package com.huawei.signclient.hap.sign;

import com.huawei.signclient.hap.config.RemoteReSignerConfig;
import com.huawei.signclient.hap.config.RemoteSignerConfig;
import com.huawei.signclient.hap.config.SignerConfig;
import com.huawei.signclient.hap.entity.Pair;
import com.huawei.signclient.hap.entity.SigningBlock;
import com.huawei.signclient.hap.exception.HapParseException;
import com.huawei.signclient.hap.exception.SignatureException;
import com.huawei.signclient.hap.ext.PKCS7Ext;
import com.huawei.signclient.hap.utils.HapUtils;
import com.huawei.signclient.hap.utils.ParamConstants;
import com.huawei.signclient.hap.utils.ZipUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.DigestException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.JarOutputStream;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.PKCS9Attribute;
import sun.security.pkcs.PKCS9Attributes;
import sun.security.pkcs.SignerInfo;
import sun.security.util.DerValue;
import sun.security.x509.AlgorithmId;
import sun.security.x509.X500Name;

/* loaded from: input_file:com/huawei/signclient/hap/sign/SignHapV2.class */
public abstract class SignHapV2 {
    private static final Logger LOGGER = LogManager.getLogger((Class<?>) SignHapV2.class);
    private static final int HAP_SIGN_SCHEME_VERSION = 2;
    private static final int STORED_ENTRY_SO_ALIGNMENT = 4096;

    private SignHapV2() {
    }

    public static List<String> getEntryNamesFromHap(JarFile jarFile) {
        ArrayList arrayList = new ArrayList();
        Enumeration<JarEntry> entries = jarFile.entries();
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            if (!nextElement.isDirectory()) {
                arrayList.add(nextElement.getName());
            }
        }
        return arrayList;
    }

    private static int getStoredEntryDataAlignment(String str, int i) {
        if (i <= 0) {
            return 0;
        }
        if (str.endsWith(".so")) {
            return 4096;
        }
        return i;
    }

    public static void copyFiles(List<String> list, JarFile jarFile, JarOutputStream jarOutputStream, long j, int i) throws IOException {
        Collections.sort(list);
        long j2 = 4;
        for (String str : list) {
            JarEntry jarEntry = jarFile.getJarEntry(str);
            if (jarEntry.getMethod() == 0) {
                JarEntry jarEntry2 = new JarEntry(jarEntry);
                jarEntry2.setTime(j);
                jarEntry2.setComment(null);
                jarEntry2.setExtra(null);
                j2 = j2 + 30 + jarEntry2.getName().length();
                int storedEntryDataAlignment = getStoredEntryDataAlignment(str, i);
                if (storedEntryDataAlignment > 0 && j2 % storedEntryDataAlignment != 0) {
                    int i2 = storedEntryDataAlignment - ((int) (j2 % storedEntryDataAlignment));
                    jarEntry2.setExtra(new byte[i2]);
                    j2 += i2;
                }
                jarOutputStream.putNextEntry(jarEntry2);
                byte[] bArr = new byte[4096];
                InputStream inputStream = jarFile.getInputStream(jarEntry);
                Throwable th = null;
                while (true) {
                    try {
                        try {
                            int read = inputStream.read(bArr);
                            if (read <= 0) {
                                break;
                            }
                            jarOutputStream.write(bArr, 0, read);
                            j2 += read;
                        } finally {
                        }
                    } catch (Throwable th2) {
                        if (inputStream != null) {
                            if (th != null) {
                                try {
                                    inputStream.close();
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                }
                            } else {
                                inputStream.close();
                            }
                        }
                        throw th2;
                    }
                }
                jarOutputStream.flush();
                if (inputStream != null) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        inputStream.close();
                    }
                }
            }
        }
        copyFilesExceptStoredFile(list, jarFile, jarOutputStream, j);
    }

