package io.github.muntashirakon.AppManager.apk.signing;

import android.content.Context;
import android.content.SharedPreferences;
import android.content.res.AssetManager;
import android.util.Pair;
import androidx.preference.PreferenceManager;
import aosp.libcore.util.HexEncoding;
import com.android.apksig.ApkSigner;
import com.android.apksig.ApkVerifier;
import io.github.muntashirakon.AppManager.logs.Log;
import io.github.muntashirakon.AppManager.utils.DigestUtils;
import io.github.muntashirakon.AppManager.utils.IOUtils;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.DSAParams;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import sun.security.pkcs.PKCS8Key;

/* loaded from: classes.dex */
public class SignUtils {
    private static String msgId;
    private static final String[] types = {"JKS", "PKCS12", "BKS"};
    private final X509Certificate certificate;
    private File idsigFile;
    private final PrivateKey privateKey;
    private final SigSchemes sigSchemes;

    private SignUtils(SigSchemes sigSchemes, PrivateKey privateKey, X509Certificate x509Certificate) {
        this.sigSchemes = sigSchemes;
        this.privateKey = privateKey;
        this.certificate = x509Certificate;
    }

    private static boolean exists(String str) {
        if (new File(str).exists()) {
            return true;
        }
        msgId = "Signature file " + str + " not found, using default signature!";
        return false;
    }

    public static SignUtils getInstance(SigSchemes sigSchemes, Context context) throws SignatureException {
        Pair<PrivateKey, X509Certificate> loadKey;
        msgId = null;
        SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
        if (defaultSharedPreferences.getBoolean("custom_signature_file", false)) {
            int i = defaultSharedPreferences.getInt("key_type", 0);
            String string = defaultSharedPreferences.getString("key_path", "");
            String string2 = defaultSharedPreferences.getString("cert_or_alias", "");
            try {
                loadKey = i == 3 ? loadKey(string, string2) : loadKey(context, string, i, string2, defaultSharedPreferences.getString("store_pass", ""), defaultSharedPreferences.getString("key_pass", ""));
            } catch (Exception e) {
                throw new SignatureException("Unable to sign apk.", e);
            }
        } else {
            try {
                loadKey = loadKey(context.getAssets());
            } catch (Exception e2) {
                throw new SignatureException("Unable to sign apk.", e2);
            }
        }
        return new SignUtils(sigSchemes, (PrivateKey) loadKey.first, (X509Certificate) loadKey.second);
    }

    private static Pair<PrivateKey, X509Certificate> loadKey(Context context, String str, int i, String str2, String str3, String str4) throws KeyStoreException, UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, IOException {
        if (!exists(str)) {
            throw new FileNotFoundException(str + " not found.");
        }
        KeyStore keyStore = KeyStore.getInstance(types[i]);
        if (str3.isEmpty()) {
            showPasswd(context, keyStore, str, str2);
            throw new IOException("Not implemented yet");
        }
        char[] charArray = str3.toCharArray();
        return loadKey(keyStore, str, str2, charArray, str4.isEmpty() ? charArray : str4.toCharArray());
    }

    private static Pair<PrivateKey, X509Certificate> loadKey(AssetManager assetManager) throws IOException, InvalidKeyException, CertificateException {
        InputStream open = assetManager.open("key/testkey.pk8");
        try {
            PKCS8Key pKCS8Key = new PKCS8Key();
            pKCS8Key.decode(open);
            if (open != null) {
                open.close();
            }
            open = assetManager.open("key/testkey.x509.pem");
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(open);
                if (open != null) {
                    open.close();
                }
                return new Pair<>(pKCS8Key, x509Certificate);
            } finally {
            }
        } catch (Throwable th) {
            try {
                throw th;
            } finally {
            }
        }
    }

