package com.atak.plugins.impl;

import android.content.Context;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.os.SystemClock;
import android.util.Base64;
import atak.core.aak;
import atak.core.vl;
import com.atakmap.android.util.b;
import com.atakmap.coremap.filesystem.FileSystemUtils;
import com.atakmap.coremap.log.Log;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: classes.dex */
class PluginValidator {
    private static final int INVALID = 0;
    private static final String TAG = "PluginValidator";
    private static final int VALID = 1;
    private static final Map<String, String> hashCache = new HashMap();
    private static final Map<String, String> validatedCache = new HashMap();

    private PluginValidator() {
    }

    private static byte[] check(byte[] bArr, byte[] bArr2, byte[][] bArr3) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature;
        Object th = null;
        for (byte[] bArr4 : bArr3) {
            try {
                PublicKey publicKey = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr4)).getPublicKey();
                signature = Signature.getInstance("SHA256withRSA");
                signature.initVerify(publicKey);
                signature.update(bArr2);
            } catch (Throwable th2) {
                th = th2;
            }
            if (signature.verify(bArr)) {
                return bArr4;
            }
        }
        if (th instanceof CertificateException) {
            throw ((CertificateException) th);
        }
        if (th instanceof NoSuchAlgorithmException) {
            throw ((NoSuchAlgorithmException) th);
        }
        if (th instanceof InvalidKeyException) {
            throw ((InvalidKeyException) th);
        }
        if (th instanceof SignatureException) {
            throw ((SignatureException) th);
        }
        return null;
    }

