package com.microsoft.intune.common.utils;

import android.content.Context;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.util.Base64;
import java.io.ByteArrayInputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes.dex */
public final class ApkUtils {
    private static final Logger LOGGER = Logger.getLogger(ApkUtils.class.getName());

    private ApkUtils() {
    }

    private static String base64EncodeSignature(Signature signature) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            messageDigest.update(signature.toByteArray());
            return Base64.encodeToString(messageDigest.digest(), 2);
        } catch (NoSuchAlgorithmException e) {
            return "NoSuchAlgorithmException";
        }
    }

    public static String getPackageSignatureForLogging(Context context, String str) {
        String str2 = "";
        if (context == null || StringUtils.isBlank(str)) {
            return "";
        }
        try {
            for (Signature signature : context.getPackageManager().getPackageInfo(str, 64).signatures) {
                str2 = str2 + base64EncodeSignature(signature) + ", ";
            }
            return str2;
        } catch (PackageManager.NameNotFoundException e) {
            return "unknown package name";
        }
    }

    public static String getPackageVersionString(Context context, String str) {
        try {
            PackageInfo packageInfo = context.getPackageManager().getPackageInfo(str, 0);
            return packageInfo.versionName + ", " + packageInfo.versionCode;
        } catch (PackageManager.NameNotFoundException e) {
            return "unknown package name";
        }
    }

    public static boolean validateSignature(Context context, String str, String str2) {
        if (context == null || StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
            return false;
        }
        LOGGER.info(MessageFormat.format("Checking signature for package {0} with signing cert {1}.", str, str2));
        try {
            PackageInfo packageInfo = context.getPackageManager().getPackageInfo(str, 64);
            if (packageInfo == null || packageInfo.signatures == null || packageInfo.signatures.length == 0) {
                LOGGER.info("Package has no signatures.");
                return false;
            }
            ArrayList arrayList = new ArrayList();
            X509Certificate x509Certificate = null;
            boolean z = false;
            for (int i = 0; i < packageInfo.signatures.length; i++) {
                try {
                    arrayList.add((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(packageInfo.signatures[i].toByteArray())));
                    if (((X509Certificate) arrayList.get(i)).getSubjectDN().equals(((X509Certificate) arrayList.get(i)).getIssuerDN())) {
                        if (x509Certificate != null) {
                            LOGGER.info("Multiple self signed certs found.");
                            return false;
                        }
                        x509Certificate = (X509Certificate) arrayList.get(i);
                    }
                    try {
                        MessageDigest messageDigest = MessageDigest.getInstance("SHA");
                        messageDigest.update(packageInfo.signatures[i].toByteArray());
                        z |= str2.equals(Base64.encodeToString(messageDigest.digest(), 2));
                    } catch (NoSuchAlgorithmException e) {
                        LOGGER.log(Level.WARNING, "SHA not found.", (Throwable) e);
                    }
                } catch (CertificateException e2) {
                    LOGGER.log(Level.WARNING, "Unable to get X509Certificate.", (Throwable) e2);
                    return false;
                }
            }
            if (!z) {
                LOGGER.info("Signing cert not found: " + str2);
                return false;
            }
            if (packageInfo.signatures.length == 1) {
                return true;
            }
            if (x509Certificate == null) {
                LOGGER.info("No self signed cert found.");
                return false;
            }
            try {
                PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(x509Certificate, null)));
                pKIXParameters.setRevocationEnabled(false);
                CertPathValidator.getInstance("PKIX").validate(CertificateFactory.getInstance("X.509").generateCertPath(arrayList), pKIXParameters);
                return true;
            } catch (Exception e3) {
                LOGGER.log(Level.INFO, "Failed to validate certificate chain.", (Throwable) e3);
                return false;
            }
        } catch (PackageManager.NameNotFoundException e4) {
            LOGGER.info("Package not found.");
            return false;
        }
    }
}
