package java.util.jar;

import com.ibm.oti.security.provider.PKCS7;
import com.ibm.oti.util.ASN1Decoder;
import com.ibm.oti.util.ASN1Encoder;
import com.ibm.oti.util.BASE64Decoder;
import com.ibm.oti.util.Msg;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.Vector;
import java.util.zip.ZipEntry;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:local/ive/runtimes/common/ive/lib/jclMax/classes.zip:java/util/jar/JarVerifier.class */
public class JarVerifier {
    private String jarName;
    private Manifest man;
    private HashMap metaEntries = new HashMap(5);
    private Hashtable signatures = new Hashtable(5);
    private Hashtable certificates = new Hashtable(5);
    private Hashtable verifiedEntries = new Hashtable();

    /* loaded from: input_file:local/ive/runtimes/common/ive/lib/jclMax/classes.zip:java/util/jar/JarVerifier$VerifierEntry.class */
    static class VerifierEntry extends OutputStream {
        MessageDigest digest;
        String hash;
        Certificate[] certificates;

        VerifierEntry(MessageDigest messageDigest, String str, Certificate[] certificateArr) {
            this.digest = messageDigest;
            this.hash = str;
            this.certificates = certificateArr;
        }

        @Override // java.io.OutputStream
        public void write(int i) {
            this.digest.update((byte) i);
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) {
            this.digest.update(bArr, i, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JarVerifier(String str) {
        this.jarName = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public VerifierEntry initEntry(String str) {
        Attributes attributes;
        if (this.man == null || this.signatures.size() == 0 || (attributes = this.man.getAttributes(str)) == null) {
            return null;
        }
        Vector vector = new Vector();
        for (Map.Entry entry : this.signatures.entrySet()) {
            if (((HashMap) entry.getValue()).get(str) != null) {
                Certificate certificate = (Certificate) this.certificates.get((String) entry.getKey());
                if (certificate != null) {
                    vector.add(certificate);
                }
            }
        }
        if (vector.size() == 0) {
            return null;
        }
        Certificate[] certificateArr = new Certificate[vector.size()];
        vector.toArray(certificateArr);
        String value = attributes.getValue("Digest-Algorithms");
        if (value == null) {
            value = "SHA SHA1";
        }
        StringTokenizer stringTokenizer = new StringTokenizer(value);
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            String value2 = attributes.getValue(new StringBuffer(String.valueOf(nextToken)).append("-Digest").toString());
            if (value2 != null) {
                try {
                    return new VerifierEntry(MessageDigest.getInstance(nextToken), value2, certificateArr);
                } catch (NoSuchAlgorithmException unused) {
                }
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addMetaEntry(String str, byte[] bArr) {
        this.metaEntries.put(str.toUpperCase(), bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized boolean readCertificates() {
        if (this.metaEntries == null) {
            return false;
        }
        Iterator it = this.metaEntries.keySet().iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (str.endsWith(".DSA") || str.endsWith(".RSA")) {
                verifyCertificate(str);
                if (this.metaEntries == null) {
                    return false;
                }
                it.remove();
            }
        }
        return true;
    }

