package com.prism.gaia.helper.utils.apk;

import android.os.Build;
import android.support.v4.media.l;
import android.util.Pair;
import androidx.datastore.preferences.protobuf.C1128w;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;

/* loaded from: classes3.dex */
public class ApkSignatureSchemeV3VerifierG {

    /* renamed from: a, reason: collision with root package name */
    public static final int f44627a = 3;

    /* renamed from: b, reason: collision with root package name */
    private static final int f44628b = -262969152;

    /* renamed from: c, reason: collision with root package name */
    private static final int f44629c = 1000370060;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class PlatformNotSupportedException extends Exception {
        PlatformNotSupportedException(String str) {
            super(str);
        }
    }

    /* loaded from: classes3.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        public final List<X509Certificate> f44630a;

        /* renamed from: b, reason: collision with root package name */
        public final List<Integer> f44631b;

        public a(List<X509Certificate> list, List<Integer> list2) {
            this.f44630a = list;
            this.f44631b = list2;
        }
    }

    /* loaded from: classes3.dex */
    public static class b {

        /* renamed from: a, reason: collision with root package name */
        public final X509Certificate[] f44632a;

        /* renamed from: b, reason: collision with root package name */
        public final a f44633b;

        /* renamed from: c, reason: collision with root package name */
        public byte[] f44634c;

        public b(X509Certificate[] x509CertificateArr, a aVar) {
            this.f44632a = x509CertificateArr;
            this.f44633b = aVar;
        }
    }

    private static g a(RandomAccessFile randomAccessFile) throws IOException, SignatureNotFoundExceptionG {
        return com.prism.gaia.helper.utils.apk.b.f(randomAccessFile, f44628b);
    }

    public static boolean b(String str) throws IOException {
        RandomAccessFile randomAccessFile = null;
        try {
            RandomAccessFile randomAccessFile2 = new RandomAccessFile(str, "r");
            try {
                a(randomAccessFile2);
                randomAccessFile2.close();
                return true;
            } catch (SignatureNotFoundExceptionG unused) {
                randomAccessFile = randomAccessFile2;
                if (randomAccessFile == null) {
                    return false;
                }
                randomAccessFile.close();
                return false;
            } catch (Throwable th) {
                th = th;
                randomAccessFile = randomAccessFile2;
                if (randomAccessFile != null) {
                    randomAccessFile.close();
                }
                throw th;
            }
        } catch (SignatureNotFoundExceptionG unused2) {
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private static boolean c(int i4) {
        if (i4 == 513 || i4 == 514 || i4 == 769 || i4 == 1057 || i4 == 1059 || i4 == 1061) {
            return true;
        }
        switch (i4) {
            case 257:
            case 258:
            case 259:
            case 260:
                return true;
            default:
                return false;
        }
    }

    public static b d(String str) throws SignatureNotFoundExceptionG, SecurityException, IOException {
        return h(str, false);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static b e(RandomAccessFile randomAccessFile, g gVar, boolean z3) throws SecurityException, IOException, SignatureNotFoundExceptionG {
        com.prism.gaia.helper.collection.a aVar = new com.prism.gaia.helper.collection.a();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                ByteBuffer m4 = com.prism.gaia.helper.utils.apk.b.m(gVar.f44662a);
                int i4 = 0;
                b bVar = null;
                while (m4.hasRemaining()) {
                    try {
                        bVar = k(com.prism.gaia.helper.utils.apk.b.m(m4), aVar, certificateFactory);
                        i4++;
                    } catch (PlatformNotSupportedException unused) {
                    } catch (IOException e4) {
                        e = e4;
                        throw new SecurityException(androidx.constraintlayout.core.f.a("Failed to parse/verify signer #", i4, " block"), e);
                    } catch (SecurityException e5) {
                        e = e5;
                        throw new SecurityException(androidx.constraintlayout.core.f.a("Failed to parse/verify signer #", i4, " block"), e);
                    } catch (BufferUnderflowException e6) {
                        e = e6;
                        throw new SecurityException(androidx.constraintlayout.core.f.a("Failed to parse/verify signer #", i4, " block"), e);
                    }
                }
                if (i4 < 1 || bVar == null) {
                    throw new SignatureNotFoundExceptionG("No signers found");
                }
                if (i4 != 1) {
                    throw new SecurityException("APK Signature Scheme V3 only supports one signer: multiple signers found.");
                }
                if (aVar.isEmpty()) {
                    throw new SecurityException("No content digests found");
                }
                if (aVar.containsKey(3)) {
                    bVar.f44634c = com.prism.gaia.helper.utils.apk.b.q((byte[]) aVar.get(3), randomAccessFile.length(), gVar);
                }
                return bVar;
            } catch (IOException e7) {
                throw new SecurityException("Failed to read list of signers", e7);
            }
        } catch (CertificateException e8) {
            throw new RuntimeException("Failed to obtain X.509 CertificateFactory", e8);
        }
    }

