package com.android.apksig;

import com.android.apksig.apk.ApkFormatException;
import com.android.apksig.apk.ApkUtilsLite;
import com.android.apksig.internal.apk.ApkSigResult;
import com.android.apksig.internal.apk.ApkSignerInfo;
import com.android.apksig.internal.apk.ApkSigningBlockUtilsLite;
import com.android.apksig.internal.apk.ContentDigestAlgorithm;
import com.android.apksig.internal.apk.SignatureAlgorithm;
import com.android.apksig.internal.apk.SignatureInfo;
import com.android.apksig.internal.apk.SignatureNotFoundException;
import com.android.apksig.internal.apk.stamp.V2SourceStampVerifier;
import com.android.apksig.internal.util.GuaranteedEncodedFormX509Certificate;
import com.android.apksig.internal.zip.CentralDirectoryRecord;
import com.android.apksig.internal.zip.LocalFileRecord;
import com.android.apksig.internal.zip.ZipUtils;
import com.android.apksig.util.DataSource;
import com.android.apksig.util.DataSources;
import com.android.apksig.zip.ZipFormatException;
import com.android.apksig.zip.ZipSections;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: classes.dex */
public class SourceStampVerifier {
    private final DataSource mApkDataSource;
    private final File mApkFile;
    private final int mMaxSdkVersion;
    private final int mMinSdkVersion;

    /* loaded from: classes.dex */
    public static class Builder {
        private final DataSource mApkDataSource;
        private final File mApkFile;
        private int mMinSdkVersion = 1;
        private int mMaxSdkVersion = Integer.MAX_VALUE;

        public Builder(DataSource dataSource) {
            if (dataSource == null) {
                throw new NullPointerException("apk == null");
            }
            this.mApkDataSource = dataSource;
            this.mApkFile = null;
        }

        public Builder(File file) {
            if (file == null) {
                throw new NullPointerException("apk == null");
            }
            this.mApkFile = file;
            this.mApkDataSource = null;
        }

        public SourceStampVerifier build() {
            return new SourceStampVerifier(this.mApkFile, this.mApkDataSource, this.mMinSdkVersion, this.mMaxSdkVersion);
        }

        public Builder setMaxCheckedPlatformVersion(int i10) {
            this.mMaxSdkVersion = i10;
            return this;
        }

        public Builder setMinCheckedPlatformVersion(int i10) {
            this.mMinSdkVersion = i10;
            return this;
        }
    }

    /* loaded from: classes.dex */
    public static class Result {
        private final List<List<SignerInfo>> mAllSchemeSigners;
        private final List<ApkVerificationIssue> mErrors;
        private SourceStampInfo mSourceStampInfo;
        private final List<SignerInfo> mV1SchemeSigners;
        private final List<SignerInfo> mV2SchemeSigners;
        private final List<SignerInfo> mV31SchemeSigners;
        private final List<SignerInfo> mV3SchemeSigners;
        private boolean mVerified;
        private final List<ApkVerificationIssue> mWarnings;

        /* loaded from: classes.dex */
        public static class SignerInfo {
            public static final int INVALID_SDK_VERSION = -1;
            private X509Certificate mSigningCertificate;
            private final List<ApkVerificationIssue> mErrors = new ArrayList();
            private final List<ApkVerificationIssue> mWarnings = new ArrayList();
            private int mMinSdkVersion = -1;
            private int mMaxSdkVersion = -1;

            public void addVerificationError(int i10, Object... objArr) {
                this.mErrors.add(new ApkVerificationIssue(i10, objArr));
            }

            public void addVerificationWarning(int i10, Object... objArr) {
                this.mWarnings.add(new ApkVerificationIssue(i10, objArr));
            }

            public boolean containsErrors() {
                return !this.mErrors.isEmpty();
            }

            public List<ApkVerificationIssue> getErrors() {
                return this.mErrors;
            }

