package com.android.signapk;

import com.android.apksig.ApkSignerEngine;
import com.android.apksig.DefaultApkSignerEngine;
import com.android.apksig.Hints;
import com.android.apksig.SigningCertificateLineage;
import com.android.apksig.apk.ApkUtils;
import com.android.apksig.apk.MinSdkVersionException;
import com.android.apksig.internal.apk.ApkSigningBlockUtils;
import com.android.apksig.util.DataSink;
import com.android.apksig.util.DataSources;
import com.android.apksig.zip.ZipFormatException;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.Console;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FilterOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.RandomAccessFile;
import java.lang.reflect.Constructor;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.TimeZone;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.JarOutputStream;
import java.util.regex.Pattern;
import java.util.zip.ZipEntry;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.conscrypt.OpenSSLProvider;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/android/signapk/SignApk.class */
public class SignApk {
    private static final String OTACERT_NAME = "META-INF/com/android/otacert";
    private static final short ALIGNMENT_ZIP_EXTRA_DATA_FIELD_HEADER_ID = -9931;
    private static final short ALIGNMENT_ZIP_EXTRA_DATA_FIELD_MIN_SIZE_BYTES = 6;
    private static final int USE_SHA1 = 1;
    private static final int USE_SHA256 = 2;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/signapk/SignApk$CMSSigner.class */
    public static class CMSSigner implements CMSTypedData {
        private final JarFile inputJar;
        private final File publicKeyFile;
        private final X509Certificate publicKey;
        private final PrivateKey privateKey;
        private final int hash;
        private final long timestamp;
        private final OutputStream outputStream;
        private final ASN1ObjectIdentifier type = new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId());
        private WholeFileSignerOutputStream signer;
        private static final Pattern STRIP_PATTERN = Pattern.compile("^(META-INF/((.*)[.](SF|RSA|DSA|EC)|com/android/otacert))|(" + Pattern.quote("META-INF/MANIFEST.MF") + ")$");

        public CMSSigner(JarFile jarFile, File file, X509Certificate x509Certificate, PrivateKey privateKey, int i, long j, OutputStream outputStream) {
            this.inputJar = jarFile;
            this.publicKeyFile = file;
            this.publicKey = x509Certificate;
            this.privateKey = privateKey;
            this.hash = i;
            this.timestamp = j;
            this.outputStream = outputStream;
        }

        @Override // org.bouncycastle.cms.CMSProcessable
        public Object getContent() {
            return this;
        }

        @Override // org.bouncycastle.cms.CMSTypedData
        public ASN1ObjectIdentifier getContentType() {
            return this.type;
        }

        @Override // org.bouncycastle.cms.CMSProcessable
        public void write(OutputStream outputStream) throws IOException {
            try {
                this.signer = new WholeFileSignerOutputStream(outputStream, this.outputStream);
                CountingOutputStream countingOutputStream = new CountingOutputStream(this.signer);
                JarOutputStream jarOutputStream = new JarOutputStream(countingOutputStream);
                SignApk.copyFiles(this.inputJar, STRIP_PATTERN, null, jarOutputStream, countingOutputStream, this.timestamp, 0);
                SignApk.addOtacert(jarOutputStream, this.publicKeyFile, this.timestamp);
                this.signer.notifyClosing();
                jarOutputStream.close();
                this.signer.finish();
            } catch (Exception e) {
                throw new IOException(e);
            }
        }

        public void writeSignatureBlock(ByteArrayOutputStream byteArrayOutputStream) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException {
            SignApk.writeSignatureBlock(this, this.publicKey, this.privateKey, this.hash, byteArrayOutputStream);
        }

        public WholeFileSignerOutputStream getSigner() {
            return this.signer;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/signapk/SignApk$WholeFileSignerOutputStream.class */
    public static class WholeFileSignerOutputStream extends FilterOutputStream {
        private boolean closing;
        private ByteArrayOutputStream footer;
        private OutputStream tee;

        public WholeFileSignerOutputStream(OutputStream outputStream, OutputStream outputStream2) {
            super(outputStream);
            this.closing = false;
            this.footer = new ByteArrayOutputStream();
            this.tee = outputStream2;
        }

        public void notifyClosing() {
            this.closing = true;
        }

        public void finish() throws IOException {
            this.closing = false;
            byte[] byteArray = this.footer.toByteArray();
            if (byteArray.length < 2) {
                throw new IOException("Less than two bytes written to footer");
            }
            write(byteArray, 0, byteArray.length - 2);
        }

        public byte[] getTail() {
            return this.footer.toByteArray();
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(byte[] bArr) throws IOException {
            write(bArr, 0, bArr.length);
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            if (this.closing) {
                this.footer.write(bArr, i, i2);
            } else {
                this.out.write(bArr, i, i2);
                this.tee.write(bArr, i, i2);
            }
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(int i) throws IOException {
            if (this.closing) {
                this.footer.write(i);
            } else {
                this.out.write(i);
                this.tee.write(i);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/signapk/SignApk$ZipSections.class */
    public static class ZipSections {
        ByteBuffer beforeCentralDir;
        ByteBuffer centralDir;
        ByteBuffer eocd;

