package com.android.apksig.internal.apk.v1;

import com.android.apksig.ApkVerifier;
import com.android.apksig.apk.ApkFormatException;
import com.android.apksig.apk.ApkUtils;
import com.android.apksig.internal.asn1.Asn1BerParser;
import com.android.apksig.internal.asn1.Asn1Class;
import com.android.apksig.internal.asn1.Asn1DecodingException;
import com.android.apksig.internal.asn1.Asn1Field;
import com.android.apksig.internal.asn1.Asn1OpaqueObject;
import com.android.apksig.internal.asn1.Asn1Type;
import com.android.apksig.internal.jar.ManifestParser;
import com.android.apksig.internal.oid.OidConstants;
import com.android.apksig.internal.pkcs7.AlgorithmIdentifier;
import com.android.apksig.internal.pkcs7.Attribute;
import com.android.apksig.internal.pkcs7.Pkcs7Constants;
import com.android.apksig.internal.pkcs7.Pkcs7DecodingException;
import com.android.apksig.internal.pkcs7.SignedData;
import com.android.apksig.internal.pkcs7.SignerInfo;
import com.android.apksig.internal.util.ByteBufferUtils;
import com.android.apksig.internal.util.InclusiveIntRange;
import com.android.apksig.internal.util.Pair;
import com.android.apksig.internal.x509.Certificate;
import com.android.apksig.internal.zip.CentralDirectoryRecord;
import com.android.apksig.internal.zip.LocalFileRecord;
import com.android.apksig.util.DataSinks;
import com.android.apksig.util.DataSource;
import com.android.apksig.zip.ZipFormatException;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.jar.Attributes;
import net.lingala.zip4j.util.InternalZipConstants;
import p076.C2950;
import p076.C2951;
import p102.C3986;
import sun.security.pkcs.PKCS7;

/* loaded from: classes.dex */
public abstract class V1SchemeVerifier {
    private static final String[] JB_MR2_AND_NEWER_DIGEST_ALGS = {"SHA-512", "SHA-384", "SHA-256", "SHA-1"};
    private static final String MANIFEST_ENTRY_NAME = "META-INF/MANIFEST.MF";
    private static final Map<String, Integer> MIN_SDK_VESION_FROM_WHICH_DIGEST_SUPPORTED_IN_MANIFEST;
    private static final Map<String, String> UPPER_CASE_JCA_DIGEST_ALG_TO_CANONICAL;

    /* loaded from: classes.dex */
    public static class NamedDigest {
        public final byte[] digest;
        public final String jcaDigestAlgorithm;

        private NamedDigest(String str, byte[] bArr) {
            this.jcaDigestAlgorithm = str;
            this.digest = bArr;
        }
    }

    @Asn1Class(type = Asn1Type.CHOICE)
    /* loaded from: classes.dex */
    public static class ObjectIdentifierChoice {

        @Asn1Field(type = Asn1Type.OBJECT_IDENTIFIER)
        public String value;
    }

    @Asn1Class(type = Asn1Type.CHOICE)
    /* loaded from: classes.dex */
    public static class OctetStringChoice {

        @Asn1Field(type = Asn1Type.OCTET_STRING)
        public byte[] value;
    }

    /* loaded from: classes.dex */
    public static class Result {
        public boolean verified;
        public final List<SignerInfo> signers = new ArrayList();
        public final List<SignerInfo> ignoredSigners = new ArrayList();
        private final List<ApkVerifier.IssueWithParams> mWarnings = new ArrayList();
        private final List<ApkVerifier.IssueWithParams> mErrors = new ArrayList();

        /* loaded from: classes.dex */
        public static class SignerInfo {
            public final List<X509Certificate> certChain;
            private final List<ApkVerifier.IssueWithParams> mErrors;
            private final List<ApkVerifier.IssueWithParams> mWarnings;
            public final String name;
            public final String signatureBlockFileName;
            public final String signatureFileName;

            private SignerInfo(String str, String str2, String str3) {
                this.certChain = new ArrayList();
                this.mWarnings = new ArrayList();
                this.mErrors = new ArrayList();
                this.name = str;
                this.signatureBlockFileName = str2;
                this.signatureFileName = str3;
            }

            /* JADX INFO: Access modifiers changed from: private */
            public void addError(ApkVerifier.Issue issue, Object... objArr) {
                this.mErrors.add(new ApkVerifier.IssueWithParams(issue, objArr));
            }

            /* JADX INFO: Access modifiers changed from: private */
            public void addWarning(ApkVerifier.Issue issue, Object... objArr) {
                this.mWarnings.add(new ApkVerifier.IssueWithParams(issue, objArr));
            }

            /* JADX INFO: Access modifiers changed from: private */
            public boolean containsErrors() {
                return !this.mErrors.isEmpty();
            }

            public List<ApkVerifier.IssueWithParams> getErrors() {
                return this.mErrors;
            }

            public List<ApkVerifier.IssueWithParams> getWarnings() {
                return this.mWarnings;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addError(ApkVerifier.Issue issue, Object... objArr) {
            this.mErrors.add(new ApkVerifier.IssueWithParams(issue, objArr));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addWarning(ApkVerifier.Issue issue, Object... objArr) {
            this.mWarnings.add(new ApkVerifier.IssueWithParams(issue, objArr));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean containsErrors() {
            if (!this.mErrors.isEmpty()) {
                return true;
            }
            Iterator<SignerInfo> it = this.signers.iterator();
            while (it.hasNext()) {
                if (it.next().containsErrors()) {
                    return true;
                }
            }
            return false;
        }

        public List<ApkVerifier.IssueWithParams> getErrors() {
            return this.mErrors;
        }

        public List<ApkVerifier.IssueWithParams> getWarnings() {
            return this.mWarnings;
        }
    }

