package org.netbeans.installer.utils;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.CodeSigner;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.Random;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;

/* loaded from: input_file:harness/modules/ext/nbi-engine.jar:org/netbeans/installer/utils/SecurityUtils.class */
final class SecurityUtils {
    private static KeyStore caStore;
    private static KeyStore permanentTrustedStore;
    private static KeyStore sessionTrustedStore;
    private static KeyStore deniedStore;
    private static String CACERTS_FILE_PATH = "lib/security/cacerts";
    private static final int BUFFER_SIZE = 4096;

    /* loaded from: input_file:harness/modules/ext/nbi-engine.jar:org/netbeans/installer/utils/SecurityUtils$CertificateAcceptanceStatus.class */
    public enum CertificateAcceptanceStatus {
        ACCEPT_PERMANENTLY,
        ACCEPT_FOR_THIS_SESSION,
        DENY
    }

    SecurityUtils() {
    }

    public static boolean isJarSignatureVeryfied(File file, String str) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        if (caStore == null) {
            caStore = KeyStore.getInstance(KeyStore.getDefaultType());
            caStore.load(new FileInputStream(new File(SystemUtils.getCurrentJavaHome(), CACERTS_FILE_PATH)), null);
            permanentTrustedStore = KeyStore.getInstance(KeyStore.getDefaultType());
            permanentTrustedStore.load(null, null);
            sessionTrustedStore = KeyStore.getInstance(KeyStore.getDefaultType());
            sessionTrustedStore.load(null, null);
            deniedStore = KeyStore.getInstance(KeyStore.getDefaultType());
            deniedStore.load(null, null);
        }
        JarFile jarFile = new JarFile(file);
        try {
            Certificate[] certificateArr = null;
            CodeSigner[] codeSignerArr = null;
            Iterator it = Collections.list(jarFile.entries()).iterator();
            while (it.hasNext()) {
                JarEntry jarEntry = (JarEntry) it.next();
                readFully(jarFile.getInputStream(jarEntry));
                certificateArr = jarEntry.getCertificates();
                codeSignerArr = jarEntry.getCodeSigners();
                if (certificateArr != null) {
                    break;
                }
            }
            if (certificateArr == null) {
            }
            int i = 0;
            int i2 = 0;
            int i3 = 0;
            while (i2 < certificateArr.length) {
                int i4 = i;
                while (i4 < certificateArr.length - 1) {
                    boolean isIssuerOf = isIssuerOf((X509Certificate) certificateArr[i4], (X509Certificate) certificateArr[i4 + 1]);
                    if (!(certificateArr[i4] instanceof X509Certificate) || !(certificateArr[i4 + 1] instanceof X509Certificate) || !isIssuerOf) {
                        break;
                    }
                    i4++;
                }
                i2 = i4 + 1;
                if (containsCertificate(deniedStore, certificateArr[i])) {
                    return false;
                }
                if (containsCertificate(permanentTrustedStore, certificateArr[i]) || containsCertificate(sessionTrustedStore, certificateArr[i])) {
                    jarFile.close();
                    return true;
                }
                i = i2;
                i3++;
            }
            boolean z = false;
            int i5 = 0;
            int i6 = 0;
            int i7 = 0;
            while (i6 < certificateArr.length) {
                int i8 = i5;
                while (i8 < certificateArr.length) {
                    X509Certificate x509Certificate = null;
                    if (certificateArr[i8] instanceof X509Certificate) {
                        x509Certificate = (X509Certificate) certificateArr[i8];
                    }
                    X509Certificate x509Certificate2 = (i8 >= certificateArr.length - 1 || !(certificateArr[i8 + 1] instanceof X509Certificate)) ? x509Certificate : (X509Certificate) certificateArr[i8 + 1];
                    try {
                        x509Certificate.checkValidity();
                    } catch (CertificateExpiredException e) {
                        z = true;
                    } catch (CertificateNotYetValidException e2) {
                        z = true;
                    }
                    if (!isIssuerOf(x509Certificate, x509Certificate2)) {
                        break;
                    }
                    try {
                        x509Certificate.verify(x509Certificate2.getPublicKey());
                        i8++;
                    } catch (GeneralSecurityException e3) {
                        jarFile.close();
                        return false;
                    }
                }
                i6 = i8 < certificateArr.length ? i8 + 1 : i8;
                boolean z2 = !verifyCertificate(caStore, certificateArr[i6 - 1]);
                Date date = null;
                if (codeSignerArr[i7].getTimestamp() != null) {
                    date = codeSignerArr[i7].getTimestamp().getTimestamp();
                }
                CertificateAcceptanceStatus showCertificateAcceptanceDialog = showCertificateAcceptanceDialog(certificateArr, i5, i6, z2, z, date, str);
                if (showCertificateAcceptanceDialog == CertificateAcceptanceStatus.ACCEPT_PERMANENTLY) {
                    addCertificate(permanentTrustedStore, certificateArr[i5]);
                    jarFile.close();
                    return true;
                }
                if (showCertificateAcceptanceDialog == CertificateAcceptanceStatus.ACCEPT_FOR_THIS_SESSION) {
                    addCertificate(sessionTrustedStore, certificateArr[i5]);
                    jarFile.close();
                    return true;
                }
                addCertificate(deniedStore, certificateArr[i5]);
                i5 = i6;
                i7++;
            }
            jarFile.close();
            return false;
        } finally {
            jarFile.close();
        }
    }

