package com.adobe.air;

import com.adobe.pki.Base64;
import com.adobe.ucf.ISigner;
import com.adobe.ucf.UCF;
import com.adobe.ucf.UCFSigner;
import com.rsa.certj.xml.dsig.SigNodeNameList;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.text.MessageFormat;
import java.util.Date;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;

/* loaded from: input_file:com/adobe/air/AIRMigrationSigner.class */
public class AIRMigrationSigner implements ISigner {
    private static String Adobe_patent_P851 = "AdobePatentId=\"P851\"";
    private static final int GRACE_PERIOD_DAYS = 180;
    private Certificate m_cert;
    private Certificate[] m_certChain;
    private File m_input;
    private File m_output;
    private ADTOutputStream m_stream = new AIROutputStream();
    private UCFSigner m_codeSigner = new UCFSigner();
    private PrivateKey m_key;
    private String m_timeStampURL;

    public void setInput(File file) {
        this.m_input = file;
    }

    @Override // com.adobe.ucf.ISigner
    public void setOutput(File file) {
        this.m_output = file;
    }

    @Override // com.adobe.ucf.ISigner
    public void setPrivateKey(PrivateKey privateKey) {
        this.m_key = privateKey;
        this.m_codeSigner.setPrivateKey(privateKey);
        setTimestampURL(ADT.DEFAULT_TSA_URL);
    }

    @Override // com.adobe.ucf.ISigner
    public void setCertificateChain(Certificate[] certificateArr) throws CertificateException {
        this.m_certChain = certificateArr;
    }

    @Override // com.adobe.ucf.ISigner
    public void setSignerCertificate(Certificate certificate) throws CertificateException {
        this.m_cert = certificate;
    }

    @Override // com.adobe.ucf.ISigner
    public void setAlsoIncludeOldStyleTimestamp() {
        throw new UnsupportedOperationException("setAlsoIncludeOldStyleTimestamp() not supported");
    }

    @Override // com.adobe.ucf.ISigner
    public void setTimestampURL(String str) {
        this.m_timeStampURL = str;
    }

    public void sign() throws IOException, InvalidInputException, GeneralSecurityException {
        if (this.m_input == null) {
            throw new IllegalStateException("input not set");
        }
        if (this.m_output == null) {
            throw new IllegalStateException("output not set");
        }
        File createTempFile = File.createTempFile("air", null, this.m_output.getAbsoluteFile().getParentFile());
        try {
            this.m_stream.setOutput(createTempFile);
            String mimetype = Utils.getMimetype(this.m_input);
            if (mimetype == null) {
                throw new InvalidInputException("File " + this.m_input.getPath() + " is invalid");
            }
            if (!mimetype.equals(ADTEntrypoint.MIMETYPE_AIR) && !mimetype.equals(ADTEntrypoint.MIMETYPE_AIRN)) {
                throw new InvalidInputException("File " + this.m_input.getPath() + " has an invalid mimetype for migration: " + mimetype);
            }
            this.m_stream.addMimeTypeFile(mimetype, true);
            ZipFile zipFile = new ZipFile(this.m_input);
            this.m_stream.addAIRFile(zipFile, mimetype);
            InputStream inputStream = zipFile.getInputStream(this.m_stream.getSignatureEntry());
            if (this.m_stream.getApplicationDescriptor().migrationGracePeriodInEffect()) {
                this.m_codeSigner.setGracePeriodDays(180);
            }
            this.m_codeSigner.setSignerCertificate(this.m_cert);
            this.m_codeSigner.setCertificateChain(this.m_certChain);
            processPackageSignature(this.m_stream.getSignatureEntry(), inputStream);
            inputStream.close();
            zipFile.close();
            this.m_stream.close();
            this.m_output.delete();
            createTempFile.renameTo(this.m_output);
            if (createTempFile.exists()) {
                createTempFile.delete();
            }
        } catch (Throwable th) {
            if (createTempFile.exists()) {
                createTempFile.delete();
            }
            throw th;
        }
    }

