package com.sec.android.app.download.installer.apkverifier;

import android.os.Build;
import android.util.ArrayMap;
import android.util.Base64;
import android.util.Log;
import android.util.Pair;
import com.sec.android.app.commonlib.doc.ThemeInstallChecker;
import com.sec.android.app.samsungapps.Constant_todo;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.math.BigInteger;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.Set;

/* compiled from: ProGuard */
/* loaded from: classes3.dex */
public class ApkSignatureV2V3Verifier {
    public static final int SF_ATTRIBUTE_ANDROID_APK_SIGNED_ID = 3;

    /* compiled from: ProGuard */
    /* loaded from: classes3.dex */
    public static class VerifiedProofOfRotation {
        public final List<X509Certificate> certs;
        public final List<Integer> flagsList;

        public VerifiedProofOfRotation(List<X509Certificate> list, List<Integer> list2) {
            this.certs = list;
            this.flagsList = list2;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ProGuard */
    /* loaded from: classes3.dex */
    public static class a extends Exception {
        a(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ProGuard */
    /* loaded from: classes3.dex */
    public static class b {

        /* renamed from: a, reason: collision with root package name */
        public final ByteBuffer f19848a;

        /* renamed from: b, reason: collision with root package name */
        public final long f19849b;

        /* renamed from: c, reason: collision with root package name */
        public final long f19850c;

        /* renamed from: d, reason: collision with root package name */
        public final long f19851d;

        /* renamed from: e, reason: collision with root package name */
        public final ByteBuffer f19852e;

        /* JADX INFO: Access modifiers changed from: package-private */
        public b(ByteBuffer byteBuffer, long j2, long j3, long j4, ByteBuffer byteBuffer2) {
            this.f19848a = byteBuffer;
            this.f19849b = j2;
            this.f19850c = j3;
            this.f19851d = j4;
            this.f19852e = byteBuffer2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ProGuard */
    /* loaded from: classes3.dex */
    public static class c extends Exception {
        public c(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ProGuard */
    /* loaded from: classes3.dex */
    public class d extends e {

        /* renamed from: c, reason: collision with root package name */
        private final byte[] f19853c;

        /* renamed from: d, reason: collision with root package name */
        private int f19854d;

        d(X509Certificate x509Certificate, byte[] bArr) {
            super(x509Certificate);
            this.f19854d = -1;
            this.f19853c = bArr;
        }

        @Override // java.security.cert.Certificate
        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof d)) {
                return false;
            }
            try {
                return Arrays.equals(getEncoded(), ((d) obj).getEncoded());
            } catch (CertificateEncodingException unused) {
                return false;
            }
        }

        @Override // java.security.cert.Certificate
        public byte[] getEncoded() throws CertificateEncodingException {
            return this.f19853c;
        }

        @Override // java.security.cert.Certificate
        public int hashCode() {
            if (this.f19854d == -1) {
                try {
                    this.f19854d = Arrays.hashCode(getEncoded());
                } catch (CertificateEncodingException unused) {
                    this.f19854d = 0;
                }
            }
            return this.f19854d;
        }
    }

    /* compiled from: ProGuard */
    /* loaded from: classes3.dex */
    class e extends X509Certificate {

        /* renamed from: a, reason: collision with root package name */
        private final X509Certificate f19856a;

        e(X509Certificate x509Certificate) {
            this.f19856a = x509Certificate;
        }

        @Override // java.security.cert.X509Certificate
        public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
            this.f19856a.checkValidity();
        }

        @Override // java.security.cert.X509Certificate
        public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
            this.f19856a.checkValidity(date);
        }

        @Override // java.security.cert.X509Certificate
        public int getBasicConstraints() {
            return this.f19856a.getBasicConstraints();
        }

        @Override // java.security.cert.X509Extension
        public Set<String> getCriticalExtensionOIDs() {
            return this.f19856a.getCriticalExtensionOIDs();
        }

        @Override // java.security.cert.X509Extension
        public byte[] getExtensionValue(String str) {
            return this.f19856a.getExtensionValue(str);
        }

        @Override // java.security.cert.X509Certificate
        public Principal getIssuerDN() {
            return this.f19856a.getIssuerDN();
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getIssuerUniqueID() {
            return this.f19856a.getIssuerUniqueID();
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getKeyUsage() {
            return this.f19856a.getKeyUsage();
        }