        private ZipSections() {
        }
    }

    SignApk() {
    }

    private static int getDigestAlgorithmForOta(X509Certificate x509Certificate) {
        String upperCase = x509Certificate.getSigAlgName().toUpperCase(Locale.US);
        if ("SHA1WITHRSA".equals(upperCase) || "MD5WITHRSA".equals(upperCase)) {
            return 1;
        }
        if (upperCase.startsWith("SHA256WITH")) {
            return 2;
        }
        throw new IllegalArgumentException("unsupported signature algorithm \"" + upperCase + "\" in cert [" + x509Certificate.getSubjectDN());
    }

    private static String getJcaSignatureAlgorithmForOta(X509Certificate x509Certificate, int i) {
        String str;
        switch (i) {
            case 1:
                str = "SHA1";
                break;
            case 2:
                str = "SHA256";
                break;
            default:
                throw new IllegalArgumentException("Unknown hash ID: " + i);
        }
        String algorithm = x509Certificate.getPublicKey().getAlgorithm();
        if ("RSA".equalsIgnoreCase(algorithm)) {
            return str + "withRSA";
        }
        if ("EC".equalsIgnoreCase(algorithm)) {
            return str + "withECDSA";
        }
        throw new IllegalArgumentException("Unsupported key algorithm: " + algorithm);
    }

    private static X509Certificate readPublicKey(File file) throws IOException, GeneralSecurityException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
            fileInputStream.close();
            return x509Certificate;
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    private static char[] readPassword(String str) {
        Console console = System.console();
        if (console != null) {
            return console.readPassword("[%s]", "Enter password for " + str);
        }
        System.out.print("Enter password for " + str + " (password will not be hidden): ");
        System.out.flush();
        try {
            String readLine = new BufferedReader(new InputStreamReader(System.in)).readLine();
            if (readLine == null) {
                return null;
            }
            return readLine.toCharArray();
        } catch (IOException e) {
            return null;
        }
    }

    private static PKCS8EncodedKeySpec decryptPrivateKey(byte[] bArr, File file) throws GeneralSecurityException {
        try {
            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
            SecretKey generateSecret = SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(readPassword(file.getPath())));
            Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
            cipher.init(2, generateSecret, encryptedPrivateKeyInfo.getAlgParameters());
            try {
                return encryptedPrivateKeyInfo.getKeySpec(cipher);
            } catch (InvalidKeySpecException e) {
                System.err.println("signapk: Password for " + file + " may be bad.");
                throw e;
            }
        } catch (IOException e2) {
            return null;
        }
    }

    private static PrivateKey readPrivateKey(File file) throws IOException, GeneralSecurityException {
        DataInputStream dataInputStream = new DataInputStream(new FileInputStream(file));
        try {
            byte[] bArr = new byte[(int) file.length()];
            dataInputStream.read(bArr);
            PKCS8EncodedKeySpec decryptPrivateKey = decryptPrivateKey(bArr, file);
            if (decryptPrivateKey == null) {
                decryptPrivateKey = new PKCS8EncodedKeySpec(bArr);
            }
            ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(decryptPrivateKey.getEncoded()));
            try {
                PrivateKeyInfo privateKeyInfo = PrivateKeyInfo.getInstance(aSN1InputStream.readObject());
                aSN1InputStream.close();
                PrivateKey generatePrivate = KeyFactory.getInstance(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm().getId()).generatePrivate(decryptPrivateKey);
                dataInputStream.close();
                return generatePrivate;
            } finally {
            }
        } catch (Throwable th) {
            dataInputStream.close();
            throw th;
        }
    }

    private static KeyStore createKeyStore(String str, String str2) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(null, str2 == null ? null : str2.toCharArray());
        return keyStore;
    }

    private static PrivateKey loadPrivateKeyFromKeyStore(KeyStore keyStore, String str) throws CertificateException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, UnrecoverableEntryException {
        keyStore.getKey(str, readPassword(str));
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null);
        if (privateKeyEntry == null) {
            throw new Error("Key " + str + " not found in the token provided by PKCS11 library!");
        }
        return privateKeyEntry.getPrivateKey();
    }

    private static void addOtacert(JarOutputStream jarOutputStream, File file, long j) throws IOException {
        JarEntry jarEntry = new JarEntry(OTACERT_NAME);
        jarEntry.setTime(j);
        jarOutputStream.putNextEntry(jarEntry);
        FileInputStream fileInputStream = new FileInputStream(file);
        byte[] bArr = new byte[ApkSigningBlockUtils.ANDROID_COMMON_PAGE_ALIGNMENT_BYTES];
        while (true) {
            int read = fileInputStream.read(bArr);
            if (read == -1) {
                fileInputStream.close();
                return;
            }
            jarOutputStream.write(bArr, 0, read);
        }
    }

