package com.sun.enterprise.security.ssl;

import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
import com.sun.enterprise.deployment.io.DescriptorConstants;
import com.sun.enterprise.server.pluggable.SecuritySupport;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.Manifest;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;
import org.glassfish.grizzly.http.server.Constants;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.SignerInfo;
import sun.security.x509.AlgorithmId;

/* loaded from: input_file:MICRO-INF/runtime/security.jar:com/sun/enterprise/security/ssl/JarSigner.class */
public class JarSigner {
    private static final Base64.Encoder b64encoder = Base64.getMimeEncoder();
    private static final SecuritySupport securitySupport = SecuritySupport.getDefaultInstance();
    private final MessageDigest md;
    private final String digestAlgorithm;
    private final String keyAlgorithm;

    public JarSigner(String str, String str2) throws NoSuchAlgorithmException {
        this.digestAlgorithm = str;
        this.keyAlgorithm = str2;
        this.md = MessageDigest.getInstance(str);
    }

    public static void main(String[] strArr) throws Exception {
        new JarSigner("SHA1", "RSA").signJar(new File(strArr[0]), new File(strArr[1]), "s1as");
    }

    private String hash(String str) {
        return hash(str.getBytes());
    }

    private String hash(byte[] bArr) {
        return new String(b64encoder.encode(this.md.digest(bArr)), StandardCharsets.UTF_8).trim();
    }

    public void signJar(File file, File file2, String str) throws IOException, KeyStoreException, NoSuchAlgorithmException, InvalidKeyException, UnrecoverableKeyException, SignatureException {
        signJar(file, file2, str, null);
    }

    public void signJar(File file, File file2, String str, Attributes attributes) throws IOException, KeyStoreException, NoSuchAlgorithmException, InvalidKeyException, UnrecoverableKeyException, SignatureException {
        ZipOutputStream zipOutputStream = new ZipOutputStream(new FileOutputStream(file2));
        Throwable th = null;
        try {
            signJar(file, zipOutputStream, str, attributes, Collections.emptyMap());
            if (zipOutputStream != null) {
                if (0 == 0) {
                    zipOutputStream.close();
                    return;
                }
                try {
                    zipOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (zipOutputStream != null) {
                if (0 != 0) {
                    try {
                        zipOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    zipOutputStream.close();
                }
            }
            throw th3;
        }
    }