    private static void copyFilesExceptStoredFile(List<String> list, JarFile jarFile, JarOutputStream jarOutputStream, long j) throws IOException {
        byte[] bArr = new byte[4096];
        for (String str : list) {
            JarEntry jarEntry = jarFile.getJarEntry(str);
            if (jarEntry.getMethod() != 0) {
                JarEntry jarEntry2 = new JarEntry(str);
                jarEntry2.setTime(j);
                jarOutputStream.putNextEntry(jarEntry2);
                InputStream inputStream = jarFile.getInputStream(jarEntry);
                Throwable th = null;
                while (true) {
                    try {
                        try {
                            int read = inputStream.read(bArr);
                            if (read <= 0) {
                                break;
                            } else {
                                jarOutputStream.write(bArr, 0, read);
                            }
                        } finally {
                        }
                    } catch (Throwable th2) {
                        if (inputStream != null) {
                            if (th != null) {
                                try {
                                    inputStream.close();
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                }
                            } else {
                                inputStream.close();
                            }
                        }
                        throw th2;
                    }
                }
                jarOutputStream.flush();
                if (inputStream != null) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        inputStream.close();
                    }
                }
            }
        }
    }

    public static ByteBuffer[] sign(ByteBuffer byteBuffer, SignerConfig signerConfig, List<SigningBlock> list) throws HapParseException, InvalidKeyException, SignatureException {
        byteBuffer.order(ByteOrder.LITTLE_ENDIAN);
        byteBuffer.clear();
        int findEocdInSearchBuffer = ZipUtils.findEocdInSearchBuffer(byteBuffer);
        if (findEocdInSearchBuffer == -1) {
            throw new HapParseException(ParamConstants.HAP_PARSE_ERROR, "Failed to locate EOCD in ZIP");
        }
        if (ZipUtils.checkZip64EoCDLocatorIsPresent(byteBuffer, findEocdInSearchBuffer)) {
            throw new HapParseException(ParamConstants.HAP_PARSE_ERROR, "ZIP64 format not supported");
        }
        byteBuffer.position(findEocdInSearchBuffer);
        long centralDirectorySize = ZipUtils.getCentralDirectorySize(byteBuffer);
        if (centralDirectorySize > 2147483647L) {
            throw new HapParseException(ParamConstants.HAP_PARSE_ERROR, "ZIP Central Directory size out of range: " + centralDirectorySize);
        }
        int i = (int) centralDirectorySize;
        long centralDirectoryOffset = ZipUtils.getCentralDirectoryOffset(byteBuffer);
        if (centralDirectoryOffset > 2147483647L) {
            throw new HapParseException(ParamConstants.HAP_PARSE_ERROR, "ZIP Central Directory offset in file out of range: " + centralDirectoryOffset);
        }
        int i2 = (int) centralDirectoryOffset;
        checkEocdOffsetIsRight(i2, i, findEocdInSearchBuffer);
        byteBuffer.clear();
        ByteBuffer sliceBuffer = HapUtils.sliceBuffer(byteBuffer, i2);
        ByteBuffer sliceBuffer2 = HapUtils.sliceBuffer(byteBuffer, findEocdInSearchBuffer - i2);
        byte[] bArr = new byte[byteBuffer.remaining()];
        byteBuffer.get(bArr);
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        wrap.order(byteBuffer.order());
        HashSet hashSet = new HashSet();
        Iterator<SignatureAlgorithm> it = signerConfig.signatureAlgorithms.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getContentDigestAlgorithm());
        }
        ByteBuffer wrap2 = ByteBuffer.wrap(getHapSigningBlock(hashSet, list, signerConfig, new ByteBuffer[]{sliceBuffer, sliceBuffer2, wrap}));
        int remaining = i2 + wrap2.remaining();
        wrap.clear();
        ZipUtils.setCentralDirectoryOffset(wrap, remaining);
        sliceBuffer.clear();
        sliceBuffer2.clear();
        wrap.clear();
        return new ByteBuffer[]{sliceBuffer, wrap2, sliceBuffer2, wrap};
    }

    private static byte[] getHapSigningBlock(Set<ContentDigestAlgorithm> set, List<SigningBlock> list, SignerConfig signerConfig, ByteBuffer[] byteBufferArr) throws SignatureException {
        try {
            return generateHapSigningBlock(signerConfig, HapUtils.computeDigests(set, byteBufferArr, list), list);
        } catch (DigestException e) {
            throw new SignatureException("Failed to compute digests of HAP", e);
        }
    }

