package android.util.apk;

import android.content.pm.PackageManager;
import android.content.pm.PackageParser;
import android.content.pm.Signature;
import android.os.Trace;
import android.util.apk.ApkSignatureSchemeV3Verifier;
import android.util.jar.StrictJarFile;
import com.android.internal.util.ArrayUtils;
import java.io.IOException;
import java.io.InputStream;
import java.security.DigestException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.concurrent.atomic.AtomicReference;
import java.util.zip.ZipEntry;
import libcore.io.IoUtils;

/* loaded from: input_file:android/util/apk/ApkSignatureVerifier.class */
public class ApkSignatureVerifier {
    private static final AtomicReference<byte[]> sBuffer = new AtomicReference<>();

    /* loaded from: input_file:android/util/apk/ApkSignatureVerifier$Result.class */
    public static class Result {
        public final Certificate[][] certs;
        public final Signature[] sigs;
        public final int signatureSchemeVersion;

        public Result(Certificate[][] certificateArr, Signature[] signatureArr, int i) {
            this.certs = certificateArr;
            this.sigs = signatureArr;
            this.signatureSchemeVersion = i;
        }
    }

    /* JADX WARN: Type inference failed for: r0v31, types: [java.security.cert.Certificate[], java.security.cert.Certificate[][]] */
    public static PackageParser.SigningDetails verify(String str, @PackageParser.SigningDetails.SignatureSchemeVersion int i) throws PackageParser.PackageParserException {
        if (i > 3) {
            throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES, "No signature found in package of version " + i + " or newer for package " + str);
        }
        Trace.traceBegin(Trace.TRACE_TAG_PACKAGE_MANAGER, "verifyV3");
        try {
            try {
                ApkSignatureSchemeV3Verifier.VerifiedSigner verify = ApkSignatureSchemeV3Verifier.verify(str);
                Signature[] convertToSignatures = convertToSignatures(new Certificate[]{verify.certs});
                Signature[] signatureArr = null;
                int[] iArr = null;
                if (verify.por != null) {
                    signatureArr = new Signature[verify.por.certs.size()];
                    iArr = new int[verify.por.flagsList.size()];
                    for (int i2 = 0; i2 < signatureArr.length; i2++) {
                        signatureArr[i2] = new Signature(verify.por.certs.get(i2).getEncoded());
                        iArr[i2] = verify.por.flagsList.get(i2).intValue();
                    }
                }
                PackageParser.SigningDetails signingDetails = new PackageParser.SigningDetails(convertToSignatures, 3, signatureArr, iArr);
                Trace.traceEnd(Trace.TRACE_TAG_PACKAGE_MANAGER);
                return signingDetails;
            } catch (Throwable th) {
                Trace.traceEnd(Trace.TRACE_TAG_PACKAGE_MANAGER);
                throw th;
            }
        } catch (SignatureNotFoundException e) {
            if (i >= 3) {
                throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES, "No APK Signature Scheme v3 signature in package " + str, e);
            }
            Trace.traceEnd(Trace.TRACE_TAG_PACKAGE_MANAGER);
            if (i > 2) {
                throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES, "No signature found in package of version " + i + " or newer for package " + str);
            }
            Trace.traceBegin(Trace.TRACE_TAG_PACKAGE_MANAGER, "verifyV2");
            try {
                try {
                    PackageParser.SigningDetails signingDetails2 = new PackageParser.SigningDetails(convertToSignatures(ApkSignatureSchemeV2Verifier.verify(str)), 2);
                    Trace.traceEnd(Trace.TRACE_TAG_PACKAGE_MANAGER);
                    return signingDetails2;
                } catch (Throwable th2) {
                    Trace.traceEnd(Trace.TRACE_TAG_PACKAGE_MANAGER);
                    throw th2;
                }
            } catch (SignatureNotFoundException e2) {
                if (i >= 2) {
                    throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES, "No APK Signature Scheme v2 signature in package " + str, e2);
                }
                Trace.traceEnd(Trace.TRACE_TAG_PACKAGE_MANAGER);
                if (i > 1) {
                    throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES, "No signature found in package of version " + i + " or newer for package " + str);
                }
                return verifyV1Signature(str, true);
            } catch (Exception e3) {
                throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES, "Failed to collect certificates from " + str + " using APK Signature Scheme v2", e3);
            }
        } catch (Exception e4) {
            throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES, "Failed to collect certificates from " + str + " using APK Signature Scheme v3", e4);
        }
    }

