package com.bytedance.pangle.g;

import android.util.ArrayMap;
import android.util.Pair;
import androidx.annotation.RequiresApi;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import org.qiyi.video.module.action.qypage.IQYPageAction;

@RequiresApi(api = 21)
/* loaded from: classes.dex */
public final class c {

    /* loaded from: classes.dex */
    static class a extends Exception {
    }

    /* loaded from: classes.dex */
    public static class b {

        /* renamed from: a, reason: collision with root package name */
        public final List<X509Certificate> f8784a;

        /* renamed from: b, reason: collision with root package name */
        public final List<Integer> f8785b;

        public b(List<X509Certificate> list, List<Integer> list2) {
            this.f8784a = list;
            this.f8785b = list2;
        }
    }

    /* renamed from: com.bytedance.pangle.g.c$c, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public static class C0118c {

        /* renamed from: a, reason: collision with root package name */
        public final X509Certificate[] f8786a;

        /* renamed from: b, reason: collision with root package name */
        public final b f8787b;

        /* renamed from: c, reason: collision with root package name */
        public byte[] f8788c;

        public C0118c(X509Certificate[] x509CertificateArr, b bVar) {
            this.f8786a = x509CertificateArr;
            this.f8787b = bVar;
        }
    }

    private static b a(ByteBuffer byteBuffer, CertificateFactory certificateFactory) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        int i11 = 0;
        try {
            byteBuffer.getInt();
            HashSet hashSet = new HashSet();
            int i12 = -1;
            p pVar = null;
            while (byteBuffer.hasRemaining()) {
                i11++;
                ByteBuffer a11 = f.a(byteBuffer);
                ByteBuffer a12 = f.a(a11);
                int i13 = a11.getInt();
                int i14 = a11.getInt();
                byte[] b2 = f.b(a11);
                if (pVar != null) {
                    Pair<String, ? extends AlgorithmParameterSpec> d = f.d(i12);
                    PublicKey publicKey = pVar.getPublicKey();
                    Signature signature = Signature.getInstance((String) d.first);
                    signature.initVerify(publicKey);
                    Object obj = d.second;
                    if (obj != null) {
                        signature.setParameter((AlgorithmParameterSpec) obj);
                    }
                    signature.update(a12);
                    if (!signature.verify(b2)) {
                        throw new SecurityException("Unable to verify signature of certificate #" + i11 + " using " + ((String) d.first) + " when verifying Proof-of-rotation record");
                    }
                }
                a12.rewind();
                byte[] b11 = f.b(a12);
                int i15 = a12.getInt();
                if (pVar != null && i12 != i15) {
                    throw new SecurityException("Signing algorithm ID mismatch for certificate #" + i11 + " when verifying Proof-of-rotation record");
                }
                pVar = new p((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(b11)), b11);
                if (hashSet.contains(pVar)) {
                    throw new SecurityException("Encountered duplicate entries in Proof-of-rotation record at certificate #" + i11 + ".  All signing certificates should be unique");
                }
                hashSet.add(pVar);
                arrayList.add(pVar);
                arrayList2.add(Integer.valueOf(i13));
                i12 = i14;
            }
            return new b(arrayList, arrayList2);
        } catch (IOException e11) {
            e = e11;
            throw new IOException("Failed to parse Proof-of-rotation record", e);
        } catch (BufferUnderflowException e12) {
            e = e12;
            throw new IOException("Failed to parse Proof-of-rotation record", e);
        } catch (InvalidAlgorithmParameterException e13) {
            e = e13;
            throw new SecurityException("Failed to verify signature over signed data for certificate #0 when verifying Proof-of-rotation record", e);
        } catch (InvalidKeyException e14) {
            e = e14;
            throw new SecurityException("Failed to verify signature over signed data for certificate #0 when verifying Proof-of-rotation record", e);
        } catch (NoSuchAlgorithmException e15) {
            e = e15;
            throw new SecurityException("Failed to verify signature over signed data for certificate #0 when verifying Proof-of-rotation record", e);
        } catch (SignatureException e16) {
            e = e16;
            throw new SecurityException("Failed to verify signature over signed data for certificate #0 when verifying Proof-of-rotation record", e);
        } catch (CertificateException e17) {
            throw new SecurityException("Failed to decode certificate #0 when verifying Proof-of-rotation record", e17);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static C0118c a(RandomAccessFile randomAccessFile, m mVar) {
        ArrayMap arrayMap = new ArrayMap();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                ByteBuffer a11 = f.a(mVar.f8802a);
                int i11 = 0;
                C0118c c0118c = null;
                while (a11.hasRemaining()) {
                    try {
                        c0118c = a(f.a(a11), arrayMap, certificateFactory);
                        i11++;
                    } catch (a unused) {
                    } catch (IOException e11) {
                        e = e11;
                        throw new SecurityException("Failed to parse/verify signer #" + i11 + " block", e);
                    } catch (SecurityException e12) {
                        e = e12;
                        throw new SecurityException("Failed to parse/verify signer #" + i11 + " block", e);
                    } catch (BufferUnderflowException e13) {
                        e = e13;
                        throw new SecurityException("Failed to parse/verify signer #" + i11 + " block", e);
                    }
                }
                if (i11 <= 0 || c0118c == null) {
                    throw new SecurityException("No signers found");
                }
                if (i11 != 1) {
                    throw new SecurityException("APK Signature Scheme V3 only supports one signer: multiple signers found.");
                }
                if (arrayMap.isEmpty()) {
                    throw new SecurityException("No content digests found");
                }
                f.a(arrayMap, randomAccessFile, mVar);
                if (arrayMap.containsKey(3)) {
                    c0118c.f8788c = f.a((byte[]) arrayMap.get(3), randomAccessFile.length(), mVar);
                }
                return c0118c;
            } catch (IOException e14) {
                throw new SecurityException("Failed to read list of signers", e14);
            }
        } catch (CertificateException e15) {
            throw new RuntimeException("Failed to obtain X.509 CertificateFactory", e15);
        }
    }

