package com.android.appauth;

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Date;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/android/appauth/Certificate.class */
public class Certificate implements Logger {
    private static final String KEY_ENTITY_NAME = "EntityName";
    private static final String KEY_DISPLAY_NAME = "DisplayName";
    private static final String KEY_INVALID_AFTER = "InvalidAfter";
    private static final String KEY_INVALID_BEFORE = "InvalidBefore";
    private static final String KEY_TYPE = "Type";
    private static final String KEY_VERSION = "Version";
    private static final String KEY_HASH_ALGO = "HashAlgo";
    private static final String KEY_SIGNED_BY = "SignedBy";
    private static final String KEY_SIGNATURE = "Signature";
    private static final String KEY_PUBLIC_KEY = "PublicKey";
    private static final String KEY_AUTHORIZE_ACCOUNT = "AuthorizeAccount";
    private static final String KEY_AUTHORIZE_MANIFEST = "AuthorizeManifest";
    private static final String KEY_AUTHORIZE_APP_SIGNER = "AuthorizeAppSigner";
    private static final String KEY_AUTHORIZE_DEVICE = "AuthorizeDevice";
    public static final String VERSION = "1.0";
    private static final String PUBLIC_KEY_ALGO = "RSA";
    public static final String TYPE_SIGN_CERTS = "SignCerts";
    public static final String TYPE_SIGN_APPS = "SignApps";
    public static final String TYPE_IDENTITY = "Identity";
    private static final String SIGNER_SELF = "self";
    public static final String SIGNATURE_TYPE = "SHA256withRSA";
    public static final String DIGEST_TYPE = "SHA-256";
    public static final String INSTALL_VIA_USB = "USB";
    private Map<String, List<String>> mEntries = new LinkedHashMap();
    private static final String KEY_VALUE_SEP = ": ";
    private static final byte[] KEY_VALUE_SEP_BYTES = KEY_VALUE_SEP.getBytes();
    private static final String LINE_ENDING = "\n";
    private static final byte[] LINE_ENDING_BYTES = LINE_ENDING.getBytes();
    private static final Charset CHARSET = Charset.forName("UTF-8");

    public static Certificate readFrom(InputStream inputStream) throws IOException, MalformedCertificateException {
        Certificate certificate = new Certificate();
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, CHARSET));
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                return certificate;
            }
            int indexOf = readLine.indexOf(KEY_VALUE_SEP);
            if (indexOf == -1) {
                throw new MalformedCertificateException("Missing key-value separator: " + readLine);
            }
            if (indexOf < 1) {
                throw new MalformedCertificateException("Missing key: " + readLine);
            }
            int length = indexOf + KEY_VALUE_SEP.length();
            if (readLine.length() < length + 1) {
                throw new MalformedCertificateException("Missing value: " + readLine);
            }
            certificate.putItem(readLine.substring(0, indexOf), readLine.substring(length));
        }
    }

    public void writeTo(OutputStream outputStream) throws IOException {
        BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(outputStream, CHARSET));
        for (String str : this.mEntries.keySet()) {
            List<String> list = this.mEntries.get(str);
            int size = list.size();
            for (int i = 0; i < size; i++) {
                bufferedWriter.write(str);
                bufferedWriter.write(KEY_VALUE_SEP);
                bufferedWriter.write(list.get(i));
                bufferedWriter.write(LINE_ENDING);
            }
        }
        bufferedWriter.flush();
    }

    public void putItem(String str, String str2) {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(str2);
        this.mEntries.put(str, arrayList);
    }

    public String getItem(String str) {
        List<String> list = this.mEntries.get(str);
        if (list == null) {
            return null;
        }
        return list.get(0);
    }

    public void addItem(String str, String str2) {
        List<String> list = this.mEntries.get(str);
        if (list == null) {
            list = new ArrayList();
        }
        list.add(str2);
    }

    public List<String> getItems(String str) {
        return this.mEntries.get(str);
    }

    void removeItem(String str) {
        this.mEntries.remove(str);
    }

    byte[] getBase64Item(String str) {
        try {
            return Base64.decode(getItem(str), 0);
        } catch (Exception e) {
            return null;
        }
    }

    void putBase64Item(String str, byte[] bArr) {
        try {
            putItem(str, new String(Base64.encode(bArr, 2), CHARSET));
        } catch (Exception e) {
        }
    }

    public String getEntityName() {
        return getItem(KEY_ENTITY_NAME);
    }

    public void setEntityName(String str) {
        putItem(KEY_ENTITY_NAME, str);
    }

    public String getDisplayName() {
        return getItem(KEY_DISPLAY_NAME);
    }

    public void setDisplayName(String str) {
        putItem(KEY_DISPLAY_NAME, str);
    }

    public Date getInvalidAfter() {
        return Util.stringToDate(getItem(KEY_INVALID_AFTER));
    }

