package com.miui.enterprise.signature;

import android.content.Context;
import android.content.Intent;
import android.os.UserHandle;
import android.os.updater.DigestUtils;
import android.text.TextUtils;
import android.util.Slog;
import com.miui.enterprise.settings.EnterpriseSettings;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.Enumeration;
import java.util.Locale;
import java.util.concurrent.atomic.AtomicReference;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.zip.ZipEntry;
import miui.telephony.TelephonyManagerUtil;
import miui.util.RSAUtilsCompat;

/* loaded from: classes.dex */
public class EnterpriseVerifier {
    private static final String CHARSET = "UTF-8";
    private static final String ENTERPRISE_CER_ENTRY = "entcert";
    private static final String ENTERPRISE_CER_FILE = "META-INF/ENTERPRISE.CER";
    private static final String ENT_PUBLIC_KEY = "-----BEGIN CERTIFICATE-----\nMIIDXzCCAkegAwIBAgIEMgLUEDANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwI4\nNjEPMA0GA1UECBMGQmVpSmluMQ8wDQYDVQQHEwZCZWlKaW4xDzANBgNVBAoTBlhp\nYW9NaTENMAsGA1UECxMETUlVSTEPMA0GA1UEAxMGWGlhb01pMB4XDTE4MDIwNTEw\nNTUwM1oXDTQ4MDEyOTEwNTUwM1owYDELMAkGA1UEBhMCODYxDzANBgNVBAgTBkJl\naUppbjEPMA0GA1UEBxMGQmVpSmluMQ8wDQYDVQQKEwZYaWFvTWkxDTALBgNVBAsT\nBE1JVUkxDzANBgNVBAMTBlhpYW9NaTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC\nAQoCggEBALE5VJgm5U7lzuEdK69+PXmjw43IwkOPKcZH5ygySuf1X9NJq1YteOoo\nSAYP1sOIr3gg/FauQSlFxmM1VPCXE3uLvDC9ko/vJtpzgfqD/tM/mZQmlFVlWFNW\n9+64Ri/15tO5La1oXW2ccsp0thYmVNDEQtJw/HK5G26l2PSMdGxcgZUAv61dFhbq\n9aAm9ZtvVxUJdlw9xOBE+N+fTxnteM60cY9lPsOXdloHuSo93FF/WlS+7NfyO0h1\n3zWD54OkYsLNBnefynuay33fxFqEK/OqpAHkolIRhxhy256RzoS5tC8aWBdvqZTQ\n6GEmxg3/tkK6dM40L5pFsPV6eJeEnj8CAwEAAaMhMB8wHQYDVR0OBBYEFNNMGSE0\nbeZUEt2r7beFWvvvfBoSMA0GCSqGSIb3DQEBCwUAA4IBAQBfRf59v1HFwPtjzRGA\nYjoR4Z8QdQ8Gu7fJMlm3MOaBPiVh/rTp5/PtDAAUyDjUZFUOTngmAIDk768FDNkY\nfBTn0RCZVI96FsdcA9dhCeCadnr7I6kpHX1LeqXkkVsrviV8vnqXcBIk29qu/M0s\ncBZy1SBP3YlN5ZOQXipWCdU7hNt4QdAYfeOZ8/A/DHZUmZsbPP+gq3I1u8rV1e5q\nPmF46bmuOXe4eXmqBiWNmJyGDOpP0YiT4N57kJOM2aiNWNGXMod4/896rDXUoCuM\n5xIsDV64/DorjbF4dZta94Q6KnE6JRWFl/i4ol7218EVA3ScHLRISDruJanMpU5V\nF3nx\n-----END CERTIFICATE-----";
    private static final String MIUI_SIGNATURE = "3082046c30820354a0030201020209008d64f55b5ca4ef25300d06092a864886f70d0101050500308180310b300906035504061302434e3110300e060355040813074265696a696e673110300e060355040713074265696a696e67310f300d060355040a13065869616f6d69310d300b060355040b13044d495549310d300b060355040313044d495549311e301c06092a864886f70d010901160f6d697569407869616f6d692e636f6d301e170d3131313230363033323733305a170d3339303432333033323733305a308180310b300906035504061302434e3110300e060355040813074265696a696e673110300e060355040713074265696a696e67310f300d060355040a13065869616f6d69310d300b060355040b13044d495549310d300b060355040313044d495549311e301c06092a864886f70d010901160f6d697569407869616f6d692e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100cfb201f02792657970678db7ae5476d6050534be0c0f308370f0b0f8f08ed8f62a39f804ac4e9dd6262759f2545abcc7aa04fa0226d0029bacab42a970806023bd740c73fad30c56b286037eb1663e79f6c4196ed04d41c92c125d130c29d801a1db681af2d89de2d46e7af218385580186eaf7b68d789574e826cc1762190d70aac565b94cf7812d7a90b7d045f3da952a9c585cf437ced4857675c859d3808a882fec9401dc6ce05140e94c918e381223aa69f7df2ded90767505cbfb1c0a8371e9886b56e85925fafccf312aeea6a892e55fda66957f0dd245e6541e188bd0388d880478557591f16a2e2fdf01b83c6d75298f2e27bf3eb0c12ab7ccac68b020103a381e83081e5301d0603551d0e041604142438de5c93ae19065adbdcb82033744bd89d25663081b50603551d230481ad3081aa80142438de5c93ae19065adbdcb82033744bd89d2566a18186a48183308180310b300906035504061302434e3110300e060355040813074265696a696e673110300e060355040713074265696a696e67310f300d060355040a13065869616f6d69310d300b060355040b13044d495549310d300b060355040313044d495549311e301c06092a864886f70d010901160f6d697569407869616f6d692e636f6d8209008d64f55b5ca4ef25300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100ccdf3afa17e8aa4abbf30cd193853ed324ba06a18af56b6aee1b2f96f16bf426406b851d76dc4b1d2f150590e6013fc64d7440f400b59af6b225ae6bd3409b0dec19331365077612e6298dd2323ae0bdb14c774df3e9cc3502841204f248d32971fc4d4b9fb98e830f95f71f5f4b31f94f33a4ac2b1ef5eeb1ecb78a71f5333a7f003c454f4bf4e633626ce330f48df62a9396324da15e676a29d8f563408b7822abf25d2d372f91e43f4dccb17ba8a248b475b71c936755efe1387e2d0511c13f85eed4d12bae3d004ae631c963f9fbf4fc1319f0ffa7de2af9f02f00dec902eb88be20e7ce3d9d3392f338adb8d79392318e057f3110c173af20d5ed1094d6";
    private static final String TAG = "EnterpriseVerifier";
    private static final String TEMP_FILE = "/data/system/ent_temp";
    private static final char[] HEX_DIGITS = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
    private static AtomicReference<byte[]> sBuffer = new AtomicReference<>();