    private static PackageParser.SigningDetails verifyV1Signature(String str, boolean z) throws PackageParser.PackageParserException {
        try {
            try {
                Trace.traceBegin(Trace.TRACE_TAG_PACKAGE_MANAGER, "strictJarFileCtor");
                StrictJarFile strictJarFile = new StrictJarFile(str, true, z);
                ArrayList<ZipEntry> arrayList = new ArrayList();
                ZipEntry findEntry = strictJarFile.findEntry(PackageParser.ANDROID_MANIFEST_FILENAME);
                if (findEntry == null) {
                    throw new PackageParser.PackageParserException(-101, "Package " + str + " has no manifest");
                }
                Certificate[][] loadCertificates = loadCertificates(strictJarFile, findEntry);
                if (ArrayUtils.isEmpty(loadCertificates)) {
                    throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES, "Package " + str + " has no certificates at entry " + PackageParser.ANDROID_MANIFEST_FILENAME);
                }
                Signature[] convertToSignatures = convertToSignatures(loadCertificates);
                if (z) {
                    Iterator<ZipEntry> it = strictJarFile.iterator();
                    while (it.hasNext()) {
                        ZipEntry next = it.next();
                        if (!next.isDirectory()) {
                            String name = next.getName();
                            if (!name.startsWith("META-INF/") && !name.equals(PackageParser.ANDROID_MANIFEST_FILENAME)) {
                                arrayList.add(next);
                            }
                        }
                    }
                    for (ZipEntry zipEntry : arrayList) {
                        Certificate[][] loadCertificates2 = loadCertificates(strictJarFile, zipEntry);
                        if (ArrayUtils.isEmpty(loadCertificates2)) {
                            throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES, "Package " + str + " has no certificates at entry " + zipEntry.getName());
                        }
                        if (!Signature.areExactMatch(convertToSignatures, convertToSignatures(loadCertificates2))) {
                            throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES, "Package " + str + " has mismatched certificates at entry " + zipEntry.getName());
                        }
                    }
                }
                PackageParser.SigningDetails signingDetails = new PackageParser.SigningDetails(convertToSignatures, 1);
                Trace.traceEnd(Trace.TRACE_TAG_PACKAGE_MANAGER);
                closeQuietly(strictJarFile);
                return signingDetails;
            } catch (IOException | RuntimeException e) {
                throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES, "Failed to collect certificates from " + str, e);
            } catch (GeneralSecurityException e2) {
                throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_CERTIFICATE_ENCODING, "Failed to collect certificates from " + str, e2);
            }
        } catch (Throwable th) {
            Trace.traceEnd(Trace.TRACE_TAG_PACKAGE_MANAGER);
            closeQuietly(null);
            throw th;
        }
    }

    private static Certificate[][] loadCertificates(StrictJarFile strictJarFile, ZipEntry zipEntry) throws PackageParser.PackageParserException {
        InputStream inputStream = null;
        try {
            try {
                inputStream = strictJarFile.getInputStream(zipEntry);
                readFullyIgnoringContents(inputStream);
                Certificate[][] certificateChains = strictJarFile.getCertificateChains(zipEntry);
                IoUtils.closeQuietly(inputStream);
                return certificateChains;
            } catch (IOException | RuntimeException e) {
                throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_UNEXPECTED_EXCEPTION, "Failed reading " + zipEntry.getName() + " in " + strictJarFile, e);
            }
        } catch (Throwable th) {
            IoUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    private static void readFullyIgnoringContents(InputStream inputStream) throws IOException {
        byte[] andSet = sBuffer.getAndSet(null);
        if (andSet == null) {
            andSet = new byte[4096];
        }
        int i = 0;
        while (true) {
            int i2 = i;
            int read = inputStream.read(andSet, 0, andSet.length);
            if (read == -1) {
                sBuffer.set(andSet);
                return;
            }
            i = i2 + read;
        }
    }

    public static Signature[] convertToSignatures(Certificate[][] certificateArr) throws CertificateEncodingException {
        Signature[] signatureArr = new Signature[certificateArr.length];
        for (int i = 0; i < certificateArr.length; i++) {
            signatureArr[i] = new Signature(certificateArr[i]);
        }
        return signatureArr;
    }

    private static void closeQuietly(StrictJarFile strictJarFile) {
        if (strictJarFile != null) {
            try {
                strictJarFile.close();
            } catch (Exception e) {
            }
        }
    }

