package com.bytedance.mira.signature;

import android.util.ArrayMap;
import android.util.Pair;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;

/* loaded from: classes9.dex */
public class b {

    /* loaded from: classes9.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        public final X509Certificate[][] f39260a;

        /* renamed from: b, reason: collision with root package name */
        public final byte[] f39261b;

        public a(X509Certificate[][] x509CertificateArr, byte[] bArr) {
            this.f39260a = x509CertificateArr;
            this.f39261b = bArr;
        }
    }

    private static l a(RandomAccessFile randomAccessFile) throws IOException, SignatureNotFoundException {
        return e.g(randomAccessFile, 1896449818);
    }

    private static boolean b(int i14) {
        if (i14 == 513 || i14 == 514 || i14 == 769 || i14 == 1057 || i14 == 1059 || i14 == 1061) {
            return true;
        }
        switch (i14) {
            case 257:
            case 258:
            case 259:
            case 260:
                return true;
            default:
                return false;
        }
    }

    private static a c(RandomAccessFile randomAccessFile, l lVar, boolean z14) throws SecurityException, IOException {
        ArrayMap arrayMap = new ArrayMap();
        ArrayList arrayList = new ArrayList();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                ByteBuffer n14 = e.n(lVar.f39277a);
                int i14 = 0;
                while (n14.hasRemaining()) {
                    i14++;
                    try {
                        arrayList.add(h(e.n(n14), arrayMap, certificateFactory));
                    } catch (IOException | SecurityException | BufferUnderflowException e14) {
                        throw new SecurityException("Failed to parse/verify signer #" + i14 + " block", e14);
                    }
                }
                if (i14 < 1) {
                    throw new SecurityException("No signers found");
                }
                if (arrayMap.isEmpty()) {
                    throw new SecurityException("No content digests found");
                }
                if (z14) {
                    e.v(arrayMap, randomAccessFile, lVar);
                }
                return new a((X509Certificate[][]) arrayList.toArray(new X509Certificate[arrayList.size()]), arrayMap.containsKey(3) ? e.r((byte[]) arrayMap.get(3), randomAccessFile.length(), lVar) : null);
            } catch (IOException e15) {
                throw new SecurityException("Failed to read list of signers", e15);
            }
        } catch (CertificateException e16) {
            throw new RuntimeException("Failed to obtain X.509 CertificateFactory", e16);
        }
    }

    private static a d(RandomAccessFile randomAccessFile, boolean z14) throws SignatureNotFoundException, SecurityException, IOException {
        return c(randomAccessFile, a(randomAccessFile), z14);
    }

    private static a e(String str, boolean z14) throws SignatureNotFoundException, SecurityException, IOException {
        RandomAccessFile randomAccessFile = new RandomAccessFile(str, "r");
        try {
            a d14 = d(randomAccessFile, z14);
            randomAccessFile.close();
            return d14;
        } catch (Throwable th4) {
            try {
                throw th4;
            } catch (Throwable th5) {
                try {
                    randomAccessFile.close();
                } catch (Throwable th6) {
                    th4.addSuppressed(th6);
                }
                throw th5;
            }
        }
    }

    public static X509Certificate[][] f(String str) throws SignatureNotFoundException, SecurityException, IOException {
        return e(str, true).f39260a;
    }

    private static void g(ByteBuffer byteBuffer) throws SecurityException, IOException {
        while (byteBuffer.hasRemaining()) {
            ByteBuffer n14 = e.n(byteBuffer);
            if (n14.remaining() < 4) {
                throw new IOException("Remaining buffer too short to contain additional attribute ID. Remaining: " + n14.remaining());
            }
            if (n14.getInt() == -1091571699) {
                if (n14.remaining() < 4) {
                    throw new IOException("V2 Signature Scheme Stripping Protection Attribute  value too small. Expected 4 bytes, but found " + n14.remaining());
                }
                if (n14.getInt() == 3) {
                    throw new SecurityException("V2 signature indicates APK is signed using APK Signature Scheme v3, but none was found. Signature stripped?");
                }
            }
        }
    }

