package com.cisco.anyconnect.vpn.android.crypto;

import android.content.Context;
import com.cisco.android.filesignerlib.BinaryFile;
import com.cisco.android.filesignerlib.CodeSignException;
import com.cisco.android.filesignerlib.CodeSignTlv;
import com.cisco.android.filesignerlib.LogInterface;
import com.cisco.android.nchs.codesign.JavaLogger;
import com.cisco.android.nchs.codesign.VerifySignFile;
import com.cisco.anyconnect.vpn.android.util.AppLog;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;

/* loaded from: classes.dex */
public class FileVerifier {
    private static final String ANYCONNECT_CODE_SIGNING_CERT = "codeSign.der";
    private static final String ENTITY_NAME = "FileVerifier";
    private static Map<String, byte[]> sFileAssetSignatureMap;
    private static X509Certificate sTrustedSigningCert;
    private final byte[] mCatalog;
    private final File mDataFile;
    private LogInterface mLogger;

    /* loaded from: classes.dex */
    public static class Builder {
        private byte[] mCatalog;
        private final File mDataFile;

        public Builder(File file) throws FileVerifierException {
            if (file == null) {
                throw new FileVerifierException("Unexpected null data file.");
            }
            if (file.exists()) {
                this.mDataFile = file;
                return;
            }
            throw new FileVerifierException("Data file does not exist: " + file);
        }

        public Builder(String str) throws FileVerifierException {
            if (str == null) {
                throw new FileVerifierException("Unexpected null data file.");
            }
            this.mDataFile = new File(str);
            if (this.mDataFile.exists()) {
                return;
            }
            throw new FileVerifierException("Data file does not exist: " + str);
        }

        public FileVerifier build() {
            return new FileVerifier(this);
        }

        public Builder setCatalog(File file) throws FileVerifierException {
            try {
                if (file == null) {
                    throw new FileVerifierException("Unexpected null catalog file.");
                }
                if (file.exists()) {
                    this.mCatalog = BinaryFile.Read(file.getAbsolutePath());
                    return this;
                }
                throw new FileVerifierException("Catalog file does not exist: " + file);
            } catch (FileNotFoundException e) {
                throw new FileVerifierException("setCatalog failed", e);
            }
        }

        public Builder setCatalog(byte[] bArr) throws FileVerifierException {
            if (bArr == null || bArr.length == 0) {
                throw new FileVerifierException("Invalid catalog.");
            }
            this.mCatalog = bArr;
            return this;
        }
    }

    /* loaded from: classes.dex */
    public static class FileVerifierException extends Exception {
        public FileVerifierException(String str) {
            super(str);
        }

        public FileVerifierException(String str, Throwable th) {
            super(str, th);
        }
    }

    private FileVerifier(Builder builder) {
        this.mLogger = new JavaLogger();
        if (getTrustedSigningCert() == null) {
            throw new RuntimeException("Static data is not initialized");
        }
        this.mDataFile = builder.mDataFile;
        this.mCatalog = builder.mCatalog;
    }

    private Certificate generateCertificate(byte[] bArr) throws CertificateException {
        if (bArr == null) {
            throw new IllegalArgumentException("Cert byte array must not be null");
        }
        return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    private static byte[] getAssetBytes(Context context, String str) throws IOException {
        InputStream inputStream = null;
        try {
            inputStream = context.getAssets().open(str);
            byte[] bArr = new byte[inputStream.available()];
            inputStream.read(bArr);
            return bArr;
        } finally {
            if (inputStream != null) {
                inputStream.close();
            }
        }
    }

    public static synchronized byte[] getFileSignature(String str) throws FileVerifierException {
        byte[] bArr;
        synchronized (FileVerifier.class) {
            if (sFileAssetSignatureMap == null) {
                throw new FileVerifierException("FileVerifier is not initialized");
            }
            bArr = sFileAssetSignatureMap.get(str);
        }
        return bArr;
    }

    private static synchronized X509Certificate getTrustedSigningCert() {
        X509Certificate x509Certificate;
        synchronized (FileVerifier.class) {
            x509Certificate = sTrustedSigningCert;
        }
        return x509Certificate;
    }

    public static synchronized void initStaticData(Context context) throws FileVerifierException {
        synchronized (FileVerifier.class) {
            try {
                sFileAssetSignatureMap = new HashMap();
                if (sTrustedSigningCert == null) {
                    InputStream open = context.getAssets().open(ANYCONNECT_CODE_SIGNING_CERT);
                    sTrustedSigningCert = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(open);
                    open.close();
                }
            } catch (Exception e) {
                throw new FileVerifierException("Failed to init static data", e);
            }
        }
    }

    public static synchronized boolean isFileSigned(String str) throws FileVerifierException {
        boolean z;
        synchronized (FileVerifier.class) {
            if (sFileAssetSignatureMap == null) {
                throw new FileVerifierException("FileVerifier is not initialized");
            }
            z = sFileAssetSignatureMap.get(str) != null;
        }
        return z;
    }

    private boolean validateSigningCert(Certificate certificate) {
        if (getTrustedSigningCert().equals(certificate)) {
            return true;
        }
        AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "ValidateCertificate failed.");
        return false;
    }

    public boolean verify() {
        CodeSignTlv GetTlv;
        try {
            VerifySignFile verifySignFile = new VerifySignFile(this.mLogger);
            if (this.mCatalog != null) {
                GetTlv = new CodeSignTlv(new JavaLogger());
                GetTlv.SetCodeSignTlv(this.mCatalog);
                verifySignFile.SetTlv(GetTlv);
            } else {
                verifySignFile.open(this.mDataFile.getAbsolutePath());
                GetTlv = verifySignFile.GetTlv();
            }
            if (!GetTlv.IsValid()) {
                this.mLogger.log("Invalid signature structure attached to file");
                return false;
            }
            byte[] GetSignatureForFileType = GetTlv.GetSignatureForFileType((short) 100);
            Certificate generateCertificate = generateCertificate(GetTlv.GetCert());
            if (!validateSigningCert(generateCertificate)) {
                this.mLogger.log("Certificate did not pass validation, file is untrusted");
                return false;
            }
            verifySignFile.open(this.mDataFile.getAbsolutePath());
            Signature signature = Signature.getInstance("Sha1withRSA");
            signature.initVerify(generateCertificate.getPublicKey());
            verifySignFile.addFileContentsToSignatureHash(signature);
            boolean verify = signature.verify(GetSignatureForFileType);
            if (verify) {
                return true;
            }
            this.mLogger.log(this.mDataFile + " failed code signature validation");
            return verify;
        } catch (CodeSignException e) {
            this.mLogger.log("When validating signature a CodeSignException occurred " + e);
            return false;
        } catch (Exception e2) {
            this.mLogger.log("Failed to validate " + this.mDataFile + " " + e2);
            return false;
        }
    }
}
