package com.android.tools.build.apkzlib.sign;

import com.android.apksig.ApkSignerEngine;
import com.android.apksig.ApkVerifier;
import com.android.apksig.DefaultApkSignerEngine;
import com.android.apksig.apk.ApkFormatException;
import com.android.apksig.util.DataSink;
import com.android.apksig.util.DataSources;
import com.android.tools.build.apkzlib.sign.SigningOptions;
import com.android.tools.build.apkzlib.utils.IOExceptionRunnable;
import com.android.tools.build.apkzlib.zip.AlignmentRule;
import com.android.tools.build.apkzlib.zip.StoredEntry;
import com.android.tools.build.apkzlib.zip.ZFile;
import com.android.tools.build.apkzlib.zip.ZFileExtension;
import com.google.common.base.Preconditions;
import com.google.common.base.Supplier;
import com.google.common.base.Suppliers;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.Nullable;

/* loaded from: input_file:com/android/tools/build/apkzlib/sign/SigningExtension.class */
public class SigningExtension {
    private static final int MAX_READ_CHUNK_SIZE = 65536;
    private final ApkSignerEngine signer;

    @Nullable
    private byte[] cachedApkSigningBlock;
    private boolean dirty;

    @Nullable
    private ZFileExtension extension;

    @Nullable
    private ZFile zFile;
    private final SigningOptions options;
    private final Set<String> signerProcessedOutputEntryNames = new HashSet();
    private final Supplier<byte[]> digestBuffer = Suppliers.memoize(() -> {
        return new byte[MAX_READ_CHUNK_SIZE];
    });

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.android.tools.build.apkzlib.sign.SigningExtension$2, reason: invalid class name */
    /* loaded from: input_file:com/android/tools/build/apkzlib/sign/SigningExtension$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$com$android$tools$build$apkzlib$sign$SigningOptions$Validation = new int[SigningOptions.Validation.values().length];

        static {
            try {
                $SwitchMap$com$android$tools$build$apkzlib$sign$SigningOptions$Validation[SigningOptions.Validation.ALWAYS_VALIDATE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$android$tools$build$apkzlib$sign$SigningOptions$Validation[SigningOptions.Validation.ASSUME_VALID.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$android$tools$build$apkzlib$sign$SigningOptions$Validation[SigningOptions.Validation.ASSUME_INVALID.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public SigningExtension(SigningOptions signingOptions) throws InvalidKeyException {
        this.signer = new DefaultApkSignerEngine.Builder(ImmutableList.of(new DefaultApkSignerEngine.SignerConfig.Builder("CERT", signingOptions.getKey(), signingOptions.getCertificates()).build()), signingOptions.getMinSdkVersion()).setOtherSignersSignaturesPreserved(false).setV1SigningEnabled(signingOptions.isV1SigningEnabled()).setV2SigningEnabled(signingOptions.isV2SigningEnabled()).setV3SigningEnabled(false).setCreatedBy("1.0 (Android)").build();
        if (signingOptions.getExecutor() != null) {
            this.signer.setExecutor(signingOptions.getExecutor());
        }
        this.options = signingOptions;
    }

