package org.eclipse.update.internal.security;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.zip.ZipException;
import org.eclipse.core.runtime.CoreException;
import org.eclipse.core.runtime.IProgressMonitor;
import org.eclipse.osgi.util.NLS;
import org.eclipse.update.core.ContentReference;
import org.eclipse.update.core.IFeature;
import org.eclipse.update.core.IVerificationResult;
import org.eclipse.update.core.IVerifier;
import org.eclipse.update.core.InstallMonitor;
import org.eclipse.update.core.JarContentReference;
import org.eclipse.update.core.Utilities;
import org.eclipse.update.core.Verifier;
import org.eclipse.update.internal.core.Messages;
import org.eclipse.update.internal.core.UpdateCore;
import org.eclipse.update.internal.core.connection.ConnectionFactory;

/* loaded from: input_file:org/eclipse/update/internal/security/JarVerifier.class */
public class JarVerifier extends Verifier {
    private static final String MANIFEST = "META-INF";
    private JarVerificationResult result;
    private List trustedCertificates;
    private boolean acceptUnsignedFiles;
    private List listOfKeystores;
    private IProgressMonitor monitor;
    private File jarFile;
    private static byte[] buffer = new byte[8192];

    public JarVerifier() {
        initialize();
    }

    private List getKeyStores() throws CoreException {
        KeystoreHandle next;
        InputStream inputStream;
        if (this.listOfKeystores == null) {
            this.listOfKeystores = new ArrayList(0);
            KeyStores keyStores = new KeyStores();
            while (keyStores.hasNext()) {
                try {
                    next = keyStores.next();
                    inputStream = ConnectionFactory.get(next.getLocation()).getInputStream();
                } catch (IOException unused) {
                }
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance(next.getType());
                        keyStore.load(inputStream, null);
                        this.listOfKeystores.add(keyStore);
                    } finally {
                        if (inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (IOException unused2) {
                            }
                        }
                    }
                } catch (KeyStoreException e) {
                    throw Utilities.newCoreException(NLS.bind(Messages.JarVerifier_UnableToFindProviderForKeystore, new String[]{next.getType()}), e);
                } catch (NoSuchAlgorithmException e2) {
                    throw Utilities.newCoreException(NLS.bind(Messages.JarVerifier_UnableToFindEncryption, new String[]{next.getLocation().toExternalForm()}), e2);
                } catch (CertificateException e3) {
                    throw Utilities.newCoreException(NLS.bind(Messages.JarVerifier_UnableToLoadCertificate, new String[]{next.getLocation().toExternalForm()}), e3);
                }
            }
        }
        return this.listOfKeystores;
    }

    private void initialize() {
        this.result = null;
        this.trustedCertificates = null;
        this.acceptUnsignedFiles = false;
        this.listOfKeystores = null;
    }

    private void init(IFeature iFeature, ContentReference contentReference) throws CoreException {
        this.jarFile = null;
        if (contentReference instanceof JarContentReference) {
            JarContentReference jarContentReference = (JarContentReference) contentReference;
            try {
                this.jarFile = jarContentReference.asFile();
                if (UpdateCore.DEBUG && UpdateCore.DEBUG_SHOW_INSTALL) {
                    UpdateCore.debug(new StringBuffer("Attempting to read JAR file:").append(this.jarFile).toString());
                }
                if (!this.jarFile.exists()) {
                    throw new IOException();
                }
                try {
                    new JarFile(this.jarFile).close();
                } catch (IOException unused) {
                }
            } catch (ZipException e) {
                throw Utilities.newCoreException(NLS.bind(Messages.JarVerifier_InvalidJar, new String[]{jarContentReference.toString()}), e);
            } catch (IOException e2) {
                throw Utilities.newCoreException(NLS.bind(Messages.JarVerifier_UnableToAccessJar, new String[]{jarContentReference.toString()}), e2);
            }
        }
        this.result = new JarVerificationResult();
        this.result.setVerificationCode(6);
        this.result.setResultException(null);
        this.result.setFeature(iFeature);
        this.result.setContentReference(contentReference);
    }

    private boolean existsInKeystore(Certificate certificate) throws CoreException {
        try {
            List keyStores = getKeyStores();
            if (keyStores.isEmpty()) {
                return false;
            }
            Iterator it = keyStores.iterator();
            while (it.hasNext()) {
                if (((KeyStore) it.next()).getCertificateAlias(certificate) != null) {
                    return true;
                }
            }
            return false;
        } catch (KeyStoreException e) {
            throw Utilities.newCoreException(Messages.JarVerifier_KeyStoreNotLoaded, e);
        }
    }

    private List readJarFile(JarFile jarFile, String str) throws IOException, InterruptedException {
        ArrayList arrayList = new ArrayList();
        Enumeration<JarEntry> entries = jarFile.entries();
        InputStream inputStream = null;
        try {
            if (this.monitor != null) {
                IProgressMonitor iProgressMonitor = this.monitor;
                String str2 = Messages.JarVerifier_Verify;
                String[] strArr = new String[1];
                strArr[0] = str == null ? jarFile.getName() : str;
                iProgressMonitor.setTaskName(NLS.bind(str2, strArr));
            }
            while (entries.hasMoreElements()) {
                try {
                    JarEntry nextElement = entries.nextElement();
                    arrayList.add(nextElement);
                    inputStream = jarFile.getInputStream(nextElement);
                    do {
                    } while (inputStream.read(buffer, 0, buffer.length) != -1);
                    inputStream.close();
                } catch (IOException e) {
                    this.result.setVerificationCode(6);
                    this.result.setResultException(e);
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException unused) {
                        }
                    }
                }
            }
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException unused2) {
                }
            }
            return arrayList;
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException unused3) {
                }
            }
            throw th;
        }
    }

    public void setMonitor(IProgressMonitor iProgressMonitor) {
        this.monitor = iProgressMonitor;
    }

