package com.android.apksig;

import a.a.a.a.a.i.r.c;
import com.android.apksig.DefaultApkSignerEngine;
import com.android.apksig.apk.ApkFormatException;
import com.android.apksig.apk.ApkUtils;
import com.android.apksig.internal.apk.ApkSigningBlockUtils;
import com.android.apksig.internal.apk.SignatureAlgorithm;
import com.android.apksig.internal.apk.v3.V3SchemeSigner;
import com.android.apksig.internal.apk.v3.V3SigningCertificateLineage;
import com.android.apksig.internal.util.ByteBufferUtils;
import com.android.apksig.internal.util.Pair;
import com.android.apksig.internal.util.RandomAccessFileDataSink;
import com.android.apksig.util.DataSink;
import com.android.apksig.util.DataSource;
import com.android.apksig.util.DataSources;
import com.android.apksig.zip.ZipFormatException;
import java.io.File;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;

/* loaded from: classes.dex */
public class SigningCertificateLineage {
    private static final int CURRENT_VERSION = 1;
    private static final int FIRST_VERSION = 1;
    public static final int MAGIC = 1056913873;
    private static final int PAST_CERT_AUTH = 16;
    private static final int PAST_CERT_INSTALLED_DATA = 1;
    private static final int PAST_CERT_PERMISSION = 4;
    private static final int PAST_CERT_ROLLBACK = 8;
    private static final int PAST_CERT_SHARED_USER_ID = 2;
    private final int mMinSdkVersion;
    private final List mSigningLineage;

    /* loaded from: classes.dex */
    public class Builder {
        private int mMinSdkVersion;
        private SignerCapabilities mNewCapabilities;
        private final SignerConfig mNewSignerConfig;
        private SignerCapabilities mOriginalCapabilities;
        private final SignerConfig mOriginalSignerConfig;

        public Builder(SignerConfig signerConfig, SignerConfig signerConfig2) {
            if (signerConfig == null || signerConfig2 == null) {
                throw new NullPointerException("Can't pass null SignerConfigs when constructing a new SigningCertificateLineage");
            }
            this.mOriginalSignerConfig = signerConfig;
            this.mNewSignerConfig = signerConfig2;
        }

        public SigningCertificateLineage build() {
            if (this.mMinSdkVersion < 28) {
                this.mMinSdkVersion = 28;
            }
            if (this.mOriginalCapabilities == null) {
                this.mOriginalCapabilities = new SignerCapabilities.Builder().build();
            }
            if (this.mNewCapabilities == null) {
                this.mNewCapabilities = new SignerCapabilities.Builder().build();
            }
            return SigningCertificateLineage.createSigningLineage(this.mMinSdkVersion, this.mOriginalSignerConfig, this.mOriginalCapabilities, this.mNewSignerConfig, this.mNewCapabilities);
        }

        public Builder setMinSdkVersion(int i) {
            this.mMinSdkVersion = i;
            return this;
        }

        public Builder setNewCapabilities(SignerCapabilities signerCapabilities) {
            Objects.requireNonNull(signerCapabilities, "signerCapabilities == null");
            this.mNewCapabilities = signerCapabilities;
            return this;
        }

        public Builder setOriginalCapabilities(SignerCapabilities signerCapabilities) {
            Objects.requireNonNull(signerCapabilities, "signerCapabilities == null");
            this.mOriginalCapabilities = signerCapabilities;
            return this;
        }
    }

    /* loaded from: classes.dex */
    public class SignerCapabilities {
        private final int mCallerConfiguredFlags;
        private final int mFlags;