    public static boolean checkAppTransparencySignature(Context context, String str, String[] strArr) {
        String str2;
        ZipFile zipFile;
        ZipEntry entry;
        InputStream inputStream;
        String b;
        boolean z;
        long elapsedRealtime = SystemClock.elapsedRealtime();
        try {
            PackageInfo packageInfo = context.getPackageManager().getPackageInfo(str, 128);
            File file = new File(packageInfo.applicationInfo.sourceDir);
            String str3 = str + "," + packageInfo.lastUpdateTime;
            Map<String, String> map = hashCache;
            synchronized (map) {
                str2 = map.get(str3);
                if (str2 == null) {
                    str2 = vl.b(file);
                    map.put(str3, str2);
                    Log.d(TAG, "generated a fragile hash cache for: " + str3);
                }
            }
            try {
                String retrieveValidityRecord = retrieveValidityRecord(str);
                if (retrieveValidityRecord != null) {
                    String[] split = retrieveValidityRecord.split("\\.");
                    if (split.length > 1) {
                        if (split[0].equals(str2)) {
                            Log.d(TAG, "previously validated signature and hashes for: " + str + " took: " + (SystemClock.elapsedRealtime() - elapsedRealtime) + "ms");
                            return !split[1].equals(Integer.toString(0)) && split.length > 2 && !FileSystemUtils.isEmpty(split[2]) && contains(strArr, split[2]);
                        }
                        removeValidityRecord(str);
                    }
                }
            } catch (Exception unused) {
            }
            ZipFile zipFile2 = null;
            InputStream inputStream2 = null;
            zipFile2 = null;
            try {
                try {
                    try {
                        zipFile = new ZipFile(file);
                    } catch (Exception e) {
                        e = e;
                    }
                } catch (Throwable th) {
                    th = th;
                }
            } catch (Exception unused2) {
            }
            try {
                entry = zipFile.getEntry("META-INF/code_transparency_signed.jwt");
            } catch (Exception e2) {
                e = e2;
                zipFile2 = zipFile;
                Log.d(TAG, "error during validity check: " + str, e);
                if (zipFile2 != null) {
                    zipFile2.close();
                }
                persistValidityRecord(str, str2, 0, "");
                return false;
            } catch (Throwable th2) {
                th = th2;
                zipFile2 = zipFile;
                if (zipFile2 != null) {
                    try {
                        zipFile2.close();
                    } catch (Exception unused3) {
                    }
                }
                throw th;
            }
            if (entry == null) {
                persistValidityRecord(str, str2, 0, "");
                try {
                    zipFile.close();
                } catch (Exception unused4) {
                }
                return false;
            }
            String copyStreamToString = FileSystemUtils.copyStreamToString(zipFile.getInputStream(entry), true, FileSystemUtils.UTF8_CHARSET);
            byte[][] bArr = new byte[strArr.length];
            for (int i = 0; i < strArr.length; i++) {
                bArr[i] = b.f(strArr[i]);
            }
            String substring = copyStreamToString.substring(0, copyStreamToString.lastIndexOf("."));
            byte[] check = check(Base64.decode(copyStreamToString.substring(copyStreamToString.lastIndexOf(".") + 1), 10), substring.getBytes(), bArr);
            if (check == null) {
                Log.d(TAG, "invalid signature for: " + str + " took: " + (SystemClock.elapsedRealtime() - elapsedRealtime) + "ms");
                persistValidityRecord(str, str2, 0, "");
                zipFile.close();
                persistValidityRecord(str, str2, 0, "");
                return false;
            }
            JSONArray jSONArray = new JSONObject(new String(Base64.decode(substring.split("\\.")[1], 10), FileSystemUtils.UTF8_CHARSET)).getJSONArray("codeRelatedFile");
            for (int i2 = 0; i2 < jSONArray.length(); i2++) {
                JSONObject jSONObject = jSONArray.getJSONObject(i2);
                String string = jSONObject.getString(aak.c);
                String string2 = jSONObject.getString("sha256");
                ZipEntry entry2 = zipFile.getEntry(string.replace("base/dex/", "").replace("base/lib/", "lib/"));
                if (entry2 != null) {
                    try {
                        inputStream = zipFile.getInputStream(entry2);
                        try {
                            b = vl.b(inputStream);
                            z = false;
                        } catch (Throwable th3) {
                            th = th3;
                            inputStream2 = inputStream;
                            if (inputStream2 != null) {
                                inputStream2.close();
                            }
                            throw th;
                        }
                    } catch (Throwable th4) {
                        th = th4;
                    }
                } else {
                    Log.e(TAG, "missing: " + string);
                    inputStream = null;
                    b = null;
                    z = true;
                }
                if (inputStream != null) {
                    inputStream.close();
                }
                if (!z && !string2.equals(b)) {
                    Log.d(TAG, "valid signature but invalid hashes for: " + str + "@" + string + " took: " + (SystemClock.elapsedRealtime() - elapsedRealtime) + "ms");
                    persistValidityRecord(str, str2, 0, "");
                    try {
                        zipFile.close();
                    } catch (Exception unused5) {
                    }
                    return false;
                }
            }
            Log.d(TAG, "valid signature and hashes for: " + str + " took: " + (SystemClock.elapsedRealtime() - elapsedRealtime) + "ms");
            persistValidityRecord(str, str2, 1, b.a(check));
            try {
                zipFile.close();
            } catch (Exception unused6) {
            }
            return true;
        } catch (PackageManager.NameNotFoundException unused7) {
            return false;
        }
    }

    private static boolean contains(String[] strArr, String str) {
        for (String str2 : strArr) {
            if (str2.equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void invalidateHash(String str) {
        Map<String, String> map = hashCache;
        synchronized (map) {
            Set<Map.Entry<String, String>> entrySet = map.entrySet();
            ArrayList arrayList = new ArrayList();
            Iterator<Map.Entry<String, String>> it = entrySet.iterator();
            while (it.hasNext()) {
                String key = it.next().getKey();
                if (key.startsWith(str + ",")) {
                    arrayList.add(key);
                }
            }
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                hashCache.remove((String) it2.next());
            }
        }
    }

    private static void persistValidityRecord(String str, String str2, int i, String str3) {
        validatedCache.put(str, str2 + "." + i + "." + str3);
    }

    private static void removeValidityRecord(String str) {
        validatedCache.remove(str);
    }

    private static String retrieveValidityRecord(String str) {
        return validatedCache.get(str);
    }
}