    private static String collectSignature(JarFile jarFile) throws IOException, CertificateException {
        Enumeration<JarEntry> entries = jarFile.entries();
        ArrayList<ZipEntry> arrayList = new ArrayList();
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            if (!nextElement.isDirectory()) {
                String name = nextElement.getName();
                if (!name.startsWith("META-INF/")) {
                    arrayList.add(jarFile.getEntry(name));
                }
            }
        }
        Certificate[] certificateArr = null;
        for (ZipEntry zipEntry : arrayList) {
            InputStream inputStream = jarFile.getInputStream(zipEntry);
            try {
                readFullyIgnoringContents(inputStream);
                if (certificateArr == null) {
                    certificateArr = jarFile.getJarEntry(zipEntry.getName()).getCertificates();
                }
                if (inputStream != null) {
                    inputStream.close();
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        if (certificateArr == null || certificateArr.length == 0) {
            return null;
        }
        return toHexReadable(certificateArr[0].getEncoded());
    }

    private static void deleteTempFileIfExist() throws IOException {
        File file = new File(TEMP_FILE);
        Slog.d(TAG, "Delete temp file " + (file.exists() ? file.delete() : false));
    }

    private static String getSignatureAlgorithm(X509Certificate x509Certificate) {
        String upperCase = x509Certificate.getPublicKey().getAlgorithm().toUpperCase(Locale.US);
        if (RSAUtilsCompat.KEY_RSA.equalsIgnoreCase(upperCase)) {
            return "SHA256withRSA";
        }
        if ("EC".equalsIgnoreCase(upperCase)) {
            return "SHA256withECDSA";
        }
        throw new IllegalArgumentException("unsupported key type: " + upperCase);
    }

    public static long readFullyIgnoringContents(InputStream inputStream) throws IOException {
        byte[] andSet = sBuffer.getAndSet(null);
        if (andSet == null) {
            andSet = new byte[4096];
        }
        int i = 0;
        while (true) {
            int read = inputStream.read(andSet, 0, andSet.length);
            if (read == -1) {
                sBuffer.set(andSet);
                return i;
            }
            i += read;
        }
    }