        /* loaded from: classes.dex */
        public class Builder {
            private int mCallerConfiguredFlags;
            private int mFlags;

            public Builder() {
                this.mFlags = SigningCertificateLineage.access$100();
            }

            public Builder(int i) {
                this.mFlags = i;
            }

            public SignerCapabilities build() {
                return new SignerCapabilities(this.mFlags, this.mCallerConfiguredFlags);
            }

            public Builder setAuth(boolean z) {
                this.mCallerConfiguredFlags |= 16;
                this.mFlags = z ? this.mFlags | 16 : this.mFlags & (-17);
                return this;
            }

            public Builder setCallerConfiguredCapabilities(SignerCapabilities signerCapabilities) {
                this.mFlags = (signerCapabilities.mCallerConfiguredFlags & signerCapabilities.mFlags) | (this.mFlags & (signerCapabilities.mCallerConfiguredFlags ^ (-1)));
                return this;
            }

            public Builder setInstalledData(boolean z) {
                this.mCallerConfiguredFlags |= 1;
                this.mFlags = z ? this.mFlags | 1 : this.mFlags & (-2);
                return this;
            }

            public Builder setPermission(boolean z) {
                this.mCallerConfiguredFlags |= 4;
                this.mFlags = z ? this.mFlags | 4 : this.mFlags & (-5);
                return this;
            }

            public Builder setRollback(boolean z) {
                this.mCallerConfiguredFlags |= 8;
                this.mFlags = z ? this.mFlags | 8 : this.mFlags & (-9);
                return this;
            }

            public Builder setSharedUid(boolean z) {
                this.mCallerConfiguredFlags |= 2;
                this.mFlags = z ? this.mFlags | 2 : this.mFlags & (-3);
                return this;
            }
        }

        private SignerCapabilities(int i) {
            this(i, 0);
        }

        private SignerCapabilities(int i, int i2) {
            this.mFlags = i;
            this.mCallerConfiguredFlags = i2;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public int getFlags() {
            return this.mFlags;
        }

        public boolean equals(SignerCapabilities signerCapabilities) {
            return this.mFlags == signerCapabilities.mFlags;
        }

        public boolean hasAuth() {
            return (this.mFlags & 16) != 0;
        }

        public boolean hasInstalledData() {
            return (this.mFlags & 1) != 0;
        }

        public boolean hasPermission() {
            return (this.mFlags & 4) != 0;
        }

        public boolean hasRollback() {
            return (this.mFlags & 8) != 0;
        }

        public boolean hasSharedUid() {
            return (this.mFlags & 2) != 0;
        }
    }

    /* loaded from: classes.dex */
    public class SignerConfig {
        private final X509Certificate mCertificate;
        private final PrivateKey mPrivateKey;

        /* loaded from: classes.dex */
        public class Builder {
            private final X509Certificate mCertificate;
            private final PrivateKey mPrivateKey;

            public Builder(PrivateKey privateKey, X509Certificate x509Certificate) {
                this.mPrivateKey = privateKey;
                this.mCertificate = x509Certificate;
            }

            public SignerConfig build() {
                return new SignerConfig(this.mPrivateKey, this.mCertificate);
            }
        }

        private SignerConfig(PrivateKey privateKey, X509Certificate x509Certificate) {
            this.mPrivateKey = privateKey;
            this.mCertificate = x509Certificate;
        }

        public X509Certificate getCertificate() {
            return this.mCertificate;
        }

        public PrivateKey getPrivateKey() {
            return this.mPrivateKey;
        }
    }

    private SigningCertificateLineage(int i, List list) {
        this.mMinSdkVersion = i;
        this.mSigningLineage = list;
    }

    static /* synthetic */ int access$100() {
        return calculateDefaultFlags();
    }

    private static int calculateDefaultFlags() {
        return 23;
    }

    private static int calculateMinSdkVersion(List list) {
        int minSdkVersion;
        if (list == null) {
            throw new IllegalArgumentException("Can't calculate minimum SDK version of null nodes");
        }
        int i = 28;
        Iterator it = list.iterator();
        while (it.hasNext()) {
            V3SigningCertificateLineage.SigningCertificateNode signingCertificateNode = (V3SigningCertificateLineage.SigningCertificateNode) it.next();
            if (signingCertificateNode.sigAlgorithm != null && (minSdkVersion = signingCertificateNode.sigAlgorithm.getMinSdkVersion()) > i) {
                i = minSdkVersion;
            }
        }
        return i;
    }

