package android.util.apk;

import android.content.pm.PackageParser;
import android.content.pm.Signature;
import android.os.Trace;
import android.util.apk.ApkSignatureSchemeV3Verifier;
import android.util.jar.StrictJarFile;
import com.android.internal.util.ArrayUtils;
import java.io.IOException;
import java.io.InputStream;
import java.security.DigestException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.concurrent.atomic.AtomicReference;
import java.util.zip.ZipEntry;
import libcore.io.IoUtils;

/* loaded from: classes2.dex */
public class ApkSignatureVerifier {
    private static final AtomicReference<byte[]> sBuffer = new AtomicReference<>();

    /* loaded from: classes2.dex */
    public static class Result {
        public final Certificate[][] certs;
        public final int signatureSchemeVersion;
        public final Signature[] sigs;

        public Result(Certificate[][] certificateArr, Signature[] signatureArr, int i) {
            this.certs = certificateArr;
            this.sigs = signatureArr;
            this.signatureSchemeVersion = i;
        }
    }

    private static void closeQuietly(StrictJarFile strictJarFile) {
        if (strictJarFile != null) {
            try {
                strictJarFile.close();
            } catch (Exception unused) {
            }
        }
    }

    public static Signature[] convertToSignatures(Certificate[][] certificateArr) throws CertificateEncodingException {
        Signature[] signatureArr = new Signature[certificateArr.length];
        for (int i = 0; i < certificateArr.length; i++) {
            signatureArr[i] = new Signature(certificateArr[i]);
        }
        return signatureArr;
    }

    public static byte[] generateApkVerity(String str, ByteBufferFactory byteBufferFactory) throws IOException, SignatureNotFoundException, SecurityException, DigestException, NoSuchAlgorithmException {
        try {
            return ApkSignatureSchemeV3Verifier.generateApkVerity(str, byteBufferFactory);
        } catch (SignatureNotFoundException unused) {
            return ApkSignatureSchemeV2Verifier.generateApkVerity(str, byteBufferFactory);
        }
    }

    public static byte[] generateApkVerityRootHash(String str) throws NoSuchAlgorithmException, DigestException, IOException {
        try {
            try {
                return ApkSignatureSchemeV3Verifier.generateApkVerityRootHash(str);
            } catch (SignatureNotFoundException unused) {
                return ApkSignatureSchemeV2Verifier.generateApkVerityRootHash(str);
            }
        } catch (SignatureNotFoundException unused2) {
            return null;
        }
    }

    public static byte[] getVerityRootHash(String str) throws IOException, SecurityException {
        try {
            try {
                return ApkSignatureSchemeV3Verifier.getVerityRootHash(str);
            } catch (SignatureNotFoundException unused) {
                return ApkSignatureSchemeV2Verifier.getVerityRootHash(str);
            }
        } catch (SignatureNotFoundException unused2) {
            return null;
        }
    }

    private static Certificate[][] loadCertificates(StrictJarFile strictJarFile, ZipEntry zipEntry) throws PackageParser.PackageParserException {
        try {
            try {
                InputStream inputStream = strictJarFile.getInputStream(zipEntry);
                readFullyIgnoringContents(inputStream);
                Certificate[][] certificateChains = strictJarFile.getCertificateChains(zipEntry);
                IoUtils.closeQuietly(inputStream);
                return certificateChains;
            } catch (Throwable th) {
                IoUtils.closeQuietly((AutoCloseable) null);
                throw th;
            }
        } catch (IOException | RuntimeException e) {
            throw new PackageParser.PackageParserException(-102, "Failed reading " + zipEntry.getName() + " in " + strictJarFile, e);
        }
    }

    private static void readFullyIgnoringContents(InputStream inputStream) throws IOException {
        byte[] andSet = sBuffer.getAndSet(null);
        if (andSet == null) {
            andSet = new byte[4096];
        }
        do {
        } while (inputStream.read(andSet, 0, andSet.length) != -1);
        sBuffer.set(andSet);
    }

