package com.taobao.update.instantpatch.flow;

import android.os.Build;
import android.util.Pair;
import com.ali.user.mobile.ui.WebConstant;
import com.kaola.modules.search.model.IntelligenceKey;
import com.netease.mobidroid.c.g;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;

/* loaded from: classes5.dex */
public class PatchChecker implements com.android.alibaba.ip.common.a {
    private com.taobao.update.datasource.b.a gyH = com.taobao.update.datasource.b.b.al(PatchChecker.class);

    /* loaded from: classes5.dex */
    public static class ApkSignatureSchemeV2Verifier {

        /* loaded from: classes5.dex */
        public static class SignatureNotFoundException extends Exception {
            private static final long serialVersionUID = 1;

            public SignatureNotFoundException(String str) {
                super(str);
            }

            public SignatureNotFoundException(String str, Throwable th) {
                super(str, th);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: classes5.dex */
        public static class VerbatimX509Certificate extends WrappedX509Certificate {
            private byte[] encodedVerbatim;

            public VerbatimX509Certificate(X509Certificate x509Certificate, byte[] bArr) {
                super(x509Certificate);
                this.encodedVerbatim = bArr;
            }

            @Override // com.taobao.update.instantpatch.flow.PatchChecker.ApkSignatureSchemeV2Verifier.WrappedX509Certificate, java.security.cert.Certificate
            public byte[] getEncoded() throws CertificateEncodingException {
                return this.encodedVerbatim;
            }
        }

        /* loaded from: classes5.dex */
        private static class WrappedX509Certificate extends X509Certificate {
            private final X509Certificate wrapped;

            public WrappedX509Certificate(X509Certificate x509Certificate) {
                this.wrapped = x509Certificate;
            }

            @Override // java.security.cert.X509Certificate
            public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
                this.wrapped.checkValidity();
            }

            @Override // java.security.cert.X509Certificate
            public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
                this.wrapped.checkValidity(date);
            }

            @Override // java.security.cert.X509Certificate
            public int getBasicConstraints() {
                return this.wrapped.getBasicConstraints();
            }

            @Override // java.security.cert.X509Extension
            public Set<String> getCriticalExtensionOIDs() {
                return this.wrapped.getCriticalExtensionOIDs();
            }

            @Override // java.security.cert.Certificate
            public byte[] getEncoded() throws CertificateEncodingException {
                return this.wrapped.getEncoded();
            }

            @Override // java.security.cert.X509Extension
            public byte[] getExtensionValue(String str) {
                return this.wrapped.getExtensionValue(str);
            }

            @Override // java.security.cert.X509Certificate
            public Principal getIssuerDN() {
                return this.wrapped.getIssuerDN();
            }

            @Override // java.security.cert.X509Certificate
            public boolean[] getIssuerUniqueID() {
                return this.wrapped.getIssuerUniqueID();
            }

            @Override // java.security.cert.X509Certificate
            public boolean[] getKeyUsage() {
                return this.wrapped.getKeyUsage();
            }

            @Override // java.security.cert.X509Extension
            public Set<String> getNonCriticalExtensionOIDs() {
                return this.wrapped.getNonCriticalExtensionOIDs();
            }

            @Override // java.security.cert.X509Certificate
            public Date getNotAfter() {
                return this.wrapped.getNotAfter();
            }

            @Override // java.security.cert.X509Certificate
            public Date getNotBefore() {
                return this.wrapped.getNotBefore();
            }

            @Override // java.security.cert.Certificate
            public PublicKey getPublicKey() {
                return this.wrapped.getPublicKey();
            }

            @Override // java.security.cert.X509Certificate
            public BigInteger getSerialNumber() {
                return this.wrapped.getSerialNumber();
            }

            @Override // java.security.cert.X509Certificate
            public String getSigAlgName() {
                return this.wrapped.getSigAlgName();
            }

            @Override // java.security.cert.X509Certificate
            public String getSigAlgOID() {
                return this.wrapped.getSigAlgOID();
            }

            @Override // java.security.cert.X509Certificate
            public byte[] getSigAlgParams() {
                return this.wrapped.getSigAlgParams();
            }

            @Override // java.security.cert.X509Certificate
            public byte[] getSignature() {
                return this.wrapped.getSignature();
            }

