package com.taobao.update.instantpatch.flow;

import android.util.Pair;
import com.ali.user.mobile.ui.WebConstant;
import com.huawei.secure.android.common.encrypt.keystore.rsa.RSASignKS;
import f.e.a.a.a.a;
import f.r.v.e.e.b;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileDescriptor;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.math.BigInteger;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;

/* loaded from: classes4.dex */
public class PatchChecker implements a {

    /* renamed from: a, reason: collision with root package name */
    public f.r.v.e.e.a f11929a = b.a(PatchChecker.class, (f.r.v.e.e.a) null);

    /* loaded from: classes4.dex */
    public static class ApkSignatureSchemeV2Verifier {

        /* loaded from: classes4.dex */
        public static class SignatureNotFoundException extends Exception {
            public static final long serialVersionUID = 1;

            public SignatureNotFoundException(String str) {
                super(str);
            }

            public SignatureNotFoundException(String str, Throwable th) {
                super(str, th);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: classes4.dex */
        public static class VerbatimX509Certificate extends WrappedX509Certificate {
            public byte[] encodedVerbatim;

            public VerbatimX509Certificate(X509Certificate x509Certificate, byte[] bArr) {
                super(x509Certificate);
                this.encodedVerbatim = bArr;
            }

            @Override // com.taobao.update.instantpatch.flow.PatchChecker.ApkSignatureSchemeV2Verifier.WrappedX509Certificate, java.security.cert.Certificate
            public byte[] getEncoded() throws CertificateEncodingException {
                return this.encodedVerbatim;
            }
        }

        /* loaded from: classes4.dex */
        private static class WrappedX509Certificate extends X509Certificate {
            public final X509Certificate wrapped;

            public WrappedX509Certificate(X509Certificate x509Certificate) {
                this.wrapped = x509Certificate;
            }

            @Override // java.security.cert.X509Certificate
            public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
                this.wrapped.checkValidity();
            }

            @Override // java.security.cert.X509Certificate
            public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
                this.wrapped.checkValidity(date);
            }

            @Override // java.security.cert.X509Certificate
            public int getBasicConstraints() {
                return this.wrapped.getBasicConstraints();
            }

            @Override // java.security.cert.X509Extension
            public Set<String> getCriticalExtensionOIDs() {
                return this.wrapped.getCriticalExtensionOIDs();
            }

            @Override // java.security.cert.Certificate
            public byte[] getEncoded() throws CertificateEncodingException {
                return this.wrapped.getEncoded();
            }

            @Override // java.security.cert.X509Extension
            public byte[] getExtensionValue(String str) {
                return this.wrapped.getExtensionValue(str);
            }

            @Override // java.security.cert.X509Certificate
            public Principal getIssuerDN() {
                return this.wrapped.getIssuerDN();
            }

            @Override // java.security.cert.X509Certificate
            public boolean[] getIssuerUniqueID() {
                return this.wrapped.getIssuerUniqueID();
            }

            @Override // java.security.cert.X509Certificate
            public boolean[] getKeyUsage() {
                return this.wrapped.getKeyUsage();
            }

            @Override // java.security.cert.X509Extension
            public Set<String> getNonCriticalExtensionOIDs() {
                return this.wrapped.getNonCriticalExtensionOIDs();
            }

            @Override // java.security.cert.X509Certificate
            public Date getNotAfter() {
                return this.wrapped.getNotAfter();
            }

            @Override // java.security.cert.X509Certificate
            public Date getNotBefore() {
                return this.wrapped.getNotBefore();
            }

            @Override // java.security.cert.Certificate
            public PublicKey getPublicKey() {
                return this.wrapped.getPublicKey();
            }

            @Override // java.security.cert.X509Certificate
            public BigInteger getSerialNumber() {
                return this.wrapped.getSerialNumber();
            }

            @Override // java.security.cert.X509Certificate
            public String getSigAlgName() {
                return this.wrapped.getSigAlgName();
            }

