package org.apache.ignite.spi.deployment.uri;

import java.io.IOException;
import java.io.InputStream;
import java.security.CodeSigner;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.Manifest;
import org.apache.ignite.IgniteLogger;
import org.apache.ignite.internal.util.typedef.internal.U;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/apache/ignite/spi/deployment/uri/GridUriDeploymentJarVerifier.class */
public final class GridUriDeploymentJarVerifier {
    private static final int BUF_SIZE = 4096;
    static final /* synthetic */ boolean $assertionsDisabled;

    private GridUriDeploymentJarVerifier() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean verify(String str, boolean z, IgniteLogger igniteLogger) throws IOException {
        if ($assertionsDisabled || str != null) {
            return verify0(str, (PublicKey) null, z, igniteLogger);
        }
        throw new AssertionError();
    }

    static boolean verify(String str, PublicKey publicKey, boolean z, IgniteLogger igniteLogger) throws IOException {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        if ($assertionsDisabled || publicKey != null) {
            return verify0(str, publicKey, z, igniteLogger);
        }
        throw new AssertionError();
    }

    static boolean verify(InputStream inputStream, boolean z, IgniteLogger igniteLogger) throws IOException {
        if ($assertionsDisabled || inputStream != null) {
            return verify0(inputStream, (PublicKey) null, z, igniteLogger);
        }
        throw new AssertionError();
    }

    static boolean verify(InputStream inputStream, PublicKey publicKey, boolean z, IgniteLogger igniteLogger) throws IOException {
        if (!$assertionsDisabled && inputStream == null) {
            throw new AssertionError();
        }
        if ($assertionsDisabled || publicKey != null) {
            return verify0(inputStream, publicKey, z, igniteLogger);
        }
        throw new AssertionError();
    }

    /* JADX WARN: Code restructure failed: missing block: B:39:0x0092, code lost:
    
        if (r0.size() > 0) goto L33;
     */
    /* JADX WARN: Code restructure failed: missing block: B:40:0x0095, code lost:
    
        r0 = true;
     */
    /* JADX WARN: Code restructure failed: missing block: B:41:0x009a, code lost:
    
        r14 = r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:42:0x009e, code lost:
    
        org.apache.ignite.internal.util.typedef.internal.U.close(r10, r9);
     */
    /* JADX WARN: Code restructure failed: missing block: B:43:0x00a4, code lost:
    
        return r14;
     */
    /* JADX WARN: Code restructure failed: missing block: B:44:0x0099, code lost:
    
        r0 = false;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static boolean verify0(java.io.InputStream r6, java.security.PublicKey r7, boolean r8, org.apache.ignite.IgniteLogger r9) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 227
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.ignite.spi.deployment.uri.GridUriDeploymentJarVerifier.verify0(java.io.InputStream, java.security.PublicKey, boolean, org.apache.ignite.IgniteLogger):boolean");
    }

    private static boolean verify0(String str, PublicKey publicKey, boolean z, IgniteLogger igniteLogger) throws IOException {
        JarFile jarFile = null;
        try {
            try {
                jarFile = new JarFile(str, true);
                Manifest manifest = jarFile.getManifest();
                if (manifest == null) {
                    boolean z2 = publicKey == null;
                    U.close(jarFile, igniteLogger);
                    return z2;
                }
                Set<String> signedFiles = getSignedFiles(manifest);
                Enumeration<JarEntry> entries = jarFile.entries();
                while (entries.hasMoreElements()) {
                    JarEntry nextElement = entries.nextElement();
                    if (!nextElement.isDirectory()) {
                        verifyDigestsImplicitly(jarFile.getInputStream(nextElement));
                        if (!verifyEntry(nextElement, manifest, publicKey, z, false)) {
                            U.close(jarFile, igniteLogger);
                            return false;
                        }
                        signedFiles.remove(nextElement.getName());
                    }
                }
                boolean z3 = signedFiles.size() <= 0;
                U.close(jarFile, igniteLogger);
                return z3;
            } catch (SecurityException e) {
                if (igniteLogger.isDebugEnabled()) {
                    igniteLogger.debug("Got security error (ignoring): " + e.getMessage());
                }
                U.close(jarFile, igniteLogger);
                return false;
            }
        } catch (Throwable th) {
            U.close(jarFile, igniteLogger);
            throw th;
        }
    }

    private static boolean verifyEntry(JarEntry jarEntry, Manifest manifest, PublicKey publicKey, boolean z, boolean z2) {
        if (!$assertionsDisabled && jarEntry == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && manifest == null) {
            throw new AssertionError();
        }
        boolean z3 = false;
        String name = jarEntry.getName();
        if (manifest.getAttributes(name) != null || manifest.getAttributes("./" + name) != null || manifest.getAttributes('/' + name) != null) {
            z3 = true;
        }
        if (z && !z3 && !name.toUpperCase().startsWith("META-INF/")) {
            return false;
        }
        if (!z3) {
            return true;
        }
        Certificate[] certificates = !z2 ? jarEntry.getCertificates() : getCertificates(jarEntry);
        if (certificates != null && certificates.length > 0) {
            return publicKey == null || findKeyInCertificates(publicKey, certificates);
        }
        return false;
    }

    private static void verifyDigestsImplicitly(InputStream inputStream) throws IOException {
        byte[] bArr = new byte[BUF_SIZE];
        do {
        } while (inputStream.read(bArr, 0, bArr.length) != -1);
    }

    private static boolean findKeyInCertificates(PublicKey publicKey, Certificate[] certificateArr) {
        if (publicKey == null || certificateArr == null) {
            return false;
        }
        for (Certificate certificate : certificateArr) {
            if (certificate.getPublicKey().equals(publicKey)) {
                return true;
            }
        }
        return false;
    }

    private static Set<String> getSignedFiles(Manifest manifest) {
        HashSet hashSet = new HashSet();
        Map<String, Attributes> entries = manifest.getEntries();
        if (entries != null && entries.size() > 0) {
            for (Map.Entry<String, Attributes> entry : entries.entrySet()) {
                Iterator<Map.Entry<Object, Object>> it = entry.getValue().entrySet().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (it.next().getKey().toString().toUpperCase().endsWith("-DIGEST")) {
                        hashSet.add(entry.getKey());
                        break;
                    }
                }
            }
        }
        return hashSet;
    }

    private static Certificate[] getCertificates(JarEntry jarEntry) {
        CodeSigner[] codeSigners = jarEntry.getCodeSigners();
        if (codeSigners == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (CodeSigner codeSigner : codeSigners) {
            arrayList.addAll(codeSigner.getSignerCertPath().getCertificates());
        }
        return (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]);
    }

    static {
        $assertionsDisabled = !GridUriDeploymentJarVerifier.class.desiredAssertionStatus();
    }
}
