package com.sun.javafx.tools.packager;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.security.CodeSigner;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.Timestamp;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Locale;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import java.util.zip.ZipOutputStream;
import org.h2.api.ErrorCode;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.PKCS9Attribute;
import sun.security.pkcs.PKCS9Attributes;
import sun.security.pkcs.ParsingException;
import sun.security.pkcs.SignerInfo;
import sun.security.timestamp.TimestampToken;
import sun.security.util.DerValue;
import sun.security.x509.AlgorithmId;

/* loaded from: input_file:installer/lib/ant/ant-javafx.jar:com/sun/javafx/tools/packager/JarSignature.class */
public class JarSignature {
    public static final String BLOB_SIGNATURE = "META-INF/SIGNATURE.BSF";
    private final Signature sig;
    private final X509Certificate[] certChain;
    private final CodeSigner[] codeSigners;
    private final SignerInfo[] signerInfos;

    /* loaded from: input_file:installer/lib/ant/ant-javafx.jar:com/sun/javafx/tools/packager/JarSignature$InputStreamSource.class */
    public interface InputStreamSource {
        InputStream getInputStream() throws IOException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:installer/lib/ant/ant-javafx.jar:com/sun/javafx/tools/packager/JarSignature$ValidationStream.class */
    public class ValidationStream extends InputStream {
        InputStream dataStream;

        public ValidationStream(InputStream inputStream) {
            this.dataStream = null;
            this.dataStream = inputStream;
        }

        @Override // java.io.InputStream
        public int read() throws IOException {
            int read = this.dataStream.read();
            if (read > -1) {
                try {
                    JarSignature.this.sig.update((byte) read);
                } catch (SignatureException e) {
                    throw new RuntimeException(e);
                }
            }
            return read;
        }

        @Override // java.io.InputStream
        public int read(byte[] bArr, int i, int i2) throws IOException {
            int read = this.dataStream.read(bArr, i, i2);
            if (read > 0) {
                try {
                    JarSignature.this.sig.update(bArr, i, read);
                } catch (SignatureException e) {
                    throw new RuntimeException(e);
                }
            }
            return read;
        }

        @Override // java.io.InputStream, java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            this.dataStream.close();
        }
    }

    public static JarSignature load(byte[] bArr) throws ParsingException, CertificateException, IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        PKCS7 pkcs7 = new PKCS7(bArr);
        SignerInfo[] signerInfos = pkcs7.getSignerInfos();
        if (signerInfos == null || signerInfos.length != 1) {
            throw new IllegalArgumentException("BLOB signature currently only support single signer.");
        }
        PublicKey publicKey = signerInfos[0].getCertificate(pkcs7).getPublicKey();
        CodeSigner[] extractCodeSigners = extractCodeSigners(signerInfos, pkcs7);
        Signature signature = getSignature(signerInfos[0]);
        signature.initVerify(publicKey);
        return new JarSignature(signature, signerInfos, extractCodeSigners);
    }

    public static JarSignature create(PrivateKey privateKey, X509Certificate[] x509CertificateArr) throws NoSuchAlgorithmException, InvalidKeyException {
        Signature signature = getSignature(privateKey.getAlgorithm());
        signature.initSign(privateKey);
        return new JarSignature(signature, x509CertificateArr);
    }

    private JarSignature(Signature signature, X509Certificate[] x509CertificateArr) {
        this.certChain = x509CertificateArr;
        this.signerInfos = null;
        this.codeSigners = null;
        this.sig = signature;
    }

    private JarSignature(Signature signature, SignerInfo[] signerInfoArr, CodeSigner[] codeSignerArr) {
        this.certChain = null;
        this.signerInfos = signerInfoArr;
        this.codeSigners = codeSignerArr;
        this.sig = signature;
    }

    public boolean isValidationMode() {
        return this.certChain == null;
    }

    private static Signature getSignature(String str) throws NoSuchAlgorithmException {
        if (str.equalsIgnoreCase("DSA")) {
            return Signature.getInstance("SHA1withDSA");
        }
        if (str.equalsIgnoreCase("RSA")) {
            return Signature.getInstance("SHA256withRSA");
        }
        if (str.equalsIgnoreCase("EC")) {
            return Signature.getInstance("SHA256withECDSA");
        }
        throw new IllegalArgumentException("Key algorithm should be either DSA, RSA or EC");
    }

    private static Signature getSignature(SignerInfo signerInfo) throws NoSuchAlgorithmException {
        return Signature.getInstance(makeSigAlg(signerInfo.getDigestAlgorithmId().getName(), signerInfo.getDigestEncryptionAlgorithmId().getName()));
    }

