package com.prism.gaia.helper.utils.apk;

import android.os.Build;
import android.support.v4.view.InputDeviceCompat;
import android.util.Pair;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;

/* loaded from: classes2.dex */
public class ApkSignatureSchemeV3VerifierG {
    public static final int a = 3;
    private static final int b = -262969152;
    private static final int c = 1000370060;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class PlatformNotSupportedException extends Exception {
        PlatformNotSupportedException(String str) {
            super(str);
        }
    }

    /* loaded from: classes2.dex */
    public static class a {
        public final List<X509Certificate> a;
        public final List<Integer> b;

        public a(List<X509Certificate> list, List<Integer> list2) {
            this.a = list;
            this.b = list2;
        }
    }

    /* loaded from: classes2.dex */
    public static class b {
        public final X509Certificate[] a;
        public final a b;
        public byte[] c;

        public b(X509Certificate[] x509CertificateArr, a aVar) {
            this.a = x509CertificateArr;
            this.b = aVar;
        }
    }

    private static a a(ByteBuffer byteBuffer, CertificateFactory certificateFactory) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        int i = 0;
        try {
            byteBuffer.getInt();
            HashSet hashSet = new HashSet();
            int i2 = -1;
            VerbatimX509CertificateG verbatimX509CertificateG = null;
            while (byteBuffer.hasRemaining()) {
                i++;
                ByteBuffer a2 = com.prism.gaia.helper.utils.apk.b.a(byteBuffer);
                ByteBuffer a3 = com.prism.gaia.helper.utils.apk.b.a(a2);
                int i3 = a2.getInt();
                int i4 = a2.getInt();
                byte[] b2 = com.prism.gaia.helper.utils.apk.b.b(a2);
                if (verbatimX509CertificateG != null) {
                    Pair<String, ? extends AlgorithmParameterSpec> d = com.prism.gaia.helper.utils.apk.b.d(i2);
                    PublicKey publicKey = verbatimX509CertificateG.getPublicKey();
                    Signature signature = Signature.getInstance((String) d.first);
                    signature.initVerify(publicKey);
                    if (d.second != null) {
                        signature.setParameter((AlgorithmParameterSpec) d.second);
                    }
                    signature.update(a3);
                    if (!signature.verify(b2)) {
                        throw new SecurityException("Unable to verify signature of certificate #" + i + " using " + ((String) d.first) + " when verifying Proof-of-rotation record");
                    }
                }
                a3.rewind();
                byte[] b3 = com.prism.gaia.helper.utils.apk.b.b(a3);
                int i5 = a3.getInt();
                if (verbatimX509CertificateG != null && i2 != i5) {
                    throw new SecurityException("Signing algorithm ID mismatch for certificate #" + i + " when verifying Proof-of-rotation record");
                }
                verbatimX509CertificateG = new VerbatimX509CertificateG((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(b3)), b3);
                if (hashSet.contains(verbatimX509CertificateG)) {
                    throw new SecurityException("Encountered duplicate entries in Proof-of-rotation record at certificate #" + i + ".  All signing certificates should be unique");
                }
                hashSet.add(verbatimX509CertificateG);
                arrayList.add(verbatimX509CertificateG);
                arrayList2.add(Integer.valueOf(i3));
                i2 = i4;
            }
            return new a(arrayList, arrayList2);
        } catch (IOException | BufferUnderflowException e) {
            throw new IOException("Failed to parse Proof-of-rotation record", e);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e2) {
            throw new SecurityException("Failed to verify signature over signed data for certificate #0 when verifying Proof-of-rotation record", e2);
        } catch (CertificateException e3) {
            throw new SecurityException("Failed to decode certificate #0 when verifying Proof-of-rotation record", e3);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static b a(RandomAccessFile randomAccessFile, g gVar, boolean z) {
        com.prism.gaia.helper.b.a aVar = new com.prism.gaia.helper.b.a();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                ByteBuffer a2 = com.prism.gaia.helper.utils.apk.b.a(gVar.a);
                int i = 0;
                b bVar = null;
                while (a2.hasRemaining()) {
                    try {
                        i++;
                        bVar = a(com.prism.gaia.helper.utils.apk.b.a(a2), aVar, certificateFactory);
                    } catch (PlatformNotSupportedException unused) {
                    } catch (IOException | SecurityException | BufferUnderflowException e) {
                        throw new SecurityException("Failed to parse/verify signer #" + i + " block", e);
                    }
                }
                if (i < 1 || bVar == null) {
                    throw new SignatureNotFoundExceptionG("No signers found");
                }
                if (i != 1) {
                    throw new SecurityException("APK Signature Scheme V3 only supports one signer: multiple signers found.");
                }
                if (aVar.isEmpty()) {
                    throw new SecurityException("No content digests found");
                }
                if (z) {
                    com.prism.gaia.helper.utils.apk.b.a(aVar, randomAccessFile, gVar);
                }
                if (aVar.containsKey(3)) {
                    bVar.c = com.prism.gaia.helper.utils.apk.b.a((byte[]) aVar.get(3), randomAccessFile.length(), gVar);
                }
                return bVar;
            } catch (IOException e2) {
                throw new SecurityException("Failed to read list of signers", e2);
            }
        } catch (CertificateException e3) {
            throw new RuntimeException("Failed to obtain X.509 CertificateFactory", e3);
        }
    }

