package com.microsoft.msix.internal.signature;

import a.a$$ExternalSyntheticOutline0;
import android.content.Context;
import com.google.common.base.Optional;
import com.microsoft.msix.AppxFactory;
import com.microsoft.msix.AppxSignature$Origin;
import com.microsoft.msix.internal.DefaultAppxFactory;
import com.microsoft.teams.richtext.views.ChatEditText;
import java.io.DataInputStream;
import java.io.InputStream;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.Set;
import kotlin.Lazy;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.collections.CollectionsKt__IterablesKt;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.MutablePropertyReference0Impl;
import kotlin.ranges.IntRange;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;

/* loaded from: classes2.dex */
public final class DefaultAppxSignature {
    public static final IntRange EXPECTED_DIGESTS_COUNT = new IntRange(4, 5);
    public boolean _isValid;
    public AppxSignature$Origin _origin;
    public String _publisher;
    public final byte[] appxBlockMapDigest;
    public final AppxFactory appxFactory;
    public final CMSSignedData cmsSignedData;
    public final LinkedHashMap digests;
    public final InputStream inputStream;
    public final Lazy trustAnchors$delegate;

    public DefaultAppxSignature(DefaultAppxFactory defaultAppxFactory, InputStream inputStream) {
        this.appxFactory = defaultAppxFactory;
        this.inputStream = inputStream;
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        this.digests = linkedHashMap;
        this._origin = AppxSignature$Origin.UNSIGNED;
        this._publisher = "Unknown";
        this.trustAnchors$delegate = LazyKt__LazyJVMKt.lazy(new Function0() { // from class: com.microsoft.msix.internal.signature.DefaultAppxSignature$trustAnchors$2
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            /* renamed from: invoke */
            public final Set<TrustAnchor> mo604invoke() {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                Context context = ((DefaultAppxFactory) DefaultAppxSignature.this.appxFactory).configuration.applicationContext;
                LinkedHashSet linkedHashSet = new LinkedHashSet();
                String[] list = context.getAssets().list("msix/cacerts");
                if (list != null) {
                    for (String str : list) {
                        InputStream open = context.getAssets().open(Intrinsics.stringPlus(str, "msix/cacerts/"));
                        try {
                            Certificate generateCertificate = certificateFactory.generateCertificate(open);
                            if (generateCertificate instanceof X509Certificate) {
                                linkedHashSet.add(new TrustAnchor((X509Certificate) generateCertificate, null));
                            }
                            CloseableKt.closeFinally(open, null);
                        } finally {
                        }
                    }
                }
                return linkedHashSet;
            }
        });
        DataInputStream dataInputStream = new DataInputStream(inputStream);
        try {
            if (dataInputStream.readInt() != 1347109720) {
                throw new SignatureException("Invalid signature: bad P7X file.", null, 2, null);
            }
            try {
                this.cmsSignedData = new CMSSignedData(dataInputStream);
                verifySignature();
                validateCertificateChain();
                findOrigin();
                findPublisher();
                findDigests();
                this._isValid = true;
                CloseableKt.closeFinally(dataInputStream, null);
                new MutablePropertyReference0Impl(this) { // from class: com.microsoft.msix.internal.signature.DefaultAppxSignature$publisher$2
                    @Override // kotlin.jvm.internal.MutablePropertyReference0Impl, kotlin.jvm.internal.MutablePropertyReference0, kotlin.reflect.KProperty0
                    public Object get() {
                        return ((DefaultAppxSignature) this.receiver)._publisher;
                    }

                    @Override // kotlin.jvm.internal.MutablePropertyReference0Impl, kotlin.jvm.internal.MutablePropertyReference0, kotlin.reflect.KMutableProperty0
                    public void set(Object obj) {
                        ((DefaultAppxSignature) this.receiver)._publisher = (String) obj;
                    }
                };
                new MutablePropertyReference0Impl(this) { // from class: com.microsoft.msix.internal.signature.DefaultAppxSignature$isValid$2
                    @Override // kotlin.jvm.internal.MutablePropertyReference0Impl, kotlin.jvm.internal.MutablePropertyReference0, kotlin.reflect.KProperty0
                    public Object get() {
                        return Boolean.valueOf(((DefaultAppxSignature) this.receiver)._isValid);
                    }