    private static X509Certificate readPublicKey() throws IOException, GeneralSecurityException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(ENT_PUBLIC_KEY.getBytes("UTF-8"));
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
            byteArrayInputStream.close();
            return x509Certificate;
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static String sha256(byte[] bArr) throws NoSuchAlgorithmException {
        byte[] digest = MessageDigest.getInstance(DigestUtils.ALGORITHM_SHA_256).digest(bArr);
        return (digest == null || digest.length == 0) ? "" : toHexReadable(digest);
    }

    private static String toHexReadable(byte[] bArr) {
        if (bArr == null) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        for (int i : bArr) {
            if (i < 0) {
                i += 256;
            }
            sb.append(HEX_DIGITS[i >> 4]).append(HEX_DIGITS[i & 15]);
        }
        return sb.toString();
    }

    /* JADX WARN: Removed duplicated region for block: B:215:0x0309 A[Catch: all -> 0x03e5, TRY_LEAVE, TryCatch #5 {all -> 0x03e5, blocks: (B:70:0x03ce, B:169:0x02c9, B:195:0x0281, B:197:0x0287, B:213:0x0303, B:215:0x0309, B:224:0x033f, B:254:0x039f, B:275:0x0391, B:274:0x038e), top: B:65:0x00ef }] */
    /* JADX WARN: Removed duplicated region for block: B:224:0x033f A[Catch: all -> 0x03e5, TRY_ENTER, TRY_LEAVE, TryCatch #5 {all -> 0x03e5, blocks: (B:70:0x03ce, B:169:0x02c9, B:195:0x0281, B:197:0x0287, B:213:0x0303, B:215:0x0309, B:224:0x033f, B:254:0x039f, B:275:0x0391, B:274:0x038e), top: B:65:0x00ef }] */
    /* JADX WARN: Removed duplicated region for block: B:284:0x03c5  */
    /* JADX WARN: Removed duplicated region for block: B:67:0x00f1 A[Catch: all -> 0x03e8, TryCatch #9 {all -> 0x03e8, blocks: (B:64:0x00ea, B:67:0x00f1, B:79:0x0102, B:106:0x0135, B:112:0x015e), top: B:63:0x00ea }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static boolean verify(android.content.Context r26, java.lang.String r27, java.lang.String r28) {
        /*
            Method dump skipped, instructions count: 1182
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.miui.enterprise.signature.EnterpriseVerifier.verify(android.content.Context, java.lang.String, java.lang.String):boolean");
    }

    private static boolean verifyApk(JarFile jarFile, EnterpriseCer enterpriseCer, File file, String str, boolean z) throws IOException, NoSuchAlgorithmException {
        int i = 0;
        if (enterpriseCer.deviceIds != null && enterpriseCer.deviceIds.length != 0) {
            String deviceId = TelephonyManagerUtil.getDeviceId();
            boolean z2 = false;
            String[] strArr = enterpriseCer.deviceIds;
            int length = strArr.length;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (TextUtils.equals(deviceId, strArr[i])) {
                    z2 = true;
                    break;
                }
                i++;
            }
            if (!z2) {
                Slog.e(TAG, "Verify failed, device not authorized");
            }
            return z2;
        }
        if (z) {
            Slog.d(TAG, "Verify, version:" + str);
            byte[] hashByVersion = EnterpriseV2Verifier.getHashByVersion(file, str);
            if (hashByVersion == null) {
                return false;
            }
            String sha256 = sha256(hashByVersion);
            Slog.d(TAG, "Verify success, new signature hash");
            return TextUtils.equals(enterpriseCer.apkSignHash, sha256);
        }
        if (verifyApkHashForP(enterpriseCer.apkNewHash, jarFile)) {
            Slog.d(TAG, "Verify success, new apk hash");
            return true;
        }
        if (!verifyApkHash(enterpriseCer.apkHash, jarFile)) {
            return false;
        }
        Slog.d(TAG, "Verify success, old apk hash");
        return true;
    }

    private static boolean verifyApkHash(String str, JarFile jarFile) throws IOException, NoSuchAlgorithmException {
        try {
            InputStream inputStream = jarFile.getInputStream(jarFile.getEntry("META-INF/MANIFEST.MF"));
            try {
                byte[] bArr = new byte[inputStream.available()];
                if (inputStream.read(bArr) == -1) {
                    throw new IOException("Failed to read META-INF/MANIFEST.MF");
                }
                boolean equals = TextUtils.equals(str, sha256(bArr));
                if (inputStream != null) {
                    inputStream.close();
                }
                return equals;
            } finally {
            }
        } catch (IOException e) {
            Slog.e(TAG, "Verify failed, old apk hash", e);
            return false;
        }
    }

