package com.alipay.mobile.quinox.security;

import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.Signature;
import android.text.TextUtils;
import com.alipay.mobile.framework.MpaasClassInfo;
import com.alipay.mobile.quinox.bundle.Bundle;
import com.alipay.mobile.quinox.utils.SharedPreferenceUtil;
import com.alipay.mobile.quinox.utils.TraceLogger;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;

@MpaasClassInfo(ExportJarName = "unknown", Level = "framework", Product = "quinox")
/* loaded from: classes.dex */
public class CertVerifier {
    public static final String KEY_CLIENT_SIGNATURE = "client_signature";

    /* renamed from: a, reason: collision with root package name */
    private PublicKey f23434a;
    private boolean b;
    private boolean c;

    public CertVerifier(boolean z) {
        this.b = z;
    }

    private static String a(byte[] bArr, int i) {
        byte[] bArr2 = {80, 75, 5, 6};
        int min = Math.min(bArr.length, i);
        for (int i2 = (min - 4) - 22; i2 >= 0; i2--) {
            boolean z = true;
            int i3 = 0;
            while (true) {
                if (i3 >= 4) {
                    break;
                }
                if (bArr[i2 + i3] != bArr2[i3]) {
                    z = false;
                    break;
                }
                i3++;
            }
            if (z) {
                int i4 = (bArr[i2 + 21] * 256) + bArr[i2 + 20];
                int i5 = (min - i2) - 22;
                new StringBuilder("ZIP comment found at buffer position ").append(i2 + 22).append(" with len=").append(i4).append(", good!");
                if (i4 != i5) {
                    new StringBuilder("WARNING! ZIP comment size mismatch: directory says len is ").append(i4).append(", but file ends after ").append(i5).append(" bytes!");
                }
                return new String(bArr, i2 + 22, Math.min(i4, i5));
            }
        }
        return null;
    }

    private static boolean a(PublicKey publicKey, JarEntry jarEntry, String str) {
        Certificate[] certificates = jarEntry.getCertificates();
        if (certificates == null) {
            TraceLogger.e("CertVerifier", str + " no certs");
            return false;
        }
        if (certificates.length <= 0) {
            return false;
        }
        for (int length = certificates.length - 1; length >= 0; length--) {
            try {
                certificates[length].verify(publicKey);
                return true;
            } catch (Throwable th) {
                TraceLogger.e("CertVerifier", str, th);
            }
        }
        return false;
    }

    private static byte[] a(JarFile jarFile, JarEntry jarEntry) {
        InputStream inputStream = null;
        try {
            inputStream = jarFile.getInputStream(jarEntry);
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            byte[] bArr = new byte[163840];
            while (true) {
                int read = inputStream.read(bArr);
                if (read <= 0) {
                    break;
                }
                messageDigest.update(bArr, 0, read);
            }
            return messageDigest.digest();
        } finally {
            if (inputStream != null) {
                inputStream.close();
            }
        }
    }

    public static String extractZipComment(File file) {
        try {
            int length = (int) file.length();
            FileInputStream fileInputStream = new FileInputStream(file);
            byte[] bArr = new byte[Math.min(length, 8192)];
            fileInputStream.skip(length - bArr.length);
            int read = fileInputStream.read(bArr);
            r0 = read > 0 ? a(bArr, read) : null;
            fileInputStream.close();
        } catch (Exception e) {
            file.getAbsolutePath();
        }
        return r0;
    }

    public boolean checkSign(Bundle bundle) {
        if (this.b || !bundle.containCode() || !this.c) {
            return true;
        }
        try {
            if (this.f23434a != null) {
                if (verifyApk(bundle.getLocation())) {
                    return true;
                }
            }
            return false;
        } catch (Throwable th) {
            TraceLogger.e("CertVerifier", "verify sign error : " + bundle.getLocation(), th);
            return false;
        }
    }

