package com.bytedance.pangle.f;
import android.util.ArrayMap;
import android.util.Pair;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
public final class b {
static a a(RandomAccessFile randomAccessFile, m mVar) {
ArrayMap arrayMap = new ArrayMap();
ArrayList arrayList = new ArrayList();
try {
CertificateFactory instance = CertificateFactory.getInstance("X.509");
try {
ByteBuffer a2 = f.a(mVar.a);
int i = 0;
while (a2.hasRemaining()) {
i++;
try {
arrayList.add(a(f.a(a2), arrayMap, instance));
} catch (IOException | SecurityException | BufferUnderflowException e) {
throw new SecurityException("Failed to parse/verify signer #" + i + " block", e);
}
}
if (i <= 0) {
throw new SecurityException("No signers found");
} else if (!arrayMap.isEmpty()) {
f.a(arrayMap, randomAccessFile, mVar);
byte[] bArr = null;
if (arrayMap.containsKey(3)) {
bArr = f.a((byte[]) arrayMap.get(3), randomAccessFile.length(), mVar);
}
return new a((X509Certificate[][]) arrayList.toArray(new X509Certificate[arrayList.size()][]), bArr);
} else {
throw new SecurityException("No content digests found");
}
} catch (IOException e2) {
throw new SecurityException("Failed to read list of signers", e2);
}
} catch (CertificateException e3) {
throw new RuntimeException("Failed to obtain X.509 CertificateFactory", e3);
}
}
private static X509Certificate[] a(ByteBuffer byteBuffer, Map<Integer, byte[]> map, CertificateFactory certificateFactory) {
ByteBuffer a2 = f.a(byteBuffer);
ByteBuffer a3 = f.a(byteBuffer);
byte[] b = f.b(byteBuffer);
ArrayList arrayList = new ArrayList();
byte[] bArr = null;
byte[] bArr2 = null;
int i = -1;
int i2 = 0;
while (true) {
boolean z = true;
if (a3.hasRemaining()) {
i2++;
try {
ByteBuffer a4 = f.a(a3);
if (a4.remaining() >= 8) {
int i3 = a4.getInt();
arrayList.add(Integer.valueOf(i3));
if (!(i3 == 513 || i3 == 514 || i3 == 769 || i3 == 1057 || i3 == 1059 || i3 == 1061)) {
switch (i3) {
case 257:
case 258:
case 259:
case 260:
break;
default:
z = false;
break;
}
}
if (z) {
if (i == -1 || f.a(i3, i) > 0) {
bArr2 = f.b(a4);
i = i3;
}
}
} else {
throw new SecurityException("Signature record too short");
}
} catch (IOException | BufferUnderflowException e) {
throw new SecurityException("Failed to parse signature record #".concat(String.valueOf(i2)), e);
}
} else if (i != -1) {
String c = f.c(i);
Pair<String, ? extends AlgorithmParameterSpec> d = f.d(i);
String str = (String) d.first;
AlgorithmParameterSpec algorithmParameterSpec = (AlgorithmParameterSpec) d.second;
try {
PublicKey generatePublic = KeyFactory.getInstance(c).generatePublic(new X509EncodedKeySpec(b));
Signature instance = Signature.getInstance(str);
instance.initVerify(generatePublic);
if (algorithmParameterSpec != null) {
instance.setParameter(algorithmParameterSpec);
}
instance.update(a2);
if (instance.verify(bArr2)) {
a2.clear();
ByteBuffer a5 = f.a(a2);
ArrayList arrayList2 = new ArrayList();
int i4 = 0;
while (a5.hasRemaining()) {
i4++;
try {
ByteBuffer a6 = f.a(a5);
if (a6.remaining() >= 8) {
int i5 = a6.getInt();
arrayList2.add(Integer.valueOf(i5));
if (i5 == i) {
bArr = f.b(a6);
}
} else {
throw new IOException("Record too short");
}
} catch (IOException | BufferUnderflowException e2) {
throw new IOException("Failed to parse digest record #".concat(String.valueOf(i4)), e2);
}
}
if (arrayList.equals(arrayList2)) {
int a7 = f.a(i);
byte[] put = map.put(Integer.valueOf(a7), bArr);
if (put == null || MessageDigest.isEqual(put, bArr)) {
ByteBuffer a8 = f.a(a2);
ArrayList arrayList3 = new ArrayList();
int i6 = 0;
while (a8.hasRemaining()) {
i6++;
byte[] b2 = f.b(a8);
try {
arrayList3.add(new p((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(b2)), b2));
} catch (CertificateException e3) {
throw new SecurityException("Failed to decode certificate #".concat(String.valueOf(i6)), e3);
}
}
if (arrayList3.isEmpty()) {
throw new SecurityException("No certificates listed");
} else if (Arrays.equals(b, ((X509Certificate) arrayList3.get(0)).getPublicKey().getEncoded())) {
a(f.a(a2));
return (X509Certificate[]) arrayList3.toArray(new X509Certificate[arrayList3.size()]);
} else {
throw new SecurityException("Public key mismatch between certificate and signature record");
}
} else {
throw new SecurityException(f.b(a7) + " contents digest does not match the digest specified by a preceding signer");
}
} else {
throw new SecurityException("Signature algorithms don't match between digests and signatures records");
}
} else {
throw new SecurityException(str + " signature did not verify");
}
} catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | InvalidKeySpecException e4) {
throw new SecurityException("Failed to verify " + str + " signature", e4);
}
} else if (i2 == 0) {
throw new SecurityException("No signatures found");
} else {
throw new SecurityException("No supported signatures found");
}
}
}
private static void a(ByteBuffer byteBuffer) {
while (byteBuffer.hasRemaining()) {
ByteBuffer a2 = f.a(byteBuffer);
if (a2.remaining() < 4) {
throw new IOException("Remaining buffer too short to contain additional attribute ID. Remaining: " + a2.remaining());
} else if (a2.getInt() == -1091571699) {
if (a2.remaining() < 4) {
throw new IOException("V2 Signature Scheme Stripping Protection Attribute value too small. Expected 4 bytes, but found " + a2.remaining());
} else if (a2.getInt() == 3) {
throw new SecurityException("V2 signature indicates APK is signed using APK Signature Scheme v3, but none was found. Signature stripped?");
}
}
}
}
public static class a {
public final X509Certificate[][] a;
public final byte[] b;
public a(X509Certificate[][] x509CertificateArr, byte[] bArr) {
this.a = x509CertificateArr;
this.b = bArr;
}
}
}