package com.citrix.cck.jce;

import java.io.IOException;
import java.io.InputStream;
import java.net.JarURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProviderException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Vector;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class JarVerifier {
    private JarFile jarFile;
    private URL jarURL;

    private static X509Certificate[] getAChain(Certificate[] certificateArr, int i10) {
        if (i10 > certificateArr.length - 1) {
            return null;
        }
        int i11 = i10;
        while (i11 < certificateArr.length - 1) {
            int i12 = i11 + 1;
            if (!((X509Certificate) certificateArr[i12]).getSubjectDN().equals(((X509Certificate) certificateArr[i11]).getIssuerDN())) {
                break;
            }
            i11 = i12;
        }
        int i13 = (i11 - i10) + 1;
        X509Certificate[] x509CertificateArr = new X509Certificate[i13];
        for (int i14 = 0; i14 < i13; i14++) {
            x509CertificateArr[i14] = (X509Certificate) certificateArr[i10 + i14];
        }
        return x509CertificateArr;
    }

    private JarFile retrieveJarFileFromURL(URL url) throws PrivilegedActionException, MalformedURLException {
        if (!url.getProtocol().equalsIgnoreCase("jar")) {
            url = new URL("jar:" + url.toString() + "!/");
        }
        this.jarURL = url;
        return (JarFile) AccessController.doPrivileged(new PrivilegedExceptionAction<JarFile>() { // from class: com.citrix.cck.jce.JarVerifier.1
            @Override // java.security.PrivilegedExceptionAction
            public JarFile run() throws Exception {
                JarURLConnection jarURLConnection = (JarURLConnection) JarVerifier.this.jarURL.openConnection();
                jarURLConnection.setUseCaches(false);
                return jarURLConnection.getJarFile();
            }
        });
    }

    protected void finalize() throws Throwable {
        this.jarFile.close();
    }

    public void verify(X509Certificate x509Certificate) throws IOException {
        boolean z10;
        if (x509Certificate == null) {
            throw new ProviderException("Provider certificate is invalid");
        }
        try {
            if (this.jarFile == null) {
                this.jarFile = retrieveJarFileFromURL(this.jarURL);
            }
            Vector vector = new Vector();
            if (this.jarFile.getManifest() == null) {
                throw new ProviderException("The provider is not signed");
            }
            byte[] bArr = new byte[8192];
            Enumeration<JarEntry> entries = this.jarFile.entries();
            while (entries.hasMoreElements()) {
                JarEntry nextElement = entries.nextElement();
                if (!nextElement.isDirectory()) {
                    vector.addElement(nextElement);
                    InputStream inputStream = this.jarFile.getInputStream(nextElement);
                    do {
                    } while (inputStream.read(bArr, 0, 8192) != -1);
                    inputStream.close();
                }
            }
            Enumeration elements = vector.elements();
            while (elements.hasMoreElements()) {
                JarEntry jarEntry = (JarEntry) elements.nextElement();
                Certificate[] certificates = jarEntry.getCertificates();
                if (certificates != null && certificates.length != 0) {
                    int i10 = 0;
                    while (true) {
                        X509Certificate[] aChain = getAChain(certificates, i10);
                        if (aChain == null) {
                            z10 = false;
                            break;
                        } else {
                            if (aChain[0].equals(x509Certificate)) {
                                z10 = true;
                                break;
                            }
                            i10 += aChain.length;
                        }
                    }
                    if (!z10) {
                        throw new ProviderException("The provider is not signed by a trusted signer");
                    }
                } else if (!jarEntry.getName().startsWith("META-INF")) {
                    throw new ProviderException("The provider has unsigned class files.");
                }
            }
        } catch (Exception e10) {
            ProviderException providerException = new ProviderException();
            providerException.initCause(e10);
            throw providerException;
        }
    }
}