            @Override // java.security.cert.X509Certificate
            public Principal getSubjectDN() {
                return this.wrapped.getSubjectDN();
            }

            @Override // java.security.cert.X509Certificate
            public boolean[] getSubjectUniqueID() {
                return this.wrapped.getSubjectUniqueID();
            }

            @Override // java.security.cert.X509Certificate
            public byte[] getTBSCertificate() throws CertificateEncodingException {
                return this.wrapped.getTBSCertificate();
            }

            @Override // java.security.cert.X509Certificate
            public int getVersion() {
                return this.wrapped.getVersion();
            }

            @Override // java.security.cert.X509Extension
            public boolean hasUnsupportedCriticalExtension() {
                return this.wrapped.hasUnsupportedCriticalExtension();
            }

            @Override // java.security.cert.Certificate
            public String toString() {
                return this.wrapped.toString();
            }

            @Override // java.security.cert.Certificate
            public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
                this.wrapped.verify(publicKey);
            }

            @Override // java.security.cert.Certificate
            public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
                this.wrapped.verify(publicKey, str);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: classes5.dex */
        public static class a {
            private final long centralDirOffset;
            final ByteBuffer gAs;
            private final long gAt;
            private final long gAu;
            private final ByteBuffer gAv;

            private a(ByteBuffer byteBuffer, long j, long j2, long j3, ByteBuffer byteBuffer2) {
                this.gAs = byteBuffer;
                this.gAt = j;
                this.centralDirOffset = j2;
                this.gAu = j3;
                this.gAv = byteBuffer2;
            }

            /* synthetic */ a(ByteBuffer byteBuffer, long j, long j2, long j3, ByteBuffer byteBuffer2, byte b) {
                this(byteBuffer, j, j2, j3, byteBuffer2);
            }
        }

