package app.revanced.library;

import androidx.autofill.HintConstants;
import com.android.apksig.ApkSigner;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import java.util.logging.Logger;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import net.bytebuddy.description.method.MethodDescription;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* compiled from: ApkSigner.kt */
@Metadata(d1 = {"\u0000L\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\"\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0006\bÆ\u0002\u0018\u00002\u00020\u0001:\u0003!\"#B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003J\u0015\u0010\b\u001a\n \u0006*\u0004\u0018\u00010\t0\tH\u0002¢\u0006\u0002\u0010\nJ\u0014\u0010\u000b\u001a\u00020\t2\f\u0010\f\u001a\b\u0012\u0004\u0012\u00020\u000e0\rJ\u0018\u0010\u000f\u001a\u00020\t2\u0006\u0010\u0010\u001a\u00020\u00112\b\u0010\u0012\u001a\u0004\u0018\u00010\u0013J\u0016\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u00132\u0006\u0010\u0017\u001a\u00020\u0018J\u001e\u0010\u0019\u001a\u00020\u00152\u0006\u0010\u001a\u001a\u00020\t2\u0006\u0010\u001b\u001a\u00020\u00132\u0006\u0010\u001c\u001a\u00020\u0013J\u0016\u0010\u001d\u001a\u00020\u001e2\u0006\u0010\u001f\u001a\u00020\u00132\u0006\u0010 \u001a\u00020\u0015R\u0018\u0010\u0004\u001a\n \u0006*\u0004\u0018\u00010\u00050\u0005X\u0082\u0004¢\u0006\u0004\n\u0002\u0010\u0007¨\u0006$"}, d2 = {"Lapp/revanced/library/ApkSigner;", "", MethodDescription.CONSTRUCTOR_INTERNAL_NAME, "()V", "logger", "Ljava/util/logging/Logger;", "kotlin.jvm.PlatformType", "Ljava/util/logging/Logger;", "newKeyStoreInstance", "Ljava/security/KeyStore;", "()Ljava/security/KeyStore;", "newKeyStore", "entries", "", "Lapp/revanced/library/ApkSigner$KeyStoreEntry;", "readKeyStore", "keyStoreInputStream", "Ljava/io/InputStream;", "keyStorePassword", "", "newPrivateKeyCertificatePair", "Lapp/revanced/library/ApkSigner$PrivateKeyCertificatePair;", "commonName", "validUntil", "Ljava/util/Date;", "readPrivateKeyCertificatePair", "keyStore", "keyStoreEntryAlias", "keyStoreEntryPassword", "newApkSigner", "Lapp/revanced/library/ApkSigner$Signer;", "signer", "privateKeyCertificatePair", "KeyStoreEntry", "PrivateKeyCertificatePair", "Signer", "revanced-library_release"}, k = 1, mv = {2, 0, 0}, xi = 48)
/* loaded from: classes.dex */
public final class ApkSigner {
    public static final ApkSigner INSTANCE = new ApkSigner();
    private static final Logger logger = Logger.getLogger(ApkSigner.class.getName());

    /* compiled from: ApkSigner.kt */
    @Metadata(d1 = {"\u0000\u001a\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\b\u0018\u00002\u00020\u0001B\u001f\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0003\u0012\u0006\u0010\u0005\u001a\u00020\u0006¢\u0006\u0004\b\u0007\u0010\bR\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\t\u0010\nR\u0011\u0010\u0004\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\u000b\u0010\nR\u0011\u0010\u0005\u001a\u00020\u0006¢\u0006\b\n\u0000\u001a\u0004\b\f\u0010\r¨\u0006\u000e"}, d2 = {"Lapp/revanced/library/ApkSigner$KeyStoreEntry;", "", "alias", "", HintConstants.AUTOFILL_HINT_PASSWORD, "privateKeyCertificatePair", "Lapp/revanced/library/ApkSigner$PrivateKeyCertificatePair;", MethodDescription.CONSTRUCTOR_INTERNAL_NAME, "(Ljava/lang/String;Ljava/lang/String;Lapp/revanced/library/ApkSigner$PrivateKeyCertificatePair;)V", "getAlias", "()Ljava/lang/String;", "getPassword", "getPrivateKeyCertificatePair", "()Lapp/revanced/library/ApkSigner$PrivateKeyCertificatePair;", "revanced-library_release"}, k = 1, mv = {2, 0, 0}, xi = 48)
    /* loaded from: classes.dex */
    public static final class KeyStoreEntry {
        private final String alias;
        private final String password;
        private final PrivateKeyCertificatePair privateKeyCertificatePair;

        public KeyStoreEntry(String alias, String password, PrivateKeyCertificatePair privateKeyCertificatePair) {
            Intrinsics.checkNotNullParameter(alias, "alias");
            Intrinsics.checkNotNullParameter(password, "password");
            Intrinsics.checkNotNullParameter(privateKeyCertificatePair, "privateKeyCertificatePair");
            this.alias = alias;
            this.password = password;
            this.privateKeyCertificatePair = privateKeyCertificatePair;
        }

        public final String getAlias() {
            return this.alias;
        }

        public final String getPassword() {
            return this.password;
        }

        public final PrivateKeyCertificatePair getPrivateKeyCertificatePair() {
            return this.privateKeyCertificatePair;
        }
    }