                    @Override // kotlin.jvm.internal.MutablePropertyReference0Impl, kotlin.jvm.internal.MutablePropertyReference0, kotlin.reflect.KMutableProperty0
                    public void set(Object obj) {
                        ((DefaultAppxSignature) this.receiver)._isValid = ((Boolean) obj).booleanValue();
                    }
                };
                new MutablePropertyReference0Impl(this) { // from class: com.microsoft.msix.internal.signature.DefaultAppxSignature$origin$2
                    @Override // kotlin.jvm.internal.MutablePropertyReference0Impl, kotlin.jvm.internal.MutablePropertyReference0, kotlin.reflect.KProperty0
                    public Object get() {
                        return ((DefaultAppxSignature) this.receiver)._origin;
                    }

                    @Override // kotlin.jvm.internal.MutablePropertyReference0Impl, kotlin.jvm.internal.MutablePropertyReference0, kotlin.reflect.KMutableProperty0
                    public void set(Object obj) {
                        ((DefaultAppxSignature) this.receiver)._origin = (AppxSignature$Origin) obj;
                    }
                };
                this.appxBlockMapDigest = (byte[]) linkedHashMap.get(1296193601);
            } catch (CMSException e) {
                throw new SignatureException(null, e, 1, null);
            }
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                CloseableKt.closeFinally(dataInputStream, th);
                throw th2;
            }
        }
    }

    public final void findDigests() {
        CMSTypedData cMSTypedData = this.cmsSignedData.signedContent;
        Intrinsics.checkNotNullExpressionValue(cMSTypedData, "cmsSignedData.signedContent");
        SPCIndirectData sPCIndirectData = new SPCIndirectData(cMSTypedData);
        String str = sPCIndirectData.data.type;
        if (str == null) {
            throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
        }
        if (!str.contentEquals("1.3.6.1.4.1.311.2.1.30")) {
            throw new SignatureException("AppX header missing in signature.", null, 2, null);
        }
        try {
            ByteBuffer order = ByteBuffer.wrap(sPCIndirectData.messageDigest.digest.string).order(ByteOrder.LITTLE_ENDIAN);
            while (order.hasRemaining()) {
                int i = order.getInt();
                switch (i) {
                    case 1129338945:
                    case 1145264193:
                    case 1229150273:
                    case 1296193601:
                    case 1413699649:
                        byte[] bArr = new byte[32];
                        order.get(bArr);
                        this.digests.put(Integer.valueOf(i), bArr);
                        break;
                }
            }
            IntRange intRange = EXPECTED_DIGESTS_COUNT;
            int i2 = intRange.first;
            int i3 = intRange.last;
            int size = this.digests.size();
            boolean z = false;
            if (i2 <= size && size <= i3) {
                z = true;
            }
            if (z) {
                return;
            }
            StringBuilder m = a$$ExternalSyntheticOutline0.m("Signature file has missing digests. (found: ");
            m.append(this.digests.size());
            m.append("; expected: 4 || 5)");
            throw new SignatureException(m.toString(), null, 2, null);
        } catch (BufferUnderflowException e) {
            throw new SignatureException("Error reading AppX header from signature file.", e);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:20:0x0087, code lost:
    
        if (r0 != com.microsoft.msix.AppxSignature$Origin.UNKNOWN) goto L36;
     */
    /* JADX WARN: Code restructure failed: missing block: B:21:0x0089, code lost:
    
        if (r2 == false) goto L34;
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x0093, code lost:
    
        throw new com.microsoft.msix.internal.signature.SignatureException("Unknown signature origin.", null, 2, null);
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x0096, code lost:
    
        if (r0 == com.microsoft.msix.AppxSignature$Origin.STORE) goto L44;
     */
    /* JADX WARN: Code restructure failed: missing block: B:27:0x009a, code lost:
    
        if (r0 == com.microsoft.msix.AppxSignature$Origin.LOB) goto L44;
     */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x009c, code lost:
    
