package app.revanced.manager.flutter.utils.signing;

import com.android.apksig.ApkSigner;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import java.util.Locale;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TuplesKt;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* compiled from: Signer.kt */
@Metadata(d1 = {"\u00004\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0010\u0019\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0000\u0018\u00002\u00020\u0001B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0003¢\u0006\u0002\u0010\u0005J\u0014\u0010\b\u001a\u000e\u0012\u0004\u0012\u00020\n\u0012\u0004\u0012\u00020\u000b0\tH\u0002J\u0010\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000fH\u0002J\u001e\u0010\u0010\u001a\u00020\r2\u0006\u0010\u0011\u001a\u00020\u000f2\u0006\u0010\u0012\u001a\u00020\u000f2\u0006\u0010\u0013\u001a\u00020\u000fR\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u0014"}, d2 = {"Lapp/revanced/manager/flutter/utils/signing/Signer;", "", "cn", "", "password", "(Ljava/lang/String;Ljava/lang/String;)V", "passwordCharArray", "", "createKey", "Lkotlin/Pair;", "Ljava/security/cert/X509Certificate;", "Ljava/security/PrivateKey;", "newKeystore", "", "out", "Ljava/io/File;", "signApk", "input", "output", "ks", "app_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes.dex */
public final class Signer {
    private final String cn;
    private final char[] passwordCharArray;

    public Signer(String cn, String password) {
        Intrinsics.checkNotNullParameter(cn, "cn");
        Intrinsics.checkNotNullParameter(password, "password");
        this.cn = cn;
        char[] charArray = password.toCharArray();
        Intrinsics.checkNotNullExpressionValue(charArray, "this as java.lang.String).toCharArray()");
        this.passwordCharArray = charArray;
    }

    private final Pair<X509Certificate, PrivateKey> createKey() {
        BigInteger valueOf;
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        do {
            valueOf = BigInteger.valueOf(new SecureRandom().nextLong());
            Intrinsics.checkNotNullExpressionValue(valueOf, "valueOf(...)");
        } while (valueOf.compareTo(BigInteger.ZERO) < 0);
        X500Name x500Name = new X500Name("CN=" + this.cn);
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, valueOf, new Date(System.currentTimeMillis() - 2592000000L), new Date(System.currentTimeMillis() + 948672000000L), Locale.ENGLISH, x500Name, SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded()));
        ContentSigner build = new JcaContentSignerBuilder("SHA256withRSA").build(generateKeyPair.getPrivate());
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        return TuplesKt.to(new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(build)), generateKeyPair.getPrivate());
    }

    private final void newKeystore(File out) {
        Pair<X509Certificate, PrivateKey> createKey = createKey();
        X509Certificate component1 = createKey.component1();
        PrivateKey component2 = createKey.component2();
        KeyStore keyStore = KeyStore.getInstance("BKS", BouncyCastleProvider.PROVIDER_NAME);
        keyStore.load(null, this.passwordCharArray);
        keyStore.setKeyEntry("alias", component2, this.passwordCharArray, new X509Certificate[]{component1});
        keyStore.store(new FileOutputStream(out), this.passwordCharArray);
    }

    public final void signApk(File input, File output, File ks) {
        Intrinsics.checkNotNullParameter(input, "input");
        Intrinsics.checkNotNullParameter(output, "output");
        Intrinsics.checkNotNullParameter(ks, "ks");
        Security.addProvider(new BouncyCastleProvider());
        if (!ks.exists()) {
            newKeystore(ks);
        }
        KeyStore keyStore = KeyStore.getInstance("BKS", BouncyCastleProvider.PROVIDER_NAME);
        FileInputStream fileInputStream = new FileInputStream(ks);
        try {
            keyStore.load(fileInputStream, null);
            Unit unit = Unit.INSTANCE;
            CloseableKt.closeFinally(fileInputStream, null);
            String nextElement = keyStore.aliases().nextElement();
            String str = this.cn;
            Key key = keyStore.getKey(nextElement, this.passwordCharArray);
            Intrinsics.checkNotNull(key, "null cannot be cast to non-null type java.security.PrivateKey");
            Certificate certificate = keyStore.getCertificate(nextElement);
            Intrinsics.checkNotNull(certificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            ApkSigner.Builder builder = new ApkSigner.Builder((List<ApkSigner.SignerConfig>) CollectionsKt.listOf(new ApkSigner.SignerConfig.Builder(str, (PrivateKey) key, CollectionsKt.listOf((X509Certificate) certificate)).build()));
            builder.setCreatedBy(this.cn);
            builder.setInputApk(input);
            builder.setOutputApk(output);
            builder.build().sign();
        } finally {
        }
    }
}