    /* loaded from: classes.dex */
    private static class SignedAttributes {
        private Map<String, List<Asn1OpaqueObject>> mAttrs;

        public SignedAttributes(Collection<Attribute> collection) throws Pkcs7DecodingException {
            HashMap hashMap = new HashMap(collection.size());
            for (Attribute attribute : collection) {
                if (hashMap.put(attribute.attrType, attribute.attrValues) != null) {
                    throw new Pkcs7DecodingException("Duplicate signed attribute: " + attribute.attrType);
                }
            }
            this.mAttrs = hashMap;
        }

        private Asn1OpaqueObject getSingleValue(String str) throws Pkcs7DecodingException {
            List<Asn1OpaqueObject> list = this.mAttrs.get(str);
            if (list == null || list.isEmpty()) {
                return null;
            }
            if (list.size() <= 1) {
                return list.get(0);
            }
            throw new Pkcs7DecodingException("Attribute " + str + " has multiple values");
        }

        public String getSingleObjectIdentifierValue(String str) throws Pkcs7DecodingException {
            Asn1OpaqueObject singleValue = getSingleValue(str);
            if (singleValue == null) {
                return null;
            }
            try {
                return ((ObjectIdentifierChoice) Asn1BerParser.parse(singleValue.getEncoded(), ObjectIdentifierChoice.class)).value;
            } catch (Asn1DecodingException e) {
                throw new Pkcs7DecodingException("Failed to decode OBJECT IDENTIFIER", e);
            }
        }

        public byte[] getSingleOctetStringValue(String str) throws Pkcs7DecodingException {
            Asn1OpaqueObject singleValue = getSingleValue(str);
            if (singleValue == null) {
                return null;
            }
            try {
                return ((OctetStringChoice) Asn1BerParser.parse(singleValue.getEncoded(), OctetStringChoice.class)).value;
            } catch (Asn1DecodingException e) {
                throw new Pkcs7DecodingException("Failed to decode OBJECT IDENTIFIER", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class Signer {
        private boolean mIgnored;
        private final String mName;
        private final Result.SignerInfo mResult;
        private byte[] mSigFileBytes;
        private Set<String> mSigFileEntryNames;
        private final CentralDirectoryRecord mSignatureBlockEntry;
        private final CentralDirectoryRecord mSignatureFileEntry;

        private Signer(String str, CentralDirectoryRecord centralDirectoryRecord, CentralDirectoryRecord centralDirectoryRecord2, Result.SignerInfo signerInfo) {
            this.mName = str;
            this.mResult = signerInfo;
            this.mSignatureBlockEntry = centralDirectoryRecord;
            this.mSignatureFileEntry = centralDirectoryRecord2;
        }

        private void checkForStrippedApkSignatures(ManifestParser.Section section, Map<Integer, String> map, Set<Integer> set) {
            String attributeValue = section.getAttributeValue("X-Android-APK-Signed");
            if (attributeValue == null) {
                if (set.isEmpty()) {
                    return;
                }
                this.mResult.addWarning(ApkVerifier.Issue.JAR_SIG_NO_APK_SIG_STRIP_PROTECTION, this.mSignatureFileEntry.getName());
                return;
            }
            if (map.isEmpty()) {
                return;
            }
            Set<Integer> keySet = map.keySet();
            HashSet<Integer> hashSet = new HashSet(1);
            StringTokenizer stringTokenizer = new StringTokenizer(attributeValue, ",");
            while (stringTokenizer.hasMoreTokens()) {
                String trim = stringTokenizer.nextToken().trim();
                if (!trim.isEmpty()) {
                    try {
                        int parseInt = Integer.parseInt(trim);
                        if (keySet.contains(Integer.valueOf(parseInt))) {
                            hashSet.add(Integer.valueOf(parseInt));
                        } else {
                            this.mResult.addWarning(ApkVerifier.Issue.JAR_SIG_UNKNOWN_APK_SIG_SCHEME_ID, this.mSignatureFileEntry.getName(), Integer.valueOf(parseInt));
                        }
                    } catch (Exception unused) {
                    }
                }
            }
            for (Integer num : hashSet) {
                num.intValue();
                if (!set.contains(num)) {
                    this.mResult.addError(ApkVerifier.Issue.JAR_SIG_MISSING_APK_SIG_REFERENCED, this.mSignatureFileEntry.getName(), num, map.get(num));
                }
            }
        }

        public static List<X509Certificate> getCertificateChain(List<X509Certificate> list, X509Certificate x509Certificate) {
            ArrayList arrayList = new ArrayList(list);
            ArrayList arrayList2 = new ArrayList(1);
            arrayList2.add(x509Certificate);
            arrayList.remove(x509Certificate);
            while (!x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                Principal issuerDN = x509Certificate.getIssuerDN();
                boolean z = false;
                int i = 0;
                while (true) {
                    if (i >= arrayList.size()) {
                        break;
                    }
                    X509Certificate x509Certificate2 = (X509Certificate) arrayList.get(i);
                    if (issuerDN.equals(x509Certificate2.getSubjectDN())) {
                        arrayList.remove(i);
                        arrayList2.add(x509Certificate2);
                        x509Certificate = x509Certificate2;
                        z = true;
                        break;
                    }
                    i++;
                }
                if (!z) {
                    break;
                }
            }
            return arrayList2;
        }

        private boolean verifyManifestDigest(ManifestParser.Section section, boolean z, byte[] bArr, int i, int i2) throws NoSuchAlgorithmException {
            Collection<NamedDigest> digestsToVerify = V1SchemeVerifier.getDigestsToVerify(section, z ? "-Digest" : "-Digest-Manifest", i, i2);
            if (!(!digestsToVerify.isEmpty())) {
                this.mResult.addWarning(ApkVerifier.Issue.JAR_SIG_NO_MANIFEST_DIGEST_IN_SIG_FILE, this.mSignatureFileEntry.getName());
                return false;
            }
            boolean z2 = true;
            for (NamedDigest namedDigest : digestsToVerify) {
                String str = namedDigest.jcaDigestAlgorithm;
                byte[] digest = V1SchemeVerifier.digest(str, bArr);
                byte[] bArr2 = namedDigest.digest;
                if (!Arrays.equals(bArr2, digest)) {
                    this.mResult.addWarning(ApkVerifier.Issue.JAR_SIG_ZIP_ENTRY_DIGEST_DID_NOT_VERIFY, "META-INF/MANIFEST.MF", str, this.mSignatureFileEntry.getName(), C3986.m8514(digest), C3986.m8514(bArr2));
                    z2 = false;
                }
            }
            return z2;
        }