    private static b f(RandomAccessFile randomAccessFile, boolean z3) throws SignatureNotFoundExceptionG, SecurityException, IOException {
        return e(randomAccessFile, a(randomAccessFile), z3);
    }

    public static b g(String str) throws SignatureNotFoundExceptionG, SecurityException, IOException {
        return h(str, true);
    }

    private static b h(String str, boolean z3) throws SignatureNotFoundExceptionG, SecurityException, IOException {
        RandomAccessFile randomAccessFile = null;
        try {
            RandomAccessFile randomAccessFile2 = new RandomAccessFile(str, "r");
            try {
                b f4 = f(randomAccessFile2, z3);
                randomAccessFile2.close();
                return f4;
            } catch (Throwable th) {
                th = th;
                randomAccessFile = randomAccessFile2;
                if (randomAccessFile != null) {
                    randomAccessFile.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private static b i(ByteBuffer byteBuffer, List<X509Certificate> list, CertificateFactory certificateFactory) throws IOException {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) list.toArray(new X509Certificate[list.size()]);
        a aVar = null;
        while (byteBuffer.hasRemaining()) {
            ByteBuffer m4 = com.prism.gaia.helper.utils.apk.b.m(byteBuffer);
            if (m4.remaining() < 4) {
                throw new IOException("Remaining buffer too short to contain additional attribute ID. Remaining: " + m4.remaining());
            }
            if (m4.getInt() == f44629c) {
                if (aVar != null) {
                    throw new SecurityException("Encountered multiple Proof-of-rotation records when verifying APK Signature Scheme v3 signature");
                }
                aVar = j(m4, certificateFactory);
                try {
                    if (aVar.f44630a.size() > 0) {
                        if (!Arrays.equals(aVar.f44630a.get(r1.size() - 1).getEncoded(), x509CertificateArr[0].getEncoded())) {
                            throw new SecurityException("Terminal certificate in Proof-of-rotation record does not match APK signing certificate");
                        }
                    } else {
                        continue;
                    }
                } catch (CertificateEncodingException e4) {
                    throw new SecurityException("Failed to encode certificate when comparing Proof-of-rotation record and signing certificate", e4);
                }
            }
        }
        return new b(x509CertificateArr, aVar);
    }