    public void signJar(File file, ZipOutputStream zipOutputStream, String str, Attributes attributes, Map<String, byte[]> map) throws IOException, KeyStoreException, NoSuchAlgorithmException, InvalidKeyException, UnrecoverableKeyException, SignatureException {
        byte[] bytes;
        JarFile jarFile = new JarFile(file);
        try {
            StringBuilder sb = new StringBuilder();
            byte[] existingSignatureFile = getExistingSignatureFile(jarFile);
            boolean z = existingSignatureFile != null;
            if (z && map.isEmpty()) {
                bytes = readJarEntry(jarFile, jarFile.getJarEntry(DescriptorConstants.JAR_MANIFEST_ENTRY));
            } else {
                Enumeration<JarEntry> entries = jarFile.entries();
                Manifest retrieveManifest = retrieveManifest(jarFile);
                StringBuilder sb2 = new StringBuilder();
                Attributes mainAttributes = retrieveManifest.getMainAttributes();
                if (attributes != null) {
                    mainAttributes.putAll(attributes);
                }
                appendAttributes(sb2, mainAttributes);
                StringBuilder sb3 = new StringBuilder();
                while (entries.hasMoreElements()) {
                    JarEntry nextElement = entries.nextElement();
                    String name = nextElement.getName();
                    if (!nextElement.isDirectory() || retrieveManifest.getAttributes(name) != null) {
                        if (!name.equals(DescriptorConstants.JAR_MANIFEST_ENTRY)) {
                            processMetadataForEntry(retrieveManifest, sb, sb3, name, readJarEntry(jarFile, nextElement));
                        }
                    }
                }
                if (map != null) {
                    for (Map.Entry<String, byte[]> entry : map.entrySet()) {
                        processMetadataForEntry(retrieveManifest, sb, sb3, entry.getKey(), entry.getValue());
                    }
                }
                StringBuilder append = new StringBuilder("Signature-Version: 1.0\r\n").append(this.digestAlgorithm).append("-Digest-Manifest-Main-Attributes: ").append(hash(sb2.toString())).append(Constants.CRLF).append("Created-By: ").append(System.getProperty("java.version")).append(" (").append(System.getProperty("java.vendor")).append(")\r\n");
                sb2.append((CharSequence) sb);
                append.append(this.digestAlgorithm).append("-Digest-Manifest: ").append(hash(sb2.toString())).append("\r\n\r\n");
                append.append((CharSequence) sb3);
                bytes = sb2.toString().getBytes();
                existingSignatureFile = append.toString().getBytes();
            }
            X509Certificate[] x509CertificateArr = null;
            PrivateKey privateKey = null;
            KeyStore[] keyStores = securitySupport.getKeyStores();
            for (int i = 0; i < keyStores.length; i++) {
                privateKey = securitySupport.getPrivateKeyForAlias(str, i);
                if (privateKey != null) {
                    Certificate[] certificateChain = keyStores[i].getCertificateChain(str);
                    x509CertificateArr = new X509Certificate[certificateChain.length];
                    for (int i2 = 0; i2 < certificateChain.length; i2++) {
                        x509CertificateArr[i2] = (X509Certificate) certificateChain[i2];
                    }
                }
            }
            Signature signature = Signature.getInstance(this.digestAlgorithm + JsonPOJOBuilder.DEFAULT_WITH_PREFIX + this.keyAlgorithm);
            signature.initSign(privateKey);
            signature.update(existingSignatureFile);
            PKCS7 pkcs7 = new PKCS7(new AlgorithmId[]{AlgorithmId.get(this.digestAlgorithm)}, new ContentInfo(existingSignatureFile), x509CertificateArr, new SignerInfo[]{new SignerInfo(x509CertificateArr[0].getIssuerDN(), x509CertificateArr[0].getSerialNumber(), AlgorithmId.get(this.digestAlgorithm), AlgorithmId.get(this.keyAlgorithm), signature.sign())});
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            pkcs7.encodeSignedData(byteArrayOutputStream);
            zipOutputStream.putNextEntry(z ? getZipEntry(jarFile.getJarEntry(DescriptorConstants.JAR_MANIFEST_ENTRY)) : new ZipEntry(DescriptorConstants.JAR_MANIFEST_ENTRY));
            zipOutputStream.write(bytes);
            zipOutputStream.putNextEntry(new ZipEntry("META-INF/" + str.toUpperCase(Locale.US) + ".SF"));
            zipOutputStream.write(existingSignatureFile);
            zipOutputStream.putNextEntry(new ZipEntry("META-INF/" + str.toUpperCase(Locale.US) + "." + this.keyAlgorithm));
            zipOutputStream.write(byteArrayOutputStream.toByteArray());
            Enumeration<JarEntry> entries2 = jarFile.entries();
            while (entries2.hasMoreElements()) {
                JarEntry nextElement2 = entries2.nextElement();
                if (!nextElement2.getName().equals(DescriptorConstants.JAR_MANIFEST_ENTRY)) {
                    zipOutputStream.putNextEntry(getZipEntry(nextElement2));
                    zipOutputStream.write(readJarEntry(jarFile, nextElement2));
                }
            }
            if (map != null) {
                for (Map.Entry<String, byte[]> entry2 : map.entrySet()) {
                    zipOutputStream.putNextEntry(new ZipEntry(entry2.getKey()));
                    zipOutputStream.write(entry2.getValue());
                }
            }
        } finally {
            jarFile.close();
        }
    }