        private void verifyManifestIndividualSectionDigest(ManifestParser.Section section, boolean z, ManifestParser.Section section2, byte[] bArr, int i, int i2) throws NoSuchAlgorithmException {
            String name = section.getName();
            Collection<NamedDigest> digestsToVerify = V1SchemeVerifier.getDigestsToVerify(section, "-Digest", i, i2);
            if (digestsToVerify.isEmpty()) {
                this.mResult.addError(ApkVerifier.Issue.JAR_SIG_NO_ZIP_ENTRY_DIGEST_IN_SIG_FILE, name, this.mSignatureFileEntry.getName());
                return;
            }
            int startOffset = section2.getStartOffset();
            int sizeBytes = section2.getSizeBytes();
            if (z) {
                int i3 = startOffset + sizeBytes;
                if (bArr[i3 - 1] == 10 && bArr[i3 - 2] == 10) {
                    sizeBytes--;
                }
            }
            for (NamedDigest namedDigest : digestsToVerify) {
                String str = namedDigest.jcaDigestAlgorithm;
                byte[] digest = V1SchemeVerifier.digest(str, bArr, startOffset, sizeBytes);
                byte[] bArr2 = namedDigest.digest;
                if (!Arrays.equals(bArr2, digest)) {
                    this.mResult.addError(ApkVerifier.Issue.JAR_SIG_MANIFEST_SECTION_DIGEST_DID_NOT_VERIFY, name, str, this.mSignatureFileEntry.getName(), C3986.m8514(digest), C3986.m8514(bArr2));
                }
            }
        }

        private void verifyManifestMainSectionDigest(ManifestParser.Section section, ManifestParser.Section section2, byte[] bArr, int i, int i2) throws NoSuchAlgorithmException {
            Collection<NamedDigest> digestsToVerify = V1SchemeVerifier.getDigestsToVerify(section, "-Digest-Manifest-Main-Attributes", i, i2);
            if (digestsToVerify.isEmpty()) {
                return;
            }
            for (NamedDigest namedDigest : digestsToVerify) {
                String str = namedDigest.jcaDigestAlgorithm;
                byte[] digest = V1SchemeVerifier.digest(str, bArr, section2.getStartOffset(), section2.getSizeBytes());
                byte[] bArr2 = namedDigest.digest;
                if (!Arrays.equals(bArr2, digest)) {
                    this.mResult.addError(ApkVerifier.Issue.JAR_SIG_MANIFEST_MAIN_SECTION_DIGEST_DID_NOT_VERIFY, str, this.mSignatureFileEntry.getName(), C3986.m8514(digest), C3986.m8514(bArr2));
                }
            }
        }

        private X509Certificate verifySignerInfoAgainstSigFile(SignedData signedData, Collection<X509Certificate> collection, SignerInfo signerInfo, byte[] bArr, int i, int i2) throws Pkcs7DecodingException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
            boolean z = false;
            String str = signerInfo.digestAlgorithm.algorithm;
            String str2 = signerInfo.signatureAlgorithm.algorithm;
            List<InclusiveIntRange> valuesNotIn = InclusiveIntRange.fromTo(i, i2).getValuesNotIn(OidConstants.getSigAlgSupportedApiLevels(str, str2));
            if (!valuesNotIn.isEmpty()) {
                String userFriendlyNameForOid = OidConstants.OidToUserFriendlyNameMapper.getUserFriendlyNameForOid(str);
                if (userFriendlyNameForOid == null) {
                    userFriendlyNameForOid = str;
                }
                String userFriendlyNameForOid2 = OidConstants.OidToUserFriendlyNameMapper.getUserFriendlyNameForOid(str2);
                if (userFriendlyNameForOid2 == null) {
                    userFriendlyNameForOid2 = str2;
                }
                StringBuilder sb = new StringBuilder();
                for (InclusiveIntRange inclusiveIntRange : valuesNotIn) {
                    if (sb.length() > 0) {
                        sb.append(", ");
                    }
                    if (inclusiveIntRange.getMin() == inclusiveIntRange.getMax()) {
                        sb.append(String.valueOf(inclusiveIntRange.getMin()));
                    } else if (inclusiveIntRange.getMax() == Integer.MAX_VALUE) {
                        sb.append(inclusiveIntRange.getMin() + "+");
                    } else {
                        sb.append(inclusiveIntRange.getMin() + "-" + inclusiveIntRange.getMax());
                    }
                }
                this.mResult.addError(ApkVerifier.Issue.JAR_SIG_UNSUPPORTED_SIG_ALG, this.mSignatureBlockEntry.getName(), str, str2, sb.toString(), userFriendlyNameForOid, userFriendlyNameForOid2);
                return null;
            }
            X509Certificate findCertificate = Certificate.findCertificate(collection, signerInfo.sid);
            if (findCertificate == null) {
                throw new SignatureException("Signing certificate referenced in SignerInfo not found in SignedData");
            }
            if (findCertificate.hasUnsupportedCriticalExtension()) {
                throw new SignatureException("Signing certificate has unsupported critical extensions");
            }
            boolean[] keyUsage = findCertificate.getKeyUsage();
            if (keyUsage != null) {
                boolean z2 = keyUsage.length >= 1 && keyUsage[0];
                if (keyUsage.length >= 2 && keyUsage[1]) {
                    z = true;
                }
                if (!z2 && !z) {
                    throw new SignatureException("Signing certificate not authorized for use in digital signatures: keyUsage extension missing digitalSignature and nonRepudiation");
                }
            }
            Signature signature = Signature.getInstance(AlgorithmIdentifier.getJcaSignatureAlgorithm(str, str2));
            signature.initVerify(findCertificate.getPublicKey());
            Asn1OpaqueObject asn1OpaqueObject = signerInfo.signedAttrs;
            if (asn1OpaqueObject == null) {
                signature.update(bArr);
            } else {
                if (i < 19) {
                    throw new SignatureException("APKs with Signed Attributes broken on platforms with API Level < 19");
                }
                try {
                    SignedAttributes signedAttributes = new SignedAttributes(Asn1BerParser.parseImplicitSetOf(asn1OpaqueObject.getEncoded(), Attribute.class));
                    if (i2 >= 24) {
                        String singleObjectIdentifierValue = signedAttributes.getSingleObjectIdentifierValue(Pkcs7Constants.OID_CONTENT_TYPE);
                        if (singleObjectIdentifierValue == null) {
                            throw new SignatureException("No Content Type in signed attributes");
                        }
                        if (!singleObjectIdentifierValue.equals(signedData.encapContentInfo.contentType)) {
                            return null;
                        }
                    }
                    byte[] singleOctetStringValue = signedAttributes.getSingleOctetStringValue(Pkcs7Constants.OID_MESSAGE_DIGEST);
                    if (singleOctetStringValue == null) {
                        throw new SignatureException("No content digest in signed attributes");
                    }
                    if (!Arrays.equals(singleOctetStringValue, MessageDigest.getInstance(AlgorithmIdentifier.getJcaDigestAlgorithm(str)).digest(bArr))) {
                        return null;
                    }
                    ByteBuffer encoded = signerInfo.signedAttrs.getEncoded();
                    signature.update((byte) 49);
                    encoded.position(1);
                    signature.update(encoded);
                } catch (Asn1DecodingException e) {
                    throw new SignatureException("Failed to parse signed attributes", e);
                }
            }
            if (signature.verify(ByteBufferUtils.toByteArray(signerInfo.signature.slice()))) {
                return findCertificate;
            }
            return null;
        }

