package gnu.classpath.tools.jarsigner;

import gnu.classpath.Configuration;
import gnu.java.security.OID;
import gnu.java.security.der.DERValue;
import gnu.java.security.pkcs.PKCS7Data;
import gnu.java.security.pkcs.PKCS7SignedData;
import gnu.java.security.pkcs.SignerInfo;
import gnu.java.security.sig.dss.DSSSignature;
import gnu.java.security.sig.dss.DSSSignatureX509Codec;
import gnu.java.security.sig.rsa.RSAPKCS1V1_5Signature;
import gnu.java.security.sig.rsa.RSAPKCS1V1_5SignatureX509Codec;
import gnu.java.security.util.Util;
import gnu.java.util.jar.JarUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.JarOutputStream;
import java.util.jar.Manifest;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:gnu/classpath/tools/jarsigner/SFHelper.class */
public class SFHelper {
    private static final int READY = 0;
    private static final int STARTED = 1;
    private static final int FINISHED = 2;
    private static final int SF_GENERATED = 3;
    private static final int DSA_GENERATED = 4;
    private int state = 0;
    private JarFile jar;
    private Manifest manifest;
    private Attributes sfMainAttributes;
    private Map<String, Attributes> sfEntries;
    private byte[] sfBytes;
    private HashUtils util;
    private static final Logger log = Logger.getLogger(SFHelper.class.getName());
    private static final OID hashAlgorithmIdentifierSHA1 = new OID("1.3.14.3.2.26");

    public SFHelper(JarFile jarFile) {
        this.jar = jarFile;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void writeSF(JarOutputStream jarOutputStream) throws IOException {
        if (this.state != 2) {
            throw new IllegalStateException(Messages.getString("SFHelper.1"));
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        JarUtils.writeSFManifest(this.sfMainAttributes, this.sfEntries, byteArrayOutputStream);
        this.sfBytes = byteArrayOutputStream.toByteArray();
        if (Configuration.DEBUG) {
            log.fine("\n" + Util.dumpString(this.sfBytes, "+++ sfBytes "));
        }
        jarOutputStream.write(this.sfBytes);
        jarOutputStream.flush();
        this.state = 3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void writeDSA(JarOutputStream jarOutputStream, PrivateKey privateKey, Certificate[] certificateArr, boolean z) throws IOException, CertificateEncodingException, CRLException {
        DSSSignature rSAPKCS1V1_5Signature;
        DSSSignatureX509Codec rSAPKCS1V1_5SignatureX509Codec;
        OID oid;
        if (this.state != 3) {
            throw new IllegalStateException(Messages.getString("SFHelper.4"));
        }
        if (Configuration.DEBUG) {
            log.fine("+++ signer private key = " + privateKey);
        }
        if (privateKey instanceof DSAPrivateKey) {
            rSAPKCS1V1_5Signature = new DSSSignature();
            rSAPKCS1V1_5SignatureX509Codec = new DSSSignatureX509Codec();
            oid = Main.DSA_SIGNATURE_OID;
        } else {
            if (!(privateKey instanceof RSAPrivateKey)) {
                throw new SecurityException(Messages.getString("SFHelper.6"));
            }
            rSAPKCS1V1_5Signature = new RSAPKCS1V1_5Signature("md5");
            rSAPKCS1V1_5SignatureX509Codec = new RSAPKCS1V1_5SignatureX509Codec();
            oid = Main.RSA_SIGNATURE_OID;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("gnu.crypto.sig.private.key", privateKey);
        rSAPKCS1V1_5Signature.setupSign(hashMap);
        rSAPKCS1V1_5Signature.update(this.sfBytes, 0, this.sfBytes.length);
        byte[] encodeSignature = rSAPKCS1V1_5SignatureX509Codec.encodeSignature(rSAPKCS1V1_5Signature.sign());
        if (Configuration.DEBUG) {
            log.fine("\n" + Util.dumpString(encodeSignature, "+++ signedSFBytes "));
        }
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList(2);
        DERValue dERValue = new DERValue(6, hashAlgorithmIdentifierSHA1);
        DERValue dERValue2 = new DERValue(5, (Object) null);
        arrayList.add(dERValue);
        arrayList.add(dERValue2);
        hashSet.add(new DERValue(48, arrayList));
        PKCS7Data pKCS7Data = z ? new PKCS7Data(this.sfBytes) : null;
        X509CRL[] x509crlArr = (X509CRL[]) null;
        HashSet hashSet2 = new HashSet();
        X509Certificate x509Certificate = (X509Certificate) certificateArr[0];
        try {
            x509Certificate.checkValidity();
        } catch (CertificateExpiredException unused) {
            System.out.println(Messages.getFormattedString("SFHelper.0", new Object[]{getIssuerName(x509Certificate), getSubjectName(x509Certificate), getNotAfterDate(x509Certificate)}));
        } catch (CertificateNotYetValidException unused2) {
            System.out.println(Messages.getFormattedString("SFHelper.11", new Object[]{getIssuerName(x509Certificate), getSubjectName(x509Certificate), getNotBeforeDate(x509Certificate)}));
        }
        hashSet2.add(new SignerInfo(x509Certificate.getIssuerX500Principal(), x509Certificate.getSerialNumber(), hashAlgorithmIdentifierSHA1, (byte[]) null, oid, encodeSignature, (byte[]) null));
        new PKCS7SignedData(hashSet, pKCS7Data, certificateArr, x509crlArr, hashSet2).encode(jarOutputStream);
        jarOutputStream.flush();
        this.state = 4;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Manifest getManifest() {
        return this.manifest;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void startSigning() throws IOException {
        if (this.state != 0) {
            throw new IllegalStateException(Messages.getString("SFHelper.9"));
        }
        Manifest manifest = this.jar.getManifest();
        this.manifest = manifest == null ? new Manifest() : new Manifest(manifest);
        this.sfMainAttributes = new Attributes();
        this.sfEntries = new HashMap();
        this.util = new HashUtils();
        this.state = 1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updateEntry(JarEntry jarEntry) throws IOException {
        if (this.state != 1) {
            throw new IllegalStateException(Messages.getString("SFHelper.10"));
        }
        String name = jarEntry.getName();
        String hashStream = this.util.hashStream(this.jar.getInputStream(jarEntry));
        if (Configuration.DEBUG) {
            log.fine("Hash of " + name + " = " + hashStream);
        }
        Attributes attributes = this.manifest.getAttributes(name);
        if (attributes == null) {
            attributes = new Attributes();
            this.manifest.getEntries().put(name, attributes);
        }
        attributes.putValue("SHA1-Digest", hashStream);
        String hashManifestEntry = this.util.hashManifestEntry(name, hashStream);
        Attributes attributes2 = this.sfEntries.get(name);
        if (attributes2 == null) {
            attributes2 = new Attributes();
            this.sfEntries.put(name, attributes2);
        }
        attributes2.putValue("SHA1-Digest", hashManifestEntry);
        if (Configuration.DEBUG) {
            log.fine("Name: " + name);
            log.fine("SHA1-Digest: " + hashManifestEntry);
            log.fine("");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void finishSigning(boolean z) throws IOException {
        if (this.state != 1) {
            throw new IllegalStateException(Messages.getString("SFHelper.10"));
        }
        if (z) {
            return;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        this.manifest.write(byteArrayOutputStream);
        byteArrayOutputStream.flush();
        String hashByteArray = this.util.hashByteArray(byteArrayOutputStream.toByteArray());
        if (Configuration.DEBUG) {
            log.fine("Hashed Manifest " + hashByteArray);
        }
        this.sfMainAttributes.putValue("SHA1-Digest-Manifest", hashByteArray);
        this.state = 2;
    }

