package com.wizarpos.crypto.util;

import com.android.apksig.ApkVerifier;
import com.android.apksig.apk.MinSdkVersionException;
import com.android.apksig.internal.apk.v1.V1SchemeSigner;
import com.android.apksigner.ApkSignerTool;
import com.wizarpos.crypto.util.external.ApkSignatureSchemeV2Verifier;
import com.wizarpos.util.ApkSignerV2;
import com.wizarpos.util.ZipUtils;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FilterOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintStream;
import java.nio.ByteBuffer;
import java.nio.channels.FileChannel;
import java.nio.file.Files;
import java.nio.file.StandardCopyOption;
import java.security.DigestOutputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.JarOutputStream;
import java.util.jar.Manifest;
import java.util.regex.Pattern;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.cmp.PKIFailureInfo;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2ParameterSpec;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:com/wizarpos/crypto/util/SignApk.class */
class SignApk extends BaseCommand {
    private static final String CERT_SF_MULTI_NAME = "META-INF/CERT%d.SF";
    private static final String CERT_RSA_MULTI_NAME = "META-INF/CERT%d.RSA";
    private static Provider sBouncyCastleProvider;
    private static final int USE_SHA1 = 1;
    private static final int USE_SHA256 = 2;
    private static Pattern stripPattern = Pattern.compile("^(META-INF/((.*)[.](SF|RSA|DSA)))|(" + Pattern.quote(V1SchemeSigner.MANIFEST_ENTRY_NAME) + ")$");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/wizarpos/crypto/util/SignApk$CountOutputStream.class */
    public static class CountOutputStream extends FilterOutputStream {
        private int mCount;

        public CountOutputStream(OutputStream outputStream) {
            super(outputStream);
            this.mCount = 0;
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(int i) throws IOException {
            super.write(i);
            this.mCount++;
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            super.write(bArr, i, i2);
            this.mCount += i2;
        }

        public int size() {
            return this.mCount;
        }
    }

    private static int getAlgorithm(X509Certificate x509Certificate) {
        String sigAlgName = x509Certificate.getSigAlgName();
        if ("SHA1withRSA".equals(sigAlgName) || "MD5withRSA".equals(sigAlgName)) {
            return 1;
        }
        if ("SHA256withRSA".equals(sigAlgName)) {
            return 2;
        }
        throw new IllegalArgumentException("unsupported signature algorithm \"" + sigAlgName + "\" in cert [" + x509Certificate.getSubjectDN());
    }

    private static int getAlgorithm(String str) {
        if ("SHA1withRSA".equals(str) || "MD5withRSA".equals(str)) {
            return 1;
        }
        if ("SHA256withRSA".equals(str)) {
            return 2;
        }
        throw new IllegalArgumentException("unsupported signature algorithm \"" + str);
    }

