package de.brendamour.jpasskit.signing;

import com.fasterxml.jackson.annotation.JsonFilter;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.core.JsonGenerationException;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectWriter;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.databind.ser.impl.SimpleBeanPropertyFilter;
import com.fasterxml.jackson.databind.ser.impl.SimpleFilterProvider;
import com.fasterxml.jackson.databind.util.ISO8601DateFormat;
import com.google.common.hash.HashCode;
import com.google.common.hash.HashFunction;
import com.google.common.hash.Hashing;
import com.google.common.io.Files;
import de.brendamour.jpasskit.PKBarcode;
import de.brendamour.jpasskit.PKPass;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLDecoder;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERUTCTime;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.x509.Attribute;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSProcessableFile;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;

/* loaded from: input_file:de/brendamour/jpasskit/signing/PKSigningUtil.class */
public final class PKSigningUtil {
    private static final int ZIP_BUFFER_SIZE = 8192;
    private static final String FILE_SEPARATOR_UNIX = "/";
    private static final String MANIFEST_JSON_FILE_NAME = "manifest.json";
    private static final String PASS_JSON_FILE_NAME = "pass.json";
    private static PKSigningUtil instance = new PKSigningUtil();

    @JsonFilter("barcodeFilter")
    /* loaded from: input_file:de/brendamour/jpasskit/signing/PKSigningUtil$BarcodeFilterMixIn.class */
    private class BarcodeFilterMixIn {
        private BarcodeFilterMixIn() {
        }
    }

    @JsonFilter("charsetFilter")
    /* loaded from: input_file:de/brendamour/jpasskit/signing/PKSigningUtil$CharsetFilterMixIn.class */
    private class CharsetFilterMixIn {
        private CharsetFilterMixIn() {
        }
    }

    @JsonFilter("pkPassFilter")
    /* loaded from: input_file:de/brendamour/jpasskit/signing/PKSigningUtil$PkPassFilterMixIn.class */
    private class PkPassFilterMixIn {
        private PkPassFilterMixIn() {
        }
    }

    @JsonFilter("validateFilter")
    /* loaded from: input_file:de/brendamour/jpasskit/signing/PKSigningUtil$ValidateFilterMixIn.class */
    private class ValidateFilterMixIn {
        private ValidateFilterMixIn() {
        }
    }

    private PKSigningUtil() {
        addBCProvider();
    }

    public static PKSigningUtil getInstance() {
        return instance;
    }

    public byte[] createSignedAndZippedPkPassArchive(PKPass pKPass, URL url, PKSigningInformation pKSigningInformation) throws Exception {
        return createSignedAndZippedPkPassArchive(pKPass, URLDecoder.decode(url.getFile(), "UTF-8"), pKSigningInformation);
    }

    public byte[] createSignedAndZippedPkPassArchive(PKPass pKPass, String str, PKSigningInformation pKSigningInformation) throws Exception {
        File createTempDir = Files.createTempDir();
        FileUtils.copyDirectory(new File(str), createTempDir);
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.configure(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS, false);
        objectMapper.setDateFormat(new ISO8601DateFormat());
        createPassJSONFile(pKPass, createTempDir, objectMapper);
        signManifestFile(createTempDir, createManifestJSONFile(createTempDir, objectMapper), pKSigningInformation);
        byte[] createZippedPassAndReturnAsByteArray = createZippedPassAndReturnAsByteArray(createTempDir);
        FileUtils.deleteDirectory(createTempDir);
        return createZippedPassAndReturnAsByteArray;
    }

    public void signManifestFile(File file, File file2, PKSigningInformation pKSigningInformation) throws Exception {
        if (file == null || file2 == null || pKSigningInformation == null || !pKSigningInformation.isValid()) {
            throw new IllegalArgumentException("Null params are not supported");
        }
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        ContentSigner build = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(pKSigningInformation.getSigningPrivateKey());
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new Attribute(CMSAttributes.signingTime, new DERSet(new DERUTCTime(new Date()))));
        cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(new AttributeTable(aSN1EncodableVector))).build(build, pKSigningInformation.getSigningCert()));
        ArrayList arrayList = new ArrayList();
        arrayList.add(pKSigningInformation.getAppleWWDRCACert());
        arrayList.add(pKSigningInformation.getSigningCert());
        cMSSignedDataGenerator.addCertificates(new JcaCertStore(arrayList));
        byte[] encoded = cMSSignedDataGenerator.generate(new CMSProcessableFile(file2), false).getEncoded();
        FileOutputStream fileOutputStream = new FileOutputStream(new File(file.getAbsolutePath() + File.separator + "signature"));
        fileOutputStream.write(encoded);
        fileOutputStream.close();
    }

