package com.alipay.mobile.quinox.security;

import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.text.TextUtils;
import android.util.Log;
import com.alibaba.mobileim.channel.itf.PackData;
import com.alipay.mobile.quinox.utils.LogUtil;
import com.alipay.mobile.quinox.utils.TraceLogger;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public final class a {

    /* renamed from: a, reason: collision with root package name */
    private static final X500Principal f357a = new X500Principal("CN=dev,OU=Alipay,O=Alipay,L=HangZhou,ST=ZheJiang,C=CN");
    private PublicKey b;
    private boolean c;

    private static String a(File file) {
        String str;
        Exception e;
        FileInputStream fileInputStream;
        try {
            int length = (int) file.length();
            fileInputStream = new FileInputStream(file);
            byte[] bArr = new byte[Math.min(length, 8192)];
            fileInputStream.skip(length - bArr.length);
            int read = fileInputStream.read(bArr);
            str = read > 0 ? a(bArr, read) : null;
        } catch (Exception e2) {
            str = null;
            e = e2;
        }
        try {
            fileInputStream.close();
        } catch (Exception e3) {
            e = e3;
            Log.e("CertVerifier", file.getAbsolutePath(), e);
            return str;
        }
        return str;
    }

    private static String a(byte[] bArr, int i) {
        byte[] bArr2 = {PackData.FT_VECTOR, 75, 5, 6};
        int min = Math.min(bArr.length, i);
        for (int i2 = (min - 4) - 22; i2 >= 0; i2--) {
            boolean z = true;
            int i3 = 0;
            while (true) {
                if (i3 >= 4) {
                    break;
                }
                if (bArr[i2 + i3] != bArr2[i3]) {
                    z = false;
                    break;
                }
                i3++;
            }
            if (z) {
                int i4 = (bArr[i2 + 21] * 256) + bArr[i2 + 20];
                int i5 = (min - i2) - 22;
                LogUtil.i("CertVerifier", "ZIP comment found at buffer position " + (i2 + 22) + " with len=" + i4 + ", good!");
                if (i4 != i5) {
                    LogUtil.i("CertVerifier", "WARNING! ZIP comment size mismatch: directory says len is " + i4 + ", but file ends after " + i5 + " bytes!");
                }
                return new String(bArr, i2 + 22, Math.min(i4, i5));
            }
        }
        LogUtil.d("CertVerifier", "ERROR! ZIP comment NOT found!");
        return null;
    }

    private static boolean a(PublicKey publicKey, String str) {
        JarFile jarFile;
        File file = new File(str);
        try {
            jarFile = new JarFile(str);
            try {
                JarEntry jarEntry = jarFile.getJarEntry("classes.dex");
                if (jarEntry == null) {
                    jarFile.close();
                    return true;
                }
                byte[] a2 = a(jarFile, jarEntry);
                String a3 = a(file);
                if (a3 == null) {
                    LogUtil.d("CertVerifier", "old cert: " + str);
                    boolean a4 = a(publicKey, jarEntry, str);
                    jarFile.close();
                    return a4;
                }
                byte[] bArr = new byte[((a3.length() + 1) / 2) + 0];
                b.a(a3, bArr);
                jarFile.close();
                Signature signature = Signature.getInstance("SHA1withRSA");
                try {
                    signature.initVerify(publicKey);
                    signature.update(a2);
                } catch (InvalidKeyException e) {
                    Log.e("CertVerifier", str, e);
                } catch (SignatureException e2) {
                    Log.e("CertVerifier", str, e2);
                }
                return signature.verify(bArr);
            } catch (Throwable th) {
                th = th;
                if (jarFile != null) {
                    jarFile.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
            jarFile = null;
        }
    }

    private static boolean a(PublicKey publicKey, JarEntry jarEntry, String str) {
        Certificate[] certificates = jarEntry.getCertificates();
        if (certificates == null) {
            TraceLogger.e("CertVerifier", str + " no certs");
            return false;
        }
        if (certificates.length <= 0) {
            return false;
        }
        for (int length = certificates.length - 1; length >= 0; length--) {
            try {
                certificates[length].verify(publicKey);
                return true;
            } catch (InvalidKeyException e) {
                TraceLogger.e("CertVerifier", str, e);
            } catch (NoSuchAlgorithmException e2) {
                TraceLogger.e("CertVerifier", str, e2);
            } catch (NoSuchProviderException e3) {
                TraceLogger.e("CertVerifier", str, e3);
            } catch (SignatureException e4) {
                TraceLogger.e("CertVerifier", str, e4);
            } catch (CertificateException e5) {
                TraceLogger.e("CertVerifier", str, e5);
            }
        }
        return false;
    }

    private static byte[] a(JarFile jarFile, JarEntry jarEntry) {
        InputStream inputStream = null;
        try {
            inputStream = jarFile.getInputStream(jarEntry);
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            byte[] bArr = new byte[8192];
            while (true) {
                int read = inputStream.read(bArr);
                if (read <= 0) {
                    break;
                }
                messageDigest.update(bArr, 0, read);
            }
            return messageDigest.digest();
        } finally {
            if (inputStream != null) {
                inputStream.close();
            }
        }
    }

    private static PublicKey b(Context context) {
        try {
            ApplicationInfo applicationInfo = context.getPackageManager().getApplicationInfo(context.getPackageName(), 128);
            if (applicationInfo != null && applicationInfo.metaData != null) {
                String string = applicationInfo.metaData.getString("client_signature");
                if (!TextUtils.isEmpty(string)) {
                    return ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(new android.content.pm.Signature(string).toByteArray()))).getPublicKey();
                }
            }
        } catch (PackageManager.NameNotFoundException e) {
            TraceLogger.e("CertVerifier", "get signature error ", e);
        } catch (CertificateException e2) {
            TraceLogger.e("CertVerifier", "get signature error ", e2);
        }
        return null;
    }

    private static boolean c(Context context) {
        PackageManager packageManager;
        String packageName;
        ApplicationInfo applicationInfo;
        try {
            packageManager = context.getPackageManager();
            packageName = context.getPackageName();
            applicationInfo = packageManager.getApplicationInfo(packageName, 128);
        } catch (PackageManager.NameNotFoundException e) {
            TraceLogger.e("CertVerifier", "get signature error ", e);
        } catch (CertificateException e2) {
            TraceLogger.e("CertVerifier", "get signature error ", e2);
        }
        if (applicationInfo != null && applicationInfo.metaData != null && !applicationInfo.metaData.getBoolean("switch.certverifier", true)) {
            return true;
        }
        android.content.pm.Signature[] signatureArr = packageManager.getPackageInfo(packageName, 64).signatures;
        if (signatureArr != null && signatureArr.length > 0) {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (android.content.pm.Signature signature : signatureArr) {
                if (((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(signature.toByteArray()))).getSubjectX500Principal().equals(f357a)) {
                    return true;
                }
            }
        }
        return false;
    }

    public final void a(Context context) {
        if (this.b == null) {
            this.c = c(context);
            this.b = b(context);
        }
    }

    public final boolean a(com.alipay.mobile.quinox.bundle.a aVar) {
        if (this.c || !aVar.i()) {
            return true;
        }
        try {
            if (this.b != null) {
                if (a(this.b, aVar.f())) {
                    return true;
                }
            }
            return false;
        } catch (IOException e) {
            TraceLogger.e("CertVerifier", "verify sign error : " + aVar.f(), e);
            return false;
        } catch (NoSuchAlgorithmException e2) {
            TraceLogger.e("CertVerifier", "verify sign error : " + aVar.f(), e2);
            return false;
        }
    }
}
