package de.cismet.commons.utils;

import java.io.BufferedInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.nio.file.FileSystem;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.PathMatcher;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.HashMap;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.JarInputStream;
import java.util.zip.ZipException;
import org.apache.log4j.Logger;

/* loaded from: input_file:cismet-commons-4.0.jar:de/cismet/commons/utils/JarUtils.class */
public class JarUtils {
    private static final Logger LOG = Logger.getLogger(JarUtils.class);

    public static boolean checkIfJarWithManifest(File file) throws IOException {
        try {
            return new JarFile(file).getJarEntry("META-INF/MANIFEST.MF") != null;
        } catch (ZipException e) {
            return false;
        }
    }

    public static void unsignJar(File file) {
        HashMap hashMap = new HashMap();
        hashMap.put("create", "false");
        FileSystem fileSystem = null;
        try {
            try {
                fileSystem = FileSystems.newFileSystem(URI.create("jar:file:" + file.getAbsolutePath()), hashMap);
                PathMatcher pathMatcher = fileSystem.getPathMatcher("glob:*/META-INF/*.{DSA,SF,RSA}");
                for (Path path : Files.newDirectoryStream(fileSystem.getPath("META-INF/", new String[0]))) {
                    if (pathMatcher.matches(path)) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("About to delete an entry from ZIP File" + path.toUri());
                        }
                        Files.delete(path);
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("File successfully deleted");
                        }
                    }
                }
                if (fileSystem != null) {
                    try {
                        fileSystem.close();
                    } catch (IOException e) {
                        LOG.error(e.getMessage(), e);
                    }
                }
            } catch (IOException e2) {
                LOG.error(e2.getMessage(), e2);
                if (fileSystem != null) {
                    try {
                        fileSystem.close();
                    } catch (IOException e3) {
                        LOG.error(e3.getMessage(), e3);
                    }
                }
            }
        } catch (Throwable th) {
            if (fileSystem != null) {
                try {
                    fileSystem.close();
                } catch (IOException e4) {
                    LOG.error(e4.getMessage(), e4);
                    throw th;
                }
            }
            throw th;
        }
    }

    public static boolean isSigned(File file, String str, String str2, String str3) {
        if (file == null) {
            throw new IllegalArgumentException("toSign file must not be null");
        }
        if (LOG.isInfoEnabled()) {
            LOG.info("verifying signature for: " + file);
        }
        if (str2 == null || str == null) {
            LOG.warn("Cannot verify signature because either keystorePath or keystorePass is null");
            return false;
        }
        try {
            JarInputStream jarInputStream = new JarInputStream(new BufferedInputStream(new FileInputStream(file)), true);
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(new BufferedInputStream(new FileInputStream(str)), str2.toCharArray());
            Certificate certificate = keyStore.getCertificate(str3);
            PublicKey publicKey = certificate.getPublicKey();
            while (true) {
                JarEntry nextJarEntry = jarInputStream.getNextJarEntry();
                if (nextJarEntry == null) {
                    if (!LOG.isInfoEnabled()) {
                        return true;
                    }
                    LOG.info("signature verified: " + file);
                    return true;
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                while (true) {
                    int read = jarInputStream.read();
                    if (read == -1) {
                        break;
                    }
                    byteArrayOutputStream.write(read);
                }
                Certificate[] certificates = nextJarEntry.getCertificates();
                if (certificates != null) {
                    boolean z = false;
                    for (Certificate certificate2 : certificates) {
                        if (certificate2.equals(certificate)) {
                            try {
                                certificate2.verify(publicKey);
                                z = true;
                                break;
                            } catch (Exception e) {
                                if (LOG.isDebugEnabled()) {
                                    LOG.debug("certificate of entry cannot be verified: " + certificate2 + " | entry: " + nextJarEntry + " | toSign: " + file, e);
                                }
                            }
                        } else if (LOG.isDebugEnabled()) {
                            LOG.debug("skipping non-cismet cert: " + certificate2 + " | entry: " + nextJarEntry + " | toSign: " + file);
                        }
                    }
                    if (!z) {
                        LOG.warn("cannot verify entry: " + nextJarEntry + " | toSign: " + file);
                        return false;
                    }
                } else {
                    if (nextJarEntry.getName().endsWith(".class")) {
                        LOG.warn("class file not signed: " + nextJarEntry + " | " + file);
                        return false;
                    }
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("no certs for non-class entry, skipping: " + nextJarEntry);
                    }
                }
            }
        } catch (Exception e2) {
            LOG.warn("cannot verify signature: " + file, e2);
            return false;
        }
    }
}
