package com.ibm.ws.install.internal;

import com.ibm.ws.install.InstallConstants;
import com.ibm.ws.install.InstallException;
import com.ibm.ws.install.internal.InstallLogUtils;
import com.ibm.ws.kernel.boot.cmdline.Utils;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory;
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;

/* loaded from: input_file:com/ibm/ws/install/internal/VerifySignatureUtility.class */
public class VerifySignatureUtility {
    private static final Logger logger = InstallLogUtils.getInstallLogger();
    private static final File LIBERTY_KEY = new File(Utils.getInstallDir(), "lib/versions/public_key/libertyKey.asc");
    private static final String UbuntuServerURL = "https://keyserver.ubuntu.com/pks/lookup?op=get&options=mr&search=";
    private String defaultKeyID = null;
    private final ProgressBar progressBar = ProgressBar.getInstance();

    private String getLibertyKeyID() throws InstallException {
        if (this.defaultKeyID != null) {
            return this.defaultKeyID;
        }
        File file = new File(Utils.getInstallDir(), "lib/versions/openliberty.properties");
        Properties properties = new Properties();
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                properties.load(fileInputStream);
                this.defaultKeyID = properties.getProperty("com.ibm.websphere.productPublicKeyId");
                fileInputStream.close();
                return this.defaultKeyID;
            } finally {
            }
        } catch (IOException e) {
            throw new InstallException(InstallLogUtils.Messages.INSTALL_KERNEL_MESSAGES.getMessage("ERROR_COULD_NOT_DETERMINE_RUNTIME_PROPERTIES_FILE", file.getAbsolutePath()));
        }
    }

    public boolean isKeyValid(File file, String str) throws InstallException {
        boolean z = false;
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                BufferedInputStream bufferedInputStream = new BufferedInputStream(fileInputStream);
                try {
                    z = validatePublicKey(new PGPPublicKeyRing(PGPUtil.getDecoderStream(bufferedInputStream), new JcaKeyFingerprintCalculator()).getPublicKey(), str);
                    bufferedInputStream.close();
                    fileInputStream.close();
                } catch (Throwable th) {
                    try {
                        bufferedInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (InstallException e) {
            if (str.equals(getLibertyKeyID())) {
                throw e;
            }
            logger.warning(e.getMessage());
        } catch (IOException e2) {
            logger.warning(e2.getMessage());
            if (str.equals(getLibertyKeyID())) {
                throw new InstallException(e2.getMessage());
            }
        }
        return z;
    }

    protected boolean validatePublicKey(PGPPublicKey pGPPublicKey, String str) throws InstallException {
        String upperCase = String.format("0x%016x", Long.valueOf(pGPPublicKey.getKeyID())).toUpperCase();
        if (!upperCase.contains(str.toUpperCase())) {
            throw new InstallException(InstallLogUtils.Messages.INSTALL_KERNEL_MESSAGES.getLogMessage("ERROR_INAUTHENTIC_PUBLIC_KEY", upperCase, str));
        }
        if (pGPPublicKey.hasRevocation()) {
            throw new InstallException(InstallLogUtils.Messages.INSTALL_KERNEL_MESSAGES.getLogMessage("ERROR_REVOKED_PUBLIC_KEY", upperCase));
        }
        if (pGPPublicKey.getValidSeconds() <= 0) {
            return true;
        }
        Instant plusSeconds = pGPPublicKey.getCreationTime().toInstant().plusSeconds(pGPPublicKey.getValidSeconds());
        if (plusSeconds.isBefore(Instant.now())) {
            throw new InstallException(InstallLogUtils.Messages.INSTALL_KERNEL_MESSAGES.getLogMessage("ERROR_EXPIRED_PUBLIC_KEY", upperCase, plusSeconds));
        }
        return true;
    }