    String getSignatureAlgorithm() throws NoSuchAlgorithmException {
        return this.sig.getAlgorithm();
    }

    AlgorithmId getDigestAlgorithm() throws NoSuchAlgorithmException {
        return AlgorithmId.get(getDigAlgFromSigAlg(this.sig.getAlgorithm()));
    }

    AlgorithmId getKeyAlgorithm() throws NoSuchAlgorithmException {
        return AlgorithmId.get(getEncAlgFromSigAlg(this.sig.getAlgorithm()));
    }

    private static String makeSigAlg(String str, String str2) {
        String upperCase = str.replace("-", "").toUpperCase(Locale.ENGLISH);
        if (upperCase.equalsIgnoreCase("SHA")) {
            upperCase = "SHA1";
        }
        String upperCase2 = str2.toUpperCase(Locale.ENGLISH);
        if (upperCase2.equals("EC")) {
            upperCase2 = "ECDSA";
        }
        return upperCase + "with" + upperCase2;
    }

    private static String getDigAlgFromSigAlg(String str) {
        String upperCase = str.toUpperCase(Locale.ENGLISH);
        int indexOf = upperCase.indexOf("WITH");
        if (indexOf > 0) {
            return upperCase.substring(0, indexOf);
        }
        return null;
    }

    private static String getEncAlgFromSigAlg(String str) {
        String upperCase = str.toUpperCase(Locale.ENGLISH);
        int indexOf = upperCase.indexOf("WITH");
        String str2 = null;
        if (indexOf > 0) {
            int indexOf2 = upperCase.indexOf("AND", indexOf + 4);
            str2 = indexOf2 > 0 ? upperCase.substring(indexOf + 4, indexOf2) : upperCase.substring(indexOf + 4);
            if (str2.equalsIgnoreCase("ECDSA")) {
                str2 = "EC";
            }
        }
        return str2;
    }

    public byte[] getEncoded() throws NoSuchAlgorithmException, SignatureException, IOException {
        if (isValidationMode()) {
            throw new UnsupportedOperationException("Method is not for validation mode.");
        }
        AlgorithmId digestAlgorithm = getDigestAlgorithm();
        PKCS7 pkcs7 = new PKCS7(new AlgorithmId[]{digestAlgorithm}, new ContentInfo(ContentInfo.DATA_OID, (DerValue) null), this.certChain, new SignerInfo[]{new SignerInfo(this.certChain[0].getIssuerDN(), this.certChain[0].getSerialNumber(), digestAlgorithm, getKeyAlgorithm(), this.sig.sign())});
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(8192);
        pkcs7.encodeSignedData(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public InputStream updateWithZipEntry(String str, InputStream inputStream) throws SignatureException {
        try {
            this.sig.update(str.getBytes("UTF-8"));
            return new ValidationStream(inputStream);
        } catch (UnsupportedEncodingException e) {
            throw new SignatureException(e);
        }
    }

    public void update(byte[] bArr) throws SignatureException {
        this.sig.update(bArr);
    }

    public boolean isValid() {
        try {
            return this.sig.verify(this.signerInfos[0].getEncryptedDigest());
        } catch (Exception e) {
            return false;
        }
    }

    public CodeSigner[] getCodeSigners() {
        return this.codeSigners;
    }

    private static CodeSigner[] extractCodeSigners(SignerInfo[] signerInfoArr, PKCS7 pkcs7) throws IOException, NoSuchAlgorithmException, SignatureException, CertificateException {
        ArrayList arrayList = new ArrayList();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        for (SignerInfo signerInfo : signerInfoArr) {
            arrayList.add(new CodeSigner(certificateFactory.generateCertPath(signerInfo.getCertificateChain(pkcs7)), getTimestamp(signerInfo, certificateFactory)));
        }
        return (CodeSigner[]) arrayList.toArray(new CodeSigner[arrayList.size()]);
    }

