package sun.tools.jar;

import com.sun.java.swing.Action;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintStream;
import java.security.Identity;
import java.security.IdentityScope;
import java.security.KeyManagementException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import sun.misc.BASE64Decoder;
import sun.net.www.MessageHeader;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.ParsingException;
import sun.security.pkcs.SignerInfo;
import sun.security.provider.SystemIdentity;
import sun.security.x509.X509Cert;

/* loaded from: input_file:sun/tools/jar/JarVerifierStream.class */
public class JarVerifierStream extends ZipInputStream {
    private static final boolean debug = false;
    private ZipEntry currentEntry;
    private Hashtable signatures;
    private Hashtable verifiedIdentities;
    private Hashtable sigFileIdentities;
    private boolean parsingBlock;
    private boolean parsingMeta;
    private boolean parsingManifest;
    private boolean processed;
    private Manifest manifest;
    private ByteArrayOutputStream baos;
    JarEntryVerifier jev;
    private IdentityScope scope;
    private static final char[] hexc = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

    public JarVerifierStream(InputStream inputStream) throws IOException, JarException {
        super(inputStream);
        this.parsingBlock = false;
        this.parsingMeta = true;
        this.parsingManifest = false;
        this.processed = false;
        this.jev = new JarEntryVerifier();
        this.signatures = new Hashtable();
        this.sigFileIdentities = new Hashtable();
        this.verifiedIdentities = new Hashtable();
        this.baos = new ByteArrayOutputStream();
        this.scope = IdentityScope.getSystemScope();
    }

    @Override // java.util.zip.ZipInputStream
    public synchronized ZipEntry getNextEntry() throws IOException {
        if (this.currentEntry != null) {
            closeEntry();
        }
        this.currentEntry = super.getNextEntry();
        if (this.currentEntry == null) {
            return null;
        }
        this.processed = false;
        String name = this.currentEntry.getName();
        String upperCase = name.toUpperCase();
        if (this.parsingMeta && this.manifest == null && Manifest.isManifestName(upperCase)) {
            this.parsingManifest = true;
            this.baos.reset();
            this.jev.setEntry(null, null);
            return this.currentEntry;
        }
        if (this.parsingMeta && (upperCase.startsWith("META-INF/") || upperCase.startsWith("/META-INF/") || upperCase.startsWith("META-INF\\"))) {
            if (upperCase.endsWith(".DSA") || upperCase.endsWith(".RSA")) {
                this.parsingBlock = true;
                this.baos.reset();
                this.jev.setEntry(null, null);
            }
            return this.currentEntry;
        }
        if (this.parsingMeta) {
            this.parsingMeta = false;
        }
        if (this.currentEntry.isDirectory()) {
            this.jev.setEntry(null, null);
            return this.currentEntry;
        }
        if (name.startsWith("./")) {
            name = name.substring(2);
        }
        if (this.sigFileIdentities.get(name) != null) {
            this.jev.setEntry(this.manifest, name);
            return this.currentEntry;
        }
        this.jev.setEntry(null, null);
        return this.currentEntry;
    }

    @Override // java.util.zip.InflaterInputStream, java.io.FilterInputStream, java.io.InputStream
    public int read() throws IOException {
        int read = super.read();
        if (read == -1) {
            processEntry();
        } else if (this.parsingBlock || this.parsingManifest) {
            this.baos.write(read);
        } else {
            this.jev.update((byte) read);
        }
        return read;
    }

    @Override // java.util.zip.ZipInputStream, java.util.zip.InflaterInputStream, java.io.FilterInputStream, java.io.InputStream
    public int read(byte[] bArr, int i, int i2) throws IOException {
        int read = super.read(bArr, i, i2);
        if (read == -1) {
            processEntry();
        } else if (this.parsingBlock || this.parsingManifest) {
            this.baos.write(bArr, i, read);
        } else {
            this.jev.update(bArr, i, read);
        }
        return read;
    }

    private void processEntry() throws IOException {
        if (this.processed) {
            return;
        }
        this.processed = true;
        if (this.parsingManifest) {
            this.parsingManifest = false;
            this.manifest = new Manifest(this.baos.toByteArray());
            return;
        }
        if (!this.parsingBlock) {
            this.jev.verify(this.verifiedIdentities, this.sigFileIdentities);
            return;
        }
        this.parsingBlock = false;
        try {
            PKCS7 pkcs7 = new PKCS7(this.baos.toByteArray());
            SignatureFile signatureFile = new SignatureFile(pkcs7.getContentInfo().getData());
            this.signatures.put(signatureFile, pkcs7);
            processSignature(signatureFile, pkcs7);
        } catch (IOException unused) {
        } catch (NoSuchAlgorithmException unused2) {
        } catch (SignatureException unused3) {
        } catch (ParsingException unused4) {
        }
    }

