package net.jsign.appx;

import android.R;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.channels.SeekableByteChannel;
import java.nio.charset.StandardCharsets;
import java.security.DigestOutputStream;
import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import net.jsign.ChannelUtils;
import net.jsign.DigestAlgorithm;
import net.jsign.Signable;
import net.jsign.SignatureUtils;
import net.jsign.asn1.authenticode.AuthenticodeObjectIdentifiers;
import net.jsign.asn1.authenticode.SpcAttributeTypeAndOptionalValue;
import net.jsign.asn1.authenticode.SpcIndirectDataContent;
import net.jsign.asn1.authenticode.SpcSipInfo;
import net.jsign.asn1.authenticode.SpcUuid;
import net.jsign.zip.CentralDirectory;
import net.jsign.zip.ZipFile;
import org.apache.commons.io.output.NullOutputStream;
import org.apache.commons.text.StringEscapeUtils;
import org.apache.poi.util.IOUtils;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.DigestInfo;
import org.bouncycastle.cms.CMSSignedData;

/* loaded from: input_file:net/jsign/appx/APPXFile.class */
public class APPXFile extends ZipFile implements Signable {
    private static final String SIGNATURE_ENTRY = "AppxSignature.p7x";

    public APPXFile(File file) throws IOException {
        super(file);
        verifyPackage();
    }

    public APPXFile(SeekableByteChannel seekableByteChannel) throws IOException {
        super(seekableByteChannel);
        verifyPackage();
    }

    private void verifyPackage() throws IOException {
        if (this.centralDirectory.entries.get("[Content_Types].xml") == null) {
            throw new IOException("Invalid APPX/MSIX package, [Content_Types].xml is missing");
        }
    }

    @Override // net.jsign.Signable
    public byte[] computeDigest(DigestAlgorithm digestAlgorithm) throws IOException {
        addContentType("/AppxSignature.p7x", "application/vnd.ms-appx.signature");
        long j = this.centralDirectory.centralDirectoryOffset;
        if (this.centralDirectory.entries.containsKey(SIGNATURE_ENTRY)) {
            j = this.centralDirectory.entries.get(SIGNATURE_ENTRY).getLocalHeaderOffset();
        }
        MessageDigest messageDigest = digestAlgorithm.getMessageDigest();
        ChannelUtils.updateDigest(this.channel, messageDigest, 0L, j);
        MessageDigest messageDigest2 = digestAlgorithm.getMessageDigest();
        messageDigest2.update(getUnsignedCentralDirectory());
        MessageDigest messageDigest3 = digestAlgorithm.getMessageDigest();
        IOUtils.copy(getInputStream("[Content_Types].xml"), new DigestOutputStream(NullOutputStream.INSTANCE, messageDigest3));
        MessageDigest messageDigest4 = digestAlgorithm.getMessageDigest();
        IOUtils.copy(getInputStream("AppxBlockMap.xml"), new DigestOutputStream(NullOutputStream.INSTANCE, messageDigest4));
        MessageDigest messageDigest5 = null;
        if (this.centralDirectory.entries.containsKey("AppxMetadata/CodeIntegrity.cat")) {
            messageDigest5 = digestAlgorithm.getMessageDigest();
            IOUtils.copy(getInputStream("AppxMetadata/CodeIntegrity.cat"), new DigestOutputStream(NullOutputStream.INSTANCE, messageDigest5));
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write("APPX".getBytes());
        byteArrayOutputStream.write("AXPC".getBytes());
        byteArrayOutputStream.write(messageDigest.digest());
        byteArrayOutputStream.write("AXCD".getBytes());
        byteArrayOutputStream.write(messageDigest2.digest());
        byteArrayOutputStream.write("AXCT".getBytes());
        byteArrayOutputStream.write(messageDigest3.digest());
        byteArrayOutputStream.write("AXBM".getBytes());
        byteArrayOutputStream.write(messageDigest4.digest());
        if (messageDigest5 != null) {
            byteArrayOutputStream.write("AXCI".getBytes());
            byteArrayOutputStream.write(messageDigest5.digest());
        }
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] getUnsignedCentralDirectory() throws IOException {
        CentralDirectory centralDirectory = new CentralDirectory();
        centralDirectory.read(this.channel);
        centralDirectory.removeEntry(SIGNATURE_ENTRY);
        return centralDirectory.toBytes();
    }

