package com.urbancode.anthill3.domain.plugin;

import com.urbancode.anthill3.plugin.PluginValidationException;
import com.urbancode.commons.fileutils.digest.DigestUtil;
import com.urbancode.commons.util.IO;
import com.urbancode.license.License;
import com.urbancode.license.LicenseReaderImplFlatFile;
import com.urbancode.license.LicenseValidationException;
import java.io.IOException;
import java.io.InputStream;
import java.io.LineNumberReader;
import java.io.StringReader;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;

/* loaded from: input_file:com/urbancode/anthill3/domain/plugin/PluginSignatureValidator.class */
public class PluginSignatureValidator {
    public static final String PLUGIN_SIG_FILE = "plugin.sig";
    public static final String DIGEST_ALG = "SHA-256";
    private final ZipFile pluginFile;
    private final String signature;

    public PluginSignatureValidator(ZipFile zipFile) throws IOException {
        this.pluginFile = zipFile;
        InputStream inputStream = getInputStream("plugin.sig");
        if (inputStream == null) {
            this.signature = null;
        } else {
            this.signature = IO.readText(IO.reader(inputStream));
        }
    }

    public ZipFile getPluginFile() {
        return this.pluginFile;
    }

    public boolean isSigned() {
        return this.signature != null;
    }

    public final void validateSignature() throws LicenseValidationException, GeneralSecurityException, IOException, PluginValidationException {
        ZipFile pluginFile = getPluginFile();
        if (!isSigned()) {
            throw new IllegalStateException("Plugin is not signed");
        }
        License parse = parse(this.signature);
        List asList = Arrays.asList(parse.getPropertyNameArray());
        ArrayList list = Collections.list(pluginFile.entries());
        for (String str : parse.getPropertyNameArray()) {
            if (pluginFile.getEntry(str) == null) {
                throw new PluginValidationException("File " + str + " is referenced by plugin.sig but not present in plugin");
            }
        }
        if (list.size() != asList.size() + 1) {
            HashSet hashSet = new HashSet();
            Iterator it = list.iterator();
            while (it.hasNext()) {
                hashSet.add(((ZipEntry) it.next()).getName());
            }
            hashSet.remove("plugin.sig");
            hashSet.removeAll(asList);
            throw new PluginValidationException("File(s) " + Arrays.toString(hashSet.toArray()) + " in plugin file is not signed by plugin.sig");
        }
        Iterator it2 = list.iterator();
        while (it2.hasNext()) {
            String name = ((ZipEntry) it2.next()).getName();
            if (!"plugin.sig".equals(name)) {
                String[] propertyValueArray = parse.getPropertyValueArray(name);
                if (propertyValueArray.length == 0) {
                    throw new PluginValidationException("File " + name + " in plugin is not signed by plugin.sig");
                }
                if (propertyValueArray.length > 1) {
                    throw new PluginValidationException("plugin.sig has repeated entries for " + name);
                }
                String str2 = propertyValueArray[0];
                String base64Digest = DigestUtil.getBase64Digest(getInputStream(name), "SHA-256");
                String convert64ToHex = convert64ToHex(base64Digest);
                if (!str2.equals(base64Digest) && !str2.equals(convert64ToHex)) {
                    throw new PluginValidationException("Signature of file " + name + " was Hex (" + convert64ToHex + ") and Base64 (" + base64Digest + ") but plugin.sig lists it as " + str2);
                }
            }
        }
    }

    String convert64ToHex(String str) {
        return new String(Hex.encodeHex(Base64.decodeBase64(str.getBytes())));
    }

    InputStream getInputStream(String str) throws IOException {
        ZipEntry entry = getPluginFile().getEntry(str);
        if (entry == null) {
            return null;
        }
        return getPluginFile().getInputStream(entry);
    }

    private License parse(String str) throws LicenseValidationException, GeneralSecurityException, IOException {
        InputStream openStream = getResource().openStream();
        try {
            return new LicenseReaderImplFlatFile(KeyFactory.getInstance("DSA").generatePublic(new X509EncodedKeySpec(IO.read(openStream))), "SHA1withDSA").readLicense(new LineNumberReader(new StringReader(str)));
        } finally {
            IO.close(openStream);
        }
    }

    private URL getResource() {
        return getClass().getClassLoader().getResource("urbancode.key");
    }
}