            public int getMaxSdkVersion() {
                return this.mMaxSdkVersion;
            }

            public int getMinSdkVersion() {
                return this.mMinSdkVersion;
            }

            public X509Certificate getSigningCertificate() {
                return this.mSigningCertificate;
            }

            public List<ApkVerificationIssue> getWarnings() {
                return this.mWarnings;
            }

            public void setMaxSdkVersion(int i10) {
                this.mMaxSdkVersion = i10;
            }

            public void setMinSdkVersion(int i10) {
                this.mMinSdkVersion = i10;
            }

            public void setSigningCertificate(X509Certificate x509Certificate) {
                this.mSigningCertificate = x509Certificate;
            }
        }

        /* loaded from: classes.dex */
        public static class SourceStampInfo {
            private static final boolean mWarningsAsErrors = true;
            private final List<X509Certificate> mCertificateLineage;
            private final List<X509Certificate> mCertificates;
            private final List<ApkVerificationIssue> mErrors;
            private final List<ApkVerificationIssue> mInfoMessages;
            private final long mTimestamp;
            private final List<ApkVerificationIssue> mWarnings;

            private SourceStampInfo(ApkSignerInfo apkSignerInfo) {
                ArrayList arrayList = new ArrayList();
                this.mErrors = arrayList;
                ArrayList arrayList2 = new ArrayList();
                this.mWarnings = arrayList2;
                ArrayList arrayList3 = new ArrayList();
                this.mInfoMessages = arrayList3;
                this.mCertificates = apkSignerInfo.certs;
                this.mCertificateLineage = apkSignerInfo.certificateLineage;
                arrayList.addAll(apkSignerInfo.getErrors());
                arrayList2.addAll(apkSignerInfo.getWarnings());
                arrayList3.addAll(apkSignerInfo.getInfoMessages());
                this.mTimestamp = apkSignerInfo.timestamp;
            }

            public boolean containsErrors() {
                if (this.mErrors.isEmpty() && this.mWarnings.isEmpty()) {
                    return false;
                }
                return mWarningsAsErrors;
            }

            public boolean containsInfoMessages() {
                return this.mInfoMessages.isEmpty() ^ mWarningsAsErrors;
            }

            public X509Certificate getCertificate() {
                if (this.mCertificates.isEmpty()) {
                    return null;
                }
                return this.mCertificates.get(0);
            }

            public List<X509Certificate> getCertificatesInLineage() {
                return this.mCertificateLineage;
            }

            public List<ApkVerificationIssue> getErrors() {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(this.mErrors);
                arrayList.addAll(this.mWarnings);
                return arrayList;
            }

            public List<ApkVerificationIssue> getInfoMessages() {
                return this.mInfoMessages;
            }

            public long getTimestampEpochSeconds() {
                return this.mTimestamp;
            }

            public List<ApkVerificationIssue> getWarnings() {
                return this.mWarnings;
            }
        }

        public Result() {
            ArrayList arrayList = new ArrayList();
            this.mV1SchemeSigners = arrayList;
            ArrayList arrayList2 = new ArrayList();
            this.mV2SchemeSigners = arrayList2;
            ArrayList arrayList3 = new ArrayList();
            this.mV3SchemeSigners = arrayList3;
            ArrayList arrayList4 = new ArrayList();
            this.mV31SchemeSigners = arrayList4;
            this.mAllSchemeSigners = Arrays.asList(arrayList, arrayList2, arrayList3, arrayList4);
            this.mErrors = new ArrayList();
            this.mWarnings = new ArrayList();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addV1Signer(SignerInfo signerInfo) {
            this.mV1SchemeSigners.add(signerInfo);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addV2Signer(SignerInfo signerInfo) {
            this.mV2SchemeSigners.add(signerInfo);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addV31Signer(SignerInfo signerInfo) {
            this.mV31SchemeSigners.add(signerInfo);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addV3Signer(SignerInfo signerInfo) {
            this.mV3SchemeSigners.add(signerInfo);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void mergeFrom(ApkSigResult apkSigResult) {
            if (apkSigResult.signatureSchemeVersion != 0) {
                throw new IllegalArgumentException("Unknown ApkSigResult Signing Block Scheme Id " + apkSigResult.signatureSchemeVersion);
            }
            this.mVerified = apkSigResult.verified;
            if (apkSigResult.mSigners.isEmpty()) {
                return;
            }
            this.mSourceStampInfo = new SourceStampInfo(apkSigResult.mSigners.get(0));
        }