    private static void writeSignatureBlock(CMSTypedData cMSTypedData, X509Certificate x509Certificate, PrivateKey privateKey, int i, OutputStream outputStream) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(x509Certificate);
        JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).setDirectSignature(true).build(new JcaContentSignerBuilder(getJcaSignatureAlgorithmForOta(x509Certificate, i)).build(privateKey), x509Certificate));
        cMSSignedDataGenerator.addCertificates(jcaCertStore);
        ASN1InputStream aSN1InputStream = new ASN1InputStream(cMSSignedDataGenerator.generate(cMSTypedData, false).getEncoded());
        try {
            new DEROutputStream(outputStream).writeObject(aSN1InputStream.readObject());
            aSN1InputStream.close();
        } catch (Throwable th) {
            try {
                aSN1InputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static void addV1Signature(ApkSignerEngine apkSignerEngine, ApkSignerEngine.OutputJarSignatureRequest outputJarSignatureRequest, JarOutputStream jarOutputStream, long j) throws IOException {
        for (ApkSignerEngine.OutputJarSignatureRequest.JarEntry jarEntry : outputJarSignatureRequest.getAdditionalJarEntries()) {
            String name = jarEntry.getName();
            JarEntry jarEntry2 = new JarEntry(name);
            jarEntry2.setTime(j);
            jarOutputStream.putNextEntry(jarEntry2);
            byte[] data = jarEntry.getData();
            jarOutputStream.write(data);
            ApkSignerEngine.InspectJarEntryRequest outputJarEntry = apkSignerEngine.outputJarEntry(name);
            if (outputJarEntry != null) {
                outputJarEntry.getDataSink().consume(data, 0, data.length);
                outputJarEntry.done();
            }
        }
    }

