package kellinwood.security.zipsigner;

import android.content.Context;
import android.util.Base64;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.net.URL;
import java.security.DigestOutputStream;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.TreeMap;
import java.util.jar.Attributes;
import java.util.jar.Manifest;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import kellinwood.zipio.ZioEntry;
import kellinwood.zipio.ZipOutput;
import org.apache.commons.lang3.time.DateUtils;
import p044.p077.p078.p086.C1320;
import p044.p121.p124.p125.C10170;
import p245.C12315;

/* loaded from: classes3.dex */
public class ZipSigner {
    public static ClassLoader sBouncyCastleClassLoader;
    public KeySet keySet;
    public final TreeMap<String, byte[]> mSha1Digests;
    public static final String KEY_PLATFORM = "platform";
    public static final String KEY_SHARED = "shared";
    public static final String KEY_TESTKEY = "testkey";
    public static final String KEY_MEDIA = "media";
    public static final String CERT_SF_NAME = "META-INF/CERT.SF";
    public static final String TAG = "ZipSigner";
    public static final String KEY_NONE = "none";
    public static final String CERT_RSA_NAME = "META-INF/CERT.RSA";
    public Map<String, KeySet> loadedKeys = new HashMap();
    public String keymode = "testkey";

    public ZipSigner(TreeMap<String, byte[]> treeMap) {
        this.mSha1Digests = treeMap;
    }

    private Manifest addDigestsToManifest() {
        Manifest manifest = new Manifest();
        Attributes mainAttributes = manifest.getMainAttributes();
        mainAttributes.putValue("Manifest-Version", "1.0");
        mainAttributes.putValue("Created-By", "App Cloner");
        for (String str : this.mSha1Digests.keySet()) {
            Attributes attributes = new Attributes();
            attributes.putValue("SHA1-Digest", Base64.encodeToString(this.mSha1Digests.get(str), 2));
            manifest.getEntries().put(str, attributes);
        }
        return manifest;
    }

    private KeySpec decryptPrivateKey(byte[] bArr, String str) {
        try {
            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
            SecretKey generateSecret = SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(str.toCharArray()));
            Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
            cipher.init(2, generateSecret, encryptedPrivateKeyInfo.getAlgParameters());
            return encryptedPrivateKeyInfo.getKeySpec(cipher);
        } catch (IOException unused) {
            return null;
        }
    }

    private void generateSignatureFile(Manifest manifest, OutputStream outputStream) {
        outputStream.write("Signature-Version: 1.0\r\n".getBytes());
        outputStream.write("Created-By: App Cloner\r\n".getBytes());
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
        PrintStream printStream = new PrintStream((OutputStream) new DigestOutputStream(new ByteArrayOutputStream(), messageDigest), true, "UTF-8");
        manifest.write(printStream);
        printStream.flush();
        outputStream.write(("SHA1-Digest-Manifest: " + Base64.encodeToString(messageDigest.digest(), 2) + "\r\n\r\n").getBytes());
        for (Map.Entry<String, Attributes> entry : manifest.getEntries().entrySet()) {
            StringBuilder m4236 = C10170.m4236("Name: ");
            m4236.append(entry.getKey());
            m4236.append("\r\n");
            String sb = m4236.toString();
            printStream.print(sb);
            for (Map.Entry<Object, Object> entry2 : entry.getValue().entrySet()) {
                printStream.print(entry2.getKey() + ": " + entry2.getValue() + "\r\n");
            }
            printStream.print("\r\n");
            printStream.flush();
            outputStream.write(sb.getBytes());
            outputStream.write(("SHA1-Digest: " + Base64.encodeToString(messageDigest.digest(), 2) + "\r\n\r\n").getBytes());
        }
    }

    private void loadKeys(String str) {
        KeySet keySet = this.loadedKeys.get(str);
        this.keySet = keySet;
        if (keySet != null) {
            return;
        }
        KeySet keySet2 = new KeySet();
        this.keySet = keySet2;
        keySet2.setName(str);
        this.loadedKeys.put(str, this.keySet);
        if ("none".equals(str)) {
            return;
        }
        this.keySet.setPrivateKey(readPrivateKey(ZipSigner.class.getResource("/keys/" + str + ".pk8"), null));
        this.keySet.setPublicKey(readPublicKey(ZipSigner.class.getResource("/keys/" + str + ".x509.pem")));
        URL resource = ZipSigner.class.getResource("/keys/" + str + ".sbt");
        if (resource != null) {
            this.keySet.setSigBlockTemplate(readContentAsBytes(resource));
        }
    }

    public static synchronized void maybeAddBountyCastleProvider(Context context) {
        synchronized (ZipSigner.class) {
            if (sBouncyCastleClassLoader == null) {
                long currentTimeMillis = System.currentTimeMillis();
                try {
                    try {
                        try {
                            ClassLoader m7031 = C12315.m7031(context, "bc/classes.dex");
                            sBouncyCastleClassLoader = m7031;
                            Security.addProvider((Provider) m7031.loadClass("org.spongycastle.jce.provider.BouncyCastleProvider").newInstance());
                        } catch (Exception e) {
                            throw new RuntimeException(e);
                        }
                    } catch (IOException e2) {
                        throw e2;
                    }
                } finally {
                    C1320.m3253(TAG, "mayAddBountyCastleProvider; took: " + (System.currentTimeMillis() - currentTimeMillis) + " millis");
                }
            }
        }
    }