            @Override // java.security.cert.X509Certificate
            public String getSigAlgOID() {
                return this.wrapped.getSigAlgOID();
            }

            @Override // java.security.cert.X509Certificate
            public byte[] getSigAlgParams() {
                return this.wrapped.getSigAlgParams();
            }

            @Override // java.security.cert.X509Certificate
            public byte[] getSignature() {
                return this.wrapped.getSignature();
            }

            @Override // java.security.cert.X509Certificate
            public Principal getSubjectDN() {
                return this.wrapped.getSubjectDN();
            }

            @Override // java.security.cert.X509Certificate
            public boolean[] getSubjectUniqueID() {
                return this.wrapped.getSubjectUniqueID();
            }

            @Override // java.security.cert.X509Certificate
            public byte[] getTBSCertificate() throws CertificateEncodingException {
                return this.wrapped.getTBSCertificate();
            }

            @Override // java.security.cert.X509Certificate
            public int getVersion() {
                return this.wrapped.getVersion();
            }

            @Override // java.security.cert.X509Extension
            public boolean hasUnsupportedCriticalExtension() {
                return this.wrapped.hasUnsupportedCriticalExtension();
            }

            @Override // java.security.cert.Certificate
            public String toString() {
                return this.wrapped.toString();
            }

            @Override // java.security.cert.Certificate
            public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
                this.wrapped.verify(publicKey);
            }

            @Override // java.security.cert.Certificate
            public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
                this.wrapped.verify(publicKey, str);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: classes4.dex */
        public static class a {

            /* renamed from: a, reason: collision with root package name */
            public final ByteBuffer f11930a;

            /* renamed from: b, reason: collision with root package name */
            public final long f11931b;

            /* renamed from: c, reason: collision with root package name */
            public final long f11932c;

            /* renamed from: d, reason: collision with root package name */
            public final long f11933d;

            /* renamed from: e, reason: collision with root package name */
            public final ByteBuffer f11934e;

            public a(ByteBuffer byteBuffer, long j2, long j3, long j4, ByteBuffer byteBuffer2) {
                this.f11930a = byteBuffer;
                this.f11931b = j2;
                this.f11932c = j3;
                this.f11933d = j4;
                this.f11934e = byteBuffer2;
            }
        }

        public static int a(int i2, int i3) {
            if (i2 == 1) {
                if (i3 == 1) {
                    return 0;
                }
                if (i3 == 2) {
                    return -1;
                }
                throw new IllegalArgumentException("Unknown digestAlgorithm2: " + i3);
            }
            if (i2 != 2) {
                throw new IllegalArgumentException("Unknown digestAlgorithm1: " + i2);
            }
            if (i3 == 1) {
                return 1;
            }
            if (i3 == 2) {
                return 0;
            }
            throw new IllegalArgumentException("Unknown digestAlgorithm2: " + i3);
        }

        public static long a(ByteBuffer byteBuffer, long j2) throws SignatureNotFoundException {
            long c2 = f.r.v.h.c.a.c(byteBuffer);
            if (c2 <= j2) {
                if (f.r.v.h.c.a.d(byteBuffer) + c2 == j2) {
                    return c2;
                }
                throw new SignatureNotFoundException("ZIP Central Directory is not immediately followed by End of Central Directory");
            }
            throw new SignatureNotFoundException("ZIP Central Directory offset out of range: " + c2 + ". ZIP End of Central Directory offset: " + j2);
        }