        public String getName() {
            return this.mName;
        }

        public Result.SignerInfo getResult() {
            return this.mResult;
        }

        public Set<String> getSigFileEntryNames() {
            return this.mSigFileEntryNames;
        }

        public String getSignatureBlockEntryName() {
            return this.mSignatureBlockEntry.getName();
        }

        public String getSignatureFileEntryName() {
            return this.mSignatureFileEntry.getName();
        }

        public boolean isIgnored() {
            return this.mIgnored;
        }

        void setIgnored() {
            this.mIgnored = true;
        }

        public void verifySigBlockAgainstSigFile(DataSource dataSource, long j, int i, int i2) throws IOException, ApkFormatException, NoSuchAlgorithmException {
            try {
                byte[] uncompressedData = LocalFileRecord.getUncompressedData(dataSource, this.mSignatureBlockEntry, j);
                try {
                    this.mSigFileBytes = LocalFileRecord.getUncompressedData(dataSource, this.mSignatureFileEntry, j);
                    try {
                        PKCS7 pkcs7 = new PKCS7(uncompressedData);
                        sun.security.pkcs.SignerInfo[] signerInfos = pkcs7.getSignerInfos();
                        if (signerInfos == null || signerInfos.length == 0) {
                            this.mResult.addError(ApkVerifier.Issue.JAR_SIG_NO_SIGNERS, this.mSignatureBlockEntry.getName());
                            return;
                        }
                        sun.security.pkcs.SignerInfo signerInfo = null;
                        if (signerInfos.length > 0) {
                            for (sun.security.pkcs.SignerInfo signerInfo2 : signerInfos) {
                                String objectIdentifier = signerInfo2.getDigestAlgorithmId().getOID().toString();
                                String objectIdentifier2 = signerInfo2.getDigestEncryptionAlgorithmId().getOID().toString();
                                List<InclusiveIntRange> valuesNotIn = InclusiveIntRange.fromTo(i, i2).getValuesNotIn(OidConstants.getSigAlgSupportedApiLevels(objectIdentifier, objectIdentifier2));
                                if (!valuesNotIn.isEmpty()) {
                                    this.mResult.addError(ApkVerifier.Issue.JAR_SIG_UNSUPPORTED_SIG_ALG, this.mSignatureBlockEntry.getName(), objectIdentifier, objectIdentifier2, String.valueOf(valuesNotIn));
                                    return;
                                }
                                try {
                                    signerInfo = pkcs7.verify(signerInfo2, this.mSigFileBytes);
                                    if (signerInfo != null) {
                                        break;
                                    }
                                    if (i < 24) {
                                        this.mResult.addError(ApkVerifier.Issue.JAR_SIG_DID_NOT_VERIFY, this.mSignatureBlockEntry.getName(), this.mSignatureFileEntry.getName());
                                        return;
                                    }
                                } catch (SignatureException e) {
                                    this.mResult.addError(ApkVerifier.Issue.JAR_SIG_VERIFY_EXCEPTION, this.mSignatureBlockEntry.getName(), this.mSignatureFileEntry.getName(), e);
                                    return;
                                }
                            }
                        }
                        if (signerInfo == null) {
                            this.mResult.addError(ApkVerifier.Issue.JAR_SIG_NO_SIGNERS, this.mSignatureBlockEntry.getName());
                            return;
                        }
                        try {
                            ArrayList<X509Certificate> certificateChain = signerInfo.getCertificateChain(pkcs7);
                            if (certificateChain == null || certificateChain.isEmpty()) {
                                throw new RuntimeException("Verified SignerInfo does not have a certificate chain");
                            }
                            this.mResult.certChain.clear();
                            this.mResult.certChain.addAll(certificateChain);
                        } catch (IOException e2) {
                            throw new RuntimeException("Failed to obtain cert chain from " + this.mSignatureBlockEntry.getName(), e2);
                        }
                    } catch (IOException e3) {
                        if (e3.getCause() instanceof CertificateException) {
                            this.mResult.addError(ApkVerifier.Issue.JAR_SIG_MALFORMED_CERTIFICATE, this.mSignatureBlockEntry.getName(), e3);
                        } else {
                            this.mResult.addError(ApkVerifier.Issue.JAR_SIG_PARSE_EXCEPTION, this.mSignatureBlockEntry.getName(), e3);
                        }
                    }
                } catch (ZipFormatException e4) {
                    throw new ApkFormatException("Malformed ZIP entry: " + this.mSignatureFileEntry.getName(), e4);
                }
            } catch (ZipFormatException e5) {
                throw new ApkFormatException("Malformed ZIP entry: " + this.mSignatureBlockEntry.getName(), e5);
            }
        }

