package bin.signer;

import bin.signer.key.BaseSignatureKey;
import bin.util.StreamUtil;
import bin.zip.ZipEntry;
import bin.zip.ZipFile;
import bin.zip.ZipOutputStream;
import id.begal.apkeditor.splashscreen.BuildConfig;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.security.DigestOutputStream;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import java.util.jar.Attributes;
import java.util.jar.Manifest;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.apache.commons.io.IOUtils;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.SignerInfo;
import sun.security.util.DerValue;
import sun.security.x509.AlgorithmId;
import sun.security.x509.X500Name;

/* loaded from: classes4.dex */
public class ApkSigner {
    private static final String CERT_RSA_NAME = "META-INF/CERT.RSA";
    private static final String CERT_SF_NAME = "META-INF/CERT.SF";
    private static Pattern stripPattern = Pattern.compile("^META-INF/(.*)[.](SF|RSA|DSA)$");
    private static final ApkSignCallback SIGN_CALLBACK = new ApkSignCallback() { // from class: bin.signer.ApkSigner.1
        @Override // bin.signer.ApkSigner.ApkSignCallback
        public void onProgress(int i, int i2) {
        }

        @Override // bin.signer.ApkSigner.ApkSignCallback
        public void onStep(Step step) {
        }
    };

    /* loaded from: classes4.dex */
    public interface ApkSignCallback {
        void onProgress(int i, int i2);

        void onStep(Step step);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static class SignatureOutputStream extends OutputStream {
        private int mCount = 0;
        private Signature mSignature;
        private OutputStream out;

        public SignatureOutputStream(OutputStream outputStream, Signature signature) {
            this.out = outputStream;
            this.mSignature = signature;
        }

        public int size() {
            return this.mCount;
        }

        @Override // java.io.OutputStream
        public void write(int i) throws IOException {
            try {
                this.mSignature.update((byte) i);
                this.out.write(i);
                this.mCount++;
            } catch (SignatureException e) {
                throw new IOException("SignatureException: " + e);
            }
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            try {
                this.mSignature.update(bArr, i, i2);
                this.out.write(bArr, i, i2);
                this.mCount += i2;
            } catch (SignatureException e) {
                throw new IOException("SignatureException: " + e);
            }
        }
    }

    /* loaded from: classes4.dex */
    public enum Step {
        START,
        SIGN_FILE,
        OUTPUT,
        FINISH
    }

    private static Manifest addDigestsToManifest(ZipFile zipFile, ApkSignCallback apkSignCallback) throws IOException, GeneralSecurityException {
        Manifest manifest;
        Manifest manifest2 = new Manifest();
        ZipEntry entry = zipFile.getEntry("META-INF/MANIFEST.MF");
        Attributes mainAttributes = manifest2.getMainAttributes();
        if (entry != null) {
            Manifest manifest3 = new Manifest();
            manifest3.read(zipFile.getInputStream(entry));
            mainAttributes.putAll(manifest3.getMainAttributes());
            manifest = manifest3;
        } else {
            mainAttributes.putValue("Manifest-Version", BuildConfig.VERSION_NAME);
            mainAttributes.putValue("Created-By", "1.0 (APKEditorXPro)");
            manifest = null;
        }
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
        byte[] bArr = new byte[4096];
        TreeMap treeMap = new TreeMap();
        Enumeration<ZipEntry> entries = zipFile.getEntries();
        int i = 0;
        while (entries.hasMoreElements()) {
            ZipEntry nextElement = entries.nextElement();
            treeMap.put(nextElement.getName(), nextElement);
            i++;
        }
        int i2 = 0;
        for (ZipEntry zipEntry : treeMap.values()) {
            String name = zipEntry.getName();
            if (!zipEntry.isDirectory() && !name.equals("META-INF/MANIFEST.MF") && !name.equals(CERT_SF_NAME) && !name.equals(CERT_RSA_NAME) && (stripPattern == null || !stripPattern.matcher(name).matches())) {
                InputStream inputStream = zipFile.getInputStream(zipEntry);
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read <= 0) {
                        break;
                    }
                    messageDigest.update(bArr, 0, read);
                }
                Attributes attributes = manifest != null ? manifest.getAttributes(name) : null;
                Attributes attributes2 = attributes != null ? new Attributes(attributes) : new Attributes();
                attributes2.putValue("SHA1-Digest", Base64.getEncoder().encodeToString(messageDigest.digest()));
                manifest2.getEntries().put(name, attributes2);
            }
            int i3 = i2 + 1;
            apkSignCallback.onProgress(i3, i);
            i2 = i3;
        }
        return manifest2;
    }