        public static Pair<ByteBuffer, Long> a(RandomAccessFile randomAccessFile, long j2) throws IOException, SignatureNotFoundException {
            if (j2 < 32) {
                throw new SignatureNotFoundException("APK too small for APK Signing Block. ZIP Central Directory offset: " + j2);
            }
            ByteBuffer allocate = ByteBuffer.allocate(24);
            allocate.order(ByteOrder.LITTLE_ENDIAN);
            randomAccessFile.seek(j2 - allocate.capacity());
            randomAccessFile.readFully(allocate.array(), allocate.arrayOffset(), allocate.capacity());
            if (allocate.getLong(8) != 2334950737559900225L || allocate.getLong(16) != 3617552046287187010L) {
                throw new SignatureNotFoundException("No APK Signing Block before ZIP Central Directory");
            }
            long j3 = allocate.getLong(0);
            if (j3 < allocate.capacity() || j3 > 2147483639) {
                throw new SignatureNotFoundException("APK Signing Block size out of range: " + j3);
            }
            int i2 = (int) (8 + j3);
            long j4 = j2 - i2;
            if (j4 < 0) {
                throw new SignatureNotFoundException("APK Signing Block offset out of range: " + j4);
            }
            ByteBuffer allocate2 = ByteBuffer.allocate(i2);
            allocate2.order(ByteOrder.LITTLE_ENDIAN);
            randomAccessFile.seek(j4);
            randomAccessFile.readFully(allocate2.array(), allocate2.arrayOffset(), allocate2.capacity());
            long j5 = allocate2.getLong(0);
            if (j5 == j3) {
                return Pair.create(allocate2, Long.valueOf(j4));
            }
            throw new SignatureNotFoundException("APK Signing Block sizes in header and footer do not match: " + j5 + " vs " + j3);
        }

        public static a a(RandomAccessFile randomAccessFile) throws IOException, SignatureNotFoundException {
            Pair<ByteBuffer, Long> b2 = b(randomAccessFile);
            ByteBuffer byteBuffer = (ByteBuffer) b2.first;
            long longValue = ((Long) b2.second).longValue();
            if (f.r.v.h.c.a.a(randomAccessFile, longValue)) {
                throw new SignatureNotFoundException("ZIP64 APK not supported");
            }
            long a2 = a(byteBuffer, longValue);
            Pair<ByteBuffer, Long> a3 = a(randomAccessFile, a2);
            ByteBuffer byteBuffer2 = (ByteBuffer) a3.first;
            return new a(b(byteBuffer2), ((Long) a3.second).longValue(), a2, longValue, byteBuffer);
        }

        public static String a(int i2) {
            if (i2 == 1) {
                return "SHA-256";
            }
            if (i2 == 2) {
                return "SHA-512";
            }
            throw new IllegalArgumentException("Unknown content digest algorthm: " + i2);
        }

        public static ByteBuffer a(ByteBuffer byteBuffer, int i2) throws BufferUnderflowException {
            if (i2 < 0) {
                throw new IllegalArgumentException("size: " + i2);
            }
            int limit = byteBuffer.limit();
            int position = byteBuffer.position();
            int i3 = i2 + position;
            if (i3 < position || i3 > limit) {
                throw new BufferUnderflowException();
            }
            byteBuffer.limit(i3);
            try {
                ByteBuffer slice = byteBuffer.slice();
                slice.order(byteBuffer.order());
                byteBuffer.position(i3);
                return slice;
            } finally {
                byteBuffer.limit(limit);
            }
        }

        public static ByteBuffer a(ByteBuffer byteBuffer, int i2, int i3) {
            if (i2 < 0) {
                throw new IllegalArgumentException("start: " + i2);
            }
            if (i3 < i2) {
                throw new IllegalArgumentException("end < start: " + i3 + " < " + i2);
            }
            int capacity = byteBuffer.capacity();
            if (i3 > byteBuffer.capacity()) {
                throw new IllegalArgumentException("end > capacity: " + i3 + " > " + capacity);
            }
            int limit = byteBuffer.limit();
            int position = byteBuffer.position();
            try {
                byteBuffer.position(0);
                byteBuffer.limit(i3);
                byteBuffer.position(i2);
                ByteBuffer slice = byteBuffer.slice();
                slice.order(byteBuffer.order());
                return slice;
            } finally {
                byteBuffer.position(0);
                byteBuffer.limit(limit);
                byteBuffer.position(position);
            }
        }