    public void setInvalidAfter(Date date) {
        putItem(KEY_INVALID_AFTER, Util.dateToString(date));
    }

    public Date getInvalidBefore() {
        return Util.stringToDate(getItem(KEY_INVALID_BEFORE));
    }

    public void setInvalidBefore(Date date) {
        putItem(KEY_INVALID_AFTER, Util.dateToString(date));
    }

    public String getType() {
        return getItem(KEY_TYPE);
    }

    public void setType(String str) {
        putItem(KEY_TYPE, str);
    }

    public String getVersion() {
        return getItem(KEY_VERSION);
    }

    public void setVersion(String str) {
        putItem(KEY_VERSION, str);
    }

    public String getHashAlgo() {
        return getItem(KEY_HASH_ALGO);
    }

    public void setHashAlgo(String str) {
        putItem(KEY_HASH_ALGO, str);
    }

    public String getSignedBy() {
        return getItem(KEY_SIGNED_BY);
    }

    public byte[] getSignature() {
        return getBase64Item(KEY_SIGNATURE);
    }

    public void setPublicKey(PublicKey publicKey) {
        putBase64Item(KEY_PUBLIC_KEY, publicKey.getEncoded());
    }

    public PublicKey getPublicKey() {
        byte[] base64Item = getBase64Item(KEY_PUBLIC_KEY);
        if (base64Item == null) {
            return null;
        }
        try {
            return KeyFactory.getInstance(PUBLIC_KEY_ALGO).generatePublic(new X509EncodedKeySpec(base64Item));
        } catch (NoSuchAlgorithmException e) {
            return null;
        } catch (InvalidKeySpecException e2) {
            return null;
        }
    }

    public String getAuthorizeManifest() {
        return getItem(KEY_AUTHORIZE_MANIFEST);
    }

    public void setAuthorizeManifest(String str) {
        putItem(KEY_AUTHORIZE_MANIFEST, str);
    }

    public List<String> getAuthorizeAccounts() {
        return getItems(KEY_AUTHORIZE_ACCOUNT);
    }

    public void addAuthorizeAccount(String str) {
        addItem(KEY_AUTHORIZE_ACCOUNT, str);
    }

    public byte[] getAuthorizeAppSigner() {
        return getBase64Item(KEY_AUTHORIZE_APP_SIGNER);
    }

    public void setAuthorizeAppSigner(byte[] bArr) {
        putBase64Item(KEY_AUTHORIZE_APP_SIGNER, bArr);
    }

    public List<String> getAuthorizedDevices() {
        return getItems(KEY_AUTHORIZE_DEVICE);
    }

    public void addAuthorizeDevice(String str) {
        addItem(KEY_AUTHORIZE_DEVICE, str);
    }

    public String getHash() {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(DIGEST_TYPE);
            updateDigest(messageDigest);
            return Util.toHex(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }

    public boolean isSignedBy(Certificate certificate) {
        try {
            return isSignedByVerbose(certificate);
        } catch (Exception e) {
            return false;
        }
    }

    public boolean signWith(Certificate certificate, PrivateKey privateKey) {
        try {
            return signWithVerbose(certificate, privateKey);
        } catch (Exception e) {
            return false;
        }
    }

    public boolean isSignedByVerbose(Certificate certificate) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, InvalidKeySpecException {
        PublicKey publicKey = certificate.getPublicKey();
        Signature signature = Signature.getInstance(SIGNATURE_TYPE);
        signature.initVerify(publicKey);
        updateSignature(signature);
        return signature.verify(getBase64Item(KEY_SIGNATURE));
    }

    public boolean signWithVerbose(Certificate certificate, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        if (certificate.getHash().equals(getHash())) {
            putItem(KEY_SIGNED_BY, SIGNER_SELF);
        } else {
            putItem(KEY_SIGNED_BY, certificate.getHash());
        }
        Signature signature = Signature.getInstance(SIGNATURE_TYPE);
        signature.initSign(privateKey);
        updateSignature(signature);
        putBase64Item(KEY_SIGNATURE, signature.sign());
        return true;
    }

    private void checkStructure() throws InvalidCertificateException {
        if (!VERSION.equals(getItem(KEY_VERSION))) {
            throw new InvalidCertificateException("version must be 1.0");
        }
        if (!DIGEST_TYPE.equals(getItem(KEY_HASH_ALGO))) {
            throw new InvalidCertificateException("missing or unsupported hash algorithm");
        }
        String item = getItem(KEY_TYPE);
        if (!TYPE_SIGN_CERTS.equals(item) && !TYPE_SIGN_APPS.equals(item)) {
            throw new InvalidCertificateException("missing or invalid Type: " + item);
        }
        if (getItem(KEY_SIGNED_BY) == null) {
            throw new InvalidCertificateException("missing SignedBy entry");
        }
    }