        private static X509Certificate[] a(ByteBuffer byteBuffer, Map<Integer, byte[]> map, CertificateFactory certificateFactory) throws SecurityException, IOException {
            String str;
            Pair create;
            String str2;
            boolean z;
            byte[] s;
            char c;
            ByteBuffer r = r(byteBuffer);
            ByteBuffer r2 = r(byteBuffer);
            byte[] s2 = s(byteBuffer);
            int i = 0;
            int i2 = -1;
            byte[] bArr = null;
            ArrayList arrayList = new ArrayList();
            while (r2.hasRemaining()) {
                int i3 = i + 1;
                try {
                    ByteBuffer r3 = r(r2);
                    if (r3.remaining() < 8) {
                        throw new SecurityException("Signature record too short");
                    }
                    int i4 = r3.getInt();
                    arrayList.add(Integer.valueOf(i4));
                    switch (i4) {
                        case 257:
                        case 258:
                        case WebConstant.WEBVIEW_CAPTCHA_RELOGIN /* 259 */:
                        case WebConstant.QR_REGISTER_REQCODE /* 260 */:
                        case IntelligenceKey.VIEW_TYPE_INTELLIGENCE_ITEM /* 513 */:
                        case 514:
                        case 769:
                            z = true;
                            break;
                        default:
                            z = false;
                            break;
                    }
                    if (z) {
                        if (i2 != -1) {
                            int ny = ny(i4);
                            int ny2 = ny(i2);
                            switch (ny) {
                                case 1:
                                    switch (ny2) {
                                        case 1:
                                            c = 0;
                                            break;
                                        case 2:
                                            c = 65535;
                                            break;
                                        default:
                                            throw new IllegalArgumentException("Unknown digestAlgorithm2: " + ny2);
                                    }
                                case 2:
                                    switch (ny2) {
                                        case 1:
                                            c = 1;
                                            break;
                                        case 2:
                                            c = 0;
                                            break;
                                        default:
                                            throw new IllegalArgumentException("Unknown digestAlgorithm2: " + ny2);
                                    }
                                default:
                                    throw new IllegalArgumentException("Unknown digestAlgorithm1: " + ny);
                            }
                            if (c <= 0) {
                                s = bArr;
                                i4 = i2;
                                bArr = s;
                                i2 = i4;
                                i = i3;
                            }
                        }
                        s = s(r3);
                        bArr = s;
                        i2 = i4;
                        i = i3;
                    } else {
                        i = i3;
                    }
                } catch (IOException e) {
                    e = e;
                    throw new SecurityException("Failed to parse signature record #" + i3, e);
                } catch (BufferUnderflowException e2) {
                    e = e2;
                    throw new SecurityException("Failed to parse signature record #" + i3, e);
                }
            }
            if (i2 == -1) {
                if (i == 0) {
                    throw new SecurityException("No signatures found");
                }
                throw new SecurityException("No supported signatures found");
            }
            switch (i2) {
                case 257:
                case 258:
                case WebConstant.WEBVIEW_CAPTCHA_RELOGIN /* 259 */:
                case WebConstant.QR_REGISTER_REQCODE /* 260 */:
                    str = "RSA";
                    break;
                case IntelligenceKey.VIEW_TYPE_INTELLIGENCE_ITEM /* 513 */:
                case 514:
                    str = "EC";
                    break;
                case 769:
                    str = "DSA";
                    break;
                default:
                    throw new IllegalArgumentException("Unknown signature algorithm: 0x" + Long.toHexString(i2 & (-1)));
            }
            switch (i2) {
                case 257:
                    create = Pair.create("SHA256withRSA/PSS", new PSSParameterSpec(g.f2531a, "MGF1", MGF1ParameterSpec.SHA256, 32, 1));
                    break;
                case 258:
                    create = Pair.create("SHA512withRSA/PSS", new PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, 64, 1));
                    break;
                case WebConstant.WEBVIEW_CAPTCHA_RELOGIN /* 259 */:
                    create = Pair.create("SHA256withRSA", null);
                    break;
                case WebConstant.QR_REGISTER_REQCODE /* 260 */:
                    create = Pair.create("SHA512withRSA", null);
                    break;
                case IntelligenceKey.VIEW_TYPE_INTELLIGENCE_ITEM /* 513 */:
                    create = Pair.create("SHA256withECDSA", null);
                    break;
                case 514:
                    create = Pair.create("SHA512withECDSA", null);
                    break;
                case 769:
                    create = Pair.create("SHA256withDSA", null);
                    break;
                default:
                    throw new IllegalArgumentException("Unknown signature algorithm: 0x" + Long.toHexString(i2 & (-1)));
            }
            String str3 = (String) create.first;
            AlgorithmParameterSpec algorithmParameterSpec = (AlgorithmParameterSpec) create.second;
            try {
                PublicKey generatePublic = KeyFactory.getInstance(str).generatePublic(new X509EncodedKeySpec(s2));
                Signature signature = Signature.getInstance(str3);
                signature.initVerify(generatePublic);
                if (algorithmParameterSpec != null) {
                    signature.setParameter(algorithmParameterSpec);
                }
                signature.update(r);
                if (!signature.verify(bArr)) {
                    throw new SecurityException(str3 + " signature did not verify");
                }
                byte[] bArr2 = null;
                r.clear();
                ByteBuffer r4 = r(r);
                ArrayList arrayList2 = new ArrayList();
                int i5 = 0;
                while (r4.hasRemaining()) {
                    int i6 = i5 + 1;
                    try {
                        ByteBuffer r5 = r(r4);
                        if (r5.remaining() < 8) {
                            throw new IOException("Record too short");
                        }
                        int i7 = r5.getInt();
                        arrayList2.add(Integer.valueOf(i7));
                        bArr2 = i7 == i2 ? s(r5) : bArr2;
                        i5 = i6;
                    } catch (IOException | BufferUnderflowException e3) {
                        throw new IOException("Failed to parse digest record #" + i6, e3);
                    }
                }
                if (!arrayList.equals(arrayList2)) {
                    throw new SecurityException("Signature algorithms don't match between digests and signatures records");
                }
                int ny3 = ny(i2);
                byte[] put = map.put(Integer.valueOf(ny3), bArr2);
                if (put != null && !MessageDigest.isEqual(put, bArr2)) {
                    StringBuilder sb = new StringBuilder();
                    switch (ny3) {
                        case 1:
                            str2 = g.f2531a;
                            break;
                        case 2:
                            str2 = "SHA-512";
                            break;
                        default:
                            throw new IllegalArgumentException("Unknown content digest algorthm: " + ny3);
                    }
                    throw new SecurityException(sb.append(str2).append(" contents digest does not match the digest specified by a preceding signer").toString());
                }
                ByteBuffer r6 = r(r);
                ArrayList arrayList3 = new ArrayList();
                int i8 = 0;
                while (r6.hasRemaining()) {
                    int i9 = i8 + 1;
                    byte[] s3 = s(r6);
                    try {
                        arrayList3.add(new VerbatimX509Certificate((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(s3)), s3));
                        i8 = i9;
                    } catch (CertificateException e4) {
                        throw new SecurityException("Failed to decode certificate #" + i9, e4);
                    }
                }
                if (arrayList3.isEmpty()) {
                    throw new SecurityException("No certificates listed");
                }
                if (Arrays.equals(s2, ((X509Certificate) arrayList3.get(0)).getPublicKey().getEncoded())) {
                    return (X509Certificate[]) arrayList3.toArray(new X509Certificate[arrayList3.size()]);
                }
                throw new SecurityException("Public key mismatch between certificate and signature record");
            } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | InvalidKeySpecException e5) {
                throw new SecurityException("Failed to verify " + str3 + " signature", e5);
            }
        }