    protected PublicKey getPackageSignatures(Context context) {
        try {
            ApplicationInfo applicationInfo = context.getPackageManager().getApplicationInfo(context.getPackageName(), 128);
            if (applicationInfo != null && applicationInfo.metaData != null) {
                String string = applicationInfo.metaData.getString(KEY_CLIENT_SIGNATURE);
                if (!TextUtils.isEmpty(string)) {
                    return getPublicKey(new Signature(string).toByteArray());
                }
            }
        } catch (CertificateException e) {
            TraceLogger.e("CertVerifier", "get signature error ", e);
        } catch (Throwable th) {
            TraceLogger.e("CertVerifier", "get unknown error ", th);
        }
        return null;
    }

    protected PublicKey getPublicKey(byte[] bArr) {
        return ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr))).getPublicKey();
    }

    public void init(Context context) {
        if (this.f23434a == null) {
            this.f23434a = getPackageSignatures(context);
            this.c = SharedPreferenceUtil.getInstance().getDefaultSharedPreference(context).getBoolean("quinox_cert_verifier", false);
            TraceLogger.i("CertVerifier", "mEnable=" + this.c);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:23:0x004e, code lost:
    
        if (r1 == 0) goto L20;
     */
    /* JADX WARN: Type inference failed for: r1v10 */
    /* JADX WARN: Type inference failed for: r1v11, types: [boolean] */
    /* JADX WARN: Type inference failed for: r1v7, types: [java.security.Signature] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean verifyApk(java.lang.String r6) {
        /*
            r5 = this;
            r0 = 1
            boolean r1 = r5.b
            if (r1 != 0) goto L9
            boolean r1 = r5.c
            if (r1 != 0) goto La
        L9:
            return r0
        La:
            java.io.File r3 = new java.io.File
            r3.<init>(r6)
            r2 = 0
            java.util.jar.JarFile r1 = new java.util.jar.JarFile     // Catch: java.lang.Throwable -> L52
            r1.<init>(r6)     // Catch: java.lang.Throwable -> L52
            java.lang.String r2 = "classes.dex"
            java.util.jar.JarEntry r2 = r1.getJarEntry(r2)     // Catch: java.lang.Throwable -> L5e
            if (r2 != 0) goto L21
            r1.close()
            goto L9
        L21:
            byte[] r4 = a(r1, r2)     // Catch: java.lang.Throwable -> L5e
            java.lang.String r3 = extractZipComment(r3)     // Catch: java.lang.Throwable -> L5e
            if (r3 != 0) goto L35
            java.security.PublicKey r0 = r5.f23434a     // Catch: java.lang.Throwable -> L5e
            boolean r0 = a(r0, r2, r6)     // Catch: java.lang.Throwable -> L5e
            r1.close()
            goto L9
        L35:
            byte[] r2 = com.alipay.mobile.quinox.security.HexUtil.hexToBytes(r3)     // Catch: java.lang.Throwable -> L5e
            r1.close()
            java.lang.String r1 = "SHA1withRSA"
            java.security.Signature r1 = java.security.Signature.getInstance(r1)
            java.security.PublicKey r3 = r5.f23434a     // Catch: java.security.SignatureException -> L5a java.security.InvalidKeyException -> L5c
            r1.initVerify(r3)     // Catch: java.security.SignatureException -> L5a java.security.InvalidKeyException -> L5c
            r1.update(r4)     // Catch: java.security.SignatureException -> L5a java.security.InvalidKeyException -> L5c
            boolean r1 = r1.verify(r2)     // Catch: java.security.SignatureException -> L5a java.security.InvalidKeyException -> L5c
            if (r1 != 0) goto L9
        L50:
            r0 = 0
            goto L9
        L52:
            r0 = move-exception
            r1 = r2
        L54:
            if (r1 == 0) goto L59
            r1.close()
        L59:
            throw r0
        L5a:
            r0 = move-exception
            goto L50
        L5c:
            r0 = move-exception
            goto L50
        L5e:
            r0 = move-exception
            goto L54
        */
        throw new UnsupportedOperationException("Method not decompiled: com.alipay.mobile.quinox.security.CertVerifier.verifyApk(java.lang.String):boolean");
    }
}