    private void checkSigning(Authenticator authenticator, int i, Logger logger) throws Exception {
        String item = getItem(KEY_SIGNED_BY);
        if (item.equals(SIGNER_SELF)) {
            if (logger != null) {
                logger.writeLine("  signed by self");
            }
            if (!isSignedBy(this)) {
                throw new SignatureException("signature is invalid");
            }
            if (!authenticator.isRootCertificate(this)) {
                throw new UntrustedRootException("self-signer is not a root certificate");
            }
            return;
        }
        if (logger != null) {
            logger.writeLine("  signed by " + Util.trunc(item, 12));
        }
        Certificate certificate = authenticator.getCertificate(item);
        if (certificate == null) {
            throw new InvalidCertificateException("cannot find signing certificate");
        }
        certificate.check(authenticator, i, logger);
        if (!TYPE_SIGN_CERTS.equals(certificate.getItem(KEY_TYPE))) {
            throw new InvalidCertificateException("signer " + Util.trunc(item, 12) + " not authorized to sign certificates");
        }
        if (!isSignedBy(certificate)) {
            throw new SignatureException("signature is invalid");
        }
    }

    public boolean isValid(Authenticator authenticator) {
        Date date = authenticator.getDate();
        return Util.stringToDate(getItem(KEY_INVALID_BEFORE)).compareTo(date) <= 0 && Util.stringToDate(getItem(KEY_INVALID_AFTER)).compareTo(date) >= 0;
    }

    private void checkDateRanges(Authenticator authenticator) throws Exception {
        Date date = authenticator.getDate();
        Date stringToDate = Util.stringToDate(getItem(KEY_INVALID_BEFORE));
        Date stringToDate2 = Util.stringToDate(getItem(KEY_INVALID_AFTER));
        if (stringToDate == null || stringToDate2 == null) {
            throw new InvalidCertificateException("missing or unparsable dates");
        }
        if (stringToDate.compareTo(date) > 0) {
            throw new ExpiredCertificateException("certificate not yet valid");
        }
        if (stringToDate2.compareTo(date) < 0) {
            throw new ExpiredCertificateException("certificate no longer valid");
        }
    }

    private void check(Authenticator authenticator, int i, Logger logger) throws Exception {
        if (logger != null) {
            logger.writeLine("validating certificate '" + getItem(KEY_ENTITY_NAME) + "', " + Util.trunc(getHash(), 12));
        }
        int i2 = i + 1;
        if (i2 == 8) {
            throw new InvalidCertificateException("certificate chain too long");
        }
        checkStructure();
        checkDateRanges(authenticator);
        checkSigning(authenticator, i2, logger);
    }

    public boolean verify(Authenticator authenticator) {
        return verify(authenticator, this);
    }

    public boolean verify(Authenticator authenticator, Logger logger) {
        String str;
        try {
            check(authenticator, 0, logger);
            return true;
        } catch (Exception e) {
            if (logger == null) {
                return false;
            }
            try {
                str = getHash();
            } catch (Exception e2) {
                str = "unknown";
            }
            logger.writeLine(e.getClass().getSimpleName() + " for cert " + Util.trunc(str, 12) + KEY_VALUE_SEP + e.getMessage());
            return false;
        }
    }

    private void updateSignature(Signature signature) throws SignatureException {
        for (String str : this.mEntries.keySet()) {
            if (!KEY_SIGNATURE.equals(str)) {
                byte[] bytes = str.getBytes(CHARSET);
                List<String> list = this.mEntries.get(str);
                int size = list.size();
                for (int i = 0; i < size; i++) {
                    byte[] bytes2 = list.get(i).getBytes(CHARSET);
                    signature.update(bytes);
                    signature.update(KEY_VALUE_SEP_BYTES);
                    signature.update(bytes2);
                    signature.update(LINE_ENDING_BYTES);
                }
            }
        }
    }

    public void updateDigest(MessageDigest messageDigest) {
        for (String str : this.mEntries.keySet()) {
            if (!KEY_SIGNATURE.equals(str)) {
                byte[] bytes = str.getBytes(CHARSET);
                List<String> list = this.mEntries.get(str);
                int size = list.size();
                for (int i = 0; i < size; i++) {
                    byte[] bytes2 = list.get(i).getBytes(CHARSET);
                    messageDigest.update(bytes);
                    messageDigest.update(KEY_VALUE_SEP_BYTES);
                    messageDigest.update(bytes2);
                    messageDigest.update(LINE_ENDING_BYTES);
                }
            }
        }
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        return (obj instanceof Certificate) && ((Certificate) obj).getHash().equals(getHash());
    }

    public int hashCode() {
        int i = 17;
        for (String str : this.mEntries.keySet()) {
            i = (((i * 37) + str.hashCode()) * 37) + this.mEntries.get(str).hashCode();
        }
        return i;
    }

    public String toString() {
        return "Certificate{mEntries=" + this.mEntries.toString() + '}';
    }

    @Override // com.android.appauth.Logger
    public void writeLine(String str) {
        System.err.println(str);
    }
}