    private static X509Certificate readPublicKey(File file) throws IOException, GeneralSecurityException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
            fileInputStream.close();
            return x509Certificate;
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    private static void addDigestsToManifest(Manifest manifest, JarFile jarFile, int i) throws IOException, GeneralSecurityException {
        Manifest manifest2 = jarFile.getManifest();
        Attributes mainAttributes = manifest.getMainAttributes();
        if (manifest2 != null) {
            mainAttributes.putAll(manifest2.getMainAttributes());
        } else {
            mainAttributes.putValue("Manifest-Version", "1.0");
            mainAttributes.putValue("Created-By", "1.0 (Android SignApk)");
        }
        if (i == 2) {
            MessageDigest messageDigest = MessageDigest.getInstance(McElieceCCA2ParameterSpec.DEFAULT_MD);
            byte[] bArr = new byte[PKIFailureInfo.certConfirmed];
            TreeMap treeMap = new TreeMap();
            Enumeration<JarEntry> entries = jarFile.entries();
            while (entries.hasMoreElements()) {
                JarEntry nextElement = entries.nextElement();
                treeMap.put(nextElement.getName(), nextElement);
            }
            for (JarEntry jarEntry : treeMap.values()) {
                String name = jarEntry.getName();
                if (!jarEntry.isDirectory() && (stripPattern == null || !stripPattern.matcher(name).matches())) {
                    InputStream inputStream = jarFile.getInputStream(jarEntry);
                    while (true) {
                        int read = inputStream.read(bArr);
                        if (read <= 0) {
                            break;
                        } else if (messageDigest != null) {
                            messageDigest.update(bArr, 0, read);
                        }
                    }
                    Attributes attributes = manifest2 != null ? manifest2.getAttributes(name) : null;
                    Attributes attributes2 = attributes != null ? new Attributes(attributes) : new Attributes();
                    if (messageDigest != null) {
                        attributes2.putValue("SHA-256-Digest", new String(Base64.encode(messageDigest.digest()), "ASCII"));
                    }
                    manifest.getEntries().put(name, attributes2);
                }
            }
            return;
        }
        MessageDigest messageDigest2 = MessageDigest.getInstance("SHA1");
        byte[] bArr2 = new byte[PKIFailureInfo.certConfirmed];
        TreeMap treeMap2 = new TreeMap();
        Enumeration<JarEntry> entries2 = jarFile.entries();
        while (entries2.hasMoreElements()) {
            JarEntry nextElement2 = entries2.nextElement();
            treeMap2.put(nextElement2.getName(), nextElement2);
        }
        for (JarEntry jarEntry2 : treeMap2.values()) {
            String name2 = jarEntry2.getName();
            if (!jarEntry2.isDirectory() && (stripPattern == null || !stripPattern.matcher(name2).matches())) {
                InputStream inputStream2 = jarFile.getInputStream(jarEntry2);
                while (true) {
                    int read2 = inputStream2.read(bArr2);
                    if (read2 <= 0) {
                        break;
                    } else if (messageDigest2 != null) {
                        messageDigest2.update(bArr2, 0, read2);
                    }
                }
                Attributes attributes3 = manifest2 != null ? manifest2.getAttributes(name2) : null;
                Attributes attributes4 = attributes3 != null ? new Attributes(attributes3) : new Attributes();
                if (messageDigest2 != null) {
                    attributes4.putValue("SHA1-Digest", new String(Base64.encode(messageDigest2.digest()), "ASCII"));
                }
                manifest.getEntries().put(name2, attributes4);
            }
        }
    }

    private static void writeSignatureFile(JarFile jarFile, Manifest manifest, OutputStream outputStream, int i, boolean z, String str) throws IOException, GeneralSecurityException {
        Manifest manifest2 = new Manifest();
        Attributes mainAttributes = manifest2.getMainAttributes();
        mainAttributes.putValue("Signature-Version", "1.0");
        mainAttributes.putValue("Created-By", "1.0 (Android SignApk)");
        if ("v2".equals(str)) {
            mainAttributes.putValue("X-Android-APK-Signed", ApkSignerV2.SF_ATTRIBUTE_ANDROID_APK_SIGNED_VALUE);
        }
        MessageDigest messageDigest = MessageDigest.getInstance(i == 2 ? McElieceCCA2ParameterSpec.DEFAULT_MD : "SHA1");
        PrintStream printStream = new PrintStream((OutputStream) new DigestOutputStream(new ByteArrayOutputStream(), messageDigest), true, "UTF-8");
        if (z) {
            manifest.write(printStream);
            printStream.flush();
            mainAttributes.putValue(i == 2 ? "SHA-256-Digest-Manifest" : "SHA1-Digest-Manifest", new String(Base64.encode(messageDigest.digest()), "ASCII"));
        } else {
            mainAttributes.putValue(i == 2 ? "SHA-256-Digest-Manifest" : "SHA1-Digest-Manifest", new String(Base64.encode(messageDigest.digest(inputStreamToByteArray(jarFile.getInputStream(jarFile.getJarEntry(V1SchemeSigner.MANIFEST_ENTRY_NAME))))), "ASCII"));
        }
        for (Map.Entry<String, Attributes> entry : manifest.getEntries().entrySet()) {
            printStream.print("Name: " + entry.getKey() + "\r\n");
            for (Map.Entry<Object, Object> entry2 : entry.getValue().entrySet()) {
                printStream.print(entry2.getKey() + ": " + entry2.getValue() + "\r\n");
            }
            printStream.print("\r\n");
            printStream.flush();
            Attributes attributes = new Attributes();
            attributes.putValue(i == 2 ? "SHA-256-Digest" : "SHA1-Digest", new String(Base64.encode(messageDigest.digest()), "ASCII"));
            manifest2.getEntries().put(entry.getKey(), attributes);
        }
        CountOutputStream countOutputStream = new CountOutputStream(outputStream);
        manifest2.write(countOutputStream);
        if (countOutputStream.size() % 1024 == 0) {
            countOutputStream.write(13);
            countOutputStream.write(10);
        }
    }