    public PKSigningInformation loadSigningInformationFromPKCS12FileAndIntermediateCertificateFile(String str, String str2, String str3) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, NoSuchProviderException, UnrecoverableKeyException {
        KeyStore loadPKCS12File = loadPKCS12File(str, str2);
        Enumeration<String> aliases = loadPKCS12File.aliases();
        PrivateKey privateKey = null;
        X509Certificate x509Certificate = null;
        while (true) {
            if (!aliases.hasMoreElements()) {
                break;
            }
            String nextElement = aliases.nextElement();
            Key key = loadPKCS12File.getKey(nextElement, str2.toCharArray());
            if (key instanceof PrivateKey) {
                privateKey = (PrivateKey) key;
                Certificate certificate = loadPKCS12File.getCertificate(nextElement);
                if (certificate instanceof X509Certificate) {
                    x509Certificate = (X509Certificate) certificate;
                    break;
                }
            }
        }
        X509Certificate loadDERCertificate = loadDERCertificate(str3);
        if (x509Certificate == null || privateKey == null || loadDERCertificate == null) {
            throw new IOException("Couldn#t load all the neccessary certificates/keys");
        }
        loadDERCertificate.checkValidity();
        x509Certificate.checkValidity();
        return new PKSigningInformation(x509Certificate, privateKey, loadDERCertificate);
    }

    public PKSigningInformation loadSigningInformationFromPKCS12AndIntermediateCertificateStreams(InputStream inputStream, String str, InputStream inputStream2) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, NoSuchProviderException, UnrecoverableKeyException {
        KeyStore loadPKCS12File = loadPKCS12File(inputStream, str);
        Enumeration<String> aliases = loadPKCS12File.aliases();
        PrivateKey privateKey = null;
        X509Certificate x509Certificate = null;
        while (true) {
            if (!aliases.hasMoreElements()) {
                break;
            }
            String nextElement = aliases.nextElement();
            Key key = loadPKCS12File.getKey(nextElement, str.toCharArray());
            if (key instanceof PrivateKey) {
                privateKey = (PrivateKey) key;
                Certificate certificate = loadPKCS12File.getCertificate(nextElement);
                if (certificate instanceof X509Certificate) {
                    x509Certificate = (X509Certificate) certificate;
                    break;
                }
            }
        }
        X509Certificate loadDERCertificate = loadDERCertificate(inputStream2);
        if (x509Certificate == null || privateKey == null || loadDERCertificate == null) {
            throw new IOException("Couldn#t load all the neccessary certificates/keys");
        }
        loadDERCertificate.checkValidity();
        return new PKSigningInformation(x509Certificate, privateKey, loadDERCertificate);
    }

    public KeyStore loadPKCS12File(String str, String str2) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, NoSuchProviderException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        File file = new File(str);
        if (!file.exists()) {
            URL resource = PKSigningUtil.class.getClassLoader().getResource(str);
            if (resource == null) {
                throw new FileNotFoundException("File at " + str + " not found");
            }
            file = new File(resource.getFile());
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        keyStore.load(fileInputStream, str2.toCharArray());
        IOUtils.closeQuietly(fileInputStream);
        return keyStore;
    }

    public KeyStore loadPKCS12File(InputStream inputStream, String str) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, NoSuchProviderException {
        if (inputStream == null) {
            throw new IllegalArgumentException("InputStream of key store must not be null");
        }
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(inputStream, str.toCharArray());
        return keyStore;
    }

    public X509Certificate loadDERCertificate(String str) throws IOException, CertificateException {
        try {
            try {
                File file = new File(str);
                if (!file.exists()) {
                    URL resource = PKSigningUtil.class.getClassLoader().getResource(str);
                    if (resource == null) {
                        throw new FileNotFoundException("File at " + str + " not found");
                    }
                    file = new File(resource.getFile());
                }
                FileInputStream fileInputStream = new FileInputStream(file);
                Certificate generateCertificate = CertificateFactory.getInstance("X.509", "BC").generateCertificate(fileInputStream);
                if (!(generateCertificate instanceof X509Certificate)) {
                    throw new IOException("The key from '" + str + "' could not be decrypted");
                }
                ((X509Certificate) generateCertificate).checkValidity();
                X509Certificate x509Certificate = (X509Certificate) generateCertificate;
                IOUtils.closeQuietly(fileInputStream);
                return x509Certificate;
            } catch (IOException e) {
                throw new IOException("The key from '" + str + "' could not be decrypted", e);
            } catch (NoSuchProviderException e2) {
                throw new IOException("The key from '" + str + "' could not be decrypted", e2);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((InputStream) null);
            throw th;
        }
    }

    public X509Certificate loadDERCertificate(InputStream inputStream) throws IOException, CertificateException {
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509", "BC").generateCertificate(inputStream);
            if (!(generateCertificate instanceof X509Certificate)) {
                throw new IOException("The key from the input stream could not be decrypted");
            }
            ((X509Certificate) generateCertificate).checkValidity();
            return (X509Certificate) generateCertificate;
        } catch (IOException e) {
            throw new IOException("The key from the input stream could not be decrypted", e);
        } catch (NoSuchProviderException e2) {
            throw new IOException("The key from the input stream could not be decrypted", e2);
        }
    }

