package org.eclipse.osgi.internal.verifier;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import org.eclipse.osgi.baseadaptor.bundlefile.BundleEntry;
import org.eclipse.osgi.baseadaptor.bundlefile.BundleFile;
import org.eclipse.osgi.internal.provisional.verifier.CertificateChain;
import org.eclipse.osgi.internal.provisional.verifier.CertificateTrustAuthority;
import org.eclipse.osgi.internal.provisional.verifier.CertificateVerifier;
import org.eclipse.osgi.util.NLS;

/* loaded from: input_file:lib/modeshape-sequencer-java-2.8.1.Final-jar-with-dependencies.jar:org/eclipse/osgi/internal/verifier/SignedBundleFile.class */
public class SignedBundleFile extends BundleFile implements CertificateVerifier, JarVerifierConstant {
    private static DefaultTrustAuthority trustAllAuthority = new DefaultTrustAuthority(0);
    private BundleFile bundleFile;
    CertificateChain[] chains;
    Hashtable digests4entries;
    Hashtable results4entries;
    String manifestSHAResult;
    String manifestMD5Result;
    boolean certsInitialized;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:lib/modeshape-sequencer-java-2.8.1.Final-jar-with-dependencies.jar:org/eclipse/osgi/internal/verifier/SignedBundleFile$SignedBundleEntry.class */
    public class SignedBundleEntry extends BundleEntry {
        BundleEntry nestedEntry;
        final SignedBundleFile this$0;

        SignedBundleEntry(SignedBundleFile signedBundleFile, BundleEntry bundleEntry) {
            this.this$0 = signedBundleFile;
            this.nestedEntry = bundleEntry;
        }

        @Override // org.eclipse.osgi.baseadaptor.bundlefile.BundleEntry
        public InputStream getInputStream() throws IOException {
            String name = getName();
            String str = this.this$0.digests4entries == null ? null : (String) this.this$0.digests4entries.get(name);
            if (str == null) {
                throw new IOException(new StringBuffer("Corrupted file: the digest does not exist for the file ").append(name).toString());
            }
            return new DigestedInputStream(this.nestedEntry.getInputStream(), str, (byte[]) this.this$0.results4entries.get(name), this.nestedEntry.getSize());
        }

        @Override // org.eclipse.osgi.baseadaptor.bundlefile.BundleEntry
        public long getSize() {
            return this.nestedEntry.getSize();
        }

        @Override // org.eclipse.osgi.baseadaptor.bundlefile.BundleEntry
        public String getName() {
            return this.nestedEntry.getName();
        }

        @Override // org.eclipse.osgi.baseadaptor.bundlefile.BundleEntry
        public long getTime() {
            return this.nestedEntry.getTime();
        }

        @Override // org.eclipse.osgi.baseadaptor.bundlefile.BundleEntry
        public URL getLocalURL() {
            return this.nestedEntry.getLocalURL();
        }

        @Override // org.eclipse.osgi.baseadaptor.bundlefile.BundleEntry
        public URL getFileURL() {
            return this.nestedEntry.getFileURL();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SignedBundleFile() {
        this.manifestSHAResult = null;
        this.manifestMD5Result = null;
        this.certsInitialized = false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SignedBundleFile(CertificateChain[] certificateChainArr, Hashtable hashtable, Hashtable hashtable2, String str, String str2) {
        this.manifestSHAResult = null;
        this.manifestMD5Result = null;
        this.certsInitialized = false;
        this.chains = certificateChainArr;
        this.digests4entries = hashtable;
        this.results4entries = hashtable2;
        this.manifestMD5Result = str;
        this.manifestSHAResult = str2;
        this.certsInitialized = true;
    }

    private void verifyManifestAndSingatureFile(byte[] bArr, byte[] bArr2) {
        String stripContinuations = stripContinuations(new String(bArr2));
        int indexOf = stripContinuations.indexOf(JarVerifierConstant.digestManifestSearch);
        if (indexOf != -1) {
            int lastIndexOf = stripContinuations.lastIndexOf(10, indexOf);
            String str = null;
            if (lastIndexOf != -1) {
                String substring = stripContinuations.substring(lastIndexOf + 1, indexOf);
                if (substring.equalsIgnoreCase("MD5")) {
                    if (this.manifestMD5Result == null) {
                        this.manifestMD5Result = calculateDigest(getMessageDigest("MD5"), bArr);
                    }
                    str = this.manifestMD5Result;
                } else if (substring.equalsIgnoreCase(JarVerifierConstant.SHA1_STR)) {
                    if (this.manifestSHAResult == null) {
                        this.manifestSHAResult = calculateDigest(getMessageDigest(JarVerifierConstant.SHA1_STR), bArr);
                    }
                    str = this.manifestSHAResult;
                }
                int i = indexOf + digestManifestSearchLen;
                if (str.equals(stripContinuations.substring(i, stripContinuations.indexOf(10, i) - 1))) {
                    return;
                }
                SecurityException securityException = new SecurityException(NLS.bind(JarVerifierMessages.Security_File_Is_Tampered, (Object[]) new String[]{this.bundleFile.getBaseFile().toString()}));
                SignedBundleHook.log(securityException.getMessage(), 4, securityException);
                throw securityException;
            }
        }
    }