        @Override // java.security.cert.X509Extension
        public Set<String> getNonCriticalExtensionOIDs() {
            return this.f19856a.getNonCriticalExtensionOIDs();
        }

        @Override // java.security.cert.X509Certificate
        public Date getNotAfter() {
            return this.f19856a.getNotAfter();
        }

        @Override // java.security.cert.X509Certificate
        public Date getNotBefore() {
            return this.f19856a.getNotBefore();
        }

        @Override // java.security.cert.Certificate
        public PublicKey getPublicKey() {
            return this.f19856a.getPublicKey();
        }

        @Override // java.security.cert.X509Certificate
        public BigInteger getSerialNumber() {
            return this.f19856a.getSerialNumber();
        }

        @Override // java.security.cert.X509Certificate
        public String getSigAlgName() {
            return this.f19856a.getSigAlgName();
        }

        @Override // java.security.cert.X509Certificate
        public String getSigAlgOID() {
            return this.f19856a.getSigAlgOID();
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getSigAlgParams() {
            return this.f19856a.getSigAlgParams();
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getSignature() {
            return this.f19856a.getSignature();
        }

        @Override // java.security.cert.X509Certificate
        public Principal getSubjectDN() {
            return this.f19856a.getSubjectDN();
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getSubjectUniqueID() {
            return this.f19856a.getSubjectUniqueID();
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getTBSCertificate() throws CertificateEncodingException {
            return this.f19856a.getTBSCertificate();
        }

        @Override // java.security.cert.X509Certificate
        public int getVersion() {
            return this.f19856a.getVersion();
        }

        @Override // java.security.cert.X509Extension
        public boolean hasUnsupportedCriticalExtension() {
            return this.f19856a.hasUnsupportedCriticalExtension();
        }

        @Override // java.security.cert.Certificate
        public String toString() {
            return this.f19856a.toString();
        }

        @Override // java.security.cert.Certificate
        public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            this.f19856a.verify(publicKey);
        }

        @Override // java.security.cert.Certificate
        public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            this.f19856a.verify(publicKey, str);
        }
    }

    private static b a(RandomAccessFile randomAccessFile, int i2) throws IOException, c {
        return com.sec.android.app.download.installer.apkverifier.a.f(randomAccessFile, i2);
    }

    private static boolean b(int i2) {
        if (i2 == 513 || i2 == 514 || i2 == 769 || i2 == 1057 || i2 == 1059 || i2 == 1061) {
            return true;
        }
        switch (i2) {
            case 257:
            case 258:
            case 259:
            case ThemeInstallChecker.ContentState.DOWNLOAD_PENDING /* 260 */:
                return true;
            default:
                return false;
        }
    }