    public void register(ZFile zFile) throws NoSuchAlgorithmException, IOException {
        Preconditions.checkState(this.extension == null, "register() already invoked");
        this.zFile = zFile;
        switch (AnonymousClass2.$SwitchMap$com$android$tools$build$apkzlib$sign$SigningOptions$Validation[this.options.getValidation().ordinal()]) {
            case AlignmentRule.NO_ALIGNMENT /* 1 */:
                this.dirty = !isCurrentSignatureAsRequested();
                break;
            case 2:
                if (this.options.isV1SigningEnabled()) {
                    ImmutableSet copyOf = ImmutableSet.copyOf(Iterables.transform(zFile.entries(), storedEntry -> {
                        return storedEntry.getCentralDirectoryHeader().getName();
                    }));
                    StoredEntry storedEntry2 = zFile.get("META-INF/MANIFEST.MF");
                    Preconditions.checkNotNull(storedEntry2, "No manifest found in apk for incremental build with enabled v1 signature");
                    this.signerProcessedOutputEntryNames.addAll(this.signer.initWith(storedEntry2.read(), copyOf));
                }
                this.dirty = false;
                break;
            case 3:
                this.dirty = true;
                break;
        }
        this.extension = new ZFileExtension() { // from class: com.android.tools.build.apkzlib.sign.SigningExtension.1
            @Override // com.android.tools.build.apkzlib.zip.ZFileExtension
            public IOExceptionRunnable added(StoredEntry storedEntry3, @Nullable StoredEntry storedEntry4) {
                return () -> {
                    SigningExtension.this.onZipEntryOutput(storedEntry3);
                };
            }

            @Override // com.android.tools.build.apkzlib.zip.ZFileExtension
            public IOExceptionRunnable removed(StoredEntry storedEntry3) {
                String name = storedEntry3.getCentralDirectoryHeader().getName();
                return () -> {
                    SigningExtension.this.onZipEntryRemovedFromOutput(name);
                };
            }

            @Override // com.android.tools.build.apkzlib.zip.ZFileExtension
            public IOExceptionRunnable beforeUpdate() throws IOException {
                return () -> {
                    SigningExtension.this.onOutputZipReadyForUpdate();
                };
            }

            @Override // com.android.tools.build.apkzlib.zip.ZFileExtension
            public void entriesWritten() throws IOException {
                SigningExtension.this.onOutputZipEntriesWritten();
            }

            @Override // com.android.tools.build.apkzlib.zip.ZFileExtension
            public void closed() {
                SigningExtension.this.onOutputClosed();
            }
        };
        this.zFile.addZFileExtension(this.extension);
    }

    private boolean isCurrentSignatureAsRequested() throws IOException, NoSuchAlgorithmException {
        try {
            ApkVerifier.Result verify = new ApkVerifier.Builder(this.zFile.asDataSource()).setMinCheckedPlatformVersion(this.options.getMinSdkVersion()).build().verify();
            if (!verify.isVerified() || verify.isVerifiedUsingV1Scheme() != this.options.isV1SigningEnabled() || verify.isVerifiedUsingV2Scheme() != this.options.isV2SigningEnabled()) {
                return false;
            }
            List signerCertificates = verify.getSignerCertificates();
            if (signerCertificates.size() != 1) {
                return false;
            }
            try {
                return Arrays.equals(((X509Certificate) this.options.getCertificates().get(0)).getEncoded(), ((X509Certificate) signerCertificates.get(0)).getEncoded());
            } catch (CertificateEncodingException e) {
                return false;
            }
        } catch (ApkFormatException e2) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onZipEntryOutput(StoredEntry storedEntry) throws IOException {
        setDirty();
        String name = storedEntry.getCentralDirectoryHeader().getName();
        if (storedEntry.isDeleted()) {
            return;
        }
        ApkSignerEngine.InspectJarEntryRequest outputJarEntry = this.signer.outputJarEntry(name);
        this.signerProcessedOutputEntryNames.add(name);
        if (outputJarEntry != null) {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(storedEntry.open());
            Throwable th = null;
            try {
                try {
                    copyStreamToDataSink(bufferedInputStream, outputJarEntry.getDataSink());
                    if (bufferedInputStream != null) {
                        if (0 != 0) {
                            try {
                                bufferedInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            bufferedInputStream.close();
                        }
                    }
                    outputJarEntry.done();
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (bufferedInputStream != null) {
                    if (th != null) {
                        try {
                            bufferedInputStream.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        bufferedInputStream.close();
                    }
                }
                throw th4;
            }
        }
    }