    private static void writeSignatureBlock(CMSTypedData cMSTypedData, X509Certificate x509Certificate, PrivateKey privateKey, OutputStream outputStream, int i) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(x509Certificate);
        JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(sBouncyCastleProvider).build()).setDirectSignature(true).build(new JcaContentSignerBuilder(i == 2 ? "SHA256withRSA" : "SHA1withRSA").setProvider(sBouncyCastleProvider).build(privateKey), x509Certificate));
        cMSSignedDataGenerator.addCertificates(jcaCertStore);
        ASN1InputStream aSN1InputStream = new ASN1InputStream(cMSSignedDataGenerator.generate(cMSTypedData, false).getEncoded());
        new DEROutputStream(outputStream).writeObject(aSN1InputStream.readObject());
        aSN1InputStream.close();
    }

    private static void copyFiles(Manifest manifest, JarFile jarFile, JarOutputStream jarOutputStream, long j) throws IOException {
        byte[] bArr = new byte[PKIFailureInfo.certConfirmed];
        ArrayList arrayList = new ArrayList(manifest.getEntries().keySet());
        Collections.sort(arrayList);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            JarEntry jarEntry = jarFile.getJarEntry(str);
            JarEntry jarEntry2 = jarEntry.getMethod() == 0 ? new JarEntry(jarEntry) : new JarEntry(str);
            jarEntry2.setTime(j);
            jarOutputStream.putNextEntry(jarEntry2);
            InputStream inputStream = jarFile.getInputStream(jarEntry);
            while (true) {
                int read = inputStream.read(bArr);
                if (read > 0) {
                    jarOutputStream.write(bArr, 0, read);
                }
            }
            jarOutputStream.flush();
        }
    }

    private static void signFile(Manifest manifest, JarFile jarFile, X509Certificate[] x509CertificateArr, PrivateKey privateKey, JarOutputStream jarOutputStream, int i, boolean z, int i2, String str, long j) throws Exception {
        if (z) {
            JarEntry jarEntry = new JarEntry(V1SchemeSigner.MANIFEST_ENTRY_NAME);
            jarEntry.setTime(j);
            jarOutputStream.putNextEntry(jarEntry);
            manifest.write(jarOutputStream);
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            JarEntry jarEntry2 = new JarEntry(z ? "META-INF/CERT.SF" : String.format(CERT_SF_MULTI_NAME, Integer.valueOf(i2)));
            jarEntry2.setTime(j);
            jarOutputStream.putNextEntry(jarEntry2);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            writeSignatureFile(jarFile, manifest, byteArrayOutputStream, i, z, str);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            jarOutputStream.write(byteArray);
            JarEntry jarEntry3 = new JarEntry(z ? "META-INF/CERT.RSA" : String.format(CERT_RSA_MULTI_NAME, Integer.valueOf(i2)));
            jarEntry3.setTime(j);
            jarOutputStream.putNextEntry(jarEntry3);
            writeSignatureBlock(new CMSProcessableByteArray(byteArray), x509Certificate, privateKey, jarOutputStream, i);
        }
    }