    private static Timestamp getTimestamp(SignerInfo signerInfo, CertificateFactory certificateFactory) throws IOException, NoSuchAlgorithmException, SignatureException, CertificateException {
        PKCS9Attribute attribute;
        Timestamp timestamp = null;
        PKCS9Attributes unauthenticatedAttributes = signerInfo.getUnauthenticatedAttributes();
        if (unauthenticatedAttributes != null && (attribute = unauthenticatedAttributes.getAttribute("signatureTimestampToken")) != null) {
            PKCS7 pkcs7 = new PKCS7((byte[]) attribute.getValue());
            byte[] data = pkcs7.getContentInfo().getData();
            timestamp = new Timestamp(new TimestampToken(data).getDate(), certificateFactory.generateCertPath(pkcs7.verify(data)[0].getCertificateChain(pkcs7)));
        }
        return timestamp;
    }

    public void signJarAsBLOB(InputStreamSource inputStreamSource, ZipOutputStream zipOutputStream) throws IOException, SignatureException, NoSuchAlgorithmException {
        byte[] bArr = new byte[ErrorCode.ERROR_OPENING_DATABASE_1];
        ZipInputStream zipInputStream = new ZipInputStream(inputStreamSource.getInputStream());
        boolean z = false;
        boolean z2 = false;
        while (true) {
            try {
                ZipEntry nextEntry = zipInputStream.getNextEntry();
                if (nextEntry == null) {
                    break;
                }
                if ("META-INF/MANIFEST.MF".equals(nextEntry.getName().toUpperCase(Locale.ENGLISH))) {
                    z = true;
                }
                if ("META-INF/".equals(nextEntry.getName().toUpperCase(Locale.ENGLISH))) {
                    z2 = true;
                }
                if (!BLOB_SIGNATURE.equals(nextEntry.getName()) && !nextEntry.getName().endsWith("/")) {
                    readFully(updateWithZipEntry(nextEntry.getName(), zipInputStream));
                }
            } catch (Throwable th) {
                zipInputStream.close();
                zipOutputStream.close();
                throw th;
            }
        }
        byte[] encoded = getEncoded();
        zipInputStream.close();
        zipInputStream = new ZipInputStream(inputStreamSource.getInputStream());
        while (true) {
            ZipEntry nextEntry2 = zipInputStream.getNextEntry();
            if (nextEntry2 == null) {
                zipInputStream.close();
                zipOutputStream.close();
                return;
            }
            String name = nextEntry2.getName();
            if (!z2) {
                ZipEntry zipEntry = new ZipEntry("META-INF/");
                zipEntry.setTime(System.currentTimeMillis());
                zipOutputStream.putNextEntry(zipEntry);
                zipOutputStream.closeEntry();
                z2 = true;
            }
            if (!z) {
                addSignatureEntry(encoded, zipOutputStream);
                z = true;
            }
            if (!BLOB_SIGNATURE.equals(name)) {
                ZipEntry zipEntry2 = new ZipEntry(name);
                zipEntry2.setMethod(nextEntry2.getMethod());
                zipEntry2.setTime(nextEntry2.getTime());
                zipEntry2.setComment(nextEntry2.getComment());
                zipEntry2.setExtra(nextEntry2.getExtra());
                if (nextEntry2.getMethod() == 0) {
                    zipEntry2.setSize(nextEntry2.getSize());
                    zipEntry2.setCrc(nextEntry2.getCrc());
                }
                zipOutputStream.putNextEntry(zipEntry2);
                while (true) {
                    int read = zipInputStream.read(bArr);
                    if (read == -1) {
                        break;
                    } else {
                        zipOutputStream.write(bArr, 0, read);
                    }
                }
                zipOutputStream.closeEntry();
            }
            if ("META-INF/MANIFEST.MF".equals(name.toUpperCase(Locale.ENGLISH))) {
                addSignatureEntry(encoded, zipOutputStream);
            }
        }
    }

    private void addSignatureEntry(byte[] bArr, ZipOutputStream zipOutputStream) throws IOException {
        ZipEntry zipEntry = new ZipEntry(BLOB_SIGNATURE);
        zipEntry.setSize(bArr.length);
        zipEntry.setTime(System.currentTimeMillis());
        zipOutputStream.putNextEntry(zipEntry);
        zipOutputStream.write(bArr);
        zipOutputStream.closeEntry();
    }

    private static void readFully(InputStream inputStream) throws IOException {
        do {
        } while (inputStream.read(new byte[10000]) != -1);
    }
}