    private static a j(ByteBuffer byteBuffer, CertificateFactory certificateFactory) throws SecurityException, IOException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        int i4 = 0;
        try {
            byteBuffer.getInt();
            HashSet hashSet = new HashSet();
            int i5 = -1;
            VerbatimX509CertificateG verbatimX509CertificateG = null;
            while (byteBuffer.hasRemaining()) {
                i4++;
                ByteBuffer m4 = com.prism.gaia.helper.utils.apk.b.m(byteBuffer);
                ByteBuffer m5 = com.prism.gaia.helper.utils.apk.b.m(m4);
                int i6 = m4.getInt();
                int i7 = m4.getInt();
                byte[] r4 = com.prism.gaia.helper.utils.apk.b.r(m4);
                if (verbatimX509CertificateG != null) {
                    Pair<String, ? extends AlgorithmParameterSpec> p4 = com.prism.gaia.helper.utils.apk.b.p(i5);
                    PublicKey publicKey = verbatimX509CertificateG.getPublicKey();
                    Signature signature = Signature.getInstance((String) p4.first);
                    signature.initVerify(publicKey);
                    Object obj = p4.second;
                    if (obj != null) {
                        signature.setParameter((AlgorithmParameterSpec) obj);
                    }
                    signature.update(m5);
                    if (!signature.verify(r4)) {
                        throw new SecurityException("Unable to verify signature of certificate #" + i4 + " using " + ((String) p4.first) + " when verifying Proof-of-rotation record");
                    }
                }
                m5.rewind();
                byte[] r5 = com.prism.gaia.helper.utils.apk.b.r(m5);
                int i8 = m5.getInt();
                if (verbatimX509CertificateG != null && i5 != i8) {
                    throw new SecurityException("Signing algorithm ID mismatch for certificate #" + i4 + " when verifying Proof-of-rotation record");
                }
                verbatimX509CertificateG = new VerbatimX509CertificateG((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(r5)), r5);
                if (hashSet.contains(verbatimX509CertificateG)) {
                    throw new SecurityException("Encountered duplicate entries in Proof-of-rotation record at certificate #" + i4 + ".  All signing certificates should be unique");
                }
                hashSet.add(verbatimX509CertificateG);
                arrayList.add(verbatimX509CertificateG);
                arrayList2.add(Integer.valueOf(i6));
                i5 = i7;
            }
            return new a(arrayList, arrayList2);
        } catch (IOException e4) {
            e = e4;
            throw new IOException("Failed to parse Proof-of-rotation record", e);
        } catch (BufferUnderflowException e5) {
            e = e5;
            throw new IOException("Failed to parse Proof-of-rotation record", e);
        } catch (InvalidAlgorithmParameterException e6) {
            e = e6;
            throw new SecurityException(androidx.constraintlayout.core.f.a("Failed to verify signature over signed data for certificate #", 0, " when verifying Proof-of-rotation record"), e);
        } catch (InvalidKeyException e7) {
            e = e7;
            throw new SecurityException(androidx.constraintlayout.core.f.a("Failed to verify signature over signed data for certificate #", 0, " when verifying Proof-of-rotation record"), e);
        } catch (NoSuchAlgorithmException e8) {
            e = e8;
            throw new SecurityException(androidx.constraintlayout.core.f.a("Failed to verify signature over signed data for certificate #", 0, " when verifying Proof-of-rotation record"), e);
        } catch (SignatureException e9) {
            e = e9;
            throw new SecurityException(androidx.constraintlayout.core.f.a("Failed to verify signature over signed data for certificate #", 0, " when verifying Proof-of-rotation record"), e);
        } catch (CertificateException e10) {
            throw new SecurityException(androidx.constraintlayout.core.f.a("Failed to decode certificate #", 0, " when verifying Proof-of-rotation record"), e10);
        }
    }