    private static void copyFiles(Manifest manifest, ZipFile zipFile, ZipOutputStream zipOutputStream, long j, ApkSignCallback apkSignCallback) throws IOException {
        ArrayList arrayList = new ArrayList(manifest.getEntries().keySet());
        Collections.sort(arrayList);
        int i = 0;
        int size = arrayList.size();
        Iterator it = arrayList.iterator();
        while (true) {
            int i2 = i;
            if (!it.hasNext()) {
                return;
            }
            ZipEntry entry = zipFile.getEntry((String) it.next());
            entry.setTime(j);
            zipOutputStream.copyZipEntry(entry, zipFile);
            i = i2 + 1;
            apkSignCallback.onProgress(i, size);
        }
    }

    private static KeySpec decryptPrivateKey(byte[] bArr) throws GeneralSecurityException {
        try {
            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
            SecretKey generateSecret = SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec("".toCharArray()));
            Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
            cipher.init(2, generateSecret, encryptedPrivateKeyInfo.getAlgParameters());
            return encryptedPrivateKeyInfo.getKeySpec(cipher);
        } catch (IOException e) {
            return null;
        }
    }

    private static PrivateKey readPrivateKey(InputStream inputStream) throws IOException, GeneralSecurityException {
        KeySpec decryptPrivateKey;
        PrivateKey generatePrivate;
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(inputStream.available());
            byte[] bArr = new byte[1024];
            while (true) {
                int read = inputStream.read(bArr);
                if (read <= 0) {
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            byteArrayOutputStream.close();
            decryptPrivateKey = decryptPrivateKey(byteArray);
            if (decryptPrivateKey == null) {
                decryptPrivateKey = new PKCS8EncodedKeySpec(byteArray);
            }
            generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(decryptPrivateKey);
        } catch (InvalidKeySpecException e) {
            generatePrivate = KeyFactory.getInstance("DSA").generatePrivate(decryptPrivateKey);
        } finally {
            inputStream.close();
        }
        return generatePrivate;
    }

    private static X509Certificate readPublicKey(InputStream inputStream) throws IOException, GeneralSecurityException {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        } finally {
            inputStream.close();
        }
    }

