package com.safran.lkms.client;

import com.safran.lkms.client.LicenseEntry;
import com.safran.lkms.shared.ActivationSession;
import com.safran.lkms.shared.Expiry;
import com.safran.lkms.shared.dto.ErrorCode;
import com.safran.lkms.shared.exception.LkmsException;
import java.io.ByteArrayInputStream;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import kotlin.UByte;

/* loaded from: classes2.dex */
public class LicenseValidator {
    private PublicKey legacyVerificationKey;
    private Map<String, LicenseEntry> licenseEntries;
    private X509Certificate rootVerificationCertificate;
    private Signature verificationSignature;

    public LicenseValidator(X509Certificate x509Certificate) throws GeneralSecurityException {
        this(x509Certificate, null);
    }

    public LicenseValidator(X509Certificate x509Certificate, PublicKey publicKey) throws GeneralSecurityException {
        this.rootVerificationCertificate = x509Certificate;
        this.legacyVerificationKey = publicKey;
        this.verificationSignature = Signature.getInstance("SHA256withRSA");
        this.licenseEntries = new HashMap();
    }

    private boolean isEntryValid(LicenseEntry licenseEntry, byte[] bArr, byte[] bArr2) throws GeneralSecurityException, LkmsException {
        PublicKey publicKey;
        boolean verify;
        if (licenseEntry.getKind() == LicenseEntry.EntryKind.SigningCertificate) {
            return true;
        }
        Expiry expiry = licenseEntry.getExpiry();
        if (expiry != null && expiry.isExpired()) {
            return false;
        }
        try {
            byte[] bytes = licenseEntry.getFeature().getBytes("UTF-8");
            LicenseEntry licenseEntry2 = this.licenseEntries.get("X509");
            if (licenseEntry2 == null) {
                publicKey = this.legacyVerificationKey;
            } else {
                X509Certificate certificate = licenseEntry2.getCertificate();
                certificate.verify(this.rootVerificationCertificate.getPublicKey());
                publicKey = certificate.getPublicKey();
            }
            synchronized (this.verificationSignature) {
                this.verificationSignature.initVerify(publicKey);
                this.verificationSignature.update((byte) bytes.length);
                this.verificationSignature.update(bytes);
                this.verificationSignature.update((byte) bArr.length);
                this.verificationSignature.update(bArr);
                this.verificationSignature.update((byte) bArr2.length);
                this.verificationSignature.update(bArr2);
                if (expiry != null) {
                    byte[] encoded = expiry.getEncoded();
                    this.verificationSignature.update((byte) encoded.length);
                    this.verificationSignature.update(encoded);
                } else {
                    this.verificationSignature.update((byte) 0);
                }
                verify = this.verificationSignature.verify(licenseEntry.getSignature());
            }
            return verify;
        } catch (UnsupportedEncodingException unused) {
            throw new LkmsException(ErrorCode.INVALID_DATA_FORMAT, "License feature format is invalid");
        }
    }

    public boolean isFeatureValid(String str, byte[] bArr, byte[] bArr2) throws LkmsException, GeneralSecurityException {
        LicenseEntry licenseEntry = this.licenseEntries.get(str);
        if (licenseEntry == null) {
            return false;
        }
        return isEntryValid(licenseEntry, bArr, bArr2);
    }

    public void parseLicense(byte[] bArr) throws LkmsException {
        int i = 0;
        while (i < bArr.length) {
            int i2 = i + 1;
            int i3 = i2 + 1;
            int i4 = ((bArr[i] & UByte.MAX_VALUE) << 8) | (bArr[i2] & UByte.MAX_VALUE);
            int i5 = i4 + i3;
            if (i5 > bArr.length) {
                throw new LkmsException(ErrorCode.INVALID_DATA_FORMAT);
            }
            LicenseEntry deserialize = LicenseEntry.deserialize(bArr, i3, i4);
            this.licenseEntries.put(deserialize.getFeature(), deserialize);
            i = i5;
        }
    }

    public void validateActivationResponse(ActivationSession activationSession, byte[] bArr) throws GeneralSecurityException, LkmsException {
        PublicKey publicKey;
        if (bArr.length == 288) {
            publicKey = this.legacyVerificationKey;
        } else {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(Arrays.copyOfRange(bArr, 288, bArr.length)));
            x509Certificate.verify(this.rootVerificationCertificate.getPublicKey());
            x509Certificate.checkValidity(new Date());
            publicKey = x509Certificate.getPublicKey();
        }
        synchronized (this.verificationSignature) {
            this.verificationSignature.initVerify(publicKey);
            byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, 288);
            byte[] bArr2 = new byte[64];
            activationSession.getCh1Ch2(bArr2, 0);
            this.verificationSignature.update(bArr2, 0, 32);
            this.verificationSignature.update(copyOfRange, 0, 32);
            this.verificationSignature.update(activationSession.profileId);
            if (!this.verificationSignature.verify(copyOfRange, 32, 256)) {
                throw new LkmsException(ErrorCode.INVALID_LICENSE_STATUS, "Signature verification failed");
            }
        }
    }

    public void validateAllFeatures(byte[] bArr, byte[] bArr2) throws GeneralSecurityException, LkmsException {
        Iterator<Map.Entry<String, LicenseEntry>> it = this.licenseEntries.entrySet().iterator();
        while (it.hasNext()) {
            if (!isEntryValid(it.next().getValue(), bArr, bArr2)) {
                throw new LkmsException(ErrorCode.INVALID_LICENSE_STATUS, "License is invalid");
            }
        }
    }
}