    /* JADX WARN: Type inference failed for: r0v31, types: [java.security.cert.Certificate[], java.security.cert.Certificate[][]] */
    public static PackageParser.SigningDetails plsCertsNoVerifyOnlyCerts(String str, int i) throws PackageParser.PackageParserException {
        if (i > 3) {
            throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES, "No signature found in package of version " + i + " or newer for package " + str);
        }
        Trace.traceBegin(Trace.TRACE_TAG_PACKAGE_MANAGER, "certsOnlyV3");
        try {
            try {
                ApkSignatureSchemeV3Verifier.VerifiedSigner plsCertsNoVerifyOnlyCerts = ApkSignatureSchemeV3Verifier.plsCertsNoVerifyOnlyCerts(str);
                Signature[] convertToSignatures = convertToSignatures(new Certificate[]{plsCertsNoVerifyOnlyCerts.certs});
                Signature[] signatureArr = null;
                int[] iArr = null;
                if (plsCertsNoVerifyOnlyCerts.por != null) {
                    signatureArr = new Signature[plsCertsNoVerifyOnlyCerts.por.certs.size()];
                    iArr = new int[plsCertsNoVerifyOnlyCerts.por.flagsList.size()];
                    for (int i2 = 0; i2 < signatureArr.length; i2++) {
                        signatureArr[i2] = new Signature(plsCertsNoVerifyOnlyCerts.por.certs.get(i2).getEncoded());
                        iArr[i2] = plsCertsNoVerifyOnlyCerts.por.flagsList.get(i2).intValue();
                    }
                }
                PackageParser.SigningDetails signingDetails = new PackageParser.SigningDetails(convertToSignatures, 3, signatureArr, iArr);
                Trace.traceEnd(Trace.TRACE_TAG_PACKAGE_MANAGER);
                return signingDetails;
            } catch (Throwable th) {
                Trace.traceEnd(Trace.TRACE_TAG_PACKAGE_MANAGER);
                throw th;
            }
        } catch (SignatureNotFoundException e) {
            if (i >= 3) {
                throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES, "No APK Signature Scheme v3 signature in package " + str, e);
            }
            Trace.traceEnd(Trace.TRACE_TAG_PACKAGE_MANAGER);
            if (i > 2) {
                throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES, "No signature found in package of version " + i + " or newer for package " + str);
            }
            Trace.traceBegin(Trace.TRACE_TAG_PACKAGE_MANAGER, "certsOnlyV2");
            try {
                try {
                    PackageParser.SigningDetails signingDetails2 = new PackageParser.SigningDetails(convertToSignatures(ApkSignatureSchemeV2Verifier.plsCertsNoVerifyOnlyCerts(str)), 2);
                    Trace.traceEnd(Trace.TRACE_TAG_PACKAGE_MANAGER);
                    return signingDetails2;
                } catch (Throwable th2) {
                    Trace.traceEnd(Trace.TRACE_TAG_PACKAGE_MANAGER);
                    throw th2;
                }
            } catch (SignatureNotFoundException e2) {
                if (i >= 2) {
                    throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES, "No APK Signature Scheme v2 signature in package " + str, e2);
                }
                Trace.traceEnd(Trace.TRACE_TAG_PACKAGE_MANAGER);
                if (i > 1) {
                    throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES, "No signature found in package of version " + i + " or newer for package " + str);
                }
                return verifyV1Signature(str, false);
            } catch (Exception e3) {
                throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES, "Failed to collect certificates from " + str + " using APK Signature Scheme v2", e3);
            }
        } catch (Exception e4) {
            throw new PackageParser.PackageParserException(PackageManager.INSTALL_PARSE_FAILED_NO_CERTIFICATES, "Failed to collect certificates from " + str + " using APK Signature Scheme v3", e4);
        }
    }

    public static byte[] getVerityRootHash(String str) throws IOException, SignatureNotFoundException, SecurityException {
        try {
            return ApkSignatureSchemeV3Verifier.getVerityRootHash(str);
        } catch (SignatureNotFoundException e) {
            return ApkSignatureSchemeV2Verifier.getVerityRootHash(str);
        }
    }

    public static byte[] generateApkVerity(String str, ByteBufferFactory byteBufferFactory) throws IOException, SignatureNotFoundException, SecurityException, DigestException, NoSuchAlgorithmException {
        try {
            return ApkSignatureSchemeV3Verifier.generateApkVerity(str, byteBufferFactory);
        } catch (SignatureNotFoundException e) {
            return ApkSignatureSchemeV2Verifier.generateApkVerity(str, byteBufferFactory);
        }
    }

    public static byte[] generateFsverityRootHash(String str) throws NoSuchAlgorithmException, DigestException, IOException {
        try {
            return ApkSignatureSchemeV3Verifier.generateFsverityRootHash(str);
        } catch (SignatureNotFoundException e) {
            try {
                return ApkSignatureSchemeV2Verifier.generateFsverityRootHash(str);
            } catch (SignatureNotFoundException e2) {
                return null;
            }
        }
    }
}