    private static void copyFiles(JarFile jarFile, Pattern pattern, ApkSignerEngine apkSignerEngine, JarOutputStream jarOutputStream, CountingOutputStream countingOutputStream, long j, int i) throws IOException {
        Hints.ByteRange ClampToAbsoluteByteRange;
        Hints.ByteRange ClampToAbsoluteByteRange2;
        byte[] bArr = new byte[ApkSigningBlockUtils.ANDROID_COMMON_PAGE_ALIGNMENT_BYTES];
        List<Hints.PatternWithRange> extractPinPatterns = extractPinPatterns(jarFile);
        ArrayList arrayList = extractPinPatterns == null ? null : new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Enumeration<JarEntry> entries = jarFile.entries();
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            if (!nextElement.isDirectory()) {
                String name = nextElement.getName();
                if (pattern == null || !pattern.matcher(name).matches()) {
                    if (!Hints.PIN_BYTE_RANGE_ZIP_ENTRY_NAME.equals(name)) {
                        arrayList2.add(name);
                    }
                }
            }
        }
        Collections.sort(arrayList2);
        boolean z = true;
        long j2 = 0;
        ArrayList<String> arrayList3 = new ArrayList(arrayList2.size());
        Iterator it = arrayList2.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            JarEntry jarEntry = jarFile.getJarEntry(str);
            if (jarEntry.getMethod() != 0) {
                arrayList3.add(str);
            } else if (shouldOutputApkEntry(apkSignerEngine, jarFile, jarEntry, bArr)) {
                JarEntry jarEntry2 = new JarEntry(jarEntry);
                jarEntry2.setTime(j);
                jarEntry2.setComment(null);
                jarEntry2.setExtra(null);
                int storedEntryDataAlignment = getStoredEntryDataAlignment(str, i);
                long length = j2 + 30 + jarEntry2.getName().length();
                if (z) {
                    length += 4;
                    z = false;
                }
                int i2 = storedEntryDataAlignment > 0 ? (storedEntryDataAlignment - ((int) ((length + 6) % storedEntryDataAlignment))) % storedEntryDataAlignment : 0;
                byte[] bArr2 = new byte[6 + i2];
                ByteBuffer wrap = ByteBuffer.wrap(bArr2);
                wrap.order(ByteOrder.LITTLE_ENDIAN);
                wrap.putShort((short) -9931);
                wrap.putShort((short) (2 + i2));
                wrap.putShort((short) storedEntryDataAlignment);
                jarEntry2.setExtra(bArr2);
                j2 = length + bArr2.length;
                long writtenBytes = countingOutputStream.getWrittenBytes();
                jarOutputStream.putNextEntry(jarEntry2);
                ApkSignerEngine.InspectJarEntryRequest outputJarEntry = apkSignerEngine != null ? apkSignerEngine.outputJarEntry(str) : null;
                DataSink dataSink = outputJarEntry != null ? outputJarEntry.getDataSink() : null;
                long writtenBytes2 = countingOutputStream.getWrittenBytes();
                InputStream inputStream = jarFile.getInputStream(jarEntry);
                while (true) {
                    try {
                        int read = inputStream.read(bArr);
                        if (read <= 0) {
                            break;
                        }
                        jarOutputStream.write(bArr, 0, read);
                        if (dataSink != null) {
                            dataSink.consume(bArr, 0, read);
                        }
                        j2 += read;
                    } catch (Throwable th) {
                        if (inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                }
                if (inputStream != null) {
                    inputStream.close();
                }
                jarOutputStream.closeEntry();
                jarOutputStream.flush();
                if (outputJarEntry != null) {
                    outputJarEntry.done();
                }
                if (extractPinPatterns != null) {
                    boolean z2 = false;
                    for (Hints.PatternWithRange patternWithRange : extractPinPatterns) {
                        if (patternWithRange.matcher(str).matches() && (ClampToAbsoluteByteRange2 = patternWithRange.ClampToAbsoluteByteRange(new Hints.ByteRange(writtenBytes2, countingOutputStream.getWrittenBytes()))) != null) {
                            z2 = true;
                            arrayList.add(ClampToAbsoluteByteRange2);
                        }
                    }
                    if (z2) {
                        arrayList.add(new Hints.ByteRange(writtenBytes, writtenBytes2));
                    }
                }
            } else {
                continue;
            }
        }
        for (String str2 : arrayList3) {
            JarEntry jarEntry3 = jarFile.getJarEntry(str2);
            if (shouldOutputApkEntry(apkSignerEngine, jarFile, jarEntry3, bArr)) {
                JarEntry jarEntry4 = new JarEntry(str2);
                jarEntry4.setTime(j);
                long writtenBytes3 = countingOutputStream.getWrittenBytes();
                jarOutputStream.putNextEntry(jarEntry4);
                ApkSignerEngine.InspectJarEntryRequest outputJarEntry2 = apkSignerEngine != null ? apkSignerEngine.outputJarEntry(str2) : null;
                DataSink dataSink2 = outputJarEntry2 != null ? outputJarEntry2.getDataSink() : null;
                long writtenBytes4 = countingOutputStream.getWrittenBytes();
                InputStream inputStream2 = jarFile.getInputStream(jarEntry3);
                while (true) {
                    int read2 = inputStream2.read(bArr);
                    if (read2 <= 0) {
                        break;
                    }
                    jarOutputStream.write(bArr, 0, read2);
                    if (dataSink2 != null) {
                        dataSink2.consume(bArr, 0, read2);
                    }
                }
                jarOutputStream.closeEntry();
                jarOutputStream.flush();
                if (outputJarEntry2 != null) {
                    outputJarEntry2.done();
                }
                if (extractPinPatterns != null) {
                    boolean z3 = false;
                    for (Hints.PatternWithRange patternWithRange2 : extractPinPatterns) {
                        if (patternWithRange2.matcher(str2).matches() && (ClampToAbsoluteByteRange = patternWithRange2.ClampToAbsoluteByteRange(new Hints.ByteRange(writtenBytes4, countingOutputStream.getWrittenBytes()))) != null) {
                            z3 = true;
                            arrayList.add(ClampToAbsoluteByteRange);
                        }
                    }
                    if (z3) {
                        arrayList.add(new Hints.ByteRange(writtenBytes3, writtenBytes4));
                    }
                }
            }
        }
        if (arrayList != null) {
            arrayList.add(new Hints.ByteRange(countingOutputStream.getWrittenBytes(), Long.MAX_VALUE));
            addPinByteRanges(jarOutputStream, arrayList, j);
        }
    }

    private static List<Hints.PatternWithRange> extractPinPatterns(JarFile jarFile) throws IOException {
        ZipEntry entry = jarFile.getEntry(Hints.PIN_HINT_ASSET_ZIP_ENTRY_NAME);
        if (entry == null) {
            return null;
        }
        InputStream inputStream = jarFile.getInputStream(entry);
        byte[] bArr = new byte[(int) entry.getSize()];
        inputStream.read(bArr);
        return Hints.parsePinPatterns(bArr);
    }

    private static void addPinByteRanges(JarOutputStream jarOutputStream, ArrayList<Hints.ByteRange> arrayList, long j) throws IOException {
        JarEntry jarEntry = new JarEntry(Hints.PIN_BYTE_RANGE_ZIP_ENTRY_NAME);
        jarEntry.setTime(j);
        jarOutputStream.putNextEntry(jarEntry);
        jarOutputStream.write(Hints.encodeByteRangeList(arrayList));
    }

    private static boolean shouldOutputApkEntry(ApkSignerEngine apkSignerEngine, JarFile jarFile, JarEntry jarEntry, byte[] bArr) throws IOException {
        if (apkSignerEngine == null) {
            return true;
        }
        ApkSignerEngine.InputJarEntryInstructions inputJarEntry = apkSignerEngine.inputJarEntry(jarEntry.getName());
        ApkSignerEngine.InspectJarEntryRequest inspectJarEntryRequest = inputJarEntry.getInspectJarEntryRequest();
        if (inspectJarEntryRequest != null) {
            provideJarEntry(jarFile, jarEntry, inspectJarEntryRequest, bArr);
        }
        switch (inputJarEntry.getOutputPolicy()) {
            case OUTPUT:
                return true;
            case SKIP:
            case OUTPUT_BY_ENGINE:
                return false;
            default:
                throw new RuntimeException("Unsupported output policy: " + inputJarEntry.getOutputPolicy());
        }
    }

