package blackboard.platform.plugin;

import blackboard.base.IFactory;
import blackboard.base.SingletonFactory;
import blackboard.platform.config.ConfigurationServiceFactory;
import blackboard.util.IOUtil;
import blackboard.util.zip.ZipUtil;
import java.io.File;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;

/* loaded from: input_file:blackboard/platform/plugin/JarFileSignatureValidator.class */
public class JarFileSignatureValidator {
    public static IFactory<JarFileSignatureValidator> Factory = SingletonFactory.getFactory(JarFileSignatureValidator.class);
    private List<X509Certificate> _trustedCaCerts;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:blackboard/platform/plugin/JarFileSignatureValidator$CertificateFileFilter.class */
    public class CertificateFileFilter implements FileFilter {
        private CertificateFileFilter() {
        }

        @Override // java.io.FileFilter
        public boolean accept(File file) {
            return file.isDirectory() || (file.isFile() && file.getName().endsWith(".cer"));
        }
    }

    public void verifySingleJarFile(File file, File file2) throws IOException, CertificateException {
        if (null == this._trustedCaCerts) {
            setTrustedCaCerts(file2);
        }
        verifySingleJarFile(file);
    }

    public void verifySingleJarFile(File file) throws IOException, CertificateException {
        JarFile jarFile = null;
        try {
            jarFile = new JarFile(file);
            verifySingleJarFile(jarFile);
            ZipUtil.Default.silentClose(jarFile);
        } catch (Throwable th) {
            ZipUtil.Default.silentClose(jarFile);
            throw th;
        }
    }

    private void setTrustedCaCerts(File file) throws CertificateException, IOException {
        if (null == this._trustedCaCerts) {
            this._trustedCaCerts = new ArrayList(1);
        }
        this._trustedCaCerts.addAll(loadCertificates(file));
    }

    private void verifySingleJarFile(JarFile jarFile) throws IOException, CertificateException {
        if (null == this._trustedCaCerts) {
            setTrustedCaCerts(new File(ConfigurationServiceFactory.getInstance().getBlackboardDir(), "config/internal/certs"));
        }
        if (null == jarFile.getManifest()) {
            throw new SecurityException(jarFile.getName() + " is not signed!");
        }
        ArrayList<JarEntry> arrayList = new ArrayList();
        byte[] bArr = new byte[8192];
        Enumeration<JarEntry> entries = jarFile.entries();
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            arrayList.add(nextElement);
            InputStream inputStream = jarFile.getInputStream(nextElement);
            do {
            } while (-1 != inputStream.read(bArr, 0, bArr.length));
            inputStream.close();
        }
        ZipUtil.Default.silentClose(jarFile);
        for (JarEntry jarEntry : arrayList) {
            if (!jarEntry.isDirectory()) {
                Certificate[] certificates = jarEntry.getCertificates();
                if (null != certificates && 0 != certificates.length) {
                    for (Certificate certificate : certificates) {
                        if (isTrusted((X509Certificate) certificate, this._trustedCaCerts)) {
                            return;
                        }
                    }
                    throw new SecurityException(String.format("%s is not signed by a trusted signer!", jarFile.getName()));
                }
                if (!jarEntry.getName().startsWith("META-INF")) {
                    throw new SecurityException(String.format("%s has unsigned class files (%s)", jarFile.getName(), jarEntry.getName()));
                }
            }
        }
    }

    private boolean isTrusted(X509Certificate x509Certificate, List<X509Certificate> list) {
        for (X509Certificate x509Certificate2 : list) {
            if (x509Certificate.getSubjectDN().equals(x509Certificate2.getSubjectDN()) && x509Certificate.equals(x509Certificate2)) {
                return true;
            }
        }
        for (X509Certificate x509Certificate3 : list) {
            if (x509Certificate.getIssuerDN().equals(x509Certificate3.getSubjectDN())) {
                try {
                    x509Certificate.verify(x509Certificate3.getPublicKey());
                    return true;
                } catch (Exception e) {
                }
            }
        }
        return false;
    }

    private List<X509Certificate> loadCertificates(File file) throws IOException, CertificateException {
        ArrayList arrayList = new ArrayList();
        File[] listFiles = file.listFiles(new CertificateFileFilter());
        if (listFiles != null) {
            for (File file2 : listFiles) {
                if (file2.isDirectory()) {
                    arrayList.addAll(loadCertificates(file2));
                } else {
                    arrayList.add(loadCertificate(file2));
                }
            }
        }
        return arrayList;
    }

    private X509Certificate loadCertificate(File file) throws IOException, CertificateException {
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(file);
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
            IOUtil.silentClose(fileInputStream);
            return x509Certificate;
        } catch (Throwable th) {
            IOUtil.silentClose(fileInputStream);
            throw th;
        }
    }
}