    public List<File> downloadPublicKeys(Collection<Map<String, String>> collection, InstallConstants.VerifyOption verifyOption, Map<String, Object> map) throws InstallException {
        Map<String, String> publicKeyURL = getPublicKeyURL(collection, verifyOption);
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, String> entry : publicKeyURL.entrySet()) {
            try {
                logger.fine("Downloading key... " + entry.getValue());
                URL url = new URL(entry.getValue());
                String str = "";
                if (url.getProtocol().equals("https") && map.get("https.proxyHost") != null) {
                    str = ArtifactDownloaderUtils.getBasicAuthentication((String) map.get("https.proxyUser"), (String) map.get("https.proxyPassword"));
                } else if (map.get("http.proxyHost") != null) {
                    str = ArtifactDownloaderUtils.getBasicAuthentication((String) map.get("http.proxyUser"), (String) map.get("http.proxyPassword"));
                }
                URLConnection openConnection = url.openConnection();
                openConnection.setConnectTimeout(10000);
                if (!str.isEmpty()) {
                    logger.fine("encoded proxy auth: " + str);
                    openConnection.setRequestProperty("Proxy-Authorization", str);
                }
                BufferedInputStream bufferedInputStream = new BufferedInputStream(openConnection.getInputStream());
                try {
                    File createTempFile = File.createTempFile("signature", ".asc", Utils.getInstallDir());
                    createTempFile.deleteOnExit();
                    FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
                    try {
                        byte[] bArr = new byte[1024];
                        while (true) {
                            int read = bufferedInputStream.read(bArr, 0, 1024);
                            if (read == -1) {
                                break;
                            }
                            fileOutputStream.write(bArr, 0, read);
                        }
                        if (isKeyValid(createTempFile, entry.getKey())) {
                            arrayList.add(createTempFile);
                        }
                        fileOutputStream.close();
                        bufferedInputStream.close();
                    } finally {
                    }
                } finally {
                }
            } catch (IOException e) {
                throw new InstallException(InstallLogUtils.Messages.INSTALL_KERNEL_MESSAGES.getLogMessage("ERROR_FAILED_TO_DOWNLOAD_KEY_FROM_KEY_URL", e.getMessage()));
            }
        }
        return arrayList;
    }

    protected Map<String, String> getPublicKeyURL(Collection<Map<String, String>> collection, InstallConstants.VerifyOption verifyOption) throws InstallException {
        HashMap hashMap = new HashMap();
        try {
            if (isKeyValid(LIBERTY_KEY, getLibertyKeyID())) {
                hashMap.put(getLibertyKeyID(), LIBERTY_KEY.toURI().toURL().toString());
            }
        } catch (InstallException | MalformedURLException e) {
            logger.warning(e.getMessage());
            String property = System.getProperty("com.ibm.ws.install.libertyKeyID", getLibertyKeyID());
            hashMap.put(property, UbuntuServerURL + property);
        }
        getUserPubKey(collection, hashMap);
        return hashMap;
    }

    protected void getUserPubKey(Collection<Map<String, String>> collection, Map<String, String> map) {
        for (Map<String, String> map2 : collection) {
            String str = map2.get(InstallConstants.KEYURL_QUALIFIER);
            String str2 = map2.get(InstallConstants.KEYID_QUALIFIER);
            if (str2 == null && str == null) {
                logger.fine("Found the property for keyid and/or keyurl, but the value was not specified.");
                return;
            } else if (str2 == null) {
                logger.warning(InstallLogUtils.Messages.INSTALL_KERNEL_MESSAGES.getLogMessage("ERROR_KEYID_NOT_PROVIDED", str));
            } else {
                try {
                    map.put(str2, getValidKeyURL(str, str2));
                } catch (InstallException e) {
                    logger.warning(e.getMessage());
                }
            }
        }
    }

    protected String getValidKeyURL(String str, String str2) throws InstallException {
        if (str == null) {
            throw new InstallException(InstallLogUtils.Messages.INSTALL_KERNEL_MESSAGES.getLogMessage("ERROR_KEYURL_NOT_PROVIDED", str2));
        }
        if (!InstallUtils.isURL(str)) {
            File file = new File(str);
            if (!file.exists()) {
                throw new InstallException(InstallLogUtils.Messages.INSTALL_KERNEL_MESSAGES.getLogMessage("ERROR_FAILED_TO_DOWNLOAD_KEY_FROM_KEY_URL", str));
            }
            try {
                str = file.toURI().toURL().toString();
            } catch (MalformedURLException e) {
                throw new InstallException(e.getMessage());
            }
        } else if (!str.toLowerCase().startsWith("https") && !str.toLowerCase().startsWith("http") && !str.toLowerCase().startsWith("file")) {
            throw new InstallException(InstallLogUtils.Messages.INSTALL_KERNEL_MESSAGES.getLogMessage("ERROR_KEYURL_UNSUPPORTED_PROTOCOL", str));
        }
        return str;
    }