    private String getIssuerName(X509Certificate x509Certificate) {
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        if (issuerX500Principal == null) {
            if (Configuration.DEBUG) {
                log.fine("Certiticate, with serial number " + x509Certificate.getSerialNumber() + ", has null Issuer. Return [unknown]");
            }
            return Messages.getString("SFHelper.14");
        }
        String name = issuerX500Principal.getName();
        if (name != null) {
            return name;
        }
        if (Configuration.DEBUG) {
            log.fine("Certiticate, with serial number " + x509Certificate.getSerialNumber() + ", has an Issuer with null DN. Return [unnamed]");
        }
        return Messages.getString("SFHelper.17");
    }

    private String getSubjectName(X509Certificate x509Certificate) {
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        if (subjectX500Principal == null) {
            if (Configuration.DEBUG) {
                log.fine("Certiticate, with serial number " + x509Certificate.getSerialNumber() + ", has null Subject. Return [unknown]");
            }
            return Messages.getString("SFHelper.14");
        }
        String name = subjectX500Principal.getName();
        if (name != null) {
            return name;
        }
        if (Configuration.DEBUG) {
            log.fine("Certiticate, with serial number " + x509Certificate.getSerialNumber() + ", has a Subject with null DN. Return [unnamed]");
        }
        return Messages.getString("SFHelper.17");
    }

    private Date getNotAfterDate(X509Certificate x509Certificate) {
        Date notAfter = x509Certificate.getNotAfter();
        if (notAfter != null) {
            return notAfter;
        }
        if (Configuration.DEBUG) {
            log.fine("Certiticate, with serial number " + x509Certificate.getSerialNumber() + ", has null start-validity date. Return epoch");
        }
        return new Date(0L);
    }

    private Date getNotBeforeDate(X509Certificate x509Certificate) {
        Date notBefore = x509Certificate.getNotBefore();
        if (notBefore != null) {
            return notBefore;
        }
        if (Configuration.DEBUG) {
            log.fine("Certiticate, with serial number " + x509Certificate.getSerialNumber() + ", has null end-validity date. Return epoch");
        }
        return new Date(0L);
    }
}
