package com.google.wireless.android.vending.developer.signing.tools.extern.export;

import com.google.common.collect.ImmutableList;
import com.google.security.keymaster.lite.KeymaestroHybridEncrypter;
import java.io.BufferedReader;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.Base64;
import java.util.Map;
import java.util.Optional;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;

/* loaded from: classes.dex */
public class ExportEncryptedPrivateKeyTool {
    private static final String FLAG_ALIAS = "alias";
    private static final String FLAG_ENCRYPTION_KEY = "encryptionkey";
    private static final String FLAG_INCLUDE_CERT = "include-cert";
    private static final String FLAG_KEYSTORE = "keystore";
    private static final String FLAG_OUTPUT = "output";
    private static final String FLAG_SIGNING_KEYSTORE = "signing-keystore";
    private static final String FLAG_SIGNING_KEY_ALIAS = "signing-key-alias";
    private static final String HELP_PAGE = "help.txt";
    private static final ImmutableList<String> SUPPORTED_SIGNING_ALGORITHMS = ImmutableList.of("RSA", "DSA");
    private final KeystoreHelper keystoreHelper;

    private static /* synthetic */ void $closeResource(Throwable th, AutoCloseable autoCloseable) {
        if (th == null) {
            autoCloseable.close();
            return;
        }
        try {
            autoCloseable.close();
        } catch (Throwable th2) {
            th.addSuppressed(th2);
        }
    }

    public ExportEncryptedPrivateKeyTool() {
        this.keystoreHelper = new KeystoreHelper();
    }

    ExportEncryptedPrivateKeyTool(KeystoreHelper keystoreHelper) {
        this.keystoreHelper = keystoreHelper;
    }

    private static byte[] certificateToPem(Certificate certificate) throws CertificateEncodingException {
        String encodeToString = Base64.getEncoder().encodeToString(certificate.getEncoded());
        StringBuilder sb = new StringBuilder(String.valueOf(encodeToString).length() + 55);
        sb.append("-----BEGIN CERTIFICATE-----\n");
        sb.append(encodeToString);
        sb.append("\n-----END CERTIFICATE-----\n");
        return sb.toString().getBytes(StandardCharsets.US_ASCII);
    }

    private byte[] encryptPrivateKey(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        return new KeymaestroHybridEncrypter(bArr).encrypt(bArr2);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private static byte[] fromHex(String str) {
        int length = str.length();
        if (length % 2 == 0) {
            byte[] bArr = new byte[length / 2];
            for (int i = 0; i < length; i += 2) {
                bArr[i / 2] = (byte) ((Character.digit(str.charAt(i), 16) << 4) + Character.digit(str.charAt(i + 1), 16));
            }
            return bArr;
        }
        StringBuilder sb = new StringBuilder(String.valueOf(str).length() + 102);
        sb.append("Hex encoded byte array must have even length but instead has length: ");
        sb.append(length);
        sb.append(". Hex encoded string: ");
        sb.append(str);
        throw new IllegalArgumentException(sb.toString());
    }

    private static String getFlagValue(Map<String, String> map, String str) {
        String remove = map.remove(str);
        StringBuilder sb = new StringBuilder(String.valueOf(str).length() + 20);
        sb.append("--");
        sb.append(str);
        sb.append(" must be specified");
        return (String) Utils.checkNotNull(remove, sb.toString());
    }

    /* JADX WARN: Removed duplicated region for block: B:32:0x00ec A[ADDED_TO_REGION] */
    /* JADX WARN: Removed duplicated region for block: B:49:0x00bd  */
    /* JADX WARN: Removed duplicated region for block: B:51:0x00c2  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void main(java.lang.String[] r15) {
        /*
            Method dump skipped, instructions count: 286
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.google.wireless.android.vending.developer.signing.tools.extern.export.ExportEncryptedPrivateKeyTool.main(java.lang.String[]):void");
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private static void printUsage() {
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(ExportEncryptedPrivateKeyTool.class.getResourceAsStream(HELP_PAGE), StandardCharsets.UTF_8));
            Throwable th = null;
            while (true) {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        return;
                    } else {
                        System.out.println(readLine);
                    }
                } finally {
                    $closeResource(th, bufferedReader);
                }
            }
        } catch (IOException unused) {
            throw new RuntimeException("Failed to read help.txt resource");
        }
    }

    static byte[] privateKeyToPem(PrivateKey privateKey) {
        String encodeToString = Base64.getEncoder().encodeToString(privateKey.getEncoded());
        StringBuilder sb = new StringBuilder(String.valueOf(encodeToString).length() + 55);
        sb.append("-----BEGIN PRIVATE KEY-----\n");
        sb.append(encodeToString);
        sb.append("\n-----END PRIVATE KEY-----\n");
        return sb.toString().getBytes(StandardCharsets.US_ASCII);
    }

    private void writeToZipFile(String str, Optional<byte[]> optional, byte[] bArr, byte[] bArr2) throws Exception {
        ZipOutputStream zipOutputStream = new ZipOutputStream(new FileOutputStream(Files.createFile(Paths.get(str, new String[0]), new FileAttribute[0]).toString()));
        Throwable th = null;
        try {
            if (optional.isPresent()) {
                zipOutputStream.putNextEntry(new ZipEntry("encryptedPrivateKeySignature"));
                zipOutputStream.write(optional.get());
            }
            zipOutputStream.closeEntry();
            zipOutputStream.putNextEntry(new ZipEntry("encryptedPrivateKey"));
            zipOutputStream.write(bArr);
            zipOutputStream.closeEntry();
            zipOutputStream.putNextEntry(new ZipEntry("certificate.pem"));
            zipOutputStream.write(bArr2);
            zipOutputStream.closeEntry();
        } finally {
            $closeResource(th, zipOutputStream);
        }
    }

    public void run(String str, String str2, KeystoreKey keystoreKey, Optional<KeystoreKey> optional, boolean z) throws Exception {
        KeyStore keystore = this.keystoreHelper.getKeystore(keystoreKey);
        byte[] encryptPrivateKey = encryptPrivateKey(fromHex(str), privateKeyToPem(this.keystoreHelper.getPrivateKey(keystore, keystoreKey)));
        if (!optional.isPresent() && !z) {
            Files.write(Paths.get(str2, new String[0]), encryptPrivateKey, new OpenOption[0]);
        } else {
            writeToZipFile(str2, optional.isPresent() ? Optional.of(sign(encryptPrivateKey, optional.get())) : Optional.empty(), encryptPrivateKey, certificateToPem(this.keystoreHelper.getCertificate(keystore, keystoreKey)));
        }
    }

    public byte[] sign(byte[] bArr, KeystoreKey keystoreKey) throws Exception {
        PrivateKey privateKey = this.keystoreHelper.getPrivateKey(this.keystoreHelper.getKeystore(keystoreKey), keystoreKey);
        if (!SUPPORTED_SIGNING_ALGORITHMS.contains(privateKey.getAlgorithm())) {
            throw new UnsupportedAlgorithmException(String.format("The signing key uses an unsupported algorithm. The tool only supports %s .", SUPPORTED_SIGNING_ALGORITHMS));
        }
        String valueOf = String.valueOf(privateKey.getAlgorithm());
        Signature signature = Signature.getInstance(valueOf.length() != 0 ? "SHA512with".concat(valueOf) : new String("SHA512with"));
        signature.initSign(privateKey);
        signature.update(bArr);
        return signature.sign();
    }
}