    private static void checkEocdOffsetIsRight(int i, int i2, int i3) throws HapParseException {
        int i4 = i + i2;
        if (i4 < i) {
            throw new HapParseException(ParamConstants.HAP_PARSE_ERROR, "ZIP Central Directory extent too large. Offset: " + i + ", size: " + i2);
        }
        if (i3 != i4) {
            throw new HapParseException(ParamConstants.HAP_PARSE_ERROR, "ZIP Central Directory not immeiately followed by ZIP End of Central Directory. CD end: " + i4 + ", EoCD start: " + i3);
        }
    }

    public static byte[] signBin(byte[] bArr, SignerConfig signerConfig) throws SignatureException {
        if (bArr == null) {
            throw new SignatureException("unsigned data is null");
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (SignatureAlgorithm signatureAlgorithm : signerConfig.signatureAlgorithms) {
            try {
                SignerInfo signerInfo = getSignerInfo(signatureAlgorithm, bArr, signerConfig);
                if (signerInfo != null) {
                    arrayList2.add(signerInfo.getDigestAlgorithmId());
                    arrayList.add(signerInfo);
                }
                LOGGER.info("Add sign data in sign info list success.");
            } catch (IOException e) {
                throw new SignatureException("sign IOException" + e.getMessage(), e);
            } catch (IllegalArgumentException e2) {
                throw new SignatureException("sign IllegalArgumentException" + e2.getMessage(), e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new SignatureException("Invalid algorithm: " + signatureAlgorithm.getContentDigestAlgorithm().name(), e3);
            }
        }
        return packagePKCS7(signerConfig, arrayList, arrayList2, bArr);
    }

    private static SignerInfo getSignerInfo(SignatureAlgorithm signatureAlgorithm, byte[] bArr, SignerConfig signerConfig) throws SignatureException, IOException, NoSuchAlgorithmException {
        Pair<String, ? extends AlgorithmParameterSpec> signatureAlgAndParams = signatureAlgorithm.getSignatureAlgAndParams();
        ContentDigestAlgorithm contentDigestAlgorithm = signatureAlgorithm.getContentDigestAlgorithm();
        String first = signatureAlgAndParams.getFirst();
        PKCS9Attributes pKCS9Attributes = new PKCS9Attributes(new PKCS9Attribute[]{new PKCS9Attribute(PKCS9Attribute.SIGNING_TIME_OID, new Date()), new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID), new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, MessageDigest.getInstance(contentDigestAlgorithm.name()).digest(new ContentInfo(ContentInfo.DATA_OID, new DerValue((byte) 4, bArr)).getContentBytes()))});
        byte[] signature = signerConfig.getSignature(pKCS9Attributes.getDerEncoding(), first, signatureAlgAndParams.getSecond());
        if (signature == null) {
            throw new SignatureException("Generate signature bytes error");
        }
        if (signerConfig.certificates.isEmpty()) {
            throw new SignatureException("No certificates configured for signer");
        }
        if (verifySignatureFromServer(signerConfig, signature, signatureAlgorithm.getSignatureAlgAndParams(), pKCS9Attributes)) {
            return createSignerInfo(signerConfig, signatureAlgorithm, pKCS9Attributes, signature);
        }
        throw new SignatureException("Signature did not verify");
    }

    private static byte[] generateHapSigningBlock(SignerConfig signerConfig, Map<ContentDigestAlgorithm, byte[]> map, List<SigningBlock> list) throws SignatureException {
        return generateHapSigningBlock(generateHapSignatureSchemeV2Block(signerConfig, map), list);
    }

