package com.sun.deploy.security;

import com.sun.deploy.cache.SignedAsBlobJarFile;
import com.sun.deploy.config.Config;
import com.sun.deploy.model.DownloadDelegate;
import com.sun.deploy.net.JARSigningException;
import com.sun.deploy.trace.Trace;
import com.sun.deploy.trace.TraceLevel;
import com.sun.deploy.util.BlackList;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.CodeSigner;
import java.security.CodeSource;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.Manifest;
import java.util.zip.ZipException;
import sun.misc.SharedSecrets;

/* loaded from: input_file:jre/lib/deploy.jar:com/sun/deploy/security/JarVerifier.class */
public abstract class JarVerifier {
    protected File jarFile;
    protected File nativePath;
    protected URL jarLocation;
    protected String jarVersion;
    protected Manifest manifest;
    protected int[] singleSignerIndicesCert;
    protected int[] singleSignerIndicesCS;
    private static boolean TEST_INJECT_HAS_UNSIGNED = false;
    protected boolean hasSingleCodeSource = false;
    protected boolean hasOnlySignedEntries = false;
    protected boolean hasOnlyUnsignedEntries = true;
    protected boolean hasMissingSignedEntries = false;
    protected Map signerMapCert = new HashMap();
    protected Map codeSourceCertCache = new HashMap();
    protected List signerCerts = new ArrayList();
    protected Map signerMap = new HashMap();
    protected Map codeSourceCache = new HashMap();
    protected List signersCS = new ArrayList();

    /* JADX INFO: Access modifiers changed from: protected */
    public JarVerifier(URL url, String str, File file, File file2) {
        this.jarFile = file;
        this.nativePath = file2;
        this.jarLocation = url;
        this.jarVersion = str;
    }

    public URL getJarLocation() {
        return this.jarLocation;
    }

    public String getJarVersion() {
        return this.jarVersion;
    }

    public abstract void validate(DownloadDelegate downloadDelegate) throws IOException, JARSigningException;

    public Manifest getManifest() {
        return this.manifest;
    }

    public Map getSignerMapCert() {
        return this.signerMapCert;
    }

    public Map getCodeSourceCertCache() {
        return this.codeSourceCertCache;
    }

    public Map getSignerMap() {
        return this.signerMap;
    }

    public Map getCodeSourceCache() {
        return this.codeSourceCache;
    }

    public List getSignerCerts() {
        return this.signerCerts;
    }

    public List getSignersCS() {
        return this.signersCS;
    }

    public int[] getSingleSignerIndicesCert() {
        return this.singleSignerIndicesCert;
    }

    public int[] getSingleSignerIndicesCS() {
        return this.singleSignerIndicesCS;
    }

    public boolean hasOnlySignedEntries() {
        if (TEST_INJECT_HAS_UNSIGNED) {
            return false;
        }
        return this.hasOnlySignedEntries;
    }

    public boolean hasSingleCodeSource() {
        return this.hasSingleCodeSource;
    }

    public boolean hasMissingSignedEntries() {
        return this.hasMissingSignedEntries;
    }

