package com.android.apksig.internal.apk.v1;

import armadillo.studio.sv;
import com.android.apksig.ApkVerifier;
import com.android.apksig.internal.apk.ApkSigningBlockUtils;
import com.android.apksig.internal.apk.v1.V1SchemeVerifier$Result;
import com.android.apksig.internal.asn1.Asn1BerParser;
import com.android.apksig.internal.asn1.Asn1DecodingException;
import com.android.apksig.internal.asn1.Asn1OpaqueObject;
import com.android.apksig.internal.oid.OidConstants;
import com.android.apksig.internal.pkcs7.AlgorithmIdentifier;
import com.android.apksig.internal.pkcs7.Attribute;
import com.android.apksig.internal.pkcs7.Pkcs7Constants;
import com.android.apksig.internal.pkcs7.Pkcs7DecodingException;
import com.android.apksig.internal.pkcs7.SignedData;
import com.android.apksig.internal.pkcs7.SignerInfo;
import com.android.apksig.internal.util.ByteBufferUtils;
import com.android.apksig.internal.util.InclusiveIntRange;
import com.android.apksig.internal.x509.Certificate;
import com.android.apksig.internal.zip.CentralDirectoryRecord;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: classes429.dex */
public class V1SchemeVerifier$c {

    /* renamed from: a, reason: collision with root package name */
    public final String f16194a;

    /* renamed from: b, reason: collision with root package name */
    public final V1SchemeVerifier$Result.SignerInfo f16195b;

    /* renamed from: c, reason: collision with root package name */
    public final CentralDirectoryRecord f16196c;

    /* renamed from: d, reason: collision with root package name */
    public final CentralDirectoryRecord f16197d;

    /* renamed from: e, reason: collision with root package name */
    public boolean f16198e;

    /* renamed from: f, reason: collision with root package name */
    public byte[] f16199f;

    /* renamed from: g, reason: collision with root package name */
    public Set<String> f16200g;

    public V1SchemeVerifier$c(String str, CentralDirectoryRecord centralDirectoryRecord, CentralDirectoryRecord centralDirectoryRecord2, V1SchemeVerifier$Result.SignerInfo signerInfo, V1SchemeVerifier$a v1SchemeVerifier$a) {
        this.f16194a = str;
        this.f16195b = signerInfo;
        this.f16197d = centralDirectoryRecord;
        this.f16196c = centralDirectoryRecord2;
    }

    /* JADX WARN: Type inference failed for: r1v6, types: [com.android.apksig.internal.apk.v1.V1SchemeVerifier$b] */
    public final X509Certificate a(SignedData signedData, Collection<X509Certificate> collection, SignerInfo signerInfo, byte[] bArr, int i2, int i3) {
        byte[] bArr2;
        String str;
        StringBuilder sb;
        String sb2;
        String str2 = signerInfo.digestAlgorithm.algorithm;
        String str3 = signerInfo.signatureAlgorithm.algorithm;
        List<InclusiveIntRange> valuesNotIn = InclusiveIntRange.fromTo(i2, i3).getValuesNotIn(OidConstants.getSigAlgSupportedApiLevels(str2, str3));
        boolean z2 = false;
        if (!valuesNotIn.isEmpty()) {
            String userFriendlyNameForOid = OidConstants.OidToUserFriendlyNameMapper.getUserFriendlyNameForOid(str2);
            if (userFriendlyNameForOid == null) {
                userFriendlyNameForOid = str2;
            }
            String userFriendlyNameForOid2 = OidConstants.OidToUserFriendlyNameMapper.getUserFriendlyNameForOid(str3);
            if (userFriendlyNameForOid2 == null) {
                userFriendlyNameForOid2 = str3;
            }
            StringBuilder sb3 = new StringBuilder();
            for (InclusiveIntRange inclusiveIntRange : valuesNotIn) {
                if (sb3.length() > 0) {
                    sb3.append(", ");
                }
                if (inclusiveIntRange.getMin() == inclusiveIntRange.getMax()) {
                    sb2 = String.valueOf(inclusiveIntRange.getMin());
                } else {
                    if (inclusiveIntRange.getMax() == Integer.MAX_VALUE) {
                        sb = new StringBuilder();
                        sb.append(inclusiveIntRange.getMin());
                        sb.append("+");
                    } else {
                        sb = new StringBuilder();
                        sb.append(inclusiveIntRange.getMin());
                        sb.append("-");
                        sb.append(inclusiveIntRange.getMax());
                    }
                    sb2 = sb.toString();
                }
                sb3.append(sb2);
            }
            this.f16195b.addError(ApkVerifier.Issue.JAR_SIG_UNSUPPORTED_SIG_ALG, this.f16197d.getName(), str2, str3, sb3.toString(), userFriendlyNameForOid, userFriendlyNameForOid2);
            return null;
        }
        X509Certificate findCertificate = Certificate.findCertificate(collection, signerInfo.sid);
        if (findCertificate == null) {
            throw new SignatureException("Signing certificate referenced in SignerInfo not found in SignedData");
        }
        if (findCertificate.hasUnsupportedCriticalExtension()) {
            throw new SignatureException("Signing certificate has unsupported critical extensions");
        }
        boolean[] keyUsage = findCertificate.getKeyUsage();
        if (keyUsage != null) {
            boolean z3 = keyUsage.length >= 1 && keyUsage[0];
            if (keyUsage.length >= 2 && keyUsage[1]) {
                z2 = true;
            }
            if (!z3 && !z2) {
                throw new SignatureException("Signing certificate not authorized for use in digital signatures: keyUsage extension missing digitalSignature and nonRepudiation");
            }
        }
        String jcaSignatureAlgorithm = AlgorithmIdentifier.getJcaSignatureAlgorithm(str2, str3);
        Signature signature = Signature.getInstance(jcaSignatureAlgorithm);
        PublicKey publicKey = findCertificate.getPublicKey();
        try {
            signature.initVerify(publicKey);
        } catch (InvalidKeyException e2) {
            try {
                PublicKey generatePublic = KeyFactory.getInstance(publicKey.getAlgorithm()).generatePublic(new X509EncodedKeySpec(ApkSigningBlockUtils.encodePublicKey(publicKey)));
                Signature signature2 = Signature.getInstance(jcaSignatureAlgorithm);
                signature2.initVerify(generatePublic);
                signature = signature2;
            } catch (InvalidKeySpecException unused) {
                throw e2;
            }
        }
        Asn1OpaqueObject asn1OpaqueObject = signerInfo.signedAttrs;
        if (asn1OpaqueObject == null) {
            signature.update(bArr);
        } else {
            if (i2 < 19) {
                throw new SignatureException("APKs with Signed Attributes broken on platforms with API Level < 19");
            }
            try {
                final List parseImplicitSetOf = Asn1BerParser.parseImplicitSetOf(asn1OpaqueObject.getEncoded(), Attribute.class);
                ?? r1 = new Object(parseImplicitSetOf) { // from class: com.android.apksig.internal.apk.v1.V1SchemeVerifier$b

