package com.android.apksig.internal.apk.v4;

import com.android.apksig.ApkVerifier;
import com.android.apksig.internal.apk.ApkSigningBlockUtils;
import com.android.apksig.internal.apk.ContentDigestAlgorithm;
import com.android.apksig.internal.apk.SignatureAlgorithm;
import com.android.apksig.internal.apk.v4.V4Signature;
import com.android.apksig.internal.util.GuaranteedEncodedFormX509Certificate;
import com.android.apksig.internal.util.X509CertificateUtils;
import com.android.apksig.util.DataSource;
import java.io.File;
import java.io.FileInputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;

/* loaded from: classes8.dex */
public abstract class V4SchemeVerifier {
    public static ApkSigningBlockUtils.Result.SignerInfo a(V4Signature.SigningInfo signingInfo, byte[] bArr) {
        byte[] encoded;
        ApkSigningBlockUtils.Result.SignerInfo signerInfo = new ApkSigningBlockUtils.Result.SignerInfo();
        signerInfo.index = 0;
        int i10 = signingInfo.signatureAlgorithmId;
        byte[] bArr2 = signingInfo.signature;
        signerInfo.signatures.add(new ApkSigningBlockUtils.Result.SignerInfo.Signature(i10, bArr2));
        SignatureAlgorithm findById = SignatureAlgorithm.findById(i10);
        if (findById == null) {
            signerInfo.addError(ApkVerifier.Issue.V4_SIG_UNKNOWN_SIG_ALGORITHM, Integer.valueOf(i10));
            return signerInfo;
        }
        String first = findById.getJcaSignatureAlgorithmAndParams().getFirst();
        AlgorithmParameterSpec second = findById.getJcaSignatureAlgorithmAndParams().getSecond();
        String jcaKeyAlgorithm = findById.getJcaKeyAlgorithm();
        byte[] bArr3 = signingInfo.publicKey;
        try {
            PublicKey generatePublic = KeyFactory.getInstance(jcaKeyAlgorithm).generatePublic(new X509EncodedKeySpec(bArr3));
            try {
                Signature signature = Signature.getInstance(first);
                signature.initVerify(generatePublic);
                if (second != null) {
                    signature.setParameter(second);
                }
                signature.update(bArr);
                if (!signature.verify(bArr2)) {
                    signerInfo.addError(ApkVerifier.Issue.V4_SIG_DID_NOT_VERIFY, findById);
                    return signerInfo;
                }
                signerInfo.verifiedSignatures.put(findById, bArr2);
                if (signingInfo.certificate == null) {
                    signerInfo.addError(ApkVerifier.Issue.V4_SIG_NO_CERTIFICATE, new Object[0]);
                    return signerInfo;
                }
                try {
                    GuaranteedEncodedFormX509Certificate guaranteedEncodedFormX509Certificate = new GuaranteedEncodedFormX509Certificate(X509CertificateUtils.generateCertificate(signingInfo.certificate), signingInfo.certificate);
                    signerInfo.certs.add(guaranteedEncodedFormX509Certificate);
                    try {
                        encoded = ApkSigningBlockUtils.encodePublicKey(guaranteedEncodedFormX509Certificate.getPublicKey());
                    } catch (InvalidKeyException e10) {
                        System.out.println("Caught an exception encoding the public key: " + e10);
                        e10.printStackTrace();
                        encoded = guaranteedEncodedFormX509Certificate.getPublicKey().getEncoded();
                    }
                    if (Arrays.equals(bArr3, encoded)) {
                        signerInfo.contentDigests.add(new ApkSigningBlockUtils.Result.SignerInfo.ContentDigest(0, signingInfo.apkDigest));
                        return signerInfo;
                    }
                    signerInfo.addError(ApkVerifier.Issue.V4_SIG_PUBLIC_KEY_MISMATCH_BETWEEN_CERTIFICATE_AND_SIGNATURES_RECORD, ApkSigningBlockUtils.toHex(encoded), ApkSigningBlockUtils.toHex(bArr3));
                    return signerInfo;
                } catch (CertificateException e11) {
                    signerInfo.addError(ApkVerifier.Issue.V4_SIG_MALFORMED_CERTIFICATE, e11);
                    return signerInfo;
                }
            } catch (InvalidAlgorithmParameterException e12) {
                e = e12;
                signerInfo.addError(ApkVerifier.Issue.V4_SIG_VERIFY_EXCEPTION, findById, e);
                return signerInfo;
            } catch (InvalidKeyException e13) {
                e = e13;
                signerInfo.addError(ApkVerifier.Issue.V4_SIG_VERIFY_EXCEPTION, findById, e);
                return signerInfo;
            } catch (SignatureException e14) {
                e = e14;
                signerInfo.addError(ApkVerifier.Issue.V4_SIG_VERIFY_EXCEPTION, findById, e);
                return signerInfo;
            }
        } catch (Exception e15) {
            signerInfo.addError(ApkVerifier.Issue.V4_SIG_MALFORMED_PUBLIC_KEY, e15);
            return signerInfo;
        }
    }