    private static String c(ByteBuffer byteBuffer, int i2) throws SecurityException, IOException, a {
        ByteBuffer k2 = com.sec.android.app.download.installer.apkverifier.a.k(byteBuffer);
        if (i2 == -262969152) {
            int i3 = byteBuffer.getInt();
            int i4 = byteBuffer.getInt();
            int i5 = Build.VERSION.SDK_INT;
            if (i5 < i3 || i5 > i4) {
                throw new a("Signer not supported by this platform version. This platform: " + i5 + ", signer minSdkVersion: " + i3 + ", maxSdkVersion: " + i4);
            }
        }
        ByteBuffer k3 = com.sec.android.app.download.installer.apkverifier.a.k(byteBuffer);
        byte[] o2 = com.sec.android.app.download.installer.apkverifier.a.o(byteBuffer);
        ArrayList arrayList = new ArrayList();
        byte[] bArr = null;
        int i6 = 0;
        byte[] bArr2 = null;
        int i7 = 0;
        int i8 = -1;
        while (k3.hasRemaining()) {
            i7++;
            try {
                ByteBuffer k4 = com.sec.android.app.download.installer.apkverifier.a.k(k3);
                if (k4.remaining() < 8) {
                    throw new SecurityException("Signature record too short");
                }
                int i9 = k4.getInt();
                arrayList.add(Integer.valueOf(i9));
                if (b(i9) && (i8 == -1 || com.sec.android.app.download.installer.apkverifier.a.c(i9, i8) > 0)) {
                    bArr2 = com.sec.android.app.download.installer.apkverifier.a.o(k4);
                    i8 = i9;
                }
            } catch (IOException | BufferUnderflowException e2) {
                throw new SecurityException("Failed to parse signature record #" + i7, e2);
            }
        }
        if (i8 == -1) {
            if (i7 == 0) {
                throw new SecurityException("No signatures found");
            }
            throw new SecurityException("No supported signatures found");
        }
        String m2 = com.sec.android.app.download.installer.apkverifier.a.m(i8);
        Pair<String, ? extends AlgorithmParameterSpec> n2 = com.sec.android.app.download.installer.apkverifier.a.n(i8);
        String str = (String) n2.first;
        AlgorithmParameterSpec algorithmParameterSpec = (AlgorithmParameterSpec) n2.second;
        try {
            PublicKey generatePublic = KeyFactory.getInstance(m2).generatePublic(new X509EncodedKeySpec(o2));
            Signature signature = Signature.getInstance(str);
            signature.initVerify(generatePublic);
            if (algorithmParameterSpec != null) {
                signature.setParameter(algorithmParameterSpec);
            }
            signature.update(k2);
            Log.d("sig", "signedData = " + k2.toString());
            if (!signature.verify(bArr2)) {
                throw new SecurityException(str + " signature did not verify");
            }
            k2.clear();
            ByteBuffer k5 = com.sec.android.app.download.installer.apkverifier.a.k(k2);
            ArrayList arrayList2 = new ArrayList();
            while (k5.hasRemaining()) {
                i6++;
                try {
                    ByteBuffer k6 = com.sec.android.app.download.installer.apkverifier.a.k(k5);
                    if (k6.remaining() < 8) {
                        throw new IOException("Record too short");
                    }
                    int i10 = k6.getInt();
                    arrayList2.add(Integer.valueOf(i10));
                    if (i10 == i8) {
                        bArr = com.sec.android.app.download.installer.apkverifier.a.o(k6);
                    }
                } catch (IOException | BufferUnderflowException e3) {
                    throw new IOException("Failed to parse digest record #" + i6, e3);
                }
            }
            return new String(Base64.encode(bArr, 2));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | InvalidKeySpecException e4) {
            throw new SecurityException("Failed to verify " + str + " signature", e4);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:30:0x0091, code lost:
    
        throw new java.lang.SecurityException("Signature record too short");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.security.cert.X509Certificate[] d(java.nio.ByteBuffer r17, java.util.Map<java.lang.Integer, byte[]> r18, java.security.cert.CertificateFactory r19, int r20) throws java.lang.SecurityException, java.io.IOException, com.sec.android.app.download.installer.apkverifier.ApkSignatureV2V3Verifier.a {
        /*
            Method dump skipped, instructions count: 620
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sec.android.app.download.installer.apkverifier.ApkSignatureV2V3Verifier.d(java.nio.ByteBuffer, java.util.Map, java.security.cert.CertificateFactory, int):java.security.cert.X509Certificate[]");
    }

    public static boolean hasSignature(String str, int i2) throws IOException {
        try {
            RandomAccessFile randomAccessFile = new RandomAccessFile(str, "r");
            try {
                a(randomAccessFile, i2);
                randomAccessFile.close();
                return true;
            } finally {
            }
        } catch (c unused) {
            return false;
        }
    }

    public static String readContentDigest(String str, int i2) {
        try {
            RandomAccessFile randomAccessFile = new RandomAccessFile(str, "r");
            try {
                int i3 = 0;
                try {
                    ByteBuffer k2 = com.sec.android.app.download.installer.apkverifier.a.k(a(randomAccessFile, i2).f19848a);
                    String str2 = null;
                    while (k2.hasRemaining()) {
                        i3++;
                        try {
                            str2 = c(com.sec.android.app.download.installer.apkverifier.a.k(k2), i2);
                        } catch (IOException | SecurityException | BufferUnderflowException e2) {
                            throw new SecurityException("Failed to parse/verify signer #" + i3 + " block", e2);
                        }
                    }
                    if (i3 < 1) {
                        throw new SecurityException("No signers found");
                    }
                    if (str2.isEmpty()) {
                        throw new SecurityException("No content digests found");
                    }
                    randomAccessFile.close();
                    return str2;
                } catch (IOException e3) {
                    throw new SecurityException("Failed to read list of signers", e3);
                }
            } finally {
            }
        } catch (Exception e4) {
            e4.printStackTrace();
            return null;
        }
    }

