package oracle.security.crypto.jce.provider;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.JarURLConnection;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Vector;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.JarInputStream;
import javax.crypto.Cipher;
import oracle.security.crypto.util.Utils;

/* loaded from: input_file:oracle/security/crypto/jce/provider/JCEVerifier.class */
public class JCEVerifier {
    private static boolean jceFrameworkVerified = false;
    private static boolean phaosProviderVerified = false;
    private static X509Certificate[] trustedCACerts;

    public static void performAuthentication() {
        verifyJCEFramework();
        verifyPhaosProvider();
    }

    private static void verifyJCEFramework() {
        if (jceFrameworkVerified) {
            return;
        }
        try {
            final ClassLoader classLoader = new JCEVerifier().getClass().getClassLoader();
            final URL url = (URL) AccessController.doPrivileged(new PrivilegedAction() { // from class: oracle.security.crypto.jce.provider.JCEVerifier.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    CodeSource codeSource = Cipher.class.getProtectionDomain().getCodeSource();
                    if (codeSource != null) {
                        return codeSource.getLocation();
                    }
                    return null;
                }
            });
            if (url != null) {
                try {
                    try {
                        verifySingleJarFile((JarInputStream) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: oracle.security.crypto.jce.provider.JCEVerifier.2
                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws Exception {
                                return new JarInputStream(url.openStream());
                            }
                        }));
                        jceFrameworkVerified = true;
                    } catch (Exception e) {
                        e.printStackTrace();
                        throw new SecurityException("The Oracle JCE provider cannot authenticate the JCE framework: " + e);
                    }
                } catch (PrivilegedActionException e2) {
                    e2.printStackTrace();
                    throw new SecurityException("The Oracle JCE provider cannot authenticate the JCE framework " + e2);
                }
            }
            URL url2 = (URL) AccessController.doPrivileged(new PrivilegedAction() { // from class: oracle.security.crypto.jce.provider.JCEVerifier.3
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return classLoader.getResource("javax/crypto/Cipher.class");
                }
            });
            if (url2 == null) {
                throw new SecurityException("The Oracle JCE provider cannot get the JCE framework URL. Check that this provider can read the JCE framework");
            }
            String url3 = url2.toString();
            int lastIndexOf = url3.lastIndexOf(".jar!/");
            if (lastIndexOf == -1) {
                throw new SecurityException("The JCE framework is invalid");
            }
            int i = lastIndexOf + 5;
            final URL url4 = new URL(url3.substring(0, i + 1));
            if (!new URL(url3.substring(4, i - 1)).getProtocol().equalsIgnoreCase("file")) {
                throw new SecurityException("JCE must be deployed as an installed extension or on the class path");
            }
            try {
                try {
                    verifySingleJarFile((JarFile) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: oracle.security.crypto.jce.provider.JCEVerifier.4
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            return ((JarURLConnection) url4.openConnection()).getJarFile();
                        }
                    }));
                    jceFrameworkVerified = true;
                } catch (Exception e3) {
                    e3.printStackTrace();
                    throw new SecurityException("The Oracle JCE provider cannot authenticate the JCE framework: " + e3);
                }
            } catch (PrivilegedActionException e4) {
                e4.printStackTrace();
                throw new SecurityException("The Oracle JCE provider cannot authenticate the JCE framework " + e4);
            }
        } catch (IOException e5) {
            throw new SecurityException("The JCE Framework could not be verified: " + e5);
        }
    }

