package blackboard.platform.plugin;

import blackboard.base.IFactory;
import blackboard.base.SingletonFactory;
import blackboard.platform.config.ConfigurationServiceFactory;
import blackboard.platform.rubric.common.RubricDefinition;
import blackboard.util.IOUtil;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Vector;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;

/* loaded from: input_file:blackboard/platform/plugin/JarFileSignatureValidator.class */
public class JarFileSignatureValidator {
    public static IFactory<JarFileSignatureValidator> Factory = SingletonFactory.getFactory(JarFileSignatureValidator.class);
    private X509Certificate[] _trustedCaCerts;

    public void verifySingleJarFile(JarFile jarFile, File file) throws IOException, CertificateException {
        if (null == this._trustedCaCerts) {
            setTrustedCaCert(file);
        }
        verifySingleJarFile(jarFile);
    }

    private void setTrustedCaCert(File file) throws CertificateException, IOException {
        if (null == this._trustedCaCerts) {
            this._trustedCaCerts = new X509Certificate[1];
        }
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(file);
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
            IOUtil.silentClose(fileInputStream);
            this._trustedCaCerts[0] = x509Certificate;
        } catch (Throwable th) {
            IOUtil.silentClose(fileInputStream);
            throw th;
        }
    }

    public void verifySingleJarFile(JarFile jarFile) throws IOException, CertificateException {
        if (null == this._trustedCaCerts) {
            setTrustedCaCert(new File(ConfigurationServiceFactory.getInstance().getBlackboardDir(), "config/internal/Bb-ThawteCertificate.cer"));
        }
        if (null == jarFile.getManifest()) {
            throw new SecurityException(jarFile.getName() + " is not signed!");
        }
        Vector<JarEntry> vector = new Vector();
        byte[] bArr = new byte[8192];
        Enumeration<JarEntry> entries = jarFile.entries();
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            vector.add(nextElement);
            InputStream inputStream = jarFile.getInputStream(nextElement);
            do {
            } while (-1 != inputStream.read(bArr, 0, bArr.length));
            inputStream.close();
        }
        jarFile.close();
        for (JarEntry jarEntry : vector) {
            if (!jarEntry.isDirectory()) {
                Certificate[] certificates = jarEntry.getCertificates();
                if (null != certificates && 0 != certificates.length) {
                    for (Certificate certificate : certificates) {
                        if (isTrusted((X509Certificate) certificate, this._trustedCaCerts)) {
                            return;
                        }
                    }
                    throw new SecurityException(jarFile.getName() + " is not signed by a trusted signer!");
                }
                if (!jarEntry.getName().startsWith("META-INF")) {
                    throw new SecurityException(jarFile.getName() + " has unsigned class files (" + jarEntry.getName() + RubricDefinition.COPY_SUFFIX_END_DELIMITER);
                }
            }
        }
    }

    private boolean isTrusted(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
        for (X509Certificate x509Certificate2 : x509CertificateArr) {
            if (x509Certificate.getSubjectDN().equals(x509Certificate2.getSubjectDN()) && x509Certificate.equals(x509Certificate2)) {
                return true;
            }
        }
        for (X509Certificate x509Certificate3 : x509CertificateArr) {
            if (x509Certificate.getIssuerDN().equals(x509Certificate3.getSubjectDN())) {
                try {
                    x509Certificate.verify(x509Certificate3.getPublicKey());
                    return true;
                } catch (Exception e) {
                }
            }
        }
        return false;
    }
}