    private static void provideJarEntry(JarFile jarFile, JarEntry jarEntry, ApkSignerEngine.InspectJarEntryRequest inspectJarEntryRequest, byte[] bArr) throws IOException {
        DataSink dataSink = inspectJarEntryRequest.getDataSink();
        InputStream inputStream = jarFile.getInputStream(jarEntry);
        while (true) {
            try {
                int read = inputStream.read(bArr);
                if (read <= 0) {
                    break;
                } else {
                    dataSink.consume(bArr, 0, read);
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        inspectJarEntryRequest.done();
        if (inputStream != null) {
            inputStream.close();
        }
    }

    private static int getStoredEntryDataAlignment(String str, int i) {
        if (i <= 0) {
            return 0;
        }
        return str.endsWith(".so") ? ApkSigningBlockUtils.ANDROID_COMMON_PAGE_ALIGNMENT_BYTES : i;
    }

    private static void signWholeFile(JarFile jarFile, File file, X509Certificate x509Certificate, PrivateKey privateKey, int i, long j, OutputStream outputStream) throws Exception {
        CMSSigner cMSSigner = new CMSSigner(jarFile, file, x509Certificate, privateKey, i, j, outputStream);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bytes = "signed by SignApk".getBytes(StandardCharsets.UTF_8);
        byteArrayOutputStream.write(bytes);
        byteArrayOutputStream.write(0);
        cMSSigner.writeSignatureBlock(byteArrayOutputStream);
        byte[] tail = cMSSigner.getSigner().getTail();
        if (tail[tail.length - 22] != 80 || tail[tail.length - 21] != 75 || tail[tail.length - 20] != 5 || tail[tail.length - 19] != 6) {
            throw new IllegalArgumentException("zip data already has an archive comment");
        }
        int size = byteArrayOutputStream.size() + 6;
        if (size > 65535) {
            throw new IllegalArgumentException("signature is too big for ZIP file comment");
        }
        int length = (size - bytes.length) - 1;
        byteArrayOutputStream.write(length & 255);
        byteArrayOutputStream.write((length >> 8) & 255);
        byteArrayOutputStream.write(255);
        byteArrayOutputStream.write(255);
        byteArrayOutputStream.write(size & 255);
        byteArrayOutputStream.write((size >> 8) & 255);
        byteArrayOutputStream.flush();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        for (int i2 = 0; i2 < byteArray.length - 3; i2++) {
            if (byteArray[i2] == 80 && byteArray[i2 + 1] == 75 && byteArray[i2 + 2] == 5 && byteArray[i2 + 3] == 6) {
                throw new IllegalArgumentException("found spurious EOCD header at " + i2);
            }
        }
        outputStream.write(size & 255);
        outputStream.write((size >> 8) & 255);
        byteArrayOutputStream.writeTo(outputStream);
    }

    private static void loadProviderIfNecessary(String str) {
        if (str == null) {
            return;
        }
        try {
            ClassLoader systemClassLoader = ClassLoader.getSystemClassLoader();
            Constructor<?> constructor = null;
            Constructor<?>[] constructors = (systemClassLoader != null ? systemClassLoader.loadClass(str) : Class.forName(str)).getConstructors();
            int length = constructors.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Constructor<?> constructor2 = constructors[i];
                if (constructor2.getParameterTypes().length == 0) {
                    constructor = constructor2;
                    break;
                }
                i++;
            }
            if (constructor == null) {
                System.err.println("No zero-arg constructor found for " + str);
                System.exit(1);
                return;
            }
            try {
                Object newInstance = constructor.newInstance(new Object[0]);
                if (!(newInstance instanceof Provider)) {
                    System.err.println("Not a Provider class: " + str);
                    System.exit(1);
                }
                Security.insertProviderAt((Provider) newInstance, 1);
            } catch (Exception e) {
                e.printStackTrace();
                System.exit(1);
            }
        } catch (ClassNotFoundException e2) {
            e2.printStackTrace();
            System.exit(1);
        }
    }

    private static List<DefaultApkSignerEngine.SignerConfig> createSignerConfigs(PrivateKey[] privateKeyArr, X509Certificate[] x509CertificateArr) {
        if (privateKeyArr.length != x509CertificateArr.length) {
            throw new IllegalArgumentException("The number of private keys must match the number of certificates: " + privateKeyArr.length + " vs" + x509CertificateArr.length);
        }
        ArrayList arrayList = new ArrayList();
        String str = privateKeyArr.length == 1 ? "CERT" : "CERT%s";
        for (int i = 0; i < privateKeyArr.length; i++) {
            arrayList.add(new DefaultApkSignerEngine.SignerConfig.Builder(String.format(Locale.US, str, Integer.valueOf(i + 1)), privateKeyArr[i], Collections.singletonList(x509CertificateArr[i])).build());
        }
        return arrayList;
    }