    private static void verifyPhaosProvider() {
        String substring;
        if (phaosProviderVerified) {
            return;
        }
        final ClassLoader classLoader = new JCEVerifier().getClass().getClassLoader();
        URL url = (URL) AccessController.doPrivileged(new PrivilegedAction() { // from class: oracle.security.crypto.jce.provider.JCEVerifier.5
            @Override // java.security.PrivilegedAction
            public Object run() {
                CodeSource codeSource = OracleJCE.class.getProtectionDomain().getCodeSource();
                if (codeSource != null) {
                    return codeSource.getLocation();
                }
                return null;
            }
        });
        if (url != null) {
            substring = "jar:" + url.toString() + "!/";
        } else {
            URL url2 = (URL) AccessController.doPrivileged(new PrivilegedAction() { // from class: oracle.security.crypto.jce.provider.JCEVerifier.6
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return classLoader.getResource("oracle/security/crypto/jce/provider/OracleJCE.class");
                }
            });
            if (url2 == null) {
                throw new SecurityException("The Oracle JCE provider cannot get the Oracle JCE framework URL. Check that this provider can read the Oracle JCE framework");
            }
            String url3 = url2.toString();
            int lastIndexOf = url3.lastIndexOf(".jar!/");
            if (lastIndexOf == -1) {
                throw new SecurityException("The Oracle JCE framework is invalid");
            }
            substring = url3.substring(0, lastIndexOf + 5 + 1);
        }
        try {
            final URL url4 = new URL(substring);
            if (!new URL(substring.substring(4)).getProtocol().equalsIgnoreCase("file")) {
                throw new SecurityException("Oracle JCE must be deployed as an installed extension or on the class path");
            }
            try {
                try {
                    verifySingleJarFile((JarFile) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: oracle.security.crypto.jce.provider.JCEVerifier.7
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            return ((JarURLConnection) url4.openConnection()).getJarFile();
                        }
                    }));
                    phaosProviderVerified = true;
                } catch (Exception e) {
                    e.printStackTrace();
                    throw new SecurityException("The Oracle JCE provider cannot authenticate the Oracle JCE framework: " + e);
                }
            } catch (PrivilegedActionException e2) {
                e2.printStackTrace();
                throw new SecurityException("The Oracle JCE provider cannot authenticate the Oracle JCE framework " + e2);
            }
        } catch (IOException e3) {
            throw new SecurityException("The Oracle JCE provider cannot authenticate the Oracle JCE framework: " + e3);
        }
    }

    private static void verifySingleJarFile(JarInputStream jarInputStream) throws IOException, CertificateException {
        Vector vector = new Vector();
        if (jarInputStream.getManifest() == null) {
            throw new SecurityException("The jar file is not signed");
        }
        byte[] bArr = new byte[8192];
        while (true) {
            JarEntry nextJarEntry = jarInputStream.getNextJarEntry();
            if (nextJarEntry == null) {
                jarInputStream.close();
                finishVerification(vector);
                return;
            } else {
                vector.addElement(nextJarEntry);
                do {
                } while (jarInputStream.read(bArr, 0, bArr.length) != -1);
            }
        }
    }

    private static void verifySingleJarFile(JarFile jarFile) throws IOException, CertificateException {
        Vector vector = new Vector();
        if (jarFile.getManifest() == null) {
            throw new SecurityException("The jar file is not signed");
        }
        byte[] bArr = new byte[8192];
        Enumeration<JarEntry> entries = jarFile.entries();
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            vector.addElement(nextElement);
            InputStream inputStream = jarFile.getInputStream(nextElement);
            do {
            } while (inputStream.read(bArr, 0, bArr.length) != -1);
            inputStream.close();
        }
        finishVerification(vector);
    }

    private static void finishVerification(Vector vector) throws IOException, CertificateException {
        Enumeration elements = vector.elements();
        while (elements.hasMoreElements()) {
            JarEntry jarEntry = (JarEntry) elements.nextElement();
            if (!jarEntry.isDirectory()) {
                Certificate[] certificates = jarEntry.getCertificates();
                if (certificates != null && certificates.length != 0) {
                    Certificate[] chainRoots = getChainRoots(certificates);
                    boolean z = false;
                    int i = 0;
                    while (true) {
                        if (i >= chainRoots.length) {
                            break;
                        }
                        if (isTrusted((X509Certificate) chainRoots[i], trustedCACerts)) {
                            z = true;
                            break;
                        }
                        i++;
                    }
                    if (!z) {
                        throw new SecurityException("The jar file is not signed by a trusted signer");
                    }
                } else if (!jarEntry.getName().startsWith("META-INF")) {
                    throw new SecurityException("The jar file has unsigned class files.");
                }
            }
        }
    }