        public void addVerificationError(int i10, Object... objArr) {
            this.mErrors.add(new ApkVerificationIssue(i10, objArr));
        }

        public void addVerificationWarning(int i10, Object... objArr) {
            this.mWarnings.add(new ApkVerificationIssue(i10, objArr));
        }

        public boolean containsErrors() {
            if (!this.mErrors.isEmpty()) {
                return true;
            }
            Iterator<List<SignerInfo>> it = this.mAllSchemeSigners.iterator();
            while (it.hasNext()) {
                Iterator<SignerInfo> it2 = it.next().iterator();
                while (it2.hasNext()) {
                    if (it2.next().containsErrors()) {
                        return true;
                    }
                }
            }
            SourceStampInfo sourceStampInfo = this.mSourceStampInfo;
            return sourceStampInfo != null && sourceStampInfo.containsErrors();
        }

        public List<ApkVerificationIssue> getAllErrors() {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(this.mErrors);
            Iterator<List<SignerInfo>> it = this.mAllSchemeSigners.iterator();
            while (it.hasNext()) {
                Iterator<SignerInfo> it2 = it.next().iterator();
                while (it2.hasNext()) {
                    arrayList.addAll(it2.next().getErrors());
                }
            }
            SourceStampInfo sourceStampInfo = this.mSourceStampInfo;
            if (sourceStampInfo != null) {
                arrayList.addAll(sourceStampInfo.getErrors());
            }
            return arrayList;
        }

        public List<ApkVerificationIssue> getAllWarnings() {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(this.mWarnings);
            Iterator<List<SignerInfo>> it = this.mAllSchemeSigners.iterator();
            while (it.hasNext()) {
                Iterator<SignerInfo> it2 = it.next().iterator();
                while (it2.hasNext()) {
                    arrayList.addAll(it2.next().getWarnings());
                }
            }
            SourceStampInfo sourceStampInfo = this.mSourceStampInfo;
            if (sourceStampInfo != null) {
                arrayList.addAll(sourceStampInfo.getWarnings());
            }
            return arrayList;
        }

        public List<ApkVerificationIssue> getErrors() {
            return this.mErrors;
        }

        public SourceStampInfo getSourceStampInfo() {
            return this.mSourceStampInfo;
        }

        public List<SignerInfo> getV1SchemeSigners() {
            return this.mV1SchemeSigners;
        }

        public List<SignerInfo> getV2SchemeSigners() {
            return this.mV2SchemeSigners;
        }

        public List<SignerInfo> getV31SchemeSigners() {
            return this.mV31SchemeSigners;
        }

        public List<SignerInfo> getV3SchemeSigners() {
            return this.mV3SchemeSigners;
        }

        public List<ApkVerificationIssue> getWarnings() {
            return this.mWarnings;
        }

        public boolean isVerified() {
            return this.mVerified;
        }
    }

    private SourceStampVerifier(File file, DataSource dataSource, int i10, int i11) {
        this.mApkFile = file;
        this.mApkDataSource = dataSource;
        this.mMinSdkVersion = i10;
        this.mMaxSdkVersion = i11;
    }