    private byte[] readContentAsBytes(InputStream inputStream) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[2048];
        int read = inputStream.read(bArr);
        while (read != -1) {
            byteArrayOutputStream.write(bArr, 0, read);
            read = inputStream.read(bArr);
        }
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] readContentAsBytes(URL url) {
        return readContentAsBytes(url.openStream());
    }

    private void writeSignatureBlock(KeySet keySet, byte[] bArr, OutputStream outputStream) {
        if (keySet.getSigBlockTemplate() == null) {
            try {
                outputStream.write((byte[]) sBouncyCastleClassLoader.loadClass("kellinwood.security.zipsigner.optional.SignatureBlockGenerator").getMethod("generate", KeySet.class, new byte[1].getClass()).invoke(null, keySet, bArr));
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } else {
            ZipSignature zipSignature = new ZipSignature();
            zipSignature.initSign(keySet.getPrivateKey());
            zipSignature.update(bArr);
            byte[] sign = zipSignature.sign();
            outputStream.write(keySet.getSigBlockTemplate());
            outputStream.write(sign);
        }
    }

    public String getKeymode() {
        return this.keymode;
    }

    public PrivateKey readPrivateKey(URL url, String str) {
        KeySpec decryptPrivateKey;
        DataInputStream dataInputStream = new DataInputStream(url.openStream());
        try {
            byte[] readContentAsBytes = readContentAsBytes(dataInputStream);
            decryptPrivateKey = decryptPrivateKey(readContentAsBytes, str);
            if (decryptPrivateKey == null) {
                decryptPrivateKey = new PKCS8EncodedKeySpec(readContentAsBytes);
            }
            return KeyFactory.getInstance("RSA").generatePrivate(decryptPrivateKey);
        } catch (InvalidKeySpecException unused) {
            return KeyFactory.getInstance("DSA").generatePrivate(decryptPrivateKey);
        } finally {
            dataInputStream.close();
        }
    }

    public X509Certificate readPublicKey(URL url) {
        InputStream openStream = url.openStream();
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(openStream);
        } finally {
            openStream.close();
        }
    }

    public void setKeymode(String str) {
        this.keymode = str;
        loadKeys(str);
    }

    public void setKeys(String str, X509Certificate x509Certificate, PrivateKey privateKey, String str2, byte[] bArr) {
        this.keySet = new KeySet(str, x509Certificate, privateKey, str2, bArr);
    }

    public void setKeys(String str, X509Certificate x509Certificate, PrivateKey privateKey, byte[] bArr) {
        this.keySet = new KeySet(str, x509Certificate, privateKey, bArr);
    }

    public void signZip(Context context, InputStream inputStream, String str, char[] cArr, String str2, char[] cArr2, String str3, Map<String, ZioEntry> map, ZipOutput zipOutput) {
        KeyStore keyStore;
        try {
            maybeAddBountyCastleProvider(context);
            if (str == null) {
                str = KeyStore.getDefaultType();
            }
            if ("JKS".equalsIgnoreCase(str)) {
                try {
                    keyStore = (KeyStore) sBouncyCastleClassLoader.loadClass("kellinwood.security.zipsigner.optional.JksKeyStore").newInstance();
                } catch (Exception e) {
                    throw new IOException(e);
                }
            } else {
                keyStore = KeyStore.getInstance(str);
            }
            keyStore.load(inputStream, cArr);
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str2);
            if (x509Certificate == null) {
                throw new NoSuchElementException("Public key not found.");
            }
            setKeys("custom", x509Certificate, (PrivateKey) keyStore.getKey(str2, cArr2), str3, null);
            signZip(map, zipOutput);
        } finally {
            if (inputStream != null) {
                inputStream.close();
            }
        }
    }

    public void signZip(Map<String, ZioEntry> map, ZipOutput zipOutput) {
        KeySet keySet = this.keySet;
        if (keySet == null) {
            throw new IllegalStateException("No keys configured for signing the file!");
        }
        if ("none".equals(keySet.getName())) {
            return;
        }
        long time = this.keySet.getPublicKey().getNotBefore().getTime() + DateUtils.MILLIS_PER_HOUR;
        Manifest addDigestsToManifest = addDigestsToManifest();
        ZioEntry zioEntry = new ZioEntry("META-INF/MANIFEST.MF");
        zioEntry.setTime(time);
        addDigestsToManifest.write(zioEntry.getOutputStream());
        zipOutput.write(zioEntry);
        ZioEntry zioEntry2 = new ZioEntry("META-INF/CERT.SF");
        zioEntry2.setTime(time);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        generateSignatureFile(addDigestsToManifest, byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        zioEntry2.getOutputStream().write(byteArray);
        zipOutput.write(zioEntry2);
        ZioEntry zioEntry3 = new ZioEntry("META-INF/CERT.RSA");
        zioEntry3.setTime(time);
        writeSignatureBlock(this.keySet, byteArray, zioEntry3.getOutputStream());
        zipOutput.write(zioEntry3);
    }
}
