package com.android.apksig.internal.apk.v2;

import com.android.apksig.internal.apk.ApkSigningBlockUtils;
import com.android.apksig.internal.apk.ContentDigestAlgorithm;
import com.android.apksig.internal.apk.SignatureAlgorithm;
import com.android.apksig.internal.util.Pair;
import com.android.apksig.util.DataSource;
import com.android.apksig.util.RunnablesExecutor;
import com.zfork.multiplatforms.android.bomb.A1;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* JADX WARN: Classes with same name are omitted:
  classes7.dex
 */
/* loaded from: classes8.dex */
public abstract class V2SchemeSigner {
    public static final int APK_SIGNATURE_SCHEME_V2_BLOCK_ID = 1896449818;

    /* JADX WARN: Classes with same name are omitted:
      classes7.dex
     */
    /* loaded from: classes8.dex */
    public static final class V2SignatureSchemeBlock {

        /* JADX WARN: Classes with same name are omitted:
          classes7.dex
         */
        /* loaded from: classes8.dex */
        public static final class SignedData {
            public byte[] additionalAttributes;
            public List<byte[]> certificates;
            public List<Pair<Integer, byte[]>> digests;

            public SignedData(AnonymousClass1 anonymousClass1) {
            }
        }

        /* JADX WARN: Classes with same name are omitted:
          classes7.dex
         */
        /* loaded from: classes8.dex */
        public static final class Signer {
            public byte[] publicKey;
            public List<Pair<Integer, byte[]>> signatures;
            public byte[] signedData;

            public Signer(AnonymousClass1 anonymousClass1) {
            }
        }
    }

    public static byte[] a(ApkSigningBlockUtils.SignerConfig signerConfig, Map map, boolean z) {
        byte[] bArr;
        if (signerConfig.certificates.isEmpty()) {
            throw new SignatureException("No certificates configured for signer");
        }
        byte[] encodePublicKey = ApkSigningBlockUtils.encodePublicKey(signerConfig.certificates.get(0).getPublicKey());
        V2SignatureSchemeBlock.SignedData signedData = new V2SignatureSchemeBlock.SignedData(null);
        try {
            signedData.certificates = ApkSigningBlockUtils.encodeCertificates(signerConfig.certificates);
            ArrayList arrayList = new ArrayList(signerConfig.signatureAlgorithms.size());
            for (SignatureAlgorithm signatureAlgorithm : signerConfig.signatureAlgorithms) {
                ContentDigestAlgorithm contentDigestAlgorithm = signatureAlgorithm.getContentDigestAlgorithm();
                byte[] bArr2 = (byte[]) map.get(contentDigestAlgorithm);
                if (bArr2 == null) {
                    throw new RuntimeException(contentDigestAlgorithm + " content digest for " + signatureAlgorithm + " not computed");
                }
                arrayList.add(Pair.of(Integer.valueOf(signatureAlgorithm.getId()), bArr2));
            }
            signedData.digests = arrayList;
            if (z) {
                ByteBuffer allocate = ByteBuffer.allocate(12);
                allocate.order(ByteOrder.LITTLE_ENDIAN);
                allocate.putInt(8);
                allocate.putInt(V2SchemeConstants.STRIPPING_PROTECTION_ATTR_ID);
                allocate.putInt(3);
                bArr = allocate.array();
            } else {
                bArr = new byte[0];
            }
            signedData.additionalAttributes = bArr;
            V2SignatureSchemeBlock.Signer signer = new V2SignatureSchemeBlock.Signer(null);
            signer.signedData = ApkSigningBlockUtils.encodeAsSequenceOfLengthPrefixedElements(new byte[][]{ApkSigningBlockUtils.encodeAsSequenceOfLengthPrefixedPairsOfIntAndLengthPrefixedBytes(signedData.digests), ApkSigningBlockUtils.encodeAsSequenceOfLengthPrefixedElements(signedData.certificates), signedData.additionalAttributes, new byte[0]});
            signer.publicKey = encodePublicKey;
            signer.signatures = new ArrayList();
            List<Pair<Integer, byte[]>> generateSignaturesOverData = ApkSigningBlockUtils.generateSignaturesOverData(signerConfig, signer.signedData);
            signer.signatures = generateSignaturesOverData;
            return ApkSigningBlockUtils.encodeAsSequenceOfLengthPrefixedElements(new byte[][]{signer.signedData, ApkSigningBlockUtils.encodeAsSequenceOfLengthPrefixedPairsOfIntAndLengthPrefixedBytes(generateSignaturesOverData), signer.publicKey});
        } catch (CertificateEncodingException e) {
            throw new SignatureException("Failed to encode certificates", e);
        }
    }

