package io.github.muntashirakon.AppManager.apk.signing;

import android.os.Build;
import aosp.libcore.util.HexEncoding;
import com.android.apksig.ApkSigner;
import com.android.apksig.ApkVerifier;
import io.github.muntashirakon.AppManager.crypto.ks.KeyPair;
import io.github.muntashirakon.AppManager.crypto.ks.KeyStoreManager;
import io.github.muntashirakon.AppManager.logs.Log;
import io.github.muntashirakon.AppManager.utils.DigestUtils;
import io.github.muntashirakon.AppManager.utils.ExUtils;
import java.io.File;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.DSAParams;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes12.dex */
public class Signer {
    public static final String SIGNING_KEY_ALIAS = "signing_key";
    public static final String TAG = "Signer";
    private final X509Certificate mCertificate;
    private File mIdsigFile;
    private final PrivateKey mPrivateKey;
    private final SigSchemes mSigSchemes;

    private Signer(SigSchemes sigSchemes, PrivateKey privateKey, X509Certificate x509Certificate) {
        this.mSigSchemes = sigSchemes;
        this.mPrivateKey = privateKey;
        this.mCertificate = x509Certificate;
    }

    public static boolean canSign() {
        try {
            return KeyStoreManager.getInstance().containsKey(SIGNING_KEY_ALIAS);
        } catch (Exception e) {
            return false;
        }
    }

    public static Signer getInstance(SigSchemes sigSchemes) throws SignatureException {
        try {
            KeyPair keyPair = KeyStoreManager.getInstance().getKeyPair(SIGNING_KEY_ALIAS);
            if (keyPair != null) {
                return new Signer(sigSchemes, keyPair.getPrivateKey(), (X509Certificate) keyPair.getCertificate());
            }
            throw new KeyStoreException("Alias signing_key does not exist in KeyStore.");
        } catch (Exception e) {
            throw new SignatureException(e);
        }
    }

    public static String getSourceStampSource(final ApkVerifier.Result.SourceStampInfo sourceStampInfo) {
        byte[] bArr = (byte[]) ExUtils.exceptionAsNull(new ExUtils.ThrowingRunnable() { // from class: io.github.muntashirakon.AppManager.apk.signing.Signer$$ExternalSyntheticLambda0
            @Override // io.github.muntashirakon.AppManager.utils.ExUtils.ThrowingRunnable
            public final Object run() {
                byte[] encoded;
                encoded = ApkVerifier.Result.SourceStampInfo.this.getCertificate().getEncoded();
                return encoded;
            }
        });
        if (bArr != null && DigestUtils.getHexDigest("SHA-256", bArr).equals("3257d599a49d2c961a471ca9843f59d341a405884583fc087df4237b733bbd6d")) {
            return "Google Play";
        }
        return null;
    }

    private static void log(String str, byte[] bArr) {
        Log.i(TAG, str, new Object[0]);
        Log.w(TAG, HexEncoding.encodeToString(bArr), new Object[0]);
    }

    private static void logCert(X509Certificate x509Certificate, CharSequence charSequence) throws CertificateEncodingException {
        int i;
        Log.i(TAG, "%s - Unique distinguished name: %s", charSequence, x509Certificate.getSubjectDN());
        logEncoded(charSequence, x509Certificate.getEncoded());
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (publicKey instanceof RSAKey) {
            i = ((RSAKey) publicKey).getModulus().bitLength();
        } else if (publicKey instanceof ECKey) {
            i = ((ECKey) publicKey).getParams().getOrder().bitLength();
        } else if (publicKey instanceof DSAKey) {
            DSAParams params = ((DSAKey) publicKey).getParams();
            i = params != null ? params.getP().bitLength() : -1;
        } else {
            i = -1;
        }
        Log.i(TAG, "%s - key size: %s", charSequence, i != -1 ? String.valueOf(i) : "Unknown");
        Log.i(TAG, "%s - key algorithm: %s", charSequence, publicKey.getAlgorithm());
        logEncoded(charSequence, publicKey.getEncoded());
    }

    private static void logEncoded(CharSequence charSequence, byte[] bArr) {
        log(((Object) charSequence) + " - SHA-256: ", DigestUtils.getDigest("SHA-256", bArr));
        log(((Object) charSequence) + " - SHA-1: ", DigestUtils.getDigest("SHA-1", bArr));
        log(((Object) charSequence) + " - MD5: ", DigestUtils.getDigest(DigestUtils.MD5, bArr));
    }

