package com.bytedance.pangle.f;

import android.util.ArrayMap;
import android.util.Pair;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;

/* loaded from: classes.dex */
public final class c {

    /* loaded from: classes.dex */
    public static class a extends Exception {
    }

    /* loaded from: classes.dex */
    public static class b {

        /* renamed from: a, reason: collision with root package name */
        public final List<X509Certificate> f3633a;

        /* renamed from: b, reason: collision with root package name */
        public final List<Integer> f3634b;

        public b(List<X509Certificate> list, List<Integer> list2) {
            this.f3633a = list;
            this.f3634b = list2;
        }
    }

    /* renamed from: com.bytedance.pangle.f.c$c, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public static class C0041c {

        /* renamed from: a, reason: collision with root package name */
        public final X509Certificate[] f3635a;

        /* renamed from: b, reason: collision with root package name */
        public final b f3636b;

        /* renamed from: c, reason: collision with root package name */
        public byte[] f3637c;

        public C0041c(X509Certificate[] x509CertificateArr, b bVar) {
            this.f3635a = x509CertificateArr;
            this.f3636b = bVar;
        }
    }

    private static b a(ByteBuffer byteBuffer, CertificateFactory certificateFactory) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        int i7 = 0;
        try {
            byteBuffer.getInt();
            HashSet hashSet = new HashSet();
            int i9 = -1;
            p pVar = null;
            while (byteBuffer.hasRemaining()) {
                i7++;
                ByteBuffer a10 = f.a(byteBuffer);
                ByteBuffer a11 = f.a(a10);
                int i10 = a10.getInt();
                int i11 = a10.getInt();
                byte[] b10 = f.b(a10);
                if (pVar != null) {
                    Pair<String, ? extends AlgorithmParameterSpec> d10 = f.d(i9);
                    PublicKey publicKey = pVar.getPublicKey();
                    Signature signature = Signature.getInstance((String) d10.first);
                    signature.initVerify(publicKey);
                    Object obj = d10.second;
                    if (obj != null) {
                        signature.setParameter((AlgorithmParameterSpec) obj);
                    }
                    signature.update(a11);
                    if (!signature.verify(b10)) {
                        throw new SecurityException("Unable to verify signature of certificate #" + i7 + " using " + ((String) d10.first) + " when verifying Proof-of-rotation record");
                    }
                }
                a11.rewind();
                byte[] b11 = f.b(a11);
                int i12 = a11.getInt();
                if (pVar != null && i9 != i12) {
                    throw new SecurityException("Signing algorithm ID mismatch for certificate #" + i7 + " when verifying Proof-of-rotation record");
                }
                pVar = new p((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(b11)), b11);
                if (hashSet.contains(pVar)) {
                    throw new SecurityException("Encountered duplicate entries in Proof-of-rotation record at certificate #" + i7 + ".  All signing certificates should be unique");
                }
                hashSet.add(pVar);
                arrayList.add(pVar);
                arrayList2.add(Integer.valueOf(i10));
                i9 = i11;
            }
            return new b(arrayList, arrayList2);
        } catch (IOException e10) {
            e = e10;
            throw new IOException("Failed to parse Proof-of-rotation record", e);
        } catch (BufferUnderflowException e11) {
            e = e11;
            throw new IOException("Failed to parse Proof-of-rotation record", e);
        } catch (InvalidAlgorithmParameterException e12) {
            e = e12;
            throw new SecurityException("Failed to verify signature over signed data for certificate #0 when verifying Proof-of-rotation record", e);
        } catch (InvalidKeyException e13) {
            e = e13;
            throw new SecurityException("Failed to verify signature over signed data for certificate #0 when verifying Proof-of-rotation record", e);
        } catch (NoSuchAlgorithmException e14) {
            e = e14;
            throw new SecurityException("Failed to verify signature over signed data for certificate #0 when verifying Proof-of-rotation record", e);
        } catch (SignatureException e15) {
            e = e15;
            throw new SecurityException("Failed to verify signature over signed data for certificate #0 when verifying Proof-of-rotation record", e);
        } catch (CertificateException e16) {
            throw new SecurityException("Failed to decode certificate #0 when verifying Proof-of-rotation record", e16);
        }
    }