        static X509Certificate[][] a(a aVar) throws SecurityException {
            int i = 0;
            HashMap hashMap = Build.VERSION.SDK_INT >= 19 ? new HashMap() : null;
            ArrayList arrayList = new ArrayList();
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                try {
                    ByteBuffer r = r(aVar.gAs);
                    while (r.hasRemaining()) {
                        i++;
                        try {
                            arrayList.add(a(r(r), hashMap, certificateFactory));
                        } catch (IOException | SecurityException | BufferUnderflowException e) {
                            throw new SecurityException("Failed to parse/verify signer #" + i + " block", e);
                        }
                    }
                    if (i <= 0) {
                        throw new SecurityException("No signers found");
                    }
                    if (hashMap.isEmpty()) {
                        throw new SecurityException("No content digests found");
                    }
                    return (X509Certificate[][]) arrayList.toArray(new X509Certificate[arrayList.size()]);
                } catch (IOException e2) {
                    throw new SecurityException("Failed to read list of signers", e2);
                }
            } catch (CertificateException e3) {
                throw new RuntimeException("Failed to obtain X.509 CertificateFactory", e3);
            }
        }

        private static ByteBuffer c(ByteBuffer byteBuffer, int i) {
            if (i < 8) {
                throw new IllegalArgumentException("end < start: " + i + " < 8");
            }
            int capacity = byteBuffer.capacity();
            if (i > byteBuffer.capacity()) {
                throw new IllegalArgumentException("end > capacity: " + i + " > " + capacity);
            }
            int limit = byteBuffer.limit();
            int position = byteBuffer.position();
            try {
                byteBuffer.position(0);
                byteBuffer.limit(i);
                byteBuffer.position(8);
                ByteBuffer slice = byteBuffer.slice();
                slice.order(byteBuffer.order());
                return slice;
            } finally {
                byteBuffer.position(0);
                byteBuffer.limit(limit);
                byteBuffer.position(position);
            }
        }

        private static ByteBuffer d(ByteBuffer byteBuffer, int i) throws BufferUnderflowException {
            if (i < 0) {
                throw new IllegalArgumentException("size: " + i);
            }
            int limit = byteBuffer.limit();
            int position = byteBuffer.position();
            int i2 = position + i;
            if (i2 < position || i2 > limit) {
                throw new BufferUnderflowException();
            }
            byteBuffer.limit(i2);
            try {
                ByteBuffer slice = byteBuffer.slice();
                slice.order(byteBuffer.order());
                byteBuffer.position(i2);
                return slice;
            } finally {
                byteBuffer.limit(limit);
            }
        }

        private static int ny(int i) {
            switch (i) {
                case 257:
                case WebConstant.WEBVIEW_CAPTCHA_RELOGIN /* 259 */:
                case IntelligenceKey.VIEW_TYPE_INTELLIGENCE_ITEM /* 513 */:
                case 769:
                    return 1;
                case 258:
                case WebConstant.QR_REGISTER_REQCODE /* 260 */:
                case 514:
                    return 2;
                default:
                    throw new IllegalArgumentException("Unknown signature algorithm: 0x" + Long.toHexString(i & (-1)));
            }
        }

