package com.dtolabs.rundeck.core.utils;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Vector;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;

/* loaded from: input_file:com/dtolabs/rundeck/core/utils/JARVerifier.class */
public final class JARVerifier {
    private X509Certificate[] trustedCaCerts;

    /* loaded from: input_file:com/dtolabs/rundeck/core/utils/JARVerifier$VerifierException.class */
    public static final class VerifierException extends Exception {
        public VerifierException(Throwable th) {
            super(th);
        }

        public VerifierException(String str, Throwable th) {
            super(str, th);
        }

        public VerifierException(String str) {
            super(str);
        }

        public VerifierException() {
        }
    }

    public JARVerifier(X509Certificate[] x509CertificateArr) {
        this.trustedCaCerts = null != x509CertificateArr ? (X509Certificate[]) x509CertificateArr.clone() : null;
    }

    /* JADX WARN: Finally extract failed */
    public static JARVerifier create(String str, String str2, char[] cArr) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(str);
            keyStore.load(fileInputStream, cArr);
            if (null != fileInputStream) {
                fileInputStream.close();
            }
            Certificate[] certificateChain = keyStore.getCertificateChain(str2);
            if (certificateChain == null) {
                Certificate certificate = keyStore.getCertificate(str2);
                if (certificate == null) {
                    throw new IllegalArgumentException("No trusted certificate or chain found for alias: " + str2);
                }
                certificateChain = new Certificate[]{certificate};
            }
            X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (int i = 0; i < certificateChain.length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certificateChain[i].getEncoded()));
            }
            return new JARVerifier(x509CertificateArr);
        } catch (Throwable th) {
            if (null != fileInputStream) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    public final void verifySingleJarFile(JarFile jarFile) throws IOException, CertificateException, VerifierException {
        Vector vector = new Vector();
        if (jarFile.getManifest() == null) {
            throw new VerifierException("The JAR is not signed");
        }
        byte[] bArr = new byte[8192];
        Enumeration<JarEntry> entries = jarFile.entries();
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            vector.addElement(nextElement);
            InputStream inputStream = jarFile.getInputStream(nextElement);
            do {
            } while (inputStream.read(bArr, 0, bArr.length) != -1);
            inputStream.close();
        }
        jarFile.close();
        Enumeration elements = vector.elements();
        while (elements.hasMoreElements()) {
            JarEntry jarEntry = (JarEntry) elements.nextElement();
            if (!jarEntry.isDirectory()) {
                Certificate[] certificates = jarEntry.getCertificates();
                if (certificates != null && certificates.length != 0) {
                    Certificate[] chainRoots = getChainRoots(certificates);
                    boolean z = false;
                    int i = 0;
                    while (true) {
                        if (i >= chainRoots.length) {
                            break;
                        }
                        if (isTrusted((X509Certificate) chainRoots[i], this.trustedCaCerts)) {
                            z = true;
                            break;
                        }
                        i++;
                    }
                    if (!z) {
                        throw new VerifierException("The JAR file is not signed by a trusted signer");
                    }
                } else if (!jarEntry.getName().startsWith("META-INF")) {
                    throw new VerifierException("The JAR file has unsigned files.");
                }
            }
        }
    }

    private static boolean isTrusted(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
        for (int i = 0; i < x509CertificateArr.length; i++) {
            if (x509Certificate.getSubjectDN().equals(x509CertificateArr[i].getSubjectDN()) && x509Certificate.equals(x509CertificateArr[i])) {
                return true;
            }
        }
        for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
            if (x509Certificate.getIssuerDN().equals(x509CertificateArr[i2].getSubjectDN())) {
                try {
                    x509Certificate.verify(x509CertificateArr[i2].getPublicKey());
                    return true;
                } catch (Exception e) {
                }
            }
        }
        return false;
    }

    private static Certificate[] getChainRoots(Certificate[] certificateArr) {
        Vector vector = new Vector(3);
        for (int i = 0; i < certificateArr.length - 1; i++) {
            if (!((X509Certificate) certificateArr[i + 1]).getSubjectDN().equals(((X509Certificate) certificateArr[i]).getIssuerDN())) {
                vector.addElement(certificateArr[i]);
            }
        }
        vector.addElement(certificateArr[certificateArr.length - 1]);
        Certificate[] certificateArr2 = new Certificate[vector.size()];
        vector.copyInto(certificateArr2);
        return certificateArr2;
    }
}
