package sun.security.util;

import com.ibm.rmi.util.RepositoryId;
import com.ibm.tools.rmic.iiop.Constants;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Locale;
import java.util.Map;
import java.util.jar.Attributes;
import java.util.jar.JarException;
import java.util.jar.Manifest;
import sun.misc.BASE64Decoder;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.SignerInfo;
import sun.security.util.ManifestDigester;

/* loaded from: input_file:efixes/PK14534_Windows_i386/components/prereq.jdk/update.jar:/java/jre/lib/rt.jar:sun/security/util/SignatureFileVerifier.class */
public class SignatureFileVerifier {
    private ArrayList certCache;
    private PKCS7 block;
    private byte[] sfBytes;
    private String name;
    private ManifestDigester md;
    private HashMap createdDigests;
    private boolean workaround = false;
    private static final Debug debug = Debug.getInstance("jar");
    private static final char[] hexc = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

    public SignatureFileVerifier(ArrayList arrayList, ManifestDigester manifestDigester, String str, byte[] bArr) throws IOException {
        this.block = new PKCS7(bArr);
        this.sfBytes = this.block.getContentInfo().getData();
        this.name = str.substring(0, str.lastIndexOf(Constants.NAME_SEPARATOR)).toUpperCase();
        this.md = manifestDigester;
        this.certCache = arrayList;
    }

    public boolean needSignatureFileBytes() {
        return this.sfBytes == null;
    }

    public boolean needSignatureFile(String str) {
        return this.name.equalsIgnoreCase(str);
    }

    public void setSignatureFile(byte[] bArr) {
        this.sfBytes = bArr;
    }

    private MessageDigest getDigest(String str) {
        if (this.createdDigests == null) {
            this.createdDigests = new HashMap();
        }
        MessageDigest messageDigest = (MessageDigest) this.createdDigests.get(str);
        if (messageDigest == null) {
            try {
                messageDigest = MessageDigest.getInstance(str);
                this.createdDigests.put(str, messageDigest);
            } catch (NoSuchAlgorithmException e) {
            }
        }
        return messageDigest;
    }

    public void process(Hashtable hashtable) throws IOException, SignatureException, NoSuchAlgorithmException, JarException {
        Manifest manifest = new Manifest();
        manifest.read(new ByteArrayInputStream(this.sfBytes));
        String value = manifest.getMainAttributes().getValue(Attributes.Name.SIGNATURE_VERSION);
        if (value == null || !value.equalsIgnoreCase(RepositoryId.kWStringValueVersion)) {
            return;
        }
        SignerInfo[] verify = this.block.verify(this.sfBytes);
        if (verify == null) {
            throw new SecurityException(new StringBuffer().append("cannot verify signature block file ").append(this.name).toString());
        }
        BASE64Decoder bASE64Decoder = new BASE64Decoder();
        Certificate[] certificates = getCertificates(verify, this.block);
        if (certificates == null) {
            return;
        }
        boolean verifyManifestHash = verifyManifestHash(manifest, this.md, bASE64Decoder);
        for (Map.Entry entry : manifest.getEntries().entrySet()) {
            String str = (String) entry.getKey();
            if (verifyManifestHash || verifySection((Attributes) entry.getValue(), str, this.md, bASE64Decoder)) {
                if (str.startsWith("./")) {
                    str = str.substring(2);
                }
                if (str.startsWith("/")) {
                    str = str.substring(1);
                }
                updateCerts(certificates, hashtable, str);
                if (debug != null) {
                    debug.println(new StringBuffer().append("processSignature signed name = ").append(str).toString());
                }
            } else if (debug != null) {
                debug.println(new StringBuffer().append("processSignature unsigned name = ").append(str).toString());
            }
        }
    }

    private boolean verifyManifestHash(Manifest manifest, ManifestDigester manifestDigester, BASE64Decoder bASE64Decoder) throws IOException {
        MessageDigest digest;
        boolean z = false;
        for (Map.Entry entry : manifest.getMainAttributes().entrySet()) {
            String obj = entry.getKey().toString();
            if (obj.toUpperCase(Locale.US).endsWith("-DIGEST-MANIFEST") && (digest = getDigest(obj.substring(0, obj.length() - 16))) != null) {
                byte[] manifestDigest = manifestDigester.manifestDigest(digest);
                byte[] decodeBuffer = bASE64Decoder.decodeBuffer((String) entry.getValue());
                if (debug != null) {
                    debug.println(new StringBuffer().append("Signature File: Manifest digest ").append(digest.getAlgorithm()).toString());
                    debug.println(new StringBuffer().append("  sigfile  ").append(toHex(decodeBuffer)).toString());
                    debug.println(new StringBuffer().append("  computed ").append(toHex(manifestDigest)).toString());
                    debug.println();
                }
                if (MessageDigest.isEqual(manifestDigest, decodeBuffer)) {
                    z = true;
                }
            }
        }
        return z;
    }

