package com._1c.installer.sign;

import com._1c.chassis.gears.env.IEnvironment;
import com._1c.chassis.gears.env.OsType;
import com.google.common.base.Preconditions;
import com.google.common.collect.Sets;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.AccessController;
import java.security.CodeSigner;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivilegedActionException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.Manifest;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/_1c/installer/sign/JarSignaturesValidator.class */
final class JarSignaturesValidator implements IJarSignaturesValidator {
    private static final Logger LOGGER = LoggerFactory.getLogger(JarSignaturesValidator.class);
    private static final String X_509_CERTIFICATE = "X.509";
    private final IEnvironment env;
    private final Map<Certificate, String> knownCertificatesAliases = new HashMap(100);
    private KeyStore keyStore;

    /* JADX INFO: Access modifiers changed from: package-private */
    public JarSignaturesValidator(IEnvironment iEnvironment) {
        Preconditions.checkArgument(iEnvironment != null, "env must not be null");
        this.env = iEnvironment;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void initialize() throws InterruptedException {
        if (this.keyStore == null) {
            this.keyStore = getCaCertsKeyStore();
        }
    }

    @Override // com._1c.installer.sign.IJarSignaturesValidator
    @Nonnull
    public FileSignatureStatus getManifestStatus(JarFile jarFile) throws InterruptedException {
        Preconditions.checkArgument(jarFile != null, "jf must not be null");
        Preconditions.checkState(this.keyStore != null, "JarSignaturesValidator is not opened");
        String name = jarFile.getName();
        try {
            Manifest manifest = jarFile.getManifest();
            if (manifest == null) {
                return new FileSignatureStatus(name);
            }
            Map<String, Attributes> entries = manifest.getEntries();
            if (entries.isEmpty()) {
                return new FileSignatureStatus(name);
            }
            checkFilesMembership(jarFile, entries);
            throwIfInterrupted(IMessagesList.Messages.manifestStatusInterruption());
            JarEntry jarEntry = (JarEntry) jarFile.getEntry("META-INF/MANIFEST.MF");
            loadEntryIgnoringContent(jarFile, jarEntry);
            CodeSigner[] codeSigners = jarEntry.getCodeSigners();
            if (codeSigners == null || codeSigners.length == 0) {
                return new FileSignatureStatus(name);
            }
            if (codeSigners.length > 1) {
                throw new MultipleSignersException(name, IMessagesList.Messages.multipleSignaturesFound(name));
            }
            List<? extends Certificate> certificates = codeSigners[0].getSignerCertPath().getCertificates();
            if (certificates.get(0).getType().equals(X_509_CERTIFICATE)) {
                return generateStatusReportWithCast(name, certificates);
            }
            throw new UnsupportedCertificateException(name, IMessagesList.Messages.unsupportedCertificate(name));
        } catch (IOException e) {
            throw new SignatureCheckIoException(name, IMessagesList.Messages.cannotReadEntry("META-INF/MANIFEST.MF"), e);
        }
    }

    @Nonnull
    private FileSignatureStatus generateStatusReportWithCast(String str, List<? extends Certificate> list) {
        return generateStatusReport(str, list);
    }

    @Nonnull
    private FileSignatureStatus generateStatusReport(String str, List<X509Certificate> list) {
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : list) {
            arrayList.add(new CertificateDescr(x509Certificate, getAliasFromKeyStore(x509Certificate) != null));
        }
        return new FileSignatureStatus(str, arrayList);
    }

    @Nullable
    private String getAliasFromKeyStore(X509Certificate x509Certificate) {
        String str = this.knownCertificatesAliases.get(x509Certificate);
        if (str == null) {
            try {
                str = this.keyStore.getCertificateAlias(x509Certificate);
                if (str != null) {
                    this.knownCertificatesAliases.put(x509Certificate, str);
                }
            } catch (KeyStoreException e) {
                throw new SignatureEnvException(IMessagesList.Messages.cannotGetAliasesFromKeyStore(), e);
            }
        }
        return str;
    }

    @Nonnull
    private KeyStore getCaCertsKeyStore() {
        File file;
        KeyStore openWindowsKeyStore;
        HashMap hashMap = new HashMap();
        AccessController.doPrivileged(() -> {
            hashMap.put("trustStore", System.getProperty("javax.net.ssl.trustStore"));
            hashMap.put("javaHome", System.getProperty("java.home"));
            hashMap.put("trustStoreType", System.getProperty("javax.net.ssl.trustStoreType"));
            hashMap.put("trustStoreProvider", System.getProperty("javax.net.ssl.trustStoreProvider"));
            hashMap.put("trustStorePasswd", System.getProperty("javax.net.ssl.trustStorePassword"));
            return null;
        });
        if (!isStoreParamsSetExplicitly(hashMap) && (openWindowsKeyStore = openWindowsKeyStore()) != null) {
            return openWindowsKeyStore;
        }
        FileInputStream fileInputStream = null;
        try {
            String str = (String) hashMap.get("trustStore");
            if (!"NONE".equals(str)) {
                if (str != null) {
                    file = new File(str);
                    fileInputStream = getFileInputStream(file);
                } else {
                    String str2 = (String) hashMap.get("javaHome");
                    String str3 = File.separator;
                    file = new File(str2 + str3 + "lib" + str3 + "security" + str3 + "jssecacerts");
                    fileInputStream = getFileInputStream(file);
                    if (fileInputStream == null) {
                        file = new File(str2 + str3 + "lib" + str3 + "security" + str3 + "cacerts");
                        fileInputStream = getFileInputStream(file);
                    }
                }
                str = fileInputStream != null ? file.getPath() : "No File Available, using empty keystore.";
            }
            String str4 = (String) hashMap.get("trustStoreType");
            String niceStoreTypeName = str4 != null ? str4 : niceStoreTypeName(KeyStore.getDefaultType());
            String str5 = (String) hashMap.get("trustStoreProvider");
            String str6 = str5 != null ? str5 : "";
            String str7 = (String) hashMap.get("trustStorePasswd");
            String str8 = str7 != null ? str7 : "";
            LOGGER.debug("Opening trust store {}, type={}, provider={}", new Object[]{str, niceStoreTypeName, str6});
            KeyStore openKeyStore = openKeyStore(fileInputStream, str6, niceStoreTypeName, str8);
            LOGGER.debug("Trust store {} opened type={}, provider={}", new Object[]{str, niceStoreTypeName, str6});
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                    LOGGER.debug("Cannot close stream", e);
                }
            }
            return openKeyStore;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e2) {
                    LOGGER.debug("Cannot close stream", e2);
                }
            }
            throw th;
        }
    }

