package com.alipay.mobile.quinox.security;

import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.Signature;
import android.text.TextUtils;
import android.util.Log;
import com.alipay.mobile.quinox.bundle.Bundle;
import com.alipay.mobile.quinox.bundle.IBundleOperator;
import com.alipay.mobile.quinox.utils.LogUtil;
import com.alipay.mobile.quinox.utils.SharedPreferenceUtil;
import com.alipay.mobile.quinox.utils.TraceLogger;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;

/* loaded from: classes3.dex */
public class CertVerifier {
    public static final String KEY_CLIENT_SIGNATURE = "client_signature";
    private PublicKey a;
    private boolean b;
    private boolean c;

    public CertVerifier(boolean z) {
        this.b = z;
    }

    private static String a(byte[] bArr, int i) {
        byte[] bArr2 = {80, 75, 5, 6};
        int min = Math.min(bArr.length, i);
        for (int i2 = (min - 4) - 22; i2 >= 0; i2--) {
            boolean z = false;
            int i3 = 0;
            while (true) {
                if (i3 >= 4) {
                    z = true;
                    break;
                }
                if (bArr[i2 + i3] != bArr2[i3]) {
                    break;
                }
                i3++;
            }
            if (z) {
                int i4 = bArr[i2 + 20] + (bArr[i2 + 21] * 256);
                int i5 = (min - i2) - 22;
                StringBuilder sb = new StringBuilder("ZIP comment found at buffer position ");
                int i6 = i2 + 22;
                sb.append(i6);
                sb.append(" with len=");
                sb.append(i4);
                sb.append(", good!");
                LogUtil.i("CertVerifier", sb.toString());
                if (i4 != i5) {
                    LogUtil.i("CertVerifier", "WARNING! ZIP comment size mismatch: directory says len is " + i4 + ", but file ends after " + i5 + " bytes!");
                }
                return new String(bArr, i6, Math.min(i4, i5));
            }
        }
        LogUtil.d("CertVerifier", "ERROR! ZIP comment NOT found!");
        return null;
    }

    private static boolean a(PublicKey publicKey, JarEntry jarEntry, String str) {
        Certificate[] certificates = jarEntry.getCertificates();
        if (certificates == null) {
            TraceLogger.e("CertVerifier", str + " no certs");
            return false;
        }
        if (certificates.length > 0) {
            for (int length = certificates.length - 1; length >= 0; length--) {
                try {
                    certificates[length].verify(publicKey);
                    return true;
                } catch (Throwable th) {
                    TraceLogger.e("CertVerifier", str, th);
                }
            }
        }
        return false;
    }

    private static byte[] a(JarFile jarFile, JarEntry jarEntry) {
        InputStream inputStream;
        try {
            inputStream = jarFile.getInputStream(jarEntry);
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
                byte[] bArr = new byte[163840];
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read <= 0) {
                        break;
                    }
                    messageDigest.update(bArr, 0, read);
                }
                byte[] digest = messageDigest.digest();
                if (inputStream != null) {
                    inputStream.close();
                }
                return digest;
            } catch (Throwable th) {
                th = th;
                if (inputStream != null) {
                    inputStream.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
            inputStream = null;
        }
    }

    public static String extractZipComment(File file) {
        try {
            int length = (int) file.length();
            FileInputStream fileInputStream = new FileInputStream(file);
            byte[] bArr = new byte[Math.min(length, 8192)];
            fileInputStream.skip(length - r3);
            int read = fileInputStream.read(bArr);
            r0 = read > 0 ? a(bArr, read) : null;
            fileInputStream.close();
        } catch (Exception e) {
            Log.e("CertVerifier", file.getAbsolutePath(), e);
        }
        return r0;
    }

    public boolean checkSign(Bundle bundle) {
        if (this.b || !bundle.containCode() || !this.c) {
            return true;
        }
        try {
            if (this.a != null) {
                if (verifyApk(bundle.getLocation())) {
                    return true;
                }
            }
            return false;
        } catch (Throwable th) {
            TraceLogger.e("CertVerifier", "verify sign error : " + bundle.getLocation(), th);
            return false;
        }
    }

    protected PublicKey getPackageSignatures(Context context) {
        try {
            ApplicationInfo applicationInfo = context.getPackageManager().getApplicationInfo(context.getPackageName(), 128);
            if (applicationInfo == null || applicationInfo.metaData == null) {
                return null;
            }
            String string = applicationInfo.metaData.getString(KEY_CLIENT_SIGNATURE);
            if (TextUtils.isEmpty(string)) {
                return null;
            }
            return getPublicKey(new Signature(string).toByteArray());
        } catch (CertificateException e) {
            TraceLogger.e("CertVerifier", "get signature error ", e);
            return null;
        } catch (Throwable th) {
            TraceLogger.e("CertVerifier", "get unknown error ", th);
            return null;
        }
    }

    protected PublicKey getPublicKey(byte[] bArr) {
        return ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr))).getPublicKey();
    }

    public void init(Context context) {
        if (this.a == null) {
            this.a = getPackageSignatures(context);
            this.c = SharedPreferenceUtil.getInstance().getDefaultSharedPreference(context).getBoolean("quinox_cert_verifier", false);
            TraceLogger.i("CertVerifier", "mEnable=" + this.c);
        }
    }

    public boolean verifyApk(String str) {
        if (this.b || !this.c) {
            return true;
        }
        File file = new File(str);
        JarFile jarFile = null;
        try {
            JarFile jarFile2 = new JarFile(str);
            try {
                JarEntry jarEntry = jarFile2.getJarEntry(IBundleOperator.CLASSES_DEX);
                if (jarEntry == null) {
                    jarFile2.close();
                    return true;
                }
                byte[] a = a(jarFile2, jarEntry);
                String extractZipComment = extractZipComment(file);
                if (extractZipComment == null) {
                    LogUtil.d("CertVerifier", "old cert: ".concat(String.valueOf(str)));
                    boolean a2 = a(this.a, jarEntry, str);
                    jarFile2.close();
                    return a2;
                }
                byte[] hexToBytes = HexUtil.hexToBytes(extractZipComment);
                jarFile2.close();
                java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
                try {
                    signature.initVerify(this.a);
                    signature.update(a);
                    return signature.verify(hexToBytes);
                } catch (InvalidKeyException e) {
                    Log.e("CertVerifier", str, e);
                    return false;
                } catch (SignatureException e2) {
                    Log.e("CertVerifier", str, e2);
                    return false;
                }
            } catch (Throwable th) {
                th = th;
                jarFile = jarFile2;
                if (jarFile != null) {
                    jarFile.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }
}
