package com.aliucord.installer;

import com.aliucord.libzip.Zip;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Locale;
import java.util.Map;
import java.util.jar.Attributes;
import java.util.jar.Manifest;
import java.util.regex.Pattern;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: classes.dex */
public final class Signer {
    private static final Pattern stripPattern = Pattern.compile("^META-INF/(.*)[.](MF|SF|RSA|DSA)$");

    private static KeySet createKey() throws Exception {
        BigInteger valueOf;
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        do {
            valueOf = BigInteger.valueOf(new SecureRandom().nextInt());
        } while (valueOf.compareTo(BigInteger.ZERO) < 0);
        X500Name x500Name = new X500Name("CN=Aliucord Installer");
        return new KeySet(new JcaX509CertificateConverter().getCertificate(new X509v3CertificateBuilder(x500Name, valueOf, new Date(System.currentTimeMillis() - 2592000000L), new Date(System.currentTimeMillis() + 948672000000L), Locale.ENGLISH, x500Name, SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded())).build(new JcaContentSignerBuilder("SHA1withRSA").build(generateKeyPair.getPrivate()))), generateKeyPair.getPrivate());
    }

    private static String getManifestHash(Manifest manifest, MessageDigest messageDigest) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            manifest.write(byteArrayOutputStream);
            String base64 = toBase64(messageDigest.digest(byteArrayOutputStream.toByteArray()));
            byteArrayOutputStream.close();
            return base64;
        } catch (Throwable th) {
            try {
                byteArrayOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static String hashEntrySection(String str, Attributes attributes, MessageDigest messageDigest) throws IOException {
        Manifest manifest = new Manifest();
        manifest.getMainAttributes().put(Attributes.Name.MANIFEST_VERSION, "1.0");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            manifest.write(byteArrayOutputStream);
            int length = byteArrayOutputStream.toByteArray().length;
            manifest.getEntries().put(str, attributes);
            byteArrayOutputStream.reset();
            manifest.write(byteArrayOutputStream);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            String base64 = toBase64(messageDigest.digest(Arrays.copyOfRange(byteArray, length, byteArray.length)));
            byteArrayOutputStream.close();
            return base64;
        } catch (Throwable th) {
            try {
                byteArrayOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static void newKeystore(File file) throws Exception {
        char[] charArray = "password".toCharArray();
        KeySet createKey = createKey();
        KeyStore keyStore = KeyStore.getInstance("BKS", BouncyCastleProvider.PROVIDER_NAME);
        keyStore.load(null, charArray);
        keyStore.setKeyEntry("alias", createKey.privateKey, charArray, new Certificate[]{createKey.publicKey});
        keyStore.store(new FileOutputStream(file), charArray);
    }