    private void signApk() {
        String nextOption;
        boolean signWithWPParams;
        JarOutputStream jarOutputStream;
        boolean z = true;
        String str = null;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String str5 = null;
        String str6 = null;
        String str7 = null;
        String str8 = null;
        String str9 = null;
        String str10 = "v1v2";
        boolean z2 = false;
        while (true) {
            nextOption = nextOption();
            if (nextOption == null) {
                break;
            }
            if (nextOption.equals("--keytype")) {
                String nextArgRequired = nextArgRequired();
                if ("pk8".equals(nextArgRequired)) {
                    z = false;
                } else if (!"jks".equals(nextArgRequired)) {
                    ErrorAndExist("Error: Unknown option: " + nextOption);
                }
            } else if (nextOption.equals("--apk")) {
                str = nextArgRequired();
            } else if (nextOption.equals("--out")) {
                str2 = nextArgRequired();
            } else if (nextOption.equals("--keyfile")) {
                str3 = nextArgRequired();
            } else if (nextOption.equals("--certs")) {
                str4 = nextArgRequired();
            } else if (nextOption.equals("--keystore")) {
                str5 = nextArgRequired();
            } else if (nextOption.equals("--alias")) {
                str6 = nextArgRequired();
            } else if (nextOption.equals("--keypass")) {
                str7 = nextArgRequired();
            } else if (nextOption.equals("--storepass")) {
                str8 = nextArgRequired();
            } else if (nextOption.equals("--sigAlg")) {
                str9 = nextArg();
            } else if (nextOption.equals("--signatureScheme")) {
                str10 = nextArg();
                if (!"v1".equals(str10) && !"v2".equals(str10)) {
                    str10 = "v1v2";
                }
            } else if (nextOption.equals("--zipalign")) {
                z2 = true;
            } else {
                showUsage();
                ErrorAndExist("Unknown option " + nextOption);
            }
        }
        JarFile jarFile = null;
        FileOutputStream fileOutputStream = null;
        try {
            X509Certificate[] x509CertificateArr = null;
            PrivateKey privateKey = null;
            try {
                if (z) {
                    if (str5 != null) {
                        FileInputStream fileInputStream = new FileInputStream(str5);
                        KeyStore keyStore = KeyStore.getInstance("jks");
                        if (str8 == null) {
                            str8 = readConsole("Enter password for " + str5 + " (password will not be hidden): ");
                        }
                        keyStore.load(fileInputStream, str8.toCharArray());
                        Certificate certificate = keyStore.getCertificate(str6);
                        x509CertificateArr = certificate != null ? new X509Certificate[]{(X509Certificate) certificate} : (X509Certificate[]) keyStore.getCertificateChain(str6);
                        if (str7 == null) {
                            str7 = readConsole("Enter password for private key (password will not be hidden): ");
                        }
                        privateKey = (PrivateKey) keyStore.getKey(str6, str7.toCharArray());
                        fileInputStream.close();
                    } else {
                        ErrorAndExist("Error: Unknown option: " + nextOption);
                    }
                } else if (str4 == null || str3 == null) {
                    ErrorAndExist("Error: Unknown option: " + nextOption);
                } else {
                    x509CertificateArr = new X509Certificate[]{readPublicKey(new File(str4))};
                    privateKey = Signaturetools.readPrivateKey(new File(str3), str7);
                }
                boolean z3 = false;
                boolean z4 = false;
                File file = new File(str);
                try {
                    ApkVerifier.Result verify = new ApkVerifier.Builder(file).build().verify();
                    if (verify.isVerified()) {
                        z3 = verify.isVerifiedUsingV1Scheme();
                        z4 = verify.isVerifiedUsingV2Scheme();
                    } else {
                        try {
                            z4 = ApkSignatureSchemeV2Verifier.verify(str).length > 0;
                        } catch (ApkSignatureSchemeV2Verifier.SignatureNotFoundException | IOException | SecurityException e) {
                        }
                    }
                    askIfOverrideV2Signature(z4);
                    StringBuilder sb = new StringBuilder();
                    String str11 = null;
                    if (z2) {
                        str11 = System.getProperty("user.dir") + File.separator + "sign-tool_g55c3b1";
                        if (ZipUtils.unZip(getClass().getProtectionDomain().getCodeSource().getLocation().getPath(), str11)) {
                            if (System.getProperty("os.name").toLowerCase().indexOf("linux") >= 0) {
                                sb.append(str11).append("/assets/zipalign").append(" -f -v 4 %s ").append(str2);
                            } else {
                                sb.append(str11).append("\\assets\\zipalign.exe").append(" -f -v 4 %s ").append(str2);
                            }
                        }
                    }
                    boolean contains = str10.contains("v1");
                    boolean contains2 = str10.contains("v2");
                    if (z3) {
                        sBouncyCastleProvider = new BouncyCastleProvider();
                        Security.addProvider(sBouncyCastleProvider);