    private static boolean verifyApkHashForP(String str, JarFile jarFile) throws IOException, NoSuchAlgorithmException {
        try {
            InputStream inputStream = jarFile.getInputStream(jarFile.getEntry("META-INF/MANIFEST.MF"));
            try {
                StringBuilder sb = new StringBuilder();
                byte[] bArr = new byte[2048];
                while (true) {
                    int read = inputStream.read(bArr, 0, 2048);
                    if (read == -1) {
                        break;
                    }
                    sb.append(new String(bArr, 0, read));
                }
                boolean equals = TextUtils.equals(str, sha256(sb.toString().getBytes("UTF-8")));
                if (inputStream != null) {
                    inputStream.close();
                }
                return equals;
            } finally {
            }
        } catch (IOException e) {
            Slog.e(TAG, "Verify failed, new apk hash", e);
            return false;
        }
    }

    public static boolean verifyCert(Context context, JarFile jarFile, EnterpriseCer enterpriseCer, File file, String str, String str2, boolean z) throws IOException, NoSuchAlgorithmException {
        if (!verifyDate(enterpriseCer)) {
            Slog.e(TAG, "Verify failed,  cert out of date");
            return false;
        }
        if (!verifyApk(jarFile, enterpriseCer, file, str, z)) {
            Slog.e(TAG, "Verify failed, miss match apk/device");
            return false;
        }
        String string = EnterpriseSettings.getString(context, EnterpriseSettings.ENTERPRISE_LICENCE);
        if (TextUtils.isEmpty(string)) {
            EnterpriseSettings.putString(context, EnterpriseSettings.ENTERPRISE_AGENCY, enterpriseCer.agencyCode);
            EnterpriseSettings.putString(context, EnterpriseSettings.ENTERPRISE_LICENCE, enterpriseCer.licenceCode);
            EnterpriseSettings.putString(context, EnterpriseSettings.ENTERPRISE_PACKAGE, str2);
        } else if (!TextUtils.equals(string, enterpriseCer.licenceCode)) {
            Slog.e(TAG, "Verify failed, miss match licence code");
            return false;
        }
        Intent intent = new Intent(EnterpriseCer.ACTION_ENTERPRISE_CERT_UPDATE);
        intent.setFlags(16777216);
        intent.putExtra(EnterpriseCer.EXTRA_CERT, enterpriseCer);
        context.sendBroadcastAsUser(intent, UserHandle.OWNER, "com.miui.enterprise.permission.ACTIVE_ENTERPRISE_MODE");
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new ByteArrayInputStream(enterpriseCer.toString().getBytes("UTF-8")));
            try {
                writeFile(bufferedInputStream, EnterpriseCer.CERT_FILE);
                bufferedInputStream.close();
                Slog.d(TAG, "persist cert file");
                return true;
            } finally {
            }
        } catch (IOException e) {
            Slog.e(TAG, "Verify failed" + e);
            return false;
        }
    }

    private static boolean verifyDate(EnterpriseCer enterpriseCer) {
        Date time = Calendar.getInstance().getTime();
        return time.after(enterpriseCer.getValidFrom()) && time.before(enterpriseCer.getValidTo());
    }

    public static boolean verifyPlatformSign(String str) {
        try {
            JarFile jarFile = new JarFile(str, true);
            try {
                String collectSignature = collectSignature(jarFile);
                if (collectSignature != null && collectSignature.length() != 0) {
                    boolean equals = MIUI_SIGNATURE.equals(collectSignature);
                    jarFile.close();
                    return equals;
                }
                Slog.e(TAG, "Verify failed, failed to load enterprise cert signature");
                jarFile.close();
                return false;
            } catch (Throwable th) {
                try {
                    jarFile.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException | CertificateException e) {
            Slog.e(TAG, "Verify failed", e);
            return false;
        }
    }

    private static void writeFile(InputStream inputStream, String str) throws IOException {
        File file = new File(str);
        if (!file.exists() && !file.createNewFile()) {
            throw new IOException("Filed to create temp file: " + file.getCanonicalPath());
        }
        BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(file));
        try {
            byte[] bArr = new byte[8192];
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    bufferedOutputStream.flush();
                    bufferedOutputStream.close();
                    return;
                }
                bufferedOutputStream.write(bArr, 0, read);
            }
        } catch (Throwable th) {
            try {
                bufferedOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
