package com.ibm.crypto.pkcs11impl.provider;

import com.ibm.security.x509.X509CertImpl;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.NoSuchProviderException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Set;
import java.util.Vector;
import java.util.jar.JarException;
import java.util.jar.JarFile;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:efixes/PK12679_nd_hpux/components/prereq.jdk/update.jar:/java/jre/lib/ext/ibmpkcs11impl.jar:com/ibm/crypto/pkcs11impl/provider/JarVerifier.class */
public class JarVerifier {
    private static boolean debug = false;
    private URL jarURL;
    private JarFile jarFile;
    private Vector verifiedSignerCache = null;
    private boolean retrievedJarFile = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    public JarVerifier(URL url) {
        this.jarURL = url;
    }

    public void verify(X509Certificate[] x509CertificateArr) throws JarException, IOException {
        this.verifiedSignerCache = new Vector(2);
        try {
            try {
                try {
                    verifyJars(this.jarURL, null, x509CertificateArr);
                } catch (CertificateException e) {
                    throw new JarException(new StringBuffer().append("Cannot verify ").append(this.jarURL.toString()).toString());
                }
            } catch (NoSuchProviderException e2) {
                throw new JarException(new StringBuffer().append("Cannot verify ").append(this.jarURL.toString()).toString());
            }
        } finally {
            this.verifiedSignerCache = null;
        }
    }

    public JarFile getJarFile() {
        this.retrievedJarFile = true;
        return this.jarFile;
    }

    private void verifyJars(URL url, Vector vector, X509Certificate[] x509CertificateArr) throws NoSuchProviderException, CertificateException, IOException {
        String url2 = url.toString();
        if (vector == null || !vector.contains(url2)) {
            String verifySingleJar = verifySingleJar(url, x509CertificateArr);
            if (vector != null) {
                vector.addElement(url2);
            }
            if (verifySingleJar != null) {
                if (vector == null) {
                    vector = new Vector();
                    vector.addElement(url2);
                }
                verifyManifestClassPathJars(url, verifySingleJar, vector, x509CertificateArr);
            }
        }
    }

    private void verifyManifestClassPathJars(URL url, String str, Vector vector, X509Certificate[] x509CertificateArr) throws NoSuchProviderException, CertificateException, IOException {
        for (String str2 : parseAttrClasspath(str)) {
            try {
                verifyJars(new URL(url, str2), vector, x509CertificateArr);
            } catch (MalformedURLException e) {
                throw new MalformedURLException(new StringBuffer().append("The JAR file ").append(url.toString()).append(" contains invalid URLs in its Class-Path attribute").append(". ").append(e.getMessage()).toString());
            }
        }
    }

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException
        */
    private java.lang.String verifySingleJar(java.net.URL r6, java.security.cert.X509Certificate[] r7) throws java.security.NoSuchProviderException, java.security.cert.CertificateException, java.io.IOException {
        /*
            Method dump skipped, instructions count: 557
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.crypto.pkcs11impl.provider.JarVerifier.verifySingleJar(java.net.URL, java.security.cert.X509Certificate[]):java.lang.String");
    }

    private String[] parseAttrClasspath(String str) throws JarException {
        String str2;
        String trim = str.trim();
        int indexOf = trim.indexOf(32);
        Vector vector = new Vector();
        boolean z = false;
        do {
            if (indexOf > 0) {
                str2 = trim.substring(0, indexOf);
                trim = trim.substring(indexOf + 1).trim();
                indexOf = trim.indexOf(32);
            } else {
                str2 = trim;
                z = true;
            }
            if (!str2.endsWith(".jar")) {
                throw new JarException("The provider contains un-verifiable components");
            }
            vector.addElement(str2);
        } while (!z);
        String[] strArr = new String[vector.size()];
        vector.copyInto(strArr);
        return strArr;
    }

    private boolean isTrusted(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2) {
        for (int i = 0; i < x509CertificateArr.length; i++) {
            try {
                checkCriticalExts(x509CertificateArr[i], i);
            } catch (Exception e) {
                if (!debug) {
                    return false;
                }
                e.printStackTrace();
                return false;
            }
        }
        for (int i2 = 0; i2 < x509CertificateArr.length - 1; i2++) {
            try {
                x509CertificateArr[i2].verify(x509CertificateArr[i2 + 1].getPublicKey());
            } catch (Exception e2) {
                return false;
            }
        }
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        for (int i3 = 0; i3 < x509CertificateArr2.length; i3++) {
            if (x509CertificateArr2[i3].getSubjectDN().equals(x509Certificate.getSubjectDN()) && x509CertificateArr2[i3].equals(x509Certificate)) {
                return true;
            }
        }
        for (int i4 = 0; i4 < x509CertificateArr2.length; i4++) {
            if (x509CertificateArr2[i4].getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                try {
                    x509Certificate.verify(x509CertificateArr2[i4].getPublicKey());
                    return true;
                } catch (Exception e3) {
                }
            }
        }
        return false;
    }

    private void checkCriticalExts(X509Certificate x509Certificate, int i) throws Exception {
        Set criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null || criticalExtensionOIDs.size() == 0) {
            return;
        }
        checkBasicConstraints(x509Certificate, criticalExtensionOIDs, i);
    }

    private void checkBasicConstraints(X509Certificate x509Certificate, Set set, int i) throws Exception {
        int basicConstraints;
        if (set != null && !set.isEmpty() && set.contains(new String(X509CertImpl.BASIC_CONSTRAINT_OID)) && (basicConstraints = x509Certificate.getBasicConstraints()) >= 0 && i > 0 && i - 1 > basicConstraints) {
            throw new Exception("Violated basic constraints");
        }
    }

    private X509Certificate[] getAChain(Certificate[] certificateArr, int i) {
        if (i > certificateArr.length - 1) {
            return null;
        }
        int i2 = i;
        while (i2 < certificateArr.length - 1 && ((X509Certificate) certificateArr[i2 + 1]).getSubjectDN().equals(((X509Certificate) certificateArr[i2]).getIssuerDN())) {
            i2++;
        }
        int i3 = (i2 - i) + 1;
        X509Certificate[] x509CertificateArr = new X509Certificate[i3];
        for (int i4 = 0; i4 < i3; i4++) {
            x509CertificateArr[i4] = (X509Certificate) certificateArr[i + i4];
        }
        return x509CertificateArr;
    }

    protected void finalize() throws Throwable {
        if (this.retrievedJarFile) {
            return;
        }
        this.jarFile.close();
    }
}
