package org.apache.harmony.security.utils;

import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import javax.xml.datatype.DatatypeConstants;
import org.apache.harmony.security.asn1.ASN1OctetString;
import org.apache.harmony.security.asn1.BerInputStream;
import org.apache.harmony.security.pkcs7.ContentInfo;
import org.apache.harmony.security.pkcs7.SignedData;
import org.apache.harmony.security.pkcs7.SignerInfo;
import org.apache.harmony.security.provider.cert.X509CertImpl;
import org.apache.harmony.security.x501.AttributeTypeAndValue;

/* loaded from: classes.dex */
public class JarUtils {
    private static final int[] MESSAGE_DIGEST_OID = {1, 2, DatatypeConstants.MIN_TIMEZONE_OFFSET, 113549, 1, 9, 4};

    private static X509Certificate[] createChain(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr, boolean z) {
        LinkedList linkedList = new LinkedList();
        linkedList.add(0, x509Certificate);
        if (x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
            return (X509Certificate[]) linkedList.toArray(new X509Certificate[1]);
        }
        Principal issuerDN = x509Certificate.getIssuerDN();
        X509Certificate x509Certificate2 = x509Certificate;
        int i = 1;
        while (true) {
            X509Certificate findCert = findCert(issuerDN, x509CertificateArr, x509Certificate2, z);
            if (findCert != null) {
                linkedList.add(findCert);
                i++;
                if (findCert.getSubjectDN().equals(findCert.getIssuerDN())) {
                    break;
                }
                issuerDN = findCert.getIssuerDN();
                x509Certificate2 = findCert;
            } else {
                break;
            }
        }
        return (X509Certificate[]) linkedList.toArray(new X509Certificate[i]);
    }

    private static X509Certificate findCert(Principal principal, X509Certificate[] x509CertificateArr, X509Certificate x509Certificate, boolean z) {
        for (int i = 0; i < x509CertificateArr.length; i++) {
            if (principal.equals(x509CertificateArr[i].getSubjectDN())) {
                if (z) {
                    try {
                        x509Certificate.verify(x509CertificateArr[i].getPublicKey());
                    } catch (Exception e) {
                    }
                }
                return x509CertificateArr[i];
            }
        }
        return null;
    }

    public static Certificate[] verifySignature(InputStream inputStream, InputStream inputStream2) throws IOException, GeneralSecurityException {
        return verifySignature(inputStream, inputStream2, false);
    }

    public static Certificate[] verifySignature(InputStream inputStream, InputStream inputStream2, boolean z) throws IOException, GeneralSecurityException {
        SignedData signedData = ((ContentInfo) ContentInfo.ASN1.decode(new BerInputStream(inputStream2))).getSignedData();
        if (signedData == null) {
            throw new IOException("No SignedData found");
        }
        List<org.apache.harmony.security.x509.Certificate> certificates = signedData.getCertificates();
        if (certificates.isEmpty()) {
            return null;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificates.size()];
        int i = 0;
        Iterator<org.apache.harmony.security.x509.Certificate> it = certificates.iterator();
        while (it.hasNext()) {
            x509CertificateArr[i] = new X509CertImpl(it.next());
            i++;
        }
        List<SignerInfo> signerInfos = signedData.getSignerInfos();
        if (signerInfos.isEmpty()) {
            return null;
        }
        SignerInfo signerInfo = signerInfos.get(0);
        X500Principal issuer = signerInfo.getIssuer();
        BigInteger serialNumber = signerInfo.getSerialNumber();
        int i2 = 0;
        int i3 = 0;
        while (true) {
            if (i3 >= x509CertificateArr.length) {
                break;
            }
            if (issuer.equals(x509CertificateArr[i3].getIssuerDN()) && serialNumber.equals(x509CertificateArr[i3].getSerialNumber())) {
                i2 = i3;
                break;
            }
            i3++;
        }
        if (i3 == x509CertificateArr.length) {
            return null;
        }
        if (x509CertificateArr[i2].hasUnsupportedCriticalExtension()) {
            throw new SecurityException("Can not recognize a critical extension");
        }
        String digestAlgorithm = signerInfo.getDigestAlgorithm();
        String digestAlgorithmName = signerInfo.getDigestAlgorithmName();
        String digestEncryptionAlgorithm = signerInfo.getDigestEncryptionAlgorithm();
        Signature signature = null;
        if (digestAlgorithm != null && digestEncryptionAlgorithm != null) {
            try {
                signature = Signature.getInstance(digestAlgorithm + "with" + digestEncryptionAlgorithm);
            } catch (NoSuchAlgorithmException e) {
            }
            if (signature == null) {
                try {
                    signature = Signature.getInstance(digestAlgorithmName + "with" + signerInfo.getDigestEncryptionAlgorithmName());
                } catch (NoSuchAlgorithmException e2) {
                }
            }
        }
        if (signature == null && digestAlgorithm != null) {
            try {
                signature = Signature.getInstance(digestAlgorithm);
            } catch (NoSuchAlgorithmException e3) {
            }
            if (signature == null && digestAlgorithmName != null) {
                try {
                    signature = Signature.getInstance(digestAlgorithmName);
                } catch (NoSuchAlgorithmException e4) {
                }
            }
        }
        if (signature == null) {
            return null;
        }
        signature.initVerify(x509CertificateArr[i2]);
        List<AttributeTypeAndValue> authenticatedAttributes = signerInfo.getAuthenticatedAttributes();
        byte[] bArr = new byte[inputStream.available()];
        inputStream.read(bArr);
        if (authenticatedAttributes == null) {
            signature.update(bArr);
        } else {
            signature.update(signerInfo.getEncodedAuthenticatedAttributes());
            byte[] bArr2 = null;
            for (AttributeTypeAndValue attributeTypeAndValue : authenticatedAttributes) {
                if (Arrays.equals(attributeTypeAndValue.getType().getOid(), MESSAGE_DIGEST_OID)) {
                    if (bArr2 != null) {
                        throw new SecurityException("Too many MessageDigest attributes");
                    }
                    Collection<?> values = attributeTypeAndValue.getValue().getValues(ASN1OctetString.getInstance());
                    if (values.size() != 1) {
                        throw new SecurityException("Too many values for MessageDigest attribute");
                    }
                    bArr2 = (byte[]) values.iterator().next();
                }
            }
            if (bArr2 == null) {
                throw new SecurityException("Missing MessageDigest in Authenticated Attributes");
            }
            MessageDigest messageDigest = digestAlgorithm != null ? MessageDigest.getInstance(digestAlgorithm) : null;
            if (messageDigest == null && digestAlgorithmName != null) {
                messageDigest = MessageDigest.getInstance(digestAlgorithmName);
            }
            if (messageDigest == null) {
                return null;
            }
            if (!Arrays.equals(bArr2, messageDigest.digest(bArr))) {
                throw new SecurityException("Incorrect MD");
            }
        }
        if (signature.verify(signerInfo.getEncryptedDigest())) {
            return createChain(x509CertificateArr[i2], x509CertificateArr, z);
        }
        throw new SecurityException("Incorrect signature");
    }
}
