package gnu.classpath.tools.jarsigner;

import gnu.classpath.Configuration;
import gnu.java.security.pkcs.PKCS7SignedData;
import gnu.java.security.pkcs.SignerInfo;
import gnu.java.security.sig.dss.DSSSignature;
import gnu.java.security.sig.dss.DSSSignatureX509Codec;
import gnu.java.security.sig.rsa.RSAPKCS1V1_5Signature;
import gnu.java.security.sig.rsa.RSAPKCS1V1_5SignatureX509Codec;
import gnu.java.security.util.Util;
import gnu.java.util.jar.JarUtils;
import java.io.IOException;
import java.io.InputStream;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.logging.Logger;
import java.util.zip.ZipException;
import org.objectweb.asm.Opcodes;

/* loaded from: input_file:gnu/classpath/tools/jarsigner/JarVerifier.class */
public class JarVerifier {
    private static final Logger log = Logger.getLogger(JarVerifier.class.getName());
    private Main main;
    private JarFile jarFile;
    private HashUtils util = new HashUtils();
    private Map<String, String> entryHashes = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    public JarVerifier(Main main) {
        this.main = main;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void start() throws Exception {
        if (Configuration.DEBUG) {
            log.entering(getClass().getName(), "start");
        }
        this.jarFile = new JarFile(this.main.getJarFileName());
        ArrayList<String> arrayList = new ArrayList();
        Enumeration<JarEntry> entries = this.jarFile.entries();
        while (entries.hasMoreElements()) {
            String name = entries.nextElement().getName();
            if (name.startsWith("META-INF/") && name.endsWith(".SF")) {
                String[] split = name.split("/");
                if (split.length == 2) {
                    String str = split[1];
                    arrayList.add(str.substring(0, str.length() - 3));
                }
            }
        }
        if (arrayList.isEmpty()) {
            System.out.println(Messages.getString("JarVerifier.2"));
        } else {
            int size = arrayList.size();
            int i = 0;
            for (String str2 : arrayList) {
                if (verifySF(str2) && verifySFEntries(str2)) {
                    i++;
                }
            }
            if (i == 0) {
                System.out.println(Messages.getString("JarVerifier.3"));
            } else if (i != size) {
                System.out.println(Messages.getFormattedString("JarVerifier.4", new Integer[]{Integer.valueOf(i), Integer.valueOf(size)}));
            } else {
                System.out.println(Messages.getFormattedString("JarVerifier.7", Integer.valueOf(size)));
            }
        }
        if (Configuration.DEBUG) {
            log.exiting(getClass().getName(), "start");
        }
    }

    private boolean verifySF(String str) throws CRLException, CertificateException, ZipException, IOException {
        DSSSignature rSAPKCS1V1_5Signature;
        DSSSignatureX509Codec rSAPKCS1V1_5SignatureX509Codec;
        if (Configuration.DEBUG) {
            log.entering(getClass().getName(), "verifySF");
            log.fine("About to verify signature of " + str + "...");
        }
        JarEntry jarEntry = this.jarFile.getJarEntry("META-INF/" + str + ".DSA");
        if (jarEntry == null) {
            throw new SecurityException(Messages.getFormattedString("JarVerifier.13", str));
        }
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(this.jarFile.getInputStream(jarEntry));
        Set signerInfos = pKCS7SignedData.getSignerInfos();
        if (signerInfos == null || signerInfos.isEmpty()) {
            throw new SecurityException(Messages.getString("JarVerifier.14"));
        }
        SignerInfo signerInfo = (SignerInfo) signerInfos.iterator().next();
        byte[] encryptedDigest = signerInfo.getEncryptedDigest();
        if (encryptedDigest == null) {
            throw new SecurityException(Messages.getString("JarVerifier.16"));
        }
        if (Configuration.DEBUG) {
            log.fine("\n" + Util.dumpString(encryptedDigest, "--- signedSFBytes "));
        }
        PublicKey publicKey = pKCS7SignedData.getCertificates()[0].getPublicKey();
        if (Configuration.DEBUG) {
            log.fine("--- verifier public key = " + publicKey);
        }
        if (signerInfo.getDigestEncryptionAlgorithmId().equals(Main.DSA_SIGNATURE_OID)) {
            rSAPKCS1V1_5Signature = new DSSSignature();
            rSAPKCS1V1_5SignatureX509Codec = new DSSSignatureX509Codec();
        } else {
            rSAPKCS1V1_5Signature = new RSAPKCS1V1_5Signature("md5");
            rSAPKCS1V1_5SignatureX509Codec = new RSAPKCS1V1_5SignatureX509Codec();
        }
        HashMap hashMap = new HashMap();
        hashMap.put("gnu.crypto.sig.public.key", publicKey);
        rSAPKCS1V1_5Signature.setupVerify(hashMap);
        Object decodeSignature = rSAPKCS1V1_5SignatureX509Codec.decodeSignature(encryptedDigest);
        InputStream inputStream = this.jarFile.getInputStream(this.jarFile.getJarEntry("META-INF/" + str + ".SF"));
        byte[] bArr = new byte[Opcodes.ACC_STRICT];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                break;
            }
            if (read > 0) {
                rSAPKCS1V1_5Signature.update(bArr, 0, read);
            }
        }
        boolean verify = rSAPKCS1V1_5Signature.verify(decodeSignature);
        if (Configuration.DEBUG) {
            log.fine("Signature block [" + str + "] is " + (verify ? "" : "NOT ") + "OK");
            log.exiting(getClass().getName(), "verifySF", Boolean.valueOf(verify));
        }
        return verify;
    }

    private boolean verifySFEntries(String str) throws IOException {
        if (Configuration.DEBUG) {
            log.entering(getClass().getName(), "verifySFEntries");
        }
        InputStream inputStream = this.jarFile.getInputStream(this.jarFile.getJarEntry("META-INF/" + str + ".SF"));
        Attributes attributes = new Attributes();
        HashMap hashMap = new HashMap();
        JarUtils.readSFManifest(attributes, hashMap, inputStream);
        String value = attributes.getValue(Main.DIGEST_MANIFEST_ATTR);
        boolean verifyManifest = value != null ? verifyManifest(value) : false;
        if (!verifyManifest) {
            for (Map.Entry entry : hashMap.entrySet()) {
                verifyManifest = verifySFEntry((String) entry.getKey(), ((Attributes) entry.getValue()).getValue(Main.DIGEST_ATTR));
                if (!verifyManifest) {
                    break;
                }
            }
        }
        if (Configuration.DEBUG) {
            log.exiting(getClass().getName(), "verifySFEntries", Boolean.valueOf(verifyManifest));
        }
        return verifyManifest;
    }

    private boolean verifyManifest(String str) throws IOException {
        return verifySFEntry("META-INF/MANIFEST.MF", str);
    }

    private boolean verifySFEntry(String str, String str2) throws IOException {
        boolean equalsIgnoreCase = getEntryHash("META-INF/MANIFEST.MF").equalsIgnoreCase(str2);
        if (Configuration.DEBUG) {
            log.fine("Is " + str + " OK? " + equalsIgnoreCase);
        }
        return equalsIgnoreCase;
    }

    private String getEntryHash(String str) throws IOException {
        String str2 = this.entryHashes.get(str);
        if (str2 == null) {
            str2 = this.util.hashStream(this.jarFile.getInputStream(this.jarFile.getJarEntry(str)));
            this.entryHashes.put(str, str2);
        }
        return str2;
    }
}