    public static void signApk(File file, File file2, BaseSignatureKey baseSignatureKey, ApkSignCallback apkSignCallback) throws Exception {
        FileOutputStream fileOutputStream;
        ZipFile zipFile;
        Manifest addDigestsToManifest;
        long time;
        FileOutputStream fileOutputStream2;
        ApkSignCallback apkSignCallback2 = apkSignCallback == null ? SIGN_CALLBACK : apkSignCallback;
        try {
            apkSignCallback2.onStep(Step.START);
            X509Certificate readPublicKey = readPublicKey(baseSignatureKey.getPublicKey());
            PrivateKey readPrivateKey = readPrivateKey(baseSignatureKey.getPrivateKey());
            baseSignatureKey.recycle();
            zipFile = new ZipFile(file);
            try {
                apkSignCallback2.onStep(Step.SIGN_FILE);
                addDigestsToManifest = addDigestsToManifest(zipFile, apkSignCallback2);
                time = readPublicKey.getNotBefore().getTime() + 3600000;
                fileOutputStream2 = new FileOutputStream(file2);
            } catch (Throwable th) {
                th = th;
                fileOutputStream = null;
            }
            try {
                ZipOutputStream zipOutputStream = new ZipOutputStream(fileOutputStream2);
                zipOutputStream.setZipEncoding(zipFile.getZipEncoding());
                zipOutputStream.setMethod(8);
                zipOutputStream.setLevel(9);
                ZipEntry zipEntry = new ZipEntry("META-INF/MANIFEST.MF");
                zipEntry.setTime(time);
                zipOutputStream.putNextEntry(zipEntry);
                addDigestsToManifest.write(zipOutputStream);
                ZipEntry zipEntry2 = new ZipEntry(CERT_SF_NAME);
                zipEntry2.setTime(time);
                zipOutputStream.putNextEntry(zipEntry2);
                Signature signature = Signature.getInstance("SHA1withRSA");
                signature.initSign(readPrivateKey);
                writeSignatureFile(addDigestsToManifest, new SignatureOutputStream(zipOutputStream, signature));
                ZipEntry zipEntry3 = new ZipEntry(CERT_RSA_NAME);
                zipEntry3.setTime(time);
                zipOutputStream.putNextEntry(zipEntry3);
                writeSignatureBlock(signature, readPublicKey, zipOutputStream);
                apkSignCallback2.onStep(Step.OUTPUT);
                copyFiles(addDigestsToManifest, zipFile, zipOutputStream, time, apkSignCallback2);
                zipOutputStream.close();
                fileOutputStream2.flush();
                apkSignCallback2.onStep(Step.FINISH);
                StreamUtil.close(zipFile);
                StreamUtil.close(fileOutputStream2);
            } catch (Throwable th2) {
                th = th2;
                fileOutputStream = fileOutputStream2;
                StreamUtil.close(zipFile);
                StreamUtil.close(fileOutputStream);
                throw th;
            }
        } catch (Throwable th3) {
            th = th3;
            fileOutputStream = null;
            zipFile = null;
        }
    }

    private static void writeSignatureBlock(Signature signature, X509Certificate x509Certificate, OutputStream outputStream) throws IOException, GeneralSecurityException {
        new PKCS7(new AlgorithmId[]{AlgorithmId.get("SHA1")}, new ContentInfo(ContentInfo.DATA_OID, (DerValue) null), new X509Certificate[]{x509Certificate}, new SignerInfo[]{new SignerInfo(new X500Name(x509Certificate.getIssuerX500Principal().getName()), x509Certificate.getSerialNumber(), AlgorithmId.get("SHA1"), AlgorithmId.get("RSA"), signature.sign())}).encodeSignedData(outputStream);
    }

    private static void writeSignatureFile(Manifest manifest, SignatureOutputStream signatureOutputStream) throws IOException, GeneralSecurityException {
        signatureOutputStream.write("Signature-Version: 1.0\r\n".getBytes());
        signatureOutputStream.write("Created-By: 1.0 (APKEditorXPro)\r\n".getBytes());
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
        PrintStream printStream = new PrintStream((OutputStream) new DigestOutputStream(new ByteArrayOutputStream(), messageDigest), true, "UTF-8");
        manifest.write(printStream);
        printStream.flush();
        signatureOutputStream.write(("SHA1-Digest-Manifest: " + Base64.getEncoder().encodeToString(messageDigest.digest()) + "\r\n\r\n").getBytes());
        for (Map.Entry<String, Attributes> entry : manifest.getEntries().entrySet()) {
            String str = "Name: " + entry.getKey() + IOUtils.LINE_SEPARATOR_WINDOWS;
            printStream.print(str);
            for (Map.Entry<Object, Object> entry2 : entry.getValue().entrySet()) {
                printStream.print(entry2.getKey() + ": " + entry2.getValue() + IOUtils.LINE_SEPARATOR_WINDOWS);
            }
            printStream.print(IOUtils.LINE_SEPARATOR_WINDOWS);
            printStream.flush();
            signatureOutputStream.write(str.getBytes());
            signatureOutputStream.write(("SHA1-Digest: " + Base64.getEncoder().encodeToString(messageDigest.digest()) + "\r\n\r\n").getBytes());
        }
        if (signatureOutputStream.size() % 1024 == 0) {
            signatureOutputStream.write(13);
            signatureOutputStream.write(10);
        }
    }
}
