package com.sun.javaws.security;

import com.sun.deploy.cache.Cache;
import com.sun.deploy.cache.CacheEntry;
import com.sun.deploy.net.JARSigningException;
import com.sun.deploy.util.Trace;
import com.sun.deploy.util.TraceLevel;
import com.sun.javaws.Globals;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.CodeSource;
import java.security.cert.Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.Manifest;

/* loaded from: input_file:com/sun/javaws/security/SigningInfo.class */
public class SigningInfo {
    private static Certificate[] verifyAllEntriesSigned(JarFile jarFile, URL url, String str, CacheEntry cacheEntry) throws JARSigningException {
        boolean z = false;
        boolean z2 = false;
        Certificate[] certificateArr = null;
        HashMap hashMap = null;
        Certificate[] certificateArr2 = null;
        if (cacheEntry != null) {
            try {
                hashMap = cacheEntry.getCertificateMap();
                certificateArr2 = cacheEntry.getCertificates();
            } catch (IOException e) {
                throw new JARSigningException(url, str, 2, e);
            } catch (SecurityException e2) {
                throw new JARSigningException(url, str, 2, e2);
            }
        }
        Enumeration<JarEntry> entries = jarFile.entries();
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            String name = nextElement.getName();
            if (!name.startsWith("META-INF/") && !name.endsWith("/") && nextElement.getSize() != 0) {
                Certificate[] certificateArr3 = null;
                if (hashMap == null && certificateArr2 == null) {
                    certificateArr3 = nextElement.getCertificates();
                } else {
                    int[] iArr = (int[]) hashMap.get(name);
                    if (iArr != null) {
                        certificateArr3 = new Certificate[iArr.length];
                        for (int i = 0; i < iArr.length; i++) {
                            certificateArr3[i] = certificateArr2[iArr[i]];
                        }
                    }
                }
                if (certificateArr3 != null && certificateArr3.length == 0) {
                    certificateArr3 = null;
                }
                boolean z3 = false;
                if (certificateArr3 != null) {
                    z3 = true;
                    if (certificateArr == null) {
                        certificateArr = certificateArr3;
                    } else if (!equalChains(certificateArr, certificateArr3)) {
                        throw new JARSigningException(url, str, 1);
                    }
                }
                z = z || z3;
                z2 = z2 || !z3;
            }
        }
        if (z && z2) {
            throw new JARSigningException(url, str, 3);
        }
        return certificateArr;
    }

    private static void verifyAllSignedEntriesPresent(JarFile jarFile, CacheEntry cacheEntry, URL url, String str) throws JARSigningException {
        try {
            Manifest manifest = cacheEntry == null ? jarFile.getManifest() : cacheEntry.getManifest();
            Iterator<Map.Entry<String, Attributes>> it = manifest.getEntries().entrySet().iterator();
            while (it.hasNext()) {
                String key = it.next().getKey();
                if (isSignedManifestEntry(manifest, key) && jarFile.getEntry(key) == null) {
                    throw new JARSigningException(url, str, 4, key);
                }
            }
        } catch (IOException e) {
            throw new JARSigningException(url, str, 2, e);
        }
    }

    public static Certificate[] checkSigning(URL url, String str) throws JARSigningException {
        CacheEntry cacheEntry = Cache.getCacheEntry(url, (String) null, str);
        JarFile jarFile = null;
        try {
            try {
                jarFile = new JarFile(cacheEntry.getResourceFilename(), false);
                Certificate[] verifyAllEntriesSigned = verifyAllEntriesSigned(jarFile, url, str, cacheEntry);
                if (verifyAllEntriesSigned != null) {
                    verifyAllSignedEntriesPresent(jarFile, cacheEntry, url, str);
                }
                if (jarFile != null) {
                    try {
                        jarFile.close();
                    } catch (IOException e) {
                        Trace.ignoredException(e);
                    }
                }
                return verifyAllEntriesSigned;
            } catch (IOException e2) {
                throw new JARSigningException(url, str, 2, e2);
            }
        } catch (Throwable th) {
            if (jarFile != null) {
                try {
                    jarFile.close();
                } catch (IOException e3) {
                    Trace.ignoredException(e3);
                    throw th;
                }
            }
            throw th;
        }
    }

    public static Certificate[] checkSigning(URL url, String str, JarFile jarFile) throws JARSigningException {
        Certificate[] verifyAllEntriesSigned = verifyAllEntriesSigned(jarFile, url, str, null);
        if (verifyAllEntriesSigned != null) {
            verifyAllSignedEntriesPresent(jarFile, null, url, str);
        }
        return verifyAllEntriesSigned;
    }

    public static CodeSource getCodeSourceFromCache(URL url, String str) {
        CacheEntry cacheEntry = Cache.getCacheEntry(url, (String) null, str);
        return Globals.isJavaVersionAtLeast15() ? new CodeSource(url, cacheEntry.getCodeSigners()) : new CodeSource(url, cacheEntry.getCertificates());
    }

    public static CodeSource getCodeSourceFromJarFile(URL url, JarFile jarFile) {
        Enumeration<JarEntry> entries = jarFile.entries();
        byte[] bArr = new byte[32768];
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            String name = nextElement.getName();
            Trace.println(new StringBuffer().append(" ... name=").append(name).toString(), TraceLevel.SECURITY);
            if (!name.startsWith("META-INF/") && !name.endsWith("/") && nextElement.getSize() != 0) {
                try {
                    InputStream inputStream = jarFile.getInputStream(nextElement);
                    do {
                    } while (inputStream.read(bArr, 0, bArr.length) != -1);
                    inputStream.close();
                } catch (IOException e) {
                    Trace.ignoredException(e);
                }
                return Globals.isJavaVersionAtLeast15() ? new CodeSource(url, nextElement.getCodeSigners()) : new CodeSource(url, nextElement.getCertificates());
            }
        }
        return null;
    }

    public static boolean equalChains(Certificate[] certificateArr, Certificate[] certificateArr2) {
        if (certificateArr.length != certificateArr2.length) {
            return false;
        }
        for (int i = 0; i < certificateArr.length; i++) {
            if (!certificateArr[i].equals(certificateArr2[i])) {
                return false;
            }
        }
        return true;
    }

    private static boolean isSignedManifestEntry(Manifest manifest, String str) {
        Attributes attributes = manifest.getAttributes(str);
        if (attributes == null) {
            return false;
        }
        Iterator<Object> it = attributes.keySet().iterator();
        while (it.hasNext()) {
            String upperCase = it.next().toString().toUpperCase(Locale.ENGLISH);
            if (upperCase.endsWith("-DIGEST") || upperCase.indexOf("-DIGEST-") != -1) {
                return true;
            }
        }
        return false;
    }
}