    private static Map<ContentDigestAlgorithm, byte[]> getApkContentDigestFromV1SigningScheme(List<CentralDirectoryRecord> list, DataSource dataSource, ZipSections zipSections, Result result) {
        ArrayList arrayList = new ArrayList(1);
        EnumMap enumMap = new EnumMap(ContentDigestAlgorithm.class);
        CentralDirectoryRecord centralDirectoryRecord = null;
        for (CentralDirectoryRecord centralDirectoryRecord2 : list) {
            String name = centralDirectoryRecord2.getName();
            if (name != null) {
                if (centralDirectoryRecord == null && "META-INF/MANIFEST.MF".equals(name)) {
                    centralDirectoryRecord = centralDirectoryRecord2;
                } else if (name.startsWith("META-INF/") && (name.endsWith(".RSA") || name.endsWith(".DSA") || name.endsWith(".EC"))) {
                    arrayList.add(centralDirectoryRecord2);
                }
            }
        }
        if (centralDirectoryRecord == null) {
            return enumMap;
        }
        if (arrayList.isEmpty()) {
            result.addVerificationWarning(36, new Object[0]);
        } else {
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                CentralDirectoryRecord centralDirectoryRecord3 = (CentralDirectoryRecord) it.next();
                try {
                    Iterator<? extends Certificate> it2 = CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(LocalFileRecord.getUncompressedData(dataSource, centralDirectoryRecord3, zipSections.getZipCentralDirectoryOffset()))).iterator();
                    while (true) {
                        if (it2.hasNext()) {
                            Certificate next = it2.next();
                            if (next instanceof X509Certificate) {
                                Result.SignerInfo signerInfo = new Result.SignerInfo();
                                signerInfo.setSigningCertificate((X509Certificate) next);
                                result.addV1Signer(signerInfo);
                                break;
                            }
                        }
                    }
                } catch (ZipFormatException e8) {
                    throw new ApkFormatException("Failed to read APK", e8);
                } catch (CertificateException e10) {
                    result.addVerificationWarning(37, centralDirectoryRecord3.getName(), e10);
                }
            }
        }
        try {
            enumMap.put((EnumMap) ContentDigestAlgorithm.SHA256, (ContentDigestAlgorithm) ApkUtilsLite.computeSha256DigestBytes(LocalFileRecord.getUncompressedData(dataSource, centralDirectoryRecord, zipSections.getZipCentralDirectoryOffset())));
            return enumMap;
        } catch (ZipFormatException e11) {
            throw new ApkFormatException("Failed to read APK", e11);
        }
    }

    private void parseSigner(ByteBuffer byteBuffer, int i10, CertificateFactory certificateFactory, Map<ContentDigestAlgorithm, byte[]> map, Result.SignerInfo signerInfo) {
        boolean z8 = i10 == 2;
        ByteBuffer lengthPrefixedSlice = ApkSigningBlockUtilsLite.getLengthPrefixedSlice(byteBuffer);
        ByteBuffer lengthPrefixedSlice2 = ApkSigningBlockUtilsLite.getLengthPrefixedSlice(lengthPrefixedSlice);
        ByteBuffer lengthPrefixedSlice3 = ApkSigningBlockUtilsLite.getLengthPrefixedSlice(lengthPrefixedSlice);
        if (i10 == 31) {
            int i11 = lengthPrefixedSlice.getInt();
            int i12 = lengthPrefixedSlice.getInt();
            signerInfo.setMinSdkVersion(i11);
            signerInfo.setMaxSdkVersion(i12);
            if (i12 < this.mMinSdkVersion || signerInfo.getMinSdkVersion() > this.mMaxSdkVersion) {
                return;
            }
        }
        while (lengthPrefixedSlice2.hasRemaining()) {
            try {
                ByteBuffer lengthPrefixedSlice4 = ApkSigningBlockUtilsLite.getLengthPrefixedSlice(lengthPrefixedSlice2);
                int i13 = lengthPrefixedSlice4.getInt();
                byte[] readLengthPrefixedByteArray = ApkSigningBlockUtilsLite.readLengthPrefixedByteArray(lengthPrefixedSlice4);
                SignatureAlgorithm findById = SignatureAlgorithm.findById(i13);
                if (findById != null) {
                    map.put(findById.getContentDigestAlgorithm(), readLengthPrefixedByteArray);
                }
            } catch (ApkFormatException | BufferUnderflowException unused) {
                signerInfo.addVerificationWarning(z8 ? 8 : 16, new Object[0]);
                return;
            }
        }
        if (lengthPrefixedSlice3.hasRemaining()) {
            byte[] readLengthPrefixedByteArray2 = ApkSigningBlockUtilsLite.readLengthPrefixedByteArray(lengthPrefixedSlice3);
            try {
                signerInfo.setSigningCertificate(new GuaranteedEncodedFormX509Certificate((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(readLengthPrefixedByteArray2)), readLengthPrefixedByteArray2));
            } catch (CertificateException unused2) {
                signerInfo.addVerificationWarning(z8 ? 6 : 14, new Object[0]);
                return;
            }
        }
        if (signerInfo.getSigningCertificate() == null) {
            signerInfo.addVerificationWarning(z8 ? 7 : 15, new Object[0]);
        }
    }