        public static void a(ByteBuffer byteBuffer) {
            if (byteBuffer.order() != ByteOrder.LITTLE_ENDIAN) {
                throw new IllegalArgumentException("ByteBuffer byte order must be little endian");
            }
        }

        public static X509Certificate[] a(ByteBuffer byteBuffer, Map<Integer, byte[]> map, CertificateFactory certificateFactory) throws SecurityException, IOException {
            ByteBuffer c2 = c(byteBuffer);
            ByteBuffer c3 = c(byteBuffer);
            byte[] d2 = d(byteBuffer);
            ArrayList arrayList = new ArrayList();
            byte[] bArr = null;
            int i2 = -1;
            int i3 = 0;
            while (c3.hasRemaining()) {
                i3++;
                try {
                    ByteBuffer c4 = c(c3);
                    if (c4.remaining() < 8) {
                        throw new SecurityException("Signature record too short");
                    }
                    int i4 = c4.getInt();
                    arrayList.add(Integer.valueOf(i4));
                    if (e(i4) && (i2 == -1 || b(i4, i2) > 0)) {
                        bArr = d(c4);
                        i2 = i4;
                    }
                } catch (IOException | BufferUnderflowException e2) {
                    throw new SecurityException("Failed to parse signature record #" + i3, e2);
                }
            }
            if (i2 == -1) {
                if (i3 == 0) {
                    throw new SecurityException("No signatures found");
                }
                throw new SecurityException("No supported signatures found");
            }
            String c5 = c(i2);
            Pair<String, ? extends AlgorithmParameterSpec> d3 = d(i2);
            String str = (String) d3.first;
            AlgorithmParameterSpec algorithmParameterSpec = (AlgorithmParameterSpec) d3.second;
            try {
                PublicKey generatePublic = KeyFactory.getInstance(c5).generatePublic(new X509EncodedKeySpec(d2));
                Signature signature = Signature.getInstance(str);
                signature.initVerify(generatePublic);
                if (algorithmParameterSpec != null) {
                    signature.setParameter(algorithmParameterSpec);
                }
                signature.update(c2);
                if (!signature.verify(bArr)) {
                    throw new SecurityException(str + " signature did not verify");
                }
                c2.clear();
                ByteBuffer c6 = c(c2);
                ArrayList arrayList2 = new ArrayList();
                byte[] bArr2 = null;
                int i5 = 0;
                while (c6.hasRemaining()) {
                    i5++;
                    try {
                        ByteBuffer c7 = c(c6);
                        if (c7.remaining() < 8) {
                            throw new IOException("Record too short");
                        }
                        int i6 = c7.getInt();
                        arrayList2.add(Integer.valueOf(i6));
                        if (i6 == i2) {
                            bArr2 = d(c7);
                        }
                    } catch (IOException | BufferUnderflowException e3) {
                        throw new IOException("Failed to parse digest record #" + i5, e3);
                    }
                }
                if (!arrayList.equals(arrayList2)) {
                    throw new SecurityException("Signature algorithms don't match between digests and signatures records");
                }
                int b2 = b(i2);
                byte[] put = map.put(Integer.valueOf(b2), bArr2);
                if (put != null && !MessageDigest.isEqual(put, bArr2)) {
                    throw new SecurityException(a(b2) + " contents digest does not match the digest specified by a preceding signer");
                }
                ByteBuffer c8 = c(c2);
                ArrayList arrayList3 = new ArrayList();
                int i7 = 0;
                while (c8.hasRemaining()) {
                    i7++;
                    byte[] d4 = d(c8);
                    try {
                        arrayList3.add(new VerbatimX509Certificate((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(d4)), d4));
                    } catch (CertificateException e4) {
                        throw new SecurityException("Failed to decode certificate #" + i7, e4);
                    }
                }
                if (arrayList3.isEmpty()) {
                    throw new SecurityException("No certificates listed");
                }
                if (Arrays.equals(d2, ((X509Certificate) arrayList3.get(0)).getPublicKey().getEncoded())) {
                    return (X509Certificate[]) arrayList3.toArray(new X509Certificate[arrayList3.size()]);
                }
                throw new SecurityException("Public key mismatch between certificate and signature record");
            } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | InvalidKeySpecException e5) {
                throw new SecurityException("Failed to verify " + str + " signature", e5);
            }
        }