    public static SigningCertificateLineage consolidateLineages(List list) {
        if (list == null || list.isEmpty()) {
            return null;
        }
        int i = 0;
        int i2 = 0;
        for (int i3 = 0; i3 < list.size(); i3++) {
            int size = ((SigningCertificateLineage) list.get(i3)).size();
            if (size > i2) {
                i = i3;
                i2 = size;
            }
        }
        List list2 = ((SigningCertificateLineage) list.get(i)).mSigningLineage;
        for (int i4 = 0; i4 < list.size(); i4++) {
            if (i4 != i) {
                List list3 = ((SigningCertificateLineage) list.get(i4)).mSigningLineage;
                if (!list3.equals(list2.subList(0, list3.size()))) {
                    throw new IllegalArgumentException("Inconsistent SigningCertificateLineages. Not all lineages are subsets of each other.");
                }
            }
        }
        return (SigningCertificateLineage) list.get(i);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SigningCertificateLineage createSigningLineage(int i, SignerConfig signerConfig, SignerCapabilities signerCapabilities, SignerConfig signerConfig2, SignerCapabilities signerCapabilities2) {
        return new SigningCertificateLineage(i, new ArrayList()).spawnFirstDescendant(signerConfig, signerCapabilities).spawnDescendant(signerConfig, signerConfig2, signerCapabilities2);
    }

    private SignatureAlgorithm getSignatureAlgorithm(SignerConfig signerConfig) {
        return (SignatureAlgorithm) V3SchemeSigner.getSuggestedSignatureAlgorithms(signerConfig.getCertificate().getPublicKey(), this.mMinSdkVersion, false).get(0);
    }

    private static SigningCertificateLineage read(ByteBuffer byteBuffer) {
        ApkSigningBlockUtils.checkByteOrderLittleEndian(byteBuffer);
        if (byteBuffer.remaining() < 8) {
            throw new IllegalArgumentException("Improper SigningCertificateLineage format: insufficient data for header.");
        }
        if (byteBuffer.getInt() == 1056913873) {
            return read(byteBuffer, byteBuffer.getInt());
        }
        throw new IllegalArgumentException("Improper SigningCertificateLineage format: MAGIC header mismatch.");
    }

    private static SigningCertificateLineage read(ByteBuffer byteBuffer, int i) {
        if (i != 1) {
            throw new IllegalArgumentException("Improper SigningCertificateLineage format: unrecognized version.");
        }
        try {
            List readSigningCertificateLineage = V3SigningCertificateLineage.readSigningCertificateLineage(ApkSigningBlockUtils.getLengthPrefixedSlice(byteBuffer));
            return new SigningCertificateLineage(calculateMinSdkVersion(readSigningCertificateLineage), readSigningCertificateLineage);
        } catch (ApkFormatException e) {
            throw new IOException("Unable to read list of signing certificate nodes in SigningCertificateLineage", e);
        }
    }

    public static SigningCertificateLineage readFromApkDataSource(DataSource dataSource) {
        try {
            ByteBuffer lengthPrefixedSlice = ApkSigningBlockUtils.getLengthPrefixedSlice(ApkSigningBlockUtils.findSignature(dataSource, ApkUtils.findZipSections(dataSource), V3SchemeSigner.APK_SIGNATURE_SCHEME_V3_BLOCK_ID, new ApkSigningBlockUtils.Result(3)).signatureBlock);
            ArrayList arrayList = new ArrayList(1);
            while (lengthPrefixedSlice.hasRemaining()) {
                try {
                    arrayList.add(readFromSignedData(ApkSigningBlockUtils.getLengthPrefixedSlice(ApkSigningBlockUtils.getLengthPrefixedSlice(lengthPrefixedSlice))));
                } catch (IllegalArgumentException unused) {
                }
            }
            if (arrayList.isEmpty()) {
                throw new IllegalArgumentException("The provided APK does not contain a valid lineage.");
            }
            return arrayList.size() > 1 ? consolidateLineages(arrayList) : (SigningCertificateLineage) arrayList.get(0);
        } catch (ApkSigningBlockUtils.SignatureNotFoundException unused2) {
            throw new IllegalArgumentException("The provided APK does not contain a valid V3 signature block.");
        } catch (ZipFormatException e) {
            throw new ApkFormatException(e.getMessage());
        }
    }