    private static b a(RandomAccessFile randomAccessFile, boolean z) {
        return a(randomAccessFile, a(randomAccessFile), z);
    }

    private static b a(String str, boolean z) {
        RandomAccessFile randomAccessFile = null;
        try {
            RandomAccessFile randomAccessFile2 = new RandomAccessFile(str, "r");
            try {
                b a2 = a(randomAccessFile2, z);
                randomAccessFile2.close();
                return a2;
            } catch (Throwable th) {
                th = th;
                randomAccessFile = randomAccessFile2;
                if (randomAccessFile != null) {
                    randomAccessFile.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private static b a(ByteBuffer byteBuffer, List<X509Certificate> list, CertificateFactory certificateFactory) {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) list.toArray(new X509Certificate[list.size()]);
        a aVar = null;
        while (byteBuffer.hasRemaining()) {
            ByteBuffer a2 = com.prism.gaia.helper.utils.apk.b.a(byteBuffer);
            if (a2.remaining() < 4) {
                throw new IOException("Remaining buffer too short to contain additional attribute ID. Remaining: " + a2.remaining());
            }
            if (a2.getInt() == c) {
                if (aVar != null) {
                    throw new SecurityException("Encountered multiple Proof-of-rotation records when verifying APK Signature Scheme v3 signature");
                }
                aVar = a(a2, certificateFactory);
                try {
                    if (aVar.a.size() > 0 && !Arrays.equals(aVar.a.get(aVar.a.size() - 1).getEncoded(), x509CertificateArr[0].getEncoded())) {
                        throw new SecurityException("Terminal certificate in Proof-of-rotation record does not match APK signing certificate");
                    }
                } catch (CertificateEncodingException e) {
                    throw new SecurityException("Failed to encode certificate when comparing Proof-of-rotation record and signing certificate", e);
                }
            }
        }
        return new b(x509CertificateArr, aVar);
    }

