package org.eclipse.ease.sign;

import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.eclipse.ease.Activator;
import org.eclipse.ease.ICodeParser;
import org.eclipse.ease.Logger;
import org.eclipse.ease.service.ScriptType;
import org.eclipse.ease.tools.ResourceTools;

/* loaded from: input_file:org/eclipse/ease/sign/VerifySignature.class */
public class VerifySignature {
    private final SignatureInfo fSignatureInfo;

    public static VerifySignature getInstance(ScriptType scriptType, InputStream inputStream) throws ScriptSignatureException {
        return getInstance(scriptType, inputStream, null);
    }

    public static VerifySignature getInstance(ScriptType scriptType, InputStream inputStream, InputStream inputStream2) throws ScriptSignatureException {
        if (scriptType == null || inputStream == null) {
            throw new ScriptSignatureException("One or more parameters are not provided");
        }
        ICodeParser codeParser = scriptType.getCodeParser();
        if (inputStream2 == null) {
            SignatureInfo signatureInfo = codeParser.getSignatureInfo(inputStream);
            if (signatureInfo == null) {
                return null;
            }
            if (signatureInfo.getSignature() == null || signatureInfo.getProvider() == null || signatureInfo.getMessageDigestAlgo() == null || signatureInfo.getCertificateChain() == null || signatureInfo.getContentOnly() == null) {
                throw new ScriptSignatureException("Error while parsing script. Try again.");
            }
            return new VerifySignature(signatureInfo);
        }
        SignatureInfo signatureInfo2 = codeParser.getSignatureInfo(inputStream2);
        if (signatureInfo2 == null) {
            return null;
        }
        if (signatureInfo2.getSignature() == null || signatureInfo2.getProvider() == null || signatureInfo2.getMessageDigestAlgo() == null || signatureInfo2.getCertificateChain() == null) {
            throw new ScriptSignatureException("Error while parsing script. Try again.");
        }
        BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
        StringBuffer stringBuffer = new StringBuffer();
        try {
            while (true) {
                try {
                    int read = bufferedInputStream.read();
                    if (read < 0) {
                        break;
                    }
                    stringBuffer.append((char) read);
                } catch (IOException e) {
                    Logger.error(Activator.PLUGIN_ID, e.getMessage(), e);
                    throw new ScriptSignatureException("An IO error occurred while reading file.", e);
                }
            }
            signatureInfo2.setContentOnly(stringBuffer.toString());
            return new VerifySignature(signatureInfo2);
        } finally {
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e2) {
                    Logger.error(Activator.PLUGIN_ID, e2.getMessage(), e2);
                }
            }
        }
    }

    private VerifySignature(SignatureInfo signatureInfo) {
        this.fSignatureInfo = signatureInfo;
    }

    private Certificate getCertificate(byte[] bArr) throws ScriptSignatureException {
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            throw new ScriptSignatureException("Error while retrieving certificate.", e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private List<Certificate> getCertificateChain() throws ScriptSignatureException {
        String[] certificateChain = this.fSignatureInfo.getCertificateChain();
        int length = certificateChain.length;
        byte[] bArr = new byte[length];
        for (int i = 0; i < length; i++) {
            bArr[i] = SignatureHelper.convertBase64ToBytes(certificateChain[i]);
        }
        ArrayList arrayList = new ArrayList();
        for (byte[] bArr2 : bArr) {
            arrayList.add(getCertificate(bArr2));
        }
        return arrayList;
    }

    public boolean isSelfSignedCertificate() throws ScriptSignatureException {
        if (this.fSignatureInfo != null) {
            return SignatureHelper.isSelfSignedCertificate((Certificate) ((ArrayList) getCertificateChain()).get(0));
        }
        throw new ScriptSignatureException("Script does not contain signature.");
    }

