package com.topjohnwu.utils;

import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FilterOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.io.RandomAccessFile;
import java.security.DigestOutputStream;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.TreeMap;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarOutputStream;
import java.util.jar.Manifest;
import java.util.regex.Pattern;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: classes.dex */
public class SignAPK {
    public static Provider sBouncyCastleProvider = new BouncyCastleProvider();
    private static Pattern stripPattern;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class CMSProcessableFile implements CMSTypedData {
        private RandomAccessFile file;
        private ASN1ObjectIdentifier type = new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId());

        CMSProcessableFile(File file) {
            this.file = new RandomAccessFile(file, "r");
        }

        @Override // org.bouncycastle.cms.CMSProcessable
        public Object getContent() {
            return this.file;
        }

        @Override // org.bouncycastle.cms.CMSTypedData
        public ASN1ObjectIdentifier getContentType() {
            return this.type;
        }

        byte[] getTail() {
            byte[] bArr = new byte[22];
            this.file.seek(this.file.length() - 22);
            this.file.readFully(bArr);
            return bArr;
        }

        @Override // org.bouncycastle.cms.CMSProcessable
        public void write(OutputStream outputStream) {
            this.file.seek(0L);
            byte[] bArr = new byte[4096];
            int length = ((int) this.file.length()) - 2;
            while (true) {
                int read = this.file.read(bArr, 0, length < bArr.length ? length : bArr.length);
                if (read <= 0) {
                    return;
                }
                outputStream.write(bArr, 0, read);
                length -= read;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class CountOutputStream extends FilterOutputStream {
        private int mCount;

        public CountOutputStream(OutputStream outputStream) {
            super(outputStream);
            this.mCount = 0;
        }

        public int size() {
            return this.mCount;
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(int i) {
            super.write(i);
            this.mCount++;
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) {
            super.write(bArr, i, i2);
            this.mCount += i2;
        }
    }

    static {
        Security.insertProviderAt(sBouncyCastleProvider, 1);
        stripPattern = Pattern.compile("^(META-INF/((.*)[.](SF|RSA|DSA|EC)|com/android/otacert))|(" + Pattern.quote("META-INF/MANIFEST.MF") + ")$");
    }

    private static Manifest addDigestsToManifest(JarMap jarMap, int i) {
        Manifest manifest = jarMap.getManifest();
        Manifest manifest2 = new Manifest();
        Attributes mainAttributes = manifest2.getMainAttributes();
        if (manifest != null) {
            mainAttributes.putAll(manifest.getMainAttributes());
        } else {
            mainAttributes.putValue("Manifest-Version", "1.0");
            mainAttributes.putValue("Created-By", "1.0 (Android SignApk)");
        }
        MessageDigest messageDigest = (i & 1) != 0 ? MessageDigest.getInstance("SHA1") : null;
        MessageDigest messageDigest2 = (i & 2) != 0 ? MessageDigest.getInstance("SHA256") : null;
        byte[] bArr = new byte[4096];
        TreeMap treeMap = new TreeMap();
        Enumeration<JarEntry> entries = jarMap.entries();
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            treeMap.put(nextElement.getName(), nextElement);
        }
        for (JarEntry jarEntry : treeMap.values()) {
            String name = jarEntry.getName();
            if (!jarEntry.isDirectory() && (stripPattern == null || !stripPattern.matcher(name).matches())) {
                InputStream inputStream = jarMap.getInputStream(jarEntry);
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read <= 0) {
                        break;
                    }
                    if (messageDigest != null) {
                        messageDigest.update(bArr, 0, read);
                    }
                    if (messageDigest2 != null) {
                        messageDigest2.update(bArr, 0, read);
                    }
                }
                Attributes attributes = manifest != null ? manifest.getAttributes(name) : null;
                Attributes attributes2 = attributes != null ? new Attributes(attributes) : new Attributes();
                if (messageDigest != null) {
                    attributes2.putValue("SHA1-Digest", new String(Base64.encode(messageDigest.digest()), "ASCII"));
                }
                if (messageDigest2 != null) {
                    attributes2.putValue("SHA-256-Digest", new String(Base64.encode(messageDigest2.digest()), "ASCII"));
                }
                manifest2.getEntries().put(name, attributes2);
            }
        }
        return manifest2;
    }