    private void processMetadataForEntry(Manifest manifest, StringBuilder sb, StringBuilder sb2, String str, byte[] bArr) {
        StringBuilder sb3 = new StringBuilder();
        StringBuilder sb4 = new StringBuilder();
        sb4.append("Name: ").append(str);
        appendLine(sb3, sb4);
        sb4.setLength(0);
        sb3.append(this.digestAlgorithm).append("-Digest: ").append(hash(bArr)).append(Constants.CRLF);
        appendAttributes(sb3, manifest, str);
        sb4.append("Name: ").append(str);
        appendLine(sb2, sb4);
        sb4.setLength(0);
        sb2.append(this.digestAlgorithm).append("-Digest: ").append(hash(sb3.toString())).append("\r\n\r\n");
        sb.append((CharSequence) sb3);
    }

    private Manifest retrieveManifest(JarFile jarFile) throws IOException {
        Manifest manifest = jarFile.getManifest();
        if (manifest == null) {
            manifest = new Manifest();
            Attributes mainAttributes = manifest.getMainAttributes();
            mainAttributes.putValue(Attributes.Name.MANIFEST_VERSION.toString(), "1.0");
            mainAttributes.putValue("Created-By", System.getProperty("java.version") + " (" + System.getProperty("java.vendor") + ")");
        }
        Iterator<String> it = manifest.getEntries().keySet().iterator();
        while (it.hasNext()) {
            if (jarFile.getJarEntry(it.next()) == null) {
                it.remove();
            }
        }
        return manifest;
    }

    private static StringBuilder appendAttributes(StringBuilder sb, Manifest manifest, String str) {
        return appendAttributes(sb, str == null ? manifest.getMainAttributes() : manifest.getAttributes(str));
    }

    private static StringBuilder appendAttributes(StringBuilder sb, Attributes attributes) {
        StringBuilder sb2 = new StringBuilder();
        if (attributes != null) {
            for (Map.Entry<Object, Object> entry : attributes.entrySet()) {
                sb2.append(entry.getKey().toString()).append(": ").append((String) entry.getValue());
                appendLine(sb, sb2);
                sb2.setLength(0);
            }
        }
        return sb.append(Constants.CRLF);
    }

    private static StringBuilder appendLine(StringBuilder sb, StringBuilder sb2) {
        int i = 0;
        int i2 = 70;
        while (sb2.length() - i > 70) {
            sb.append(sb2.subSequence(i, i2)).append("\r\n ");
            i = i2;
            i2 += 69;
        }
        return sb.append(sb2.subSequence(i, sb2.length())).append(Constants.CRLF);
    }

    private static byte[] getExistingSignatureFile(JarFile jarFile) throws IOException {
        Enumeration<JarEntry> entries = jarFile.entries();
        JarEntry jarEntry = null;
        while (true) {
            if (!entries.hasMoreElements()) {
                break;
            }
            JarEntry nextElement = entries.nextElement();
            if (nextElement.getName().startsWith("META-INF/") && nextElement.getName().endsWith(".SF")) {
                jarEntry = nextElement;
                break;
            }
        }
        return readJarEntry(jarFile, jarEntry);
    }

    private static byte[] readJarEntry(JarFile jarFile, JarEntry jarEntry) throws IOException {
        if (jarEntry == null) {
            return null;
        }
        byte[] bArr = new byte[(int) jarEntry.getSize()];
        InputStream inputStream = jarFile.getInputStream(jarEntry);
        int i = 0;
        while (true) {
            int read = inputStream.read();
            if (read <= -1) {
                return bArr;
            }
            int i2 = i;
            i++;
            bArr[i2] = (byte) read;
        }
    }

    private static ZipEntry getZipEntry(JarEntry jarEntry) {
        ZipEntry zipEntry = new ZipEntry(jarEntry.getName());
        zipEntry.setComment(jarEntry.getComment());
        zipEntry.setCrc(jarEntry.getCrc());
        zipEntry.setExtra(jarEntry.getExtra());
        zipEntry.setMethod(jarEntry.getMethod());
        zipEntry.setSize(jarEntry.getSize());
        zipEntry.setTime(jarEntry.getTime());
        return zipEntry;
    }
}
