package com.topjohnwu.signing;

import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.FilterOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.io.RandomAccessFile;
import java.security.DigestOutputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.TreeMap;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarOutputStream;
import java.util.jar.Manifest;
import java.util.regex.Pattern;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: classes2.dex */
public class SignAPK {
    private static final String CERT_SF_NAME = "META-INF/CERT.SF";
    private static final String CERT_SIG_NAME = "META-INF/CERT.%s";
    private static final int USE_SHA1 = 1;
    private static final int USE_SHA256 = 2;
    private static Pattern stripPattern = Pattern.compile("^(META-INF/((.*)[.](SF|RSA|DSA|EC)|com/android/otacert))|(" + Pattern.quote("META-INF/MANIFEST.MF") + ")$");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class CMSProcessableFile implements CMSTypedData {
        private RandomAccessFile file;
        private ASN1ObjectIdentifier type = new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId());

        CMSProcessableFile(File file) throws FileNotFoundException {
            this.file = new RandomAccessFile(file, "r");
        }

        @Override // org.bouncycastle.cms.CMSProcessable
        public Object getContent() {
            return this.file;
        }

        @Override // org.bouncycastle.cms.CMSTypedData
        public ASN1ObjectIdentifier getContentType() {
            return this.type;
        }

        byte[] getTail() throws IOException {
            byte[] bArr = new byte[22];
            RandomAccessFile randomAccessFile = this.file;
            randomAccessFile.seek(randomAccessFile.length() - 22);
            this.file.readFully(bArr);
            return bArr;
        }

        @Override // org.bouncycastle.cms.CMSProcessable
        public void write(OutputStream outputStream) throws IOException, CMSException {
            this.file.seek(0L);
            byte[] bArr = new byte[4096];
            int length = ((int) this.file.length()) - 2;
            while (true) {
                int read = this.file.read(bArr, 0, length < bArr.length ? length : bArr.length);
                if (read <= 0) {
                    return;
                }
                outputStream.write(bArr, 0, read);
                length -= read;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class CountOutputStream extends FilterOutputStream {
        private int mCount;

        public CountOutputStream(OutputStream outputStream) {
            super(outputStream);
            this.mCount = 0;
        }

        public int size() {
            return this.mCount;
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(int i) throws IOException {
            super.write(i);
            this.mCount++;
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            super.write(bArr, i, i2);
            this.mCount += i2;
        }
    }

    private static Manifest addDigestsToManifest(JarMap jarMap, int i) throws IOException, GeneralSecurityException {
        Manifest manifest;
        Manifest manifest2 = jarMap.getManifest();
        Manifest manifest3 = new Manifest();
        Attributes mainAttributes = manifest3.getMainAttributes();
        if (manifest2 != null) {
            mainAttributes.putAll(manifest2.getMainAttributes());
        } else {
            mainAttributes.putValue("Manifest-Version", "1.0");
            mainAttributes.putValue("Created-By", "1.0 (Android SignApk)");
        }
        MessageDigest messageDigest = (i & 1) != 0 ? MessageDigest.getInstance("SHA1") : null;
        MessageDigest messageDigest2 = (i & 2) != 0 ? MessageDigest.getInstance("SHA256") : null;
        byte[] bArr = new byte[4096];
        TreeMap treeMap = new TreeMap();
        Enumeration<JarEntry> entries = jarMap.entries();
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            treeMap.put(nextElement.getName(), nextElement);
        }
        for (JarEntry jarEntry : treeMap.values()) {
            String name = jarEntry.getName();
            if (jarEntry.isDirectory()) {
                manifest = manifest2;
            } else {
                Pattern pattern = stripPattern;
                if (pattern == null || !pattern.matcher(name).matches()) {
                    InputStream inputStream = jarMap.getInputStream(jarEntry);
                    while (inputStream.read(bArr) > 0) {
                        if (messageDigest != null) {
                            messageDigest.update(bArr, 0, 0);
                        }
                        if (messageDigest2 != null) {
                            messageDigest2.update(bArr, 0, 0);
                        }
                    }
                    Attributes attributes = manifest2 != null ? manifest2.getAttributes(name) : null;
                    if (attributes != null) {
                        new Attributes(attributes);
                    } else {
                        new Attributes();
                    }
                    String str = "ASCII";
                    if (messageDigest != null) {
                        manifest = manifest2;
                        "ASCII".putValue("SHA1-Digest", new String(Base64.encode(messageDigest.digest()), "ASCII"));
                    } else {
                        manifest = manifest2;
                    }
                    if (messageDigest2 != null) {
                        str = "SHA-256-Digest";
                        "SHA-256-Digest".putValue("SHA-256-Digest", new String(Base64.encode(messageDigest2.digest()), "ASCII"));
                    }
                    manifest3.getEntries().put(name, str);
                } else {
                    manifest = manifest2;
                }
            }
            manifest2 = manifest;
        }
        return manifest3;
    }