    /* compiled from: ApkSigner.kt */
    @Metadata(d1 = {"\u0000\u0018\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0007\u0018\u00002\u00020\u0001B\u0017\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0004\b\u0006\u0010\u0007R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\b\u0010\tR\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n\u0000\u001a\u0004\b\n\u0010\u000b¨\u0006\f"}, d2 = {"Lapp/revanced/library/ApkSigner$PrivateKeyCertificatePair;", "", "privateKey", "Ljava/security/PrivateKey;", "certificate", "Ljava/security/cert/X509Certificate;", MethodDescription.CONSTRUCTOR_INTERNAL_NAME, "(Ljava/security/PrivateKey;Ljava/security/cert/X509Certificate;)V", "getPrivateKey", "()Ljava/security/PrivateKey;", "getCertificate", "()Ljava/security/cert/X509Certificate;", "revanced-library_release"}, k = 1, mv = {2, 0, 0}, xi = 48)
    /* loaded from: classes.dex */
    public static final class PrivateKeyCertificatePair {
        private final X509Certificate certificate;
        private final PrivateKey privateKey;

        public PrivateKeyCertificatePair(PrivateKey privateKey, X509Certificate certificate) {
            Intrinsics.checkNotNullParameter(privateKey, "privateKey");
            Intrinsics.checkNotNullParameter(certificate, "certificate");
            this.privateKey = privateKey;
            this.certificate = certificate;
        }

        public final X509Certificate getCertificate() {
            return this.certificate;
        }

        public final PrivateKey getPrivateKey() {
            return this.privateKey;
        }
    }

    /* compiled from: ApkSigner.kt */
    @Metadata(d1 = {"\u0000 \n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018\u00002\u00020\u0001B\u0011\b\u0000\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0004\b\u0004\u0010\u0005J\u0016\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\tR\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u000b"}, d2 = {"Lapp/revanced/library/ApkSigner$Signer;", "", "signerBuilder", "Lcom/android/apksig/ApkSigner$Builder;", MethodDescription.CONSTRUCTOR_INTERNAL_NAME, "(Lcom/android/apksig/ApkSigner$Builder;)V", "signApk", "", "inputApkFile", "Ljava/io/File;", "outputApkFile", "revanced-library_release"}, k = 1, mv = {2, 0, 0}, xi = 48)
    /* loaded from: classes.dex */
    public static final class Signer {
        private final ApkSigner.Builder signerBuilder;

        public Signer(ApkSigner.Builder signerBuilder) {
            Intrinsics.checkNotNullParameter(signerBuilder, "signerBuilder");
            this.signerBuilder = signerBuilder;
        }

        public final void signApk(File inputApkFile, File outputApkFile) {
            ApkSigner.Builder outputApk;
            com.android.apksig.ApkSigner build;
            Intrinsics.checkNotNullParameter(inputApkFile, "inputApkFile");
            Intrinsics.checkNotNullParameter(outputApkFile, "outputApkFile");
            ApkSigner.logger.info("Signing APK");
            ApkSigner.Builder inputApk = this.signerBuilder.setInputApk(inputApkFile);
            if (inputApk == null || (outputApk = inputApk.setOutputApk(outputApkFile)) == null || (build = outputApk.build()) == null) {
                return;
            }
            build.sign();
        }
    }

    static {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    private ApkSigner() {
    }

    private final KeyStore newKeyStoreInstance() {
        return KeyStore.getInstance("BKS", BouncyCastleProvider.PROVIDER_NAME);
    }

    public final Signer newApkSigner(String signer, PrivateKeyCertificatePair privateKeyCertificatePair) {
        Intrinsics.checkNotNullParameter(signer, "signer");
        Intrinsics.checkNotNullParameter(privateKeyCertificatePair, "privateKeyCertificatePair");
        return new Signer(new ApkSigner.Builder((List<ApkSigner.SignerConfig>) CollectionsKt.listOf(new ApkSigner.SignerConfig.Builder(signer, privateKeyCertificatePair.getPrivateKey(), CollectionsKt.listOf(privateKeyCertificatePair.getCertificate())).build())));
    }