    public void verifySignatures(Collection<File> collection, List<File> list, List<File> list2) throws InstallException {
        logger.info(InstallLogUtils.Messages.INSTALL_KERNEL_MESSAGES.getLogMessage("STATE_STARTING_VERIFY", new Object[0]));
        PGPPublicKeyRingCollection ringCollection = getRingCollection(list);
        Iterator<PGPPublicKeyRing> keyRings = ringCollection.getKeyRings();
        StringBuilder sb = new StringBuilder();
        sb.append("Available public keyIDs: ");
        while (keyRings.hasNext()) {
            sb.append(String.format("%x", Long.valueOf(keyRings.next().getPublicKey().getKeyID())) + "\t");
        }
        logger.fine(sb.toString());
        double methodIncrement = this.progressBar.getMethodIncrement("verifyFeatures") / collection.size();
        for (File file : collection) {
            String absolutePath = file.getAbsolutePath();
            String str = absolutePath + ".asc";
            try {
                logger.fine(InstallLogUtils.Messages.INSTALL_KERNEL_MESSAGES.getLogMessage("STATE_VERIFYING", file.getName()));
                if (isValidSignature(absolutePath, str, ringCollection)) {
                    logger.fine(InstallLogUtils.Messages.INSTALL_KERNEL_MESSAGES.getLogMessage("LOG_VERIFIED_FEATURE", file.getName()));
                } else {
                    list2.add(file);
                }
                this.progressBar.updateProgress(methodIncrement);
            } catch (IOException | PGPException e) {
                logger.fine(e.getMessage());
                list2.add(file);
            }
        }
        this.progressBar.manuallyUpdate();
    }

    private PGPPublicKeyRingCollection getRingCollection(List<File> list) throws InstallException {
        try {
            PGPPublicKeyRingCollection pGPPublicKeyRingCollection = new PGPPublicKeyRingCollection(new ArrayList());
            Iterator<File> it = list.iterator();
            while (it.hasNext()) {
                BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(it.next()));
                try {
                    pGPPublicKeyRingCollection = PGPPublicKeyRingCollection.addPublicKeyRing(pGPPublicKeyRingCollection, new PGPPublicKeyRing(PGPUtil.getDecoderStream(bufferedInputStream), new JcaKeyFingerprintCalculator()));
                    bufferedInputStream.close();
                } finally {
                }
            }
            return pGPPublicKeyRingCollection;
        } catch (IOException e) {
            throw new InstallException(e.getMessage());
        }
    }

    private boolean isValidSignature(String str, String str2, PGPPublicKeyRingCollection pGPPublicKeyRingCollection) throws IOException, PGPException {
        PGPSignatureList signatureList = getSignatureList(str, str2);
        boolean z = false;
        if (signatureList != null) {
            for (int i = 0; i < signatureList.size() && !z; i++) {
                PGPSignature pGPSignature = signatureList.get(i);
                logger.fine(String.format("Key ID used in signature: %x", Long.valueOf(pGPSignature.getKeyID())));
                PGPPublicKey publicKey = pGPPublicKeyRingCollection.getPublicKey(pGPSignature.getKeyID());
                if (publicKey == null) {
                    logger.fine(String.format("Public key ID %x was not found.", Long.valueOf(pGPSignature.getKeyID())));
                } else {
                    logger.fine(String.format("Public key ID used: %x", Long.valueOf(publicKey.getKeyID())));
                    z = verifySignature(str, pGPSignature, publicKey);
                }
            }
        }
        return z;
    }

    private boolean verifySignature(String str, PGPSignature pGPSignature, PGPPublicKey pGPPublicKey) throws IOException, FileNotFoundException, PGPException {
        pGPSignature.init(new JcaPGPContentVerifierBuilderProvider().setProvider(new BouncyCastleProvider()), pGPPublicKey);
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
        while (true) {
            try {
                int read = bufferedInputStream.read();
                if (read < 0) {
                    bufferedInputStream.close();
                    return pGPSignature.verify();
                }
                pGPSignature.update((byte) read);
            } catch (Throwable th) {
                try {
                    bufferedInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
    }

    private PGPSignatureList getSignatureList(String str, String str2) throws IOException, FileNotFoundException, PGPException {
        PGPSignatureList pGPSignatureList = null;
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str2));
        try {
            InputStream decoderStream = PGPUtil.getDecoderStream(bufferedInputStream);
            try {
                JcaPGPObjectFactory jcaPGPObjectFactory = new JcaPGPObjectFactory(decoderStream);
                while (true) {
                    Object nextObject = jcaPGPObjectFactory.nextObject();
                    if (nextObject == null) {
                        break;
                    }
                    if (nextObject instanceof PGPCompressedData) {
                        jcaPGPObjectFactory = new JcaPGPObjectFactory(((PGPCompressedData) nextObject).getDataStream());
                        pGPSignatureList = (PGPSignatureList) jcaPGPObjectFactory.nextObject();
                    } else {
                        pGPSignatureList = (PGPSignatureList) nextObject;
                    }
                    if (pGPSignatureList.isEmpty()) {
                        logger.fine("The PGP signature could not be processed for the following : " + str);
                    }
                }
                if (decoderStream != null) {
                    decoderStream.close();
                }
                bufferedInputStream.close();
                return pGPSignatureList;
            } finally {
            }
        } catch (Throwable th) {
            try {
                bufferedInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
