package edu.northwestern.dasu.security;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Vector;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;

/* loaded from: input_file:edu/northwestern/dasu/security/JarVerifier.class */
public class JarVerifier {
    public static void verify(String str, KeyStore keyStore) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        ArrayList arrayList = new ArrayList();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                arrayList.add((X509Certificate) keyStore.getCertificate(nextElement));
            }
        }
        verify(new JarFile(str), (X509Certificate[]) arrayList.toArray(new X509Certificate[0]));
    }

    public static void verify(JarFile jarFile, X509Certificate[] x509CertificateArr) throws IOException, CertificateException {
        Vector vector = new Vector();
        if (jarFile.getManifest() == null) {
            throw new SecurityException("The JAR is not signed");
        }
        byte[] bArr = new byte[8192];
        Enumeration<JarEntry> entries = jarFile.entries();
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            vector.addElement(nextElement);
            InputStream inputStream = jarFile.getInputStream(nextElement);
            do {
            } while (inputStream.read(bArr, 0, bArr.length) != -1);
            inputStream.close();
        }
        jarFile.close();
        Enumeration elements = vector.elements();
        while (elements.hasMoreElements()) {
            JarEntry jarEntry = (JarEntry) elements.nextElement();
            if (!jarEntry.isDirectory()) {
                Certificate[] certificates = jarEntry.getCertificates();
                if (certificates != null && certificates.length != 0) {
                    X509Certificate[] chainRoots = getChainRoots(certificates);
                    boolean z = false;
                    int i = 0;
                    while (true) {
                        if (i >= chainRoots.length) {
                            break;
                        }
                        if (isTrusted(chainRoots[i], x509CertificateArr)) {
                            z = true;
                            break;
                        }
                        i++;
                    }
                    if (!z) {
                        throw new SecurityException("The JAR is not signed by a trusted signer");
                    }
                } else if (!jarEntry.getName().startsWith("META-INF")) {
                    throw new SecurityException("The jar file contains unsigned class files.");
                }
            }
        }
    }

    public static boolean isTrusted(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
        for (int i = 0; i < x509CertificateArr.length; i++) {
            if (x509Certificate.getSubjectDN().equals(x509CertificateArr[i].getSubjectDN()) && x509Certificate.equals(x509CertificateArr[i])) {
                return true;
            }
        }
        for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
            if (x509Certificate.getIssuerDN().equals(x509CertificateArr[i2].getSubjectDN())) {
                try {
                    x509Certificate.verify(x509CertificateArr[i2].getPublicKey());
                    return true;
                } catch (Exception e) {
                }
            }
        }
        return false;
    }

    public static X509Certificate[] getChainRoots(Certificate[] certificateArr) {
        Vector vector = new Vector(3);
        for (int i = 0; i < certificateArr.length - 1; i++) {
            if (!((X509Certificate) certificateArr[i + 1]).getSubjectDN().equals(((X509Certificate) certificateArr[i]).getIssuerDN())) {
                vector.addElement((X509Certificate) certificateArr[i]);
            }
        }
        vector.addElement((X509Certificate) certificateArr[certificateArr.length - 1]);
        X509Certificate[] x509CertificateArr = new X509Certificate[vector.size()];
        vector.copyInto(x509CertificateArr);
        return x509CertificateArr;
    }
}
