package com.bytedance.mira.g;

import android.util.ArrayMap;
import android.util.Pair;
import com.ss.ttm.player.ac;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;

/* compiled from: ApkSignatureSchemeV3Verifier.java */
/* loaded from: classes5.dex */
public class c {
    private static final int hOA = 1000370060;
    public static final int hOv = 3;
    private static final int hOz = -262969152;

    /* compiled from: ApkSignatureSchemeV3Verifier.java */
    /* loaded from: classes5.dex */
    private static class a extends Exception {
        a(String str) {
            super(str);
        }
    }

    /* compiled from: ApkSignatureSchemeV3Verifier.java */
    /* loaded from: classes5.dex */
    public static class b {
        public final List<X509Certificate> hOB;
        public final List<Integer> hOC;

        public b(List<X509Certificate> list, List<Integer> list2) {
            this.hOB = list;
            this.hOC = list2;
        }
    }

    /* compiled from: ApkSignatureSchemeV3Verifier.java */
    /* renamed from: com.bytedance.mira.g.c$c, reason: collision with other inner class name */
    /* loaded from: classes5.dex */
    public static class C0392c {
        public final X509Certificate[] hOD;
        public final b hOE;
        public byte[] hOy;

        public C0392c(X509Certificate[] x509CertificateArr, b bVar) {
            this.hOD = x509CertificateArr;
            this.hOE = bVar;
        }
    }

    private static b a(ByteBuffer byteBuffer, CertificateFactory certificateFactory) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        int i = 0;
        try {
            byteBuffer.getInt();
            HashSet hashSet = new HashSet();
            int i2 = -1;
            r rVar = null;
            while (byteBuffer.hasRemaining()) {
                i++;
                ByteBuffer t = f.t(byteBuffer);
                ByteBuffer t2 = f.t(t);
                int i3 = t.getInt();
                int i4 = t.getInt();
                byte[] u = f.u(t);
                if (rVar != null) {
                    Pair<String, ? extends AlgorithmParameterSpec> Ac = f.Ac(i2);
                    PublicKey publicKey = rVar.getPublicKey();
                    Signature signature = Signature.getInstance((String) Ac.first);
                    signature.initVerify(publicKey);
                    if (Ac.second != null) {
                        signature.setParameter((AlgorithmParameterSpec) Ac.second);
                    }
                    signature.update(t2);
                    if (!signature.verify(u)) {
                        throw new SecurityException("Unable to verify signature of certificate #" + i + " using " + ((String) Ac.first) + " when verifying Proof-of-rotation record");
                    }
                }
                t2.rewind();
                byte[] u2 = f.u(t2);
                int i5 = t2.getInt();
                if (rVar != null && i2 != i5) {
                    throw new SecurityException("Signing algorithm ID mismatch for certificate #" + i + " when verifying Proof-of-rotation record");
                }
                rVar = new r((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(u2)), u2);
                if (hashSet.contains(rVar)) {
                    throw new SecurityException("Encountered duplicate entries in Proof-of-rotation record at certificate #" + i + ".  All signing certificates should be unique");
                }
                hashSet.add(rVar);
                arrayList.add(rVar);
                arrayList2.add(Integer.valueOf(i3));
                i2 = i4;
            }
            return new b(arrayList, arrayList2);
        } catch (IOException e) {
            e = e;
            throw new IOException("Failed to parse Proof-of-rotation record", e);
        } catch (BufferUnderflowException e2) {
            e = e2;
            throw new IOException("Failed to parse Proof-of-rotation record", e);
        } catch (InvalidAlgorithmParameterException e3) {
            e = e3;
            throw new SecurityException("Failed to verify signature over signed data for certificate #0 when verifying Proof-of-rotation record", e);
        } catch (InvalidKeyException e4) {
            e = e4;
            throw new SecurityException("Failed to verify signature over signed data for certificate #0 when verifying Proof-of-rotation record", e);
        } catch (NoSuchAlgorithmException e5) {
            e = e5;
            throw new SecurityException("Failed to verify signature over signed data for certificate #0 when verifying Proof-of-rotation record", e);
        } catch (SignatureException e6) {
            e = e6;
            throw new SecurityException("Failed to verify signature over signed data for certificate #0 when verifying Proof-of-rotation record", e);
        } catch (CertificateException e7) {
            throw new SecurityException("Failed to decode certificate #0 when verifying Proof-of-rotation record", e7);
        }
    }

