package com.alipay.mobile.quinox.security;

import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.Signature;
import android.text.TextUtils;
import com.alipay.mobile.quinox.bundle.Bundle;
import com.alipay.mobile.quinox.bundle.IBundleOperator;
import com.alipay.mobile.quinox.utils.LogUtil;
import com.alipay.mobile.quinox.utils.SharedPreferenceUtil;
import com.alipay.mobile.quinox.utils.TraceLogger;
import io.sentry.android.core.D0;
import io.sentry.instrumentation.file.h;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;

/* loaded from: classes.dex */
public class CertVerifier {
    public static final String KEY_CLIENT_SIGNATURE = "client_signature";

    /* renamed from: a, reason: collision with root package name */
    private PublicKey f12021a;

    /* renamed from: b, reason: collision with root package name */
    private boolean f12022b;

    /* renamed from: c, reason: collision with root package name */
    private boolean f12023c;

    public CertVerifier(boolean z4) {
        this.f12022b = z4;
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x001c, code lost:
    
        r2 = r2 - 1;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.lang.String a(byte[] r7, int r8) {
        /*
            r0 = 4
            byte[] r1 = new byte[r0]
            r1 = {x0082: FILL_ARRAY_DATA , data: [80, 75, 5, 6} // fill-array
            int r2 = r7.length
            int r8 = java.lang.Math.min(r2, r8)
            int r2 = r8 + (-26)
        Ld:
            java.lang.String r3 = "CertVerifier"
            if (r2 < 0) goto L7a
            r4 = 0
        L12:
            if (r4 >= r0) goto L22
            int r5 = r2 + r4
            r5 = r7[r5]
            r6 = r1[r4]
            if (r5 == r6) goto L1f
            int r2 = r2 + (-1)
            goto Ld
        L1f:
            int r4 = r4 + 1
            goto L12
        L22:
            int r0 = r2 + 20
            r0 = r7[r0]
            int r1 = r2 + 21
            r1 = r7[r1]
            int r1 = r1 * 256
            int r0 = r0 + r1
            int r8 = r8 - r2
            int r8 = r8 + (-22)
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            java.lang.String r4 = "ZIP comment found at buffer position "
            r1.<init>(r4)
            int r2 = r2 + 22
            r1.append(r2)
            java.lang.String r4 = " with len="
            r1.append(r4)
            r1.append(r0)
            java.lang.String r4 = ", good!"
            r1.append(r4)
            java.lang.String r1 = r1.toString()
            com.alipay.mobile.quinox.utils.LogUtil.i(r3, r1)
            if (r0 == r8) goto L70
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            java.lang.String r4 = "WARNING! ZIP comment size mismatch: directory says len is "
            r1.<init>(r4)
            r1.append(r0)
            java.lang.String r4 = ", but file ends after "
            r1.append(r4)
            r1.append(r8)
            java.lang.String r4 = " bytes!"
            r1.append(r4)
            java.lang.String r1 = r1.toString()
            com.alipay.mobile.quinox.utils.LogUtil.i(r3, r1)
        L70:
            java.lang.String r1 = new java.lang.String
            int r8 = java.lang.Math.min(r0, r8)
            r1.<init>(r7, r2, r8)
            return r1
        L7a:
            java.lang.String r7 = "ERROR! ZIP comment NOT found!"
            com.alipay.mobile.quinox.utils.LogUtil.d(r3, r7)
            r7 = 0
            return r7
        */
        throw new UnsupportedOperationException("Method not decompiled: com.alipay.mobile.quinox.security.CertVerifier.a(byte[], int):java.lang.String");
    }

    private static boolean a(PublicKey publicKey, JarEntry jarEntry, String str) {
        Certificate[] certificates = jarEntry.getCertificates();
        if (certificates == null) {
            TraceLogger.e("CertVerifier", str + " no certs");
            return false;
        }
        if (certificates.length > 0) {
            for (int length = certificates.length - 1; length >= 0; length--) {
                try {
                    certificates[length].verify(publicKey);
                    return true;
                } catch (Throwable th) {
                    TraceLogger.e("CertVerifier", str, th);
                }
            }
        }
        return false;
    }

