package com.prism.gaia.helper.utils.apk;

import android.os.Build;
import android.util.Pair;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;

/* loaded from: classes3.dex */
public class ApkSignatureSchemeV3VerifierG {

    /* renamed from: a, reason: collision with root package name */
    public static final int f11843a = 3;

    /* renamed from: b, reason: collision with root package name */
    private static final int f11844b = -262969152;

    /* renamed from: c, reason: collision with root package name */
    private static final int f11845c = 1000370060;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class PlatformNotSupportedException extends Exception {
        PlatformNotSupportedException(String str) {
            super(str);
        }
    }

    /* loaded from: classes3.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        public final List<X509Certificate> f11846a;

        /* renamed from: b, reason: collision with root package name */
        public final List<Integer> f11847b;

        public a(List<X509Certificate> list, List<Integer> list2) {
            this.f11846a = list;
            this.f11847b = list2;
        }
    }

    /* loaded from: classes3.dex */
    public static class b {

        /* renamed from: a, reason: collision with root package name */
        public final X509Certificate[] f11848a;

        /* renamed from: b, reason: collision with root package name */
        public final a f11849b;

        /* renamed from: c, reason: collision with root package name */
        public byte[] f11850c;

        public b(X509Certificate[] x509CertificateArr, a aVar) {
            this.f11848a = x509CertificateArr;
            this.f11849b = aVar;
        }
    }

    private static g a(RandomAccessFile randomAccessFile) throws IOException, SignatureNotFoundExceptionG {
        return com.prism.gaia.helper.utils.apk.b.f(randomAccessFile, f11844b);
    }

    public static boolean b(String str) throws IOException {
        RandomAccessFile randomAccessFile = null;
        try {
            RandomAccessFile randomAccessFile2 = new RandomAccessFile(str, "r");
            try {
                a(randomAccessFile2);
                randomAccessFile2.close();
                return true;
            } catch (SignatureNotFoundExceptionG unused) {
                randomAccessFile = randomAccessFile2;
                if (randomAccessFile != null) {
                    randomAccessFile.close();
                }
                return false;
            } catch (Throwable th) {
                th = th;
                randomAccessFile = randomAccessFile2;
                if (randomAccessFile != null) {
                    randomAccessFile.close();
                }
                throw th;
            }
        } catch (SignatureNotFoundExceptionG unused2) {
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private static boolean c(int i) {
        if (i == 513 || i == 514 || i == 769 || i == 1057 || i == 1059 || i == 1061) {
            return true;
        }
        switch (i) {
            case 257:
            case 258:
            case 259:
            case 260:
                return true;
            default:
                return false;
        }
    }

    public static b d(String str) throws SignatureNotFoundExceptionG, SecurityException, IOException {
        return h(str, false);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static b e(RandomAccessFile randomAccessFile, g gVar, boolean z) throws SecurityException, IOException, SignatureNotFoundExceptionG {
        com.prism.gaia.helper.g.a aVar = new com.prism.gaia.helper.g.a();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                ByteBuffer m = com.prism.gaia.helper.utils.apk.b.m(gVar.f11863a);
                int i = 0;
                b bVar = null;
                while (m.hasRemaining()) {
                    try {
                        bVar = k(com.prism.gaia.helper.utils.apk.b.m(m), aVar, certificateFactory);
                        i++;
                    } catch (PlatformNotSupportedException unused) {
                    } catch (IOException e) {
                        e = e;
                        throw new SecurityException(b.b.a.a.a.i("Failed to parse/verify signer #", i, " block"), e);
                    } catch (SecurityException e2) {
                        e = e2;
                        throw new SecurityException(b.b.a.a.a.i("Failed to parse/verify signer #", i, " block"), e);
                    } catch (BufferUnderflowException e3) {
                        e = e3;
                        throw new SecurityException(b.b.a.a.a.i("Failed to parse/verify signer #", i, " block"), e);
                    }
                }
                if (i < 1 || bVar == null) {
                    throw new SignatureNotFoundExceptionG("No signers found");
                }
                if (i != 1) {
                    throw new SecurityException("APK Signature Scheme V3 only supports one signer: multiple signers found.");
                }
                if (aVar.isEmpty()) {
                    throw new SecurityException("No content digests found");
                }
                if (z) {
                    com.prism.gaia.helper.utils.apk.b.u(aVar, randomAccessFile, gVar);
                }
                if (aVar.containsKey(3)) {
                    bVar.f11850c = com.prism.gaia.helper.utils.apk.b.q((byte[]) aVar.get(3), randomAccessFile.length(), gVar);
                }
                return bVar;
            } catch (IOException e4) {
                throw new SecurityException("Failed to read list of signers", e4);
            }
        } catch (CertificateException e5) {
            throw new RuntimeException("Failed to obtain X.509 CertificateFactory", e5);
        }
    }

