package com.bmwgroup.connected.core.services.security;

import android.content.pm.Signature;
import android.util.Log;
import com.bmwgroup.connected.internal.util.LogTag;
import com.bmwgroup.connected.internal.util.Logger;
import java.io.ByteArrayInputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Set;
import java.util.StringTokenizer;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class CertificateParser {
    private static final String A4A_APP_CN_PREFIX = "a4a_app_";
    private static final String MAKE = "make";
    private static final String OIDv2 = "1.3.6.1.4.1.513.59.4.2";
    private static final String SAS_CERTIFICATE_TYPE = "SAS.CertificateType";
    private static final String SAS_CERTIFICATE_TYPE_APP = "APP";
    private static final String TAG = "CertificateParser";
    private static final Logger sLogger = Logger.getLogger(LogTag.SAS);

    public static Certificate createCertificate(Signature signature, String str, String str2) throws CertificateException {
        return new Certificate(signature);
    }

    private static String getCommonName(X500Principal x500Principal) {
        StringTokenizer stringTokenizer = new StringTokenizer(x500Principal.getName(), ",");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            nextToken.trim();
            StringTokenizer stringTokenizer2 = new StringTokenizer(nextToken, "=");
            String nextToken2 = stringTokenizer2.nextToken();
            String nextToken3 = stringTokenizer2.nextToken();
            if (nextToken2.equalsIgnoreCase("CN")) {
                return nextToken3;
            }
        }
        return "";
    }

    private static boolean isFeatureCertificate(X509Certificate x509Certificate, String str, String str2) {
        boolean z = false;
        boolean z2 = false;
        sLogger.d("checking if Cert is feature certificate for %s", str);
        String lowerCase = getCommonName((X500Principal) x509Certificate.getSubjectDN()).toLowerCase();
        if (!lowerCase.contains(A4A_APP_CN_PREFIX.toLowerCase() + str.toLowerCase())) {
            sLogger.d("subject does not contain application name%s", str);
            if (!lowerCase.contains(A4A_APP_CN_PREFIX.toLowerCase())) {
                sLogger.d("subject does not contain %s", A4A_APP_CN_PREFIX.toLowerCase());
                return false;
            }
        }
        Set<String> nonCriticalExtensionOIDs = x509Certificate.getNonCriticalExtensionOIDs();
        if (nonCriticalExtensionOIDs != null) {
            for (String str3 : nonCriticalExtensionOIDs) {
                if (str3.equals(OIDv2)) {
                    StringTokenizer stringTokenizer = new StringTokenizer(new String(x509Certificate.getExtensionValue(str3)).substring(4), "&");
                    while (stringTokenizer.hasMoreTokens()) {
                        StringTokenizer stringTokenizer2 = new StringTokenizer(stringTokenizer.nextToken(), "=");
                        String nextToken = stringTokenizer2.nextToken();
                        String nextToken2 = stringTokenizer2.nextToken();
                        if (nextToken.equals(MAKE) && nextToken2.equalsIgnoreCase(str2)) {
                            Log.v(TAG, "make " + str2 + " found");
                            z = true;
                        }
                        if (nextToken.equals(SAS_CERTIFICATE_TYPE) && nextToken2.equals(SAS_CERTIFICATE_TYPE_APP)) {
                            Log.v(TAG, "SAS.CertificateType APP found");
                            z2 = true;
                        }
                    }
                }
            }
        }
        if (!z || !z2) {
            return false;
        }
        Log.v(TAG, "Feature App Certificate found");
        return true;
    }

    private static boolean isRootCertificate(X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e) {
            return false;
        }
    }

    private static X509Certificate toX509Certificate(Signature signature) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(signature.toByteArray()));
    }
}