        if (r2 == false) goto L42;
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x00a6, code lost:
    
        throw new com.microsoft.msix.internal.signature.SignatureException("Origin check failed.", null, 2, null);
     */
    /* JADX WARN: Code restructure failed: missing block: B:31:0x00a7, code lost:
    
        r10._origin = r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x00a9, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void findOrigin() {
        /*
            r10 = this;
            com.microsoft.msix.AppxSignature$Origin r0 = com.microsoft.msix.AppxSignature$Origin.UNKNOWN
            com.microsoft.msix.AppxFactory r1 = r10.appxFactory
            com.microsoft.msix.internal.DefaultAppxFactory r1 = (com.microsoft.msix.internal.DefaultAppxFactory) r1
            com.microsoft.msix.AppxFactory$Configuration r1 = r1.configuration
            boolean r2 = r1.allowSignatureUnknownOrigin
            boolean r1 = r1.allowUnsignedPackage
            org.bouncycastle.cms.CMSSignedData r3 = r10.cmsSignedData
            com.google.common.base.Optional$1 r3 = r3.getCertificates()
            r4 = 0
            java.util.ArrayList r3 = r3.getMatches(r4)
            org.bouncycastle.cert.jcajce.JcaX509CertificateConverter r5 = new org.bouncycastle.cert.jcajce.JcaX509CertificateConverter
            r5.<init>()
            boolean r6 = r3.isEmpty()
            if (r6 == 0) goto L29
            if (r1 == 0) goto L29
            com.microsoft.msix.AppxSignature$Origin r0 = com.microsoft.msix.AppxSignature$Origin.UNSIGNED
            r10._origin = r0
            return
        L29:
            java.util.Iterator r1 = r3.iterator()
        L2d:
            boolean r3 = r1.hasNext()
            r6 = 2
            if (r3 == 0) goto L85
            java.lang.Object r3 = r1.next()
            org.bouncycastle.cert.X509CertificateHolder r3 = (org.bouncycastle.cert.X509CertificateHolder) r3
            if (r3 == 0) goto L7d
            java.security.cert.X509Certificate r3 = r5.getCertificate(r3)
            java.util.List r3 = r3.getExtendedKeyUsage()
            if (r3 != 0) goto L48
            r3 = r4
            goto L72
        L48:
            boolean r7 = r3.isEmpty()
            r8 = 0
            if (r7 == 0) goto L50
            goto L6e
        L50:
            java.util.Iterator r3 = r3.iterator()
        L54:
            boolean r7 = r3.hasNext()
            if (r7 == 0) goto L6e
            java.lang.Object r7 = r3.next()
            java.lang.String r7 = (java.lang.String) r7
            java.lang.String r9 = "it"
            kotlin.jvm.internal.Intrinsics.checkNotNullExpressionValue(r7, r9)
            java.lang.String r9 = "1.3.6.1.4.1.311.76"
            boolean r7 = kotlin.text.StringsKt__StringsJVMKt.startsWith$default(r7, r9, r8, r6, r4)
            if (r7 == 0) goto L54
            r8 = 1
        L6e:
            java.lang.Boolean r3 = java.lang.Boolean.valueOf(r8)
        L72:
            java.lang.Boolean r7 = java.lang.Boolean.TRUE
            boolean r3 = kotlin.jvm.internal.Intrinsics.areEqual(r3, r7)
            if (r3 == 0) goto L2d
            com.microsoft.msix.AppxSignature$Origin r0 = com.microsoft.msix.AppxSignature$Origin.STORE
            goto L85
        L7d:
            java.lang.NullPointerException r0 = new java.lang.NullPointerException
            java.lang.String r1 = "null cannot be cast to non-null type org.bouncycastle.cert.X509CertificateHolder"
            r0.<init>(r1)
            throw r0
        L85:
            com.microsoft.msix.AppxSignature$Origin r1 = com.microsoft.msix.AppxSignature$Origin.UNKNOWN
            if (r0 != r1) goto L94
            if (r2 == 0) goto L8c
            goto L94
        L8c:
            com.microsoft.msix.internal.signature.SignatureException r0 = new com.microsoft.msix.internal.signature.SignatureException
            java.lang.String r1 = "Unknown signature origin."
            r0.<init>(r1, r4, r6, r4)
            throw r0
        L94:
            com.microsoft.msix.AppxSignature$Origin r1 = com.microsoft.msix.AppxSignature$Origin.STORE
            if (r0 == r1) goto La7
            com.microsoft.msix.AppxSignature$Origin r1 = com.microsoft.msix.AppxSignature$Origin.LOB
            if (r0 == r1) goto La7
            if (r2 == 0) goto L9f
            goto La7
        L9f:
            com.microsoft.msix.internal.signature.SignatureException r0 = new com.microsoft.msix.internal.signature.SignatureException
            java.lang.String r1 = "Origin check failed."
            r0.<init>(r1, r4, r6, r4)
            throw r0
        La7:
            r10._origin = r0
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.msix.internal.signature.DefaultAppxSignature.findOrigin():void");
    }