    private void processSignature(SignatureFile signatureFile, PKCS7 pkcs7) throws JarException, SignatureException, NoSuchAlgorithmException {
        SignerInfo[] verify;
        MessageHeader entry;
        if (this.manifest == null || (verify = pkcs7.verify()) == null) {
            return;
        }
        BASE64Decoder bASE64Decoder = new BASE64Decoder();
        MessageDigest messageDigest = MessageDigest.getInstance("SHA");
        MessageDigest messageDigest2 = MessageDigest.getInstance("MD5");
        Vector identities = getIdentities(verify, pkcs7);
        Enumeration entries = signatureFile.entries();
        while (entries.hasMoreElements()) {
            MessageHeader messageHeader = (MessageHeader) entries.nextElement();
            String findValue = messageHeader.findValue(Action.NAME);
            if (findValue != null && (entry = this.manifest.getEntry(findValue)) != null) {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                entry.print(new PrintStream(byteArrayOutputStream));
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                boolean verifySigFileEntry = verifySigFileEntry(messageHeader, "SHA-Digest", byteArray, messageDigest, bASE64Decoder, findValue);
                boolean verifySigFileEntry2 = verifySigFileEntry(messageHeader, "MD5-Digest", byteArray, messageDigest2, bASE64Decoder, findValue);
                if (verifySigFileEntry || verifySigFileEntry2) {
                    addIdentities(findValue, identities);
                }
            }
        }
    }

    private boolean verifySigFileEntry(MessageHeader messageHeader, String str, byte[] bArr, MessageDigest messageDigest, BASE64Decoder bASE64Decoder, String str2) throws JarException {
        String findValue = messageHeader.findValue(str);
        if (findValue == null) {
            return false;
        }
        try {
            byte[] decodeBuffer = bASE64Decoder.decodeBuffer(findValue);
            messageDigest.reset();
            if (MessageDigest.isEqual(messageDigest.digest(bArr), decodeBuffer)) {
                return true;
            }
            throw new SecurityException(new StringBuffer("invalid ").append(messageDigest.getAlgorithm()).append(" signature file digest for ").append(str2).toString());
        } catch (IOException unused) {
            throw new SecurityException("unable to decode base64 digest");
        }
    }

    private Vector getIdentities(SignerInfo[] signerInfoArr, PKCS7 pkcs7) {
        Vector vector = null;
        if (this.scope == null) {
            return null;
        }
        for (SignerInfo signerInfo : signerInfoArr) {
            X509Cert certificate = signerInfo.getCertificate(pkcs7);
            PublicKey publicKey = certificate.getPublicKey();
            Identity identity = this.scope.getIdentity(publicKey);
            if (identity == null) {
                try {
                    identity = new SystemIdentity(certificate.getPrincipal().getName(), this.scope);
                    identity.setPublicKey(publicKey);
                    identity.addCertificate(certificate);
                } catch (KeyManagementException unused) {
                }
            }
            if (identity != null) {
                if (vector == null) {
                    vector = new Vector();
                }
                vector.addElement(identity);
            }
        }
        return vector;
    }

    private void addIdentities(String str, Vector vector) {
        if (vector == null) {
            return;
        }
        if (str.startsWith("./")) {
            str = str.substring(2);
        }
        Vector vector2 = (Vector) this.sigFileIdentities.get(str);
        if (vector2 == null) {
            vector2 = new Vector();
            this.sigFileIdentities.put(str, vector2);
        }
        Enumeration elements = vector.elements();
        while (elements.hasMoreElements()) {
            vector2.addElement(elements.nextElement());
        }
    }

    public Hashtable getVerifiedSignatures() {
        return this.verifiedIdentities;
    }

    public Enumeration getBlocks() {
        return this.signatures.elements();
    }

    public Hashtable getNameToHash() {
        return null;
    }

    public Manifest getManifest() {
        return this.manifest;
    }

    public Identity[] getIdentities(String str) {
        Vector vector = (Vector) this.verifiedIdentities.get(str);
        if (vector == null) {
            return null;
        }
        Identity[] identityArr = new Identity[vector.size()];
        vector.copyInto(identityArr);
        return identityArr;
    }

    public static String toHex(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (int i = 0; i < bArr.length; i++) {
            stringBuffer.append(hexc[(bArr[i] >> 4) & 15]);
            stringBuffer.append(hexc[bArr[i] & 15]);
        }
        return stringBuffer.toString();
    }
}