    public static SigningCertificateLineage readFromApkFile(File file) {
        RandomAccessFile randomAccessFile = new RandomAccessFile(file, c.a.d);
        try {
            SigningCertificateLineage readFromApkDataSource = readFromApkDataSource(DataSources.asDataSource(randomAccessFile, 0L, randomAccessFile.length()));
            randomAccessFile.close();
            return readFromApkDataSource;
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                try {
                    randomAccessFile.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
                throw th2;
            }
        }
    }

    public static SigningCertificateLineage readFromDataSource(DataSource dataSource) {
        Objects.requireNonNull(dataSource, "dataSource == null");
        ByteBuffer byteBuffer = dataSource.getByteBuffer(0L, (int) dataSource.size());
        byteBuffer.order(ByteOrder.LITTLE_ENDIAN);
        return read(byteBuffer);
    }

    public static SigningCertificateLineage readFromFile(File file) {
        Objects.requireNonNull(file, "file == null");
        return readFromDataSource(DataSources.asDataSource(new RandomAccessFile(file, c.a.d)));
    }

    public static SigningCertificateLineage readFromSignedData(ByteBuffer byteBuffer) {
        ApkSigningBlockUtils.getLengthPrefixedSlice(byteBuffer);
        ApkSigningBlockUtils.getLengthPrefixedSlice(byteBuffer);
        byteBuffer.getInt();
        byteBuffer.getInt();
        ByteBuffer lengthPrefixedSlice = ApkSigningBlockUtils.getLengthPrefixedSlice(byteBuffer);
        ArrayList arrayList = new ArrayList(1);
        while (lengthPrefixedSlice.hasRemaining()) {
            ByteBuffer lengthPrefixedSlice2 = ApkSigningBlockUtils.getLengthPrefixedSlice(lengthPrefixedSlice);
            if (lengthPrefixedSlice2.getInt() == 1000370060) {
                arrayList.add(readFromV3AttributeValue(ByteBufferUtils.toByteArray(lengthPrefixedSlice2)));
            }
        }
        if (arrayList.isEmpty()) {
            throw new IllegalArgumentException("The signed data does not contain a valid lineage.");
        }
        return arrayList.size() > 1 ? consolidateLineages(arrayList) : (SigningCertificateLineage) arrayList.get(0);
    }

    public static SigningCertificateLineage readFromV3AttributeValue(byte[] bArr) {
        List readSigningCertificateLineage = V3SigningCertificateLineage.readSigningCertificateLineage(ByteBuffer.wrap(bArr).order(ByteOrder.LITTLE_ENDIAN));
        return new SigningCertificateLineage(calculateMinSdkVersion(readSigningCertificateLineage), readSigningCertificateLineage);
    }

    private SigningCertificateLineage spawnFirstDescendant(SignerConfig signerConfig, SignerCapabilities signerCapabilities) {
        if (!this.mSigningLineage.isEmpty()) {
            throw new IllegalStateException("SigningCertificateLineage already has its first node");
        }
        try {
            getSignatureAlgorithm(signerConfig);
            return new SigningCertificateLineage(this.mMinSdkVersion, Collections.singletonList(new V3SigningCertificateLineage.SigningCertificateNode(signerConfig.getCertificate(), null, null, new byte[0], signerCapabilities.getFlags())));
        } catch (InvalidKeyException e) {
            throw new IllegalArgumentException("Algorithm associated with first signing certificate invalid on desired platform versions", e);
        }
    }

    private ByteBuffer write() {
        byte[] encodeSigningCertificateLineage = V3SigningCertificateLineage.encodeSigningCertificateLineage(this.mSigningLineage);
        ByteBuffer allocate = ByteBuffer.allocate(encodeSigningCertificateLineage.length + 12);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.putInt(MAGIC);
        allocate.putInt(1);
        allocate.putInt(encodeSigningCertificateLineage.length);
        allocate.put(encodeSigningCertificateLineage);
        allocate.flip();
        return allocate;
    }

