package com.sun.patchpro.security;

import com.sun.patchpro.log.PatchProLog;
import com.sun.patchpro.model.PatchProProperties;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;

/* loaded from: input_file:113193-05/SUNWppro/reloc/lib/patchpro.jar:com/sun/patchpro/security/SignatureValidationUtil.class */
public final class SignatureValidationUtil {
    private static final int BUFFER_SIZE = 8192;
    private static final String NO_X509_CERT_FOUND = "The specified certificate cannot be found.";
    private static final String NOT_X509_CERT = "The specified certificate is not in X.509 format.";
    private static final String JARFILE_NOT_READABLE = "The specific Jar file is not readable.";
    private X509Certificate knownCertificate;
    private String keystoreLocation;
    private String certificateAlias;
    private PatchProProperties properties = PatchProProperties.getInstance();
    private PatchProLog log = PatchProLog.getInstance();

    public SignatureValidationUtil(String str, String str2) throws SignatureValidationException {
        this.keystoreLocation = null;
        this.certificateAlias = null;
        this.keystoreLocation = str;
        this.certificateAlias = str2;
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            KeyStore keyStore = KeyStore.getInstance("JKS", "SUN");
            keyStore.load(fileInputStream, null);
            Certificate certificate = keyStore.getCertificate(str2);
            if (certificate == null) {
                throw new SignatureValidationException(NO_X509_CERT_FOUND);
            }
            if (!(certificate instanceof X509Certificate)) {
                throw new SignatureValidationException(NOT_X509_CERT);
            }
            this.knownCertificate = (X509Certificate) certificate;
        } catch (Exception e) {
            throw new SignatureValidationException(e.toString());
        }
    }

    public String getKeystoreLocation() {
        return this.keystoreLocation;
    }

    public String getCertificateAlias() {
        return this.certificateAlias;
    }

    public void validateJarFile(String str) throws ManifestFileNotFoundException, SignatureCheckFailedException, NotSignedByKnownCertificateException, SignatureValidationException {
        File file = new File(str);
        if (!file.exists() || !file.canRead()) {
            throw new SignatureValidationException(JARFILE_NOT_READABLE);
        }
        try {
            JarFile jarFile = new JarFile(str, true);
            if (jarFile.getManifest() == null) {
                jarFile.close();
                throw new ManifestFileNotFoundException();
            }
            byte[] bArr = new byte[BUFFER_SIZE];
            Enumeration<JarEntry> entries = jarFile.entries();
            InputStream inputStream = null;
            while (entries.hasMoreElements()) {
                JarEntry nextElement = entries.nextElement();
                if (nextElement.getSize() == 0) {
                    this.log.println(this, 7, new StringBuffer().append("Skipping ").append(nextElement.getName()).append(" because its length is: 0 byte.").toString());
                } else {
                    try {
                        inputStream = jarFile.getInputStream(nextElement);
                        do {
                        } while (inputStream.read(bArr, 0, bArr.length) != -1);
                        inputStream.close();
                        if (1 != 0 && nextElement.getName().indexOf("META-INF") == -1 && !matchCerts(this.knownCertificate, nextElement.getCertificates())) {
                            jarFile.close();
                            throw new NotSignedByKnownCertificateException(new StringBuffer().append(nextElement.getName()).append(" ").append(this.knownCertificate.getSubjectDN().getName()).toString());
                        }
                    } catch (SecurityException e) {
                        if (inputStream != null) {
                            inputStream.close();
                        }
                        if (jarFile != null) {
                            jarFile.close();
                        }
                        throw new SignatureCheckFailedException();
                    }
                }
            }
            jarFile.close();
        } catch (IOException e2) {
            this.log.printStackTrace(this, 4, e2);
            throw new SignatureValidationException(e2.getMessage());
        }
    }

    private boolean matchCerts(Certificate certificate, Certificate[] certificateArr) {
        if (!(certificate instanceof X509Certificate)) {
            this.log.println(this, 4, new StringBuffer().append("The known certificate: ").append(certificate).append("  is not a X.509 certificate.").toString());
            return false;
        }
        Principal issuerDN = ((X509Certificate) certificate).getIssuerDN();
        BigInteger serialNumber = ((X509Certificate) certificate).getSerialNumber();
        if (certificateArr == null || certificateArr.length == 0) {
            this.log.println(this, 4, "The signing certificates (signingCerts) is null.");
            return false;
        }
        for (int i = 0; i < certificateArr.length && (certificateArr[i] instanceof X509Certificate); i++) {
            X509Certificate x509Certificate = (X509Certificate) certificateArr[i];
            if (issuerDN.getName().compareTo(x509Certificate.getIssuerDN().getName()) == 0 && serialNumber.compareTo(x509Certificate.getSerialNumber()) == 0) {
                return true;
            }
        }
        return false;
    }

    public static SignatureValidationUtil getValidationUtility(PatchProProperties patchProProperties, SignatureValidationUtil signatureValidationUtil) throws NoKeystorePresentException, NoSigningCertException {
        SignatureValidationUtil signatureValidationUtil2;
        if (signatureValidationUtil != null) {
            signatureValidationUtil2 = signatureValidationUtil;
        } else {
            if (!patchProProperties.keystoreIsPresent()) {
                throw new NoKeystorePresentException("PatchBundleInstaller.KEYSTORE_LOCATION_NOT_DEFINED");
            }
            String property = patchProProperties.getProperty("patchpro.security.kslocation");
            String property2 = patchProProperties.getProperty("patchpro.security.patch.signingcert.alias", "patchsigning");
            try {
                signatureValidationUtil2 = new SignatureValidationUtil(property, property2);
            } catch (SignatureValidationException e) {
                e.getMessage();
                throw new NoSigningCertException("PatchBundleInstaller.FAILED_TO_CREATE_VALIDATION_UTIL", property2);
            }
        }
        return signatureValidationUtil2;
    }
}