    private String getDigAlgFromSF(byte[] bArr) {
        String str = null;
        String str2 = new String(bArr);
        String str3 = null;
        int indexOf = str2.indexOf(JarVerifierConstant.MF_ENTRY_NEWLN_NAME);
        int length = str2.length();
        if (indexOf != -1 && indexOf < length) {
            int indexOf2 = str2.indexOf(JarVerifierConstant.MF_ENTRY_NEWLN_NAME, indexOf + 1);
            if (indexOf2 == -1) {
                indexOf2 = str2.length();
            }
            str3 = stripContinuations(str2.substring(indexOf + 1, indexOf2));
        }
        if (str3 != null) {
            str = getMessageDigestName(getDigestLine(str3, null));
        }
        return str;
    }

    private void populateManifest(byte[] bArr, String str) {
        String digestLine;
        String str2 = new String(bArr);
        int indexOf = str2.indexOf(JarVerifierConstant.MF_ENTRY_NEWLN_NAME);
        int length = str2.length();
        while (indexOf != -1 && indexOf < length) {
            int indexOf2 = str2.indexOf(JarVerifierConstant.MF_ENTRY_NEWLN_NAME, indexOf + 1);
            if (indexOf2 == -1) {
                indexOf2 = str2.length();
            }
            String stripContinuations = stripContinuations(str2.substring(indexOf + 1, indexOf2));
            String entryFileName = getEntryFileName(stripContinuations);
            if (entryFileName != null && (digestLine = getDigestLine(stripContinuations, str)) != null) {
                String digestAlgorithmFromString = getDigestAlgorithmFromString(digestLine);
                byte[] digestResultsList = getDigestResultsList(digestLine);
                if (this.digests4entries == null) {
                    this.digests4entries = new Hashtable(10);
                    this.results4entries = new Hashtable(10);
                }
                if (!this.digests4entries.contains(entryFileName)) {
                    this.digests4entries.put(entryFileName, digestAlgorithmFromString);
                    this.results4entries.put(entryFileName, digestResultsList);
                }
            }
            indexOf = indexOf2;
        }
    }

    private String stripContinuations(String str) {
        if (str.indexOf("\n ") < 0) {
            return str;
        }
        StringBuffer stringBuffer = new StringBuffer(str.length());
        int indexOf = str.indexOf("\n ");
        int i = 0;
        while (indexOf >= 0) {
            stringBuffer.append(str.substring(i, indexOf - 1));
            i = indexOf + 2;
            indexOf = indexOf + 2 < str.length() ? str.indexOf("\n ", indexOf + 2) : -1;
        }
        if (i < str.length()) {
            stringBuffer.append(str.substring(i));
        }
        return stringBuffer.toString();
    }

    private String getEntryFileName(String str) {
        int indexOf = str.indexOf(JarVerifierConstant.MF_ENTRY_NAME);
        if (indexOf == -1) {
            return null;
        }
        int indexOf2 = str.indexOf(10, indexOf);
        if (indexOf2 == -1) {
            return null;
        }
        if (str.charAt(indexOf2 - 1) == '\r') {
            indexOf2--;
        }
        int length = indexOf + JarVerifierConstant.MF_ENTRY_NAME.length();
        if (length >= indexOf2) {
            return null;
        }
        return str.substring(length, indexOf2);
    }

