package org.eclipse.sensinact.gateway.security.signature.internal;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import java.util.jar.Attributes;
import java.util.jar.Manifest;
import java.util.zip.ZipException;
import org.eclipse.sensinact.gateway.common.bundle.Mediator;
import org.eclipse.sensinact.gateway.security.signature.exception.BundleValidationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/sensinact/gateway/security/signature/internal/SignedBundleChecker.class */
public class SignedBundleChecker {
    private static final Logger LOG = LoggerFactory.getLogger(SignedBundleChecker.class);
    private static final String METADATA_DIR = "/META-INF/";
    private static final String MF_FILE = "MANIFEST.MF";
    Mediator mediator;

    public SignedBundleChecker(Mediator mediator) {
        this.mediator = mediator;
    }

    protected boolean checkCoherence(SignedBundle signedBundle, String str, Certificate certificate, CryptographicUtils cryptographicUtils, String str2) throws Exception {
        boolean checkResourcesOrderValid = checkResourcesOrderValid(signedBundle);
        if (LOG.isInfoEnabled()) {
            LOG.info("resourcesOrderValid " + checkResourcesOrderValid);
        }
        boolean checkSignatureBlockValidity = checkSignatureBlockValidity(signedBundle, str, cryptographicUtils, str2);
        if (LOG.isInfoEnabled()) {
            LOG.info("signatureBlockValid " + checkSignatureBlockValidity);
        }
        boolean checkSignatureFileValidity = checkSignatureFileValidity(signedBundle, str, cryptographicUtils);
        if (LOG.isInfoEnabled()) {
            LOG.info("signatureFileValid " + checkSignatureFileValidity);
        }
        boolean checkManifestValidity = checkManifestValidity(signedBundle, cryptographicUtils);
        if (LOG.isWarnEnabled()) {
            LOG.info("manifestValid " + checkManifestValidity);
        }
        boolean z = checkResourcesOrderValid && checkSignatureBlockValidity && checkSignatureFileValidity && checkManifestValidity;
        if (LOG.isWarnEnabled()) {
            LOG.info("coherent " + z);
        }
        return z;
    }

    protected boolean checkSignatureBlockValidity(SignatureFile signatureFile, SignatureBlock signatureBlock, X509Certificate x509Certificate, CryptographicUtils cryptographicUtils, String str) throws Exception {
        return true;
    }

    private boolean checkSignatureBlockValidity(SignedBundle signedBundle, String str, CryptographicUtils cryptographicUtils, String str2) throws Exception {
        return true;
    }

    protected boolean checkSignatureFileValidity(SignedBundle signedBundle, SignatureFile signatureFile, CryptographicUtils cryptographicUtils) throws NoSuchAlgorithmException, IOException {
        return true;
    }

    private boolean checkSignatureFileValidity(SignedBundle signedBundle, String str, CryptographicUtils cryptographicUtils) throws IOException, NoSuchAlgorithmException {
        return true;
    }

    private boolean checkManifestValidity(SignedBundle signedBundle, CryptographicUtils cryptographicUtils) throws Exception {
        return true;
    }

    private boolean checkManifestEntriesExist(SignedBundle signedBundle, Manifest manifest) throws IOException {
        boolean z = true;
        Iterator<String> it = manifest.getEntries().keySet().iterator();
        while (it.hasNext() && z) {
            if (signedBundle.getEntry("/" + it.next()) == null) {
                z = false;
            }
        }
        return z;
    }

    protected boolean checkHashValuesValid(SignedBundle signedBundle, Manifest manifest, CryptographicUtils cryptographicUtils) throws BundleValidationException, ZipException, IOException, NoSuchAlgorithmException {
        boolean z = true;
        Map<String, Attributes> entries = manifest.getEntries();
        Iterator<Map.Entry<String, Attributes>> it = entries.entrySet().iterator();
        while (it.hasNext()) {
            String key = it.next().getKey();
            if (LOG.isDebugEnabled()) {
                LOG.debug("file: " + key);
            }
            Attributes attributes = entries.get(key);
            Iterator<Map.Entry<Object, Object>> it2 = attributes.entrySet().iterator();
            while (it2.hasNext()) {
                Attributes.Name name = (Attributes.Name) it2.next().getKey();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("key2: " + name);
                }
                String str = (String) attributes.get(name);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("hashValue: " + str);
                }
                z = z && cryptographicUtils.checkHashValue(this.mediator, signedBundle.getEntry(key), str, name.toString());
            }
        }
        return z;
    }

    private boolean checkResourcesKnownInManifest(SignedBundle signedBundle, Manifest manifest) {
        boolean z = true;
        Iterator<URL> it = signedBundle.getEntries().iterator();
        while (it.hasNext() && z) {
            String substring = it.next().getPath().substring(1);
            if (substring.endsWith(".class") && manifest.getAttributes(substring) == null) {
                z = false;
                if (LOG.isWarnEnabled()) {
                    LOG.warn(substring + " not referenced in the manifest file");
                }
            }
        }
        return z;
    }

    private boolean[] checkEntry(URL url, boolean z, boolean z2, boolean z3) {
        boolean z4 = z;
        boolean z5 = z2;
        boolean z6 = z3;
        String path = url.getPath();
        if (!path.endsWith("/")) {
            if (path.endsWith("/META-INF/MANIFEST.MF")) {
                if (z4 || z5) {
                    z6 = false;
                }
            } else if (path.endsWith(".SF") || path.endsWith(".RSA") || path.endsWith(".DSA")) {
                z4 = true;
                if (z5) {
                    z6 = false;
                }
            } else {
                z5 = true;
            }
        }
        return new boolean[]{z4, z5, z6};
    }

    private boolean checkResourcesOrderValid(SignedBundle signedBundle) throws FileNotFoundException, IOException {
        boolean z = false;
        if (signedBundle.getManifest() != null) {
            z = true;
        }
        boolean z2 = false;
        boolean z3 = false;
        Iterator<URL> it = signedBundle.getEntries().iterator();
        while (it.hasNext()) {
            boolean[] checkEntry = checkEntry(it.next(), z2, z3, z);
            z2 = checkEntry[0];
            z3 = checkEntry[1];
            z = checkEntry[2];
        }
        return z;
    }
}