    private static byte[] generateHapSigningBlock(byte[] bArr, List<SigningBlock> list) {
        long j = 0;
        while (list.iterator().hasNext()) {
            j += r0.next().getLength();
        }
        long size = (12 * (list.size() + 1)) + j + bArr.length + 4 + 8 + 16 + 4;
        if (size > 2147483647L) {
            throw new IllegalArgumentException("HapSigningBlock out of range : " + size);
        }
        ByteBuffer allocate = ByteBuffer.allocate((int) size);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        HashMap hashMap = new HashMap();
        int size2 = 12 * (list.size() + 1);
        int i = 0;
        byte[] bArr2 = new byte[(int) (j + bArr.length)];
        for (SigningBlock signingBlock : list) {
            System.arraycopy(signingBlock.getValue(), 0, bArr2, i, signingBlock.getLength());
            hashMap.put(Integer.valueOf(signingBlock.getType()), Integer.valueOf(size2));
            size2 += signingBlock.getLength();
            i += signingBlock.getLength();
        }
        System.arraycopy(bArr, 0, bArr2, i, bArr.length);
        hashMap.put(536870912, Integer.valueOf(size2));
        for (SigningBlock signingBlock2 : list) {
            allocate.putInt(signingBlock2.getType());
            allocate.putInt(signingBlock2.getLength());
            allocate.putInt(((Integer) hashMap.get(Integer.valueOf(signingBlock2.getType()))).intValue());
        }
        allocate.putInt(536870912);
        allocate.putInt(bArr.length);
        allocate.putInt(((Integer) hashMap.get(536870912)).intValue());
        allocate.put(bArr2);
        allocate.putInt(list.size() + 1);
        allocate.putLong(size);
        allocate.put(HapUtils.HAP_SIGNING_BLOCK_MAGIC);
        allocate.putInt(2);
        return allocate.array();
    }

    private static byte[] generateHapSignatureSchemeV2Block(SignerConfig signerConfig, Map<ContentDigestAlgorithm, byte[]> map) throws SignatureException {
        try {
            return generateSignerBlock(signerConfig, map);
        } catch (SignatureException e) {
            throw new SignatureException("generate SignerBlock failed", e);
        }
    }

    private static byte[] generateSignerBlock(SignerConfig signerConfig, Map<ContentDigestAlgorithm, byte[]> map) throws SignatureException {
        if (!(signerConfig instanceof RemoteSignerConfig) && !(signerConfig instanceof RemoteReSignerConfig) && signerConfig.certificates.isEmpty()) {
            throw new SignatureException("No certificates configured for signer");
        }
        ArrayList arrayList = new ArrayList(signerConfig.signatureAlgorithms.size());
        for (SignatureAlgorithm signatureAlgorithm : signerConfig.signatureAlgorithms) {
            ContentDigestAlgorithm contentDigestAlgorithm = signatureAlgorithm.getContentDigestAlgorithm();
            byte[] bArr = map.get(contentDigestAlgorithm);
            if (bArr == null) {
                throw new SignatureException(contentDigestAlgorithm.getDigestAlgorithm() + " content digest for " + signatureAlgorithm.getSignatureAlgAndParams().getFirst() + " not computed");
            }
            arrayList.add(Pair.create(Integer.valueOf(signatureAlgorithm.getId()), bArr));
        }
        byte[] encodeListOfPairsToByteArray = HapUtils.encodeListOfPairsToByteArray(arrayList);
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        Iterator<SignatureAlgorithm> it = signerConfig.signatureAlgorithms.iterator();
        while (it.hasNext()) {
            try {
                SignerInfo signerInfo = getSignerInfo(it.next(), encodeListOfPairsToByteArray, signerConfig);
                if (signerInfo != null) {
                    arrayList3.add(signerInfo.getDigestAlgorithmId());
                    arrayList2.add(signerInfo);
                }
            } catch (IOException | NoSuchAlgorithmException e) {
                throw new SignatureException("getSignerInfo failed", e);
            }
        }
        return packagePKCS7(signerConfig, arrayList2, arrayList3, encodeListOfPairsToByteArray);
    }

    private static SignerInfo createSignerInfo(SignerConfig signerConfig, SignatureAlgorithm signatureAlgorithm, PKCS9Attributes pKCS9Attributes, byte[] bArr) throws SignatureException {
        String digestAlgorithm = signatureAlgorithm.getContentDigestAlgorithm().getDigestAlgorithm();
        try {
            return HapUtils.tanslateSignerInfo(new SignerInfo(new X500Name(signerConfig.certificates.get(0).getIssuerX500Principal().getName()), signerConfig.certificates.get(0).getSerialNumber(), AlgorithmId.get(digestAlgorithm), pKCS9Attributes, signatureAlgorithm.getAlgorithmId(), bArr, (PKCS9Attributes) null));
        } catch (IOException | NoSuchAlgorithmException | InvalidParameterSpecException e) {
            throw new SignatureException("Generate signer info error", e);
        }
    }