    private static b f(RandomAccessFile randomAccessFile, boolean z) throws SignatureNotFoundExceptionG, SecurityException, IOException {
        return e(randomAccessFile, a(randomAccessFile), z);
    }

    public static b g(String str) throws SignatureNotFoundExceptionG, SecurityException, IOException {
        return h(str, true);
    }

    private static b h(String str, boolean z) throws SignatureNotFoundExceptionG, SecurityException, IOException {
        RandomAccessFile randomAccessFile = null;
        try {
            RandomAccessFile randomAccessFile2 = new RandomAccessFile(str, "r");
            try {
                b f = f(randomAccessFile2, z);
                randomAccessFile2.close();
                return f;
            } catch (Throwable th) {
                th = th;
                randomAccessFile = randomAccessFile2;
                if (randomAccessFile != null) {
                    randomAccessFile.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private static b i(ByteBuffer byteBuffer, List<X509Certificate> list, CertificateFactory certificateFactory) throws IOException {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) list.toArray(new X509Certificate[list.size()]);
        a aVar = null;
        while (byteBuffer.hasRemaining()) {
            ByteBuffer m = com.prism.gaia.helper.utils.apk.b.m(byteBuffer);
            if (m.remaining() < 4) {
                StringBuilder C = b.b.a.a.a.C("Remaining buffer too short to contain additional attribute ID. Remaining: ");
                C.append(m.remaining());
                throw new IOException(C.toString());
            }
            if (m.getInt() == f11845c) {
                if (aVar != null) {
                    throw new SecurityException("Encountered multiple Proof-of-rotation records when verifying APK Signature Scheme v3 signature");
                }
                aVar = j(m, certificateFactory);
                try {
                    if (aVar.f11846a.size() > 0 && !Arrays.equals(aVar.f11846a.get(aVar.f11846a.size() - 1).getEncoded(), x509CertificateArr[0].getEncoded())) {
                        throw new SecurityException("Terminal certificate in Proof-of-rotation record does not match APK signing certificate");
                    }
                } catch (CertificateEncodingException e) {
                    throw new SecurityException("Failed to encode certificate when comparing Proof-of-rotation record and signing certificate", e);
                }
            }
        }
        return new b(x509CertificateArr, aVar);
    }

