package kr.jclab.javautils.pluginloader;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.Provider;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.util.Store;

/* loaded from: input_file:kr/jclab/javautils/pluginloader/JarVerifier.class */
public class JarVerifier {
    private static Pattern SIG_FILE_PATTERN = Pattern.compile("^META-INF\\/([^/]+)\\.(SF|RSA|EC)$", 2);
    private final JarVerificationHandler jarVerificationHandler;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:kr/jclab/javautils/pluginloader/JarVerifier$SignatureFile.class */
    public static class SignatureFile {
        JarEntry plainFile;
        JarEntry signatureFile;

        public SignatureFile(JarEntry jarEntry, JarEntry jarEntry2) {
            this.plainFile = jarEntry;
            this.signatureFile = jarEntry2;
        }
    }

    public JarVerifier(JarVerificationHandler jarVerificationHandler) {
        this.jarVerificationHandler = jarVerificationHandler;
    }

    private boolean verifyCmsSignedData(JarVerificationContext jarVerificationContext, CMSSignedData cMSSignedData) throws Exception {
        Store certificates = cMSSignedData.getCertificates();
        SignerInformationStore signerInfos = cMSSignedData.getSignerInfos();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", (Provider) BCProviderHolder.PROVIDER);
        for (SignerInformation signerInformation : signerInfos.getSigners()) {
            Collection matches = certificates.getMatches(signerInformation.getSID());
            ArrayList arrayList = new ArrayList();
            Iterator it = matches.iterator();
            while (it.hasNext()) {
                arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(((X509CertificateHolder) it.next()).getEncoded())));
            }
            if (arrayList.isEmpty() || !signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BCProviderHolder.PROVIDER).build((X509Certificate) arrayList.get(0)))) {
                return false;
            }
            this.jarVerificationHandler.verify(jarVerificationContext, arrayList);
        }
        return true;
    }

    public final void verify(JarFile jarFile) throws IOException, SecurityException {
        byte[] bArr = new byte[1024];
        HashMap hashMap = new HashMap();
        Enumeration<JarEntry> entries = jarFile.entries();
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            nextElement.getCodeSigners();
            Matcher matcher = SIG_FILE_PATTERN.matcher(nextElement.getName());
            if (matcher.find()) {
                String lowerCase = matcher.group(1).toLowerCase();
                if (matcher.group(2).toLowerCase().equals("sf")) {
                    hashMap.compute(lowerCase, (str, signatureFile) -> {
                        if (signatureFile == null) {
                            return new SignatureFile(nextElement, null);
                        }
                        signatureFile.plainFile = nextElement;
                        return signatureFile;
                    });
                } else {
                    hashMap.compute(lowerCase, (str2, signatureFile2) -> {
                        if (signatureFile2 == null) {
                            return new SignatureFile(null, nextElement);
                        }
                        signatureFile2.signatureFile = nextElement;
                        return signatureFile2;
                    });
                }
            }
            InputStream inputStream = jarFile.getInputStream(nextElement);
            Throwable th = null;
            do {
                try {
                    try {
                    } finally {
                    }
                } catch (Throwable th2) {
                    if (inputStream != null) {
                        if (th != null) {
                            try {
                                inputStream.close();
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    throw th2;
                }
            } while (inputStream.read(bArr) > 0);
            if (inputStream != null) {
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    inputStream.close();
                }
            }
        }
        JarVerificationContext createContext = this.jarVerificationHandler.createContext();
        this.jarVerificationHandler.start(createContext);
        for (Map.Entry entry : hashMap.entrySet()) {
            if (((SignatureFile) entry.getValue()).signatureFile == null || ((SignatureFile) entry.getValue()).plainFile == null) {
                throw new SecurityException("Wrong signature: " + ((String) entry.getKey()));
            }
            try {
                if (!verifyCmsSignedData(createContext, new CMSSignedData(new CMSProcessableByteArray(readFullyJarEntry(((SignatureFile) entry.getValue()).plainFile, jarFile)), readFullyJarEntry(((SignatureFile) entry.getValue()).signatureFile, jarFile)))) {
                    throw new SecurityException("Failed to verify signature");
                }
            } catch (Exception e) {
                throw new SecurityException(e);
            }
        }
        this.jarVerificationHandler.end(createContext);
        if (!createContext.isVerified()) {
            throw new SecurityException("Failed to verify signature");
        }
    }

    private static byte[] readFullyJarEntry(JarEntry jarEntry, JarFile jarFile) throws IOException {
        byte[] bArr = new byte[(int) jarEntry.getSize()];
        InputStream inputStream = jarFile.getInputStream(jarEntry);
        Throwable th = null;
        try {
            int i = 0;
            while (true) {
                int read = inputStream.read(bArr, i, bArr.length - i);
                if (read <= 0) {
                    break;
                }
                i += read;
            }
            if (i != bArr.length) {
                throw new IOException("error");
            }
            return bArr;
        } finally {
            if (inputStream != null) {
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    inputStream.close();
                }
            }
        }
    }
}