    private static b a(ByteBuffer byteBuffer, Map<Integer, byte[]> map, CertificateFactory certificateFactory) {
        ByteBuffer a2 = com.prism.gaia.helper.utils.apk.b.a(byteBuffer);
        int i = byteBuffer.getInt();
        int i2 = byteBuffer.getInt();
        if (Build.VERSION.SDK_INT < i || Build.VERSION.SDK_INT > i2) {
            throw new PlatformNotSupportedException("Signer not supported by this platform version. This platform: " + Build.VERSION.SDK_INT + ", signer minSdkVersion: " + i + ", maxSdkVersion: " + i2);
        }
        ByteBuffer a3 = com.prism.gaia.helper.utils.apk.b.a(byteBuffer);
        byte[] b2 = com.prism.gaia.helper.utils.apk.b.b(byteBuffer);
        ArrayList arrayList = new ArrayList();
        byte[] bArr = null;
        int i3 = 0;
        int i4 = -1;
        while (a3.hasRemaining()) {
            i3++;
            try {
                ByteBuffer a4 = com.prism.gaia.helper.utils.apk.b.a(a3);
                if (a4.remaining() < 8) {
                    throw new SecurityException("Signature record too short");
                }
                int i5 = a4.getInt();
                arrayList.add(Integer.valueOf(i5));
                if (a(i5) && (i4 == -1 || com.prism.gaia.helper.utils.apk.b.a(i5, i4) > 0)) {
                    bArr = com.prism.gaia.helper.utils.apk.b.b(a4);
                    i4 = i5;
                }
            } catch (IOException | BufferUnderflowException e) {
                throw new SecurityException("Failed to parse signature record #" + i3, e);
            }
        }
        if (i4 == -1) {
            if (i3 == 0) {
                throw new SecurityException("No signatures found");
            }
            throw new SecurityException("No supported signatures found");
        }
        String c2 = com.prism.gaia.helper.utils.apk.b.c(i4);
        Pair<String, ? extends AlgorithmParameterSpec> d = com.prism.gaia.helper.utils.apk.b.d(i4);
        String str = (String) d.first;
        AlgorithmParameterSpec algorithmParameterSpec = (AlgorithmParameterSpec) d.second;
        try {
            PublicKey generatePublic = KeyFactory.getInstance(c2).generatePublic(new X509EncodedKeySpec(b2));
            Signature signature = Signature.getInstance(str);
            signature.initVerify(generatePublic);
            if (algorithmParameterSpec != null) {
                signature.setParameter(algorithmParameterSpec);
            }
            signature.update(a2);
            if (!signature.verify(bArr)) {
                throw new SecurityException(str + " signature did not verify");
            }
            a2.clear();
            ByteBuffer a5 = com.prism.gaia.helper.utils.apk.b.a(a2);
            ArrayList arrayList2 = new ArrayList();
            byte[] bArr2 = null;
            int i6 = 0;
            while (a5.hasRemaining()) {
                i6++;
                try {
                    ByteBuffer a6 = com.prism.gaia.helper.utils.apk.b.a(a5);
                    if (a6.remaining() < 8) {
                        throw new IOException("Record too short");
                    }
                    int i7 = a6.getInt();
                    arrayList2.add(Integer.valueOf(i7));
                    if (i7 == i4) {
                        bArr2 = com.prism.gaia.helper.utils.apk.b.b(a6);
                    }
                } catch (IOException | BufferUnderflowException e2) {
                    throw new IOException("Failed to parse digest record #" + i6, e2);
                }
            }
            if (!arrayList.equals(arrayList2)) {
                throw new SecurityException("Signature algorithms don't match between digests and signatures records");
            }
            int a7 = com.prism.gaia.helper.utils.apk.b.a(i4);
            byte[] put = map.put(Integer.valueOf(a7), bArr2);
            if (put != null && !MessageDigest.isEqual(put, bArr2)) {
                throw new SecurityException(com.prism.gaia.helper.utils.apk.b.b(a7) + " contents digest does not match the digest specified by a preceding signer");
            }
            ByteBuffer a8 = com.prism.gaia.helper.utils.apk.b.a(a2);
            ArrayList arrayList3 = new ArrayList();
            int i8 = 0;
            while (a8.hasRemaining()) {
                i8++;
                byte[] b3 = com.prism.gaia.helper.utils.apk.b.b(a8);
                try {
                    arrayList3.add(new VerbatimX509CertificateG((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(b3)), b3));
                } catch (CertificateException e3) {
                    throw new SecurityException("Failed to decode certificate #" + i8, e3);
                }
            }
            if (arrayList3.isEmpty()) {
                throw new SecurityException("No certificates listed");
            }
            if (!Arrays.equals(b2, ((X509Certificate) arrayList3.get(0)).getPublicKey().getEncoded())) {
                throw new SecurityException("Public key mismatch between certificate and signature record");
            }
            if (a2.getInt() != i) {
                throw new SecurityException("minSdkVersion mismatch between signed and unsigned in v3 signer block.");
            }
            if (a2.getInt() == i2) {
                return a(com.prism.gaia.helper.utils.apk.b.a(a2), arrayList3, certificateFactory);
            }
            throw new SecurityException("maxSdkVersion mismatch between signed and unsigned in v3 signer block.");
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | InvalidKeySpecException e4) {
            throw new SecurityException("Failed to verify " + str + " signature", e4);
        }
    }

    private static g a(RandomAccessFile randomAccessFile) {
        return com.prism.gaia.helper.utils.apk.b.a(randomAccessFile, b);
    }

    private static boolean a(int i) {
        if (i == 769 || i == 1057 || i == 1059 || i == 1061) {
            return true;
        }
        switch (i) {
            case 257:
            case 258:
            case 259:
            case 260:
                return true;
            default:
                switch (i) {
                    case InputDeviceCompat.SOURCE_DPAD /* 513 */:
                    case 514:
                        return true;
                    default:
                        return false;
                }
        }
    }

    public static boolean a(String str) {
        RandomAccessFile randomAccessFile = null;
        try {
            RandomAccessFile randomAccessFile2 = new RandomAccessFile(str, "r");
            try {
                a(randomAccessFile2);
                randomAccessFile2.close();
                return true;
            } catch (SignatureNotFoundExceptionG unused) {
                randomAccessFile = randomAccessFile2;
                if (randomAccessFile != null) {
                    randomAccessFile.close();
                }
                return false;
            } catch (Throwable th) {
                th = th;
                randomAccessFile = randomAccessFile2;
                if (randomAccessFile != null) {
                    randomAccessFile.close();
                }
                throw th;
            }
        } catch (SignatureNotFoundExceptionG unused2) {
        } catch (Throwable th2) {
            th = th2;
        }
    }

    public static b b(String str) {
        return a(str, true);
    }

    public static b c(String str) {
        return a(str, false);
    }
}