    public byte[] generateV3SignerAttribute() {
        byte[] encodeSigningCertificateLineage = V3SigningCertificateLineage.encodeSigningCertificateLineage(this.mSigningLineage);
        ByteBuffer allocate = ByteBuffer.allocate(encodeSigningCertificateLineage.length + 8);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.putInt(encodeSigningCertificateLineage.length + 4);
        allocate.putInt(V3SchemeSigner.PROOF_OF_ROTATION_ATTR_ID);
        allocate.put(encodeSigningCertificateLineage);
        return allocate.array();
    }

    public List getCertificatesInLineage() {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < this.mSigningLineage.size(); i++) {
            arrayList.add(((V3SigningCertificateLineage.SigningCertificateNode) this.mSigningLineage.get(i)).signingCert);
        }
        return arrayList;
    }

    public SignerCapabilities getSignerCapabilities(SignerConfig signerConfig) {
        Objects.requireNonNull(signerConfig, "config == null");
        return getSignerCapabilities(signerConfig.getCertificate());
    }

    public SignerCapabilities getSignerCapabilities(X509Certificate x509Certificate) {
        Objects.requireNonNull(x509Certificate, "cert == null");
        for (int i = 0; i < this.mSigningLineage.size(); i++) {
            V3SigningCertificateLineage.SigningCertificateNode signingCertificateNode = (V3SigningCertificateLineage.SigningCertificateNode) this.mSigningLineage.get(i);
            if (signingCertificateNode.signingCert.equals(x509Certificate)) {
                return new SignerCapabilities.Builder(signingCertificateNode.flags).build();
            }
        }
        throw new IllegalArgumentException("Certificate (" + x509Certificate.getSubjectDN() + ") not found in the SigningCertificateLineage");
    }

    public SigningCertificateLineage getSubLineage(X509Certificate x509Certificate) {
        Objects.requireNonNull(x509Certificate, "x509Certificate == null");
        for (int i = 0; i < this.mSigningLineage.size(); i++) {
            if (((V3SigningCertificateLineage.SigningCertificateNode) this.mSigningLineage.get(i)).signingCert.equals(x509Certificate)) {
                return new SigningCertificateLineage(this.mMinSdkVersion, new ArrayList(this.mSigningLineage.subList(0, i + 1)));
            }
        }
        throw new IllegalArgumentException("Certificate not found in SigningCertificateLineage");
    }

    public boolean isCertificateInLineage(X509Certificate x509Certificate) {
        Objects.requireNonNull(x509Certificate, "cert == null");
        for (int i = 0; i < this.mSigningLineage.size(); i++) {
            if (((V3SigningCertificateLineage.SigningCertificateNode) this.mSigningLineage.get(i)).signingCert.equals(x509Certificate)) {
                return true;
            }
        }
        return false;
    }

    public boolean isSignerInLineage(SignerConfig signerConfig) {
        Objects.requireNonNull(signerConfig, "config == null");
        return isCertificateInLineage(signerConfig.getCertificate());
    }

    public int size() {
        return this.mSigningLineage.size();
    }

    public List sortSignerConfigs(List list) {
        Objects.requireNonNull(list, "signerConfigs == null");
        ArrayList arrayList = new ArrayList(list.size());
        for (int i = 0; i < this.mSigningLineage.size(); i++) {
            int i2 = 0;
            while (true) {
                if (i2 < list.size()) {
                    DefaultApkSignerEngine.SignerConfig signerConfig = (DefaultApkSignerEngine.SignerConfig) list.get(i2);
                    if (((V3SigningCertificateLineage.SigningCertificateNode) this.mSigningLineage.get(i)).signingCert.equals(signerConfig.getCertificates().get(0))) {
                        arrayList.add(signerConfig);
                        break;
                    }
                    i2++;
                }
            }
        }
        if (arrayList.size() == list.size()) {
            return arrayList;
        }
        throw new IllegalArgumentException("SignerConfigs supplied which are not present in the SigningCertificateLineage");
    }

    public SigningCertificateLineage spawnDescendant(SignerConfig signerConfig, SignerConfig signerConfig2) {
        if (signerConfig == null || signerConfig2 == null) {
            throw new NullPointerException("can't add new descendant to lineage with null inputs");
        }
        return spawnDescendant(signerConfig, signerConfig2, new SignerCapabilities.Builder().build());
    }