    public static C0041c a(RandomAccessFile randomAccessFile, m mVar) {
        ArrayMap arrayMap = new ArrayMap();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                ByteBuffer a10 = f.a(mVar.f3653a);
                int i7 = 0;
                C0041c c0041c = null;
                while (a10.hasRemaining()) {
                    try {
                        c0041c = a(f.a(a10), arrayMap, certificateFactory);
                        i7++;
                    } catch (a unused) {
                    } catch (IOException e10) {
                        e = e10;
                        throw new SecurityException("Failed to parse/verify signer #" + i7 + " block", e);
                    } catch (SecurityException e11) {
                        e = e11;
                        throw new SecurityException("Failed to parse/verify signer #" + i7 + " block", e);
                    } catch (BufferUnderflowException e12) {
                        e = e12;
                        throw new SecurityException("Failed to parse/verify signer #" + i7 + " block", e);
                    }
                }
                if (i7 <= 0 || c0041c == null) {
                    throw new SecurityException("No signers found");
                }
                if (i7 != 1) {
                    throw new SecurityException("APK Signature Scheme V3 only supports one signer: multiple signers found.");
                }
                if (arrayMap.isEmpty()) {
                    throw new SecurityException("No content digests found");
                }
                f.a(arrayMap, randomAccessFile, mVar);
                if (arrayMap.containsKey(3)) {
                    c0041c.f3637c = f.a((byte[]) arrayMap.get(3), randomAccessFile.length(), mVar);
                }
                return c0041c;
            } catch (IOException e13) {
                throw new SecurityException("Failed to read list of signers", e13);
            }
        } catch (CertificateException e14) {
            throw new RuntimeException("Failed to obtain X.509 CertificateFactory", e14);
        }
    }