    public final void findPublisher() {
        if (((DefaultAppxFactory) this.appxFactory).configuration.allowUnsignedPackage) {
            return;
        }
        SignerInformationStore signerInfos = this.cmsSignedData.getSignerInfos();
        Intrinsics.checkNotNullExpressionValue(signerInfos, "cmsSignedData.signerInfos");
        SignerInformation signerInformation = (SignerInformation) CollectionsKt___CollectionsKt.firstOrNull(signerInfos);
        if (signerInformation == null) {
            throw new SignatureException("No signers found.", null, 2, null);
        }
        Optional.AnonymousClass1 certificates = this.cmsSignedData.getCertificates();
        SignerId signerId = signerInformation.sid;
        if (signerId == null) {
            throw new NullPointerException("null cannot be cast to non-null type org.bouncycastle.util.Selector<org.bouncycastle.cert.X509CertificateHolder>");
        }
        X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) CollectionsKt___CollectionsKt.firstOrNull((Iterable) certificates.getMatches(signerId));
        if (x509CertificateHolder == null) {
            throw new SignatureException("Unable to find signer certificate.", null, 2, null);
        }
        String x500Name = x509CertificateHolder.getIssuer().toString();
        Intrinsics.checkNotNullExpressionValue(x500Name, "cert.issuer.toString()");
        this._publisher = x500Name;
    }