        private static ByteBuffer r(ByteBuffer byteBuffer) throws IOException {
            if (byteBuffer.remaining() < 4) {
                throw new IOException("Remaining buffer too short to contain length of length-prefixed field. Remaining: " + byteBuffer.remaining());
            }
            int i = byteBuffer.getInt();
            if (i < 0) {
                throw new IllegalArgumentException("Negative length");
            }
            if (i > byteBuffer.remaining()) {
                throw new IOException("Length-prefixed field longer than remaining buffer. Field length: " + i + ", remaining: " + byteBuffer.remaining());
            }
            return d(byteBuffer, i);
        }

        private static byte[] s(ByteBuffer byteBuffer) throws IOException {
            int i = byteBuffer.getInt();
            if (i < 0) {
                throw new IOException("Negative length");
            }
            if (i > byteBuffer.remaining()) {
                throw new IOException("Underflow while reading length-prefixed value. Length: " + i + ", available: " + byteBuffer.remaining());
            }
            byte[] bArr = new byte[i];
            byteBuffer.get(bArr);
            return bArr;
        }

        static ByteBuffer t(ByteBuffer byteBuffer) throws SignatureNotFoundException {
            if (byteBuffer.order() != ByteOrder.LITTLE_ENDIAN) {
                throw new IllegalArgumentException("ByteBuffer byte order must be little endian");
            }
            ByteBuffer c = c(byteBuffer, byteBuffer.capacity() - 24);
            int i = 0;
            while (c.hasRemaining()) {
                i++;
                if (c.remaining() < 8) {
                    throw new SignatureNotFoundException("Insufficient data to read size of APK Signing Block entry #" + i);
                }
                long j = c.getLong();
                if (j < 4 || j > 2147483647L) {
                    throw new SignatureNotFoundException("APK Signing Block entry #" + i + " size out of range: " + j);
                }
                int i2 = (int) j;
                int position = c.position() + i2;
                if (i2 > c.remaining()) {
                    throw new SignatureNotFoundException("APK Signing Block entry #" + i + " size out of range: " + i2 + ", available: " + c.remaining());
                }
                if (c.getInt() == 1896449818) {
                    return d(c, i2 - 4);
                }
                c.position(position);
            }
            throw new SignatureNotFoundException("No APK Signature Scheme v2 block in APK Signing Block");
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:15:0x0066 A[Catch: SignatureNotFoundException -> 0x0022, IOException -> 0x006f, TryCatch #2 {SignatureNotFoundException -> 0x0022, IOException -> 0x006f, blocks: (B:2:0x0000, B:6:0x0019, B:7:0x0021, B:9:0x0041, B:11:0x0057, B:15:0x0066, B:16:0x006e, B:17:0x0076, B:19:0x0087, B:20:0x00a7, B:21:0x00a8, B:23:0x00ba, B:24:0x00c2, B:27:0x00c9, B:28:0x00de, B:29:0x00df, B:31:0x0112, B:33:0x012a, B:37:0x0155, B:39:0x0162, B:40:0x0177, B:41:0x0178, B:43:0x019c, B:44:0x01be, B:45:0x01bf, B:49:0x013f, B:50:0x0154, B:51:0x0121, B:52:0x0129, B:55:0x0033, B:57:0x0039), top: B:1:0x0000 }] */
    /* JADX WARN: Removed duplicated region for block: B:17:0x0076 A[Catch: SignatureNotFoundException -> 0x0022, IOException -> 0x006f, TRY_ENTER, TryCatch #2 {SignatureNotFoundException -> 0x0022, IOException -> 0x006f, blocks: (B:2:0x0000, B:6:0x0019, B:7:0x0021, B:9:0x0041, B:11:0x0057, B:15:0x0066, B:16:0x006e, B:17:0x0076, B:19:0x0087, B:20:0x00a7, B:21:0x00a8, B:23:0x00ba, B:24:0x00c2, B:27:0x00c9, B:28:0x00de, B:29:0x00df, B:31:0x0112, B:33:0x012a, B:37:0x0155, B:39:0x0162, B:40:0x0177, B:41:0x0178, B:43:0x019c, B:44:0x01be, B:45:0x01bf, B:49:0x013f, B:50:0x0154, B:51:0x0121, B:52:0x0129, B:55:0x0033, B:57:0x0039), top: B:1:0x0000 }] */
    @Override // com.android.alibaba.ip.common.a
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final boolean u(java.io.File r19) {
        /*
            Method dump skipped, instructions count: 503
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.taobao.update.instantpatch.flow.PatchChecker.u(java.io.File):boolean");
    }
}