    /* JADX WARN: Code restructure failed: missing block: B:23:0x0092, code lost:
    
        return r7;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String getDigestLine(java.lang.String r5, java.lang.String r6) {
        /*
            r4 = this;
            r0 = 0
            r7 = r0
            r0 = r5
            java.lang.String r1 = "-Digest: "
            int r0 = r0.indexOf(r1)
            r8 = r0
            r0 = r8
            r1 = -1
            if (r0 != r1) goto L8b
            r0 = 0
            return r0
        L12:
            r0 = r5
            r1 = 10
            r2 = r8
            int r0 = r0.lastIndexOf(r1, r2)
            r9 = r0
            r0 = r9
            r1 = -1
            if (r0 != r1) goto L24
            r0 = 0
            return r0
        L24:
            r0 = r5
            r1 = 10
            r2 = r8
            int r0 = r0.indexOf(r1, r2)
            r10 = r0
            r0 = r10
            r1 = -1
            if (r0 != r1) goto L36
            r0 = 0
            return r0
        L36:
            r0 = r10
            r11 = r0
            r0 = r5
            r1 = r11
            r2 = 1
            int r1 = r1 - r2
            char r0 = r0.charAt(r1)
            r1 = 13
            if (r0 != r1) goto L4a
            int r11 = r11 + (-1)
        L4a:
            r0 = r9
            r1 = 1
            int r0 = r0 + r1
            r12 = r0
            r0 = r12
            r1 = r11
            if (r0 < r1) goto L59
            r0 = 0
            return r0
        L59:
            r0 = r5
            r1 = r12
            r2 = r11
            java.lang.String r0 = r0.substring(r1, r2)
            r13 = r0
            r0 = r4
            r1 = r13
            java.lang.String r0 = r0.getMessageDigestName(r1)
            r14 = r0
            r0 = r6
            if (r0 == 0) goto L7e
            r0 = r6
            r1 = r14
            boolean r0 = r0.equalsIgnoreCase(r1)
            if (r0 == 0) goto L7e
            r0 = r13
            r7 = r0
            goto L91
        L7e:
            r0 = r13
            r7 = r0
            r0 = r5
            java.lang.String r1 = "-Digest: "
            r2 = r10
            int r0 = r0.indexOf(r1, r2)
            r8 = r0
        L8b:
            r0 = r8
            r1 = -1
            if (r0 != r1) goto L12
        L91:
            r0 = r7
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.osgi.internal.verifier.SignedBundleFile.getDigestLine(java.lang.String, java.lang.String):java.lang.String");
    }

    private String getDigestAlgorithmFromString(String str) {
        if (str == null) {
            return null;
        }
        String substring = str.substring(0, str.indexOf(JarVerifierConstant.MF_DIGEST_PART));
        if (substring.equalsIgnoreCase("MD5")) {
            return "MD5";
        }
        if (substring.equalsIgnoreCase(JarVerifierConstant.SHA1_STR)) {
            return JarVerifierConstant.SHA1_STR;
        }
        throw new SecurityException(NLS.bind(JarVerifierMessages.Algorithm_Not_Supported, substring));
    }

    private String getMessageDigestName(String str) {
        int indexOf;
        String str2 = null;
        if (str != null && (indexOf = str.indexOf(JarVerifierConstant.MF_DIGEST_PART)) != -1) {
            str2 = str.substring(0, indexOf);
        }
        return str2;
    }

    private byte[] getDigestResultsList(String str) {
        byte[] bArr = (byte[]) null;
        if (str != null) {
            int indexOf = str.indexOf(JarVerifierConstant.MF_DIGEST_PART) + JarVerifierConstant.MF_DIGEST_PART.length();
            if (indexOf >= str.length()) {
            }
            try {
                bArr = Base64.decode(str.substring(indexOf).getBytes());
            } catch (Throwable unused) {
                bArr = (byte[]) null;
            }
        }
        return bArr;
    }

    private static int readFully(InputStream inputStream, byte[] bArr) throws IOException {
        int length = bArr.length;
        int i = 0;
        while (true) {
            int i2 = i;
            int read = inputStream.read(bArr, i2, length);
            if (read <= 0) {
                return i2;
            }
            length -= read;
            i = i2 + read;
        }
    }