    private static byte[] a(JarFile jarFile, JarEntry jarEntry) {
        InputStream inputStream;
        try {
            inputStream = jarFile.getInputStream(jarEntry);
        } catch (Throwable th) {
            th = th;
            inputStream = null;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            byte[] bArr = new byte[163840];
            while (true) {
                int read = inputStream.read(bArr);
                if (read <= 0) {
                    byte[] digest = messageDigest.digest();
                    inputStream.close();
                    return digest;
                }
                messageDigest.update(bArr, 0, read);
            }
        } catch (Throwable th2) {
            th = th2;
            if (inputStream != null) {
                inputStream.close();
            }
            throw th;
        }
    }

    public static String extractZipComment(File file) {
        try {
            int length = (int) file.length();
            FileInputStream a4 = h.b.a(new FileInputStream(file), file);
            byte[] bArr = new byte[Math.min(length, 8192)];
            a4.skip(length - r3);
            int read = a4.read(bArr);
            r0 = read > 0 ? a(bArr, read) : null;
            a4.close();
        } catch (Exception e4) {
            D0.e("CertVerifier", file.getAbsolutePath(), e4);
        }
        return r0;
    }

    public boolean checkSign(Bundle bundle) {
        if (this.f12022b || !bundle.containCode() || !this.f12023c) {
            return true;
        }
        try {
            if (this.f12021a != null) {
                if (verifyApk(bundle.getLocation())) {
                    return true;
                }
            }
            return false;
        } catch (Throwable th) {
            TraceLogger.e("CertVerifier", "verify sign error : " + bundle.getLocation(), th);
            return false;
        }
    }

    protected PublicKey getPackageSignatures(Context context) {
        android.os.Bundle bundle;
        try {
            ApplicationInfo applicationInfo = context.getPackageManager().getApplicationInfo(context.getPackageName(), 128);
            if (applicationInfo == null || (bundle = applicationInfo.metaData) == null) {
                return null;
            }
            String string = bundle.getString(KEY_CLIENT_SIGNATURE);
            if (TextUtils.isEmpty(string)) {
                return null;
            }
            return getPublicKey(new Signature(string).toByteArray());
        } catch (CertificateException e4) {
            TraceLogger.e("CertVerifier", "get signature error ", e4);
            return null;
        } catch (Throwable th) {
            TraceLogger.e("CertVerifier", "get unknown error ", th);
            return null;
        }
    }

    protected PublicKey getPublicKey(byte[] bArr) {
        return ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr))).getPublicKey();
    }

    public void init(Context context) {
        if (this.f12021a == null) {
            this.f12021a = getPackageSignatures(context);
            this.f12023c = SharedPreferenceUtil.getInstance().getDefaultSharedPreference(context).getBoolean("quinox_cert_verifier", false);
            TraceLogger.i("CertVerifier", "mEnable=" + this.f12023c);
        }
    }

    public boolean verifyApk(String str) {
        JarFile jarFile;
        if (this.f12022b || !this.f12023c) {
            return true;
        }
        File file = new File(str);
        JarFile jarFile2 = null;
        try {
            jarFile = new JarFile(str);
        } catch (Throwable th) {
            th = th;
        }
        try {
            JarEntry jarEntry = jarFile.getJarEntry(IBundleOperator.CLASSES_DEX);
            if (jarEntry == null) {
                jarFile.close();
                return true;
            }
            byte[] a4 = a(jarFile, jarEntry);
            String extractZipComment = extractZipComment(file);
            if (extractZipComment == null) {
                LogUtil.d("CertVerifier", "old cert: ".concat(String.valueOf(str)));
                boolean a5 = a(this.f12021a, jarEntry, str);
                jarFile.close();
                return a5;
            }
            byte[] hexToBytes = HexUtil.hexToBytes(extractZipComment);
            jarFile.close();
            java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
            try {
                signature.initVerify(this.f12021a);
                signature.update(a4);
                return signature.verify(hexToBytes);
            } catch (InvalidKeyException e4) {
                D0.e("CertVerifier", str, e4);
                return false;
            } catch (SignatureException e5) {
                D0.e("CertVerifier", str, e5);
                return false;
            }
        } catch (Throwable th2) {
            th = th2;
            jarFile2 = jarFile;
            if (jarFile2 != null) {
                jarFile2.close();
            }
            throw th;
        }
    }
}