    private static void copyFiles(Manifest manifest, JarMap jarMap, JarOutputStream jarOutputStream, long j, int i) throws IOException {
        JarMap jarMap2 = jarMap;
        long j2 = j;
        byte[] bArr = new byte[4096];
        ArrayList arrayList = new ArrayList(manifest.getEntries().keySet());
        Collections.sort(arrayList);
        boolean z = true;
        long j3 = 0;
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            JarEntry jarEntry = jarMap2.getJarEntry((String) it.next());
            if (jarEntry.getMethod() == 0) {
                JarEntry jarEntry2 = new JarEntry(jarEntry);
                jarEntry2.setTime(j2);
                Iterator it2 = it;
                j3 += jarEntry2.getName().length() + 30;
                if (z) {
                    j3 += 4;
                    z = false;
                }
                if (i > 0 && j3 % i != 0) {
                    int i2 = i - ((int) (j3 % i));
                    jarEntry2.setExtra(new byte[i2]);
                    j3 += i2;
                }
                jarOutputStream.putNextEntry(jarEntry2);
                InputStream inputStream = jarMap2.getInputStream(jarEntry);
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read <= 0) {
                        break;
                    }
                    jarOutputStream.write(bArr, 0, read);
                    j3 += read;
                    inputStream = inputStream;
                }
                jarOutputStream.flush();
                j2 = j;
                it = it2;
            }
        }
        Iterator it3 = arrayList.iterator();
        while (it3.hasNext()) {
            String str = (String) it3.next();
            JarEntry jarEntry3 = jarMap2.getJarEntry(str);
            if (jarEntry3.getMethod() != 0) {
                JarEntry jarEntry4 = new JarEntry(str);
                jarEntry4.setTime(j);
                jarOutputStream.putNextEntry(jarEntry4);
                InputStream inputStream2 = jarMap2.getInputStream(jarEntry3);
                while (true) {
                    int read2 = inputStream2.read(bArr);
                    if (read2 <= 0) {
                        break;
                    }
                    jarOutputStream.write(bArr, 0, read2);
                    it3 = it3;
                }
                jarOutputStream.flush();
                jarMap2 = jarMap;
                it3 = it3;
            }
        }
    }

    private static int getDigestAlgorithm(X509Certificate x509Certificate) {
        String upperCase = x509Certificate.getSigAlgName().toUpperCase(Locale.US);
        if (upperCase.startsWith("SHA1WITHRSA") || upperCase.startsWith("MD5WITHRSA")) {
            return 1;
        }
        if (upperCase.startsWith("SHA256WITH")) {
            return 2;
        }
        throw new IllegalArgumentException("unsupported signature algorithm \"" + upperCase + "\" in cert [" + x509Certificate.getSubjectDN());
    }

