package org.eclipse.osgi.internal.signedcontent;

import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.eclipse.osgi.signedcontent.SignerInfo;
import org.eclipse.osgi.storage.bundlefile.BundleEntry;
import org.eclipse.osgi.storage.bundlefile.BundleFile;
import org.eclipse.osgi.util.NLS;

/* loaded from: input_file:WEB-INF/plugins/org.eclipse.osgi_3.11.0.v20160603-1336.jar:org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.class */
public class SignatureBlockProcessor implements SignedContentConstants {
    private final SignedBundleFile signedBundle;
    private List<SignerInfo> signerInfos = new ArrayList();
    private Map<String, Object> contentMDResults = new HashMap();
    private Map<SignerInfo, Object[]> tsaSignerInfos;
    private final int supportFlags;
    private final SignedBundleHook signedBundleHook;

    public SignatureBlockProcessor(SignedBundleFile signedBundleFile, int i, SignedBundleHook signedBundleHook) {
        this.signedBundle = signedBundleFile;
        this.supportFlags = i;
        this.signedBundleHook = signedBundleHook;
    }

    public SignedContentImpl process() throws IOException, InvalidKeyException, SignatureException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        BundleFile bundleFile = this.signedBundle.getBundleFile();
        BundleEntry entry = bundleFile.getEntry("META-INF/MANIFEST.MF");
        if (entry == null) {
            return createUnsignedContent();
        }
        Enumeration<String> entryPaths = bundleFile.getEntryPaths(SignedContentConstants.META_INF);
        ArrayList arrayList = new ArrayList(2);
        while (entryPaths.hasMoreElements()) {
            String nextElement = entryPaths.nextElement();
            if (nextElement.endsWith(SignedContentConstants.DOT_DSA) || nextElement.endsWith(SignedContentConstants.DOT_RSA)) {
                if (nextElement.indexOf(47) == nextElement.lastIndexOf(47)) {
                    arrayList.add(nextElement);
                }
            }
        }
        if (arrayList.size() == 0) {
            return createUnsignedContent();
        }
        byte[] readIntoArray = readIntoArray(entry);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            processSigner(bundleFile, readIntoArray, (String) it.next());
        }
        SignerInfo[] signerInfoArr = (SignerInfo[]) this.signerInfos.toArray(new SignerInfo[this.signerInfos.size()]);
        for (Map.Entry entry2 : this.contentMDResults.entrySet()) {
            List[] listArr = (List[]) entry2.getValue();
            entry2.setValue(new Object[]{(SignerInfo[]) listArr[0].toArray(new SignerInfo[listArr[0].size()]), (byte[][]) listArr[1].toArray((Object[]) new byte[listArr[1].size()])});
        }
        SignedContentImpl signedContentImpl = new SignedContentImpl(signerInfoArr, (this.supportFlags & 4) != 0 ? this.contentMDResults : null);
        signedContentImpl.setContent(this.signedBundle);
        signedContentImpl.setTSASignerInfos(this.tsaSignerInfos);
        return signedContentImpl;
    }

    private SignedContentImpl createUnsignedContent() {
        SignedContentImpl signedContentImpl = new SignedContentImpl(new SignerInfo[0], this.contentMDResults);
        signedContentImpl.setContent(this.signedBundle);
        return signedContentImpl;
    }

    private void processSigner(BundleFile bundleFile, byte[] bArr, String str) throws IOException, SignatureException, InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        byte[] readIntoArray = readIntoArray(bundleFile.getEntry(str));
        byte[] readIntoArray2 = readIntoArray(bundleFile.getEntry(String.valueOf(str.substring(0, str.lastIndexOf(46))) + SignedContentConstants.DOT_SF));
        PKCS7Processor pKCS7Processor = new PKCS7Processor(readIntoArray, 0, readIntoArray.length, str, bundleFile.getBaseFile() != null ? bundleFile.getBaseFile().toString() : null);
        pKCS7Processor.verifySFSignature(readIntoArray2, 0, readIntoArray2.length);
        String digAlgFromSF = getDigAlgFromSF(readIntoArray2);
        if (digAlgFromSF == null) {
            throw new SignatureException(NLS.bind(SignedContentMessages.SF_File_Parsing_Error, (Object[]) new String[]{bundleFile.toString()}));
        }
        verifyManifestAndSignatureFile(bArr, readIntoArray2);
        SignerInfoImpl signerInfoImpl = new SignerInfoImpl(pKCS7Processor.getCertificates(), null, digAlgFromSF);
        if ((this.supportFlags & 4) != 0) {
            populateMDResults(bArr, signerInfoImpl);
        }
        this.signerInfos.add(signerInfoImpl);
        Certificate[] tSACertificates = pKCS7Processor.getTSACertificates();
        Date signingTime = pKCS7Processor.getSigningTime();
        if (tSACertificates == null || signingTime == null) {
            return;
        }
        SignerInfoImpl signerInfoImpl2 = new SignerInfoImpl(tSACertificates, null, digAlgFromSF);
        if (this.tsaSignerInfos == null) {
            this.tsaSignerInfos = new HashMap(2);
        }
        this.tsaSignerInfos.put(signerInfoImpl, new Object[]{signerInfoImpl2, signingTime});
    }

