package com.topjohnwu.crypto;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes.dex */
public class SignBoot {

    /* loaded from: classes.dex */
    static class BootSignature extends ASN1Object {
        private AlgorithmIdentifier algorithmIdentifier;
        private ASN1Encodable certificate;
        private ASN1Integer formatVersion;
        private ASN1Integer length;
        private PublicKey publicKey;
        private DEROctetString signature;
        private DERPrintableString target;

        public BootSignature(String str, int i) {
            this.formatVersion = new ASN1Integer(1L);
            this.target = new DERPrintableString(str);
            this.length = new ASN1Integer(i);
        }

        public BootSignature(byte[] bArr) {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(bArr).readObject();
            this.formatVersion = (ASN1Integer) aSN1Sequence.getObjectAt(0);
            if (this.formatVersion.getValue().intValue() != 1) {
                throw new IllegalArgumentException("Unsupported format version");
            }
            this.certificate = aSN1Sequence.getObjectAt(1);
            this.publicKey = ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(((ASN1Object) this.certificate).getEncoded()))).getPublicKey();
            this.algorithmIdentifier = new AlgorithmIdentifier((ASN1ObjectIdentifier) ((ASN1Sequence) aSN1Sequence.getObjectAt(2)).getObjectAt(0));
            ASN1Sequence aSN1Sequence2 = (ASN1Sequence) aSN1Sequence.getObjectAt(3);
            this.target = (DERPrintableString) aSN1Sequence2.getObjectAt(0);
            this.length = (ASN1Integer) aSN1Sequence2.getObjectAt(1);
            this.signature = (DEROctetString) aSN1Sequence.getObjectAt(4);
        }

        public byte[] generateSignableImage(byte[] bArr) {
            byte[] encodedAuthenticatedAttributes = getEncodedAuthenticatedAttributes();
            byte[] copyOf = Arrays.copyOf(bArr, bArr.length + encodedAuthenticatedAttributes.length);
            for (int i = 0; i < encodedAuthenticatedAttributes.length; i++) {
                copyOf[bArr.length + i] = encodedAuthenticatedAttributes[i];
            }
            return copyOf;
        }

        public ASN1Object getAuthenticatedAttributes() {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(this.target);
            aSN1EncodableVector.add(this.length);
            return new DERSequence(aSN1EncodableVector);
        }

        public byte[] getEncodedAuthenticatedAttributes() {
            return getAuthenticatedAttributes().getEncoded();
        }

        public void setCertificate(X509Certificate x509Certificate) {
            this.certificate = new ASN1InputStream(x509Certificate.getEncoded()).readObject();
            this.publicKey = x509Certificate.getPublicKey();
        }

        public void setSignature(byte[] bArr, AlgorithmIdentifier algorithmIdentifier) {
            this.algorithmIdentifier = algorithmIdentifier;
            this.signature = new DEROctetString(bArr);
        }

        public byte[] sign(byte[] bArr, PrivateKey privateKey) {
            return CryptoUtils.sign(privateKey, generateSignableImage(bArr));
        }

        @Override // org.bouncycastle.asn1.ASN1Object, org.bouncycastle.asn1.ASN1Encodable
        public ASN1Primitive toASN1Primitive() {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(this.formatVersion);
            aSN1EncodableVector.add(this.certificate);
            aSN1EncodableVector.add(this.algorithmIdentifier);
            aSN1EncodableVector.add(getAuthenticatedAttributes());
            aSN1EncodableVector.add(this.signature);
            return new DERSequence(aSN1EncodableVector);
        }

        public boolean verify(byte[] bArr) {
            if (this.length.getValue().intValue() != bArr.length) {
                throw new IllegalArgumentException("Invalid image length");
            }
            return CryptoUtils.verify(this.publicKey, generateSignableImage(bArr), this.signature.getOctets(), this.algorithmIdentifier);
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    public static boolean doSignature(String str, InputStream inputStream, OutputStream outputStream, InputStream inputStream2, InputStream inputStream3) {
        try {
            ByteArrayStream byteArrayStream = new ByteArrayStream();
            byteArrayStream.readFrom(inputStream);
            byte[] byteArray = byteArrayStream.toByteArray();
            byteArrayStream.close();
            int signableImageSize = getSignableImageSize(byteArray);
            if (signableImageSize < byteArray.length) {
                System.err.println("NOTE: truncating input from " + byteArray.length + " to " + signableImageSize + " bytes");
                byteArray = Arrays.copyOf(byteArray, signableImageSize);
            } else if (signableImageSize > byteArray.length) {
                throw new IllegalArgumentException("Invalid image: too short, expected " + signableImageSize + " bytes");
            }
            BootSignature bootSignature = new BootSignature(str, byteArray.length);
            bootSignature.setCertificate(CryptoUtils.readPublicKey(inputStream3));
            PrivateKey readPrivateKey = CryptoUtils.readPrivateKey(inputStream2);
            bootSignature.setSignature(bootSignature.sign(byteArray, readPrivateKey), CryptoUtils.getSignatureAlgorithmIdentifier(readPrivateKey));
            byte[] encoded = bootSignature.getEncoded();
            outputStream.write(byteArray);
            outputStream.write(encoded);
            outputStream.flush();
            return true;
        } catch (Exception e) {
            e.printStackTrace(System.err);
            return false;
        }
    }

    public static int getSignableImageSize(byte[] bArr) {
        if (!Arrays.equals(Arrays.copyOfRange(bArr, 0, 8), "ANDROID!".getBytes("US-ASCII"))) {
            throw new IllegalArgumentException("Invalid image header: missing magic");
        }
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        wrap.order(ByteOrder.LITTLE_ENDIAN);
        wrap.getLong();
        int i = wrap.getInt();
        wrap.getInt();
        int i2 = wrap.getInt();
        wrap.getInt();
        int i3 = wrap.getInt();
        wrap.getLong();
        int i4 = wrap.getInt();
        int i5 = i4 * ((((((((((i + i4) - 1) / i4) * i4) + i4) + ((((i2 + i4) - 1) / i4) * i4)) + ((((i3 + i4) - 1) / i4) * i4)) + i4) - 1) / i4);
        if (i5 <= 0) {
            throw new IllegalArgumentException("Invalid image header: invalid length");
        }
        return i5;
    }

    public static boolean verifySignature(InputStream inputStream, InputStream inputStream2) {
        try {
            ByteArrayStream byteArrayStream = new ByteArrayStream();
            byteArrayStream.readFrom(inputStream);
            byte[] byteArray = byteArrayStream.toByteArray();
            byteArrayStream.close();
            int signableImageSize = getSignableImageSize(byteArray);
            if (signableImageSize >= byteArray.length) {
                System.err.println("Invalid image: not signed");
                return false;
            }
            BootSignature bootSignature = new BootSignature(Arrays.copyOfRange(byteArray, signableImageSize, byteArray.length));
            if (inputStream2 != null) {
                bootSignature.setCertificate(CryptoUtils.readPublicKey(inputStream2));
            }
            if (bootSignature.verify(Arrays.copyOf(byteArray, signableImageSize))) {
                System.err.println("Signature is VALID");
                return true;
            }
            System.err.println("Signature is INVALID");
            return false;
        } catch (Exception e) {
            e.printStackTrace(System.err);
            System.err.println("Invalid image: not signed");
            return false;
        }
    }
}
