package com.android.apksig.internal.apk.v3;

import com.android.apksig.ApkVerifier;
import com.android.apksig.SigningCertificateLineage;
import com.android.apksig.apk.ApkFormatException;
import com.android.apksig.apk.ApkUtils;
import com.android.apksig.internal.apk.ApkSigningBlockUtils;
import com.android.apksig.internal.apk.ContentDigestAlgorithm;
import com.android.apksig.internal.apk.SignatureAlgorithm;
import com.android.apksig.internal.util.ByteBufferUtils;
import com.android.apksig.internal.util.GuaranteedEncodedFormX509Certificate;
import com.android.apksig.internal.util.X509CertificateUtils;
import com.android.apksig.util.DataSource;
import com.android.apksig.util.RunnablesExecutor;
import com.zfork.multiplatforms.android.bomb.A;
import com.zfork.multiplatforms.android.bomb.C0168y;
import j$.util.Collection$EL;
import j$.util.OptionalInt;
import java.io.IOException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

/* loaded from: classes13.dex */
public class V3SchemeVerifier {
    public final RunnablesExecutor a;
    public final DataSource b;
    public final ApkUtils.ZipSections c;
    public final ApkSigningBlockUtils.Result d;
    public final Set e;
    public final int f;
    public final int g;
    public final int h;
    public final OptionalInt i;
    public final boolean j;
    public ByteBuffer k;

    /* loaded from: classes13.dex */
    public static class Builder {
        public final DataSource b;
        public final ApkUtils.ZipSections c;
        public final ByteBuffer d;
        public Set e;
        public ApkSigningBlockUtils.Result f;
        public int g;
        public final int h;
        public RunnablesExecutor a = RunnablesExecutor.SINGLE_THREADED;
        public int i = -262969152;
        public boolean j = true;
        public OptionalInt k = OptionalInt.empty();

        public Builder(DataSource dataSource, ApkUtils.ZipSections zipSections, int i, int i2) {
            this.b = dataSource;
            this.c = zipSections;
            this.g = i;
            this.h = i2;
        }

        public Builder(ByteBuffer byteBuffer) {
            this.d = byteBuffer;
        }

        public V3SchemeVerifier build() {
            int i;
            int i2 = this.i;
            if (i2 == -262969152) {
                this.g = Math.max(this.g, 28);
                i = 3;
            } else {
                if (i2 != 462663009) {
                    throw new IllegalArgumentException(String.format("Unsupported APK Signature Scheme V3 block ID: 0x%08x", Integer.valueOf(this.i)));
                }
                this.g = this.h;
                i = 31;
            }
            if (this.f == null) {
                this.f = new ApkSigningBlockUtils.Result(i);
            }
            if (this.e == null) {
                this.e = new HashSet(1);
            }
            V3SchemeVerifier v3SchemeVerifier = new V3SchemeVerifier(this.a, this.b, this.c, this.e, this.f, this.g, this.h, this.i, this.k, this.j);
            ByteBuffer byteBuffer = this.d;
            if (byteBuffer != null) {
                v3SchemeVerifier.k = byteBuffer;
            }
            return v3SchemeVerifier;
        }

        public Builder setBlockId(int i) {
            this.i = i;
            return this;
        }

        public Builder setContentDigestsToVerify(Set<ContentDigestAlgorithm> set) {
            this.e = set;
            return this;
        }

        public Builder setFullVerification(boolean z) {
            this.j = z;
            return this;
        }

        public Builder setResult(ApkSigningBlockUtils.Result result) {
            this.f = result;
            return this;
        }

        public Builder setRotationMinSdkVersion(int i) {
            this.k = OptionalInt.of(i);
            return this;
        }

        public Builder setRunnablesExecutor(RunnablesExecutor runnablesExecutor) {
            this.a = runnablesExecutor;
            return this;
        }
    }

    public V3SchemeVerifier(RunnablesExecutor runnablesExecutor, DataSource dataSource, ApkUtils.ZipSections zipSections, Set set, ApkSigningBlockUtils.Result result, int i, int i2, int i3, OptionalInt optionalInt, boolean z) {
        this.a = runnablesExecutor;
        this.b = dataSource;
        this.c = zipSections;
        this.e = set;
        this.d = result;
        this.f = i;
        this.g = i2;
        this.h = i3;
        this.i = optionalInt;
        this.j = z;
    }