                    /* renamed from: a, reason: collision with root package name */
                    public Map<String, List<Asn1OpaqueObject>> f16193a;

                    {
                        HashMap hashMap = new HashMap(parseImplicitSetOf.size());
                        for (Attribute attribute : parseImplicitSetOf) {
                            if (hashMap.put(attribute.attrType, attribute.attrValues) != null) {
                                StringBuilder h2 = sv.h("Duplicate signed attribute: ");
                                h2.append(attribute.attrType);
                                throw new Pkcs7DecodingException(h2.toString());
                            }
                        }
                        this.f16193a = hashMap;
                    }

                    public final Asn1OpaqueObject a(String str4) {
                        List<Asn1OpaqueObject> list = this.f16193a.get(str4);
                        if (list == null || list.isEmpty()) {
                            return null;
                        }
                        if (list.size() <= 1) {
                            return list.get(0);
                        }
                        throw new Pkcs7DecodingException(sv.d("Attribute ", str4, " has multiple values"));
                    }
                };
                if (i3 >= 24) {
                    Asn1OpaqueObject a2 = r1.a(Pkcs7Constants.OID_CONTENT_TYPE);
                    if (a2 == null) {
                        str = null;
                    } else {
                        try {
                            str = ((V1SchemeVerifier$ObjectIdentifierChoice) Asn1BerParser.parse(a2.getEncoded(), V1SchemeVerifier$ObjectIdentifierChoice.class)).value;
                        } catch (Asn1DecodingException e3) {
                            throw new Pkcs7DecodingException("Failed to decode OBJECT IDENTIFIER", e3);
                        }
                    }
                    if (str == null) {
                        throw new SignatureException("No Content Type in signed attributes");
                    }
                    if (!str.equals(signedData.encapContentInfo.contentType)) {
                        return null;
                    }
                }
                Asn1OpaqueObject a3 = r1.a(Pkcs7Constants.OID_MESSAGE_DIGEST);
                if (a3 == null) {
                    bArr2 = null;
                } else {
                    try {
                        bArr2 = ((V1SchemeVerifier$OctetStringChoice) Asn1BerParser.parse(a3.getEncoded(), V1SchemeVerifier$OctetStringChoice.class)).value;
                    } catch (Asn1DecodingException e4) {
                        throw new Pkcs7DecodingException("Failed to decode OBJECT IDENTIFIER", e4);
                    }
                }
                if (bArr2 == null) {
                    throw new SignatureException("No content digest in signed attributes");
                }
                if (!Arrays.equals(bArr2, MessageDigest.getInstance(AlgorithmIdentifier.getJcaDigestAlgorithm(str2)).digest(bArr))) {
                    return null;
                }
                ByteBuffer encoded = signerInfo.signedAttrs.getEncoded();
                signature.update((byte) 49);
                encoded.position(1);
                signature.update(encoded);
            } catch (Asn1DecodingException e5) {
                throw new SignatureException("Failed to parse signed attributes", e5);
            }
        }
        if (signature.verify(ByteBufferUtils.toByteArray(signerInfo.signature.slice()))) {
            return findCertificate;
        }
        return null;
    }
}