    private static a j(ByteBuffer byteBuffer, CertificateFactory certificateFactory) throws SecurityException, IOException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        int i = 0;
        try {
            byteBuffer.getInt();
            HashSet hashSet = new HashSet();
            int i2 = -1;
            VerbatimX509CertificateG verbatimX509CertificateG = null;
            while (byteBuffer.hasRemaining()) {
                i++;
                ByteBuffer m = com.prism.gaia.helper.utils.apk.b.m(byteBuffer);
                ByteBuffer m2 = com.prism.gaia.helper.utils.apk.b.m(m);
                int i3 = m.getInt();
                int i4 = m.getInt();
                byte[] r = com.prism.gaia.helper.utils.apk.b.r(m);
                if (verbatimX509CertificateG != null) {
                    Pair<String, ? extends AlgorithmParameterSpec> p = com.prism.gaia.helper.utils.apk.b.p(i2);
                    PublicKey publicKey = verbatimX509CertificateG.getPublicKey();
                    Signature signature = Signature.getInstance((String) p.first);
                    signature.initVerify(publicKey);
                    if (p.second != null) {
                        signature.setParameter((AlgorithmParameterSpec) p.second);
                    }
                    signature.update(m2);
                    if (!signature.verify(r)) {
                        throw new SecurityException("Unable to verify signature of certificate #" + i + " using " + ((String) p.first) + " when verifying Proof-of-rotation record");
                    }
                }
                m2.rewind();
                byte[] r2 = com.prism.gaia.helper.utils.apk.b.r(m2);
                int i5 = m2.getInt();
                if (verbatimX509CertificateG != null && i2 != i5) {
                    throw new SecurityException("Signing algorithm ID mismatch for certificate #" + i + " when verifying Proof-of-rotation record");
                }
                verbatimX509CertificateG = new VerbatimX509CertificateG((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(r2)), r2);
                if (hashSet.contains(verbatimX509CertificateG)) {
                    throw new SecurityException("Encountered duplicate entries in Proof-of-rotation record at certificate #" + i + ".  All signing certificates should be unique");
                }
                hashSet.add(verbatimX509CertificateG);
                arrayList.add(verbatimX509CertificateG);
                arrayList2.add(Integer.valueOf(i3));
                i2 = i4;
            }
            return new a(arrayList, arrayList2);
        } catch (IOException e) {
            e = e;
            throw new IOException("Failed to parse Proof-of-rotation record", e);
        } catch (BufferUnderflowException e2) {
            e = e2;
            throw new IOException("Failed to parse Proof-of-rotation record", e);
        } catch (InvalidAlgorithmParameterException e3) {
            e = e3;
            throw new SecurityException(b.b.a.a.a.i("Failed to verify signature over signed data for certificate #", 0, " when verifying Proof-of-rotation record"), e);
        } catch (InvalidKeyException e4) {
            e = e4;
            throw new SecurityException(b.b.a.a.a.i("Failed to verify signature over signed data for certificate #", 0, " when verifying Proof-of-rotation record"), e);
        } catch (NoSuchAlgorithmException e5) {
            e = e5;
            throw new SecurityException(b.b.a.a.a.i("Failed to verify signature over signed data for certificate #", 0, " when verifying Proof-of-rotation record"), e);
        } catch (SignatureException e6) {
            e = e6;
            throw new SecurityException(b.b.a.a.a.i("Failed to verify signature over signed data for certificate #", 0, " when verifying Proof-of-rotation record"), e);
        } catch (CertificateException e7) {
            throw new SecurityException(b.b.a.a.a.i("Failed to decode certificate #", 0, " when verifying Proof-of-rotation record"), e7);
        }
    }