    private static boolean isTrusted(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
        for (int i = 0; i < x509CertificateArr.length; i++) {
            if (x509Certificate.getSubjectDN().equals(x509CertificateArr[i].getSubjectDN()) && x509Certificate.equals(x509CertificateArr[i])) {
                return true;
            }
        }
        for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
            if (x509Certificate.getIssuerX500Principal().getName("CANONICAL").equalsIgnoreCase(x509CertificateArr[i2].getSubjectX500Principal().getName("CANONICAL"))) {
                try {
                    x509Certificate.verify(x509CertificateArr[i2].getPublicKey());
                    return true;
                } catch (Exception e) {
                }
            }
        }
        return false;
    }

    private static Certificate[] getChainRoots(Certificate[] certificateArr) {
        Vector vector = new Vector(3);
        for (int i = 0; i < certificateArr.length - 1; i++) {
            if (!((X509Certificate) certificateArr[i + 1]).getSubjectDN().equals(((X509Certificate) certificateArr[i]).getIssuerDN())) {
                vector.addElement(certificateArr[i]);
            }
        }
        vector.addElement(certificateArr[certificateArr.length - 1]);
        Certificate[] certificateArr2 = new Certificate[vector.size()];
        vector.copyInto(certificateArr2);
        return certificateArr2;
    }

    static {
        byte[] fromHexString = Utils.fromHexString("308203c03082037ea003020102020101300b06072a8648ce3804030500308190310b3009060355040613025553310b3009060355040813024341311230100603550407130950616c6f20416c746f311d301b060355040a131453756e204d6963726f73797374656d7320496e6331233021060355040b131a4a61766120536f66747761726520436f6465205369676e696e67311c301a060355040313134a434520436f6465205369676e696e67204341301e170d3030303431323037303030305a170d3036303431323037303030305a308190310b3009060355040613025553310b3009060355040813024341311230100603550407130950616c6f20416c746f311d301b060355040a131453756e204d6963726f73797374656d7320496e6331233021060355040b131a4a61766120536f66747761726520436f6465205369676e696e67311c301a060355040313134a434520436f6465205369676e696e67204341308201b73082012c06072a8648ce3804013082011f02818100ebaf37041eca511e695db0f28ff6b5491fc6a49905d729bf74b76af519d81ee41bf80a019a98ff70abe24a56866c53b3fce1c8818c31f0c4f3b08be67006ecf76968db834c7229892936175c3b4a07a020022a4697511d70c808180bce0c6e9b76f705e3e7fbd36179e1609a248d0695833c5120e130cf385782a61a720dced3021500842545e1bab9a962ab79e85b30b8896b1bff7b7502818100abc9747b74efee42b56a534d3bdd90067268910f0ba429762e553bd5ae4d655c7e2a3a04a667a6d071aaa5d7b7e2c1720da4d1aa1e92544c200009a2b00941193300b2c35cae42f8b18bca7c96d8107f37445baacc78c8d77276376b4099a85566faa8031e8b4a110269cb4cb825061ca077d2c9acd23de90a10fa7670b7fbdc038184000281802d09985cacb89cc7997eee20192a3490f9d7ababaedd6b72950d66f8ef278f44b2ed2844c7feafb0a6276f006745825b07a856563bd22951615e6939d72e747712cf194af52dc8cb7261c44e6ffa47433f14bbfabc186628c2d9668b7a2d2fc260924b14fe583e217f6862be6c4849f9a04b5e859d1910f91545511b71d4f70ba3663064301106096086480186f8420101040403020007300f0603551d130101ff040530030101ff301f0603551d2304183016801465e2f486c9d34ef0914e58a26af5d8785a9ac1a6301d0603551d0e0416041465e2f486c9d34ef0914e58a26af5d8785a9ac1a6300b06072a8648ce3804030500032f00302c0214249f02c3fb31d5913bf97e566f96df640a0498b402146e7984a7ee68a302723163db43ab08ec4def163a");
        trustedCACerts = new X509Certificate[1];
        try {
            trustedCACerts[0] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(fromHexString));
        } catch (CertificateException e) {
            throw new SecurityException("The Oracle JCE provider is unable to load the trusted certificates: " + e.getMessage());
        }
    }
}