    private KeyStore openKeyStore(@Nullable FileInputStream fileInputStream, String str, String str2, String str3) {
        try {
            KeyStore keyStore = str.length() == 0 ? KeyStore.getInstance(str2) : KeyStore.getInstance(str2, str);
            char[] cArr = null;
            if (str3.length() != 0) {
                cArr = str3.toCharArray();
            }
            try {
                keyStore.load(fileInputStream, cArr);
                return keyStore;
            } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
                throw new SignatureEnvException(IMessagesList.Messages.cannotLoadKeyStore(), e);
            }
        } catch (KeyStoreException e2) {
            throw new SignatureEnvException(IMessagesList.Messages.cannotOpenKeyStore(), e2);
        } catch (NoSuchProviderException e3) {
            throw new SignatureEnvException(IMessagesList.Messages.cannotOpenKeyStoreUsingProvider(str), e3);
        }
    }

    @Nullable
    private KeyStore openWindowsKeyStore() {
        if (this.env.getOsType() != OsType.WINDOWS) {
            return null;
        }
        try {
            LOGGER.debug("Opening trust store NONE, type=Windows-ROOT, provider=SunMSCAPI");
            KeyStore keyStore = KeyStore.getInstance("Windows-ROOT", "SunMSCAPI");
            keyStore.load(null);
            LOGGER.debug("Trust store opened, type=Windows-ROOT, provider=SunMSCAPI");
            return keyStore;
        } catch (Exception e) {
            LOGGER.debug("Cannot open Windows-ROOT KeyStore using SunMSCAPI provider", e);
            return null;
        }
    }

    private void loadEntryIgnoringContent(JarFile jarFile, JarEntry jarEntry) {
        try {
            InputStream inputStream = jarFile.getInputStream(jarEntry);
            Throwable th = null;
            try {
                try {
                    byte[] bArr = new byte[8192];
                    do {
                    } while (inputStream.read(bArr, 0, bArr.length) != -1);
                    if (inputStream != null) {
                        if (0 != 0) {
                            try {
                                inputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new SignatureCheckIoException(jarFile.getName(), IMessagesList.Messages.cannotReadEntry(jarEntry.getName()), e);
        } catch (SecurityException e2) {
            throw new SignatureCheckJarEntryException(jarFile.getName(), jarEntry.getName(), IMessagesList.Messages.entryContentChanged(), e2);
        }
    }

    private void checkFilesMembership(JarFile jarFile, Map<String, Attributes> map) throws InterruptedException {
        Set<String> keySet = map.keySet();
        HashSet hashSet = new HashSet();
        Enumeration<JarEntry> entries = jarFile.entries();
        while (entries.hasMoreElements()) {
            throwIfInterrupted(IMessagesList.Messages.manifestStatusInterruption());
            JarEntry nextElement = entries.nextElement();
            String name = nextElement.getName();
            boolean isDirectory = nextElement.isDirectory();
            boolean startsWith = name.replaceAll("\\\\", "/").startsWith("META-INF/");
            if (!isDirectory && !startsWith) {
                hashSet.add(name);
            }
        }
        HashSet hashSet2 = new HashSet();
        hashSet2.addAll(Sets.difference(keySet, hashSet));
        if (!hashSet2.isEmpty()) {
            throw new SignatureEntriesMembershipException(jarFile.getName(), IMessagesList.Messages.missingEntries(hashSet2.size()), hashSet2, null);
        }
        hashSet2.addAll(Sets.difference(hashSet, keySet));
        if (!hashSet2.isEmpty()) {
            throw new SignatureEntriesMembershipException(jarFile.getName(), IMessagesList.Messages.excessEntries(hashSet2.size()), null, hashSet2);
        }
    }

    private void throwIfInterrupted(String str) throws InterruptedException {
        if (Thread.interrupted()) {
            throw new InterruptedException(str);
        }
    }

    private static String niceStoreTypeName(String str) {
        return str.equalsIgnoreCase("Windows-MY") ? "Windows-MY" : str.equalsIgnoreCase("Windows-ROOT") ? "Windows-ROOT" : str.toUpperCase();
    }

    private static boolean isStoreParamsSetExplicitly(Map<String, String> map) {
        return (map.get("trustStore") == null && map.get("trustStoreType") == null && map.get("trustStoreProvider") == null && map.get("trustStorePasswd") == null) ? false : true;
    }

    @Nullable
    private static FileInputStream getFileInputStream(File file) {
        try {
            return (FileInputStream) AccessController.doPrivileged(() -> {
                try {
                    return new FileInputStream(file);
                } catch (FileNotFoundException e) {
                    return null;
                }
            });
        } catch (PrivilegedActionException e) {
            Throwable cause = e.getCause();
            if (cause != null) {
                LOGGER.debug("Cannot open {}", file, cause);
                return null;
            }
            LOGGER.debug("Cannot open {}", file);
            return null;
        }
    }
}
