package com.adobe.ucf;

import com.adobe.pki.Base64;
import com.adobe.pki.PKIContext;
import com.adobe.pki.TimestampException;
import com.adobe.pki.TimestampRequest;
import com.adobe.pki.TimestampResponse;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLConnection;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.Date;
import java.util.Vector;

/* loaded from: input_file:com/adobe/ucf/UCFSigner.class */
public class UCFSigner extends CodeSigner {
    private PrivateKey m_key;
    private Certificate[] m_chainBuildingCerts;
    private Certificate m_eeCert;
    private byte[] signatureValue;
    private byte[] m_manifestDigestValue;
    private String m_timestampURL;
    private byte[] m_timestamp;
    static final /* synthetic */ boolean $assertionsDisabled;
    private Vector<byte[]> m_certchain = new Vector<>();
    private Vector<byte[]> m_crls = new Vector<>();
    private Vector<byte[]> m_crlValidationCerts = new Vector<>();
    private long m_gracePeriodMilliseconds = 0;

    public UCFSigner() {
        try {
            this.m_sharedDigest = MessageDigest.getInstance("SHA-256");
        } catch (NoSuchAlgorithmException e) {
            if (!$assertionsDisabled) {
                throw new AssertionError();
            }
        }
        this.m_fileInfoFormat = new MessageFormat(readStringFromResource("fileReference.template"));
    }

    @Override // com.adobe.ucf.CodeSigner
    public void setPrivateKey(PrivateKey privateKey) {
        if (privateKey.getAlgorithm() != "RSA") {
            throw new IllegalArgumentException("not an RSA key");
        }
        this.m_key = privateKey;
    }

    @Override // com.adobe.ucf.CodeSigner
    public void setCertificateChain(Certificate[] certificateArr) throws CertificateException {
        for (int i = 0; i < certificateArr.length; i++) {
            if (!(certificateArr[i] instanceof X509Certificate)) {
                throw new CertificateException("not an X509 certificate");
            }
            checkValidityWithGrace((X509Certificate) certificateArr[i]);
        }
        this.m_chainBuildingCerts = certificateArr;
    }

    @Override // com.adobe.ucf.CodeSigner
    public void setSignerCertificate(Certificate certificate) throws CertificateException {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertificateException("not an X509 certificate");
        }
        checkValidityWithGrace((X509Certificate) certificate);
        this.m_eeCert = certificate;
    }

    private void checkValidityWithGrace(X509Certificate x509Certificate) throws CertificateException {
        try {
            x509Certificate.checkValidity();
        } catch (CertificateExpiredException e) {
            if (this.m_gracePeriodMilliseconds <= 0 || new Date().getTime() - x509Certificate.getNotAfter().getTime() > this.m_gracePeriodMilliseconds) {
                throw e;
            }
        }
    }

    public void setGracePeriodDays(int i) {
        this.m_gracePeriodMilliseconds = i * 24 * 3600 * 1000;
    }

    @Override // com.adobe.ucf.CodeSigner
    public void setTimestampURL(String str) {
        this.m_timestampURL = str;
    }

    @Override // com.adobe.ucf.CodeSigner
    public byte[] sign() throws InvalidKeyException, NoSuchAlgorithmException {
        if (this.m_key == null) {
            throw new IllegalStateException("private key must be set before calling sign()");
        }
        byte[] signedInfo = getSignedInfo();
        Signature signature = null;
        try {
            signature = Signature.getInstance("SHA1withRSA");
        } catch (NoSuchAlgorithmException e) {
            if (!$assertionsDisabled) {
                throw new AssertionError();
            }
        }
        signature.initSign(this.m_key);
        try {
            signature.update(signedInfo);
            this.signatureValue = signature.sign();
        } catch (SignatureException e2) {
            if (!$assertionsDisabled) {
                throw new AssertionError();
            }
        }
        return this.signatureValue;
    }

    @Override // com.adobe.ucf.CodeSigner
    public String getSignatureXML() throws GeneralSecurityException, IOException {
        if (this.signatureValue == null) {
            throw new IllegalStateException("sign() must be called before calling getSignatureXML().");
        }
        String xMLKeyInfo = getXMLKeyInfo();
        String createTimestampXML = this.m_timestampURL != null ? createTimestampXML(this.m_timestampURL) : "";
        if (xMLKeyInfo == null) {
            throw new RuntimeException("encountered internal error when constructing KeyInfo element");
        }
        return new MessageFormat(readStringFromResource("PackageSignature.template")).format(new Object[]{Base64.encodeBytes(this.m_manifestDigestValue), Base64.encodeBytes(this.signatureValue), xMLKeyInfo, this.m_packageManifest, createTimestampXML});
    }

    private byte[] getSignedInfo() {
        MessageFormat messageFormat = new MessageFormat(readStringFromResource("SignedInfo.template"));
        try {
            this.m_manifestDigestValue = this.m_sharedDigest.digest(getManifestString().getBytes("UTF-8"));
            return messageFormat.format(new Object[]{Base64.encodeBytes(this.m_manifestDigestValue)}).getBytes();
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("UTF-8 encoding not supported");
        }
    }