    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    void verifyCertificate(String str) {
        String stringBuffer = new StringBuffer(String.valueOf(str.substring(0, str.lastIndexOf(46)))).append(".SF").toString();
        byte[] bArr = (byte[]) this.metaEntries.get(stringBuffer);
        if (bArr == null) {
            return;
        }
        byte[] bArr2 = (byte[]) this.metaEntries.get(str);
        try {
            PKCS7.SignerInfo signerInfo = new PKCS7(bArr2).signedData().signerInfos()[0];
            X509Certificate x509Certificate = null;
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                if (this.metaEntries == null) {
                    return;
                }
                Collection generateCertificates = certificateFactory.generateCertificates(new ByteArrayInputStream(bArr2));
                Principal signer = signerInfo.getSigner();
                Iterator it = generateCertificates.iterator();
                while (x509Certificate == null) {
                    if (!it.hasNext()) {
                        break;
                    }
                    X509Certificate x509Certificate2 = (X509Certificate) it.next();
                    if (x509Certificate2.getIssuerDN().equals(signer)) {
                        x509Certificate = x509Certificate2;
                    }
                }
                if (x509Certificate == null) {
                    return;
                }
                Signature signature = null;
                String signatureName = signerInfo.signatureName();
                if (signatureName != null) {
                    try {
                        signature = Signature.getInstance(signatureName);
                    } catch (NoSuchAlgorithmException unused) {
                    }
                }
                if (signature == null) {
                    try {
                        String digestEncryptionAlgorithm = signerInfo.digestEncryptionAlgorithm();
                        if (digestEncryptionAlgorithm == null) {
                            return;
                        } else {
                            signature = Signature.getInstance(digestEncryptionAlgorithm);
                        }
                    } catch (NoSuchAlgorithmException unused2) {
                        return;
                    }
                }
                try {
                    signature.initVerify(x509Certificate.getPublicKey());
                    ASN1Decoder.Node[] authenticatedAttributes = signerInfo.authenticatedAttributes();
                    if (authenticatedAttributes.length > 0) {
                        ASN1Decoder.Node node = new ASN1Decoder.Node();
                        node.type = 17;
                        node.data = authenticatedAttributes;
                        try {
                            signature.update(ASN1Encoder.encodeNode(node));
                        } catch (SignatureException unused3) {
                            return;
                        }
                    } else {
                        try {
                            signature.update(bArr);
                        } catch (SignatureException unused4) {
                            return;
                        }
                    }
                    byte[] contentMessageDigest = signerInfo.contentMessageDigest();
                    if (contentMessageDigest != null) {
                        try {
                            if (!Arrays.equals(contentMessageDigest, MessageDigest.getInstance(signerInfo.digestAlgorithm()).digest(bArr))) {
                                throw new SecurityException(Msg.getString("K00eb", this.jarName, stringBuffer));
                            }
                        } catch (NoSuchAlgorithmException unused5) {
                            return;
                        }
                    }
                    try {
                        if (!signature.verify(signerInfo.encryptedDigest())) {
                            throw new SecurityException(Msg.getString("K00eb", this.jarName, stringBuffer));
                        }
                        if (x509Certificate.hasUnsupportedCriticalExtension()) {
                            return;
                        }
                        Attributes attributes = new Attributes();
                        HashMap hashMap = new HashMap();
                        try {
                            new InitManifest(new ByteArrayInputStream(bArr), attributes, hashMap, null, "Signature-Version");
                            boolean z = attributes.getValue("Created-By").indexOf("signtool") != -1;
                            byte[] bArr3 = (byte[]) this.metaEntries.get(JarFile.MANIFEST_NAME);
                            if (bArr3 == null) {
                                return;
                            }
                            if (!verify(attributes, z ? "-Digest" : "-Digest-Manifest", bArr3, false)) {
                                for (Map.Entry entry : hashMap.entrySet()) {
                                    byte[] chunk = this.man.getChunk((String) entry.getKey());
                                    if (chunk == null) {
                                        return;
                                    }
                                    if (!verify((Attributes) entry.getValue(), "-Digest", chunk, z)) {
                                        throw new SecurityException(Msg.getString("K00ec", new Object[]{stringBuffer, entry.getKey(), this.jarName}));
                                    }
                                }
                            }
                            this.metaEntries.put(stringBuffer, null);
                            this.signatures.put(stringBuffer, hashMap);
                            this.certificates.put(stringBuffer, x509Certificate);
                        } catch (IOException unused6) {
                        }
                    } catch (SignatureException unused7) {
                    }
                } catch (InvalidKeyException unused8) {
                }
            } catch (CertificateException unused9) {
            }
        } catch (IllegalArgumentException unused10) {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setManifest(Manifest manifest) {
        this.man = manifest;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verifySignatures(VerifierEntry verifierEntry, ZipEntry zipEntry) {
        if (!MessageDigest.isEqual(verifierEntry.digest.digest(), BASE64Decoder.decode(verifierEntry.hash))) {
            throw new SecurityException(Msg.getString("K00ec", new Object[]{JarFile.MANIFEST_NAME, zipEntry.getName(), this.jarName}));
        }
        this.verifiedEntries.put(zipEntry.getName(), verifierEntry.certificates);
        if (zipEntry instanceof JarEntry) {
            ((JarEntry) zipEntry).certificates = (Certificate[]) verifierEntry.certificates.clone();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isSignedJar() {
        return this.certificates.size() > 0;
    }

    boolean verify(Attributes attributes, String str, byte[] bArr, boolean z) {
        String value = attributes.getValue("Digest-Algorithms");
        if (value == null) {
            value = "SHA SHA1";
        }
        StringTokenizer stringTokenizer = new StringTokenizer(value);
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            String value2 = attributes.getValue(new StringBuffer(String.valueOf(nextToken)).append(str).toString());
            if (value2 != null) {
                try {
                    MessageDigest messageDigest = MessageDigest.getInstance(nextToken);
                    if (z && bArr[bArr.length - 1] == 10 && bArr[bArr.length - 2] == 10) {
                        messageDigest.update(bArr, 0, bArr.length - 1);
                    } else {
                        messageDigest.update(bArr, 0, bArr.length);
                    }
                    return MessageDigest.isEqual(messageDigest.digest(), BASE64Decoder.decode(value2));
                } catch (NoSuchAlgorithmException unused) {
                }
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Certificate[] getCertificates(String str) {
        Certificate[] certificateArr = (Certificate[]) this.verifiedEntries.get(str);
        if (certificateArr == null) {
            return null;
        }
        return (Certificate[]) certificateArr.clone();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeMetaEntries() {
        this.metaEntries = null;
    }
}