    private static C0118c a(ByteBuffer byteBuffer, List<X509Certificate> list, CertificateFactory certificateFactory) {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) list.toArray(new X509Certificate[list.size()]);
        b bVar = null;
        while (byteBuffer.hasRemaining()) {
            ByteBuffer a11 = f.a(byteBuffer);
            if (a11.remaining() < 4) {
                throw new IOException("Remaining buffer too short to contain additional attribute ID. Remaining: " + a11.remaining());
            }
            if (a11.getInt() == 1000370060) {
                if (bVar != null) {
                    throw new SecurityException("Encountered multiple Proof-of-rotation records when verifying APK Signature Scheme v3 signature");
                }
                bVar = a(a11, certificateFactory);
                try {
                    if (bVar.f8784a.size() > 0) {
                        if (!Arrays.equals(bVar.f8784a.get(r1.size() - 1).getEncoded(), x509CertificateArr[0].getEncoded())) {
                            throw new SecurityException("Terminal certificate in Proof-of-rotation record does not match APK signing certificate");
                        }
                    } else {
                        continue;
                    }
                } catch (CertificateEncodingException e11) {
                    throw new SecurityException("Failed to encode certificate when comparing Proof-of-rotation record and signing certificate", e11);
                }
            }
        }
        return new C0118c(x509CertificateArr, bVar);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:20:0x0058. Please report as an issue. */
    private static C0118c a(ByteBuffer byteBuffer, Map<Integer, byte[]> map, CertificateFactory certificateFactory) {
        ByteBuffer a11 = f.a(byteBuffer);
        int i11 = byteBuffer.getInt();
        int i12 = byteBuffer.getInt();
        ByteBuffer a12 = f.a(byteBuffer);
        byte[] b2 = f.b(byteBuffer);
        ArrayList arrayList = new ArrayList();
        int i13 = -1;
        int i14 = 0;
        byte[] bArr = null;
        while (true) {
            int i15 = 8;
            boolean z11 = true;
            if (!a12.hasRemaining()) {
                if (i13 == -1) {
                    if (i14 == 0) {
                        throw new SecurityException("No signatures found");
                    }
                    throw new SecurityException("No supported signatures found");
                }
                String c11 = f.c(i13);
                Pair<String, ? extends AlgorithmParameterSpec> d = f.d(i13);
                String str = (String) d.first;
                AlgorithmParameterSpec algorithmParameterSpec = (AlgorithmParameterSpec) d.second;
                try {
                    PublicKey generatePublic = KeyFactory.getInstance(c11).generatePublic(new X509EncodedKeySpec(b2));
                    Signature signature = Signature.getInstance(str);
                    signature.initVerify(generatePublic);
                    if (algorithmParameterSpec != null) {
                        signature.setParameter(algorithmParameterSpec);
                    }
                    signature.update(a11);
                    if (!signature.verify(bArr)) {
                        throw new SecurityException(str + " signature did not verify");
                    }
                    a11.clear();
                    ByteBuffer a13 = f.a(a11);
                    ArrayList arrayList2 = new ArrayList();
                    byte[] bArr2 = null;
                    int i16 = 0;
                    while (a13.hasRemaining()) {
                        i16++;
                        try {
                            ByteBuffer a14 = f.a(a13);
                            if (a14.remaining() < i15) {
                                throw new IOException("Record too short");
                            }
                            int i17 = a14.getInt();