    private void processPackageSignature(ZipEntry zipEntry, InputStream inputStream) throws IOException, InvalidInputException, GeneralSecurityException {
        if (this.m_key == null) {
            throw new IllegalStateException("private key must be set before calling sign()");
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            Document parse = newInstance.newDocumentBuilder().parse(inputStream);
            NodeList elementsByTagName = parse.getElementsByTagName(SigNodeNameList.SIGNATURE_ELE_NAME);
            Element element = null;
            for (int i = 0; i < elementsByTagName.getLength(); i++) {
                Element element2 = (Element) elementsByTagName.item(i);
                if (element2.getAttribute(SigNodeNameList.ID_ATTR_NAME).equals("PackageSignature")) {
                    element = (Element) element2.getElementsByTagName(SigNodeNameList.SIGNATURE_VALUE_ELE_NAME).item(0);
                }
                if (element2.getAttribute(SigNodeNameList.ID_ATTR_NAME).equals("MigrationSignature")) {
                    throw new InvalidInputException("input already has a MigrationSignature");
                }
            }
            if (element == null) {
                throw new InvalidInputException("PackageSignature not found");
            }
            if (element.getAttributes().getLength() != 1) {
                throw new InvalidInputException("package signature value has unexpected attributes");
            }
            NodeList childNodes = element.getChildNodes();
            String str = null;
            int i2 = 0;
            while (true) {
                if (i2 >= childNodes.getLength()) {
                    break;
                }
                if (childNodes.item(i2).getNodeType() == 3) {
                    str = childNodes.item(i2).getNodeValue();
                    break;
                }
                i2++;
            }
            if (str == null) {
                throw new InvalidInputException("package signature value is empty");
            }
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(new MessageFormat("<SignatureValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\" Id=\"PackageSignatureValue\">{0}</SignatureValue>").format(new Object[]{str}).getBytes("UTF-8"));
            String format = new MessageFormat(UCF.stringFromInputStream(getClass().getResourceAsStream("MigrationSignedInfo.template"))).format(new Object[]{Base64.encodeBytes(digest)});
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initSign(this.m_key);
            signature.update(format.getBytes("UTF-8"));
            byte[] sign = signature.sign();
            String format2 = this.m_timeStampURL != null ? new MessageFormat(UCF.stringFromInputStream(this.m_codeSigner.getClass().getResourceAsStream("timestamp.template"))).format(new Object[]{"#MigrationSignatureValue", Base64.encodeBytes(this.m_codeSigner.getTimeStampFromURL(("<SignatureValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\" Id=\"MigrationSignatureValue\">" + Base64.encodeBytes(sign) + "</SignatureValue>").getBytes("UTF-8"), this.m_timeStampURL))}) : null;
            MessageFormat messageFormat = new MessageFormat(UCF.stringFromInputStream(getClass().getResourceAsStream("MigrationSignature.template")));
            Object[] objArr = new Object[4];
            objArr[0] = Base64.encodeBytes(digest);
            objArr[1] = Base64.encodeBytes(sign);
            objArr[2] = this.m_codeSigner.getXMLKeyInfo();
            objArr[3] = format2 == null ? "" : format2;
            String format3 = messageFormat.format(objArr);
            try {
                Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
                newTransformer.setOutputProperty("omit-xml-declaration", "yes");
                newTransformer.setOutputProperty("indent", "yes");
                DocumentBuilderFactory newInstance2 = DocumentBuilderFactory.newInstance();
                newInstance2.setNamespaceAware(true);
                parse.getDocumentElement().appendChild(parse.importNode(newInstance2.newDocumentBuilder().parse(new InputSource(new StringReader(format3))).getDocumentElement(), true));
                newTransformer.transform(new DOMSource(parse), new StreamResult(byteArrayOutputStream));
                this.m_stream.addData(byteArrayOutputStream.toByteArray(), UCF.PATH_SIGNATURES, new Date(), false, true);
            } catch (Exception e) {
                throw new IOException(e.getMessage());
            }
        } catch (Exception e2) {
            throw new InvalidInputException("could not parse signatures.xml");
        }
    }
}