    private static Pair<PrivateKey, X509Certificate> loadKey(String str, String str2) throws Exception {
        if (!exists(str)) {
            throw new FileNotFoundException(str + " not found.");
        }
        if (!exists(str2)) {
            throw new FileNotFoundException(str2 + " not found.");
        }
        FileInputStream fileInputStream = new FileInputStream(str);
        byte[] readFully = IOUtils.readFully(fileInputStream, -1, true);
        fileInputStream.close();
        FileInputStream fileInputStream2 = new FileInputStream(str2);
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream2);
        fileInputStream2.close();
        return new Pair<>(KeyFactory.getInstance(x509Certificate.getPublicKey().getAlgorithm()).generatePrivate(new PKCS8EncodedKeySpec(readFully)), x509Certificate);
    }

    private static Pair<PrivateKey, X509Certificate> loadKey(KeyStore keyStore, String str, String str2, char[] cArr, char[] cArr2) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        keyStore.load(new FileInputStream(str), cArr);
        if (str2.isEmpty()) {
            str2 = keyStore.aliases().nextElement();
        }
        return new Pair<>((PrivateKey) keyStore.getKey(str2, cArr2), (X509Certificate) keyStore.getCertificate(str2));
    }

    private static void log(String str, byte[] bArr) {
        Log.i("SignUtils:log", str);
        Log.w("SignUtils:log", HexEncoding.encodeToString(bArr));
    }

    public static void logCert(X509Certificate x509Certificate, CharSequence charSequence) throws CertificateEncodingException {
        int i;
        DSAParams params;
        Log.i("SignUtils::logCert", ((Object) charSequence) + " - Unique distinguished name: " + x509Certificate.getSubjectDN());
        logEncoded(charSequence, x509Certificate.getEncoded());
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (publicKey instanceof RSAKey) {
            i = ((RSAKey) publicKey).getModulus().bitLength();
        } else if (publicKey instanceof ECKey) {
            i = ((ECKey) publicKey).getParams().getOrder().bitLength();
        } else {
            if ((publicKey instanceof DSAKey) && (params = ((DSAKey) publicKey).getParams()) != null) {
                params.getP().bitLength();
            }
            i = -1;
        }
        StringBuilder sb = new StringBuilder();
        sb.append((Object) charSequence);
        sb.append(" - key size: ");
        sb.append(i != -1 ? String.valueOf(i) : "Unknown");
        Log.i("SignUtils::logCert", sb.toString());
        logKey(publicKey, charSequence);
    }

    private static void logEncoded(CharSequence charSequence, byte[] bArr) {
        log(((Object) charSequence) + " - SHA-256: ", DigestUtils.getDigest(DigestUtils.SHA_256, bArr));
        log(((Object) charSequence) + " - SHA-1: ", DigestUtils.getDigest(DigestUtils.SHA_1, bArr));
        log(((Object) charSequence) + " - MD5: ", DigestUtils.getDigest(DigestUtils.MD5, bArr));
    }

    public static void logKey(Key key, CharSequence charSequence) {
        Log.i("SignUtils::logKey", ((Object) charSequence) + " - key algorithm: " + key.getAlgorithm());
        logEncoded(charSequence, key.getEncoded());
    }

    private static void showPasswd(Context context, KeyStore keyStore, String str, String str2) {
    }