    public static PackageParser.SigningDetails unsafeGetCertsWithoutVerification(String str, int i) throws PackageParser.PackageParserException {
        if (i > 3) {
            throw new PackageParser.PackageParserException(-103, "No signature found in package of version " + i + " or newer for package " + str);
        }
        Trace.traceBegin(262144L, "certsOnlyV3");
        try {
            try {
                ApkSignatureSchemeV3Verifier.VerifiedSigner unsafeGetCertsWithoutVerification = ApkSignatureSchemeV3Verifier.unsafeGetCertsWithoutVerification(str);
                Signature[] convertToSignatures = convertToSignatures(new Certificate[][]{unsafeGetCertsWithoutVerification.certs});
                Signature[] signatureArr = null;
                if (unsafeGetCertsWithoutVerification.por != null) {
                    signatureArr = new Signature[unsafeGetCertsWithoutVerification.por.certs.size()];
                    for (int i2 = 0; i2 < signatureArr.length; i2++) {
                        signatureArr[i2] = new Signature(unsafeGetCertsWithoutVerification.por.certs.get(i2).getEncoded());
                        signatureArr[i2].setFlags(unsafeGetCertsWithoutVerification.por.flagsList.get(i2).intValue());
                    }
                }
                PackageParser.SigningDetails signingDetails = new PackageParser.SigningDetails(convertToSignatures, 3, signatureArr);
                Trace.traceEnd(262144L);
                return signingDetails;
            } catch (Throwable th) {
                Trace.traceEnd(262144L);
                throw th;
            }
        } catch (SignatureNotFoundException e) {
            if (i >= 3) {
                throw new PackageParser.PackageParserException(-103, "No APK Signature Scheme v3 signature in package " + str, e);
            }
            Trace.traceEnd(262144L);
            if (i > 2) {
                throw new PackageParser.PackageParserException(-103, "No signature found in package of version " + i + " or newer for package " + str);
            }
            Trace.traceBegin(262144L, "certsOnlyV2");
            try {
                try {
                    PackageParser.SigningDetails signingDetails2 = new PackageParser.SigningDetails(convertToSignatures(ApkSignatureSchemeV2Verifier.unsafeGetCertsWithoutVerification(str)), 2);
                    Trace.traceEnd(262144L);
                    return signingDetails2;
                } catch (Throwable th2) {
                    Trace.traceEnd(262144L);
                    throw th2;
                }
            } catch (SignatureNotFoundException e2) {
                if (i >= 2) {
                    throw new PackageParser.PackageParserException(-103, "No APK Signature Scheme v2 signature in package " + str, e2);
                }
                Trace.traceEnd(262144L);
                if (i <= 1) {
                    return verifyV1Signature(str, false);
                }
                throw new PackageParser.PackageParserException(-103, "No signature found in package of version " + i + " or newer for package " + str);
            } catch (Exception e3) {
                throw new PackageParser.PackageParserException(-103, "Failed to collect certificates from " + str + " using APK Signature Scheme v2", e3);
            }
        } catch (Exception e4) {
            throw new PackageParser.PackageParserException(-103, "Failed to collect certificates from " + str + " using APK Signature Scheme v3", e4);
        }
    }

    public static PackageParser.SigningDetails verify(String str, int i) throws PackageParser.PackageParserException {
        if (i > 3) {
            throw new PackageParser.PackageParserException(-103, "No signature found in package of version " + i + " or newer for package " + str);
        }
        Trace.traceBegin(262144L, "verifyV3");
        try {
            try {
                ApkSignatureSchemeV3Verifier.VerifiedSigner verify = ApkSignatureSchemeV3Verifier.verify(str);
                Signature[] convertToSignatures = convertToSignatures(new Certificate[][]{verify.certs});
                Signature[] signatureArr = null;
                if (verify.por != null) {
                    signatureArr = new Signature[verify.por.certs.size()];
                    for (int i2 = 0; i2 < signatureArr.length; i2++) {
                        signatureArr[i2] = new Signature(verify.por.certs.get(i2).getEncoded());
                        signatureArr[i2].setFlags(verify.por.flagsList.get(i2).intValue());
                    }
                }
                PackageParser.SigningDetails signingDetails = new PackageParser.SigningDetails(convertToSignatures, 3, signatureArr);
                Trace.traceEnd(262144L);
                return signingDetails;
            } catch (Throwable th) {
                Trace.traceEnd(262144L);
                throw th;
            }
        } catch (SignatureNotFoundException e) {
            if (i >= 3) {
                throw new PackageParser.PackageParserException(-103, "No APK Signature Scheme v3 signature in package " + str, e);
            }
            Trace.traceEnd(262144L);
            if (i > 2) {
                throw new PackageParser.PackageParserException(-103, "No signature found in package of version " + i + " or newer for package " + str);
            }
            Trace.traceBegin(262144L, "verifyV2");
            try {
                try {
                    PackageParser.SigningDetails signingDetails2 = new PackageParser.SigningDetails(convertToSignatures(ApkSignatureSchemeV2Verifier.verify(str)), 2);
                    Trace.traceEnd(262144L);
                    return signingDetails2;
                } catch (Throwable th2) {
                    Trace.traceEnd(262144L);
                    throw th2;
                }
            } catch (SignatureNotFoundException e2) {
                if (i >= 2) {
                    throw new PackageParser.PackageParserException(-103, "No APK Signature Scheme v2 signature in package " + str, e2);
                }
                Trace.traceEnd(262144L);
                if (i <= 1) {
                    return verifyV1Signature(str, true);
                }
                throw new PackageParser.PackageParserException(-103, "No signature found in package of version " + i + " or newer for package " + str);
            } catch (Exception e3) {
                throw new PackageParser.PackageParserException(-103, "Failed to collect certificates from " + str + " using APK Signature Scheme v2", e3);
            }
        } catch (Exception e4) {
            throw new PackageParser.PackageParserException(-103, "Failed to collect certificates from " + str + " using APK Signature Scheme v3", e4);
        }
    }