                        fileOutputStream = new FileOutputStream(str2);
                        int i = 0;
                        jarFile = new JarFile(file, false);
                        ByteArrayOutputStream byteArrayOutputStream = null;
                        if (contains2) {
                            byteArrayOutputStream = new ByteArrayOutputStream();
                            jarOutputStream = new JarOutputStream(byteArrayOutputStream);
                        } else {
                            jarOutputStream = new JarOutputStream(fileOutputStream);
                        }
                        jarOutputStream.setLevel(9);
                        long time = x509CertificateArr[0].getNotBefore().getTime() + 3600000;
                        Manifest manifest = jarFile.getManifest();
                        byte[] bArr = new byte[PKIFailureInfo.certConfirmed];
                        if (!z4 || !str10.equals("v1") || !manifest.getMainAttributes().values().toString().contains("Android Gradle")) {
                            Enumeration<JarEntry> entries = jarFile.entries();
                            while (entries.hasMoreElements()) {
                                JarEntry nextElement = entries.nextElement();
                                String upperCase = nextElement.getName().toUpperCase();
                                if (upperCase.startsWith("META-INF/")) {
                                    if (upperCase.endsWith(".SF")) {
                                        if (upperCase.matches(".{9,}CERT(\\d+).{3,}")) {
                                            i = Integer.valueOf(upperCase.replaceFirst(".{9,}CERT(\\d+).{3,}", "$1")).intValue() + 1;
                                        }
                                        JarEntry jarEntry = jarFile.getJarEntry(nextElement.getName());
                                        JarEntry jarEntry2 = new JarEntry(jarEntry);
                                        jarEntry2.setCompressedSize(-1L);
                                        jarOutputStream.putNextEntry(jarEntry2);
                                        InputStream inputStream = jarFile.getInputStream(jarEntry);
                                        while (true) {
                                            int read = inputStream.read(bArr);
                                            if (read <= 0) {
                                                break;
                                            } else {
                                                jarOutputStream.write(bArr, 0, read);
                                            }
                                        }
                                        jarOutputStream.flush();
                                    } else if (upperCase.endsWith(".RSA") || upperCase.endsWith(".DSA")) {
                                        JarEntry jarEntry3 = jarFile.getJarEntry(nextElement.getName());
                                        JarEntry jarEntry4 = new JarEntry(jarEntry3);
                                        jarEntry4.setCompressedSize(-1L);
                                        jarOutputStream.putNextEntry(jarEntry4);
                                        InputStream inputStream2 = jarFile.getInputStream(jarEntry3);
                                        while (true) {
                                            int read2 = inputStream2.read(bArr);
                                            if (read2 <= 0) {
                                                break;
                                            } else {
                                                jarOutputStream.write(bArr, 0, read2);
                                            }
                                        }
                                        jarOutputStream.flush();
                                    }
                                }
                            }
                        }
                        JarEntry jarEntry5 = jarFile.getJarEntry(V1SchemeSigner.MANIFEST_ENTRY_NAME);
                        JarEntry jarEntry6 = new JarEntry(jarEntry5);
                        jarEntry6.setCompressedSize(-1L);
                        jarOutputStream.putNextEntry(jarEntry6);
                        InputStream inputStream3 = jarFile.getInputStream(jarEntry5);
                        while (true) {
                            int read3 = inputStream3.read(bArr);
                            if (read3 <= 0) {
                                break;
                            } else {
                                jarOutputStream.write(bArr, 0, read3);
                            }
                        }
                        copyFiles(manifest, jarFile, jarOutputStream, time);
                        if (contains) {
                            if (str9 != null) {
                                signFile(manifest, jarFile, x509CertificateArr, privateKey, jarOutputStream, getAlgorithm(str9), false, i, str10, time);
                            } else {
                                Certificate[] loadCertificates = loadCertificates(jarFile, jarFile.getJarEntry("AndroidManifest.xml"), bArr);
                                if (loadCertificates != null) {
                                    signFile(manifest, jarFile, x509CertificateArr, privateKey, jarOutputStream, getAlgorithm((X509Certificate) loadCertificates[0]), false, i, str10, time);
                                } else {
                                    signFile(manifest, jarFile, x509CertificateArr, privateKey, jarOutputStream, 2, false, i, str10, time);
                                }
                            }
                        }
                        jarOutputStream.close();
                        if (byteArrayOutputStream != null) {
                            ByteBuffer wrap = ByteBuffer.wrap(byteArrayOutputStream.toByteArray());