    private void addBCProvider() {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    private void createPassJSONFile(PKPass pKPass, File file, ObjectMapper objectMapper) throws IOException, JsonGenerationException, JsonMappingException {
        getObjectWriterWithFilters(objectMapper).writeValue(new File(file.getAbsolutePath() + File.separator + PASS_JSON_FILE_NAME), pKPass);
    }

    private File createManifestJSONFile(File file, ObjectMapper objectMapper) throws IOException, JsonGenerationException, JsonMappingException {
        HashMap hashMap = new HashMap();
        hashFilesInDirectory(file.listFiles(), hashMap, Hashing.sha1(), null);
        File file2 = new File(file.getAbsolutePath() + File.separator + MANIFEST_JSON_FILE_NAME);
        getObjectWriterWithFilters(objectMapper).writeValue(file2, hashMap);
        return file2;
    }

    private ObjectWriter getObjectWriterWithFilters(ObjectMapper objectMapper) {
        SimpleFilterProvider simpleFilterProvider = new SimpleFilterProvider();
        simpleFilterProvider.addFilter("validateFilter", SimpleBeanPropertyFilter.serializeAllExcept(new String[]{"valid", "validationErrors"}));
        simpleFilterProvider.addFilter("pkPassFilter", SimpleBeanPropertyFilter.serializeAllExcept(new String[]{"valid", "validationErrors", "foregroundColorAsObject", "backgroundColorAsObject", "labelColorAsObject", "passThatWasSet"}));
        simpleFilterProvider.addFilter("barcodeFilter", SimpleBeanPropertyFilter.serializeAllExcept(new String[]{"valid", "validationErrors", "messageEncodingAsString"}));
        simpleFilterProvider.addFilter("charsetFilter", SimpleBeanPropertyFilter.filterOutAllExcept(new String[]{"name"}));
        objectMapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
        objectMapper.addMixIn(Object.class, ValidateFilterMixIn.class);
        objectMapper.addMixIn(PKPass.class, PkPassFilterMixIn.class);
        objectMapper.addMixIn(PKBarcode.class, BarcodeFilterMixIn.class);
        objectMapper.addMixIn(Charset.class, CharsetFilterMixIn.class);
        return objectMapper.writer(simpleFilterProvider);
    }

    private void hashFilesInDirectory(File[] fileArr, Map<String, String> map, HashFunction hashFunction, String str) throws IOException {
        for (File file : fileArr) {
            StringBuilder sb = new StringBuilder();
            if (file.isFile()) {
                HashCode hash = Files.hash(file, hashFunction);
                if (StringUtils.isEmpty(str)) {
                    sb.append(file.getName());
                } else {
                    sb.append(str);
                    sb.append(FILE_SEPARATOR_UNIX);
                    sb.append(file.getName());
                }
                map.put(sb.toString(), Hex.encodeHexString(hash.asBytes()));
            } else if (file.isDirectory()) {
                if (StringUtils.isEmpty(str)) {
                    sb.append(file.getName());
                } else {
                    sb.append(str);
                    sb.append(FILE_SEPARATOR_UNIX);
                    sb.append(file.getName());
                }
                hashFilesInDirectory(file.listFiles(), map, hashFunction, sb.toString());
            }
        }
    }

    private byte[] createZippedPassAndReturnAsByteArray(File file) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ZipOutputStream zipOutputStream = new ZipOutputStream(byteArrayOutputStream);
        zip(file, file, zipOutputStream);
        zipOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    private final void zip(File file, File file2, ZipOutputStream zipOutputStream) throws IOException {
        File[] listFiles = file.listFiles();
        byte[] bArr = new byte[ZIP_BUFFER_SIZE];
        int length = listFiles.length;
        for (int i = 0; i < length; i++) {
            if (listFiles[i].isDirectory()) {
                zip(listFiles[i], file2, zipOutputStream);
            } else {
                FileInputStream fileInputStream = new FileInputStream(listFiles[i]);
                zipOutputStream.putNextEntry(new ZipEntry(getRelativePathOfZipEntry(listFiles[i], file2)));
                while (true) {
                    int read = fileInputStream.read(bArr);
                    if (-1 == read) {
                        break;
                    } else {
                        zipOutputStream.write(bArr, 0, read);
                    }
                }
                fileInputStream.close();
            }
        }
    }

    private String getRelativePathOfZipEntry(File file, File file2) {
        String substring = file.getPath().substring(file2.getPath().length() + 1);
        if (File.separatorChar != '/') {
            substring = substring.replace(File.separatorChar, '/');
        }
        return substring;
    }
}
