package sun.security.util;

import java.io.IOException;
import java.security.CodeSigner;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.HexFormat;
import java.util.Locale;
import java.util.Map;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarException;
import java.util.jar.JarFile;
import java.util.jar.Manifest;
import org.apache.commons.compress.archivers.ArchiveStreamFactory;
import sun.security.jca.Providers;

/* loaded from: input_file:BOOT-INF/lib/java.base-2023-06-15.jar:META-INF/modules/java.base/classes/sun/security/util/ManifestEntryVerifier.class */
public class ManifestEntryVerifier {
    private static final Debug debug = Debug.getInstance(ArchiveStreamFactory.JAR);
    private final String manifestFileName;
    private final Manifest man;
    private JarEntry entry;
    private String name = null;
    private boolean skip = true;
    private CodeSigner[] signers = null;
    HashMap<String, MessageDigest> createdDigests = new HashMap<>(11);
    ArrayList<MessageDigest> digests = new ArrayList<>();
    ArrayList<byte[]> manifestHashes = new ArrayList<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/java.base-2023-06-15.jar:META-INF/modules/java.base/classes/sun/security/util/ManifestEntryVerifier$SunProviderHolder.class */
    public static class SunProviderHolder {
        private static final Provider instance = Providers.getSunProvider();

        private SunProviderHolder() {
        }
    }

    public ManifestEntryVerifier(Manifest manifest, String str) {
        this.manifestFileName = str;
        this.man = manifest;
    }

    public void setEntry(String str, JarEntry jarEntry) throws IOException {
        this.digests.clear();
        this.manifestHashes.clear();
        this.name = str;
        this.entry = jarEntry;
        this.skip = true;
        this.signers = null;
        if (this.man == null || str == null) {
            return;
        }
        this.skip = false;
        Attributes attributes = this.man.getAttributes(str);
        if (attributes == null) {
            attributes = this.man.getAttributes("./" + str);
            if (attributes == null) {
                attributes = this.man.getAttributes("/" + str);
                if (attributes == null) {
                    return;
                }
            }
        }
        for (Map.Entry<Object, Object> entry : attributes.entrySet()) {
            String obj = entry.getKey().toString();
            if (obj.toUpperCase(Locale.ENGLISH).endsWith("-DIGEST")) {
                String substring = obj.substring(0, obj.length() - 7);
                MessageDigest messageDigest = this.createdDigests.get(substring);
                if (messageDigest == null) {
                    try {
                        messageDigest = MessageDigest.getInstance(substring, SunProviderHolder.instance);
                        this.createdDigests.put(substring, messageDigest);
                    } catch (NoSuchAlgorithmException e) {
                    }
                }
                if (messageDigest != null) {
                    messageDigest.reset();
                    this.digests.add(messageDigest);
                    this.manifestHashes.add(Base64.getMimeDecoder().decode((String) entry.getValue()));
                }
            }
        }
    }

    public void update(byte b) {
        if (this.skip) {
            return;
        }
        for (int i = 0; i < this.digests.size(); i++) {
            this.digests.get(i).update(b);
        }
    }

    public void update(byte[] bArr, int i, int i2) {
        if (this.skip) {
            return;
        }
        for (int i3 = 0; i3 < this.digests.size(); i3++) {
            this.digests.get(i3).update(bArr, i, i2);
        }
    }

    public JarEntry getEntry() {
        return this.entry;
    }

    public CodeSigner[] verify(Hashtable<String, CodeSigner[]> hashtable, Hashtable<String, CodeSigner[]> hashtable2, Map<CodeSigner[], Map<String, Boolean>> map) throws JarException {
        if (this.skip) {
            return null;
        }
        if (this.digests.isEmpty()) {
            throw new SecurityException("digest missing for " + this.name);
        }
        if (this.signers != null) {
            return this.signers;
        }
        CodeSigner[] codeSignerArr = hashtable2.get(this.name);
        Map<String, Boolean> algsPermittedStatusForSigners = algsPermittedStatusForSigners(map, codeSignerArr);
        boolean z = true;
        JarConstraintsParameters jarConstraintsParameters = null;
        for (int i = 0; i < this.digests.size(); i++) {
            MessageDigest messageDigest = this.digests.get(i);
            String algorithm = messageDigest.getAlgorithm();
            if (algsPermittedStatusForSigners != null) {
                Boolean bool = algsPermittedStatusForSigners.get(algorithm);
                if (bool == null) {
                    if (jarConstraintsParameters == null) {
                        jarConstraintsParameters = new JarConstraintsParameters(codeSignerArr);
                    }
                    if (checkConstraints(algorithm, jarConstraintsParameters)) {
                        algsPermittedStatusForSigners.put(algorithm, Boolean.TRUE);
                    } else {
                        algsPermittedStatusForSigners.put(algorithm, Boolean.FALSE);
                    }
                } else if (!bool.booleanValue()) {
                    continue;
                }
            }
            z = false;
            byte[] bArr = this.manifestHashes.get(i);
            byte[] digest = messageDigest.digest();
            if (debug != null) {
                debug.println("Manifest Entry: " + this.name + " digest=" + algorithm);
                debug.println("  manifest " + HexFormat.of().formatHex(bArr));
                debug.println("  computed " + HexFormat.of().formatHex(digest));
                debug.println();
            }
            if (!MessageDigest.isEqual(digest, bArr)) {
                throw new SecurityException(algorithm + " digest error for " + this.name);
            }
        }
        if (z) {
            return null;
        }
        this.signers = hashtable2.remove(this.name);
        if (this.signers != null) {
            hashtable.put(this.name, this.signers);
        }
        return this.signers;
    }

    private static Map<String, Boolean> algsPermittedStatusForSigners(Map<CodeSigner[], Map<String, Boolean>> map, CodeSigner[] codeSignerArr) {
        if (codeSignerArr == null) {
            return null;
        }
        Map<String, Boolean> map2 = map.get(codeSignerArr);
        if (map2 == null) {
            map2 = new HashMap();
            map.put(codeSignerArr, map2);
        }
        return map2;
    }

    private boolean checkConstraints(String str, JarConstraintsParameters jarConstraintsParameters) {
        try {
            jarConstraintsParameters.setExtendedExceptionMsg(JarFile.MANIFEST_NAME, this.name + " entry");
            DisabledAlgorithmConstraints.jarConstraints().permits(str, (ConstraintsParameters) jarConstraintsParameters, false);
            return true;
        } catch (GeneralSecurityException e) {
            if (debug == null) {
                return false;
            }
            debug.println("Digest algorithm is restricted: " + ((Object) e));
            return false;
        }
    }
}