                            arrayList2.add(Integer.valueOf(i17));
                            if (i17 == i13) {
                                bArr2 = f.b(a14);
                            }
                            i15 = 8;
                        } catch (IOException | BufferUnderflowException e11) {
                            throw new IOException("Failed to parse digest record #".concat(String.valueOf(i16)), e11);
                        }
                    }
                    if (!arrayList.equals(arrayList2)) {
                        throw new SecurityException("Signature algorithms don't match between digests and signatures records");
                    }
                    int a15 = f.a(i13);
                    byte[] put = map.put(Integer.valueOf(a15), bArr2);
                    if (put != null && !MessageDigest.isEqual(put, bArr2)) {
                        throw new SecurityException(f.b(a15) + " contents digest does not match the digest specified by a preceding signer");
                    }
                    ByteBuffer a16 = f.a(a11);
                    ArrayList arrayList3 = new ArrayList();
                    int i18 = 0;
                    while (a16.hasRemaining()) {
                        i18++;
                        byte[] b11 = f.b(a16);
                        try {
                            arrayList3.add(new p((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(b11)), b11));
                        } catch (CertificateException e12) {
                            throw new SecurityException("Failed to decode certificate #".concat(String.valueOf(i18)), e12);
                        }
                    }
                    if (arrayList3.isEmpty()) {
                        throw new SecurityException("No certificates listed");
                    }
                    if (!Arrays.equals(b2, ((X509Certificate) arrayList3.get(0)).getPublicKey().getEncoded())) {
                        throw new SecurityException("Public key mismatch between certificate and signature record");
                    }
                    if (a11.getInt() != i11) {
                        throw new SecurityException("minSdkVersion mismatch between signed and unsigned in v3 signer block.");
                    }
                    if (a11.getInt() == i12) {
                        return a(f.a(a11), arrayList3, certificateFactory);
                    }
                    throw new SecurityException("maxSdkVersion mismatch between signed and unsigned in v3 signer block.");
                } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | InvalidKeySpecException e13) {
                    throw new SecurityException("Failed to verify " + str + " signature", e13);
                }
            }
            i14++;
            try {
                ByteBuffer a17 = f.a(a12);
                if (a17.remaining() < 8) {
                    throw new SecurityException("Signature record too short");
                }
                int i19 = a17.getInt();
                arrayList.add(Integer.valueOf(i19));
                if (i19 != 513 && i19 != 514 && i19 != 769 && i19 != 1057 && i19 != 1059 && i19 != 1061) {
                    switch (i19) {
                        case 257:
                        case 258:
                        case 259:
                        case IQYPageAction.ACTION_GET_TOP_NAVI_SKIN_COLOR /* 260 */:
                            break;
                        default:
                            z11 = false;
                            break;
                    }
                }
                if (z11 && (i13 == -1 || f.a(i19, i13) > 0)) {
                    bArr = f.b(a17);
                    i13 = i19;
                }
            } catch (IOException | BufferUnderflowException e14) {
                throw new SecurityException("Failed to parse signature record #".concat(String.valueOf(i14)), e14);
            }
        }
    }
}