    private static X509Certificate[] h(ByteBuffer byteBuffer, Map<Integer, byte[]> map, CertificateFactory certificateFactory) throws SecurityException, IOException {
        ByteBuffer n14 = e.n(byteBuffer);
        ByteBuffer n15 = e.n(byteBuffer);
        byte[] s14 = e.s(byteBuffer);
        ArrayList arrayList = new ArrayList();
        byte[] bArr = null;
        byte[] bArr2 = null;
        int i14 = -1;
        int i15 = 0;
        while (n15.hasRemaining()) {
            i15++;
            try {
                ByteBuffer n16 = e.n(n15);
                if (n16.remaining() < 8) {
                    throw new SecurityException("Signature record too short");
                }
                int i16 = n16.getInt();
                arrayList.add(Integer.valueOf(i16));
                if (b(i16) && (i14 == -1 || e.c(i16, i14) > 0)) {
                    bArr2 = e.s(n16);
                    i14 = i16;
                }
            } catch (IOException | BufferUnderflowException e14) {
                throw new SecurityException("Failed to parse signature record #" + i15, e14);
            }
        }
        if (i14 == -1) {
            if (i15 == 0) {
                throw new SecurityException("No signatures found");
            }
            throw new SecurityException("No supported signatures found");
        }
        String p14 = e.p(i14);
        Pair<String, ? extends AlgorithmParameterSpec> q14 = e.q(i14);
        String str = (String) q14.first;
        AlgorithmParameterSpec algorithmParameterSpec = (AlgorithmParameterSpec) q14.second;
        try {
            PublicKey generatePublic = KeyFactory.getInstance(p14).generatePublic(new X509EncodedKeySpec(s14));
            Signature signature = Signature.getInstance(str);
            signature.initVerify(generatePublic);
            if (algorithmParameterSpec != null) {
                signature.setParameter(algorithmParameterSpec);
            }
            signature.update(n14);
            if (!signature.verify(bArr2)) {
                throw new SecurityException(str + " signature did not verify");
            }
            n14.clear();
            ByteBuffer n17 = e.n(n14);
            ArrayList arrayList2 = new ArrayList();
            int i17 = 0;
            while (n17.hasRemaining()) {
                i17++;
                try {
                    ByteBuffer n18 = e.n(n17);
                    if (n18.remaining() < 8) {
                        throw new IOException("Record too short");
                    }
                    int i18 = n18.getInt();
                    arrayList2.add(Integer.valueOf(i18));
                    if (i18 == i14) {
                        bArr = e.s(n18);
                    }
                } catch (IOException | BufferUnderflowException e15) {
                    throw new IOException("Failed to parse digest record #" + i17, e15);
                }
            }
            if (!arrayList.equals(arrayList2)) {
                throw new SecurityException("Signature algorithms don't match between digests and signatures records");
            }
            int o14 = e.o(i14);
            byte[] put = map.put(Integer.valueOf(o14), bArr);
            if (put != null && !MessageDigest.isEqual(put, bArr)) {
                throw new SecurityException(e.k(o14) + " contents digest does not match the digest specified by a preceding signer");
            }
            ByteBuffer n19 = e.n(n14);
            ArrayList arrayList3 = new ArrayList();
            int i19 = 0;
            while (n19.hasRemaining()) {
                i19++;
                byte[] s15 = e.s(n19);
                try {
                    arrayList3.add(new VerbatimX509Certificate((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(s15)), s15));
                } catch (CertificateException e16) {
                    throw new SecurityException("Failed to decode certificate #" + i19, e16);
                }
            }
            if (arrayList3.isEmpty()) {
                throw new SecurityException("No certificates listed");
            }
            if (!Arrays.equals(s14, ((X509Certificate) arrayList3.get(0)).getPublicKey().getEncoded())) {
                throw new SecurityException("Public key mismatch between certificate and signature record");
            }
            g(e.n(n14));
            return (X509Certificate[]) arrayList3.toArray(new X509Certificate[arrayList3.size()]);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | InvalidKeySpecException e17) {
            throw new SecurityException("Failed to verify " + str + " signature", e17);
        }
    }
}