        public void verifySigFileAgainstManifest(byte[] bArr, ManifestParser.Section section, Map<String, ManifestParser.Section> map, Map<Integer, String> map2, Set<Integer> set, int i, int i2) throws NoSuchAlgorithmException {
            ManifestParser manifestParser = new ManifestParser(this.mSigFileBytes);
            ManifestParser.Section readSection = manifestParser.readSection();
            if (readSection.getAttributeValue(Attributes.Name.SIGNATURE_VERSION) == null) {
                this.mResult.addError(ApkVerifier.Issue.JAR_SIG_MISSING_VERSION_ATTR_IN_SIG_FILE, this.mSignatureFileEntry.getName());
                setIgnored();
                return;
            }
            if (i2 >= 24) {
                checkForStrippedApkSignatures(readSection, map2, set);
                if (this.mResult.containsErrors()) {
                    return;
                }
            }
            String attributeValue = readSection.getAttributeValue("Created-By");
            boolean z = attributeValue != null ? attributeValue.indexOf("signtool") != -1 : false;
            boolean verifyManifestDigest = verifyManifestDigest(readSection, z, bArr, i, i2);
            if (!z) {
                verifyManifestMainSectionDigest(readSection, section, bArr, i, i2);
            }
            if (this.mResult.containsErrors()) {
                return;
            }
            List<ManifestParser.Section> readAllSections = manifestParser.readAllSections();
            HashSet hashSet = new HashSet(readAllSections.size());
            int i3 = 0;
            for (ManifestParser.Section section2 : readAllSections) {
                int i4 = i3 + 1;
                String name = section2.getName();
                if (name == null) {
                    this.mResult.addError(ApkVerifier.Issue.JAR_SIG_UNNNAMED_SIG_FILE_SECTION, this.mSignatureFileEntry.getName(), Integer.valueOf(i4));
                    setIgnored();
                    return;
                } else {
                    if (!hashSet.add(name)) {
                        this.mResult.addError(ApkVerifier.Issue.JAR_SIG_DUPLICATE_SIG_FILE_SECTION, this.mSignatureFileEntry.getName(), name);
                        setIgnored();
                        return;
                    }
                    if (!verifyManifestDigest) {
                        ManifestParser.Section section3 = map.get(name);
                        if (section3 == null) {
                            this.mResult.addError(ApkVerifier.Issue.JAR_SIG_NO_ZIP_ENTRY_DIGEST_IN_SIG_FILE, name, this.mSignatureFileEntry.getName());
                            setIgnored();
                        } else {
                            verifyManifestIndividualSectionDigest(section2, z, section3, bArr, i, i2);
                        }
                    }
                    i3 = i4;
                }
            }
            this.mSigFileEntryNames = hashSet;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class Signers {
        private Signers() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void verify(DataSource dataSource, long j, List<CentralDirectoryRecord> list, Set<String> set, Map<Integer, String> map, Set<Integer> set2, int i, int i2, Result result) throws ApkFormatException, IOException, NoSuchAlgorithmException {
            int i3 = 2;
            HashMap hashMap = new HashMap(1);
            ArrayList<CentralDirectoryRecord> arrayList = new ArrayList(1);
            CentralDirectoryRecord centralDirectoryRecord = null;
            for (CentralDirectoryRecord centralDirectoryRecord2 : list) {
                String name = centralDirectoryRecord2.getName();
                if (name.startsWith("META-INF/")) {
                    if (centralDirectoryRecord == null && "META-INF/MANIFEST.MF".equals(name)) {
                        centralDirectoryRecord = centralDirectoryRecord2;
                    } else if (name.endsWith(".SF")) {
                        hashMap.put(name, centralDirectoryRecord2);
                    } else if (name.endsWith(".RSA") || name.endsWith(".DSA") || name.endsWith(".EC")) {
                        arrayList.add(centralDirectoryRecord2);
                    }
                }
            }
            if (centralDirectoryRecord == null) {
                result.addError(ApkVerifier.Issue.JAR_SIG_NO_MANIFEST, new Object[0]);
                return;
            }
            try {
                byte[] uncompressedData = LocalFileRecord.getUncompressedData(dataSource, centralDirectoryRecord, j);
                Pair<ManifestParser.Section, Map<String, ManifestParser.Section>> parseManifest = V1SchemeVerifier.parseManifest(uncompressedData, set, result);
                if (result.containsErrors()) {
                    return;
                }
                ManifestParser.Section first = parseManifest.getFirst();
                Map<String, ManifestParser.Section> second = parseManifest.getSecond();
                ArrayList<Signer> arrayList2 = new ArrayList(arrayList.size());
                for (CentralDirectoryRecord centralDirectoryRecord3 : arrayList) {
                    String name2 = centralDirectoryRecord3.getName();
                    int lastIndexOf = name2.lastIndexOf(46);
                    if (lastIndexOf == -1) {
                        throw new RuntimeException("Signature block file name does not contain extension: " + name2);
                    }
                    String str = name2.substring(0, lastIndexOf) + ".SF";
                    CentralDirectoryRecord centralDirectoryRecord4 = (CentralDirectoryRecord) hashMap.get(str);
                    if (centralDirectoryRecord4 == null) {
                        ApkVerifier.Issue issue = ApkVerifier.Issue.JAR_SIG_MISSING_FILE;
                        HashMap hashMap2 = hashMap;
                        Object[] objArr = new Object[i3];
                        objArr[0] = name2;
                        objArr[1] = str;
                        result.addWarning(issue, objArr);
                        hashMap = hashMap2;
                    } else {
                        HashMap hashMap3 = hashMap;
                        String substring = name2.substring(9);
                        arrayList2.add(new Signer(substring, centralDirectoryRecord3, centralDirectoryRecord4, new Result.SignerInfo(substring, name2, centralDirectoryRecord4.getName())));
                        hashMap = hashMap3;
                        i3 = 2;
                    }
                }
                if (arrayList2.isEmpty()) {
                    result.addError(ApkVerifier.Issue.JAR_SIG_NO_SIGNATURES, new Object[0]);
                    return;
                }
                for (Signer signer : arrayList2) {
                    ArrayList arrayList3 = arrayList2;
                    signer.verifySigBlockAgainstSigFile(dataSource, j, i, i2);
                    if (signer.getResult().containsErrors()) {
                        result.signers.add(signer.getResult());
                    }
                    arrayList2 = arrayList3;
                }
                ArrayList<Signer> arrayList4 = arrayList2;
                if (result.containsErrors()) {
                    return;
                }
                ArrayList<Signer> arrayList5 = new ArrayList(arrayList4.size());
                for (Signer signer2 : arrayList4) {
                    byte[] bArr = uncompressedData;
                    signer2.verifySigFileAgainstManifest(bArr, first, second, map, set2, i, i2);
                    if (signer2.isIgnored()) {
                        result.ignoredSigners.add(signer2.getResult());
                    } else if (signer2.getResult().containsErrors()) {
                        result.signers.add(signer2.getResult());
                    } else {
                        arrayList5.add(signer2);
                    }
                    uncompressedData = bArr;
                }
                if (result.containsErrors()) {
                    return;
                }
                if (arrayList5.isEmpty()) {
                    result.addError(ApkVerifier.Issue.JAR_SIG_NO_SIGNATURES, new Object[0]);
                    return;
                }
                Set<Signer> verifyJarEntriesAgainstManifestAndSigners = V1SchemeVerifier.verifyJarEntriesAgainstManifestAndSigners(dataSource, j, list, second, arrayList5, i, i2, result);
                if (result.containsErrors()) {
                    return;
                }
                HashSet hashSet = new HashSet((result.signers.size() * 2) + 1);
                hashSet.add(centralDirectoryRecord.getName());
                for (Signer signer3 : verifyJarEntriesAgainstManifestAndSigners) {
                    hashSet.add(signer3.getSignatureBlockEntryName());
                    hashSet.add(signer3.getSignatureFileEntryName());
                }
                Iterator<CentralDirectoryRecord> it = list.iterator();
                while (it.hasNext()) {
                    String name3 = it.next().getName();
                    if (name3.startsWith("META-INF/") && !name3.endsWith(InternalZipConstants.ZIP_FILE_SEPARATOR) && !hashSet.contains(name3)) {
                        result.addWarning(ApkVerifier.Issue.JAR_SIG_UNPROTECTED_ZIP_ENTRY, name3);
                    }
                }
                for (Signer signer4 : arrayList5) {
                    if (verifyJarEntriesAgainstManifestAndSigners.contains(signer4)) {
                        result.signers.add(signer4.getResult());
                    } else {
                        result.ignoredSigners.add(signer4.getResult());
                    }
                }
                result.verified = true;
            } catch (ZipFormatException e) {
                throw new ApkFormatException("Malformed ZIP entry: " + centralDirectoryRecord.getName(), e);
            }
        }
    }