    public static ApkSigningBlockUtils.Result verify(DataSource dataSource, File file) {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            V4Signature readFrom = V4Signature.readFrom(fileInputStream);
            byte[] readBytes = V4Signature.readBytes(fileInputStream);
            fileInputStream.close();
            ApkSigningBlockUtils.Result result = new ApkSigningBlockUtils.Result(4);
            if (readFrom == null) {
                result.addError(ApkVerifier.Issue.V4_SIG_NO_SIGNATURES, "Signature file does not contain a v4 signature.");
                return result;
            }
            int i10 = readFrom.version;
            if (i10 != 2) {
                result.addWarning(ApkVerifier.Issue.V4_SIG_VERSION_NOT_CURRENT, Integer.valueOf(i10), 2);
            }
            V4Signature.HashingInfo fromByteArray = V4Signature.HashingInfo.fromByteArray(readFrom.hashingInfo);
            V4Signature.SigningInfos fromByteArray2 = V4Signature.SigningInfos.fromByteArray(readFrom.signingInfos);
            V4Signature.SigningInfo signingInfo = fromByteArray2.signingInfo;
            ApkSigningBlockUtils.Result.SignerInfo a10 = a(signingInfo, V4Signature.getSignedData(dataSource.size(), fromByteArray, signingInfo));
            result.signers.add(a10);
            if (result.containsErrors()) {
                return result;
            }
            for (V4Signature.SigningInfoBlock signingInfoBlock : fromByteArray2.signingInfoBlocks) {
                V4Signature.SigningInfo fromByteArray3 = V4Signature.SigningInfo.fromByteArray(signingInfoBlock.signingInfo);
                result.signers.add(a(fromByteArray3, V4Signature.getSignedData(dataSource.size(), fromByteArray, fromByteArray3)));
                if (result.containsErrors()) {
                    return result;
                }
            }
            byte[] bArr = fromByteArray.rawRootHash;
            ApkSigningBlockUtils.VerityTreeAndDigest computeChunkVerityTreeAndDigest = ApkSigningBlockUtils.computeChunkVerityTreeAndDigest(dataSource);
            ContentDigestAlgorithm contentDigestAlgorithm = computeChunkVerityTreeAndDigest.contentDigestAlgorithm;
            byte[] bArr2 = computeChunkVerityTreeAndDigest.rootHash;
            byte[] bArr3 = computeChunkVerityTreeAndDigest.tree;
            if (!Arrays.equals(bArr, bArr2)) {
                a10.addError(ApkVerifier.Issue.V4_SIG_APK_ROOT_DID_NOT_VERIFY, contentDigestAlgorithm, ApkSigningBlockUtils.toHex(bArr), ApkSigningBlockUtils.toHex(bArr2));
            } else if (readBytes == null || Arrays.equals(readBytes, bArr3)) {
                a10.verifiedContentDigests.put(contentDigestAlgorithm, bArr2);
            } else {
                a10.addError(ApkVerifier.Issue.V4_SIG_APK_TREE_DID_NOT_VERIFY, contentDigestAlgorithm, ApkSigningBlockUtils.toHex(bArr), ApkSigningBlockUtils.toHex(bArr2));
            }
            if (!result.containsErrors()) {
                result.verified = true;
            }
            return result;
        } catch (Throwable th2) {
            try {
                fileInputStream.close();
            } catch (Throwable th3) {
                th2.addSuppressed(th3);
            }
            throw th2;
        }
    }
}