    private static byte[] packagePKCS7(SignerConfig signerConfig, List<SignerInfo> list, List<AlgorithmId> list2, byte[] bArr) throws SignatureException {
        X509Certificate[] x509CertificateArr = null;
        if (checkListNotNullOrEmty(signerConfig.certificates)) {
            x509CertificateArr = new X509Certificate[signerConfig.certificates.size()];
            signerConfig.certificates.toArray(x509CertificateArr);
        }
        X509CRL[] x509crlArr = null;
        if (checkListNotNullOrEmty(signerConfig.x509CRLs)) {
            x509crlArr = new X509CRL[signerConfig.x509CRLs.size()];
            signerConfig.x509CRLs.toArray(x509crlArr);
        }
        SignerInfo[] signerInfoArr = null;
        if (checkListNotNullOrEmty(list)) {
            signerInfoArr = new SignerInfo[list.size()];
            list.toArray(signerInfoArr);
        }
        AlgorithmId[] algorithmIdArr = null;
        if (checkListNotNullOrEmty(list2)) {
            algorithmIdArr = new AlgorithmId[list2.size()];
            list2.toArray(algorithmIdArr);
        }
        try {
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                Throwable th = null;
                try {
                    PKCS7Ext pKCS7Ext = new PKCS7Ext(algorithmIdArr, new ContentInfo(ContentInfo.DATA_OID, new DerValue((byte) 4, bArr)), x509CertificateArr, x509crlArr, signerInfoArr);
                    if (pKCS7Ext.verify(bArr) == null) {
                        LOGGER.error("Not verified");
                        throw new SignatureException("Signature did not verify");
                    }
                    LOGGER.info("PKCS7 cms result verify success!");
                    pKCS7Ext.encodeSignedData(byteArrayOutputStream);
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    if (byteArrayOutputStream != null) {
                        if (0 != 0) {
                            try {
                                byteArrayOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            byteArrayOutputStream.close();
                        }
                    }
                    return byteArray;
                } catch (Throwable th3) {
                    if (byteArrayOutputStream != null) {
                        if (0 != 0) {
                            try {
                                byteArrayOutputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            byteArrayOutputStream.close();
                        }
                    }
                    throw th3;
                }
            } catch (IOException e) {
                throw new SignatureException("encode PKCS cms data failed!", e);
            }
        } catch (NoSuchAlgorithmException | java.security.SignatureException e2) {
            throw new SignatureException("Signature did not verify", e2);
        }
    }

    private static boolean checkListNotNullOrEmty(List<?> list) {
        return list != null && list.size() > 0;
    }

    private static boolean verifySignatureFromServer(SignerConfig signerConfig, byte[] bArr, Pair<String, AlgorithmParameterSpec> pair, PKCS9Attributes pKCS9Attributes) throws SignatureException {
        try {
            PublicKey publicKey = signerConfig.certificates.get(0).getPublicKey();
            Signature signature = Signature.getInstance(pair.getFirst());
            signature.initVerify(publicKey);
            if (pair.getSecond() != null) {
                signature.setParameter(pair.getSecond());
            }
            signature.update(pKCS9Attributes.getDerEncoding());
            if (bArr == null) {
                LOGGER.error("signatureBytes is null");
                throw new SignatureException("Signature did not verify");
            }
            if (signature.verify(bArr)) {
                return true;
            }
            throw new SignatureException("Signature did not verify");
        } catch (IOException e) {
            LOGGER.error("PKCS9 Attributes encode failed.", (Throwable) e);
            return false;
        } catch (InvalidAlgorithmParameterException e2) {
            LOGGER.error("Failed to verify generated " + pair.getSecond() + " signature using public key from certificate", (Throwable) e2);
            return false;
        } catch (InvalidKeyException | java.security.SignatureException e3) {
            LOGGER.error("Failed to verify generated signature using public key from certificate", e3);
            return false;
        } catch (NoSuchAlgorithmException e4) {
            LOGGER.error("Failed to verify generated " + pair.getFirst() + " signature using public key from certificate", (Throwable) e4);
            return false;
        }
    }
}