    @Override // net.jsign.Signable
    public ASN1Object createIndirectData(DigestAlgorithm digestAlgorithm) throws IOException {
        return new SpcIndirectDataContent(new SpcAttributeTypeAndOptionalValue(AuthenticodeObjectIdentifiers.SPC_SIPINFO_OBJID, new SpcSipInfo(R.attr.theme, new SpcUuid(isBundle() ? "B3585F0F-DEAA-9A4B-A434-95742D92ECEB" : "4BDFC50A-07CE-E24D-B76E-23C839A09FD1"))), new DigestInfo(new AlgorithmIdentifier(digestAlgorithm.oid, DERNull.INSTANCE), computeDigest(digestAlgorithm)));
    }

    private String normalize(String str) {
        if (str != null) {
            str = str.replaceAll(",\\s*S\\s*=", ",ST=");
        }
        return str;
    }

    @Override // net.jsign.Signable
    public void validate(Certificate certificate) throws IOException, IllegalArgumentException {
        X500Name x500Name = X500Name.getInstance(((X509Certificate) certificate).getSubjectX500Principal().getEncoded());
        String publisher = getPublisher();
        if (publisher == null || !x500Name.equals(new X500Name(normalize(publisher)))) {
            throw new IllegalArgumentException("The app manifest publisher name (" + publisher + ") must match the subject name of the signing certificate (" + x500Name + ")");
        }
    }

    boolean isBundle() {
        return this.centralDirectory.entries.containsKey("AppxMetadata/AppxBundleManifest.xml");
    }

    String getPublisher() throws IOException {
        Matcher matcher = Pattern.compile("Publisher\\s*=\\s*\"([^\"]+)", 2).matcher(new String(IOUtils.toByteArray(getInputStream(isBundle() ? "AppxMetadata/AppxBundleManifest.xml" : "AppxManifest.xml", 10485760)), StandardCharsets.UTF_8));
        if (matcher.find()) {
            return StringEscapeUtils.unescapeXml(matcher.group(1));
        }
        return null;
    }

    @Override // net.jsign.Signable
    public List<CMSSignedData> getSignatures() throws IOException {
        if (!this.centralDirectory.entries.containsKey(SIGNATURE_ENTRY)) {
            return Collections.emptyList();
        }
        InputStream inputStream = getInputStream(SIGNATURE_ENTRY, 1048576);
        inputStream.skip(4L);
        return SignatureUtils.getSignatures(IOUtils.toByteArray(inputStream));
    }

    @Override // net.jsign.Signable
    public void setSignature(CMSSignedData cMSSignedData) throws IOException {
        if (this.centralDirectory.entries.containsKey(SIGNATURE_ENTRY)) {
            removeEntry(SIGNATURE_ENTRY);
        }
        if (cMSSignedData != null) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write("PKCX".getBytes());
            cMSSignedData.toASN1Structure().encodeTo(byteArrayOutputStream, "DER");
            addEntry(SIGNATURE_ENTRY, byteArrayOutputStream.toByteArray(), false);
        }
    }

    void addContentType(String str, String str2) throws IOException {
        String str3 = new String(IOUtils.toByteArray(getInputStream("[Content_Types].xml", 10485760)), StandardCharsets.UTF_8);
        if (str3.contains("<Override PartName=\"" + str + "\" ContentType=\"" + str2 + "\"/>")) {
            return;
        }
        String replace = str3.replace("</Types>", "<Override PartName=\"" + str + "\" ContentType=\"" + str2 + "\"/></Types>");
        removeEntry("[Content_Types].xml");
        addEntry("[Content_Types].xml", replace.getBytes(), true);
    }

    @Override // net.jsign.Signable
    public void save() throws IOException {
    }
}