                            byteArrayOutputStream.reset();
                            if (z2) {
                                String str12 = str2 + ".tmp";
                                File file2 = new File(str12);
                                FileOutputStream fileOutputStream2 = new FileOutputStream(file2);
                                FileChannel channel = fileOutputStream2.getChannel();
                                channel.write(wrap);
                                fileOutputStream2.close();
                                channel.close();
                                LinkedList<String> execCmd = execCmd(String.format(sb.toString(), str12));
                                file2.delete();
                                if (execCmd.contains("Verification succesful")) {
                                    File file3 = new File(str2);
                                    BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(file3));
                                    byte[] bArr2 = new byte[bufferedInputStream.available()];
                                    bufferedInputStream.read(bArr2);
                                    bufferedInputStream.close();
                                    byteArrayOutputStream.write(bArr2);
                                    wrap = ByteBuffer.wrap(byteArrayOutputStream.toByteArray());
                                    byteArrayOutputStream.reset();
                                    fileOutputStream = new FileOutputStream(file3);
                                } else {
                                    LOG("zipalign failed");
                                }
                                ZipUtils.deleteDirectoryRecursively(new File(str11));
                            }
                            for (ByteBuffer byteBuffer : ApkSignerV2.sign(wrap, createV2SignerConfigs(privateKey, x509CertificateArr, new String[]{"SHA-256"}))) {
                                fileOutputStream.write(byteBuffer.array(), byteBuffer.arrayOffset() + byteBuffer.position(), byteBuffer.remaining());
                                byteBuffer.position(byteBuffer.limit());
                            }
                        } else if (z2) {
                            String str13 = str2 + ".tmp";
                            File file4 = new File(str13);
                            Files.copy(new File(str2).toPath(), file4.toPath(), StandardCopyOption.REPLACE_EXISTING);
                            LinkedList<String> execCmd2 = execCmd(String.format(sb.toString(), str13));
                            file4.delete();
                            if (!execCmd2.contains("Verification succesful")) {
                                LOG("zipalign failed");
                            }
                            ZipUtils.deleteDirectoryRecursively(new File(str11));
                        }
                    } else {
                        if (z2) {
                            if (execCmd(String.format(sb.toString(), str)).contains("Verification succesful")) {
                                File file5 = new File(str2);
                                signWithWPParams = ApkSignerTool.signWithWPParams(file5, file5, contains, contains2, str5, str6, "pass:" + str7, "pass:" + str8, str3, str4);
                            } else {
                                LOG("zipalign failed");
                                signWithWPParams = ApkSignerTool.signWithWPParams(file, new File(str2), contains, contains2, str5, str6, "pass:" + str7, "pass:" + str8, str3, str4);
                            }
                            ZipUtils.deleteDirectoryRecursively(new File(str11));
                        } else {
                            signWithWPParams = ApkSignerTool.signWithWPParams(file, new File(str2), contains, contains2, str5, str6, "pass:" + str7, "pass:" + str8, str3, str4);
                        }
                        printResult(signWithWPParams);
                        System.exit(0);
                    }
                    printResult(true);
                    if (jarFile != null) {
                        try {
                            jarFile.close();
                        } catch (IOException e2) {
                            e2.printStackTrace();
                            System.exit(1);
                            return;
                        }
                    }
                    if (fileOutputStream != null) {
                        fileOutputStream.close();
                    }
                } catch (MinSdkVersionException e3) {
                    String message = e3.getMessage();
                    if (!message.endsWith(".")) {
                        String str14 = message + '.';
                    }
                    throw new MinSdkVersionException("Failed to determine APK's minimum supported platform version. Use --min-sdk-version to override", e3);
                }
            } catch (Exception e4) {
                e4.printStackTrace();
                printResult(false);
                System.exit(1);
                if (0 != 0) {
                    try {
                        jarFile.close();
                    } catch (IOException e5) {
                        e5.printStackTrace();
                        System.exit(1);
                        return;
                    }
                }
                if (0 != 0) {
                    fileOutputStream.close();
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    jarFile.close();
                } catch (IOException e6) {
                    e6.printStackTrace();
                    System.exit(1);
                    throw th;
                }
            }
            if (0 != 0) {
                fileOutputStream.close();
            }
            throw th;
        }
    }