    public static void parseSigners(ByteBuffer byteBuffer, Set<ContentDigestAlgorithm> set, ApkSigningBlockUtils.Result result) {
        try {
            new Builder(byteBuffer).setResult(result).setContentDigestsToVerify(set).setFullVerification(false).build().parseSigners();
        } catch (ApkSigningBlockUtils.SignatureNotFoundException | IOException e) {
            throw new IllegalStateException("An exception was encountered when attempting to parse the signers from the provided APK Signature Scheme v3 block", e);
        }
    }

    public static boolean signerTargetsDevRelease(ApkSigningBlockUtils.Result.SignerInfo signerInfo) {
        return Collection$EL.stream(signerInfo.additionalAttributes).mapToInt(new C0168y(5)).anyMatch(new A(1));
    }

    public static ApkSigningBlockUtils.Result verify(RunnablesExecutor runnablesExecutor, DataSource dataSource, ApkUtils.ZipSections zipSections, int i, int i2) {
        return new Builder(dataSource, zipSections, i, i2).setRunnablesExecutor(runnablesExecutor).setBlockId(-262969152).build().verify();
    }

    public final void a(ByteBuffer byteBuffer, CertificateFactory certificateFactory, ApkSigningBlockUtils.Result.SignerInfo signerInfo) {
        byte[] encoded;
        boolean z;
        OptionalInt optionalInt;
        ByteBuffer lengthPrefixedSlice = ApkSigningBlockUtils.getLengthPrefixedSlice(byteBuffer);
        byte[] bArr = new byte[lengthPrefixedSlice.remaining()];
        lengthPrefixedSlice.get(bArr);
        lengthPrefixedSlice.flip();
        signerInfo.signedData = bArr;
        int i = byteBuffer.getInt();
        int i2 = byteBuffer.getInt();
        signerInfo.minSdkVersion = i;
        signerInfo.maxSdkVersion = i2;
        if (i < 0 || i > i2) {
            signerInfo.addError(ApkVerifier.Issue.V3_SIG_INVALID_SDK_VERSIONS, Integer.valueOf(i), Integer.valueOf(i2));
        }
        ByteBuffer lengthPrefixedSlice2 = ApkSigningBlockUtils.getLengthPrefixedSlice(byteBuffer);
        byte[] readLengthPrefixedByteArray = ApkSigningBlockUtils.readLengthPrefixedByteArray(byteBuffer);
        ArrayList arrayList = new ArrayList(1);
        int i3 = 0;
        while (lengthPrefixedSlice2.hasRemaining()) {
            i3++;
            try {
                ByteBuffer lengthPrefixedSlice3 = ApkSigningBlockUtils.getLengthPrefixedSlice(lengthPrefixedSlice2);
                int i4 = lengthPrefixedSlice3.getInt();
                byte[] readLengthPrefixedByteArray2 = ApkSigningBlockUtils.readLengthPrefixedByteArray(lengthPrefixedSlice3);
                signerInfo.signatures.add(new ApkSigningBlockUtils.Result.SignerInfo.Signature(i4, readLengthPrefixedByteArray2));
                SignatureAlgorithm findById = SignatureAlgorithm.findById(i4);
                if (findById == null) {
                    signerInfo.addWarning(ApkVerifier.Issue.V3_SIG_UNKNOWN_SIG_ALGORITHM, Integer.valueOf(i4));
                } else {
                    arrayList.add(new ApkSigningBlockUtils.SupportedSignature(findById, readLengthPrefixedByteArray2));
                }
            } catch (ApkFormatException | BufferUnderflowException unused) {
                signerInfo.addError(ApkVerifier.Issue.V3_SIG_MALFORMED_SIGNATURE, Integer.valueOf(i3));
                return;
            }
        }
        if (signerInfo.signatures.isEmpty()) {
            signerInfo.addError(ApkVerifier.Issue.V3_SIG_NO_SIGNATURES, new Object[0]);
            return;
        }
        try {
            for (ApkSigningBlockUtils.SupportedSignature supportedSignature : ApkSigningBlockUtils.getSignaturesToVerify(arrayList, signerInfo.minSdkVersion, signerInfo.maxSdkVersion)) {
                SignatureAlgorithm signatureAlgorithm = supportedSignature.algorithm;
                String first = signatureAlgorithm.getJcaSignatureAlgorithmAndParams().getFirst();
                AlgorithmParameterSpec second = signatureAlgorithm.getJcaSignatureAlgorithmAndParams().getSecond();
                try {
                    PublicKey generatePublic = KeyFactory.getInstance(signatureAlgorithm.getJcaKeyAlgorithm()).generatePublic(new X509EncodedKeySpec(readLengthPrefixedByteArray));
                    try {
                        Signature signature = Signature.getInstance(first);
                        signature.initVerify(generatePublic);
                        if (second != null) {
                            signature.setParameter(second);
                        }
                        lengthPrefixedSlice.position(0);
                        signature.update(lengthPrefixedSlice);
                        byte[] bArr2 = supportedSignature.signature;