    private static PackageParser.SigningDetails verifyV1Signature(String str, boolean z) throws PackageParser.PackageParserException {
        StrictJarFile strictJarFile;
        try {
            try {
                Trace.traceBegin(262144L, "strictJarFileCtor");
                strictJarFile = new StrictJarFile(str, true, z);
            } catch (Throwable th) {
                th = th;
                strictJarFile = null;
            }
        } catch (IOException e) {
            e = e;
        } catch (RuntimeException e2) {
            e = e2;
        } catch (GeneralSecurityException e3) {
            e = e3;
        }
        try {
            ArrayList<ZipEntry> arrayList = new ArrayList();
            ZipEntry findEntry = strictJarFile.findEntry(PackageParser.ANDROID_MANIFEST_FILENAME);
            if (findEntry == null) {
                throw new PackageParser.PackageParserException(-101, "Package " + str + " has no manifest");
            }
            Certificate[][] loadCertificates = loadCertificates(strictJarFile, findEntry);
            if (ArrayUtils.isEmpty(loadCertificates)) {
                throw new PackageParser.PackageParserException(-103, "Package " + str + " has no certificates at entry " + PackageParser.ANDROID_MANIFEST_FILENAME);
            }
            Signature[] convertToSignatures = convertToSignatures(loadCertificates);
            if (z) {
                Iterator<ZipEntry> it = strictJarFile.iterator();
                while (it.hasNext()) {
                    ZipEntry next = it.next();
                    if (!next.isDirectory()) {
                        String name = next.getName();
                        if (!name.startsWith("META-INF/") && !name.equals(PackageParser.ANDROID_MANIFEST_FILENAME)) {
                            arrayList.add(next);
                        }
                    }
                }
                for (ZipEntry zipEntry : arrayList) {
                    Certificate[][] loadCertificates2 = loadCertificates(strictJarFile, zipEntry);
                    if (ArrayUtils.isEmpty(loadCertificates2)) {
                        throw new PackageParser.PackageParserException(-103, "Package " + str + " has no certificates at entry " + zipEntry.getName());
                    }
                    if (!Signature.areExactMatch(convertToSignatures, convertToSignatures(loadCertificates2))) {
                        throw new PackageParser.PackageParserException(-104, "Package " + str + " has mismatched certificates at entry " + zipEntry.getName());
                    }
                }
            }
            PackageParser.SigningDetails signingDetails = new PackageParser.SigningDetails(convertToSignatures, 1);
            Trace.traceEnd(262144L);
            closeQuietly(strictJarFile);
            return signingDetails;
        } catch (IOException e4) {
            e = e4;
            throw new PackageParser.PackageParserException(-103, "Failed to collect certificates from " + str, e);
        } catch (RuntimeException e5) {
            e = e5;
            throw new PackageParser.PackageParserException(-103, "Failed to collect certificates from " + str, e);
        } catch (GeneralSecurityException e6) {
            e = e6;
            throw new PackageParser.PackageParserException(-105, "Failed to collect certificates from " + str, e);
        } catch (Throwable th2) {
            th = th2;
            Trace.traceEnd(262144L);
            closeQuietly(strictJarFile);
            throw th;
        }
    }
}