    byte[] readIntoArray(BundleEntry bundleEntry) throws IOException {
        int size = (int) bundleEntry.getSize();
        byte[] bArr = new byte[size];
        int readFully = readFully(bundleEntry.getInputStream(), bArr);
        if (readFully != size) {
            throw new IOException(new StringBuffer("Couldn't read all of ").append(bundleEntry.getName()).append(": ").append(readFully).append(" != ").append(size).toString());
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setBundleFile(BundleFile bundleFile, int i) throws IOException {
        BundleEntry entry;
        this.bundleFile = bundleFile;
        if (this.certsInitialized || (entry = bundleFile.getEntry("META-INF/MANIFEST.MF")) == null) {
            return;
        }
        Enumeration entryPaths = bundleFile.getEntryPaths(JarVerifierConstant.META_INF);
        ArrayList<String> arrayList = new ArrayList(2);
        while (entryPaths.hasMoreElements()) {
            String str = (String) entryPaths.nextElement();
            if (str.endsWith(JarVerifierConstant.DOT_DSA) || str.endsWith(JarVerifierConstant.DOT_RSA)) {
                if (str.indexOf(47) == str.lastIndexOf(47)) {
                    arrayList.add(str);
                }
            }
        }
        if (arrayList.size() == 0) {
            return;
        }
        byte[] readIntoArray = readIntoArray(entry);
        String findLatestSigner = findLatestSigner(bundleFile, arrayList);
        try {
            ArrayList arrayList2 = new ArrayList(arrayList.size());
            int i2 = 0;
            for (String str2 : arrayList) {
                PKCS7Processor processSigner = processSigner(bundleFile, readIntoArray, str2, findLatestSigner, i);
                boolean z = false;
                try {
                    processSigner.validateCerts();
                    determineCertsTrust(processSigner, i);
                } catch (InvalidKeyException unused) {
                    z = true;
                } catch (CertificateExpiredException unused2) {
                } catch (CertificateNotYetValidException unused3) {
                }
                if (!z) {
                    if (str2 == findLatestSigner) {
                        arrayList2.add(0, processSigner);
                    } else {
                        arrayList2.add(processSigner);
                    }
                }
                i2++;
            }
            this.chains = arrayList2.size() == 0 ? null : (CertificateChain[]) arrayList2.toArray(new CertificateChain[arrayList2.size()]);
        } catch (SignatureException unused4) {
            throw new SecurityException(NLS.bind(JarVerifierMessages.Signature_Not_Verify_1, (Object[]) new String[]{findLatestSigner, bundleFile.toString()}));
        }
    }

    private void determineCertsTrust(PKCS7Processor pKCS7Processor, int i) {
        CertificateTrustAuthority trustAuthority = (i & 2) != 0 ? SignedBundleHook.getTrustAuthority() : trustAllAuthority;
        if (trustAuthority != null) {
            pKCS7Processor.determineTrust(trustAuthority);
        }
    }

    private PKCS7Processor processSigner(BundleFile bundleFile, byte[] bArr, String str, String str2, int i) throws IOException, SignatureException {
        byte[] readIntoArray = readIntoArray(bundleFile.getEntry(str));
        byte[] readIntoArray2 = readIntoArray(bundleFile.getEntry(new StringBuffer(String.valueOf(str.substring(0, str.lastIndexOf(46)))).append(JarVerifierConstant.DOT_SF).toString()));
        try {
            PKCS7Processor pKCS7Processor = new PKCS7Processor(readIntoArray, 0, readIntoArray.length);
            pKCS7Processor.verifySFSignature(readIntoArray2, 0, readIntoArray2.length);
            String digAlgFromSF = getDigAlgFromSF(readIntoArray2);
            if (digAlgFromSF == null) {
                throw new SecurityException(NLS.bind(JarVerifierMessages.SF_File_Parsing_Error, (Object[]) new String[]{bundleFile.toString()}));
            }
            if (str2 == str) {
                verifyManifestAndSingatureFile(bArr, readIntoArray2);
                if ((i & 4) != 0) {
                    populateManifest(bArr, digAlgFromSF);
                }
            }
            return pKCS7Processor;
        } catch (InvalidKeyException e) {
            SignedBundleHook.log(e.getMessage(), 4, e);
            throw new SecurityException(NLS.bind(JarVerifierMessages.Invalid_Key_Exception, (Object[]) new String[]{bundleFile.getBaseFile().toString(), e.getMessage()}));
        } catch (NoSuchAlgorithmException e2) {
            SignedBundleHook.log(e2.getMessage(), 4, e2);
            throw new SecurityException(NLS.bind(JarVerifierMessages.PKCS7_No_Such_Algorithm, (Object[]) new String[]{bundleFile.getBaseFile().toString(), e2.getMessage()}));
        } catch (CertificateException e3) {
            SignedBundleHook.log(e3.getMessage(), 4, e3);
            throw new SecurityException(NLS.bind(JarVerifierMessages.PKCS7_Cert_Excep, (Object[]) new String[]{bundleFile.getBaseFile().toString(), e3.getMessage()}));
        }
    }

    private String findLatestSigner(BundleFile bundleFile, List list) {
        String str = null;
        long j = Long.MIN_VALUE;
        Iterator it = list.iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            BundleEntry entry = bundleFile.getEntry(str2);
            if (entry.getTime() > j) {
                str = str2;
                j = entry.getTime();
            }
        }
        return str;
    }

    private String calculateDigest(MessageDigest messageDigest, byte[] bArr) {
        return new String(Base64.encode(messageDigest.digest(bArr)));
    }