                        if (!signature.verify(bArr2)) {
                            signerInfo.addError(ApkVerifier.Issue.V3_SIG_DID_NOT_VERIFY, signatureAlgorithm);
                            return;
                        } else {
                            signerInfo.verifiedSignatures.put(signatureAlgorithm, bArr2);
                            this.e.add(signatureAlgorithm.getContentDigestAlgorithm());
                        }
                    } catch (InvalidAlgorithmParameterException e) {
                        e = e;
                        signerInfo.addError(ApkVerifier.Issue.V3_SIG_VERIFY_EXCEPTION, signatureAlgorithm, e);
                        return;
                    } catch (InvalidKeyException e2) {
                        e = e2;
                        signerInfo.addError(ApkVerifier.Issue.V3_SIG_VERIFY_EXCEPTION, signatureAlgorithm, e);
                        return;
                    } catch (SignatureException e3) {
                        e = e3;
                        signerInfo.addError(ApkVerifier.Issue.V3_SIG_VERIFY_EXCEPTION, signatureAlgorithm, e);
                        return;
                    }
                } catch (Exception e4) {
                    signerInfo.addError(ApkVerifier.Issue.V3_SIG_MALFORMED_PUBLIC_KEY, e4);
                    return;
                }
            }
            lengthPrefixedSlice.position(0);
            ByteBuffer lengthPrefixedSlice4 = ApkSigningBlockUtils.getLengthPrefixedSlice(lengthPrefixedSlice);
            ByteBuffer lengthPrefixedSlice5 = ApkSigningBlockUtils.getLengthPrefixedSlice(lengthPrefixedSlice);
            int i5 = lengthPrefixedSlice.getInt();
            if (i5 != i) {
                signerInfo.addError(ApkVerifier.Issue.V3_MIN_SDK_VERSION_MISMATCH_BETWEEN_SIGNER_AND_SIGNED_DATA_RECORD, Integer.valueOf(i), Integer.valueOf(i5));
            }
            int i6 = lengthPrefixedSlice.getInt();
            if (i6 != i2) {
                signerInfo.addError(ApkVerifier.Issue.V3_MAX_SDK_VERSION_MISMATCH_BETWEEN_SIGNER_AND_SIGNED_DATA_RECORD, Integer.valueOf(i2), Integer.valueOf(i6));
            }
            ByteBuffer lengthPrefixedSlice6 = ApkSigningBlockUtils.getLengthPrefixedSlice(lengthPrefixedSlice);
            int i7 = -1;
            while (lengthPrefixedSlice5.hasRemaining()) {
                int i8 = i7 + 1;
                byte[] readLengthPrefixedByteArray3 = ApkSigningBlockUtils.readLengthPrefixedByteArray(lengthPrefixedSlice5);
                try {
                    signerInfo.certs.add(new GuaranteedEncodedFormX509Certificate(X509CertificateUtils.generateCertificate(readLengthPrefixedByteArray3, certificateFactory), readLengthPrefixedByteArray3));
                    i7 = i8;
                } catch (CertificateException e5) {
                    signerInfo.addError(ApkVerifier.Issue.V3_SIG_MALFORMED_CERTIFICATE, Integer.valueOf(i8), Integer.valueOf(i7 + 2), e5);
                    return;
                }
            }
            if (signerInfo.certs.isEmpty()) {
                signerInfo.addError(ApkVerifier.Issue.V3_SIG_NO_CERTIFICATES, new Object[0]);
                return;
            }
            X509Certificate x509Certificate = signerInfo.certs.get(0);
            try {
                encoded = ApkSigningBlockUtils.encodePublicKey(x509Certificate.getPublicKey());
            } catch (InvalidKeyException e6) {
                System.out.println("Caught an exception encoding the public key: " + e6);
                e6.printStackTrace();
                encoded = x509Certificate.getPublicKey().getEncoded();
            }
            if (!Arrays.equals(readLengthPrefixedByteArray, encoded)) {
                signerInfo.addError(ApkVerifier.Issue.V3_SIG_PUBLIC_KEY_MISMATCH_BETWEEN_CERTIFICATE_AND_SIGNATURES_RECORD, ApkSigningBlockUtils.toHex(encoded), ApkSigningBlockUtils.toHex(readLengthPrefixedByteArray));
                return;
            }
            int i9 = 0;
            while (lengthPrefixedSlice4.hasRemaining()) {
                i9++;
                try {
                    ByteBuffer lengthPrefixedSlice7 = ApkSigningBlockUtils.getLengthPrefixedSlice(lengthPrefixedSlice4);
                    signerInfo.contentDigests.add(new ApkSigningBlockUtils.Result.SignerInfo.ContentDigest(lengthPrefixedSlice7.getInt(), ApkSigningBlockUtils.readLengthPrefixedByteArray(lengthPrefixedSlice7)));
                } catch (ApkFormatException | BufferUnderflowException unused2) {
                    signerInfo.addError(ApkVerifier.Issue.V3_SIG_MALFORMED_DIGEST, Integer.valueOf(i9));
                    return;
                }
            }
