package com.bytedance.mira.signature;

import android.util.ArrayMap;
import android.util.Pair;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;

/* loaded from: classes.dex */
public final class b {

    /* loaded from: classes.dex */
    public static class a {
        public final X509Certificate[][] a;
        private byte[] b;

        public a(X509Certificate[][] x509CertificateArr, byte[] bArr) {
            this.a = x509CertificateArr;
            this.b = bArr;
        }
    }

    private static a a(RandomAccessFile randomAccessFile, m mVar, boolean z) throws SecurityException, IOException {
        ArrayMap arrayMap = new ArrayMap();
        ArrayList arrayList = new ArrayList();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                ByteBuffer a2 = e.a(mVar.a);
                int i = 0;
                while (a2.hasRemaining()) {
                    i++;
                    try {
                        arrayList.add(a(e.a(a2), arrayMap, certificateFactory));
                    } catch (IOException | SecurityException | BufferUnderflowException e) {
                        throw new SecurityException("Failed to parse/verify signer #" + i + " block", e);
                    }
                }
                if (i <= 0) {
                    throw new SecurityException("No signers found");
                }
                if (arrayMap.isEmpty()) {
                    throw new SecurityException("No content digests found");
                }
                if (z) {
                    e.a(arrayMap, randomAccessFile, mVar);
                }
                return new a((X509Certificate[][]) arrayList.toArray(new X509Certificate[arrayList.size()]), arrayMap.containsKey(3) ? e.a((byte[]) arrayMap.get(3), randomAccessFile.length(), mVar) : null);
            } catch (IOException e2) {
                throw new SecurityException("Failed to read list of signers", e2);
            }
        } catch (CertificateException e3) {
            throw new RuntimeException("Failed to obtain X.509 CertificateFactory", e3);
        }
    }

    private static a a(RandomAccessFile randomAccessFile, boolean z) throws SignatureNotFoundException, SecurityException, IOException {
        return a(randomAccessFile, a(randomAccessFile), z);
    }

    /* JADX WARN: Removed duplicated region for block: B:14:0x0020  */
    /* JADX WARN: Removed duplicated region for block: B:16:0x0017 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static com.bytedance.mira.signature.b.a a(java.lang.String r2, boolean r3) throws com.bytedance.mira.signature.SignatureNotFoundException, java.lang.SecurityException, java.io.IOException {
        /*
            java.io.RandomAccessFile r0 = new java.io.RandomAccessFile
            java.lang.String r1 = "r"
            r0.<init>(r2, r1)
            com.bytedance.mira.signature.b$a r2 = a(r0, r3)     // Catch: java.lang.Throwable -> Lf java.lang.Throwable -> L12
            r0.close()
            return r2
        Lf:
            r2 = move-exception
            r3 = 0
            goto L15
        L12:
            r3 = move-exception
            throw r3     // Catch: java.lang.Throwable -> L14
        L14:
            r2 = move-exception
        L15:
            if (r3 == 0) goto L20
            r0.close()     // Catch: java.lang.Throwable -> L1b
            goto L23
        L1b:
            r0 = move-exception
            r3.addSuppressed(r0)
            goto L23
        L20:
            r0.close()
        L23:
            throw r2
        */
        throw new UnsupportedOperationException("Method not decompiled: com.bytedance.mira.signature.b.a(java.lang.String, boolean):com.bytedance.mira.signature.b$a");
    }

    private static m a(RandomAccessFile randomAccessFile) throws IOException, SignatureNotFoundException {
        return e.a(randomAccessFile, 1896449818);
    }

    private static void a(ByteBuffer byteBuffer) throws SecurityException, IOException {
        while (byteBuffer.hasRemaining()) {
            ByteBuffer a2 = e.a(byteBuffer);
            if (a2.remaining() < 4) {
                throw new IOException("Remaining buffer too short to contain additional attribute ID. Remaining: " + a2.remaining());
            }
            if (a2.getInt() == -1091571699) {
                if (a2.remaining() < 4) {
                    throw new IOException("V2 Signature Scheme Stripping Protection Attribute  value too small. Expected 4 bytes, but found " + a2.remaining());
                }
                if (a2.getInt() == 3) {
                    throw new SecurityException("V2 signature indicates APK is signed using APK Signature Scheme v3, but none was found. Signature stripped?");
                }
            }
        }
    }