    private static void copyFiles(Manifest manifest, JarMap jarMap, JarOutputStream jarOutputStream, long j, int i) {
        boolean z;
        long j2;
        byte[] bArr = new byte[4096];
        ArrayList arrayList = new ArrayList(manifest.getEntries().keySet());
        Collections.sort(arrayList);
        Iterator it = arrayList.iterator();
        boolean z2 = true;
        long j3 = 0;
        while (it.hasNext()) {
            JarEntry jarEntry = jarMap.getJarEntry((String) it.next());
            if (jarEntry.getMethod() == 0) {
                JarEntry jarEntry2 = new JarEntry(jarEntry);
                jarEntry2.setTime(j);
                long length = j3 + jarEntry2.getName().length() + 30;
                if (z2) {
                    j2 = 4 + length;
                    z = false;
                } else {
                    z = z2;
                    j2 = length;
                }
                if (i > 0 && j2 % i != 0) {
                    int i2 = i - ((int) (j2 % i));
                    jarEntry2.setExtra(new byte[i2]);
                    j2 += i2;
                }
                jarOutputStream.putNextEntry(jarEntry2);
                InputStream inputStream = jarMap.getInputStream(jarEntry);
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read <= 0) {
                        break;
                    }
                    jarOutputStream.write(bArr, 0, read);
                    j2 += read;
                }
                jarOutputStream.flush();
                z2 = z;
                j3 = j2;
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            String str = (String) it2.next();
            JarEntry jarEntry3 = jarMap.getJarEntry(str);
            if (jarEntry3.getMethod() != 0) {
                JarEntry jarEntry4 = new JarEntry(str);
                jarEntry4.setTime(j);
                jarOutputStream.putNextEntry(jarEntry4);
                InputStream inputStream2 = jarMap.getInputStream(jarEntry3);
                while (true) {
                    int read2 = inputStream2.read(bArr);
                    if (read2 <= 0) {
                        break;
                    } else {
                        jarOutputStream.write(bArr, 0, read2);
                    }
                }
                jarOutputStream.flush();
            }
        }
    }

    private static int getDigestAlgorithm(X509Certificate x509Certificate) {
        String upperCase = x509Certificate.getSigAlgName().toUpperCase(Locale.US);
        if ("SHA1WITHRSA".equals(upperCase) || "MD5WITHRSA".equals(upperCase)) {
            return 1;
        }
        if (upperCase.startsWith("SHA256WITH")) {
            return 2;
        }
        throw new IllegalArgumentException("unsupported signature algorithm \"" + upperCase + "\" in cert [" + x509Certificate.getSubjectDN());
    }

    private static String getSignatureAlgorithm(X509Certificate x509Certificate) {
        x509Certificate.getSigAlgName().toUpperCase(Locale.US);
        String upperCase = x509Certificate.getPublicKey().getAlgorithm().toUpperCase(Locale.US);
        if ("RSA".equalsIgnoreCase(upperCase)) {
            return getDigestAlgorithm(x509Certificate) == 2 ? "SHA256withRSA" : "SHA1withRSA";
        }
        if ("EC".equalsIgnoreCase(upperCase)) {
            return "SHA256withECDSA";
        }
        throw new IllegalArgumentException("unsupported key type: " + upperCase);
    }