    @Override // org.eclipse.osgi.baseadaptor.bundlefile.BundleFile
    public File getFile(String str, boolean z) {
        return this.bundleFile.getFile(str, z);
    }

    @Override // org.eclipse.osgi.baseadaptor.bundlefile.BundleFile
    public BundleEntry getEntry(String str) {
        if (str.length() > 0 && str.charAt(0) == '/') {
            str = str.substring(1);
        }
        BundleEntry entry = this.bundleFile.getEntry(str);
        if (this.digests4entries == null) {
            return entry;
        }
        if (entry == null) {
            if (this.digests4entries.get(str) == null) {
                return null;
            }
            throw new SecurityException(NLS.bind(JarVerifierMessages.file_is_removed_from_jar, getBaseFile().toString(), str));
        }
        if (!entry.getName().startsWith(JarVerifierConstant.META_INF) && isSigned()) {
            return new SignedBundleEntry(this, entry);
        }
        return entry;
    }

    @Override // org.eclipse.osgi.baseadaptor.bundlefile.BundleFile
    public Enumeration getEntryPaths(String str) {
        return this.bundleFile.getEntryPaths(str);
    }

    @Override // org.eclipse.osgi.baseadaptor.bundlefile.BundleFile
    public void close() throws IOException {
        this.bundleFile.close();
    }

    @Override // org.eclipse.osgi.baseadaptor.bundlefile.BundleFile
    public void open() throws IOException {
        this.bundleFile.open();
    }

    @Override // org.eclipse.osgi.baseadaptor.bundlefile.BundleFile
    public boolean containsDir(String str) {
        return this.bundleFile.containsDir(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean matchDNChain(String str) {
        CertificateChain[] chains = getChains();
        for (int i = 0; i < chains.length; i++) {
            if (chains[i].isTrusted() && DNChainMatching.match(chains[i].getChain(), str)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.eclipse.osgi.baseadaptor.bundlefile.BundleFile
    public File getBaseFile() {
        return this.bundleFile.getBaseFile();
    }

    @Override // org.eclipse.osgi.internal.provisional.verifier.CertificateVerifier
    public void checkContent() throws CertificateException, CertificateExpiredException, SignatureException {
        if (!isSigned() || this.digests4entries == null) {
            return;
        }
        Enumeration keys = this.digests4entries.keys();
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            BundleEntry entry = getEntry(str);
            if (entry == null) {
                throw new SecurityException(NLS.bind(JarVerifierMessages.Jar_Is_Tampered, this.bundleFile.getBaseFile().getName()));
            }
            try {
                entry.getBytes();
            } catch (IOException e) {
                SignedBundleHook.log(e.getMessage(), 4, e);
                throw new SecurityException(NLS.bind(JarVerifierMessages.File_In_Jar_Is_Tampered, (Object[]) new String[]{str, this.bundleFile.getBaseFile().toString()}));
            }
        }
        for (int i = 0; i < this.chains.length; i++) {
            PKCS7Processor pKCS7Processor = (PKCS7Processor) this.chains[i];
            try {
                pKCS7Processor.validateCerts();
                determineCertsTrust(pKCS7Processor, 7);
            } catch (InvalidKeyException e2) {
                throw new CertificateException(e2.getMessage());
            }
        }
    }

    @Override // org.eclipse.osgi.internal.provisional.verifier.CertificateVerifier
    public String[] verifyContent() {
        if (!isSigned() || this.digests4entries == null) {
            return EMPTY_STRING;
        }
        ArrayList arrayList = new ArrayList(0);
        Enumeration keys = this.digests4entries.keys();
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            BundleEntry entry = getEntry(str);
            if (entry == null) {
                arrayList.add(str);
            } else {
                try {
                    entry.getBytes();
                } catch (IOException unused) {
                    arrayList.add(str);
                }
            }
        }
        return arrayList.size() == 0 ? EMPTY_STRING : (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    @Override // org.eclipse.osgi.internal.provisional.verifier.CertificateVerifier
    public CertificateChain[] getChains() {
        return !isSigned() ? new CertificateChain[0] : this.chains;
    }

    @Override // org.eclipse.osgi.internal.provisional.verifier.CertificateVerifier
    public boolean isSigned() {
        return this.chains != null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized MessageDigest getMessageDigest(String str) {
        try {
            return MessageDigest.getInstance(str);
        } catch (NoSuchAlgorithmException e) {
            SignedBundleHook.log(e.getMessage(), 4, e);
            return null;
        }
    }
}
