package com.android.apksig.internal.apk.stamp;

import com.android.apksig.ApkVerifier;
import com.android.apksig.apk.ApkFormatException;
import com.android.apksig.apk.ApkUtils;
import com.android.apksig.internal.apk.ApkSigningBlockUtils;
import com.android.apksig.internal.apk.ContentDigestAlgorithm;
import com.android.apksig.internal.apk.SignatureAlgorithm;
import com.android.apksig.internal.util.GuaranteedEncodedFormX509Certificate;
import com.android.apksig.internal.util.Pair;
import com.android.apksig.internal.util.X509CertificateUtils;
import com.android.apksig.util.DataSource;
import java.io.IOException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.Map;

/* loaded from: input_file:res/raw/bundleto:com/android/apksig/internal/apk/stamp/SourceStampVerifier.class */
public abstract class SourceStampVerifier {
    private SourceStampVerifier() {
    }

    public static ApkSigningBlockUtils.Result verify(DataSource dataSource, ApkUtils.ZipSections zipSections, byte[] bArr, Map<ContentDigestAlgorithm, byte[]> map, int i, int i2) throws IOException, NoSuchAlgorithmException, ApkSigningBlockUtils.SignatureNotFoundException {
        ApkSigningBlockUtils.Result result = new ApkSigningBlockUtils.Result(0);
        verify(ApkSigningBlockUtils.findSignature(dataSource, zipSections, SourceStampSigner.SOURCE_STAMP_BLOCK_ID, result).signatureBlock, bArr, map, i, i2, result);
        return result;
    }

    private static void verify(ByteBuffer byteBuffer, byte[] bArr, Map<ContentDigestAlgorithm, byte[]> map, int i, int i2, ApkSigningBlockUtils.Result result) throws NoSuchAlgorithmException {
        ApkSigningBlockUtils.Result.SignerInfo signerInfo = new ApkSigningBlockUtils.Result.SignerInfo();
        result.signers.add(signerInfo);
        try {
            parseSourceStamp(ApkSigningBlockUtils.getLengthPrefixedSlice(byteBuffer), CertificateFactory.getInstance("X.509"), signerInfo, map, bArr, i, i2);
            result.verified = (result.containsErrors() || result.containsWarnings()) ? false : true;
        } catch (ApkFormatException | BufferUnderflowException e) {
            signerInfo.addWarning(ApkVerifier.Issue.SOURCE_STAMP_MALFORMED_SIGNATURE, new Object[0]);
        } catch (CertificateException e2) {
            throw new IllegalStateException("Failed to obtain X.509 CertificateFactory", e2);
        }
    }

