package org.godotengine.editor.utils;

import android.util.Log;
import com.android.apksig.ApkSigner;
import com.android.apksig.ApkVerifier;
import java.io.File;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.godotengine.godot.error.Error;
import org.godotengine.godot.io.file.FileAccessHandler;

/* compiled from: ApkSignerUtil.kt */
@Metadata(d1 = {"\u0000 \n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0010\u0002\n\u0002\b\u0003\u001aB\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\u00012\u0006\u0010\b\u001a\u00020\u00012\u0006\u0010\t\u001a\u00020\u00012\u0006\u0010\n\u001a\u00020\u00012\u0006\u0010\u000b\u001a\u00020\u00012\b\b\u0002\u0010\f\u001a\u00020\u0001H\u0000\u001a\b\u0010\r\u001a\u00020\u000eH\u0002\u001a\u0018\u0010\u000f\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0010\u001a\u00020\u0001H\u0000\"\u000e\u0010\u0000\u001a\u00020\u0001X\u0082T¢\u0006\u0002\n\u0000\"\u000e\u0010\u0002\u001a\u00020\u0001X\u0082T¢\u0006\u0002\n\u0000¨\u0006\u0011"}, d2 = {"DEFAULT_KEYSTORE_TYPE", "", "TAG", "signApk", "Lorg/godotengine/godot/error/Error;", "fileAccessHandler", "Lorg/godotengine/godot/io/file/FileAccessHandler;", "inputPath", "outputPath", "keystorePath", "keystoreUser", "keystorePassword", "keystoreType", "validateBouncyCastleProvider", "", "verifyApk", "apkPath", "android_editor_androidRelease"}, k = 2, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes2.dex */
public final class ApkSignerUtil {
    private static final String DEFAULT_KEYSTORE_TYPE = "PKCS12";
    private static final String TAG = "ApkSignerUtil";

    public static final Error signApk(FileAccessHandler fileAccessHandler, String inputPath, String outputPath, String keystorePath, String keystoreUser, String keystorePassword, String keystoreType) {
        Intrinsics.checkNotNullParameter(fileAccessHandler, "fileAccessHandler");
        Intrinsics.checkNotNullParameter(inputPath, "inputPath");
        Intrinsics.checkNotNullParameter(outputPath, "outputPath");
        Intrinsics.checkNotNullParameter(keystorePath, "keystorePath");
        Intrinsics.checkNotNullParameter(keystoreUser, "keystoreUser");
        Intrinsics.checkNotNullParameter(keystorePassword, "keystorePassword");
        Intrinsics.checkNotNullParameter(keystoreType, "keystoreType");
        if (!fileAccessHandler.fileExists(inputPath)) {
            Log.e(TAG, "Unable to access input path " + inputPath);
            return Error.ERR_FILE_NOT_FOUND;
        }
        String str = Intrinsics.areEqual(outputPath, inputPath) ? outputPath + ".signed" : outputPath;
        if (!fileAccessHandler.canAccess(str)) {
            Log.e(TAG, "Unable to access output path " + str);
            return Error.ERR_FILE_NO_PERMISSION;
        }
        if (!fileAccessHandler.fileExists(keystorePath) || StringsKt.isBlank(keystoreUser) || StringsKt.isBlank(keystorePassword)) {
            Log.e(TAG, "Invalid keystore credentials");
            return Error.ERR_INVALID_PARAMETER;
        }
        validateBouncyCastleProvider();
        KeyStore keyStore = KeyStore.getInstance(keystoreType);
        InputStream inputStream = fileAccessHandler.getInputStream(keystorePath);
        if (inputStream == null) {
            Log.e(TAG, "Unable to retrieve input stream from " + keystorePath);
            return Error.ERR_FILE_CANT_READ;
        }
        try {
            InputStream inputStream2 = inputStream;
            try {
                Log.v(TAG, "Loading keystore " + keystorePath + " with type " + keystoreType);
                char[] charArray = keystorePassword.toCharArray();
                Intrinsics.checkNotNullExpressionValue(charArray, "toCharArray(...)");
                keyStore.load(inputStream2, charArray);
                Unit unit = Unit.INSTANCE;
                CloseableKt.closeFinally(inputStream2, null);
                if (!keyStore.isKeyEntry(keystoreUser)) {
                    Log.e(TAG, "Key alias " + keystoreUser + " is invalid");
                    return Error.ERR_INVALID_PARAMETER;
                }
                try {
                    char[] charArray2 = keystorePassword.toCharArray();
                    Intrinsics.checkNotNullExpressionValue(charArray2, "toCharArray(...)");
                    Key key = keyStore.getKey(keystoreUser, charArray2);
                    if (!(key instanceof PrivateKey)) {
                        Log.e(TAG, "Unable to recover keystore alias " + keystoreUser);
                        return Error.ERR_CANT_ACQUIRE_RESOURCE;
                    }
                    Certificate[] certificateChain = keyStore.getCertificateChain(keystoreUser);
                    if (certificateChain == null || certificateChain.length == 0) {
                        Log.e(TAG, "Keystore alias " + keystoreUser + " does not contain certificates");
                        return Error.ERR_INVALID_DATA;
                    }
                    ArrayList arrayList = new ArrayList(certificateChain.length);
                    Intrinsics.checkNotNull(certificateChain);
                    for (Certificate certificate : certificateChain) {
                        Intrinsics.checkNotNull(certificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
                        arrayList.add((X509Certificate) certificate);
                    }
                    try {
                        new ApkSigner.Builder((List<ApkSigner.SignerConfig>) CollectionsKt.listOf(new ApkSigner.SignerConfig.Builder(keystoreUser, (PrivateKey) key, arrayList).build())).setInputApk(new File(inputPath)).setOutputApk(new File(str)).build().sign();
                        if (Intrinsics.areEqual(outputPath, str) || fileAccessHandler.renameFile(str, outputPath)) {
                            Log.v(TAG, "Signed " + inputPath);
                            return Error.OK;
                        }
                        Log.e(TAG, "Unable to rename temp output file " + str + " to " + outputPath);
                        return Error.ERR_FILE_CANT_WRITE;
                    } catch (Exception e) {
                        Log.e(TAG, "Unable to sign " + inputPath, e);
                        return Error.FAILED;
                    }
                } catch (Exception unused) {
                    Log.e(TAG, "Unable to recover keystore alias " + keystoreUser);
                    return Error.ERR_CANT_ACQUIRE_RESOURCE;
                }
            } finally {
            }
        } catch (Exception e2) {
            Log.e(TAG, "Unable to load the keystore from " + keystorePath, e2);
            return Error.ERR_FILE_CANT_READ;
        }
    }