    private void verifyManifestAndSignatureFile(byte[] bArr, byte[] bArr2) throws SignatureException {
        int lastIndexOf;
        String stripContinuations = stripContinuations(new String(bArr2, SignedContentConstants.UTF8));
        int indexOf = stripContinuations.indexOf(SignedContentConstants.digestManifestSearch);
        if (indexOf == -1 || (lastIndexOf = stripContinuations.lastIndexOf(10, indexOf)) == -1) {
            return;
        }
        String substring = stripContinuations.substring(lastIndexOf + 1, indexOf);
        String calculateDigest = substring.equalsIgnoreCase(SignedContentConstants.MD5_STR) ? calculateDigest(getMessageDigest(SignedContentConstants.MD5_STR), bArr) : substring.equalsIgnoreCase(SignedContentConstants.SHA1_STR) ? calculateDigest(getMessageDigest(SignedContentConstants.SHA1_STR), bArr) : calculateDigest(getMessageDigest(substring), bArr);
        int i = indexOf + digestManifestSearchLen;
        if (stripContinuations.substring(i, stripContinuations.indexOf(10, i) - 1).equals(calculateDigest)) {
            return;
        }
        SignatureException signatureException = new SignatureException(NLS.bind(SignedContentMessages.Security_File_Is_Tampered, (Object[]) new String[]{this.signedBundle.getBaseFile().toString()}));
        this.signedBundleHook.log(signatureException.getMessage(), 4, signatureException);
        throw signatureException;
    }

    private void populateMDResults(byte[] bArr, SignerInfo signerInfo) {
        String digestLine;
        String str = new String(bArr, SignedContentConstants.UTF8);
        int indexOf = str.indexOf(SignedContentConstants.MF_ENTRY_NEWLN_NAME);
        int length = str.length();
        while (indexOf != -1 && indexOf < length) {
            int indexOf2 = str.indexOf(SignedContentConstants.MF_ENTRY_NEWLN_NAME, indexOf + 1);
            if (indexOf2 == -1) {
                indexOf2 = str.length();
            }
            String stripContinuations = stripContinuations(str.substring(indexOf + 1, indexOf2));
            indexOf = indexOf2;
            String entryFileName = getEntryFileName(stripContinuations);
            if (entryFileName != null && (digestLine = getDigestLine(stripContinuations, signerInfo.getMessageDigestAlgorithm())) != null && getDigestAlgorithmFromString(digestLine).equalsIgnoreCase(signerInfo.getMessageDigestAlgorithm())) {
                byte[] digestResultsList = getDigestResultsList(digestLine);
                List[] listArr = (List[]) this.contentMDResults.get(entryFileName);
                if (listArr == null) {
                    listArr = new ArrayList[]{new ArrayList(), new ArrayList()};
                    this.contentMDResults.put(entryFileName, listArr);
                }
                listArr[0].add(signerInfo);
                listArr[1].add(digestResultsList);
            }
        }
    }

    private static byte[] getDigestResultsList(String str) {
        byte[] bArr = null;
        if (str != null) {
            int indexOf = str.indexOf(SignedContentConstants.MF_DIGEST_PART) + SignedContentConstants.MF_DIGEST_PART.length();
            if (indexOf >= str.length()) {
            }
            try {
                bArr = Base64.decode(str.substring(indexOf).getBytes());
            } catch (Throwable unused) {
                bArr = null;
            }
        }
        return bArr;
    }

    private static String getDigestAlgorithmFromString(String str) {
        if (str == null) {
            return null;
        }
        String substring = str.substring(0, str.indexOf(SignedContentConstants.MF_DIGEST_PART));
        return substring.equalsIgnoreCase(SignedContentConstants.MD5_STR) ? SignedContentConstants.MD5_STR : substring.equalsIgnoreCase(SignedContentConstants.SHA1_STR) ? SignedContentConstants.SHA1_STR : substring;
    }