    private static void parseSourceStamp(ByteBuffer byteBuffer, CertificateFactory certificateFactory, ApkSigningBlockUtils.Result.SignerInfo signerInfo, Map<ContentDigestAlgorithm, byte[]> map, byte[] bArr, int i, int i2) throws ApkFormatException, NoSuchAlgorithmException {
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<ContentDigestAlgorithm, byte[]> entry : map.entrySet()) {
            arrayList.add(Pair.of(Integer.valueOf(entry.getKey().getId()), entry.getValue()));
        }
        Collections.sort(arrayList, Comparator.comparing((v0) -> {
            return v0.getFirst();
        }));
        byte[] encodeAsSequenceOfLengthPrefixedPairsOfIntAndLengthPrefixedBytes = ApkSigningBlockUtils.encodeAsSequenceOfLengthPrefixedPairsOfIntAndLengthPrefixedBytes(arrayList);
        byte[] readLengthPrefixedByteArray = ApkSigningBlockUtils.readLengthPrefixedByteArray(byteBuffer);
        try {
            GuaranteedEncodedFormX509Certificate guaranteedEncodedFormX509Certificate = new GuaranteedEncodedFormX509Certificate(X509CertificateUtils.generateCertificate(readLengthPrefixedByteArray, certificateFactory), readLengthPrefixedByteArray);
            signerInfo.certs.add(guaranteedEncodedFormX509Certificate);
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(readLengthPrefixedByteArray);
            byte[] digest = messageDigest.digest();
            if (!Arrays.equals(bArr, digest)) {
                signerInfo.addWarning(ApkVerifier.Issue.SOURCE_STAMP_CERTIFICATE_MISMATCH_BETWEEN_SIGNATURE_BLOCK_AND_APK, ApkSigningBlockUtils.toHex(digest), ApkSigningBlockUtils.toHex(bArr));
                return;
            }
            ByteBuffer lengthPrefixedSlice = ApkSigningBlockUtils.getLengthPrefixedSlice(byteBuffer);
            int i3 = 0;
            ArrayList arrayList2 = new ArrayList(1);
            while (lengthPrefixedSlice.hasRemaining()) {
                i3++;
                try {
                    ByteBuffer lengthPrefixedSlice2 = ApkSigningBlockUtils.getLengthPrefixedSlice(lengthPrefixedSlice);
                    int i4 = lengthPrefixedSlice2.getInt();
                    byte[] readLengthPrefixedByteArray2 = ApkSigningBlockUtils.readLengthPrefixedByteArray(lengthPrefixedSlice2);
                    signerInfo.signatures.add(new ApkSigningBlockUtils.Result.SignerInfo.Signature(i4, readLengthPrefixedByteArray2));
                    SignatureAlgorithm findById = SignatureAlgorithm.findById(i4);
                    if (findById == null) {
                        signerInfo.addWarning(ApkVerifier.Issue.SOURCE_STAMP_UNKNOWN_SIG_ALGORITHM, Integer.valueOf(i4));
                    } else {
                        arrayList2.add(new ApkSigningBlockUtils.SupportedSignature(findById, readLengthPrefixedByteArray2));
                    }
                } catch (ApkFormatException | BufferUnderflowException e) {
                    signerInfo.addWarning(ApkVerifier.Issue.SOURCE_STAMP_MALFORMED_SIGNATURE, Integer.valueOf(i3));
                    return;
                }
            }
            if (signerInfo.signatures.isEmpty()) {
                signerInfo.addWarning(ApkVerifier.Issue.SOURCE_STAMP_NO_SIGNATURE, new Object[0]);
                return;
            }
            try {
                for (ApkSigningBlockUtils.SupportedSignature supportedSignature : ApkSigningBlockUtils.getSignaturesToVerify(arrayList2, i, i2)) {
                    SignatureAlgorithm signatureAlgorithm = supportedSignature.algorithm;
                    String first = signatureAlgorithm.getJcaSignatureAlgorithmAndParams().getFirst();
                    AlgorithmParameterSpec second = signatureAlgorithm.getJcaSignatureAlgorithmAndParams().getSecond();
                    PublicKey publicKey = guaranteedEncodedFormX509Certificate.getPublicKey();
                    try {
                        Signature signature = Signature.getInstance(first);
                        signature.initVerify(publicKey);
                        if (second != null) {
                            signature.setParameter(second);
                        }
                        signature.update(encodeAsSequenceOfLengthPrefixedPairsOfIntAndLengthPrefixedBytes);
                        byte[] bArr2 = supportedSignature.signature;
                        if (!signature.verify(bArr2)) {
                            signerInfo.addWarning(ApkVerifier.Issue.SOURCE_STAMP_DID_NOT_VERIFY, signatureAlgorithm);
                            return;
                        }
                        signerInfo.verifiedSignatures.put(signatureAlgorithm, bArr2);
                    } catch (InvalidAlgorithmParameterException | InvalidKeyException | SignatureException e2) {
                        signerInfo.addWarning(ApkVerifier.Issue.SOURCE_STAMP_VERIFY_EXCEPTION, signatureAlgorithm, e2);
                        return;
                    }
                }
            } catch (ApkSigningBlockUtils.NoSupportedSignaturesException e3) {
                signerInfo.addWarning(ApkVerifier.Issue.SOURCE_STAMP_NO_SUPPORTED_SIGNATURE, new Object[0]);
            }
        } catch (CertificateException e4) {
            signerInfo.addWarning(ApkVerifier.Issue.SOURCE_STAMP_MALFORMED_CERTIFICATE, e4);
        }
    }
}