    public static /* synthetic */ Error signApk$default(FileAccessHandler fileAccessHandler, String str, String str2, String str3, String str4, String str5, String str6, int i, Object obj) {
        if ((i & 64) != 0) {
            str6 = DEFAULT_KEYSTORE_TYPE;
        }
        return signApk(fileAccessHandler, str, str2, str3, str4, str5, str6);
    }

    private static final void validateBouncyCastleProvider() {
        Provider provider = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
        if (provider instanceof BouncyCastleProvider) {
            return;
        }
        Log.v(TAG, "Removing BouncyCastleProvider " + provider + " (" + provider.getClass().getName() + ")");
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        if (Security.addProvider(bouncyCastleProvider) == -1) {
            Log.e(TAG, "Unable to add BouncyCastleProvider " + bouncyCastleProvider.getClass().getName());
            return;
        }
        Log.v(TAG, "Updated BouncyCastleProvider to " + bouncyCastleProvider + " (" + bouncyCastleProvider.getClass().getName() + ")");
    }

    public static final Error verifyApk(FileAccessHandler fileAccessHandler, String apkPath) {
        Intrinsics.checkNotNullParameter(fileAccessHandler, "fileAccessHandler");
        Intrinsics.checkNotNullParameter(apkPath, "apkPath");
        if (!fileAccessHandler.fileExists(apkPath)) {
            Log.e(TAG, "Unable to access apk " + apkPath);
            return Error.ERR_FILE_NOT_FOUND;
        }
        try {
            ApkVerifier build = new ApkVerifier.Builder(new File(apkPath)).build();
            Log.v(TAG, "Verifying apk " + apkPath);
            ApkVerifier.Result verify = build.verify();
            Log.v(TAG, "Verification result: " + verify.isVerified());
            return verify.isVerified() ? Error.OK : Error.FAILED;
        } catch (Exception e) {
            Log.e(TAG, "Error occurred during verification for " + apkPath, e);
            return Error.ERR_INVALID_DATA;
        }
    }
}