    public SigningCertificateLineage spawnDescendant(SignerConfig signerConfig, SignerConfig signerConfig2, SignerCapabilities signerCapabilities) {
        Objects.requireNonNull(signerConfig, "parent == null");
        Objects.requireNonNull(signerConfig2, "child == null");
        Objects.requireNonNull(signerCapabilities, "childCapabilities == null");
        if (this.mSigningLineage.isEmpty()) {
            throw new IllegalArgumentException("Cannot spawn descendant signing certificate on an empty SigningCertificateLineage: no parent node");
        }
        List list = this.mSigningLineage;
        V3SigningCertificateLineage.SigningCertificateNode signingCertificateNode = (V3SigningCertificateLineage.SigningCertificateNode) list.get(list.size() - 1);
        if (!Arrays.equals(signingCertificateNode.signingCert.getEncoded(), signerConfig.getCertificate().getEncoded())) {
            throw new IllegalArgumentException("SignerConfig Certificate containing private key to sign the new SigningCertificateLineage record does not match the existing most recent record");
        }
        SignatureAlgorithm signatureAlgorithm = getSignatureAlgorithm(signerConfig);
        ByteBuffer wrap = ByteBuffer.wrap(V3SigningCertificateLineage.encodeSignedData(signerConfig2.getCertificate(), signatureAlgorithm.getId()));
        wrap.position(4);
        ByteBuffer allocate = ByteBuffer.allocate(wrap.remaining());
        allocate.put(wrap);
        byte[] array = allocate.array();
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(signerConfig.getCertificate());
        ApkSigningBlockUtils.SignerConfig signerConfig3 = new ApkSigningBlockUtils.SignerConfig();
        signerConfig3.privateKey = signerConfig.getPrivateKey();
        signerConfig3.certificates = arrayList;
        signerConfig3.signatureAlgorithms = Collections.singletonList(signatureAlgorithm);
        List generateSignaturesOverData = ApkSigningBlockUtils.generateSignaturesOverData(signerConfig3, array);
        SignatureAlgorithm findById = SignatureAlgorithm.findById(((Integer) ((Pair) generateSignaturesOverData.get(0)).getFirst()).intValue());
        byte[] bArr = (byte[]) ((Pair) generateSignaturesOverData.get(0)).getSecond();
        signingCertificateNode.sigAlgorithm = findById;
        V3SigningCertificateLineage.SigningCertificateNode signingCertificateNode2 = new V3SigningCertificateLineage.SigningCertificateNode(signerConfig2.getCertificate(), findById, null, bArr, signerCapabilities.getFlags());
        ArrayList arrayList2 = new ArrayList(this.mSigningLineage);
        arrayList2.add(signingCertificateNode2);
        return new SigningCertificateLineage(this.mMinSdkVersion, arrayList2);
    }

    public void updateSignerCapabilities(SignerConfig signerConfig, SignerCapabilities signerCapabilities) {
        Objects.requireNonNull(signerConfig, "config == null");
        X509Certificate certificate = signerConfig.getCertificate();
        for (int i = 0; i < this.mSigningLineage.size(); i++) {
            V3SigningCertificateLineage.SigningCertificateNode signingCertificateNode = (V3SigningCertificateLineage.SigningCertificateNode) this.mSigningLineage.get(i);
            if (signingCertificateNode.signingCert.equals(certificate)) {
                signingCertificateNode.flags = new SignerCapabilities.Builder(signingCertificateNode.flags).setCallerConfiguredCapabilities(signerCapabilities).build().getFlags();
                return;
            }
        }
        throw new IllegalArgumentException("Certificate (" + certificate.getSubjectDN() + ") not found in the SigningCertificateLineage");
    }

    public void writeToDataSink(DataSink dataSink) {
        Objects.requireNonNull(dataSink, "dataSink == null");
        dataSink.consume(write());
    }

    public void writeToFile(File file) {
        Objects.requireNonNull(file, "file == null");
        writeToDataSink(new RandomAccessFileDataSink(new RandomAccessFile(file, "rw")));
    }
}