    private static C0392c a(ByteBuffer byteBuffer, List<X509Certificate> list, CertificateFactory certificateFactory) {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) list.toArray(new X509Certificate[list.size()]);
        b bVar = null;
        while (byteBuffer.hasRemaining()) {
            ByteBuffer t = f.t(byteBuffer);
            if (t.remaining() < 4) {
                throw new IOException("Remaining buffer too short to contain additional attribute ID. Remaining: " + t.remaining());
            }
            if (t.getInt() == hOA) {
                if (bVar != null) {
                    throw new SecurityException("Encountered multiple Proof-of-rotation records when verifying APK Signature Scheme v3 signature");
                }
                bVar = a(t, certificateFactory);
                try {
                    if (bVar.hOB.size() > 0 && !Arrays.equals(bVar.hOB.get(bVar.hOB.size() - 1).getEncoded(), x509CertificateArr[0].getEncoded())) {
                        throw new SecurityException("Terminal certificate in Proof-of-rotation record does not match APK signing certificate");
                    }
                } catch (CertificateEncodingException e) {
                    throw new SecurityException("Failed to encode certificate when comparing Proof-of-rotation record and signing certificate", e);
                }
            }
        }
        return new C0392c(x509CertificateArr, bVar);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] a(String str, k kVar) {
        RandomAccessFile randomAccessFile = new RandomAccessFile(str, com.ss.android.socialbase.downloader.f.b.mXd);
        try {
            byte[] a2 = f.a(str, kVar, c(randomAccessFile));
            randomAccessFile.close();
            return a2;
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                try {
                    randomAccessFile.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
                throw th2;
            }
        }
    }

    private static C0392c aa(String str, boolean z) {
        RandomAccessFile randomAccessFile = new RandomAccessFile(str, com.ss.android.socialbase.downloader.f.b.mXd);
        try {
            C0392c b2 = b(randomAccessFile, z);
            randomAccessFile.close();
            return b2;
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                try {
                    randomAccessFile.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
                throw th2;
            }
        }
    }

    private static C0392c b(RandomAccessFile randomAccessFile, o oVar, boolean z) {
        ArrayMap arrayMap = new ArrayMap();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                ByteBuffer t = f.t(oVar.hPr);
                int i = 0;
                C0392c c0392c = null;
                while (t.hasRemaining()) {
                    try {
                        c0392c = b(f.t(t), arrayMap, certificateFactory);
                        i++;
                    } catch (a unused) {
                    } catch (IOException e) {
                        e = e;
                        throw new SecurityException("Failed to parse/verify signer #" + i + " block", e);
                    } catch (SecurityException e2) {
                        e = e2;
                        throw new SecurityException("Failed to parse/verify signer #" + i + " block", e);
                    } catch (BufferUnderflowException e3) {
                        e = e3;
                        throw new SecurityException("Failed to parse/verify signer #" + i + " block", e);
                    }
                }
                if (i < 1 || c0392c == null) {
                    throw new SecurityException("No signers found");
                }
                if (i != 1) {
                    throw new SecurityException("APK Signature Scheme V3 only supports one signer: multiple signers found.");
                }
                if (arrayMap.isEmpty()) {
                    throw new SecurityException("No content digests found");
                }
                if (z) {
                    f.a(arrayMap, randomAccessFile, oVar);
                }
                if (arrayMap.containsKey(3)) {
                    c0392c.hOy = f.a((byte[]) arrayMap.get(3), randomAccessFile.length(), oVar);
                }
                return c0392c;
            } catch (IOException e4) {
                throw new SecurityException("Failed to read list of signers", e4);
            }
        } catch (CertificateException e5) {
            throw new RuntimeException("Failed to obtain X.509 CertificateFactory", e5);
        }
    }

    private static C0392c b(RandomAccessFile randomAccessFile, boolean z) {
        return b(randomAccessFile, c(randomAccessFile), z);
    }