    private static String getSignatureAlgorithm(X509Certificate x509Certificate) {
        x509Certificate.getSigAlgName().toUpperCase(Locale.US);
        String upperCase = x509Certificate.getPublicKey().getAlgorithm().toUpperCase(Locale.US);
        if ("RSA".equalsIgnoreCase(upperCase)) {
            return getDigestAlgorithm(x509Certificate) == 2 ? "SHA256withRSA" : "SHA1withRSA";
        }
        if ("EC".equalsIgnoreCase(upperCase)) {
            return "SHA256withECDSA";
        }
        throw new IllegalArgumentException("unsupported key type: " + upperCase);
    }

    public static void sign(X509Certificate x509Certificate, PrivateKey privateKey, JarMap jarMap, OutputStream outputStream) throws Exception {
        sign(x509Certificate, privateKey, jarMap, outputStream, false);
    }

    private static void sign(X509Certificate x509Certificate, PrivateKey privateKey, JarMap jarMap, OutputStream outputStream, boolean z) throws Exception {
        int digestAlgorithm = 0 | getDigestAlgorithm(x509Certificate);
        long time = x509Certificate.getNotBefore().getTime() + 3600000;
        if (z) {
            signWholeFile(jarMap.getFile(), x509Certificate, privateKey, outputStream);
            return;
        }
        JarOutputStream jarOutputStream = new JarOutputStream(outputStream);
        jarOutputStream.setLevel(9);
        Manifest addDigestsToManifest = addDigestsToManifest(jarMap, digestAlgorithm);
        copyFiles(addDigestsToManifest, jarMap, jarOutputStream, time, 4);
        signFile(addDigestsToManifest, jarMap, x509Certificate, privateKey, jarOutputStream);
        jarOutputStream.close();
    }

    public static void signAndAdjust(X509Certificate x509Certificate, PrivateKey privateKey, JarMap jarMap, OutputStream outputStream) throws Exception {
        File createTempFile = File.createTempFile("signAPK", null);
        File createTempFile2 = File.createTempFile("signAPK", null);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(createTempFile));
            try {
                sign(x509Certificate, privateKey, jarMap, bufferedOutputStream, false);
                bufferedOutputStream.close();
                ZipAdjust.adjust(createTempFile, createTempFile2);
                JarMap open = JarMap.open(createTempFile2, false);
                try {
                    sign(x509Certificate, privateKey, open, outputStream, true);
                    if (open != null) {
                        open.close();
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            createTempFile.delete();
            createTempFile2.delete();
        }
    }

    private static void signFile(Manifest manifest, JarMap jarMap, X509Certificate x509Certificate, PrivateKey privateKey, JarOutputStream jarOutputStream) throws Exception {
        long time = x509Certificate.getNotBefore().getTime() + 3600000;
        JarEntry jarEntry = new JarEntry("META-INF/MANIFEST.MF");
        jarEntry.setTime(time);
        jarOutputStream.putNextEntry(jarEntry);
        manifest.write(jarOutputStream);
        JarEntry jarEntry2 = new JarEntry(CERT_SF_NAME);
        jarEntry2.setTime(time);
        jarOutputStream.putNextEntry(jarEntry2);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        writeSignatureFile(manifest, byteArrayOutputStream, getDigestAlgorithm(x509Certificate));
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        jarOutputStream.write(byteArray);
        JarEntry jarEntry3 = new JarEntry(String.format(CERT_SIG_NAME, x509Certificate.getPublicKey().getAlgorithm()));
        jarEntry3.setTime(time);
        jarOutputStream.putNextEntry(jarEntry3);
        writeSignatureBlock(new CMSProcessableByteArray(byteArray), x509Certificate, privateKey, jarOutputStream);
    }