    public final void validateCertificateChain() {
        AppxFactory.Configuration configuration = ((DefaultAppxFactory) this.appxFactory).configuration;
        if (configuration.allowUnsignedPackage || configuration.allowSignatureUnknownOrigin) {
            return;
        }
        JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
        ArrayList matches = this.cmsSignedData.getCertificates().getMatches(null);
        ArrayList arrayList = new ArrayList(CollectionsKt__IterablesKt.collectionSizeOrDefault(matches, 10));
        Iterator it = matches.iterator();
        while (it.hasNext()) {
            X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) it.next();
            if (x509CertificateHolder == null) {
                throw new NullPointerException("null cannot be cast to non-null type org.bouncycastle.cert.X509CertificateHolder");
            }
            arrayList.add(jcaX509CertificateConverter.getCertificate(x509CertificateHolder));
        }
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList));
        SignerInformationStore signerInfos = this.cmsSignedData.getSignerInfos();
        signerInfos.getClass();
        ArrayList arrayList2 = new ArrayList(signerInfos.all);
        ArrayList arrayList3 = new ArrayList(CollectionsKt__IterablesKt.collectionSizeOrDefault(arrayList2, 10));
        Iterator it2 = arrayList2.iterator();
        while (it2.hasNext()) {
            SignerInformation signerInformation = (SignerInformation) it2.next();
            Optional.AnonymousClass1 certificates = this.cmsSignedData.getCertificates();
            SignerId signerId = signerInformation.sid;
            if (signerId == null) {
                throw new NullPointerException("null cannot be cast to non-null type org.bouncycastle.util.Selector<org.bouncycastle.cert.X509CertificateHolder>");
            }
            arrayList3.add((X509CertificateHolder) CollectionsKt___CollectionsKt.firstOrNull((Iterable) certificates.getMatches(signerId)));
        }
        ArrayList arrayList4 = new ArrayList();
        Iterator it3 = arrayList3.iterator();
        while (it3.hasNext()) {
            X509CertificateHolder x509CertificateHolder2 = (X509CertificateHolder) it3.next();
            if (x509CertificateHolder2 == null) {
                throw new NullPointerException("null cannot be cast to non-null type org.bouncycastle.cert.X509CertificateHolder");
            }
            X509Certificate certificate = jcaX509CertificateConverter.getCertificate(x509CertificateHolder2);
            if (certificate != null) {
                arrayList4.add(certificate);
            }
        }
        Iterator it4 = arrayList4.iterator();
        while (it4.hasNext()) {
            X509Certificate x509Certificate = (X509Certificate) it4.next();
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(x509Certificate);
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters((Set<TrustAnchor>) this.trustAnchors$delegate.getValue(), x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.addCertPathChecker(new CertPathChecker());
            pKIXBuilderParameters.addCertStore(certStore);
            pKIXBuilderParameters.setDate(x509Certificate.getNotBefore());
            try {
                CertPath certPath = CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters).getCertPath();
                Intrinsics.checkNotNullExpressionValue(certPath, "certPathBuilderResult.certPath");
                if (!((DefaultAppxFactory) this.appxFactory).configuration.skipSignatureValidation) {
                    X509CertSelector x509CertSelector2 = new X509CertSelector();
                    x509CertSelector2.setKeyUsage(new boolean[]{true, true, false, false});
                    PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) this.trustAnchors$delegate.getValue());
                    pKIXParameters.setTargetCertConstraints(x509CertSelector2);
                    pKIXParameters.setRevocationEnabled(false);
                    pKIXParameters.setDate(x509Certificate.getNotBefore());
                    pKIXParameters.addCertPathChecker(new CertPathChecker());
                    try {
                        CertPathValidatorResult validate = CertPathValidator.getInstance("PKIX").validate(certPath, pKIXParameters);
                        if (validate == null) {
                            throw new NullPointerException("null cannot be cast to non-null type java.security.cert.PKIXCertPathValidatorResult");
                        }
                    } catch (InvalidAlgorithmParameterException e) {
                        throw new SignatureException("Unknown error.", e);
                    } catch (CertPathValidatorException e2) {
                        throw new SignatureException("Signature validation failed.", e2);
                    }
                }
            } catch (InvalidAlgorithmParameterException e3) {
                throw new SignatureException("Unexpected error.", e3);
            } catch (CertPathBuilderException e4) {
                throw new SignatureException("Signature origin is not trusted.", e4);
            }
        }
    }

    public final void verifySignature() {
        if (((DefaultAppxFactory) this.appxFactory).configuration.allowUnsignedPackage) {
            return;
        }
        Optional.AnonymousClass1 certificates = this.cmsSignedData.getCertificates();
        SignerInformationStore signerInfos = this.cmsSignedData.getSignerInfos();
        signerInfos.getClass();
        Iterator it = new ArrayList(signerInfos.all).iterator();
        while (it.hasNext()) {
            SignerInformation signerInformation = (SignerInformation) it.next();
            SignerId signerId = signerInformation.sid;
            if (signerId == null) {
                throw new NullPointerException("null cannot be cast to non-null type org.bouncycastle.util.Selector<org.bouncycastle.cert.X509CertificateHolder>");
            }
            X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) CollectionsKt___CollectionsKt.firstOrNull((Iterable) certificates.getMatches(signerId));
            if (x509CertificateHolder == null) {
                throw new SignatureException("Signer certificate not found.", null, 2, null);
            }
            try {
                if (!signerInformation.verify(new ChatEditText.AnonymousClass1(7).build(x509CertificateHolder))) {
                    throw new SignatureException("Signature verification failed.", null, 2, null);
                }
            } catch (CMSException e) {
                throw new SignatureException("Signature verification failed.", e);
            }
        }
    }
}