    private static ZipSections findMainZipSections(ByteBuffer byteBuffer) throws IOException, ZipFormatException {
        byteBuffer.slice();
        ApkUtils.ZipSections findZipSections = ApkUtils.findZipSections(DataSources.asDataSource(byteBuffer));
        long zipCentralDirectoryOffset = findZipSections.getZipCentralDirectoryOffset();
        long zipCentralDirectorySizeBytes = zipCentralDirectoryOffset + findZipSections.getZipCentralDirectorySizeBytes();
        long zipEndOfCentralDirectoryOffset = findZipSections.getZipEndOfCentralDirectoryOffset();
        if (zipCentralDirectorySizeBytes != zipEndOfCentralDirectoryOffset) {
            throw new ZipFormatException("ZIP Central Directory is not immediately followed by End of Central Directory. CD end: " + zipCentralDirectorySizeBytes + ", EoCD start: " + zipEndOfCentralDirectoryOffset);
        }
        byteBuffer.position(0);
        byteBuffer.limit((int) zipCentralDirectoryOffset);
        ByteBuffer slice = byteBuffer.slice();
        byteBuffer.position((int) zipCentralDirectoryOffset);
        byteBuffer.limit((int) zipCentralDirectorySizeBytes);
        ByteBuffer slice2 = byteBuffer.slice();
        byteBuffer.position((int) zipEndOfCentralDirectoryOffset);
        byteBuffer.limit(byteBuffer.capacity());
        ByteBuffer slice3 = byteBuffer.slice();
        byteBuffer.position(0);
        byteBuffer.limit(byteBuffer.capacity());
        ZipSections zipSections = new ZipSections();
        zipSections.beforeCentralDir = slice;
        zipSections.centralDir = slice2;
        zipSections.eocd = slice3;
        return zipSections;
    }

    private static final int getMinSdkVersion(JarFile jarFile) throws MinSdkVersionException {
        JarEntry jarEntry = jarFile.getJarEntry(ApkUtils.ANDROID_MANIFEST_ZIP_ENTRY_NAME);
        if (jarEntry == null) {
            throw new MinSdkVersionException("No AndroidManifest.xml in APK");
        }
        try {
            InputStream inputStream = jarFile.getInputStream(jarEntry);
            try {
                byte[] byteArray = toByteArray(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
                return ApkUtils.getMinSdkVersionFromBinaryAndroidManifest(ByteBuffer.wrap(byteArray));
            } finally {
            }
        } catch (IOException e) {
            throw new MinSdkVersionException("Failed to read AndroidManifest.xml", e);
        }
    }

    private static byte[] toByteArray(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[65536];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    private static void usage() {
        System.err.println("Usage: signapk [-w] [-a <alignment>] [--align-file-size] [-providerClass <className>] [-loadPrivateKeysFromKeyStore <keyStoreName>][-keyStorePin <pin>][--min-sdk-version <n>] [--disable-v2] [--enable-v4] publickey.x509[.pem] privatekey.pk8 [publickey2.x509[.pem] privatekey2.pk8 ...] input.jar output.jar [output-v4-file]");
        System.exit(2);
    }