    private static C0041c a(ByteBuffer byteBuffer, List<X509Certificate> list, CertificateFactory certificateFactory) {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) list.toArray(new X509Certificate[list.size()]);
        b bVar = null;
        while (byteBuffer.hasRemaining()) {
            ByteBuffer a10 = f.a(byteBuffer);
            if (a10.remaining() < 4) {
                throw new IOException("Remaining buffer too short to contain additional attribute ID. Remaining: " + a10.remaining());
            }
            if (a10.getInt() == 1000370060) {
                if (bVar != null) {
                    throw new SecurityException("Encountered multiple Proof-of-rotation records when verifying APK Signature Scheme v3 signature");
                }
                bVar = a(a10, certificateFactory);
                try {
                    if (bVar.f3633a.size() > 0) {
                        if (!Arrays.equals(bVar.f3633a.get(r1.size() - 1).getEncoded(), x509CertificateArr[0].getEncoded())) {
                            throw new SecurityException("Terminal certificate in Proof-of-rotation record does not match APK signing certificate");
                        }
                    } else {
                        continue;
                    }
                } catch (CertificateEncodingException e10) {
                    throw new SecurityException("Failed to encode certificate when comparing Proof-of-rotation record and signing certificate", e10);
                }
            }
        }
        return new C0041c(x509CertificateArr, bVar);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:20:0x0058. Please report as an issue. */
    private static C0041c a(ByteBuffer byteBuffer, Map<Integer, byte[]> map, CertificateFactory certificateFactory) {
        ByteBuffer a10 = f.a(byteBuffer);
        int i7 = byteBuffer.getInt();
        int i9 = byteBuffer.getInt();
        ByteBuffer a11 = f.a(byteBuffer);
        byte[] b10 = f.b(byteBuffer);
        ArrayList arrayList = new ArrayList();
        int i10 = -1;
        int i11 = 0;
        byte[] bArr = null;
        while (true) {
            int i12 = 8;
            boolean z9 = true;
            if (!a11.hasRemaining()) {
                if (i10 == -1) {
                    if (i11 == 0) {
                        throw new SecurityException("No signatures found");
                    }
                    throw new SecurityException("No supported signatures found");
                }
                String c10 = f.c(i10);
                Pair<String, ? extends AlgorithmParameterSpec> d10 = f.d(i10);
                String str = (String) d10.first;
                AlgorithmParameterSpec algorithmParameterSpec = (AlgorithmParameterSpec) d10.second;
                try {
                    PublicKey generatePublic = KeyFactory.getInstance(c10).generatePublic(new X509EncodedKeySpec(b10));
                    Signature signature = Signature.getInstance(str);
                    signature.initVerify(generatePublic);
                    if (algorithmParameterSpec != null) {
                        signature.setParameter(algorithmParameterSpec);
                    }
                    signature.update(a10);
                    if (!signature.verify(bArr)) {
                        throw new SecurityException(android.support.v4.media.b.f(str, " signature did not verify"));
                    }
                    a10.clear();
                    ByteBuffer a12 = f.a(a10);
                    ArrayList arrayList2 = new ArrayList();
                    byte[] bArr2 = null;
                    int i13 = 0;
                    while (a12.hasRemaining()) {
                        i13++;
                        try {
                            ByteBuffer a13 = f.a(a12);
                            if (a13.remaining() < i12) {
                                throw new IOException("Record too short");
                            }
                            int i14 = a13.getInt();
                            arrayList2.add(Integer.valueOf(i14));
                            if (i14 == i10) {
                                bArr2 = f.b(a13);
                            }
                            i12 = 8;
                        } catch (IOException | BufferUnderflowException e10) {
                            throw new IOException("Failed to parse digest record #".concat(String.valueOf(i13)), e10);
                        }
                    }
                    if (!arrayList.equals(arrayList2)) {
                        throw new SecurityException("Signature algorithms don't match between digests and signatures records");
                    }
                    int a14 = f.a(i10);
                    byte[] put = map.put(Integer.valueOf(a14), bArr2);
                    if (put != null && !MessageDigest.isEqual(put, bArr2)) {
                        throw new SecurityException(android.support.v4.media.a.f(new StringBuilder(), f.b(a14), " contents digest does not match the digest specified by a preceding signer"));
                    }
                    ByteBuffer a15 = f.a(a10);
                    ArrayList arrayList3 = new ArrayList();
                    int i15 = 0;
                    while (a15.hasRemaining()) {
                        i15++;
                        byte[] b11 = f.b(a15);
                        try {
                            arrayList3.add(new p((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(b11)), b11));
                        } catch (CertificateException e11) {
                            throw new SecurityException("Failed to decode certificate #".concat(String.valueOf(i15)), e11);
                        }
                    }
                    if (arrayList3.isEmpty()) {
                        throw new SecurityException("No certificates listed");
                    }
                    if (!Arrays.equals(b10, ((X509Certificate) arrayList3.get(0)).getPublicKey().getEncoded())) {
                        throw new SecurityException("Public key mismatch between certificate and signature record");
                    }
                    if (a10.getInt() != i7) {
                        throw new SecurityException("minSdkVersion mismatch between signed and unsigned in v3 signer block.");
                    }
                    if (a10.getInt() == i9) {
                        return a(f.a(a10), arrayList3, certificateFactory);
                    }
                    throw new SecurityException("maxSdkVersion mismatch between signed and unsigned in v3 signer block.");
                } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | InvalidKeySpecException e12) {
                    throw new SecurityException("Failed to verify " + str + " signature", e12);
                }
            }
            i11++;
            try {
                ByteBuffer a16 = f.a(a11);
                if (a16.remaining() < 8) {
                    throw new SecurityException("Signature record too short");
                }
                int i16 = a16.getInt();
                arrayList.add(Integer.valueOf(i16));
                if (i16 != 513 && i16 != 514 && i16 != 769 && i16 != 1057 && i16 != 1059 && i16 != 1061) {
                    switch (i16) {
                        case 257:
                        case 258:
                        case 259:
                        case 260:
                            break;
                        default:
                            z9 = false;
                            break;
                    }
                }
                if (z9 && (i10 == -1 || f.a(i16, i10) > 0)) {
                    bArr = f.b(a16);
                    i10 = i16;
                }
            } catch (IOException | BufferUnderflowException e13) {
                throw new SecurityException("Failed to parse signature record #".concat(String.valueOf(i11)), e13);
            }
        }
    }
}
