package sun.security.pkcs11;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.JarURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessController;
import java.security.NoSuchProviderException;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Vector;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarException;
import java.util.jar.JarFile;
import java.util.jar.Manifest;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:sun/security/pkcs11/JarVerifierImpl.class */
public final class JarVerifierImpl {
    private static final boolean debug = false;
    private URL jarURL;

    JarVerifierImpl(URL url) {
        this.jarURL = url;
    }

    void verify(X509Certificate x509Certificate) throws JarException, IOException {
        try {
            verifyJars(this.jarURL, null, x509Certificate);
        } catch (NoSuchProviderException e) {
            throw new JarException("Cannot verify " + this.jarURL.toString());
        } catch (CertificateException e2) {
            throw new JarException("Cannot verify " + this.jarURL.toString());
        }
    }

    private void verifyJars(URL url, Vector vector, X509Certificate x509Certificate) throws NoSuchProviderException, CertificateException, IOException {
        String url2 = url.toString();
        if (vector == null || !vector.contains(url2)) {
            String verifySingleJar = verifySingleJar(url, x509Certificate);
            if (vector != null) {
                vector.addElement(url2);
            }
            if (verifySingleJar != null) {
                if (vector == null) {
                    vector = new Vector();
                    vector.addElement(url2);
                }
                verifyManifestClassPathJars(url, verifySingleJar, vector, x509Certificate);
            }
        }
    }

    private void verifyManifestClassPathJars(URL url, String str, Vector vector, X509Certificate x509Certificate) throws NoSuchProviderException, CertificateException, IOException {
        for (String str2 : parseAttrClasspath(str)) {
            try {
                verifyJars(new URL(url, str2), vector, x509Certificate);
            } catch (MalformedURLException e) {
                MalformedURLException malformedURLException = new MalformedURLException("The JAR file " + url.toString() + " contains invalid URLs in its Class-Path attribute");
                malformedURLException.initCause(e);
                throw malformedURLException;
            }
        }
    }

    /* JADX WARN: Finally extract failed */
    private String verifySingleJar(URL url, X509Certificate x509Certificate) throws NoSuchProviderException, CertificateException, IOException {
        final URL url2 = url.getProtocol().equalsIgnoreCase("jar") ? url : new URL("jar:" + url.toString() + "!/");
        JarFile jarFile = null;
        try {
            try {
                jarFile = (JarFile) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: sun.security.pkcs11.JarVerifierImpl.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return ((JarURLConnection) url2.openConnection()).getJarFile();
                    }
                });
                byte[] bArr = new byte[8192];
                Vector vector = new Vector();
                Enumeration<JarEntry> entries = jarFile.entries();
                while (entries.hasMoreElements()) {
                    JarEntry nextElement = entries.nextElement();
                    vector.addElement(nextElement);
                    InputStream inputStream = jarFile.getInputStream(nextElement);
                    do {
                        try {
                        } catch (Throwable th) {
                            inputStream.close();
                            throw th;
                        }
                    } while (inputStream.read(bArr, 0, bArr.length) != -1);
                    inputStream.close();
                }
                Manifest manifest = jarFile.getManifest();
                if (manifest == null) {
                    throw new JarException(url.toString() + " is not signed.");
                }
                Enumeration<JarEntry> entries2 = jarFile.entries();
                while (entries2.hasMoreElements()) {
                    JarEntry nextElement2 = entries2.nextElement();
                    if (!nextElement2.isDirectory()) {
                        Certificate[] certificates = nextElement2.getCertificates();
                        if (certificates != null && certificates.length != 0) {
                            int i = 0;
                            boolean z = false;
                            while (true) {
                                X509Certificate[] aChain = getAChain(certificates, i);
                                if (aChain == null) {
                                    break;
                                }
                                if (x509Certificate.equals(aChain[0])) {
                                    z = true;
                                    break;
                                }
                                i += aChain.length;
                            }
                            if (!z) {
                                throw new JarException(url.toString() + " is not signed by a trusted signer.");
                            }
                        } else if (!nextElement2.getName().startsWith("META-INF")) {
                            throw new JarException(url.toString() + " has unsigned entries - " + nextElement2.getName());
                        }
                    }
                }
                String value = manifest.getMainAttributes().getValue(Attributes.Name.CLASS_PATH);
                if (jarFile != null) {
                }
                return value;
            } catch (PrivilegedActionException e) {
                SecurityException securityException = new SecurityException("Cannot verify " + url2.toString());
                securityException.initCause(e);
                throw securityException;
            }
        } catch (Throwable th2) {
            if (jarFile != null) {
            }
            throw th2;
        }
    }

    private static String[] parseAttrClasspath(String str) throws JarException {
        String str2;
        String trim = str.trim();
        int indexOf = trim.indexOf(32);
        Vector vector = new Vector();
        boolean z = false;
        do {
            if (indexOf > 0) {
                str2 = trim.substring(0, indexOf);
                trim = trim.substring(indexOf + 1).trim();
                indexOf = trim.indexOf(32);
            } else {
                str2 = trim;
                z = true;
            }
            if (!str2.endsWith(".jar")) {
                throw new JarException("The provider contains un-verifiable components");
            }
            vector.addElement(str2);
        } while (!z);
        String[] strArr = new String[vector.size()];
        vector.copyInto(strArr);
        return strArr;
    }

    private static X509Certificate[] getAChain(Certificate[] certificateArr, int i) {
        if (i > certificateArr.length - 1) {
            return null;
        }
        int i2 = i;
        while (i2 < certificateArr.length - 1 && ((X509Certificate) certificateArr[i2 + 1]).getSubjectDN().equals(((X509Certificate) certificateArr[i2]).getIssuerDN())) {
            i2++;
        }
        int i3 = (i2 - i) + 1;
        X509Certificate[] x509CertificateArr = new X509Certificate[i3];
        for (int i4 = 0; i4 < i3; i4++) {
            x509CertificateArr[i4] = (X509Certificate) certificateArr[i + i4];
        }
        return x509CertificateArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean doVerification(final Class cls, String str) {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes("UTF8")));
            URL url = (URL) AccessController.doPrivileged(new PrivilegedAction() { // from class: sun.security.pkcs11.JarVerifierImpl.2
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return cls.getProtectionDomain().getCodeSource().getLocation();
                }
            });
            if (url == null) {
                return false;
            }
            try {
                new JarVerifierImpl(url).verify(x509Certificate);
                return true;
            } catch (Exception e) {
                return false;
            }
        } catch (Exception e2) {
            return false;
        }
    }
}