    public static void main(String[] strArr) {
        int minSdkVersion;
        if (strArr.length < 4) {
            usage();
        }
        Security.insertProviderAt(new OpenSSLProvider(), 1);
        Security.addProvider(new BouncyCastleProvider());
        boolean z = false;
        String str = null;
        String str2 = null;
        String str3 = null;
        int i = 4;
        boolean z2 = false;
        Integer num = null;
        boolean z3 = true;
        boolean z4 = false;
        SigningCertificateLineage signingCertificateLineage = null;
        Integer num2 = null;
        int i2 = 0;
        while (i2 < strArr.length && strArr[i2].startsWith("-")) {
            if ("-w".equals(strArr[i2])) {
                z = true;
                i2++;
            } else if ("-providerClass".equals(strArr[i2])) {
                if (i2 + 1 >= strArr.length) {
                    usage();
                }
                int i3 = i2 + 1;
                str = strArr[i3];
                i2 = i3 + 1;
            } else if ("-loadPrivateKeysFromKeyStore".equals(strArr[i2])) {
                if (i2 + 1 >= strArr.length) {
                    usage();
                }
                int i4 = i2 + 1;
                str2 = strArr[i4];
                i2 = i4 + 1;
            } else if ("-keyStorePin".equals(strArr[i2])) {
                if (i2 + 1 >= strArr.length) {
                    usage();
                }
                int i5 = i2 + 1;
                str3 = strArr[i5];
                i2 = i5 + 1;
            } else if ("-a".equals(strArr[i2])) {
                int i6 = i2 + 1;
                i = Integer.parseInt(strArr[i6]);
                i2 = i6 + 1;
            } else if ("--align-file-size".equals(strArr[i2])) {
                z2 = true;
                i2++;
            } else if ("--min-sdk-version".equals(strArr[i2])) {
                int i7 = i2 + 1;
                String str4 = strArr[i7];
                try {
                    num = Integer.valueOf(Integer.parseInt(str4));
                    i2 = i7 + 1;
                } catch (NumberFormatException e) {
                    throw new IllegalArgumentException("--min-sdk-version must be a decimal number: " + str4);
                }
            } else if ("--disable-v2".equals(strArr[i2])) {
                z3 = false;
                i2++;
            } else if ("--enable-v4".equals(strArr[i2])) {
                z4 = true;
                i2++;
            } else if ("--lineage".equals(strArr[i2])) {
                int i8 = i2 + 1;
                try {
                    signingCertificateLineage = SigningCertificateLineage.readFromFile(new File(strArr[i8]));
                    i2 = i8 + 1;
                } catch (Exception e2) {
                    throw new IllegalArgumentException("Error reading lineage file: " + e2.getMessage());
                }
            } else if ("--rotation-min-sdk-version".equals(strArr[i2])) {
                int i9 = i2 + 1;
                String str5 = strArr[i9];
                try {
                    num2 = Integer.valueOf(Integer.parseInt(str5));
                    i2 = i9 + 1;
                } catch (NumberFormatException e3) {
                    throw new IllegalArgumentException("--rotation-min-sdk-version must be a decimal number: " + str5);
                }
            } else {
                usage();
            }
        }
        int length = z4 ? strArr.length - 1 : strArr.length;
        if ((length - i2) % 2 == 1) {
            usage();
        }
        int i10 = ((length - i2) / 2) - 1;
        if (z && i10 > 1) {
            System.err.println("Only one key may be used with -w.");
            System.exit(2);
        }
        loadProviderIfNecessary(str);
        String str6 = strArr[length - 2];
        String str7 = strArr[length - 1];
        String str8 = z4 ? strArr[strArr.length - 1] : "";
        JarFile jarFile = null;
        FileOutputStream fileOutputStream = null;
        try {
            try {
                File file = new File(strArr[i2 + 0]);
                X509Certificate[] x509CertificateArr = new X509Certificate[i10];
                for (int i11 = 0; i11 < i10; i11++) {
                    try {
                        x509CertificateArr[i11] = readPublicKey(new File(strArr[i2 + (i11 * 2)]));
                    } catch (IllegalArgumentException e4) {
                        System.err.println(e4);
                        System.exit(1);
                    }
                }
                long offset = 1230768000000L - TimeZone.getDefault().getOffset(1230768000000L);
                KeyStore createKeyStore = str2 != null ? createKeyStore(str2, str3) : null;
                PrivateKey[] privateKeyArr = new PrivateKey[i10];
                for (int i12 = 0; i12 < i10; i12++) {
                    int i13 = i2 + (i12 * 2) + 1;
                    if (createKeyStore == null) {
                        privateKeyArr[i12] = readPrivateKey(new File(strArr[i13]));
                    } else {
                        privateKeyArr[i12] = loadPrivateKeyFromKeyStore(createKeyStore, strArr[i13]);
                    }
                }
                JarFile jarFile2 = new JarFile(new File(str6), false);
                FileOutputStream fileOutputStream2 = new FileOutputStream(str7);
                if (z) {
                    signWholeFile(jarFile2, file, x509CertificateArr[0], privateKeyArr[0], getDigestAlgorithmForOta(x509CertificateArr[0]), offset, fileOutputStream2);
                    if (jarFile2 != null) {
                        try {
                            jarFile2.close();
                        } catch (IOException e5) {
                            e5.printStackTrace();
                            System.exit(1);
                            return;
                        }
                    }
                    if (fileOutputStream2 != null) {
                        fileOutputStream2.close();
                    }
                    return;
                }
                if (num != null) {
                    minSdkVersion = num.intValue();
                } else {
                    try {
                        minSdkVersion = getMinSdkVersion(jarFile2);
                    } catch (MinSdkVersionException e6) {
                        throw new IllegalArgumentException("Cannot detect minSdkVersion. Use --min-sdk-version to override", e6);
                    }
                }