    private Result verifySourceStamp(DataSource dataSource, String str) {
        SignatureInfo signatureInfo;
        CentralDirectoryRecord centralDirectoryRecord;
        SignatureInfo signatureInfo2;
        SignatureInfo signatureInfo3;
        Result result = new Result();
        try {
            try {
                ZipSections findZipSections = ApkUtilsLite.findZipSections(dataSource);
                List<CentralDirectoryRecord> parseZipCentralDirectory = ZipUtils.parseZipCentralDirectory(dataSource, findZipSections);
                Iterator<CentralDirectoryRecord> it = parseZipCentralDirectory.iterator();
                while (true) {
                    signatureInfo = null;
                    if (!it.hasNext()) {
                        centralDirectoryRecord = null;
                        break;
                    }
                    centralDirectoryRecord = it.next();
                    if ("stamp-cert-sha256".equals(centralDirectoryRecord.getName())) {
                        break;
                    }
                }
                int i10 = 24;
                if (centralDirectoryRecord == null) {
                    try {
                        ApkSigningBlockUtilsLite.findSignature(dataSource, findZipSections, 1845461005);
                    } catch (SignatureNotFoundException unused) {
                        i10 = 25;
                    }
                    result.addVerificationError(i10, new Object[0]);
                    return result;
                }
                byte[] uncompressedData = LocalFileRecord.getUncompressedData(dataSource, centralDirectoryRecord, findZipSections.getZipCentralDirectoryOffset());
                if (str != null) {
                    String hex = ApkSigningBlockUtilsLite.toHex(uncompressedData);
                    if (!str.equalsIgnoreCase(hex)) {
                        result.addVerificationError(23, hex, str);
                        return result;
                    }
                }
                HashMap hashMap = new HashMap();
                if (this.mMaxSdkVersion >= 33) {
                    try {
                        signatureInfo3 = ApkSigningBlockUtilsLite.findSignature(dataSource, findZipSections, 462663009);
                    } catch (SignatureNotFoundException unused2) {
                        signatureInfo3 = null;
                    }
                    if (signatureInfo3 != null) {
                        EnumMap enumMap = new EnumMap(ContentDigestAlgorithm.class);
                        parseSigners(signatureInfo3.signatureBlock, 31, enumMap, result);
                        hashMap.put(31, enumMap);
                    }
                }
                if (this.mMaxSdkVersion >= 28) {
                    try {
                        signatureInfo2 = ApkSigningBlockUtilsLite.findSignature(dataSource, findZipSections, -262969152);
                    } catch (SignatureNotFoundException unused3) {
                        signatureInfo2 = null;
                    }
                    if (signatureInfo2 != null) {
                        EnumMap enumMap2 = new EnumMap(ContentDigestAlgorithm.class);
                        parseSigners(signatureInfo2.signatureBlock, 3, enumMap2, result);
                        hashMap.put(3, enumMap2);
                    }
                }
                if (this.mMaxSdkVersion >= 24 && (this.mMinSdkVersion < 28 || hashMap.isEmpty())) {
                    try {
                        signatureInfo = ApkSigningBlockUtilsLite.findSignature(dataSource, findZipSections, 1896449818);
                    } catch (SignatureNotFoundException unused4) {
                    }
                    if (signatureInfo != null) {
                        EnumMap enumMap3 = new EnumMap(ContentDigestAlgorithm.class);
                        parseSigners(signatureInfo.signatureBlock, 2, enumMap3, result);
                        hashMap.put(2, enumMap3);
                    }
                }
                if (this.mMinSdkVersion < 24 || hashMap.isEmpty()) {
                    hashMap.put(1, getApkContentDigestFromV1SigningScheme(parseZipCentralDirectory, dataSource, findZipSections, result));
                }
                result.mergeFrom(V2SourceStampVerifier.verify(dataSource, findZipSections, uncompressedData, hashMap, this.mMinSdkVersion, this.mMaxSdkVersion));
                return result;
            } catch (SignatureNotFoundException unused5) {
                result.addVerificationError(30, new Object[0]);
                return result;
            }
        } catch (ApkFormatException e8) {
            e = e8;
            result.addVerificationError(28, e);
            return result;
        } catch (ZipFormatException e10) {
            e = e10;
            result.addVerificationError(28, e);
            return result;
        } catch (IOException e11) {
            e = e11;
            result.addVerificationError(28, e);
            return result;
        } catch (NoSuchAlgorithmException e12) {
            result.addVerificationError(29, e12);
            return result;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:43:0x00a3  */
    /* JADX WARN: Removed duplicated region for block: B:52:0x00bf  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void parseSigners(java.nio.ByteBuffer r17, int r18, java.util.Map<com.android.apksig.internal.apk.ContentDigestAlgorithm, byte[]> r19, com.android.apksig.SourceStampVerifier.Result r20) {
        /*
            Method dump skipped, instructions count: 218
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.android.apksig.SourceStampVerifier.parseSigners(java.nio.ByteBuffer, int, java.util.Map, com.android.apksig.SourceStampVerifier$Result):void");
    }