    private static void signFile(Manifest manifest, JarMap jarMap, X509Certificate x509Certificate, PrivateKey privateKey, JarOutputStream jarOutputStream) {
        long time = x509Certificate.getNotBefore().getTime() + 3600000;
        JarEntry jarEntry = new JarEntry("META-INF/MANIFEST.MF");
        jarEntry.setTime(time);
        jarOutputStream.putNextEntry(jarEntry);
        manifest.write(jarOutputStream);
        JarEntry jarEntry2 = new JarEntry("META-INF/CERT.SF");
        jarEntry2.setTime(time);
        jarOutputStream.putNextEntry(jarEntry2);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        writeSignatureFile(manifest, byteArrayOutputStream, getDigestAlgorithm(x509Certificate));
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        jarOutputStream.write(byteArray);
        JarEntry jarEntry3 = new JarEntry(String.format("META-INF/CERT.%s", x509Certificate.getPublicKey().getAlgorithm()));
        jarEntry3.setTime(time);
        jarOutputStream.putNextEntry(jarEntry3);
        writeSignatureBlock(new CMSProcessableByteArray(byteArray), x509Certificate, privateKey, jarOutputStream);
    }

    private static void signWholeFile(File file, X509Certificate x509Certificate, PrivateKey privateKey, OutputStream outputStream) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bytes = "signed by SignApk".getBytes("UTF-8");
        byteArrayOutputStream.write(bytes);
        byteArrayOutputStream.write(0);
        CMSProcessableFile cMSProcessableFile = new CMSProcessableFile(file);
        writeSignatureBlock(cMSProcessableFile, x509Certificate, privateKey, byteArrayOutputStream);
        byte[] tail = cMSProcessableFile.getTail();
        if (tail[tail.length - 22] != 80 || tail[tail.length - 21] != 75 || tail[tail.length - 20] != 5 || tail[tail.length - 19] != 6) {
            throw new IllegalArgumentException("zip data already has an archive comment");
        }
        int size = byteArrayOutputStream.size() + 6;
        if (size > 65535) {
            throw new IllegalArgumentException("signature is too big for ZIP file comment");
        }
        int length = (size - bytes.length) - 1;
        byteArrayOutputStream.write(length & 255);
        byteArrayOutputStream.write((length >> 8) & 255);
        byteArrayOutputStream.write(255);
        byteArrayOutputStream.write(255);
        byteArrayOutputStream.write(size & 255);
        byteArrayOutputStream.write((size >> 8) & 255);
        byteArrayOutputStream.flush();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        for (int i = 0; i < byteArray.length - 3; i++) {
            if (byteArray[i] == 80 && byteArray[i + 1] == 75 && byteArray[i + 2] == 5 && byteArray[i + 3] == 6) {
                throw new IllegalArgumentException("found spurious EOCD header at " + i);
            }
        }
        cMSProcessableFile.write(outputStream);
        outputStream.write(size & 255);
        outputStream.write((size >> 8) & 255);
        byteArrayOutputStream.writeTo(outputStream);
        outputStream.close();
    }

    public static void signZip(InputStream inputStream, InputStream inputStream2, JarMap jarMap, OutputStream outputStream) {
        Throwable th = null;
        File createTempFile = File.createTempFile("signAPK", null);
        File createTempFile2 = File.createTempFile("signAPK", null);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(createTempFile));
            Throwable th2 = null;
            try {
                signZip(inputStream, inputStream2, jarMap, bufferedOutputStream, false);
                if (bufferedOutputStream != null) {
                    if (0 != 0) {
                        try {
                            bufferedOutputStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        bufferedOutputStream.close();
                    }
                }
                ZipAdjust.adjust(createTempFile, createTempFile2);
                JarMap jarMap2 = new JarMap(createTempFile2, false);
                Throwable th4 = null;
                try {
                    signZip(inputStream, inputStream2, jarMap2, outputStream, true);
                    if (jarMap2 != null) {
                        if (0 != 0) {
                            try {
                                jarMap2.close();
                            } catch (Throwable th5) {
                                th4.addSuppressed(th5);
                            }
                        } else {
                            jarMap2.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            createTempFile.delete();
            createTempFile2.delete();
        }
    }