    public static JarVerifier create(URL url, String str, File file, File file2) {
        JarVerifier create = JarAsBLOBVerifier.create(url, str, file, file2);
        if (create == null) {
            create = EnhancedJarVerifier.create(url, str, file, file2);
            if (create == null) {
                create = SimpleJarVerifier.create(url, str, file, file2);
            }
        }
        return create;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void readAndMaybeSaveStreamTo(InputStream inputStream, boolean z, String str, File file) throws IOException {
        BufferedOutputStream bufferedOutputStream = null;
        byte[] bArr = new byte[16384];
        if (z && file != null) {
            try {
                File canonicalFile = new File(file, str).getCanonicalFile();
                if (canonicalFile.getParentFile().equals(file)) {
                    canonicalFile.getParentFile().mkdirs();
                    bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(canonicalFile));
                }
            } finally {
                if (bufferedOutputStream != null) {
                    bufferedOutputStream.close();
                }
                if (inputStream != null) {
                    inputStream.close();
                }
            }
        }
        while (true) {
            int read = inputStream.read(bArr, 0, bArr.length);
            if (read == -1) {
                break;
            } else if (bufferedOutputStream != null) {
                bufferedOutputStream.write(bArr, 0, read);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    public void processCertificates(JarFile jarFile, JarEntry jarEntry, String str) throws MalformedURLException {
        Certificate[] certificates;
        HashMap hashMap = new HashMap();
        if (this.hasSingleCodeSource) {
            this.signerMapCert.put(str, this.singleSignerIndicesCert);
            return;
        }
        if (jarEntry != null) {
            certificates = jarEntry.getCertificates();
        } else {
            CodeSource codeSource = SharedSecrets.javaUtilJarAccess().getCodeSource(jarFile, this.jarLocation, str);
            certificates = codeSource != null ? codeSource.getCertificates() : null;
        }
        if (certificates == null || certificates.length <= 0) {
            return;
        }
        int[] iArr = new int[certificates.length];
        for (int i = 0; i < certificates.length; i++) {
            int indexOf = this.signerCerts.indexOf(certificates[i]);
            if (indexOf == -1) {
                indexOf = this.signerCerts.size();
                this.signerCerts.add(certificates[i]);
            }
            iArr[i] = indexOf;
        }
        String valueOf = String.valueOf(iArr.length);
        for (int i2 : iArr) {
            valueOf = valueOf + " " + i2;
        }
        int[] iArr2 = (int[]) hashMap.get(valueOf);
        if (iArr2 == null) {
            hashMap.put(valueOf, iArr);
            this.codeSourceCertCache.put(iArr, new CodeSource(this.jarLocation, certificates));
        } else {
            iArr = iArr2;
        }
        this.signerMapCert.put(str, iArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    public void processSigners(JarFile jarFile, JarEntry jarEntry, String str) throws MalformedURLException {
        CodeSigner[] codeSigners;
        if (Config.isJavaVersionAtLeast15()) {
            HashMap hashMap = new HashMap();
            if (this.hasSingleCodeSource) {
                this.signerMap.put(str, this.singleSignerIndicesCS);
                return;
            }
            if (jarEntry != null) {
                codeSigners = jarEntry.getCodeSigners();
            } else {
                CodeSource codeSource = SharedSecrets.javaUtilJarAccess().getCodeSource(jarFile, this.jarLocation, str);
                codeSigners = codeSource != null ? codeSource.getCodeSigners() : null;
            }
            if (codeSigners == null || codeSigners.length <= 0) {
                return;
            }
            int[] iArr = new int[codeSigners.length];
            for (int i = 0; i < codeSigners.length; i++) {
                int indexOf = this.signersCS.indexOf(codeSigners[i]);
                if (indexOf == -1) {
                    indexOf = this.signersCS.size();
                    this.signersCS.add(codeSigners[i]);
                }
                iArr[i] = indexOf;
            }
            String valueOf = String.valueOf(iArr.length);
            for (int i2 : iArr) {
                valueOf = valueOf + " " + i2;
            }
            int[] iArr2 = (int[]) hashMap.get(valueOf);
            if (iArr2 == null) {
                hashMap.put(valueOf, iArr);
                this.codeSourceCache.put(iArr, new CodeSource(this.jarLocation, codeSigners));
            } else {
                iArr = iArr2;
            }
            this.signerMap.put(str, iArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void authenticateJarEntry(JarFile jarFile, JarEntry jarEntry) throws IOException, JARSigningException {
        if (jarEntry == null) {
            return;
        }
        String name = jarEntry.getName();
        try {
            readAndMaybeSaveStreamTo(jarFile.getInputStream(jarEntry), this.nativePath != null && name.indexOf("/") == -1 && name.indexOf("\\") == -1, name, this.nativePath);
        } catch (SecurityException e) {
            throw new JARSigningException(this.jarLocation, this.jarVersion, 2, e);
        }
    }

    public static JarFile getValidatedJarFile(File file, URL url, URL url2, String str, DownloadDelegate downloadDelegate) throws IOException {
        JarVerifier create = create(url2, str, file, null);
        JarFile jarFile = new JarFile(file);
        if (downloadDelegate != null) {
            downloadDelegate.validating(url, 0, jarFile.size());
        }
        try {
            try {
                try {
                    create.validate(downloadDelegate);
                    if (create instanceof JarAsBLOBVerifier) {
                        jarFile = new SignedAsBlobJarFile(file, (JarAsBLOBVerifier) create);
                    }
                    if (BlackList.getInstance().checkJarFile(jarFile)) {
                        return null;
                    }
                    if (1 == 0) {
                        jarFile.close();
                    }
                    if (1 != 0) {
                        return jarFile;
                    }
                    return null;
                } catch (SecurityException e) {
                    throw new JARSigningException(url, str, 2, e);
                }
            } catch (ZipException e2) {
                throw new JARSigningException(url, str, 2, e2);
            }
        } finally {
            if (0 == 0) {
                jarFile.close();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void warnIfUnsigned() {
        if (this.signersCS.isEmpty()) {
            Trace.println("Failed to validate jar at \"" + getJarLocation() + "\", the jar may be signed by a weak algorithm that is now disabled, for example MD2 or MD5. Please turn on \"-Djava.security.debug=jar\" to get more detailed trace or go to http://www.java.com/jcpsecurity to find more information.", TraceLevel.SECURITY);
        }
    }
}