    private static C0392c b(ByteBuffer byteBuffer, Map<Integer, byte[]> map, CertificateFactory certificateFactory) {
        ByteBuffer t = f.t(byteBuffer);
        int i = byteBuffer.getInt();
        int i2 = byteBuffer.getInt();
        ByteBuffer t2 = f.t(byteBuffer);
        byte[] u = f.u(byteBuffer);
        ArrayList arrayList = new ArrayList();
        byte[] bArr = null;
        byte[] bArr2 = null;
        int i3 = -1;
        int i4 = 0;
        while (t2.hasRemaining()) {
            i4++;
            try {
                ByteBuffer t3 = f.t(t2);
                if (t3.remaining() < 8) {
                    throw new SecurityException("Signature record too short");
                }
                int i5 = t3.getInt();
                arrayList.add(Integer.valueOf(i5));
                if (zX(i5) && (i3 == -1 || f.ed(i5, i3) > 0)) {
                    bArr2 = f.u(t3);
                    i3 = i5;
                }
            } catch (IOException | BufferUnderflowException e) {
                throw new SecurityException("Failed to parse signature record #" + i4, e);
            }
        }
        if (i3 == -1) {
            if (i4 == 0) {
                throw new SecurityException("No signatures found");
            }
            throw new SecurityException("No supported signatures found");
        }
        String Ab = f.Ab(i3);
        Pair<String, ? extends AlgorithmParameterSpec> Ac = f.Ac(i3);
        String str = (String) Ac.first;
        AlgorithmParameterSpec algorithmParameterSpec = (AlgorithmParameterSpec) Ac.second;
        try {
            PublicKey generatePublic = KeyFactory.getInstance(Ab).generatePublic(new X509EncodedKeySpec(u));
            Signature signature = Signature.getInstance(str);
            signature.initVerify(generatePublic);
            if (algorithmParameterSpec != null) {
                signature.setParameter(algorithmParameterSpec);
            }
            signature.update(t);
            if (!signature.verify(bArr2)) {
                throw new SecurityException(str + " signature did not verify");
            }
            t.clear();
            ByteBuffer t4 = f.t(t);
            ArrayList arrayList2 = new ArrayList();
            int i6 = 0;
            while (t4.hasRemaining()) {
                i6++;
                try {
                    ByteBuffer t5 = f.t(t4);
                    if (t5.remaining() < 8) {
                        throw new IOException("Record too short");
                    }
                    int i7 = t5.getInt();
                    arrayList2.add(Integer.valueOf(i7));
                    if (i7 == i3) {
                        bArr = f.u(t5);
                    }
                } catch (IOException | BufferUnderflowException e2) {
                    throw new IOException("Failed to parse digest record #" + i6, e2);
                }
            }
            if (!arrayList.equals(arrayList2)) {
                throw new SecurityException("Signature algorithms don't match between digests and signatures records");
            }
            int zY = f.zY(i3);
            byte[] put = map.put(Integer.valueOf(zY), bArr);
            if (put != null && !MessageDigest.isEqual(put, bArr)) {
                throw new SecurityException(f.zZ(zY) + " contents digest does not match the digest specified by a preceding signer");
            }
            ByteBuffer t6 = f.t(t);
            ArrayList arrayList3 = new ArrayList();
            int i8 = 0;
            while (t6.hasRemaining()) {
                i8++;
                byte[] u2 = f.u(t6);
                try {
                    arrayList3.add(new r((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(u2)), u2));
                } catch (CertificateException e3) {
                    throw new SecurityException("Failed to decode certificate #" + i8, e3);
                }
            }
            if (arrayList3.isEmpty()) {
                throw new SecurityException("No certificates listed");
            }
            if (!Arrays.equals(u, ((X509Certificate) arrayList3.get(0)).getPublicKey().getEncoded())) {
                throw new SecurityException("Public key mismatch between certificate and signature record");
            }
            if (t.getInt() != i) {
                throw new SecurityException("minSdkVersion mismatch between signed and unsigned in v3 signer block.");
            }
            if (t.getInt() == i2) {
                return a(f.t(t), arrayList3, certificateFactory);
            }
            throw new SecurityException("maxSdkVersion mismatch between signed and unsigned in v3 signer block.");
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | InvalidKeySpecException e4) {
            throw new SecurityException("Failed to verify " + str + " signature", e4);
        }
    }

    private static o c(RandomAccessFile randomAccessFile) {
        return f.a(randomAccessFile, hOz);
    }

    public static boolean yq(String str) {
        try {
            RandomAccessFile randomAccessFile = new RandomAccessFile(str, com.ss.android.socialbase.downloader.f.b.mXd);
            try {
                c(randomAccessFile);
                randomAccessFile.close();
                return true;
            } finally {
            }
        } catch (p unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] yt(String str) {
        RandomAccessFile randomAccessFile = new RandomAccessFile(str, com.ss.android.socialbase.downloader.f.b.mXd);
        try {
            c(randomAccessFile);
            byte[] bArr = b(randomAccessFile, false).hOy;
            randomAccessFile.close();
            return bArr;
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                try {
                    randomAccessFile.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
                throw th2;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] yu(String str) {
        RandomAccessFile randomAccessFile = new RandomAccessFile(str, com.ss.android.socialbase.downloader.f.b.mXd);
        try {
            o c2 = c(randomAccessFile);
            C0392c b2 = b(randomAccessFile, false);
            if (b2.hOy == null) {
                randomAccessFile.close();
                return null;
            }
            byte[] a2 = h.a(randomAccessFile, ByteBuffer.wrap(b2.hOy), c2);
            randomAccessFile.close();
            return a2;
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                try {
                    randomAccessFile.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
                throw th2;
            }
        }
    }

    public static C0392c yv(String str) {
        return aa(str, true);
    }

    public static C0392c yw(String str) {
        return aa(str, false);
    }

    private static boolean zX(int i) {
        if (i == 513 || i == 514 || i == 769 || i == 1057 || i == 1059 || i == 1061) {
            return true;
        }
        switch (i) {
            case 257:
            case ac.onE /* 258 */:
            case ac.onF /* 259 */:
            case ac.onG /* 260 */:
                return true;
            default:
                return false;
        }
    }
}