    static {
        HashMap hashMap = new HashMap(8);
        UPPER_CASE_JCA_DIGEST_ALG_TO_CANONICAL = hashMap;
        hashMap.put("MD5", "MD5");
        hashMap.put("SHA", "SHA-1");
        hashMap.put("SHA1", "SHA-1");
        hashMap.put("SHA-1", "SHA-1");
        hashMap.put("SHA-256", "SHA-256");
        hashMap.put("SHA-384", "SHA-384");
        hashMap.put("SHA-512", "SHA-512");
        HashMap hashMap2 = new HashMap(5);
        MIN_SDK_VESION_FROM_WHICH_DIGEST_SUPPORTED_IN_MANIFEST = hashMap2;
        hashMap2.put("MD5", 0);
        hashMap2.put("SHA-1", 0);
        hashMap2.put("SHA-256", 0);
        hashMap2.put("SHA-384", 9);
        hashMap2.put("SHA-512", 9);
    }

    private V1SchemeVerifier() {
    }

    private static Set<String> checkForDuplicateEntries(List<CentralDirectoryRecord> list, Result result) {
        HashSet hashSet = new HashSet(list.size());
        Iterator<CentralDirectoryRecord> it = list.iterator();
        HashSet hashSet2 = null;
        while (it.hasNext()) {
            String name = it.next().getName();
            if (!hashSet.add(name)) {
                if (hashSet2 == null) {
                    hashSet2 = new HashSet();
                }
                if (hashSet2.add(name)) {
                    result.addError(ApkVerifier.Issue.JAR_SIG_DUPLICATE_ZIP_ENTRY, name);
                }
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] digest(String str, byte[] bArr) throws NoSuchAlgorithmException {
        return getMessageDigest(str).digest(bArr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] digest(String str, byte[] bArr, int i, int i2) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = getMessageDigest(str);
        messageDigest.update(bArr, i, i2);
        return messageDigest.digest();
    }

    private static String getCanonicalJcaMessageDigestAlgorithm(String str) {
        return UPPER_CASE_JCA_DIGEST_ALG_TO_CANONICAL.get(str.toUpperCase(Locale.US));
    }

    private static byte[] getDigest(Collection<NamedDigest> collection, String str) {
        for (NamedDigest namedDigest : collection) {
            if (namedDigest.jcaDigestAlgorithm.equalsIgnoreCase(str)) {
                return namedDigest.digest;
            }
        }
        return null;
    }