    public final KeyStore newKeyStore(Set<KeyStoreEntry> entries) {
        Intrinsics.checkNotNullParameter(entries, "entries");
        logger.fine("Creating keystore");
        KeyStore newKeyStoreInstance = newKeyStoreInstance();
        newKeyStoreInstance.load(null);
        for (KeyStoreEntry keyStoreEntry : entries) {
            String alias = keyStoreEntry.getAlias();
            PrivateKey privateKey = keyStoreEntry.getPrivateKeyCertificatePair().getPrivateKey();
            char[] charArray = keyStoreEntry.getPassword().toCharArray();
            Intrinsics.checkNotNullExpressionValue(charArray, "toCharArray(...)");
            newKeyStoreInstance.setKeyEntry(alias, privateKey, charArray, new X509Certificate[]{keyStoreEntry.getPrivateKeyCertificatePair().getCertificate()});
        }
        Intrinsics.checkNotNullExpressionValue(newKeyStoreInstance, "apply(...)");
        return newKeyStoreInstance;
    }

    public final PrivateKeyCertificatePair newPrivateKeyCertificatePair(String commonName, Date validUntil) {
        Intrinsics.checkNotNullParameter(commonName, "commonName");
        Intrinsics.checkNotNullParameter(validUntil, "validUntil");
        logger.fine("Creating certificate for " + commonName);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(4096);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        ContentSigner build = new JcaContentSignerBuilder("SHA256withRSA").build(generateKeyPair.getPrivate());
        X500Name x500Name = new X500Name("CN=" + commonName);
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(new SecureRandom().nextLong()), new Date(System.currentTimeMillis()), validUntil, Locale.ENGLISH, x500Name, SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded())).build(build));
        PrivateKey privateKey = generateKeyPair.getPrivate();
        Intrinsics.checkNotNullExpressionValue(privateKey, "getPrivate(...)");
        Intrinsics.checkNotNull(certificate);
        return new PrivateKeyCertificatePair(privateKey, certificate);
    }

    public final KeyStore readKeyStore(InputStream keyStoreInputStream, String keyStorePassword) {
        char[] charArray;
        Intrinsics.checkNotNullParameter(keyStoreInputStream, "keyStoreInputStream");
        logger.fine("Reading keystore");
        KeyStore newKeyStoreInstance = newKeyStoreInstance();
        if (keyStorePassword != null) {
            try {
                charArray = keyStorePassword.toCharArray();
                Intrinsics.checkNotNullExpressionValue(charArray, "toCharArray(...)");
            } catch (IOException e) {
                if (e.getCause() instanceof UnrecoverableKeyException) {
                    throw new IllegalArgumentException("Invalid keystore password");
                }
                throw e;
            }
        } else {
            charArray = null;
        }
        newKeyStoreInstance.load(keyStoreInputStream, charArray);
        Intrinsics.checkNotNullExpressionValue(newKeyStoreInstance, "apply(...)");
        return newKeyStoreInstance;
    }

    public final PrivateKeyCertificatePair readPrivateKeyCertificatePair(KeyStore keyStore, String keyStoreEntryAlias, String keyStoreEntryPassword) {
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        Intrinsics.checkNotNullParameter(keyStoreEntryAlias, "keyStoreEntryAlias");
        Intrinsics.checkNotNullParameter(keyStoreEntryPassword, "keyStoreEntryPassword");
        logger.fine("Reading key and certificate pair from keystore entry " + keyStoreEntryAlias);
        if (!keyStore.containsAlias(keyStoreEntryAlias)) {
            throw new IllegalArgumentException("Keystore does not contain entry with alias " + keyStoreEntryAlias);
        }
        try {
            char[] charArray = keyStoreEntryPassword.toCharArray();
            Intrinsics.checkNotNullExpressionValue(charArray, "toCharArray(...)");
            Key key = keyStore.getKey(keyStoreEntryAlias, charArray);
            Intrinsics.checkNotNull(key, "null cannot be cast to non-null type java.security.PrivateKey");
            PrivateKey privateKey = (PrivateKey) key;
            Certificate certificate = keyStore.getCertificate(keyStoreEntryAlias);
            Intrinsics.checkNotNull(certificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            return new PrivateKeyCertificatePair(privateKey, (X509Certificate) certificate);
        } catch (UnrecoverableKeyException unused) {
            throw new IllegalArgumentException("Invalid password for keystore entry " + keyStoreEntryAlias);
        }
    }
}