    public Result verifySourceStamp() {
        return verifySourceStamp(null);
    }

    public Result verifySourceStamp(String str) {
        RandomAccessFile randomAccessFile = null;
        try {
            try {
                DataSource dataSource = this.mApkDataSource;
                if (dataSource == null) {
                    if (this.mApkFile == null) {
                        throw new IllegalStateException("APK not provided");
                    }
                    RandomAccessFile randomAccessFile2 = new RandomAccessFile(this.mApkFile, "r");
                    try {
                        dataSource = DataSources.asDataSource(randomAccessFile2, 0L, randomAccessFile2.length());
                        randomAccessFile = randomAccessFile2;
                    } catch (IOException e8) {
                        e = e8;
                        randomAccessFile = randomAccessFile2;
                        Result result = new Result();
                        result.addVerificationError(29, e);
                        if (randomAccessFile != null) {
                            try {
                                randomAccessFile.close();
                            } catch (IOException unused) {
                            }
                        }
                        return result;
                    } catch (Throwable th) {
                        th = th;
                        randomAccessFile = randomAccessFile2;
                        if (randomAccessFile != null) {
                            try {
                                randomAccessFile.close();
                            } catch (IOException unused2) {
                            }
                        }
                        throw th;
                    }
                }
                Result verifySourceStamp = verifySourceStamp(dataSource, str);
                if (randomAccessFile != null) {
                    try {
                        randomAccessFile.close();
                    } catch (IOException unused3) {
                    }
                }
                return verifySourceStamp;
            } catch (Throwable th2) {
                th = th2;
            }
        } catch (IOException e10) {
            e = e10;
        }
    }
}