    private String getKeyInfoCerts() throws CertificateEncodingException {
        StringBuffer stringBuffer = new StringBuffer();
        if (this.m_chainBuildingCerts != null && this.m_chainBuildingCerts.length > 0) {
            MessageFormat messageFormat = new MessageFormat(readStringFromResource("certificate.template"));
            for (int i = 0; i < this.m_chainBuildingCerts.length; i++) {
                stringBuffer.append(messageFormat.format(new Object[]{Base64.encodeBytes(this.m_chainBuildingCerts[i].getEncoded())}));
            }
        }
        return stringBuffer.toString();
    }

    public String getXMLKeyInfo() throws GeneralSecurityException {
        BuildAndVerifyCertChain();
        StringBuffer stringBuffer = new StringBuffer();
        if (this.m_certchain.size() > 0) {
            MessageFormat messageFormat = new MessageFormat(readStringFromResource("certificate.template"));
            for (int i = 0; i < this.m_certchain.size(); i++) {
                stringBuffer.append(messageFormat.format(new Object[]{Base64.encodeBytes(this.m_certchain.get(i))}));
            }
        }
        if (this.m_crls.size() > 0 && this.m_crlValidationCerts.size() > 0) {
            MessageFormat messageFormat2 = new MessageFormat(readStringFromResource("certificate.template"));
            for (int i2 = 0; i2 < this.m_crlValidationCerts.size(); i2++) {
                stringBuffer.append(messageFormat2.format(new Object[]{Base64.encodeBytes(this.m_crlValidationCerts.get(i2))}));
            }
        }
        if (this.m_crls.size() > 0) {
            MessageFormat messageFormat3 = new MessageFormat(readStringFromResource("crl.template"));
            for (int i3 = 0; i3 < this.m_crls.size(); i3++) {
                stringBuffer.append(messageFormat3.format(new Object[]{Base64.encodeBytes(this.m_crls.get(i3))}));
            }
        }
        return stringBuffer.toString();
    }

    private void BuildAndVerifyCertChain() throws GeneralSecurityException {
        PKIContext pKIContext = new PKIContext();
        pKIContext.Init();
        Vector vector = new Vector();
        Vector vector2 = new Vector();
        if (this.m_chainBuildingCerts != null) {
            for (int i = 0; i < this.m_chainBuildingCerts.length; i++) {
                byte[] encoded = this.m_chainBuildingCerts[i].getEncoded();
                vector.add(encoded);
                X509Certificate x509Certificate = (X509Certificate) this.m_chainBuildingCerts[i];
                if (x509Certificate.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal())) {
                    vector2.add(encoded);
                }
            }
        }
        boolean VerifyCertPath = pKIContext.VerifyCertPath(this.m_eeCert.getEncoded(), vector2, vector, this.m_certchain, this.m_crls, this.m_crlValidationCerts, this.m_gracePeriodMilliseconds > 0);
        boolean z = false;
        if (VerifyCertPath && this.m_crls.size() > 0) {
            z = !pKIContext.VerifyPathRevocation(this.m_certchain, vector2, vector, this.m_crls);
        }
        if (!VerifyCertPath) {
            throw new GeneralSecurityException("Unable to build a valid certificate chain for the signer.");
        }
        if (z) {
            throw new GeneralSecurityException("The signer's certificate chain contains a revoked certificate");
        }
    }

    private String getManifestString() {
        return new MessageFormat(readStringFromResource("packageManifest.template")).format(new Object[]{this.m_packageManifest});
    }

    private String createTimestampXML(String str) throws TimestampException {
        if (this.signatureValue == null) {
            throw new IllegalStateException("sign() must be called before calling createTimestampXML().");
        }
        this.m_timestamp = computeSignatureTimestamp(str);
        return new MessageFormat(readStringFromResource("timestamp.template")).format(new Object[]{"#PackageSignatureValue", Base64.encodeBytes(this.m_timestamp)});
    }

    private byte[] computeSignatureTimestamp(String str) throws TimestampException {
        try {
            return getTimeStampFromURL(("<SignatureValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\" Id=\"PackageSignatureValue\">" + Base64.encodeBytes(this.signatureValue) + "</SignatureValue>").getBytes("UTF-8"), str);
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("UTF-8 encoding not supported");
        }
    }

    public byte[] getTimeStampFromURL(byte[] bArr, String str) throws TimestampException {
        TimestampRequest timestampRequest = new TimestampRequest(bArr);
        try {
            URLConnection openConnection = new URL(str).openConnection();
            openConnection.setRequestProperty("Content-Type", "application/timestamp-query");
            openConnection.setDoInput(true);
            openConnection.setDoOutput(true);
            OutputStream outputStream = openConnection.getOutputStream();
            outputStream.write(timestampRequest.getEncoded());
            outputStream.flush();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr2 = new byte[512];
            while (true) {
                int read = openConnection.getInputStream().read(bArr2);
                if (read <= 0) {
                    break;
                }
                byteArrayOutputStream.write(bArr2, 0, read);
            }
            TimestampResponse timestampResponse = new TimestampResponse(byteArrayOutputStream.toByteArray());
            if (timestampResponse.isValid()) {
                return timestampResponse.getTimestampTokenBytes();
            }
            throw new TimestampException("Timestamp response not valid");
        } catch (IOException e) {
            throw new TimestampException("Could not generate timestamp: " + e.getLocalizedMessage());
        }
    }

    static {
        $assertionsDisabled = !UCFSigner.class.desiredAssertionStatus();
    }
}