        public static X509Certificate[][] a(FileDescriptor fileDescriptor, a aVar) throws SecurityException {
            HashMap hashMap = new HashMap();
            ArrayList arrayList = new ArrayList();
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                try {
                    ByteBuffer c2 = c(aVar.f11930a);
                    int i2 = 0;
                    while (c2.hasRemaining()) {
                        i2++;
                        try {
                            arrayList.add(a(c(c2), hashMap, certificateFactory));
                        } catch (IOException | SecurityException | BufferUnderflowException e2) {
                            throw new SecurityException("Failed to parse/verify signer #" + i2 + " block", e2);
                        }
                    }
                    if (i2 < 1) {
                        throw new SecurityException("No signers found");
                    }
                    if (hashMap.isEmpty()) {
                        throw new SecurityException("No content digests found");
                    }
                    return (X509Certificate[][]) arrayList.toArray(new X509Certificate[arrayList.size()]);
                } catch (IOException e3) {
                    throw new SecurityException("Failed to read list of signers", e3);
                }
            } catch (CertificateException e4) {
                throw new RuntimeException("Failed to obtain X.509 CertificateFactory", e4);
            }
        }

        public static X509Certificate[][] a(String str) throws SignatureNotFoundException, SecurityException, IOException {
            return c(new RandomAccessFile(str, "r"));
        }

        public static int b(int i2) {
            if (i2 == 513) {
                return 1;
            }
            if (i2 == 514) {
                return 2;
            }
            if (i2 == 769) {
                return 1;
            }
            switch (i2) {
                case 257:
                case 259:
                    return 1;
                case WebConstant.OPEN_WEB_RESCODE /* 258 */:
                case 260:
                    return 2;
                default:
                    throw new IllegalArgumentException("Unknown signature algorithm: 0x" + Long.toHexString(i2 & (-1)));
            }
        }

        public static int b(int i2, int i3) {
            return a(b(i2), b(i3));
        }

        public static Pair<ByteBuffer, Long> b(RandomAccessFile randomAccessFile) throws IOException, SignatureNotFoundException {
            Pair<ByteBuffer, Long> a2 = f.r.v.h.c.a.a(randomAccessFile);
            if (a2 != null) {
                return a2;
            }
            throw new SignatureNotFoundException("Not an APK file: ZIP End of Central Directory record not found");
        }

        public static ByteBuffer b(ByteBuffer byteBuffer) throws SignatureNotFoundException {
            a(byteBuffer);
            ByteBuffer a2 = a(byteBuffer, 8, byteBuffer.capacity() - 24);
            int i2 = 0;
            while (a2.hasRemaining()) {
                i2++;
                if (a2.remaining() < 8) {
                    throw new SignatureNotFoundException("Insufficient data to read size of APK Signing Block entry #" + i2);
                }
                long j2 = a2.getLong();
                if (j2 < 4 || j2 > 2147483647L) {
                    throw new SignatureNotFoundException("APK Signing Block entry #" + i2 + " size out of range: " + j2);
                }
                int i3 = (int) j2;
                int position = a2.position() + i3;
                if (i3 > a2.remaining()) {
                    throw new SignatureNotFoundException("APK Signing Block entry #" + i2 + " size out of range: " + i3 + ", available: " + a2.remaining());
                }
                if (a2.getInt() == 1896449818) {
                    return a(a2, i3 - 4);
                }
                a2.position(position);
            }
            throw new SignatureNotFoundException("No APK Signature Scheme v2 block in APK Signing Block");
        }