    public String readV2Signature(String str) {
        RandomAccessFile randomAccessFile;
        StringBuffer stringBuffer = new StringBuffer("");
        RandomAccessFile randomAccessFile2 = null;
        try {
            try {
                try {
                    randomAccessFile = new RandomAccessFile(str, "r");
                } catch (IOException e2) {
                    e2.printStackTrace();
                }
            } catch (Exception e3) {
                e = e3;
            }
        } catch (Throwable th) {
            th = th;
        }
        try {
            try {
                try {
                    X509Certificate[] d2 = d(com.sec.android.app.download.installer.apkverifier.a.k(com.sec.android.app.download.installer.apkverifier.a.k(a(randomAccessFile, Constant_todo.APK_SIGNATURE_SCHEME_V2_BLOCK_ID).f19848a)), new ArrayMap(), CertificateFactory.getInstance("X.509"), Constant_todo.APK_SIGNATURE_SCHEME_V2_BLOCK_ID);
                    for (byte b2 : d2[0].getSignature()) {
                        stringBuffer.append((int) b2);
                    }
                    randomAccessFile.close();
                } catch (IOException e4) {
                    throw new SecurityException("Failed to read list of signers", e4);
                }
            } catch (CertificateException e5) {
                throw new RuntimeException("Failed to obtain X.509 CertificateFactory", e5);
            }
        } catch (Exception e6) {
            e = e6;
            randomAccessFile2 = randomAccessFile;
            e.printStackTrace();
            if (randomAccessFile2 != null) {
                randomAccessFile2.close();
            }
            return stringBuffer.toString();
        } catch (Throwable th2) {
            th = th2;
            randomAccessFile2 = randomAccessFile;
            if (randomAccessFile2 != null) {
                try {
                    randomAccessFile2.close();
                } catch (IOException e7) {
                    e7.printStackTrace();
                }
            }
            throw th;
        }
        return stringBuffer.toString();
    }

    public String readV3Signature(String str) throws SecurityException, IOException, c {
        StringBuffer stringBuffer = new StringBuffer("");
        RandomAccessFile randomAccessFile = null;
        try {
            RandomAccessFile randomAccessFile2 = new RandomAccessFile(str, "r");
            try {
                b a2 = a(randomAccessFile2, Constant_todo.APK_SIGNATURE_SCHEME_V3_BLOCK_ID);
                ArrayMap arrayMap = new ArrayMap();
                ArrayList arrayList = new ArrayList();
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    try {
                        ByteBuffer k2 = com.sec.android.app.download.installer.apkverifier.a.k(a2.f19848a);
                        int i2 = 0;
                        while (k2.hasRemaining()) {
                            try {
                                arrayList.add(d(com.sec.android.app.download.installer.apkverifier.a.k(k2), arrayMap, certificateFactory, Constant_todo.APK_SIGNATURE_SCHEME_V3_BLOCK_ID));
                                i2++;
                            } catch (a unused) {
                            } catch (IOException e2) {
                                e = e2;
                                throw new SecurityException("Failed to parse/verify signer #" + i2 + " block", e);
                            } catch (SecurityException e3) {
                                e = e3;
                                throw new SecurityException("Failed to parse/verify signer #" + i2 + " block", e);
                            } catch (BufferUnderflowException e4) {
                                e = e4;
                                throw new SecurityException("Failed to parse/verify signer #" + i2 + " block", e);
                            }
                        }
                        if (i2 < 1) {
                            throw new SecurityException("No signers found");
                        }
                        if (i2 != 1) {
                            throw new SecurityException("APK Signature Scheme V3 only supports one signer: multiple signers found.");
                        }
                        if (arrayMap.isEmpty()) {
                            throw new SecurityException("No content digests found");
                        }
                        for (X509Certificate[] x509CertificateArr : (X509Certificate[][]) arrayList.toArray(new X509Certificate[arrayList.size()])) {
                            for (byte b2 : x509CertificateArr[0].getSignature()) {
                                stringBuffer.append((int) b2);
                            }
                        }
                        try {
                            randomAccessFile2.close();
                        } catch (IOException e5) {
                            e5.printStackTrace();
                        }
                        return stringBuffer.toString();
                    } catch (IOException e6) {
                        throw new SecurityException("Failed to read list of signers", e6);
                    }
                } catch (CertificateException e7) {
                    throw new RuntimeException("Failed to obtain X.509 CertificateFactory", e7);
                }
            } catch (Throwable th) {
                th = th;
                randomAccessFile = randomAccessFile2;
                if (randomAccessFile != null) {
                    try {
                        randomAccessFile.close();
                    } catch (IOException e8) {
                        e8.printStackTrace();
                    }
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }
}