    private static b k(ByteBuffer byteBuffer, Map<Integer, byte[]> map, CertificateFactory certificateFactory) throws SecurityException, IOException, PlatformNotSupportedException {
        ByteBuffer m = com.prism.gaia.helper.utils.apk.b.m(byteBuffer);
        int i = byteBuffer.getInt();
        int i2 = byteBuffer.getInt();
        int i3 = Build.VERSION.SDK_INT;
        if (i3 < i || i3 > i2) {
            StringBuilder C = b.b.a.a.a.C("Signer not supported by this platform version. This platform: ");
            b.b.a.a.a.d0(C, Build.VERSION.SDK_INT, ", signer minSdkVersion: ", i, ", maxSdkVersion: ");
            C.append(i2);
            throw new PlatformNotSupportedException(C.toString());
        }
        ByteBuffer m2 = com.prism.gaia.helper.utils.apk.b.m(byteBuffer);
        byte[] r = com.prism.gaia.helper.utils.apk.b.r(byteBuffer);
        ArrayList arrayList = new ArrayList();
        byte[] bArr = null;
        int i4 = -1;
        int i5 = 0;
        byte[] bArr2 = null;
        while (m2.hasRemaining()) {
            i5++;
            try {
                ByteBuffer m3 = com.prism.gaia.helper.utils.apk.b.m(m2);
                if (m3.remaining() < 8) {
                    throw new SecurityException("Signature record too short");
                }
                int i6 = m3.getInt();
                arrayList.add(Integer.valueOf(i6));
                if (c(i6) && (i4 == -1 || com.prism.gaia.helper.utils.apk.b.c(i6, i4) > 0)) {
                    bArr2 = com.prism.gaia.helper.utils.apk.b.r(m3);
                    i4 = i6;
                }
            } catch (IOException | BufferUnderflowException e) {
                throw new SecurityException(b.b.a.a.a.h("Failed to parse signature record #", i5), e);
            }
        }
        if (i4 == -1) {
            if (i5 == 0) {
                throw new SecurityException("No signatures found");
            }
            throw new SecurityException("No supported signatures found");
        }
        String o = com.prism.gaia.helper.utils.apk.b.o(i4);
        Pair<String, ? extends AlgorithmParameterSpec> p = com.prism.gaia.helper.utils.apk.b.p(i4);
        String str = (String) p.first;
        AlgorithmParameterSpec algorithmParameterSpec = (AlgorithmParameterSpec) p.second;
        try {
            PublicKey generatePublic = KeyFactory.getInstance(o).generatePublic(new X509EncodedKeySpec(r));
            Signature signature = Signature.getInstance(str);
            signature.initVerify(generatePublic);
            if (algorithmParameterSpec != null) {
                signature.setParameter(algorithmParameterSpec);
            }
            signature.update(m);
            if (!signature.verify(bArr2)) {
                throw new SecurityException(b.b.a.a.a.r(str, " signature did not verify"));
            }
            m.clear();
            ByteBuffer m4 = com.prism.gaia.helper.utils.apk.b.m(m);
            ArrayList arrayList2 = new ArrayList();
            int i7 = 0;
            while (m4.hasRemaining()) {
                i7++;
                try {
                    ByteBuffer m5 = com.prism.gaia.helper.utils.apk.b.m(m4);
                    if (m5.remaining() < 8) {
                        throw new IOException("Record too short");
                    }
                    int i8 = m5.getInt();
                    arrayList2.add(Integer.valueOf(i8));
                    if (i8 == i4) {
                        bArr = com.prism.gaia.helper.utils.apk.b.r(m5);
                    }
                } catch (IOException | BufferUnderflowException e2) {
                    throw new IOException(b.b.a.a.a.h("Failed to parse digest record #", i7), e2);
                }
            }
            if (!arrayList.equals(arrayList2)) {
                throw new SecurityException("Signature algorithms don't match between digests and signatures records");
            }
            int n = com.prism.gaia.helper.utils.apk.b.n(i4);
            byte[] put = map.put(Integer.valueOf(n), bArr);
            if (put != null && !MessageDigest.isEqual(put, bArr)) {
                throw new SecurityException(b.b.a.a.a.y(new StringBuilder(), com.prism.gaia.helper.utils.apk.b.j(n), " contents digest does not match the digest specified by a preceding signer"));
            }
            ByteBuffer m6 = com.prism.gaia.helper.utils.apk.b.m(m);
            ArrayList arrayList3 = new ArrayList();
            int i9 = 0;
            while (m6.hasRemaining()) {
                i9++;
                byte[] r2 = com.prism.gaia.helper.utils.apk.b.r(m6);
                try {
                    arrayList3.add(new VerbatimX509CertificateG((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(r2)), r2));
                } catch (CertificateException e3) {
                    throw new SecurityException(b.b.a.a.a.h("Failed to decode certificate #", i9), e3);
                }
            }
            if (arrayList3.isEmpty()) {
                throw new SecurityException("No certificates listed");
            }
            if (!Arrays.equals(r, ((X509Certificate) arrayList3.get(0)).getPublicKey().getEncoded())) {
                throw new SecurityException("Public key mismatch between certificate and signature record");
            }
            if (m.getInt() != i) {
                throw new SecurityException("minSdkVersion mismatch between signed and unsigned in v3 signer block.");
            }
            if (m.getInt() == i2) {
                return i(com.prism.gaia.helper.utils.apk.b.m(m), arrayList3, certificateFactory);
            }
            throw new SecurityException("maxSdkVersion mismatch between signed and unsigned in v3 signer block.");
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | InvalidKeySpecException e4) {
            throw new SecurityException(b.b.a.a.a.s("Failed to verify ", str, " signature"), e4);
        }
    }
}