    public static void signApk(File file) throws Exception {
        File file2 = new File(file.getParent(), "ks.keystore");
        if (!file2.exists()) {
            newKeystore(file2);
        }
        char[] charArray = "password".toCharArray();
        KeyStore keyStore = KeyStore.getInstance("BKS", BouncyCastleProvider.PROVIDER_NAME);
        FileInputStream fileInputStream = new FileInputStream(file2);
        try {
            keyStore.load(fileInputStream, null);
            fileInputStream.close();
            String nextElement = keyStore.aliases().nextElement();
            KeySet keySet = new KeySet((X509Certificate) keyStore.getCertificate(nextElement), (PrivateKey) keyStore.getKey(nextElement, charArray));
            Zip zip = new Zip(file.getAbsolutePath(), 6, 'r');
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            ArrayList arrayList = new ArrayList();
            int totalEntries = zip.getTotalEntries();
            for (int i = 0; i < totalEntries; i++) {
                zip.openEntryByIndex(i);
                String entryName = zip.getEntryName();
                if (stripPattern.matcher(entryName).matches()) {
                    arrayList.add(entryName);
                } else {
                    linkedHashMap.put(entryName, toBase64(messageDigest.digest(zip.readEntry())));
                }
                zip.closeEntry();
            }
            zip.close();
            Zip zip2 = new Zip(file.getAbsolutePath(), 6, 'a');
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                zip2.deleteEntry((String) it.next());
            }
            LinkedHashMap linkedHashMap2 = new LinkedHashMap();
            Manifest manifest = new Manifest();
            Attributes mainAttributes = manifest.getMainAttributes();
            mainAttributes.put(Attributes.Name.MANIFEST_VERSION, "1.0");
            mainAttributes.put(new Attributes.Name("Created-By"), "Aliucord Installer");
            Attributes.Name name = new Attributes.Name("SHA1-Digest");
            for (Map.Entry entry : linkedHashMap.entrySet()) {
                Attributes attributes = new Attributes();
                attributes.put(name, entry.getValue());
                String str = (String) entry.getKey();
                manifest.getEntries().put(str, attributes);
                linkedHashMap2.put(str, hashEntrySection(str, attributes, messageDigest));
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                manifest.write(byteArrayOutputStream);
                zip2.openEntry("META-INF/MANIFEST.MF");
                zip2.writeEntry(byteArrayOutputStream.toByteArray(), byteArrayOutputStream.size());
                zip2.closeEntry();
                byteArrayOutputStream.close();
                String manifestHash = getManifestHash(manifest, messageDigest);
                Manifest manifest2 = new Manifest();
                manifest2.getMainAttributes().putAll(mainAttributes);
                String manifestHash2 = getManifestHash(manifest2, messageDigest);
                Manifest manifest3 = new Manifest();
                Attributes mainAttributes2 = manifest3.getMainAttributes();
                mainAttributes2.put(Attributes.Name.SIGNATURE_VERSION, "1.0");
                mainAttributes2.put(new Attributes.Name("Created-By"), "Aliucord Installer");
                mainAttributes2.put(new Attributes.Name("SHA1-Digest-Manifest"), manifestHash);
                mainAttributes2.put(new Attributes.Name("SHA1-Digest-Manifest-Main-Attributes"), manifestHash2);
                for (Map.Entry entry2 : linkedHashMap2.entrySet()) {
                    Attributes attributes2 = new Attributes();
                    attributes2.put(name, entry2.getValue());
                    manifest3.getEntries().put((String) entry2.getKey(), attributes2);
                }
                byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    manifest3.write(byteArrayOutputStream);
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    zip2.openEntry("META-INF/CERT.SF");
                    zip2.writeEntry(byteArray, byteArrayOutputStream.size());
                    zip2.closeEntry();
                    byteArrayOutputStream.close();
                    byte[] signSigFile = signSigFile(keySet, byteArray);
                    zip2.openEntry("META-INF/CERT.RSA");
                    zip2.writeEntry(signSigFile, signSigFile.length);
                    zip2.closeEntry();
                    zip2.close();
                } finally {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th) {
                        th.addSuppressed(th);
                    }
                }
            } catch (Throwable th2) {
                throw th2;
            }
        } catch (Throwable th3) {
            try {
                fileInputStream.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }

    private static byte[] signSigFile(KeySet keySet, byte[] bArr) throws Exception {
        CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
        JcaCertStore jcaCertStore = new JcaCertStore(Collections.singletonList(keySet.publicKey));
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        ContentSigner build = new JcaContentSignerBuilder("SHA1withRSA").build(keySet.privateKey);
        JcaSignerInfoGeneratorBuilder jcaSignerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build());
        jcaSignerInfoGeneratorBuilder.setDirectSignature(true);
        cMSSignedDataGenerator.addSignerInfoGenerator(jcaSignerInfoGeneratorBuilder.build(build, keySet.publicKey));
        cMSSignedDataGenerator.addCertificates(jcaCertStore);
        return cMSSignedDataGenerator.generate(cMSProcessableByteArray, false).toASN1Structure().getEncoded(ASN1Encoding.DER);
    }

    private static String toBase64(byte[] bArr) {
        return new String(Base64.encode(bArr));
    }
}