    @Override // org.eclipse.update.core.Verifier, org.eclipse.update.core.IVerifier
    public IVerificationResult verify(IFeature iFeature, ContentReference contentReference, boolean z, InstallMonitor installMonitor) throws CoreException {
        if (contentReference == null) {
            return this.result;
        }
        if (getParent() != null) {
            IVerificationResult verify = getParent().verify(iFeature, contentReference, z, installMonitor);
            if (verify.getVerificationCode() != 8) {
                return verify;
            }
        }
        setMonitor(installMonitor);
        init(iFeature, contentReference);
        this.result.isFeatureVerification(z);
        if (this.jarFile != null) {
            this.result = verify(this.jarFile.getAbsolutePath(), contentReference.getIdentifier());
        } else {
            this.result.setVerificationCode(8);
        }
        return this.result;
    }

    private JarVerificationResult verify(String str, String str2) {
        try {
            verifyIntegrity(str, str2);
            this.result.alreadySeen(alreadyValidated());
            if (this.result.getVerificationCode() == 5) {
                verifyAuthentication();
            }
            if (this.result.getVerificationCode() == 1) {
                this.acceptUnsignedFiles = true;
            }
        } catch (Exception e) {
            this.result.setVerificationCode(6);
            this.result.setResultException(e);
        }
        if (this.monitor != null) {
            this.monitor.worked(1);
            if (this.monitor.isCanceled()) {
                this.result.setVerificationCode(7);
            }
        }
        return this.result;
    }

    private void verifyAuthentication() throws CoreException {
        CertificatePair[] rootCertificates = this.result.getRootCertificates();
        for (int i = 0; i < rootCertificates.length; i++) {
            if (existsInKeystore(rootCertificates[i].getRoot())) {
                this.result.setVerificationCode(3);
                this.result.setFoundCertificate(rootCertificates[i]);
                return;
            }
        }
    }

    private void verifyIntegrity(String str, String str2) {
        JarFile jarFile = null;
        try {
            try {
                try {
                    try {
                        JarFile jarFile2 = new JarFile(str, true);
                        List<JarEntry> readJarFile = readJarFile(jarFile2, str2);
                        if (jarFile2.getManifest() != null) {
                            boolean z = false;
                            for (JarEntry jarEntry : readJarFile) {
                                Certificate[] certificates = jarEntry.getCertificates();
                                if (certificates != null && certificates.length != 0) {
                                    z = true;
                                    this.result.addCertificates(certificates);
                                } else if (!jarEntry.getName().toUpperCase().startsWith(MANIFEST) && !jarEntry.isDirectory()) {
                                    break;
                                }
                            }
                            if (z) {
                                this.result.setVerificationCode(5);
                            } else {
                                this.result.setVerificationCode(1);
                            }
                        } else {
                            Exception exc = new Exception(NLS.bind(Messages.JarVerifier_InvalidFile, new String[]{str}));
                            this.result.setResultException(exc);
                            this.result.setVerificationCode(1);
                            UpdateCore.warn(null, exc);
                        }
                        if (jarFile2 != null) {
                            try {
                                jarFile2.close();
                            } catch (IOException unused) {
                            }
                        }
                    } catch (InterruptedException unused2) {
                        this.result.setVerificationCode(7);
                        if (0 != 0) {
                            try {
                                jarFile.close();
                            } catch (IOException unused3) {
                            }
                        }
                    }
                } catch (Exception e) {
                    this.result.setVerificationCode(6);
                    this.result.setResultException(e);
                    if (0 != 0) {
                        try {
                            jarFile.close();
                        } catch (IOException unused4) {
                        }
                    }
                }
            } catch (SecurityException unused5) {
                this.result.setVerificationCode(2);
                if (0 != 0) {
                    try {
                        jarFile.close();
                    } catch (IOException unused6) {
                    }
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    jarFile.close();
                } catch (IOException unused7) {
                }
            }
            throw th;
        }
    }

    private boolean alreadyValidated() {
        if (this.result.getVerificationCode() == 1) {
            return this.acceptUnsignedFiles;
        }
        if (getTrustedCertificates() == null) {
            return false;
        }
        CertificatePair[] rootCertificates = this.result.getRootCertificates();
        for (CertificatePair certificatePair : getTrustedCertificates()) {
            for (CertificatePair certificatePair2 : rootCertificates) {
                if (certificatePair.equals(certificatePair2)) {
                    return true;
                }
            }
        }
        for (CertificatePair certificatePair3 : rootCertificates) {
            addTrustedCertificate(certificatePair3);
        }
        return false;
    }

    private void addTrustedCertificate(CertificatePair certificatePair) {
        if (this.trustedCertificates == null) {
            this.trustedCertificates = new ArrayList();
        }
        if (certificatePair != null) {
            this.trustedCertificates.add(certificatePair);
        }
    }

    private List getTrustedCertificates() {
        if (this.trustedCertificates == null) {
            this.trustedCertificates = new ArrayList();
        }
        return this.trustedCertificates;
    }

    @Override // org.eclipse.update.core.Verifier, org.eclipse.update.core.IVerifier
    public void setParent(IVerifier iVerifier) {
        super.setParent(iVerifier);
        initialize();
    }
}
