package aQute.lib.signing;

import aQute.lib.base64.Base64;
import aQute.lib.osgi.EmbeddedResource;
import aQute.lib.osgi.Jar;
import aQute.lib.osgi.Resource;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.RSAPrivateKeySpec;
import java.util.Map;
import java.util.jar.Attributes;
import java.util.jar.Manifest;
import java.util.zip.ZipFile;
import sun.security.util.ManifestDigester;

/* loaded from: input_file:aQute/lib/signing/JarSigner.class */
public class JarSigner {
    private String alias;
    private PrivateKey privateKey;
    private X509Certificate[] certChain;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:aQute/lib/signing/JarSigner$SignatureFile.class */
    public class SignatureFile {
        private Object sigFile;
        private Class<?> JDKsfClass = Class.forName(JDK_SIGNATURE_FILE);
        private Method getMetaNameMethod = JarSigner.findMethod(this.JDKsfClass, GETMETANAME_METHOD, new Class[0]);
        private Method writeMethod = JarSigner.findMethod(this.JDKsfClass, WRITE_METHOD, OutputStream.class);
        private static final String JDK_SIGNATURE_FILE = "sun.security.tools.SignatureFile";
        private static final String GETMETANAME_METHOD = "getMetaName";
        private static final String WRITE_METHOD = "write";

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:aQute/lib/signing/JarSigner$SignatureFile$Block.class */
        public class Block {
            private Object block;
            private static final String JDK_BLOCK = "sun.security.tools.SignatureFile$Block";
            private static final String JDK_CONTENT_SIGNER = "com.sun.jarsigner.ContentSigner";
            private Method getMetaNameMethod;
            private Method writeMethod;

            public Block(SignatureFile signatureFile, PrivateKey privateKey, X509Certificate[] x509CertificateArr, boolean z, ZipFile zipFile) throws ClassNotFoundException, NoSuchMethodException, InstantiationException, IllegalAccessException, InvocationTargetException {
                Class<?> cls = Class.forName(JDK_BLOCK);
                Constructor access$0 = JarSigner.access$0(cls, new Class[]{signatureFile.getJDKSignatureFileClass(), PrivateKey.class, X509Certificate[].class, Boolean.TYPE, String.class, X509Certificate.class, Class.forName(JDK_CONTENT_SIGNER), String[].class, ZipFile.class});
                this.getMetaNameMethod = JarSigner.findMethod(cls, SignatureFile.GETMETANAME_METHOD, new Class[0]);
                this.writeMethod = JarSigner.findMethod(cls, SignatureFile.WRITE_METHOD, OutputStream.class);
                this.block = access$0.newInstance(signatureFile.getJDKSignatureFile(), privateKey, x509CertificateArr, Boolean.valueOf(z), null, null, null, null, zipFile);
            }

            public String getMetaName() throws IllegalAccessException, InvocationTargetException {
                return (String) this.getMetaNameMethod.invoke(this.block, new Object[0]);
            }

            public void write(OutputStream outputStream) throws IllegalAccessException, InvocationTargetException {
                this.writeMethod.invoke(this.block, outputStream);
            }
        }

        public SignatureFile(MessageDigest[] messageDigestArr, Manifest manifest, ManifestDigester manifestDigester, String str, boolean z) throws ClassNotFoundException, NoSuchMethodException, InstantiationException, IllegalAccessException, InvocationTargetException {
            this.sigFile = JarSigner.access$0(this.JDKsfClass, new Class[]{MessageDigest[].class, Manifest.class, ManifestDigester.class, String.class, Boolean.TYPE}).newInstance(messageDigestArr, manifest, manifestDigester, str, Boolean.valueOf(z));
        }

        public Block generateBlock(PrivateKey privateKey, X509Certificate[] x509CertificateArr, boolean z, ZipFile zipFile) throws Exception {
            return new Block(this, privateKey, x509CertificateArr, z, zipFile);
        }

        public Class<?> getJDKSignatureFileClass() {
            return this.JDKsfClass;
        }

        public Object getJDKSignatureFile() {
            return this.sigFile;
        }

        public String getMetaName() throws IllegalAccessException, InvocationTargetException {
            return (String) this.getMetaNameMethod.invoke(this.sigFile, new Object[0]);
        }

        public void write(OutputStream outputStream) throws IllegalAccessException, InvocationTargetException {
            this.writeMethod.invoke(this.sigFile, outputStream);
        }
    }