    public static boolean verify(SigSchemes sigSchemes, File file, File file2) {
        ApkVerifier.Builder builder = new ApkVerifier.Builder(file);
        if (sigSchemes.v4SchemeEnabled()) {
            if (file2 == null) {
                throw new RuntimeException("idsig file is mandatory for v4 signature scheme.");
            }
            builder.setV4SignatureFile(file2);
        }
        try {
            ApkVerifier.Result verify = builder.build().verify();
            Log.i("SignUtils::verify", file.toString());
            boolean isVerified = verify.isVerified();
            if (isVerified) {
                if (sigSchemes.v1SchemeEnabled() && verify.isVerifiedUsingV1Scheme()) {
                    Log.i("SignUtils::verify", "V1 signature verification succeeded.");
                } else {
                    Log.w("SignUtils::verify", "V1 signature verification failed/disabled.");
                }
                if (sigSchemes.v2SchemeEnabled() && verify.isVerifiedUsingV2Scheme()) {
                    Log.i("SignUtils::verify", "V2 signature verification succeeded.");
                } else {
                    Log.w("SignUtils::verify", "V2 signature verification failed/disabled.");
                }
                if (sigSchemes.v3SchemeEnabled() && verify.isVerifiedUsingV3Scheme()) {
                    Log.i("SignUtils::verify", "V3 signature verification succeeded.");
                } else {
                    Log.w("SignUtils::verify", "V3 signature verification failed/disabled.");
                }
                if (sigSchemes.v4SchemeEnabled() && verify.isVerifiedUsingV4Scheme()) {
                    Log.i("SignUtils::verify", "V4 signature verification succeeded.");
                } else {
                    Log.w("SignUtils::verify", "V4 signature verification failed/disabled.");
                }
                List<X509Certificate> signerCertificates = verify.getSignerCertificates();
                Log.i("SignUtils::verify", "Number of signatures: " + signerCertificates.size());
                Iterator<X509Certificate> it = signerCertificates.iterator();
                int i = 0;
                while (it.hasNext()) {
                    i++;
                    logCert(it.next(), "Signature" + i);
                }
            }
            Iterator<ApkVerifier.IssueWithParams> it2 = verify.getWarnings().iterator();
            while (it2.hasNext()) {
                Log.w("SignUtils::verify", it2.next().toString());
            }
            Iterator<ApkVerifier.IssueWithParams> it3 = verify.getErrors().iterator();
            while (it3.hasNext()) {
                Log.e("SignUtils::verify", it3.next().toString());
            }
            if (sigSchemes.v1SchemeEnabled()) {
                for (ApkVerifier.Result.V1SchemeSignerInfo v1SchemeSignerInfo : verify.getV1SchemeIgnoredSigners()) {
                    String name = v1SchemeSignerInfo.getName();
                    Iterator<ApkVerifier.IssueWithParams> it4 = v1SchemeSignerInfo.getErrors().iterator();
                    while (it4.hasNext()) {
                        Log.e("SignUtils::verify", name + ": " + it4.next());
                    }
                    Iterator<ApkVerifier.IssueWithParams> it5 = v1SchemeSignerInfo.getWarnings().iterator();
                    while (it5.hasNext()) {
                        Log.w("SignUtils::verify", name + ": " + it5.next());
                    }
                }
            }
            return isVerified;
        } catch (Exception e) {
            Log.w("SignUtils::verify", "Verification failed.", e);
            return false;
        }
    }

    public boolean isV4SchemeEnabled() {
        return this.sigSchemes.v4SchemeEnabled();
    }

    public void setIdsigFile(File file) {
        this.idsigFile = file;
    }

    public boolean sign(File file, File file2, int i) {
        String str = msgId;
        if (str != null) {
            Log.w("SignUtils::sign", str);
        }
        ApkSigner.Builder builder = new ApkSigner.Builder((List<ApkSigner.SignerConfig>) Collections.singletonList(new ApkSigner.SignerConfig.Builder("CERT", this.privateKey, Collections.singletonList(this.certificate)).build()));
        builder.setInputApk(file);
        builder.setOutputApk(file2);
        builder.setCreatedBy("AppManager");
        if (i != -1) {
            builder.setMinSdkVersion(i);
        }
        if (this.sigSchemes.v1SchemeEnabled()) {
            builder.setV1SigningEnabled(true);
        }
        if (this.sigSchemes.v2SchemeEnabled()) {
            builder.setV2SigningEnabled(true);
        }
        if (this.sigSchemes.v3SchemeEnabled()) {
            builder.setV3SigningEnabled(true);
        }
        if (this.sigSchemes.v4SchemeEnabled()) {
            if (this.idsigFile == null) {
                throw new RuntimeException("idsig file is mandatory for v4 signature scheme.");
            }
            builder.setV4SigningEnabled(true);
            builder.setV4SignatureOutputFile(this.idsigFile);
        }
        ApkSigner build = builder.build();
        Log.i("SignUtils::sign", String.format("SignApk: %s", file));
        try {
            build.sign();
            Log.i("SignUtils::sign", "The signature is complete and the output file is " + file2);
            return true;
        } catch (Exception e) {
            Log.w("SignUtils::sign", e);
            return false;
        }
    }
}