    private static void readFully(InputStream inputStream) throws IOException {
        do {
        } while (inputStream.read(new byte[BUFFER_SIZE]) != -1);
    }

    private static boolean isIssuerOf(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        return x509Certificate.getIssuerDN().equals(x509Certificate2.getSubjectDN());
    }

    private static boolean containsCertificate(KeyStore keyStore, Certificate certificate) throws KeyStoreException {
        return keyStore.getCertificateAlias(certificate) != null;
    }

    private static void addCertificate(KeyStore keyStore, Certificate certificate) throws KeyStoreException {
        if (keyStore.getCertificateAlias(certificate) == null) {
            keyStore.setCertificateEntry("alias" + new Random().nextLong(), certificate);
        }
    }

    private static boolean verifyCertificate(KeyStore keyStore, Certificate certificate) throws KeyStoreException {
        Iterator it = Collections.list(keyStore.aliases()).iterator();
        while (it.hasNext()) {
            try {
                certificate.verify(keyStore.getCertificate((String) it.next()).getPublicKey());
                return true;
            } catch (GeneralSecurityException e) {
            }
        }
        return false;
    }

    private static CertificateAcceptanceStatus showCertificateAcceptanceDialog(Certificate[] certificateArr, int i, int i2, boolean z, boolean z2, Date date, String str) {
        String format;
        String str2;
        String str3;
        if (!(certificateArr[i] instanceof X509Certificate) || !(certificateArr[i2 - 1] instanceof X509Certificate)) {
            return CertificateAcceptanceStatus.DENY;
        }
        X509Certificate x509Certificate = (X509Certificate) certificateArr[i];
        X509Certificate x509Certificate2 = (X509Certificate) certificateArr[i2 - 1];
        Principal subjectDN = x509Certificate.getSubjectDN();
        Principal issuerDN = x509Certificate2.getIssuerDN();
        String extractName = extractName(subjectDN.getName(), "CN=", "Unknown Subject");
        String extractName2 = extractName(issuerDN.getName(), "O=", "Unknown Issuer");
        if (z || z2) {
            if (z) {
                format = StringUtils.format("The digital signature of {0} cannot be verified.", str);
                str2 = "The digital signature cannot be verified by a trusted source. Only continue if you trust the origin of the file. The security certificate was issued by a company that is not trusted.";
            } else {
                format = StringUtils.format("The digital signature of {0} has been verified.", str);
                str2 = "The security certificate was issued by a company that is trusted.";
            }
            str3 = z2 ? str2 + "The digital signature was generated with a trusted certificate but has expired or is not yet valid" : date != null ? str2 + StringUtils.format("The security certificate was valid at the time of signing on {0}.", DateFormat.getDateTimeInstance(1, 1).format(date)) : str2 + "The security certificate has not expired and is still valid.";
        } else {
            format = StringUtils.format("The digital signature of {0} has been verified.", str);
            String str4 = "The digital signature has been validated by a trusted source. The security certificate was issued by a company that is trusted";
            str3 = (date != null ? str4 + StringUtils.format(" and was valid at the time of signing on {0}.", DateFormat.getDateTimeInstance(1, 1).format(date)) : str4 + ", has not expired and is still valid.") + StringUtils.format("Caution: \"{0}\" asserts that this content is safe.  You should only accept this content if you trust \"{1}\" to make that assertion.", extractName, extractName);
        }
        int showYesNoCancelDialog = UiUtils.showYesNoCancelDialog(null, StringUtils.format("<html><b>{0}</b><br>Subject: {1}<br>Issuer: {2}<br><br>{3}<br><br>Click OK to accept the certificate permanently, No to accept it temporary for this session, Cancel to reject the certificate.", format, extractName, extractName2, str3), 1);
        return showYesNoCancelDialog == 0 ? CertificateAcceptanceStatus.ACCEPT_PERMANENTLY : showYesNoCancelDialog == 1 ? CertificateAcceptanceStatus.ACCEPT_FOR_THIS_SESSION : CertificateAcceptanceStatus.DENY;
    }

    private static String extractName(String str, String str2, String str3) {
        int indexOf;
        int indexOf2 = str.indexOf(str2);
        if (indexOf2 < 0) {
            return str3;
        }
        try {
            int length = indexOf2 + str2.length();
            if (str.charAt(length) == '\"') {
                length++;
                indexOf = str.indexOf(34, length);
            } else {
                indexOf = str.indexOf(44, length);
            }
            return indexOf < 0 ? str.substring(length) : str.substring(length, indexOf);
        } catch (IndexOutOfBoundsException e) {
            return str3;
        }
    }
}