    private static b k(ByteBuffer byteBuffer, Map<Integer, byte[]> map, CertificateFactory certificateFactory) throws SecurityException, IOException, PlatformNotSupportedException {
        ByteBuffer m4 = com.prism.gaia.helper.utils.apk.b.m(byteBuffer);
        int i4 = byteBuffer.getInt();
        int i5 = byteBuffer.getInt();
        int i6 = Build.VERSION.SDK_INT;
        if (i6 < i4 || i6 > i5) {
            StringBuilder a4 = C1128w.a("Signer not supported by this platform version. This platform: ", i6, ", signer minSdkVersion: ", i4, ", maxSdkVersion: ");
            a4.append(i5);
            throw new PlatformNotSupportedException(a4.toString());
        }
        ByteBuffer m5 = com.prism.gaia.helper.utils.apk.b.m(byteBuffer);
        byte[] r4 = com.prism.gaia.helper.utils.apk.b.r(byteBuffer);
        ArrayList arrayList = new ArrayList();
        byte[] bArr = null;
        int i7 = -1;
        int i8 = 0;
        byte[] bArr2 = null;
        while (m5.hasRemaining()) {
            i8++;
            try {
                ByteBuffer m6 = com.prism.gaia.helper.utils.apk.b.m(m5);
                if (m6.remaining() < 8) {
                    throw new SecurityException("Signature record too short");
                }
                int i9 = m6.getInt();
                arrayList.add(Integer.valueOf(i9));
                if (c(i9) && (i7 == -1 || com.prism.gaia.helper.utils.apk.b.c(i9, i7) > 0)) {
                    bArr2 = com.prism.gaia.helper.utils.apk.b.r(m6);
                    i7 = i9;
                }
            } catch (IOException | BufferUnderflowException e4) {
                throw new SecurityException(android.support.v4.media.c.a("Failed to parse signature record #", i8), e4);
            }
        }
        if (i7 == -1) {
            if (i8 == 0) {
                throw new SecurityException("No signatures found");
            }
            throw new SecurityException("No supported signatures found");
        }
        String o4 = com.prism.gaia.helper.utils.apk.b.o(i7);
        Pair<String, ? extends AlgorithmParameterSpec> p4 = com.prism.gaia.helper.utils.apk.b.p(i7);
        String str = (String) p4.first;
        AlgorithmParameterSpec algorithmParameterSpec = (AlgorithmParameterSpec) p4.second;
        try {
            PublicKey generatePublic = KeyFactory.getInstance(o4).generatePublic(new X509EncodedKeySpec(r4));
            Signature signature = Signature.getInstance(str);
            signature.initVerify(generatePublic);
            if (algorithmParameterSpec != null) {
                signature.setParameter(algorithmParameterSpec);
            }
            signature.update(m4);
            if (!signature.verify(bArr2)) {
                throw new SecurityException(androidx.concurrent.futures.a.a(str, " signature did not verify"));
            }
            m4.clear();
            ByteBuffer m7 = com.prism.gaia.helper.utils.apk.b.m(m4);
            ArrayList arrayList2 = new ArrayList();
            int i10 = 0;
            while (m7.hasRemaining()) {
                i10++;
                try {
                    ByteBuffer m8 = com.prism.gaia.helper.utils.apk.b.m(m7);
                    if (m8.remaining() < 8) {
                        throw new IOException("Record too short");
                    }
                    int i11 = m8.getInt();
                    arrayList2.add(Integer.valueOf(i11));
                    if (i11 == i7) {
                        bArr = com.prism.gaia.helper.utils.apk.b.r(m8);
                    }
                } catch (IOException | BufferUnderflowException e5) {
                    throw new IOException(android.support.v4.media.c.a("Failed to parse digest record #", i10), e5);
                }
            }
            if (!arrayList.equals(arrayList2)) {
                throw new SecurityException("Signature algorithms don't match between digests and signatures records");
            }
            int n4 = com.prism.gaia.helper.utils.apk.b.n(i7);
            byte[] put = map.put(Integer.valueOf(n4), bArr);
            if (put != null && !MessageDigest.isEqual(put, bArr)) {
                throw new SecurityException(android.support.v4.media.d.a(new StringBuilder(), com.prism.gaia.helper.utils.apk.b.j(n4), " contents digest does not match the digest specified by a preceding signer"));
            }
            ByteBuffer m9 = com.prism.gaia.helper.utils.apk.b.m(m4);
            ArrayList arrayList3 = new ArrayList();
            int i12 = 0;
            while (m9.hasRemaining()) {
                i12++;
                byte[] r5 = com.prism.gaia.helper.utils.apk.b.r(m9);
                try {
                    arrayList3.add(new VerbatimX509CertificateG((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(r5)), r5));
                } catch (CertificateException e6) {
                    throw new SecurityException(android.support.v4.media.c.a("Failed to decode certificate #", i12), e6);
                }
            }
            if (arrayList3.isEmpty()) {
                throw new SecurityException("No certificates listed");
            }
            if (!Arrays.equals(r4, ((X509Certificate) arrayList3.get(0)).getPublicKey().getEncoded())) {
                throw new SecurityException("Public key mismatch between certificate and signature record");
            }
            if (m4.getInt() != i4) {
                throw new SecurityException("minSdkVersion mismatch between signed and unsigned in v3 signer block.");
            }
            if (m4.getInt() == i5) {
                return i(com.prism.gaia.helper.utils.apk.b.m(m4), arrayList3, certificateFactory);
            }
            throw new SecurityException("maxSdkVersion mismatch between signed and unsigned in v3 signer block.");
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | InvalidKeySpecException e7) {
            throw new SecurityException(l.a("Failed to verify ", str, " signature"), e7);
        }
    }
}