    public static ApkSigningBlockUtils.SigningSchemeBlockAndDigests generateApkSignatureSchemeV2Block(RunnablesExecutor runnablesExecutor, DataSource dataSource, DataSource dataSource2, DataSource dataSource3, List<ApkSigningBlockUtils.SignerConfig> list, boolean z) {
        return generateApkSignatureSchemeV2Block(runnablesExecutor, dataSource, dataSource2, dataSource3, list, z, null);
    }

    public static ApkSigningBlockUtils.SigningSchemeBlockAndDigests generateApkSignatureSchemeV2Block(RunnablesExecutor runnablesExecutor, DataSource dataSource, DataSource dataSource2, DataSource dataSource3, List<ApkSigningBlockUtils.SignerConfig> list, boolean z, List<byte[]> list2) {
        Pair<List<ApkSigningBlockUtils.SignerConfig>, Map<ContentDigestAlgorithm, byte[]>> computeContentDigests = ApkSigningBlockUtils.computeContentDigests(runnablesExecutor, dataSource, dataSource2, dataSource3, list);
        List<ApkSigningBlockUtils.SignerConfig> first = computeContentDigests.getFirst();
        Map<ContentDigestAlgorithm, byte[]> second = computeContentDigests.getSecond();
        if (first.size() > 10) {
            throw new IllegalArgumentException("APK Signature Scheme v2 only supports a maximum of 10, " + first.size() + " provided");
        }
        ArrayList arrayList = new ArrayList(first.size());
        if (list2 != null && list2.size() > 0) {
            arrayList.addAll(list2);
        }
        Iterator<ApkSigningBlockUtils.SignerConfig> it = first.iterator();
        int i = 0;
        while (it.hasNext()) {
            i++;
            try {
                arrayList.add(a(it.next(), second, z));
            } catch (InvalidKeyException e) {
                throw new InvalidKeyException(A1.m(i, "Signer #", " failed"), e);
            } catch (SignatureException e2) {
                throw new SignatureException(A1.m(i, "Signer #", " failed"), e2);
            }
        }
        return new ApkSigningBlockUtils.SigningSchemeBlockAndDigests(Pair.of(ApkSigningBlockUtils.encodeAsSequenceOfLengthPrefixedElements(new byte[][]{ApkSigningBlockUtils.encodeAsSequenceOfLengthPrefixedElements(arrayList)}), 1896449818), computeContentDigests.getSecond());
    }

    public static List<SignatureAlgorithm> getSuggestedSignatureAlgorithms(PublicKey publicKey, int i, boolean z, boolean z2) {
        String algorithm = publicKey.getAlgorithm();
        if ("RSA".equalsIgnoreCase(algorithm)) {
            if (((RSAKey) publicKey).getModulus().bitLength() > 3072) {
                return Collections.singletonList(SignatureAlgorithm.RSA_PKCS1_V1_5_WITH_SHA512);
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(SignatureAlgorithm.RSA_PKCS1_V1_5_WITH_SHA256);
            if (z) {
                arrayList.add(SignatureAlgorithm.VERITY_RSA_PKCS1_V1_5_WITH_SHA256);
            }
            return arrayList;
        }
        if ("DSA".equalsIgnoreCase(algorithm)) {
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(z2 ? SignatureAlgorithm.DETDSA_WITH_SHA256 : SignatureAlgorithm.DSA_WITH_SHA256);
            if (z) {
                arrayList2.add(SignatureAlgorithm.VERITY_DSA_WITH_SHA256);
            }
            return arrayList2;
        }
        if (!"EC".equalsIgnoreCase(algorithm)) {
            throw new InvalidKeyException(A1.o("Unsupported key algorithm: ", algorithm));
        }
        if (((ECKey) publicKey).getParams().getOrder().bitLength() > 256) {
            return Collections.singletonList(SignatureAlgorithm.ECDSA_WITH_SHA512);
        }
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add(SignatureAlgorithm.ECDSA_WITH_SHA256);
        if (z) {
            arrayList3.add(SignatureAlgorithm.VERITY_ECDSA_WITH_SHA256);
        }
        return arrayList3;
    }
}