            ArrayList arrayList2 = new ArrayList(signerInfo.signatures.size());
            Iterator<ApkSigningBlockUtils.Result.SignerInfo.Signature> it = signerInfo.signatures.iterator();
            while (it.hasNext()) {
                arrayList2.add(Integer.valueOf(it.next().getAlgorithmId()));
            }
            ArrayList arrayList3 = new ArrayList(signerInfo.contentDigests.size());
            Iterator<ApkSigningBlockUtils.Result.SignerInfo.ContentDigest> it2 = signerInfo.contentDigests.iterator();
            while (it2.hasNext()) {
                arrayList3.add(Integer.valueOf(it2.next().getSignatureAlgorithmId()));
            }
            if (!arrayList2.equals(arrayList3)) {
                signerInfo.addError(ApkVerifier.Issue.V3_SIG_SIG_ALG_MISMATCH_BETWEEN_SIGNATURES_AND_DIGESTS_RECORDS, arrayList2, arrayList3);
                return;
            }
            int i10 = 0;
            boolean z2 = false;
            while (true) {
                boolean hasRemaining = lengthPrefixedSlice6.hasRemaining();
                z = this.j;
                optionalInt = this.i;
                if (!hasRemaining) {
                    break;
                }
                i10++;
                try {
                    ByteBuffer lengthPrefixedSlice8 = ApkSigningBlockUtils.getLengthPrefixedSlice(lengthPrefixedSlice6);
                    int i11 = lengthPrefixedSlice8.getInt();
                    byte[] byteArray = ByteBufferUtils.toByteArray(lengthPrefixedSlice8);
                    signerInfo.additionalAttributes.add(new ApkSigningBlockUtils.Result.SignerInfo.AdditionalAttribute(i11, byteArray));
                    if (i11 == 1000370060) {
                        try {
                            SigningCertificateLineage readFromV3AttributeValue = SigningCertificateLineage.readFromV3AttributeValue(byteArray);
                            signerInfo.signingCertificateLineage = readFromV3AttributeValue;
                            if (signerInfo.signingCertificateLineage.size() != readFromV3AttributeValue.getSubLineage(signerInfo.certs.get(0)).size()) {
                                signerInfo.addError(ApkVerifier.Issue.V3_SIG_POR_CERT_MISMATCH, new Object[0]);
                            }
                        } catch (IllegalArgumentException unused3) {
                            signerInfo.addError(ApkVerifier.Issue.V3_SIG_POR_CERT_MISMATCH, new Object[0]);
                        } catch (SecurityException unused4) {
                            signerInfo.addError(ApkVerifier.Issue.V3_SIG_POR_DID_NOT_VERIFY, new Object[0]);
                        } catch (Exception unused5) {
                            signerInfo.addError(ApkVerifier.Issue.V3_SIG_MALFORMED_LINEAGE, new Object[0]);
                        }
                    } else if (i11 == 1436519170) {
                        if (this.g >= 33 && z) {
                            int i12 = ByteBuffer.wrap(byteArray).order(ByteOrder.LITTLE_ENDIAN).getInt();
                            if (optionalInt.isPresent()) {
                                int asInt = optionalInt.getAsInt();
                                if (i12 != asInt) {
                                    signerInfo.addError(ApkVerifier.Issue.V31_ROTATION_MIN_SDK_MISMATCH, Integer.valueOf(i12), Integer.valueOf(asInt));
                                }
                            } else {
                                signerInfo.addError(ApkVerifier.Issue.V31_BLOCK_MISSING, Integer.valueOf(i12));
                            }
                        }
                        z2 = true;
                    } else if (i11 != -1029262406) {
                        signerInfo.addWarning(ApkVerifier.Issue.V3_SIG_UNKNOWN_ADDITIONAL_ATTRIBUTE, Integer.valueOf(i11));
                    } else if (this.h != 462663009) {
                        signerInfo.addWarning(ApkVerifier.Issue.V31_ROTATION_TARGETS_DEV_RELEASE_ATTR_ON_V3_SIGNER, new Object[0]);
                    }
                } catch (ApkFormatException | BufferUnderflowException unused6) {
                    signerInfo.addError(ApkVerifier.Issue.V3_SIG_MALFORMED_ADDITIONAL_ATTRIBUTE, Integer.valueOf(i10));
                    return;
                }
            }
            if (z && optionalInt.isPresent() && !z2) {
                signerInfo.addWarning(ApkVerifier.Issue.V31_ROTATION_MIN_SDK_ATTR_MISSING, Integer.valueOf(optionalInt.getAsInt()));
            }
        } catch (ApkSigningBlockUtils.NoSupportedSignaturesException unused7) {
            signerInfo.addError(ApkVerifier.Issue.V3_SIG_NO_SUPPORTED_SIGNATURES, new Object[0]);
        }
    }