    private static String getEntryFileName(String str) {
        int indexOf = str.indexOf(SignedContentConstants.MF_ENTRY_NAME);
        if (indexOf == -1) {
            return null;
        }
        int indexOf2 = str.indexOf(10, indexOf);
        if (indexOf2 == -1) {
            return null;
        }
        if (str.charAt(indexOf2 - 1) == '\r') {
            indexOf2--;
        }
        int length = indexOf + SignedContentConstants.MF_ENTRY_NAME.length();
        if (length >= indexOf2) {
            return null;
        }
        return str.substring(length, indexOf2);
    }

    private static String calculateDigest(MessageDigest messageDigest, byte[] bArr) {
        return new String(Base64.encode(messageDigest.digest(bArr)), SignedContentConstants.UTF8);
    }

    synchronized MessageDigest getMessageDigest(String str) {
        try {
            return MessageDigest.getInstance(str);
        } catch (NoSuchAlgorithmException e) {
            this.signedBundleHook.log(e.getMessage(), 4, e);
            return null;
        }
    }

    private static String getDigAlgFromSF(byte[] bArr) {
        String str = new String(bArr, SignedContentConstants.UTF8);
        String str2 = null;
        int indexOf = str.indexOf(SignedContentConstants.MF_ENTRY_NEWLN_NAME);
        int length = str.length();
        if (indexOf != -1 && indexOf < length) {
            int indexOf2 = str.indexOf(SignedContentConstants.MF_ENTRY_NEWLN_NAME, indexOf + 1);
            if (indexOf2 == -1) {
                indexOf2 = str.length();
            }
            str2 = stripContinuations(str.substring(indexOf + 1, indexOf2));
        }
        if (str2 != null) {
            return getMessageDigestName(getDigestLine(str2, null));
        }
        return null;
    }

    private static String getDigestLine(String str, String str2) {
        int indexOf;
        String str3 = null;
        int indexOf2 = str.indexOf(SignedContentConstants.MF_DIGEST_PART);
        if (indexOf2 == -1) {
            return null;
        }
        while (indexOf2 != -1) {
            int lastIndexOf = str.lastIndexOf(10, indexOf2);
            if (lastIndexOf == -1 || (indexOf = str.indexOf(10, indexOf2)) == -1) {
                return null;
            }
            int i = indexOf;
            if (str.charAt(i - 1) == '\r') {
                i--;
            }
            int i2 = lastIndexOf + 1;
            if (i2 >= i) {
                return null;
            }
            String substring = str.substring(i2, i);
            String messageDigestName = getMessageDigestName(substring);
            if (str2 != null && str2.equalsIgnoreCase(messageDigestName)) {
                return substring;
            }
            str3 = substring;
            indexOf2 = str.indexOf(SignedContentConstants.MF_DIGEST_PART, indexOf);
        }
        return str3;
    }

    private static String getMessageDigestName(String str) {
        int indexOf;
        String str2 = null;
        if (str != null && (indexOf = str.indexOf(SignedContentConstants.MF_DIGEST_PART)) != -1) {
            str2 = str.substring(0, indexOf);
        }
        return str2;
    }

    private static String stripContinuations(String str) {
        if (str.indexOf("\n ") < 0 && str.indexOf("\r ") < 0) {
            return str;
        }
        StringBuffer stringBuffer = new StringBuffer(str);
        removeAll(stringBuffer, "\r\n ");
        removeAll(stringBuffer, "\n ");
        removeAll(stringBuffer, "\r ");
        return stringBuffer.toString();
    }

    private static StringBuffer removeAll(StringBuffer stringBuffer, String str) {
        int indexOf = stringBuffer.indexOf(str);
        int length = str.length();
        while (indexOf > 0) {
            stringBuffer.replace(indexOf, indexOf + length, "");
            indexOf = stringBuffer.indexOf(str, indexOf);
        }
        return stringBuffer;
    }

    private static byte[] readIntoArray(BundleEntry bundleEntry) throws IOException {
        int size = (int) bundleEntry.getSize();
        InputStream inputStream = bundleEntry.getInputStream();
        try {
            byte[] bArr = new byte[size];
            int readFully = readFully(inputStream, bArr);
            if (readFully != size) {
                throw new IOException("Couldn't read all of " + bundleEntry.getName() + ": " + readFully + " != " + size);
            }
            return bArr;
        } finally {
            try {
                inputStream.close();
            } catch (IOException unused) {
            }
        }
    }

    private static int readFully(InputStream inputStream, byte[] bArr) throws IOException {
        int length = bArr.length;
        int i = 0;
        while (true) {
            int i2 = i;
            int read = inputStream.read(bArr, i2, length);
            if (read <= 0) {
                return i2;
            }
            length -= read;
            i = i2 + read;
        }
    }
}
