package cn.org.bjca.sign.check;

import cn.org.bjca.sign.CodeSignInfo;
import cn.org.bjca.sign.IResource;
import cn.org.bjca.sign.config.APKResult;
import cn.org.bjca.sign.config.CAContainer;
import cn.org.bjca.sign.config.SignInfo;
import cn.org.bjca.sign.task.CertChainDownThread;
import cn.org.bjca.utils.CertificateUtil;
import org.bjca.asn1.x509.X509CertificateStructure;
import org.bjca.util.P7bUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class CertChainVerify implements IVerify {
    private static final Logger logger = LoggerFactory.getLogger(CertChainVerify.class);

    @Override // cn.org.bjca.sign.check.IVerify
    public boolean apkVerify(APKResult aPKResult, IResource iResource) {
        boolean z;
        aPKResult.setCheckSchedule(ICheck.CERTCHAIN);
        CertificateUtil certificateUtil = new CertificateUtil(CodeSignInfo.CODESIGN);
        for (SignInfo signInfo : aPKResult.getInfoList()) {
            String issueDN = signInfo.getIssueDN();
            CAContainer obtainCAContainerByDN = iResource.obtainCAContainerByDN(issueDN);
            if (obtainCAContainerByDN == null) {
                if (!CertChainDownThread.status() && iResource.obtainMode().equals(IVerify.REMOTE)) {
                    new CertChainDownThread(iResource).start();
                }
                aPKResult.setStatus(false);
                aPKResult.setErrorCode(CodeSignInfo.ErrorInfo.SIGN_CA_CONTAINER_NOFOUND);
                logger.error("SIGN_CA_CONTAINER_NOFOUND:" + issueDN);
                return false;
            }
            try {
                byte[] p7b = obtainCAContainerByDN.getP7b();
                if (p7b == null) {
                    if (!CertChainDownThread.status() && iResource.obtainMode().equals(IVerify.REMOTE)) {
                        new CertChainDownThread(iResource).start();
                    }
                    aPKResult.setStatus(false);
                    aPKResult.setErrorCode(CodeSignInfo.ErrorInfo.SIGN_CHAIN_NOFOUND);
                    return false;
                }
                X509CertificateStructure[] certChain = P7bUtil.getCertChain(p7b);
                int length = certChain.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        z = false;
                        break;
                    }
                    if (certificateUtil.validateCertSignature(certChain[i], signInfo.otainUserCert(), 0)) {
                        z = true;
                        break;
                    }
                    i++;
                }
                if (!z) {
                    aPKResult.setStatus(false);
                    aPKResult.setErrorCode(CodeSignInfo.ErrorInfo.SIGN_CERTCHAIN_VERIFY_FAIL);
                    return false;
                }
            } catch (Exception e) {
                aPKResult.setStatus(false);
                aPKResult.setErrorCode(CodeSignInfo.ErrorInfo.SIGN_CERTCHAIN_EXCEPTION);
                logger.error("CodeSignInfo.ErrorInfo.SIGN_CERTCHAIN_EXCEPTION:" + e.getMessage());
                return false;
            }
        }
        return true;
    }
}