    public static void signZip(InputStream inputStream, InputStream inputStream2, JarMap jarMap, OutputStream outputStream, boolean z) {
        if (inputStream == null) {
            inputStream = SignAPK.class.getResourceAsStream("/keys/testkey.x509.pem");
        }
        X509Certificate readCertificate = CryptoUtils.readCertificate(inputStream);
        int digestAlgorithm = 0 | getDigestAlgorithm(readCertificate);
        long time = 3600000 + readCertificate.getNotBefore().getTime();
        if (inputStream2 == null) {
            inputStream2 = SignAPK.class.getResourceAsStream("/keys/testkey.pk8");
        }
        PrivateKey readPrivateKey = CryptoUtils.readPrivateKey(inputStream2);
        if (z) {
            signWholeFile(jarMap.getFile(), readCertificate, readPrivateKey, outputStream);
            return;
        }
        JarOutputStream jarOutputStream = new JarOutputStream(outputStream);
        jarOutputStream.setLevel(9);
        Manifest addDigestsToManifest = addDigestsToManifest(jarMap, digestAlgorithm);
        copyFiles(addDigestsToManifest, jarMap, jarOutputStream, time, 4);
        signFile(addDigestsToManifest, jarMap, readCertificate, readPrivateKey, jarOutputStream);
        jarOutputStream.close();
    }

    private static void writeSignatureBlock(CMSTypedData cMSTypedData, X509Certificate x509Certificate, PrivateKey privateKey, OutputStream outputStream) {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(x509Certificate);
        JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(sBouncyCastleProvider).build()).setDirectSignature(true).build(new JcaContentSignerBuilder(getSignatureAlgorithm(x509Certificate)).setProvider(sBouncyCastleProvider).build(privateKey), x509Certificate));
        cMSSignedDataGenerator.addCertificates(jcaCertStore);
        new DEROutputStream(outputStream).writeObject(new ASN1InputStream(cMSSignedDataGenerator.generate(cMSTypedData, false).getEncoded()).readObject());
    }

    private static void writeSignatureFile(Manifest manifest, OutputStream outputStream, int i) {
        Manifest manifest2 = new Manifest();
        Attributes mainAttributes = manifest2.getMainAttributes();
        mainAttributes.putValue("Signature-Version", "1.0");
        mainAttributes.putValue("Created-By", "1.0 (Android SignApk)");
        MessageDigest messageDigest = MessageDigest.getInstance(i == 2 ? "SHA256" : "SHA1");
        PrintStream printStream = new PrintStream((OutputStream) new DigestOutputStream(new ByteArrayOutputStream(), messageDigest), true, "UTF-8");
        manifest.write(printStream);
        printStream.flush();
        mainAttributes.putValue(i == 2 ? "SHA-256-Digest-Manifest" : "SHA1-Digest-Manifest", new String(Base64.encode(messageDigest.digest()), "ASCII"));
        for (Map.Entry<String, Attributes> entry : manifest.getEntries().entrySet()) {
            printStream.print("Name: " + entry.getKey() + "\r\n");
            for (Map.Entry<Object, Object> entry2 : entry.getValue().entrySet()) {
                printStream.print(entry2.getKey() + ": " + entry2.getValue() + "\r\n");
            }
            printStream.print("\r\n");
            printStream.flush();
            Attributes attributes = new Attributes();
            attributes.putValue(i == 2 ? "SHA-256-Digest" : "SHA1-Digest-Manifest", new String(Base64.encode(messageDigest.digest()), "ASCII"));
            manifest2.getEntries().put(entry.getKey(), attributes);
        }
        CountOutputStream countOutputStream = new CountOutputStream(outputStream);
        manifest2.write(countOutputStream);
        if (countOutputStream.size() % 1024 == 0) {
            countOutputStream.write(13);
            countOutputStream.write(10);
        }
    }
}