    public static Collection<NamedDigest> getDigestsToVerify(ManifestParser.Section section, String str, int i, int i2) {
        String canonicalJcaMessageDigestAlgorithm;
        ArrayList arrayList = new ArrayList(1);
        if (i < 18) {
            String attributeValue = section.getAttributeValue("Digest-Algorithms");
            if (attributeValue == null) {
                attributeValue = "SHA SHA1";
            }
            StringTokenizer stringTokenizer = new StringTokenizer(attributeValue);
            while (true) {
                if (!stringTokenizer.hasMoreTokens()) {
                    break;
                }
                String nextToken = stringTokenizer.nextToken();
                String attributeValue2 = section.getAttributeValue(nextToken + str);
                if (attributeValue2 != null && (canonicalJcaMessageDigestAlgorithm = getCanonicalJcaMessageDigestAlgorithm(nextToken)) != null && getMinSdkVersionFromWhichSupportedInManifestOrSignatureFile(canonicalJcaMessageDigestAlgorithm) <= i) {
                    try {
                        arrayList.add(new NamedDigest(canonicalJcaMessageDigestAlgorithm, C2950.m7851(attributeValue2)));
                        break;
                    } catch (C2951 e) {
                        e.printStackTrace();
                    }
                }
            }
            if (arrayList.isEmpty()) {
                return arrayList;
            }
        }
        if (i2 >= 18) {
            String[] strArr = JB_MR2_AND_NEWER_DIGEST_ALGS;
            int length = strArr.length;
            int i3 = 0;
            while (true) {
                if (i3 >= length) {
                    break;
                }
                String str2 = strArr[i3];
                String attributeValue3 = section.getAttributeValue(getJarDigestAttributeName(str2, str));
                if (attributeValue3 == null) {
                    i3++;
                } else {
                    byte[] bArr = new byte[0];
                    try {
                        bArr = C2950.m7851(attributeValue3);
                    } catch (C2951 e2) {
                        e2.printStackTrace();
                    }
                    byte[] digest = getDigest(arrayList, str2);
                    if (digest == null || !Arrays.equals(digest, bArr)) {
                        arrayList.add(new NamedDigest(str2, bArr));
                    }
                }
            }
        }
        return arrayList;
    }

    private static String getJarDigestAttributeName(String str, String str2) {
        if ("SHA-1".equalsIgnoreCase(str)) {
            return "SHA1" + str2;
        }
        return str + str2;
    }

    private static MessageDigest getMessageDigest(String str) throws NoSuchAlgorithmException {
        return MessageDigest.getInstance(str);
    }

    public static int getMinSdkVersionFromWhichSupportedInManifestOrSignatureFile(String str) {
        Integer num = MIN_SDK_VESION_FROM_WHICH_DIGEST_SUPPORTED_IN_MANIFEST.get(str.toUpperCase(Locale.US));
        if (num != null) {
            return num.intValue();
        }
        return Integer.MAX_VALUE;
    }

    private static List<String> getSignerNames(List<Signer> list) {
        if (list.isEmpty()) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<Signer> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getName());
        }
        return arrayList;
    }

    private static boolean isJarEntryDigestNeededInManifest(String str) {
        if (str.startsWith("META-INF/")) {
            return false;
        }
        return !str.endsWith(InternalZipConstants.ZIP_FILE_SEPARATOR);
    }

    public static Pair<ManifestParser.Section, Map<String, ManifestParser.Section>> parseManifest(byte[] bArr, Set<String> set, Result result) {
        ManifestParser manifestParser = new ManifestParser(bArr);
        ManifestParser.Section readSection = manifestParser.readSection();
        List<ManifestParser.Section> readAllSections = manifestParser.readAllSections();
        HashMap hashMap = new HashMap(readAllSections.size());
        int i = 0;
        for (ManifestParser.Section section : readAllSections) {
            i++;
            String name = section.getName();
            if (name == null) {
                result.addError(ApkVerifier.Issue.JAR_SIG_UNNNAMED_MANIFEST_SECTION, Integer.valueOf(i));
            } else if (hashMap.put(name, section) != null) {
                result.addError(ApkVerifier.Issue.JAR_SIG_DUPLICATE_MANIFEST_SECTION, name);
            } else if (!set.contains(name)) {
                result.addError(ApkVerifier.Issue.JAR_SIG_MISSING_ZIP_ENTRY_REFERENCED_IN_MANIFEST, name);
            }
        }
        return Pair.of(readSection, hashMap);
    }

    public static List<CentralDirectoryRecord> parseZipCentralDirectory(DataSource dataSource, ApkUtils.ZipSections zipSections) throws IOException, ApkFormatException {
        long zipCentralDirectorySizeBytes = zipSections.getZipCentralDirectorySizeBytes();
        if (zipCentralDirectorySizeBytes > 2147483647L) {
            throw new ApkFormatException("ZIP Central Directory too large: " + zipCentralDirectorySizeBytes);
        }
        long zipCentralDirectoryOffset = zipSections.getZipCentralDirectoryOffset();
        ByteBuffer byteBuffer = dataSource.getByteBuffer(zipCentralDirectoryOffset, (int) zipCentralDirectorySizeBytes);
        byteBuffer.order(ByteOrder.LITTLE_ENDIAN);
        int zipCentralDirectoryRecordCount = zipSections.getZipCentralDirectoryRecordCount();
        ArrayList arrayList = new ArrayList(zipCentralDirectoryRecordCount);
        for (int i = 0; i < zipCentralDirectoryRecordCount; i++) {
            int position = byteBuffer.position();
            try {
                CentralDirectoryRecord record = CentralDirectoryRecord.getRecord(byteBuffer);
                if (!record.getName().endsWith(InternalZipConstants.ZIP_FILE_SEPARATOR)) {
                    arrayList.add(record);
                }
            } catch (ZipFormatException e) {
                throw new ApkFormatException("Malformed ZIP Central Directory record #" + (i + 1) + " at file offset " + (zipCentralDirectoryOffset + position), e);
            }
        }
        return arrayList;
    }

