package com.adobe.air.ipa;

import com.adobe.ucf.ISigner;
import com.rsa.asn1.ASN1;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.RandomAccessFile;
import java.io.UnsupportedEncodingException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.PKCS9Attribute;
import sun.security.pkcs.PKCS9Attributes;
import sun.security.pkcs.SignerInfo;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.x509.AlgorithmId;
import sun.security.x509.X500Name;

/* loaded from: input_file:com/adobe/air/ipa/MachoSigner.class */
public class MachoSigner implements ISigner {
    private static final String SHA1_WITH_RSA = "SHA1withRSA";
    private static final String SHA1 = "SHA1";
    private static final int PAGE_SIZE = 4096;
    private static final String CHAIN_RESOURCE_PATH = "com/adobe/air/ipa/AppleChain.pem";
    private String applicationIdentifier = null;
    private String applicationIdentifierPrefix = null;
    private PrivateKey signingKey = null;
    private Certificate signingCert = null;
    private List<Certificate> signingChain = new ArrayList();
    private byte[] hashInfoPlist = null;
    private byte[] hashCodeResources = null;
    static final /* synthetic */ boolean $assertionsDisabled;

    public static void main(String[] strArr) {
        if (strArr.length != 3) {
            System.err.println("usage: signipa <macho> <info> <resources>");
            System.err.println("\twhere these are the executable, Info.plist, and _CodeSignature/CodeResources as in an application");
            System.exit(2);
        }
        try {
            File file = new File(strArr[0]);
            File file2 = new File(strArr[1]);
            File file3 = new File(strArr[2]);
            MachoSigner machoSigner = new MachoSigner();
            machoSigner.setApplicationIdentifier("com.adobe.airteam.HelloWorld");
            machoSigner.setApplicationIdentifierPrefix("4S8DP9N7J5");
            machoSigner.setHashInfoPlist(newDigestOfFile(file2));
            machoSigner.setHashCodeResources(newDigestOfFile(file3));
            machoSigner.loadSigningCert("/Users/cahaverl/temp/air/xcode/RoryLydon.p12", "flash10");
            machoSigner.loadCertificateChain();
            machoSigner.sign(file);
        } catch (Exception e) {
            e.printStackTrace(System.err);
            System.exit(3);
        }
        System.err.println("hello, world!");
    }

    public void sign(File file) throws IOException, CertificateNotYetValidException, CertificateExpiredException, GeneralSecurityException {
        RandomAccessFile randomAccessFile = null;
        try {
            randomAccessFile = new RandomAccessFile(file, "rw");
            sign(randomAccessFile);
            if (randomAccessFile != null) {
                randomAccessFile.close();
            }
        } catch (Throwable th) {
            if (randomAccessFile != null) {
                randomAccessFile.close();
            }
            throw th;
        }
    }

