package com.amazon.sdk.internal.bootstrapper.security;

import android.content.Context;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.util.Log;
import com.amazon.sdk.internal.bootstrapper.AmazonPlatformConstants;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.Set;
import javax.security.cert.CertificateException;
import javax.security.cert.CertificateExpiredException;
import javax.security.cert.CertificateNotYetValidException;
import javax.security.cert.X509Certificate;

/* loaded from: classes.dex */
public class PackageVerifier {
    private static final String LOGGER_TAG = "PackageVerifier";
    private final Context m_context;
    private final PackageManager m_packageManager;
    private final AmazonPublicKeyManager m_publicKeyManager;

    PackageVerifier(Context context, AmazonPublicKeyManager amazonPublicKeyManager) {
        this.m_context = context;
        this.m_packageManager = context.getPackageManager();
        this.m_publicKeyManager = amazonPublicKeyManager;
    }

    private X509Certificate createCert(byte[] bArr) {
        try {
            return X509Certificate.getInstance(bArr);
        } catch (CertificateException e) {
            Log.w(LOGGER_TAG, "Unable to process certificate", e);
            return null;
        }
    }

    public static PackageVerifier newInstance(Context context) {
        return new PackageVerifier(context, AmazonPublicKeyManager.newInstance());
    }

    boolean isCertTrusted(X509Certificate x509Certificate, Set<PublicKey> set) {
        try {
            x509Certificate.checkValidity();
            PublicKey publicKey = x509Certificate.getPublicKey();
            for (PublicKey publicKey2 : set) {
                if (Arrays.equals(publicKey2.getEncoded(), publicKey.getEncoded())) {
                    try {
                        x509Certificate.verify(publicKey2, "BC");
                        Log.d(LOGGER_TAG, "trusted certificate found.");
                        return true;
                    } catch (Exception unused) {
                    }
                }
            }
            Log.d(LOGGER_TAG, "no trusted certificates found for this cert: " + x509Certificate.toString());
            return false;
        } catch (CertificateExpiredException unused2) {
            Log.d(LOGGER_TAG, "expired certificate found: " + x509Certificate.toString());
            return false;
        } catch (CertificateNotYetValidException unused3) {
            Log.d(LOGGER_TAG, "certificate not yet valid: " + x509Certificate.toString());
            return false;
        }
    }

    public boolean verifyPackageIsTrusted(String str) {
        if (AmazonPlatformConstants.DELIVERY_APK_PACKAGE_NAME.equals(this.m_context.getPackageName()) && this.m_context.getPackageName().equals(str)) {
            return true;
        }
        try {
            Set<PublicKey> trustedKeys = this.m_publicKeyManager.getTrustedKeys();
            for (Signature signature : this.m_packageManager.getPackageInfo(str, 64).signatures) {
                if (signature != null && isCertTrusted(createCert(signature.toByteArray()), trustedKeys)) {
                    return true;
                }
            }
        } catch (PackageManager.NameNotFoundException e) {
            Log.w(LOGGER_TAG, "package not found: " + str, e);
        } catch (AmazonSupportSecurityException e2) {
            Log.e(LOGGER_TAG, "Unable to instantiate a trusted amazon public key", e2);
        }
        return false;
    }
}