    private static void signWholeFile(File file, X509Certificate x509Certificate, PrivateKey privateKey, OutputStream outputStream) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bytes = "signed by SignApk".getBytes("UTF-8");
        byteArrayOutputStream.write(bytes);
        byteArrayOutputStream.write(0);
        CMSProcessableFile cMSProcessableFile = new CMSProcessableFile(file);
        writeSignatureBlock(cMSProcessableFile, x509Certificate, privateKey, byteArrayOutputStream);
        byte[] tail = cMSProcessableFile.getTail();
        byte b = 80;
        if (tail[tail.length - 22] != 80 || tail[tail.length - 21] != 75 || tail[tail.length - 20] != 5 || tail[tail.length - 19] != 6) {
            throw new IllegalArgumentException("zip data already has an archive comment");
        }
        int size = byteArrayOutputStream.size() + 6;
        if (size > 65535) {
            throw new IllegalArgumentException("signature is too big for ZIP file comment");
        }
        int length = (size - bytes.length) - 1;
        byteArrayOutputStream.write(length & 255);
        byteArrayOutputStream.write((length >> 8) & 255);
        byteArrayOutputStream.write(255);
        byteArrayOutputStream.write(255);
        byteArrayOutputStream.write(size & 255);
        byteArrayOutputStream.write((size >> 8) & 255);
        byteArrayOutputStream.flush();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        int i = 0;
        while (i < byteArray.length - 3) {
            if (byteArray[i] == b && byteArray[i + 1] == 75 && byteArray[i + 2] == 5) {
                if (byteArray[i + 3] == 6) {
                    throw new IllegalArgumentException("found spurious EOCD header at " + i);
                }
            }
            i++;
            b = 80;
        }
        cMSProcessableFile.write(outputStream);
        outputStream.write(size & 255);
        outputStream.write((size >> 8) & 255);
        byteArrayOutputStream.writeTo(outputStream);
        outputStream.close();
    }

    private static void writeSignatureBlock(CMSTypedData cMSTypedData, X509Certificate x509Certificate, PrivateKey privateKey, OutputStream outputStream) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(x509Certificate);
        JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).setDirectSignature(true).build(new JcaContentSignerBuilder(getSignatureAlgorithm(x509Certificate)).build(privateKey), x509Certificate));
        cMSSignedDataGenerator.addCertificates(jcaCertStore);
        new DEROutputStream(outputStream).writeObject(new ASN1InputStream(cMSSignedDataGenerator.generate(cMSTypedData, false).getEncoded()).readObject());
    }

    private static void writeSignatureFile(Manifest manifest, OutputStream outputStream, int i) throws IOException, GeneralSecurityException {
        Manifest manifest2 = new Manifest();
        Attributes mainAttributes = manifest2.getMainAttributes();
        mainAttributes.putValue("Signature-Version", "1.0");
        mainAttributes.putValue("Created-By", "1.0 (Android SignApk)");
        MessageDigest messageDigest = MessageDigest.getInstance(i == 2 ? "SHA256" : "SHA1");
        PrintStream printStream = new PrintStream((OutputStream) new DigestOutputStream(new ByteArrayOutputStream(), messageDigest), true, "UTF-8");
        manifest.write(printStream);
        printStream.flush();
        mainAttributes.putValue(i == 2 ? "SHA-256-Digest-Manifest" : "SHA1-Digest-Manifest", new String(Base64.encode(messageDigest.digest()), "ASCII"));
        for (Map.Entry<String, Attributes> entry : manifest.getEntries().entrySet()) {
            printStream.print("Name: " + entry.getKey() + "\r\n");
            for (Map.Entry<Object, Object> entry2 : entry.getValue().entrySet()) {
                printStream.print(entry2.getKey() + ": " + entry2.getValue() + "\r\n");
            }
            printStream.print("\r\n");
            printStream.flush();
            Attributes attributes = new Attributes();
            attributes.putValue(i == 2 ? "SHA-256-Digest" : "SHA1-Digest-Manifest", new String(Base64.encode(messageDigest.digest()), "ASCII"));
            manifest2.getEntries().put(entry.getKey(), attributes);
        }
        CountOutputStream countOutputStream = new CountOutputStream(outputStream);
        manifest2.write(countOutputStream);
        if (countOutputStream.size() % 1024 == 0) {
            countOutputStream.write(13);
            countOutputStream.write(10);
        }
    }
}