    private void copyStreamToDataSink(InputStream inputStream, DataSink dataSink) throws IOException {
        byte[] bArr = (byte[]) this.digestBuffer.get();
        while (true) {
            int read = inputStream.read(bArr);
            if (read <= 0) {
                return;
            } else {
                dataSink.consume(bArr, 0, read);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onZipEntryRemovedFromOutput(String str) {
        setDirty();
        this.signer.outputJarEntryRemoved(str);
        this.signerProcessedOutputEntryNames.remove(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onOutputZipReadyForUpdate() throws IOException {
        if (this.dirty) {
            HashSet hashSet = new HashSet(this.signerProcessedOutputEntryNames);
            for (StoredEntry storedEntry : this.zFile.entries()) {
                String name = storedEntry.getCentralDirectoryHeader().getName();
                hashSet.remove(name);
                if (!this.signerProcessedOutputEntryNames.contains(name)) {
                    onZipEntryOutput(storedEntry);
                }
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                onZipEntryRemovedFromOutput((String) it.next());
            }
            try {
                ApkSignerEngine.OutputJarSignatureRequest outputJarEntries = this.signer.outputJarEntries();
                if (outputJarEntries == null) {
                    return;
                }
                ArrayList<ApkSignerEngine.OutputJarSignatureRequest.JarEntry> arrayList = new ArrayList(outputJarEntries.getAdditionalJarEntries());
                int i = 0;
                while (true) {
                    if (i >= arrayList.size()) {
                        break;
                    }
                    ApkSignerEngine.OutputJarSignatureRequest.JarEntry jarEntry = (ApkSignerEngine.OutputJarSignatureRequest.JarEntry) arrayList.get(i);
                    if (!"META-INF/MANIFEST.MF".equals(jarEntry.getName())) {
                        i++;
                    } else if (i != 0) {
                        arrayList.remove(i);
                        arrayList.add(0, jarEntry);
                    }
                }
                for (ApkSignerEngine.OutputJarSignatureRequest.JarEntry jarEntry2 : arrayList) {
                    this.zFile.add(jarEntry2.getName(), new ByteArrayInputStream(jarEntry2.getData()));
                }
                outputJarEntries.done();
            } catch (Exception e) {
                throw new IOException("Failed to generate v1 signature", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onOutputZipEntriesWritten() throws IOException {
        ApkSignerEngine.OutputApkSigningBlockRequest outputZipSections;
        byte[] apkSigningBlock;
        if (this.dirty) {
            byte[] centralDirectoryBytes = this.zFile.getCentralDirectoryBytes();
            byte[] eocdBytes = this.zFile.getEocdBytes();
            if (this.cachedApkSigningBlock != null) {
                apkSigningBlock = this.cachedApkSigningBlock;
                outputZipSections = null;
            } else {
                try {
                    outputZipSections = this.signer.outputZipSections(this.zFile.asDataSource(0L, this.zFile.getCentralDirectoryOffset() - this.zFile.getExtraDirectoryOffset()), DataSources.asDataSource(ByteBuffer.wrap(centralDirectoryBytes)), DataSources.asDataSource(ByteBuffer.wrap(eocdBytes)));
                    apkSigningBlock = outputZipSections != null ? outputZipSections.getApkSigningBlock() : new byte[0];
                    this.cachedApkSigningBlock = apkSigningBlock;
                } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | ApkFormatException e) {
                    throw new IOException("Failed to generate v2 signature", e);
                }
            }
            this.zFile.directWrite(this.zFile.getCentralDirectoryOffset() - this.zFile.getExtraDirectoryOffset(), apkSigningBlock);
            this.zFile.setExtraDirectoryOffset(apkSigningBlock.length);
            if (outputZipSections != null) {
                outputZipSections.done();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onOutputClosed() {
        if (this.dirty) {
            this.signer.outputDone();
            this.dirty = false;
        }
    }

    private void setDirty() {
        this.dirty = true;
        this.cachedApkSigningBlock = null;
    }
}
