package net.savignano.snotify.atlassian.common.security;

import java.io.IOException;
import java.io.InputStream;
import java.net.JarURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.Provider;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.Manifest;
import net.savignano.thirdparty.org.bouncycastle.asn1.cmp.PKIFailureInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/atlassian/common/security/MyJCE.class */
public final class MyJCE extends Provider {
    private static final long serialVersionUID = -5786152406947817406L;
    private static final Logger log = LoggerFactory.getLogger(MyJCE.class);
    private static X509Certificate providerCert = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/savignano/snotify/atlassian/common/security/MyJCE$JarVerifier.class */
    public static class JarVerifier {
        private URL jarURL;
        private JarFile jarFile = null;

        JarVerifier(URL url) {
            this.jarURL = null;
            this.jarURL = url;
        }

        private JarFile retrieveJarFileFromURL(URL url) throws PrivilegedActionException, MalformedURLException {
            MyJCE.log.debug("Retrieving JAR file from URL: {}", url);
            this.jarURL = url.getProtocol().equalsIgnoreCase("jar") ? url : new URL("jar:" + url.toString() + "!/");
            return (JarFile) AccessController.doPrivileged(new PrivilegedExceptionAction<JarFile>() { // from class: net.savignano.snotify.atlassian.common.security.MyJCE.JarVerifier.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public JarFile run() throws Exception {
                    JarURLConnection jarURLConnection = (JarURLConnection) JarVerifier.this.jarURL.openConnection();
                    jarURLConnection.setUseCaches(false);
                    return jarURLConnection.getJarFile();
                }
            });
        }

        public void verify(X509Certificate x509Certificate) throws IOException {
            if (x509Certificate == null) {
                throw new SecurityException("Provider certificate is not present.");
            }
            try {
                if (this.jarFile == null) {
                    this.jarFile = retrieveJarFileFromURL(this.jarURL);
                }
                Manifest manifest = this.jarFile.getManifest();
                MyJCE.log.debug("Manifest file present: {}", Boolean.valueOf(manifest != null));
                if (manifest == null) {
                    throw new SecurityException("The provider is not signed. Manifest file not found.");
                }
                ArrayList<JarEntry> arrayList = new ArrayList();
                byte[] bArr = new byte[PKIFailureInfo.certRevoked];
                Enumeration<JarEntry> entries = this.jarFile.entries();
                while (entries.hasMoreElements()) {
                    JarEntry nextElement = entries.nextElement();
                    if (!nextElement.isDirectory()) {
                        arrayList.add(nextElement);
                        MyJCE.log.trace("Reading jar entry: {}", nextElement);
                        InputStream inputStream = this.jarFile.getInputStream(nextElement);
                        Throwable th = null;
                        do {
                            try {
                                try {
                                } finally {
                                }
                            } catch (Throwable th2) {
                                if (inputStream != null) {
                                    if (th != null) {
                                        try {
                                            inputStream.close();
                                        } catch (Throwable th3) {
                                            th.addSuppressed(th3);
                                        }
                                    } else {
                                        inputStream.close();
                                    }
                                }
                                throw th2;
                            }
                        } while (inputStream.read(bArr, 0, bArr.length) != -1);
                        inputStream.close();
                        if (inputStream != null) {
                            if (0 != 0) {
                                try {
                                    inputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                inputStream.close();
                            }
                        }
                    }
                }
                for (JarEntry jarEntry : arrayList) {
                    Certificate[] certificates = jarEntry.getCertificates();
                    if (certificates == null || certificates.length == 0) {
                        MyJCE.log.trace("No signature found for: {}", jarEntry);
                        if (!jarEntry.getName().startsWith("META-INF")) {
                            MyJCE.log.error("Jar entry was not signed: {}", jarEntry);
                            throw new SecurityException("The provider has unsigned class files.");
                        }
                    } else {
                        MyJCE.log.trace("Signature found for: {}", jarEntry);
                        int i = 0;
                        boolean z = false;
                        while (true) {
                            X509Certificate[] aChain = getAChain(certificates, i);
                            if (aChain == null) {
                                break;
                            }
                            if (aChain[0].equals(x509Certificate)) {
                                z = true;
                                break;
                            }
                            i += aChain.length;
                        }
                        if (!z) {
                            MyJCE.log.error("Jar entry was not signed with the expected signer: {}", jarEntry);
                            throw new SecurityException("The provider is not signed with the expected signer.");
                        }
                    }
                }
            } catch (Exception e) {
                SecurityException securityException = new SecurityException();
                securityException.initCause(e);
                throw securityException;
            }
        }

        private static X509Certificate[] getAChain(Certificate[] certificateArr, int i) {
            if (i > certificateArr.length - 1) {
                return null;
            }
            int i2 = i;
            while (i2 < certificateArr.length - 1 && ((X509Certificate) certificateArr[i2 + 1]).getSubjectDN().equals(((X509Certificate) certificateArr[i2]).getIssuerDN())) {
                i2++;
            }
            int i3 = (i2 - i) + 1;
            X509Certificate[] x509CertificateArr = new X509Certificate[i3];
            for (int i4 = 0; i4 < i3; i4++) {
                x509CertificateArr[i4] = (X509Certificate) certificateArr[i + i4];
            }
            return x509CertificateArr;
        }

        protected void finalize() throws Throwable {
            this.jarFile.close();
        }
    }

    public static final synchronized boolean selfIntegrityChecking() {
        log.debug("Starting 'Self Integrity Checking' of S/Notify.");
        URL url = (URL) AccessController.doPrivileged(new PrivilegedAction<URL>() { // from class: net.savignano.snotify.atlassian.common.security.MyJCE.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public URL run() {
                return MyJCE.class.getProtectionDomain().getCodeSource().getLocation();
            }
        });
        log.debug("Provider URL for S/Notify Jar: {}", url);
        if (url == null) {
            return false;
        }
        JarVerifier jarVerifier = new JarVerifier(url);
        try {
            if (providerCert == null) {
                providerCert = setupProviderCert();
            }
            jarVerifier.verify(providerCert);
            log.debug("'Self Integrity Checking' of S/Notify successful.");
            return true;
        } catch (Exception e) {
            log.debug("Error during integrity checking. Error message: " + e.getMessage(), e);
            return false;
        }
    }

    private static X509Certificate setupProviderCert() throws IOException, CertificateException {
        InputStream resourceAsStream = MyJCE.class.getResourceAsStream("/codesign-oracle-savignano-sw.pem");
        Throwable th = null;
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(resourceAsStream);
            if (resourceAsStream != null) {
                if (0 != 0) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            return x509Certificate;
        } catch (Throwable th3) {
            if (resourceAsStream != null) {
                if (0 != 0) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            throw th3;
        }
    }

    public MyJCE() {
        super("MyJCE", 1.0d, "sample provider which supports nothing");
    }
}
