package org.jp.illg.nora.updater.core;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Vector;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import lombok.NonNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jp/illg/nora/updater/core/JarVerifier.class */
public class JarVerifier {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) JarVerifier.class);

    private JarVerifier() {
    }

    public static final boolean verify(@NonNull URL url, @NonNull File file) throws SecurityException {
        if (url == null) {
            throw new NullPointerException("certUrl is marked non-null but is null");
        }
        if (file == null) {
            throw new NullPointerException("jarFile is marked non-null but is null");
        }
        try {
            return verify(getProviderCert(url), new JarFile(file, true));
        } catch (IOException | CertificateException e) {
            throw new SecurityException(e);
        }
    }

    public static final boolean verify(@NonNull File file, @NonNull File file2) throws SecurityException {
        if (file == null) {
            throw new NullPointerException("certFile is marked non-null but is null");
        }
        if (file2 == null) {
            throw new NullPointerException("jarFile is marked non-null but is null");
        }
        try {
            return verify(getProviderCert(file), new JarFile(file2, true));
        } catch (IOException | CertificateException e) {
            throw new SecurityException(e);
        }
    }

    private static final boolean verify(X509Certificate x509Certificate, JarFile jarFile) throws IOException {
        if (jarFile.getManifest() == null) {
            if (!log.isErrorEnabled()) {
                return false;
            }
            log.error("Jar file is not signed " + jarFile.getName());
            return false;
        }
        Vector vector = new Vector();
        byte[] bArr = new byte[131072];
        Enumeration<JarEntry> entries = jarFile.entries();
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            if (!nextElement.isDirectory()) {
                vector.addElement(nextElement);
                InputStream inputStream = jarFile.getInputStream(nextElement);
                Throwable th = null;
                do {
                    try {
                        try {
                        } catch (Throwable th2) {
                            th = th2;
                            throw th2;
                        }
                    } catch (Throwable th3) {
                        if (inputStream != null) {
                            if (th != null) {
                                try {
                                    inputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                inputStream.close();
                            }
                        }
                        throw th3;
                    }
                } while (inputStream.read(bArr, 0, bArr.length) != -1);
                if (inputStream != null) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        inputStream.close();
                    }
                }
            }
        }
        Enumeration elements = vector.elements();
        while (elements.hasMoreElements()) {
            JarEntry jarEntry = (JarEntry) elements.nextElement();
            Certificate[] certificates = jarEntry.getCertificates();
            if (certificates != null && certificates.length != 0) {
                int i = 0;
                boolean z = false;
                while (true) {
                    X509Certificate[] aChain = getAChain(certificates, i);
                    if (aChain == null) {
                        break;
                    }
                    int length = aChain.length;
                    int i2 = 0;
                    while (true) {
                        if (i2 >= length) {
                            break;
                        }
                        if (aChain[i2].equals(x509Certificate)) {
                            z = true;
                            break;
                        }
                        i2++;
                    }
                    if (z) {
                        break;
                    }
                    i += aChain.length;
                }
                if (!z) {
                    if (!log.isErrorEnabled()) {
                        return false;
                    }
                    log.error("Jar file include not signed by a trusted signer " + jarEntry.getName() + "@" + jarFile.getName());
                    return false;
                }
            } else if (!jarEntry.getName().startsWith("META-INF")) {
                if (!log.isErrorEnabled()) {
                    return false;
                }
                log.error("Jar file include unsigned class files " + jarEntry.getName() + "@" + jarFile.getName());
                return false;
            }
        }
        return true;
    }

    private static X509Certificate getProviderCert(File file) throws IOException, CertificateException {
        FileInputStream fileInputStream = new FileInputStream(file);
        Throwable th = null;
        try {
            X509Certificate providerCert = getProviderCert(fileInputStream);
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            return providerCert;
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    private static X509Certificate getProviderCert(URL url) throws IOException, CertificateException {
        InputStream openStream = url.openStream();
        Throwable th = null;
        try {
            X509Certificate providerCert = getProviderCert(openStream);
            if (openStream != null) {
                if (0 != 0) {
                    try {
                        openStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    openStream.close();
                }
            }
            return providerCert;
        } catch (Throwable th3) {
            if (openStream != null) {
                if (0 != 0) {
                    try {
                        openStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openStream.close();
                }
            }
            throw th3;
        }
    }

    private static X509Certificate getProviderCert(InputStream inputStream) throws IOException, CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
    }

    private static X509Certificate[] getAChain(Certificate[] certificateArr, int i) {
        if (i > certificateArr.length - 1) {
            return null;
        }
        int i2 = i;
        while (i2 < certificateArr.length - 1 && ((X509Certificate) certificateArr[i2 + 1]).getSubjectDN().equals(((X509Certificate) certificateArr[i2]).getIssuerDN())) {
            i2++;
        }
        int i3 = (i2 - i) + 1;
        X509Certificate[] x509CertificateArr = new X509Certificate[i3];
        for (int i4 = 0; i4 < i3; i4++) {
            x509CertificateArr[i4] = (X509Certificate) certificateArr[i + i4];
        }
        return x509CertificateArr;
    }
}
