert name meta data error");
            return asList;
        }
    }
}