    public boolean isCertChainValid(InputStream inputStream, char[] cArr) throws ScriptSignatureException {
        if ((inputStream == null && cArr != null) || (inputStream != null && cArr == null)) {
            throw new ScriptSignatureException("Either both or none of the parameters should be null");
        }
        if (this.fSignatureInfo == null) {
            throw new ScriptSignatureException("Script does not contain signature.");
        }
        InputStream inputStream2 = null;
        try {
            try {
                try {
                    try {
                        try {
                            if (inputStream == null && cArr == null) {
                                inputStream2 = new FileInputStream(String.valueOf(System.getProperty("java.home")) + "/lib/security/cacerts");
                                cArr = "changeit".toCharArray();
                            } else {
                                inputStream2 = ResourceTools.getInputStream(inputStream);
                            }
                            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                            ArrayList arrayList = (ArrayList) getCertificateChain();
                            int size = arrayList.size();
                            if (SignatureHelper.isSelfSignedCertificate((Certificate) arrayList.get(size - 1))) {
                                arrayList.remove(size - 1);
                            }
                            CertPath generateCertPath = certificateFactory.generateCertPath(arrayList);
                            CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
                            KeyStore keyStore = KeyStore.getInstance("JKS");
                            keyStore.load(inputStream2, cArr);
                            PKIXParameters pKIXParameters = new PKIXParameters(keyStore);
                            pKIXParameters.setRevocationEnabled(true);
                            Security.setProperty("ocsp.enable", "true");
                            System.setProperty("com.sun.net.ssl.checkRevocation", "true");
                            System.setProperty("com.sun.security.enableCRLDP", "true");
                            certPathValidator.validate(generateCertPath, pKIXParameters);
                            if (inputStream2 == null) {
                                return true;
                            }
                            try {
                                inputStream2.close();
                                return true;
                            } catch (IOException e) {
                                Logger.error(Activator.PLUGIN_ID, Arrays.toString(e.getStackTrace()), e);
                                return true;
                            }
                        } catch (InvalidAlgorithmParameterException e2) {
                            Logger.error(Activator.PLUGIN_ID, Arrays.toString(e2.getStackTrace()), e2);
                            throw new ScriptSignatureException("Can't perform validation.", e2);
                        }
                    } catch (CertPathValidatorException e3) {
                        throw new ScriptSignatureException(e3.getMessage());
                    }
                } catch (KeyStoreException e4) {
                    throw new ScriptSignatureException("Truststore can't be loaded.");
                } catch (CertificateException e5) {
                    throw new ScriptSignatureException("One or more certificates can't be loaded.", e5);
                }
            } catch (IOException e6) {
                if (e6.getCause() instanceof UnrecoverableKeyException) {
                    throw new ScriptSignatureException("Invalid Truststore Password.", e6);
                }
                if ((e6.getCause() instanceof FileNotFoundException) || (e6.getCause() instanceof SecurityException)) {
                    throw new ScriptSignatureException("File can't be read. Chose another Truststore or try again.", e6);
                }
                Logger.error(Activator.PLUGIN_ID, Arrays.toString(e6.getStackTrace()), e6);
                throw new ScriptSignatureException("Error loading Truststore. Try again.", e6);
            } catch (NoSuchAlgorithmException e7) {
                throw new ScriptSignatureException("Algorithm used for securing truststore can't be found. Chose another Truststore.", e7);
            }
        } catch (Throwable th) {
            if (inputStream2 != null) {
                try {
                    inputStream2.close();
                } catch (IOException e8) {
                    Logger.error(Activator.PLUGIN_ID, Arrays.toString(e8.getStackTrace()), e8);
                }
            }
            throw th;
        }
    }

    public boolean isCertChainValid() throws ScriptSignatureException {
        return isCertChainValid(null, null);
    }

    public boolean verify() throws ScriptSignatureException {
        if (this.fSignatureInfo == null) {
            throw new ScriptSignatureException("Script does not contain signature.");
        }
        byte[] convertBase64ToBytes = SignatureHelper.convertBase64ToBytes(this.fSignatureInfo.getSignature());
        try {
            PublicKey publicKey = getCertificate(SignatureHelper.convertBase64ToBytes(this.fSignatureInfo.getCertificateChain()[0])).getPublicKey();
            Signature signature = Signature.getInstance(String.valueOf(this.fSignatureInfo.getMessageDigestAlgo()) + "with" + publicKey.getAlgorithm(), this.fSignatureInfo.getProvider());
            signature.initVerify(publicKey);
            signature.update(this.fSignatureInfo.getContentOnly().getBytes());
            return signature.verify(convertBase64ToBytes);
        } catch (InvalidKeyException e) {
            throw new ScriptSignatureException("Public key is invalid.", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new ScriptSignatureException("Algorithm used by signature is not recognized by provider.", e2);
        } catch (NoSuchProviderException e3) {
            throw new ScriptSignatureException("No such provider is registered in Security Providers' list.", e3);
        } catch (SignatureException e4) {
            Logger.error(Activator.PLUGIN_ID, "Signature object not initialized properly or signature is not readable.", e4);
            throw new ScriptSignatureException("Signature is not readable.", e4);
        }
    }
}