    public static Result verify(DataSource dataSource, ApkUtils.ZipSections zipSections, Map<Integer, String> map, Set<Integer> set, int i, int i2) throws IOException, ApkFormatException, NoSuchAlgorithmException {
        if (i <= i2) {
            Result result = new Result();
            List<CentralDirectoryRecord> parseZipCentralDirectory = parseZipCentralDirectory(dataSource, zipSections);
            Set<String> checkForDuplicateEntries = checkForDuplicateEntries(parseZipCentralDirectory, result);
            if (result.containsErrors()) {
                return result;
            }
            Signers.verify(dataSource, zipSections.getZipCentralDirectoryOffset(), parseZipCentralDirectory, checkForDuplicateEntries, map, set, i, i2, result);
            return result;
        }
        throw new IllegalArgumentException("minSdkVersion (" + i + ") > maxSdkVersion (" + i2 + ")");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Set<Signer> verifyJarEntriesAgainstManifestAndSigners(DataSource dataSource, long j, Collection<CentralDirectoryRecord> collection, Map<String, ManifestParser.Section> map, List<Signer> list, int i, int i2, Result result) throws ApkFormatException, IOException, NoSuchAlgorithmException {
        Iterator it;
        ArrayList arrayList;
        int i3;
        char c = 2;
        int i4 = 4;
        char c2 = 0;
        int i5 = 1;
        ArrayList arrayList2 = new ArrayList(collection);
        Collections.sort(arrayList2, CentralDirectoryRecord.BY_LOCAL_FILE_HEADER_OFFSET_COMPARATOR);
        Iterator it2 = arrayList2.iterator();
        ArrayList arrayList3 = null;
        String str = null;
        while (it2.hasNext()) {
            CentralDirectoryRecord centralDirectoryRecord = (CentralDirectoryRecord) it2.next();
            String name = centralDirectoryRecord.getName();
            if (isJarEntryDigestNeededInManifest(name)) {
                ManifestParser.Section section = map.get(name);
                if (section == null) {
                    ApkVerifier.Issue issue = ApkVerifier.Issue.JAR_SIG_NO_ZIP_ENTRY_DIGEST_IN_MANIFEST;
                    Object[] objArr = new Object[i5];
                    objArr[c2] = name;
                    result.addError(issue, objArr);
                } else {
                    ArrayList arrayList4 = new ArrayList(list.size());
                    for (Signer signer : list) {
                        if (signer.getSigFileEntryNames().contains(name)) {
                            arrayList4.add(signer);
                        }
                    }
                    if (arrayList4.isEmpty()) {
                        ApkVerifier.Issue issue2 = ApkVerifier.Issue.JAR_SIG_ZIP_ENTRY_NOT_SIGNED;
                        Object[] objArr2 = new Object[i5];
                        objArr2[c2] = name;
                        result.addError(issue2, objArr2);
                    } else {
                        if (arrayList3 == null) {
                            str = name;
                            arrayList3 = arrayList4;
                        } else if (!arrayList4.equals(arrayList3)) {
                            ApkVerifier.Issue issue3 = ApkVerifier.Issue.JAR_SIG_ZIP_ENTRY_SIGNERS_MISMATCH;
                            List<String> signerNames = getSignerNames(arrayList3);
                            List<String> signerNames2 = getSignerNames(arrayList4);
                            Object[] objArr3 = new Object[i4];
                            objArr3[c2] = str;
                            objArr3[i5] = signerNames;
                            objArr3[c] = name;
                            objArr3[3] = signerNames2;
                            result.addError(issue3, objArr3);
                        }
                        ArrayList arrayList5 = new ArrayList(getDigestsToVerify(section, "-Digest", i, i2));
                        if (arrayList5.isEmpty()) {
                            ApkVerifier.Issue issue4 = ApkVerifier.Issue.JAR_SIG_NO_ZIP_ENTRY_DIGEST_IN_MANIFEST;
                            Object[] objArr4 = new Object[i5];
                            objArr4[c2] = name;
                            result.addError(issue4, objArr4);
                            it = it2;
                        } else {
                            MessageDigest[] messageDigestArr = new MessageDigest[arrayList5.size()];
                            for (int i6 = 0; i6 < arrayList5.size(); i6 += i5) {
                                messageDigestArr[i6] = getMessageDigest(((NamedDigest) arrayList5.get(i6)).jcaDigestAlgorithm);
                            }
                            try {
                                it = it2;
                                LocalFileRecord.outputUncompressedData(dataSource, centralDirectoryRecord, j, DataSinks.asDataSink(messageDigestArr));
                                int i7 = 0;
                                while (i7 < arrayList5.size()) {
                                    NamedDigest namedDigest = (NamedDigest) arrayList5.get(i7);
                                    byte[] digest = messageDigestArr[i7].digest();
                                    if (Arrays.equals(namedDigest.digest, digest)) {
                                        arrayList = arrayList5;
                                        i3 = 1;
                                    } else {
                                        arrayList = arrayList5;
                                        i3 = 1;
                                        result.addError(ApkVerifier.Issue.JAR_SIG_ZIP_ENTRY_DIGEST_DID_NOT_VERIFY, name, namedDigest.jcaDigestAlgorithm, "META-INF/MANIFEST.MF", C3986.m8514(digest), C3986.m8514(namedDigest.digest));
                                    }
                                    i7 += i3;
                                    arrayList5 = arrayList;
                                }
                            } catch (ZipFormatException e) {
                                throw new ApkFormatException("Malformed ZIP entry: " + name, e);
                            } catch (IOException e2) {
                                throw new IOException("Failed to read entry: " + name, e2);
                            }
                        }
                        it2 = it;
                        c = 2;
                        i4 = 4;
                        c2 = 0;
                        i5 = 1;
                    }
                }
            }
        }
        if (arrayList3 != null) {
            return new HashSet(arrayList3);
        }
        result.addError(ApkVerifier.Issue.JAR_SIG_NO_SIGNED_ZIP_ENTRIES, new Object[0]);
        return Collections.emptySet();
    }
}