    public JarSigner(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
        this.alias = str;
        this.privateKey = privateKey;
        this.certChain = x509CertificateArr;
    }

    private static String updateDigest(MessageDigest messageDigest, InputStream inputStream) throws IOException {
        byte[] bArr = new byte[2048];
        while (true) {
            int read = inputStream.read(bArr);
            if (read <= 0) {
                inputStream.close();
                return new Base64(messageDigest.digest()).toString();
            }
            messageDigest.update(bArr, 0, read);
        }
    }

    private static Map<String, Attributes> updateManifestDigest(Manifest manifest, Jar jar, MessageDigest[] messageDigestArr, Map<String, Attributes> map) throws IOException {
        for (Map.Entry<String, Resource> entry : jar.getResources().entrySet()) {
            if (!entry.getKey().startsWith("META-INF")) {
                Attributes attributes = map.get(entry.getKey());
                if (attributes == null) {
                    attributes = new Attributes();
                    map.put(entry.getKey(), attributes);
                }
                for (MessageDigest messageDigest : messageDigestArr) {
                    attributes.putValue(String.valueOf(messageDigest.getAlgorithm()) + "-Digest", updateDigest(messageDigest, entry.getValue().openInputStream()));
                }
            }
        }
        return map;
    }

    private byte[] serialiseManifest(Manifest manifest) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        manifest.write(byteArrayOutputStream);
        byteArrayOutputStream.flush();
        byteArrayOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    private SignatureFile createSignatureFile(Manifest manifest, MessageDigest[] messageDigestArr) throws Exception {
        return new SignatureFile(messageDigestArr, manifest, new ManifestDigester(serialiseManifest(manifest)), this.alias, true);
    }

    public void signJar(Jar jar) throws Exception {
        Manifest manifest = jar.getManifest();
        Map<String, Attributes> entries = manifest.getEntries();
        MessageDigest[] messageDigestArr = {MessageDigest.getInstance("SHA1"), MessageDigest.getInstance("MD5")};
        updateManifestDigest(manifest, jar, messageDigestArr, entries);
        SignatureFile createSignatureFile = createSignatureFile(manifest, messageDigestArr);
        SignatureFile.Block generateBlock = createSignatureFile.generateBlock(this.privateKey, this.certChain, true, null);
        String metaName = createSignatureFile.getMetaName();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        createSignatureFile.write(byteArrayOutputStream);
        jar.putResource(metaName, new EmbeddedResource(byteArrayOutputStream.toByteArray(), 0L));
        String metaName2 = generateBlock.getMetaName();
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        generateBlock.write(byteArrayOutputStream2);
        jar.putResource(metaName2, new EmbeddedResource(byteArrayOutputStream2.toByteArray(), 0L));
    }

    private static <T> Constructor<T> findConstructor(Class<T> cls, Class<?>... clsArr) throws NoSuchMethodException {
        Constructor<T> declaredConstructor = cls.getDeclaredConstructor(clsArr);
        declaredConstructor.setAccessible(true);
        return declaredConstructor;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <T> Method findMethod(Class<T> cls, String str, Class<?>... clsArr) throws NoSuchMethodException {
        Method declaredMethod = cls.getDeclaredMethod(str, clsArr);
        if (declaredMethod == null) {
            throw new RuntimeException(cls.getName());
        }
        declaredMethod.setAccessible(true);
        return declaredMethod;
    }

    public static JarSigner newInstance(String str, String str2, String str3) throws Exception {
        FileInputStream fileInputStream = new FileInputStream(str);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(fileInputStream, str3.toCharArray());
        return newInstance(keyStore, str2, str3);
    }

    public static JarSigner newInstance(KeyStore keyStore, String str, String str2) throws Exception {
        Certificate[] certificateChain = keyStore.getCertificateChain(str);
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        for (int i = 0; i < certificateChain.length; i++) {
            x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certificateChain[i].getEncoded()));
        }
        Key key = keyStore.getKey(str, str2.toCharArray());
        KeyFactory keyFactory = KeyFactory.getInstance(key.getAlgorithm());
        return new JarSigner(str, keyFactory.generatePrivate(keyFactory.getKeySpec(key, RSAPrivateKeySpec.class)), x509CertificateArr);
    }

    static /* synthetic */ Constructor access$0(Class cls, Class[] clsArr) throws NoSuchMethodException {
        return findConstructor(cls, clsArr);
    }
}