    private boolean verifySection(Attributes attributes, String str, ManifestDigester manifestDigester, BASE64Decoder bASE64Decoder) throws IOException {
        MessageDigest digest;
        boolean z = false;
        ManifestDigester.Entry entry = manifestDigester.get(str, this.block.isOldStyle());
        if (entry == null) {
            throw new SecurityException(new StringBuffer().append("no manifiest section for signature file entry ").append(str).toString());
        }
        if (attributes != null) {
            for (Map.Entry entry2 : attributes.entrySet()) {
                String obj = entry2.getKey().toString();
                if (obj.toUpperCase(Locale.US).endsWith("-DIGEST") && (digest = getDigest(obj.substring(0, obj.length() - 7))) != null) {
                    boolean z2 = false;
                    byte[] decodeBuffer = bASE64Decoder.decodeBuffer((String) entry2.getValue());
                    byte[] digestWorkaround = this.workaround ? entry.digestWorkaround(digest) : entry.digest(digest);
                    if (debug != null) {
                        debug.println(new StringBuffer().append("Signature Block File: ").append(str).append(" digest=").append(digest.getAlgorithm()).toString());
                        debug.println(new StringBuffer().append("  expected ").append(toHex(decodeBuffer)).toString());
                        debug.println(new StringBuffer().append("  computed ").append(toHex(digestWorkaround)).toString());
                        debug.println();
                    }
                    if (MessageDigest.isEqual(digestWorkaround, decodeBuffer)) {
                        z = true;
                        z2 = true;
                    } else if (!this.workaround) {
                        byte[] digestWorkaround2 = entry.digestWorkaround(digest);
                        if (MessageDigest.isEqual(digestWorkaround2, decodeBuffer)) {
                            if (debug != null) {
                                debug.println(new StringBuffer().append("  re-computed ").append(toHex(digestWorkaround2)).toString());
                                debug.println();
                            }
                            this.workaround = true;
                            z = true;
                            z2 = true;
                        }
                    }
                    if (!z2) {
                        throw new SecurityException(new StringBuffer().append("invalid ").append(digest.getAlgorithm()).append(" signature file digest for ").append(str).toString());
                    }
                }
            }
        }
        return z;
    }

    private Certificate[] getCertificates(SignerInfo[] signerInfoArr, PKCS7 pkcs7) {
        ArrayList arrayList = null;
        for (SignerInfo signerInfo : signerInfoArr) {
            try {
                ArrayList certificateChain = signerInfo.getCertificateChain(pkcs7);
                if (arrayList == null) {
                    arrayList = new ArrayList();
                }
                arrayList.addAll(certificateChain);
                if (debug != null) {
                    debug.println(new StringBuffer().append("Signature Block Certificate: ").append((X509Certificate) certificateChain.get(0)).toString());
                }
            } catch (IOException e) {
            }
        }
        if (arrayList == null) {
            return null;
        }
        Certificate[] certificateArr = new Certificate[arrayList.size()];
        System.arraycopy(arrayList.toArray(), 0, certificateArr, 0, arrayList.size());
        return certificateArr;
    }

    static String toHex(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (int i = 0; i < bArr.length; i++) {
            stringBuffer.append(hexc[(bArr[i] >> 4) & 15]);
            stringBuffer.append(hexc[bArr[i] & 15]);
        }
        return stringBuffer.toString();
    }

    static boolean contains(Certificate[] certificateArr, Certificate certificate) {
        for (Certificate certificate2 : certificateArr) {
            if (certificate2.equals(certificate)) {
                return true;
            }
        }
        return false;
    }

    static boolean isSubSet(Certificate[] certificateArr, Certificate[] certificateArr2) {
        if (certificateArr2 == certificateArr) {
            return true;
        }
        for (Certificate certificate : certificateArr) {
            if (!contains(certificateArr2, certificate)) {
                return false;
            }
        }
        return true;
    }

    static boolean matches(Certificate[] certificateArr, Certificate[] certificateArr2, Certificate[] certificateArr3) {
        if (certificateArr2 == null && certificateArr == certificateArr3) {
            return true;
        }
        if ((certificateArr2 != null && !isSubSet(certificateArr2, certificateArr)) || !isSubSet(certificateArr3, certificateArr)) {
            return false;
        }
        for (int i = 0; i < certificateArr.length; i++) {
            if (!((certificateArr2 != null && contains(certificateArr2, certificateArr[i])) || contains(certificateArr3, certificateArr[i]))) {
                return false;
            }
        }
        return true;
    }

    void updateCerts(Certificate[] certificateArr, Hashtable hashtable, String str) {
        Object obj;
        Certificate[] certificateArr2 = (Certificate[]) hashtable.get(str);
        for (int size = this.certCache.size() - 1; size != -1; size--) {
            Certificate[] certificateArr3 = (Certificate[]) this.certCache.get(size);
            if (matches(certificateArr3, certificateArr2, certificateArr)) {
                hashtable.put(str, certificateArr3);
                return;
            }
        }
        if (certificateArr2 == null) {
            obj = certificateArr;
        } else {
            obj = new Certificate[certificateArr2.length + certificateArr.length];
            System.arraycopy(certificateArr2, 0, obj, 0, certificateArr2.length);
            System.arraycopy(certificateArr, 0, obj, certificateArr2.length, certificateArr.length);
        }
        this.certCache.add(obj);
        hashtable.put(str, obj);
    }
}