    private static boolean a(int i) {
        if (i == 513 || i == 514 || i == 769 || i == 1057 || i == 1059 || i == 1061) {
            return true;
        }
        switch (i) {
            case 257:
            case 258:
            case 259:
            case 260:
                return true;
            default:
                return false;
        }
    }

    private static X509Certificate[] a(ByteBuffer byteBuffer, Map<Integer, byte[]> map, CertificateFactory certificateFactory) throws SecurityException, IOException {
        ByteBuffer a2 = e.a(byteBuffer);
        ByteBuffer a3 = e.a(byteBuffer);
        byte[] b = e.b(byteBuffer);
        ArrayList arrayList = new ArrayList();
        byte[] bArr = null;
        int i = -1;
        int i2 = 0;
        while (a3.hasRemaining()) {
            i2++;
            try {
                ByteBuffer a4 = e.a(a3);
                if (a4.remaining() < 8) {
                    throw new SecurityException("Signature record too short");
                }
                int i3 = a4.getInt();
                arrayList.add(Integer.valueOf(i3));
                if (a(i3) && (i == -1 || e.a(i3, i) > 0)) {
                    bArr = e.b(a4);
                    i = i3;
                }
            } catch (IOException | BufferUnderflowException e) {
                throw new SecurityException("Failed to parse signature record #".concat(String.valueOf(i2)), e);
            }
        }
        if (i == -1) {
            if (i2 == 0) {
                throw new SecurityException("No signatures found");
            }
            throw new SecurityException("No supported signatures found");
        }
        String c = e.c(i);
        Pair<String, ? extends AlgorithmParameterSpec> d = e.d(i);
        String str = (String) d.first;
        AlgorithmParameterSpec algorithmParameterSpec = (AlgorithmParameterSpec) d.second;
        try {
            PublicKey generatePublic = KeyFactory.getInstance(c).generatePublic(new X509EncodedKeySpec(b));
            Signature signature = Signature.getInstance(str);
            signature.initVerify(generatePublic);
            if (algorithmParameterSpec != null) {
                signature.setParameter(algorithmParameterSpec);
            }
            signature.update(a2);
            if (!signature.verify(bArr)) {
                throw new SecurityException(str + " signature did not verify");
            }
            a2.clear();
            ByteBuffer a5 = e.a(a2);
            ArrayList arrayList2 = new ArrayList();
            byte[] bArr2 = null;
            int i4 = 0;
            while (a5.hasRemaining()) {
                i4++;
                try {
                    ByteBuffer a6 = e.a(a5);
                    if (a6.remaining() < 8) {
                        throw new IOException("Record too short");
                    }
                    int i5 = a6.getInt();
                    arrayList2.add(Integer.valueOf(i5));
                    if (i5 == i) {
                        bArr2 = e.b(a6);
                    }
                } catch (IOException | BufferUnderflowException e2) {
                    throw new IOException("Failed to parse digest record #".concat(String.valueOf(i4)), e2);
                }
            }
            if (!arrayList.equals(arrayList2)) {
                throw new SecurityException("Signature algorithms don't match between digests and signatures records");
            }
            int a7 = e.a(i);
            byte[] put = map.put(Integer.valueOf(a7), bArr2);
            if (put != null && !MessageDigest.isEqual(put, bArr2)) {
                throw new SecurityException(e.b(a7) + " contents digest does not match the digest specified by a preceding signer");
            }
            ByteBuffer a8 = e.a(a2);
            ArrayList arrayList3 = new ArrayList();
            int i6 = 0;
            while (a8.hasRemaining()) {
                i6++;
                byte[] b2 = e.b(a8);
                try {
                    arrayList3.add(new VerbatimX509Certificate((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(b2)), b2));
                } catch (CertificateException e3) {
                    throw new SecurityException("Failed to decode certificate #".concat(String.valueOf(i6)), e3);
                }
            }
            if (arrayList3.isEmpty()) {
                throw new SecurityException("No certificates listed");
            }
            if (!Arrays.equals(b, ((X509Certificate) arrayList3.get(0)).getPublicKey().getEncoded())) {
                throw new SecurityException("Public key mismatch between certificate and signature record");
            }
            a(e.a(a2));
            return (X509Certificate[]) arrayList3.toArray(new X509Certificate[arrayList3.size()]);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | InvalidKeySpecException e4) {
            throw new SecurityException("Failed to verify " + str + " signature", e4);
        }
    }

    public static X509Certificate[][] a(String str) throws SignatureNotFoundException, SecurityException, IOException {
        return a(str, true).a;
    }
}