    private void sign(RandomAccessFile randomAccessFile) throws IOException, CertificateNotYetValidException, CertificateExpiredException, GeneralSecurityException {
        loadCertificateChain();
        if (this.applicationIdentifier == null) {
            throw new IllegalStateException("Missing application identifier");
        }
        if (this.applicationIdentifierPrefix == null) {
            throw new IllegalStateException("Missing application identifier prefix");
        }
        if (this.hashCodeResources == null) {
            throw new IllegalStateException("Missing hash for CodeResources");
        }
        if (this.hashInfoPlist == null) {
            throw new IllegalStateException("Missing hash for Info.plist");
        }
        if (this.signingCert == null) {
            throw new IllegalStateException("Missing signing certificate");
        }
        if (this.signingKey == null) {
            throw new IllegalStateException("Missing signing private key");
        }
        if (this.signingChain.size() == 0) {
            throw new IllegalStateException("Empty certificate chain");
        }
        if (!(this.signingCert instanceof X509Certificate)) {
            throw new CertificateException("Only X509Certificates are supported");
        }
        ((X509Certificate) this.signingCert).checkValidity(new Date());
        X500Principal issuerX500Principal = ((X509Certificate) this.signingCert).getIssuerX500Principal();
        boolean z = false;
        Iterator<Certificate> it = this.signingChain.iterator();
        while (true) {
            if (it.hasNext()) {
                if (issuerX500Principal.equals(((X509Certificate) it.next()).getSubjectX500Principal())) {
                    z = true;
                    break;
                }
            } else {
                break;
            }
        }
        if (!z) {
            throw new CertificateException("The signing certficate is not from the expected issuer");
        }
        if (readIntLE(randomAccessFile) != -17958194) {
            System.err.println("not a MachO binary");
            System.exit(3);
        }
        int length = (int) randomAccessFile.length();
        int i = ((length + 15) / 16) * 16;
        byte[] newEntitlementBlob = newEntitlementBlob(this.applicationIdentifierPrefix, this.applicationIdentifier, new X500Name(((X509Certificate) this.signingCert).getSubjectX500Principal().getName()).getCommonName().startsWith("iPhone Distribution:"));
        byte[] newRequirementsBlob = newRequirementsBlob();
        byte[] newCodeDirectoryBlob = newCodeDirectoryBlob(randomAccessFile, i, this.applicationIdentifier, newEntitlementBlob, newRequirementsBlob);
        byte[] newCMSBlob = newCMSBlob(newCodeDirectoryBlob);
        int length2 = 44 + newCodeDirectoryBlob.length;
        int length3 = length2 + newRequirementsBlob.length;
        int length4 = length3 + newEntitlementBlob.length;
        int length5 = (((length4 + newCMSBlob.length) + 15) / 16) * 16;
        randomAccessFile.seek(16L);
        int readIntLE = readIntLE(randomAccessFile);
        int i2 = 0;
        randomAccessFile.seek(28L);
        int i3 = 0;
        while (true) {
            if (i3 >= readIntLE) {
                break;
            }
            int filePointer = (int) randomAccessFile.getFilePointer();
            int readIntLE2 = readIntLE(randomAccessFile);
            int readIntLE3 = readIntLE(randomAccessFile);
            if (readIntLE2 == 1) {
                byte[] bArr = {95, 95, 76, 73, 78, 75, 69, 68, 73, 84, 0, 0, 0, 0, 0, 0};
                byte[] bArr2 = new byte[16];
                randomAccessFile.read(bArr2);
                if (Arrays.equals(bArr2, bArr)) {
                    i2 = filePointer;
                    break;
                }
            }
            randomAccessFile.seek(filePointer + readIntLE3);
            i3++;
        }
        if (i2 == 0) {
            System.err.println("no __LINKEDIT command");
            System.exit(3);
        }
        int i4 = i2 + 20 + 16;
        randomAccessFile.seek(i4);
        int readIntLE4 = (((readIntLE(randomAccessFile) + 15) / 16) * 16) + length5;
        randomAccessFile.seek(i4);
        writeIntLE(randomAccessFile, readIntLE4);
        randomAccessFile.seek(i2 + 12 + 16);
        writeIntLE(randomAccessFile, (((readIntLE4 + 4096) - 1) / 4096) * 4096);
        randomAccessFile.seek(16L);
        writeIntLE(randomAccessFile, readIntLE + 1);
        randomAccessFile.seek(20L);
        int readIntLE5 = readIntLE(randomAccessFile);
        randomAccessFile.seek(20L);
        writeIntLE(randomAccessFile, readIntLE5 + 16);
        randomAccessFile.seek(28 + readIntLE5);
        writeIntLE(randomAccessFile, 29);
        writeIntLE(randomAccessFile, 16);
        writeIntLE(randomAccessFile, i);
        writeIntLE(randomAccessFile, length5);
        randomAccessFile.seek(length);
        for (int i5 = length; i5 < i; i5++) {
            randomAccessFile.write(0);
        }
        byte[] newCodeDirectoryBlob2 = newCodeDirectoryBlob(randomAccessFile, i, this.applicationIdentifier, newEntitlementBlob, newRequirementsBlob);
        byte[] newCMSBlob2 = newCMSBlob(newCodeDirectoryBlob2);
        randomAccessFile.seek(i);
        randomAccessFile.writeInt(-86111040);
        randomAccessFile.writeInt(length5);
        randomAccessFile.writeInt(4);
        randomAccessFile.writeInt(0);
        randomAccessFile.writeInt(44);
        randomAccessFile.writeInt(2);
        randomAccessFile.writeInt(length2);
        randomAccessFile.writeInt(5);
        randomAccessFile.writeInt(length3);
        randomAccessFile.writeInt(65536);
        randomAccessFile.writeInt(length4);
        randomAccessFile.write(newCodeDirectoryBlob2);
        randomAccessFile.write(newRequirementsBlob);
        randomAccessFile.write(newEntitlementBlob);
        randomAccessFile.write(newCMSBlob2);
        while (randomAccessFile.getFilePointer() < i + length5) {
            randomAccessFile.write(0);
        }
    }

    private byte[] newEntitlementBlob(String str, String str2, boolean z) throws UnsupportedEncodingException {
        StringBuilder sb = new StringBuilder();
        sb.append("\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n<plist version=\"1.0\">\n<dict>\n\t<key>application-identifier</key><string>");
        sb.append(str);
        sb.append(".");
        sb.append(str2);
        sb.append("</string>\n\t<key>get-task-allow</key><");
        sb.append(z ? "false" : "true");
        sb.append("/>\n</dict>\n</plist>");
        int length = 8 + sb.length();
        ByteBuffer allocate = ByteBuffer.allocate(length);
        allocate.putInt(-86085263);
        allocate.putInt(length);
        allocate.put(sb.toString().getBytes("UTF-8"));
        return allocate.array();
    }