    public static boolean verify(SigSchemes sigSchemes, File file, File file2) {
        ApkVerifier.Builder maxCheckedPlatformVersion = new ApkVerifier.Builder(file).setMaxCheckedPlatformVersion(Build.VERSION.SDK_INT);
        if (sigSchemes.v4SchemeEnabled()) {
            if (file2 == null) {
                throw new RuntimeException("idsig file is mandatory for v4 signature scheme.");
            }
            maxCheckedPlatformVersion.setV4SignatureFile(file2);
        }
        try {
            ApkVerifier.Result verify = maxCheckedPlatformVersion.build().verify();
            char c = 1;
            Log.i(TAG, "%s", file);
            boolean isVerified = verify.isVerified();
            if (isVerified) {
                if (sigSchemes.v1SchemeEnabled() && verify.isVerifiedUsingV1Scheme()) {
                    Log.i(TAG, "V1 signature verification succeeded.", new Object[0]);
                } else {
                    Log.w(TAG, "V1 signature verification failed/disabled.", new Object[0]);
                }
                if (sigSchemes.v2SchemeEnabled() && verify.isVerifiedUsingV2Scheme()) {
                    Log.i(TAG, "V2 signature verification succeeded.", new Object[0]);
                } else {
                    Log.w(TAG, "V2 signature verification failed/disabled.", new Object[0]);
                }
                if (sigSchemes.v3SchemeEnabled() && verify.isVerifiedUsingV3Scheme()) {
                    Log.i(TAG, "V3 signature verification succeeded.", new Object[0]);
                } else {
                    Log.w(TAG, "V3 signature verification failed/disabled.", new Object[0]);
                }
                if (sigSchemes.v4SchemeEnabled() && verify.isVerifiedUsingV4Scheme()) {
                    Log.i(TAG, "V4 signature verification succeeded.", new Object[0]);
                } else {
                    Log.w(TAG, "V4 signature verification failed/disabled.", new Object[0]);
                }
                int i = 0;
                List<X509Certificate> signerCertificates = verify.getSignerCertificates();
                Log.i(TAG, "Number of signatures: %d", Integer.valueOf(signerCertificates.size()));
                Iterator<X509Certificate> it = signerCertificates.iterator();
                while (it.hasNext()) {
                    i++;
                    logCert(it.next(), "Signature" + i);
                }
            }
            Iterator<ApkVerifier.IssueWithParams> it2 = verify.getWarnings().iterator();
            while (it2.hasNext()) {
                Log.w(TAG, "%s", it2.next());
            }
            Iterator<ApkVerifier.IssueWithParams> it3 = verify.getErrors().iterator();
            while (it3.hasNext()) {
                Log.e(TAG, "%s", it3.next());
            }
            if (sigSchemes.v1SchemeEnabled()) {
                for (ApkVerifier.Result.V1SchemeSignerInfo v1SchemeSignerInfo : verify.getV1SchemeIgnoredSigners()) {
                    String name = v1SchemeSignerInfo.getName();
                    for (ApkVerifier.IssueWithParams issueWithParams : v1SchemeSignerInfo.getErrors()) {
                        Object[] objArr = new Object[2];
                        objArr[0] = name;
                        objArr[c] = issueWithParams;
                        Log.e(TAG, "%s: %s", objArr);
                    }
                    Iterator<ApkVerifier.IssueWithParams> it4 = v1SchemeSignerInfo.getWarnings().iterator();
                    while (it4.hasNext()) {
                        Log.w(TAG, "%s: %s", name, it4.next());
                    }
                    c = 1;
                }
            }
            return isVerified;
        } catch (Exception e) {
            Log.w(TAG, "Verification failed.", e, new Object[0]);
            return false;
        }
    }

    public boolean isV4SchemeEnabled() {
        return this.mSigSchemes.v4SchemeEnabled();
    }

    public void setIdsigFile(File file) {
        this.mIdsigFile = file;
    }

    public boolean sign(File file, File file2, int i, boolean z) {
        ApkSigner.Builder builder = new ApkSigner.Builder((List<ApkSigner.SignerConfig>) Collections.singletonList(new ApkSigner.SignerConfig.Builder("CERT", this.mPrivateKey, Collections.singletonList(this.mCertificate)).build()));
        builder.setInputApk(file);
        builder.setOutputApk(file2);
        builder.setCreatedBy("AppManager");
        builder.setAlignFileSize(z);
        if (i != -1) {
            builder.setMinSdkVersion(i);
        }
        if (this.mSigSchemes.v1SchemeEnabled()) {
            builder.setV1SigningEnabled(true);
        }
        if (this.mSigSchemes.v2SchemeEnabled()) {
            builder.setV2SigningEnabled(true);
        }
        if (this.mSigSchemes.v3SchemeEnabled()) {
            builder.setV3SigningEnabled(true);
        }
        if (this.mSigSchemes.v4SchemeEnabled()) {
            if (this.mIdsigFile == null) {
                throw new RuntimeException("idsig file is mandatory for v4 signature scheme.");
            }
            builder.setV4SigningEnabled(true);
            builder.setV4SignatureOutputFile(this.mIdsigFile);
        }
        ApkSigner build = builder.build();
        Log.i(TAG, "SignApk: %s", file);
        if (z) {
            try {
                if (!ZipAlign.verify(file, 4, true)) {
                    ZipAlign.align(file, 4, true);
                }
            } catch (Exception e) {
                Log.w(TAG, e);
                return false;
            }
        }
        build.sign();
        Log.i(TAG, "The signature is complete and the output file is %s", file2);
        return true;
    }
}