                DefaultApkSignerEngine.Builder createdBy = new DefaultApkSignerEngine.Builder(createSignerConfigs(privateKeyArr, x509CertificateArr), minSdkVersion).setV1SigningEnabled(true).setV2SigningEnabled(z3).setOtherSignersSignaturesPreserved(false).setCreatedBy("1.0 (Android SignApk)");
                if (signingCertificateLineage != null) {
                    createdBy = createdBy.setSigningCertificateLineage(signingCertificateLineage);
                }
                if (num2 != null) {
                    createdBy = createdBy.setMinSdkVersionForRotation(num2.intValue());
                }
                DefaultApkSignerEngine build = createdBy.build();
                try {
                    build.inputApkSigningBlock(null);
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    CountingOutputStream countingOutputStream = new CountingOutputStream(byteArrayOutputStream);
                    JarOutputStream jarOutputStream = new JarOutputStream(countingOutputStream);
                    jarOutputStream.setLevel(9);
                    copyFiles(jarFile2, null, build, jarOutputStream, countingOutputStream, offset, i);
                    ApkSignerEngine.OutputJarSignatureRequest outputJarEntries = build.outputJarEntries();
                    if (outputJarEntries != null) {
                        addV1Signature(build, outputJarEntries, jarOutputStream, offset);
                        outputJarEntries.done();
                    }
                    jarOutputStream.close();
                    ByteBuffer wrap = ByteBuffer.wrap(byteArrayOutputStream.toByteArray());
                    byteArrayOutputStream.reset();
                    ByteBuffer[] byteBufferArr = {wrap};
                    ZipSections findMainZipSections = findMainZipSections(wrap);
                    ByteBuffer allocate = ByteBuffer.allocate(findMainZipSections.eocd.remaining());
                    allocate.put(findMainZipSections.eocd);
                    allocate.flip();
                    allocate.order(ByteOrder.LITTLE_ENDIAN);
                    while (true) {
                        ApkSignerEngine.OutputApkSigningBlockRequest2 outputZipSections2 = build.outputZipSections2(DataSources.asDataSource(findMainZipSections.beforeCentralDir), DataSources.asDataSource(findMainZipSections.centralDir), DataSources.asDataSource(allocate));
                        if (outputZipSections2 == null) {
                            break;
                        }
                        int paddingSizeBeforeApkSigningBlock = outputZipSections2.getPaddingSizeBeforeApkSigningBlock();
                        byte[] apkSigningBlock = outputZipSections2.getApkSigningBlock();
                        ByteBuffer allocate2 = ByteBuffer.allocate(allocate.remaining());
                        allocate2.put(allocate);
                        allocate2.flip();
                        allocate2.order(ByteOrder.LITTLE_ENDIAN);
                        ApkUtils.setZipEocdCentralDirectoryOffset(allocate2, findMainZipSections.beforeCentralDir.remaining() + paddingSizeBeforeApkSigningBlock + apkSigningBlock.length);
                        byteBufferArr = new ByteBuffer[]{findMainZipSections.beforeCentralDir, ByteBuffer.allocate(paddingSizeBeforeApkSigningBlock), ByteBuffer.wrap(apkSigningBlock), findMainZipSections.centralDir, allocate2};
                        outputZipSections2.done();
                        if (!z2 || i < 2) {
                            break;
                        }
                        int i14 = 0;
                        for (ByteBuffer byteBuffer : byteBufferArr) {
                            i14 += byteBuffer.remaining();
                        }
                        if (i14 % i == 0) {
                            break;
                        }
                        ByteBuffer allocate3 = ByteBuffer.allocate(allocate2.remaining() + (i - (i14 % i)));
                        allocate3.put(allocate2);
                        allocate3.rewind();
                        allocate3.order(ByteOrder.LITTLE_ENDIAN);
                        ApkUtils.updateZipEocdCommentLen(allocate3);
                        allocate = allocate3;
                    }
                    for (ByteBuffer byteBuffer2 : byteBufferArr) {
                        fileOutputStream2.write(byteBuffer2.array(), byteBuffer2.arrayOffset() + byteBuffer2.position(), byteBuffer2.remaining());
                        byteBuffer2.position(byteBuffer2.limit());
                    }
                    fileOutputStream2.close();
                    FileOutputStream fileOutputStream3 = null;
                    build.outputDone();
                    if (z4) {
                        build.signV4(DataSources.asDataSource(new RandomAccessFile(new File(str7), "r")), new File(str8), false);
                    }
                    if (build != null) {
                        build.close();
                    }
                    if (jarFile2 != null) {
                        try {
                            jarFile2.close();
                        } catch (IOException e7) {
                            e7.printStackTrace();
                            System.exit(1);
                            return;
                        }
                    }
                    if (0 != 0) {
                        fileOutputStream3.close();
                    }
                } catch (Throwable th) {
                    if (build != null) {
                        try {
                            build.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                if (0 != 0) {
                    try {
                        jarFile.close();
                    } catch (IOException e8) {
                        e8.printStackTrace();
                        System.exit(1);
                        throw th3;
                    }
                }
                if (0 != 0) {
                    fileOutputStream.close();
                }
                throw th3;
            }
        } catch (Exception e9) {
            e9.printStackTrace();
            System.exit(1);
            if (0 != 0) {
                try {
                    jarFile.close();
                } catch (IOException e10) {
                    e10.printStackTrace();
                    System.exit(1);
                    return;
                }
            }
            if (0 != 0) {
                fileOutputStream.close();
            }
        }
    }
}