    private void printResult(boolean z) {
        if (z) {
            LOG("The apk has been signed successfully.");
        } else {
            LOG("Sign failed");
        }
    }

    private void askIfOverrideV2Signature(boolean z) {
        if (!z || readConsole("The old signature will be lost if this apk has been signed by APK Signature Scheme v2, are you sure you want to continue? [Y/n]: ").equals("Y")) {
            return;
        }
        ErrorAndExist("Abort");
    }

    private LinkedList<String> execCmd(String str) {
        LinkedList<String> linkedList = new LinkedList<>();
        try {
            Process exec = Runtime.getRuntime().exec(str);
            InputStream inputStream = exec.getInputStream();
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                linkedList.add(readLine);
            }
            if (linkedList.size() == 0) {
                inputStream = exec.getErrorStream();
                bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                while (true) {
                    String readLine2 = bufferedReader.readLine();
                    if (readLine2 == null) {
                        break;
                    }
                    linkedList.add(readLine2);
                }
            }
            exec.waitFor();
            inputStream.close();
            bufferedReader.close();
            exec.destroy();
        } catch (IOException e) {
            e.printStackTrace();
        } catch (IllegalArgumentException e2) {
            e2.printStackTrace();
        } catch (InterruptedException e3) {
            e3.printStackTrace();
        }
        return linkedList;
    }

    private int copyFilesInMETAINF(boolean z, JarEntry jarEntry, JarFile jarFile, JarOutputStream jarOutputStream, byte[] bArr, int i, boolean z2) throws IOException {
        if (z) {
            Enumeration<JarEntry> entries = jarFile.entries();
            while (entries.hasMoreElements()) {
                String upperCase = entries.nextElement().getName().toUpperCase();
                if (upperCase.startsWith("META-INF/") && upperCase.endsWith(".SF") && upperCase.matches(".{9,}CERT(\\d+).{3,}")) {
                    i = Integer.valueOf(upperCase.replaceFirst(".{9,}CERT(\\d+).{3,}", "$1")).intValue() + 1;
                }
            }
        } else {
            Enumeration<JarEntry> entries2 = jarFile.entries();
            while (entries2.hasMoreElements()) {
                JarEntry nextElement = entries2.nextElement();
                String upperCase2 = nextElement.getName().toUpperCase();
                if (upperCase2.startsWith("META-INF/")) {
                    if (upperCase2.endsWith(".SF")) {
                        if (upperCase2.matches(".{9,}CERT(\\d+).{3,}")) {
                            i = Integer.valueOf(upperCase2.replaceFirst(".{9,}CERT(\\d+).{3,}", "$1")).intValue() + 1;
                        }
                        JarEntry jarEntry2 = jarFile.getJarEntry(nextElement.getName());
                        JarEntry jarEntry3 = new JarEntry(jarEntry2);
                        jarEntry3.setCompressedSize(-1L);
                        jarOutputStream.putNextEntry(jarEntry3);
                        InputStream inputStream = jarFile.getInputStream(jarEntry2);
                        while (true) {
                            int read = inputStream.read(bArr);
                            if (read <= 0) {
                                break;
                            }
                            jarOutputStream.write(bArr, 0, read);
                        }
                        jarOutputStream.flush();
                    } else if (upperCase2.endsWith(".RSA") || upperCase2.endsWith(".DSA")) {
                        JarEntry jarEntry4 = jarFile.getJarEntry(nextElement.getName());
                        JarEntry jarEntry5 = new JarEntry(jarEntry4);
                        jarEntry5.setCompressedSize(-1L);
                        jarOutputStream.putNextEntry(jarEntry5);
                        InputStream inputStream2 = jarFile.getInputStream(jarEntry4);
                        while (true) {
                            int read2 = inputStream2.read(bArr);
                            if (read2 <= 0) {
                                break;
                            }
                            jarOutputStream.write(bArr, 0, read2);
                        }
                        jarOutputStream.flush();
                    }
                }
            }
        }
        if (z2) {
            JarEntry jarEntry6 = jarFile.getJarEntry(V1SchemeSigner.MANIFEST_ENTRY_NAME);
            JarEntry jarEntry7 = new JarEntry(jarEntry6);
            jarEntry7.setCompressedSize(-1L);
            jarOutputStream.putNextEntry(jarEntry7);
            InputStream inputStream3 = jarFile.getInputStream(jarEntry6);
            while (true) {
                int read3 = inputStream3.read(bArr);
                if (read3 <= 0) {
                    break;
                }
                jarOutputStream.write(bArr, 0, read3);
            }
            jarOutputStream.flush();
        }
        return i;
    }

