package android.util.jar;

import android.content.pm.EphemeralResolveInfo;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.jar.Attributes;
import libcore.io.Base64;
import sun.security.jca.Providers;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.SignerInfo;

/* loaded from: classes2.dex */
class StrictJarVerifier {
    private static final String[] DIGEST_ALGORITHMS = {"SHA-512", "SHA-384", EphemeralResolveInfo.SHA_ALGORITHM, "SHA1"};
    private final String jarName;
    private final int mainAttributesEnd;
    private final StrictJarManifest manifest;
    private final HashMap<String, byte[]> metaEntries;
    private final boolean signatureSchemeRollbackProtectionsEnforced;
    private final Hashtable<String, HashMap<String, Attributes>> signatures = new Hashtable<>(5);
    private final Hashtable<String, Certificate[]> certificates = new Hashtable<>(5);
    private final Hashtable<String, Certificate[][]> verifiedEntries = new Hashtable<>();

    /* loaded from: classes2.dex */
    static class VerifierEntry extends OutputStream {
        private final Certificate[][] certChains;
        private final MessageDigest digest;
        private final byte[] hash;
        private final String name;
        private final Hashtable<String, Certificate[][]> verifiedEntries;

        VerifierEntry(String str, MessageDigest messageDigest, byte[] bArr, Certificate[][] certificateArr, Hashtable<String, Certificate[][]> hashtable) {
            this.name = str;
            this.digest = messageDigest;
            this.hash = bArr;
            this.certChains = certificateArr;
            this.verifiedEntries = hashtable;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void verify() {
            if (MessageDigest.isEqual(this.digest.digest(), Base64.decode(this.hash))) {
                this.verifiedEntries.put(this.name, this.certChains);
            } else {
                String str = this.name;
                throw StrictJarVerifier.invalidDigest("META-INF/MANIFEST.MF", str, str);
            }
        }

        @Override // java.io.OutputStream
        public void write(int i) {
            this.digest.update((byte) i);
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) {
            this.digest.update(bArr, i, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public StrictJarVerifier(String str, StrictJarManifest strictJarManifest, HashMap<String, byte[]> hashMap, boolean z) {
        this.jarName = str;
        this.manifest = strictJarManifest;
        this.metaEntries = hashMap;
        this.mainAttributesEnd = strictJarManifest.getMainAttributesEnd();
        this.signatureSchemeRollbackProtectionsEnforced = z;
    }

    private static SecurityException failedVerification(String str, String str2) {
        throw new SecurityException(str + " failed verification of " + str2);
    }

    private static SecurityException failedVerification(String str, String str2, Throwable th) {
        throw new SecurityException(str + " failed verification of " + str2, th);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SecurityException invalidDigest(String str, String str2, String str3) {
        throw new SecurityException(str + " has invalid digest for " + str2 + " in " + str3);
    }

    private boolean verify(Attributes attributes, String str, byte[] bArr, int i, int i2, boolean z, boolean z2) {
        int i3 = 0;
        while (true) {
            String[] strArr = DIGEST_ALGORITHMS;
            if (i3 >= strArr.length) {
                return z2;
            }
            String str2 = strArr[i3];
            String value = attributes.getValue(str2 + str);
            if (value != null) {
                try {
                    MessageDigest messageDigest = MessageDigest.getInstance(str2);
                    if (z) {
                        int i4 = i2 - 1;
                        if (bArr[i4] == 10 && bArr[i2 - 2] == 10) {
                            messageDigest.update(bArr, i, i4 - i);
                            return MessageDigest.isEqual(messageDigest.digest(), Base64.decode(value.getBytes(StandardCharsets.ISO_8859_1)));
                        }
                    }
                    messageDigest.update(bArr, i, i2 - i);
                    return MessageDigest.isEqual(messageDigest.digest(), Base64.decode(value.getBytes(StandardCharsets.ISO_8859_1)));
                } catch (NoSuchAlgorithmException unused) {
                    i3++;
                }
            }
            i3++;
        }
    }

    static Certificate[] verifyBytes(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        try {
            try {
                Object startJarVerification = Providers.startJarVerification();
                PKCS7 pkcs7 = new PKCS7(bArr);
                SignerInfo[] verify = pkcs7.verify(bArr2);
                if (verify == null || verify.length == 0) {
                    throw new GeneralSecurityException("Failed to verify signature: no verified SignerInfos");
                }
                ArrayList certificateChain = verify[0].getCertificateChain(pkcs7);
                if (certificateChain == null) {
                    throw new GeneralSecurityException("Failed to find verified SignerInfo certificate chain");
                }
                if (certificateChain.isEmpty()) {
                    throw new GeneralSecurityException("Verified SignerInfo certificate chain is emtpy");
                }
                Certificate[] certificateArr = (Certificate[]) certificateChain.toArray(new X509Certificate[certificateChain.size()]);
                Providers.stopJarVerification(startJarVerification);
                return certificateArr;
            } catch (IOException e) {
                throw new GeneralSecurityException("IO exception verifying jar cert", e);
            }
        } catch (Throwable th) {
            Providers.stopJarVerification((Object) null);
            throw th;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:24:0x0074  */
    /* JADX WARN: Removed duplicated region for block: B:40:0x008c A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void verifyCertificate(java.lang.String r15) {
        /*
            Method dump skipped, instructions count: 349
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: android.util.jar.StrictJarVerifier.verifyCertificate(java.lang.String):void");
    }

    void addMetaEntry(String str, byte[] bArr) {
        this.metaEntries.put(str.toUpperCase(Locale.US), bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Certificate[][] getCertificateChains(String str) {
        return this.verifiedEntries.get(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public VerifierEntry initEntry(String str) {
        Attributes attributes;
        if (this.manifest == null || this.signatures.isEmpty() || (attributes = this.manifest.getAttributes(str)) == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, HashMap<String, Attributes>> entry : this.signatures.entrySet()) {
            if (entry.getValue().get(str) != null) {
                Certificate[] certificateArr = this.certificates.get(entry.getKey());
                if (certificateArr != null) {
                    arrayList.add(certificateArr);
                }
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        Certificate[][] certificateArr2 = (Certificate[][]) arrayList.toArray(new Certificate[arrayList.size()]);
        int i = 0;
        while (true) {
            String[] strArr = DIGEST_ALGORITHMS;
            if (i >= strArr.length) {
                break;
            }
            String str2 = strArr[i];
            String value = attributes.getValue(str2 + "-Digest");
            if (value != null) {
                try {
                    return new VerifierEntry(str, MessageDigest.getInstance(str2), value.getBytes(StandardCharsets.ISO_8859_1), certificateArr2, this.verifiedEntries);
                } catch (NoSuchAlgorithmException unused) {
                    continue;
                }
            }
            i++;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isSignedJar() {
        return this.certificates.size() > 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized boolean readCertificates() {
        if (this.metaEntries.isEmpty()) {
            return false;
        }
        Iterator<String> it2 = this.metaEntries.keySet().iterator();
        while (it2.hasNext()) {
            String next = it2.next();
            if (next.endsWith(".DSA") || next.endsWith(".RSA") || next.endsWith(".EC")) {
                verifyCertificate(next);
                it2.remove();
            }
        }
        return true;
    }

    void removeMetaEntries() {
        this.metaEntries.clear();
    }
}