    private byte[] newRequirementsBlob() {
        ByteBuffer allocate = ByteBuffer.allocate(12);
        allocate.putInt(-86111231);
        allocate.putInt(12);
        allocate.putInt(0);
        return allocate.array();
    }

    private byte[] newCodeDirectoryBlob(RandomAccessFile randomAccessFile, int i, String str, byte[] bArr, byte[] bArr2) throws IOException, NoSuchAlgorithmException {
        byte[] bytes = str.getBytes("UTF-8");
        int i2 = ((i + 4096) - 1) / 4096;
        int length = 44 + bytes.length + 1 + 100;
        int length2 = 44 + bytes.length + 1 + ((5 + i2) * 20);
        ByteBuffer allocate = ByteBuffer.allocate(length2);
        allocate.putInt(-86111230);
        allocate.putInt(length2);
        allocate.putInt(131073);
        allocate.putInt(0);
        allocate.putInt(length);
        allocate.putInt(44);
        allocate.putInt(5);
        allocate.putInt(i2);
        allocate.putInt(i);
        allocate.put((byte) 20);
        allocate.put((byte) 1);
        allocate.put((byte) 0);
        allocate.put((byte) 12);
        allocate.putInt(0);
        allocate.put(str.getBytes("UTF-8"));
        allocate.put((byte) 0);
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
        allocate.put(messageDigest.digest(bArr));
        for (int i3 = 0; i3 < 20; i3++) {
            allocate.put((byte) 0);
        }
        allocate.put(this.hashCodeResources);
        allocate.put(messageDigest.digest(bArr2));
        allocate.put(this.hashInfoPlist);
        randomAccessFile.seek(0L);
        byte[] bArr3 = new byte[4096];
        long j = i;
        while (true) {
            long j2 = j;
            if (j2 <= 0) {
                return allocate.array();
            }
            messageDigest.update(bArr3, 0, randomAccessFile.read(bArr3, 0, (int) Math.min(4096L, j2)));
            allocate.put(messageDigest.digest());
            j = j2 - 4096;
        }
    }

    private byte[] newCMSBlob(byte[] bArr) throws IOException, GeneralSecurityException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(4096);
        signToStream(byteArrayOutputStream, bArr);
        int size = 8 + byteArrayOutputStream.size();
        ByteBuffer allocate = ByteBuffer.allocate(size);
        allocate.putInt(-86111487);
        allocate.putInt(size);
        allocate.put(byteArrayOutputStream.toByteArray());
        return allocate.array();
    }

    private void signToStream(OutputStream outputStream, byte[] bArr) throws IOException, GeneralSecurityException {
        MessageDigest messageDigest = MessageDigest.getInstance(SHA1);
        messageDigest.update(bArr);
        PKCS9Attributes pKCS9Attributes = new PKCS9Attributes(new PKCS9Attribute[]{new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID), new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, messageDigest.digest()), new PKCS9Attribute(PKCS9Attribute.SIGNING_TIME_OID, new Date())});
        byte[] bArr2 = null;
        try {
            Signature signature = Signature.getInstance(SHA1_WITH_RSA);
            signature.initSign(this.signingKey);
            signature.update(pKCS9Attributes.getDerEncoding());
            bArr2 = signature.sign();
        } catch (NoSuchAlgorithmException e) {
            if (!$assertionsDisabled) {
                throw new AssertionError();
            }
        }
        new PKCS7(new AlgorithmId[]{AlgorithmId.get(SHA1)}, new ContentInfo(ContentInfo.DATA_OID, (DerValue) null), (X509Certificate[]) this.signingChain.toArray(new X509Certificate[0]), new SignerInfo[]{new SignerInfo(new X500Name(asn1ConvertPrintableStringToUtf8(new X500Name(((X509Certificate) this.signingCert).getIssuerX500Principal().getName()).getEncoded())), ((X509Certificate) this.signingCert).getSerialNumber(), new AlgorithmId(AlgorithmId.SHA_oid), pKCS9Attributes, new AlgorithmId(AlgorithmId.RSAEncryption_oid), bArr2, (PKCS9Attributes) null)}).encodeSignedData(outputStream);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v46, types: [int] */
    private byte[] asn1ConvertPrintableStringToUtf8(byte[] bArr) throws IOException {
        int i;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length);
        int i2 = 0;
        while (true) {
            int i3 = i2;
            if (i3 >= bArr.length) {
                if (bArr.length != byteArrayOutputStream.size()) {
                    throw new IllegalStateException("ASN1 encoding length mismatch");
                }
                return byteArrayOutputStream.toByteArray();
            }
            byte b = bArr[i3];
            byte b2 = bArr[i3 + 1];
            int i4 = 0;
            if ((b2 & 128) != 0) {
                i4 = b2 & Byte.MAX_VALUE;
                b2 = 0;
                for (int i5 = 0; i5 < i4; i5++) {
                    b2 = (b2 << 8) + (bArr[i3 + 2] & 255);
                }
            }
            int i6 = i4 + 1;
            switch (b) {
                case 19:
                    i = 1 + i6 + b2;
                    if (i <= 4) {
                        byteArrayOutputStream.write(bArr, i3, i);
                        break;
                    } else {
                        String asString = new DerValue(bArr, i3, i).getAsString();
                        DerOutputStream derOutputStream = new DerOutputStream();
                        derOutputStream.putUTF8String(asString);
                        byteArrayOutputStream.write(derOutputStream.toByteArray());
                        break;
                    }
                case ASN1.SEQUENCE_TAG /* 48 */:
                case 49:
                    i = 1 + i6;
                    byteArrayOutputStream.write(bArr, i3, i);
                    break;
                default:
                    i = 1 + i6 + b2;
                    byteArrayOutputStream.write(bArr, i3, i);
                    break;
            }
            i2 = i3 + i;
        }
    }