    private static Certificate[] loadCertificates(JarFile jarFile, JarEntry jarEntry, byte[] bArr) {
        try {
            InputStream inputStream = jarFile.getInputStream(jarEntry);
            do {
            } while (inputStream.read(bArr, 0, bArr.length) != -1);
            inputStream.close();
            return jarEntry.getCertificates();
        } catch (IOException e) {
            e.printStackTrace();
            return null;
        }
    }

    private static byte[] inputStreamToByteArray(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[PKIFailureInfo.certConfirmed];
        while (true) {
            int read = inputStream.read(bArr);
            if (-1 == read) {
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    private static List<ApkSignerV2.SignerConfig> createV2SignerConfigs(PrivateKey privateKey, X509Certificate[] x509CertificateArr, String[] strArr) throws InvalidKeyException {
        ArrayList arrayList = new ArrayList(1);
        X509Certificate x509Certificate = x509CertificateArr[0];
        PublicKey publicKey = x509Certificate.getPublicKey();
        String algorithm = privateKey.getAlgorithm();
        if (!algorithm.equalsIgnoreCase(publicKey.getAlgorithm())) {
            throw new InvalidKeyException("Key algorithm of private key #" + (0 + 1) + " does not match key algorithm of public key #" + (0 + 1) + ": " + algorithm + " vs " + publicKey.getAlgorithm());
        }
        ApkSignerV2.SignerConfig signerConfig = new ApkSignerV2.SignerConfig();
        signerConfig.privateKey = privateKey;
        signerConfig.certificates = Collections.singletonList(x509Certificate);
        ArrayList arrayList2 = new ArrayList(strArr.length);
        for (String str : strArr) {
            try {
                arrayList2.add(Integer.valueOf(getV2SignatureAlgorithm(algorithm, str)));
            } catch (IllegalArgumentException e) {
                throw new InvalidKeyException("Unsupported key and digest algorithm combination for signer #" + (0 + 1), e);
            }
        }
        signerConfig.signatureAlgorithms = arrayList2;
        arrayList.add(signerConfig);
        return arrayList;
    }

    private static int getV2SignatureAlgorithm(String str, String str2) {
        if ("SHA-256".equalsIgnoreCase(str2)) {
            if ("RSA".equalsIgnoreCase(str)) {
                return 259;
            }
            if ("EC".equalsIgnoreCase(str)) {
                return ApkSignerV2.SIGNATURE_ECDSA_WITH_SHA256;
            }
            if ("DSA".equalsIgnoreCase(str)) {
                return ApkSignerV2.SIGNATURE_DSA_WITH_SHA256;
            }
            throw new IllegalArgumentException("Unsupported key algorithm: " + str);
        }
        if (!"SHA-512".equalsIgnoreCase(str2)) {
            throw new IllegalArgumentException("Unsupported digest algorithm: " + str2);
        }
        if ("RSA".equalsIgnoreCase(str)) {
            return ApkSignerV2.SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA512;
        }
        if ("EC".equalsIgnoreCase(str)) {
            return ApkSignerV2.SIGNATURE_ECDSA_WITH_SHA512;
        }
        if ("DSA".equalsIgnoreCase(str)) {
            return ApkSignerV2.SIGNATURE_DSA_WITH_SHA512;
        }
        throw new IllegalArgumentException("Unsupported key algorithm: " + str);
    }

    @Override // com.wizarpos.crypto.util.BaseCommand
    public void onRun() throws Exception {
        signApk();
    }

    @Override // com.wizarpos.crypto.util.BaseCommand
    public void onShowUsage(PrintStream printStream) {
        printStream.println("USAGE: SignatureTools sign [options] apk\nsign [--keytype jks|pk8] [--apk <FILE>] [--out <FILE>] [--keystore <FILE.jks>] [--alias <String>] [--keyfile <FILE.pk8>] [--certs <FILE>] [--keypass <String>(optional)] [--storepass <String>(optional)] [--sigAlg SHA1withRSA|MD5withRSA|SHA256withRSA(optional)] [--signatureScheme v1/v2/v1v2(optional, v1v2 if not set or set to other)] [--zipalign(optional)]\n\n--sigAlg: the signature algorithm, and use the certificate's one if not specified.\n\n");
    }
}