    public ApkSigningBlockUtils.Result parseSigners() {
        ApkSigningBlockUtils.Result result = this.d;
        try {
            if (this.k == null) {
                this.k = ApkSigningBlockUtils.findSignature(this.b, this.c, this.h, result).signatureBlock;
            }
            ByteBuffer lengthPrefixedSlice = ApkSigningBlockUtils.getLengthPrefixedSlice(this.k);
            if (!lengthPrefixedSlice.hasRemaining()) {
                result.addError(ApkVerifier.Issue.V3_SIG_NO_SIGNERS, new Object[0]);
                return result;
            }
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                int i = 0;
                while (lengthPrefixedSlice.hasRemaining()) {
                    int i2 = i + 1;
                    ApkSigningBlockUtils.Result.SignerInfo signerInfo = new ApkSigningBlockUtils.Result.SignerInfo();
                    signerInfo.index = i;
                    result.signers.add(signerInfo);
                    try {
                        a(ApkSigningBlockUtils.getLengthPrefixedSlice(lengthPrefixedSlice), certificateFactory, signerInfo);
                        i = i2;
                    } catch (ApkFormatException | BufferUnderflowException unused) {
                        signerInfo.addError(ApkVerifier.Issue.V3_SIG_MALFORMED_SIGNER, new Object[0]);
                    }
                }
                return result;
            } catch (CertificateException e) {
                throw new RuntimeException("Failed to obtain X.509 CertificateFactory", e);
            }
        } catch (ApkFormatException unused2) {
            result.addError(ApkVerifier.Issue.V3_SIG_MALFORMED_SIGNERS, new Object[0]);
            return result;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:34:0x00ce, code lost:
    
        if (r7 < (r3.isPresent() ? r3.getAsInt() - 1 : r17.g)) goto L39;
     */
    /* JADX WARN: Code restructure failed: missing block: B:52:0x0097, code lost:
    
        r6.addError(com.android.apksig.ApkVerifier.Issue.V3_INCONSISTENT_SDK_VERSIONS, new java.lang.Object[0]);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.android.apksig.internal.apk.ApkSigningBlockUtils.Result verify() {
        /*
            Method dump skipped, instructions count: 259
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.android.apksig.internal.apk.v3.V3SchemeVerifier.verify():com.android.apksig.internal.apk.ApkSigningBlockUtils$Result");
    }
}