    private void loadCertificateChain() throws FileNotFoundException, CertificateException, IOException {
        InputStream inputStream = null;
        try {
            inputStream = getClass().getClassLoader().getResourceAsStream(CHAIN_RESOURCE_PATH);
            for (Certificate certificate : CertificateFactory.getInstance("X.509").generateCertificates(inputStream)) {
                if (!this.signingChain.contains(certificate)) {
                    this.signingChain.add(certificate);
                }
            }
            if (inputStream != null) {
                inputStream.close();
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                inputStream.close();
            }
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    private void loadSigningCert(String str, String str2) throws KeyStoreException, FileNotFoundException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        KeyStore keyStore = KeyStore.getInstance("pkcs12");
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(str);
            keyStore.load(fileInputStream, str2.toCharArray());
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            Enumeration<String> aliases = keyStore.aliases();
            String str3 = null;
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement)) {
                    str3 = nextElement;
                }
            }
            this.signingKey = (PrivateKey) keyStore.getKey(str3, str2.toCharArray());
            this.signingCert = keyStore.getCertificate(str3);
            this.signingChain.add(this.signingCert);
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    private static byte[] newDigestOfFile(File file) throws IOException, NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(file);
            byte[] bArr = new byte[4096];
            while (true) {
                int read = fileInputStream.read(bArr);
                if (read == -1) {
                    fileInputStream.close();
                    return messageDigest.digest();
                }
                messageDigest.update(bArr, 0, read);
            }
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    private int readIntLE(RandomAccessFile randomAccessFile) throws IOException {
        return randomAccessFile.readUnsignedByte() + (randomAccessFile.readUnsignedByte() << 8) + (randomAccessFile.readUnsignedByte() << 16) + (randomAccessFile.readUnsignedByte() << 24);
    }

    private void writeIntLE(RandomAccessFile randomAccessFile, int i) throws IOException {
        randomAccessFile.write(i);
        randomAccessFile.write(i >> 8);
        randomAccessFile.write(i >> 16);
        randomAccessFile.write(i >> 24);
    }

    @Override // com.adobe.ucf.ISigner
    public void setPrivateKey(PrivateKey privateKey) {
        this.signingKey = privateKey;
    }

    @Override // com.adobe.ucf.ISigner
    public void setSignerCertificate(Certificate certificate) {
        this.signingCert = certificate;
    }

    @Override // com.adobe.ucf.ISigner
    public void setCertificateChain(Certificate[] certificateArr) {
        this.signingChain = new ArrayList(Arrays.asList(certificateArr));
    }

    @Override // com.adobe.ucf.ISigner
    public void setTimestampURL(String str) {
        throw new UnsupportedOperationException("setTimestampURL() not supported");
    }

    @Override // com.adobe.ucf.ISigner
    public void setOutput(File file) {
        throw new UnsupportedOperationException("setOutput() not supported");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setHashInfoPlist(byte[] bArr) {
        this.hashInfoPlist = bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setHashCodeResources(byte[] bArr) {
        this.hashCodeResources = bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setApplicationIdentifier(String str) {
        this.applicationIdentifier = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setApplicationIdentifierPrefix(String str) {
        this.applicationIdentifierPrefix = str;
    }

    static {
        $assertionsDisabled = !MachoSigner.class.desiredAssertionStatus();
    }
}