        public static String c(int i2) {
            if (i2 == 513 || i2 == 514) {
                return "EC";
            }
            if (i2 == 769) {
                return "DSA";
            }
            switch (i2) {
                case 257:
                case WebConstant.OPEN_WEB_RESCODE /* 258 */:
                case 259:
                case 260:
                    return "RSA";
                default:
                    throw new IllegalArgumentException("Unknown signature algorithm: 0x" + Long.toHexString(i2 & (-1)));
            }
        }

        public static ByteBuffer c(ByteBuffer byteBuffer) throws IOException {
            if (byteBuffer.remaining() < 4) {
                throw new IOException("Remaining buffer too short to contain length of length-prefixed field. Remaining: " + byteBuffer.remaining());
            }
            int i2 = byteBuffer.getInt();
            if (i2 < 0) {
                throw new IllegalArgumentException("Negative length");
            }
            if (i2 <= byteBuffer.remaining()) {
                return a(byteBuffer, i2);
            }
            throw new IOException("Length-prefixed field longer than remaining buffer. Field length: " + i2 + ", remaining: " + byteBuffer.remaining());
        }

        public static X509Certificate[][] c(RandomAccessFile randomAccessFile) throws SignatureNotFoundException, SecurityException, IOException {
            return a(randomAccessFile.getFD(), a(randomAccessFile));
        }

        public static Pair<String, ? extends AlgorithmParameterSpec> d(int i2) {
            if (i2 == 513) {
                return Pair.create("SHA256withECDSA", null);
            }
            if (i2 == 514) {
                return Pair.create("SHA512withECDSA", null);
            }
            if (i2 == 769) {
                return Pair.create("SHA256withDSA", null);
            }
            switch (i2) {
                case 257:
                    return Pair.create(RSASignKS.J, new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1));
                case WebConstant.OPEN_WEB_RESCODE /* 258 */:
                    return Pair.create("SHA512withRSA/PSS", new PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, 64, 1));
                case 259:
                    return Pair.create("SHA256withRSA", null);
                case 260:
                    return Pair.create("SHA512withRSA", null);
                default:
                    throw new IllegalArgumentException("Unknown signature algorithm: 0x" + Long.toHexString(i2 & (-1)));
            }
        }

        public static byte[] d(ByteBuffer byteBuffer) throws IOException {
            int i2 = byteBuffer.getInt();
            if (i2 < 0) {
                throw new IOException("Negative length");
            }
            if (i2 <= byteBuffer.remaining()) {
                byte[] bArr = new byte[i2];
                byteBuffer.get(bArr);
                return bArr;
            }
            throw new IOException("Underflow while reading length-prefixed value. Length: " + i2 + ", available: " + byteBuffer.remaining());
        }

        public static boolean e(int i2) {
            if (i2 == 513 || i2 == 514 || i2 == 769) {
                return true;
            }
            switch (i2) {
                case 257:
                case WebConstant.OPEN_WEB_RESCODE /* 258 */:
                case 259:
                case 260:
                    return true;
                default:
                    return false;
            }
        }
    }

    @Override // f.e.a.a.a.a
    public boolean a(File file) {
        try {
            X509Certificate[][] a2 = ApkSignatureSchemeV2Verifier.a(file.getAbsolutePath());
            this.f11929a.a("patch verify success");
            return a2.length > 0;
        } catch (ApkSignatureSchemeV2Verifier.SignatureNotFoundException e2) {
            e2.printStackTrace();
            this.f11929a.a("patch verify failed");
            return false;
        } catch (IOException e3) {
            e3.printStackTrace();
            this.f11929a.a("patch verify failed");
            return false;
        }
    }
}
