package com.ibm.cfwk;

import com.ibm.cfwk.pki.Cert;
import com.ibm.util.FileName;
import com.ibm.util.Util;
import infospc.rptapi.RPTMap;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.PrintStream;
import java.io.RandomAccessFile;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.StringTokenizer;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:lib/swimport.zip:com/ibm/cfwk/Securit.class */
public final class Securit {
    static Object[] classPath;
    static int nextPathElement;
    static API api;
    static Key pkr;
    static Key pkd;
    static boolean bv;
    static int lastPos;
    static String[] pkgs;
    static Securit[] secs;
    ZipFile zipFile;
    String baseDir;
    String pkgQual;
    String zipName;
    File secFile;
    Digest hashAlg;
    String[] pathNames;
    byte[][] hashes;
    static Hashtable allZipNames = new Hashtable(1024);
    static String st = "Thomas Loves Hanne";

    static void done(String str) {
        System.err.println(str);
        System.exit(Cert.ERR_MASK);
    }

    static synchronized Securit findSecurit(String str) {
        for (int i = 0; i < lastPos; i++) {
            if (str.compareTo(pkgs[i]) == 0) {
                return secs[i];
            }
        }
        if (lastPos < pkgs.length) {
            return null;
        }
        String[] strArr = new String[pkgs.length + 5];
        Securit[] securitArr = new Securit[secs.length + 5];
        System.arraycopy(pkgs, 0, strArr, 0, pkgs.length);
        System.arraycopy(secs, 0, securitArr, 0, secs.length);
        pkgs = strArr;
        secs = securitArr;
        return null;
    }

    static String packageOf(String str) {
        int lastIndexOf = str.lastIndexOf(46);
        return lastIndexOf < 0 ? "" : str.substring(0, lastIndexOf + 1);
    }

    static synchronized Securit checkAccess1(String str) {
        String packageOf = packageOf(str);
        Securit findSecurit = findSecurit(packageOf);
        if (findSecurit != null) {
            return findSecurit;
        }
        ZipFile zipFile = null;
        File file = null;
        String stringBuffer = new StringBuffer(String.valueOf(str.replace('.', File.separatorChar))).append(".class").toString();
        String stringBuffer2 = new StringBuffer(String.valueOf(str.replace('.', '/'))).append(".class").toString();
        for (int i = 0; i < classPath.length; i++) {
            try {
                zipFile = null;
                if (classPath[i] instanceof ZipFile) {
                    zipFile = (ZipFile) classPath[i];
                    if (zipFile.getEntry(stringBuffer2) != null) {
                        file = new File(zipFile.getName());
                        break;
                    }
                } else {
                    file = new File(new StringBuffer(String.valueOf(classPath[i])).append(File.separator).append(stringBuffer).toString());
                    if (file.exists() && !file.isDirectory()) {
                        break;
                    }
                    file = null;
                }
            } catch (Exception e) {
                done(new StringBuffer("Failed to lookup <").append(str).append(">: ").append(e).toString());
            }
        }
        if (file == null) {
            done(new StringBuffer("Could not find <").append(str).append(RPTMap.GT).toString());
        }
        String parent = file.getParent();
        pkgs[lastPos] = packageOf;
        Securit[] securitArr = secs;
        int i2 = lastPos;
        Securit securit = new Securit(zipFile, new StringBuffer(String.valueOf(parent == null ? "." : parent)).append(File.separator).toString(), packageOf, null, null);
        securitArr[i2] = securit;
        lastPos++;
        return securit;
    }

    static synchronized Securit checkAccess2(String str) {
        String packageOf = packageOf(str);
        Securit findSecurit = findSecurit(packageOf);
        if (findSecurit != null) {
            return findSecurit;
        }
        try {
            String stringBuffer = new StringBuffer(String.valueOf(str.replace('.', '/'))).append(".class").toString();
            ZipFile zipFile = (ZipFile) allZipNames.get(stringBuffer);
            while (zipFile == null) {
                if (nextPathElement >= classPath.length || (classPath[nextPathElement] instanceof File)) {
                    if (bv) {
                        System.err.println(new StringBuffer("Untrusted code base: class ").append(str).append(RPTMap.NL).append("Checked the following CLASSPATH components:").toString());
                        for (int i = 0; i < nextPathElement; i++) {
                            System.err.println(new StringBuffer("  ").append(classPath[i] instanceof ZipFile ? ((ZipFile) classPath[i]).getName() : classPath[i].toString()).toString());
                        }
                        if (nextPathElement == 0) {
                            System.err.println("<none>");
                        }
                    }
                    throw new FailedException(new StringBuffer("Access denied: ").append(str).toString());
                }
                Object[] objArr = classPath;
                int i2 = nextPathElement;
                nextPathElement = i2 + 1;
                zipFile = (ZipFile) objArr[i2];
                Enumeration<? extends ZipEntry> entries = zipFile.entries();
                while (entries.hasMoreElements()) {
                    String replace = entries.nextElement().getName().replace('\\', '/');
                    if (allZipNames.containsKey(replace)) {
                        done(new StringBuffer("Conflict: <").append(replace).append("> in <").append(zipFile.getName()).append("> ").append("shadowed ").append("by same entry in <").append(((ZipFile) allZipNames.get(replace)).getName()).append(RPTMap.GT).toString());
                    }
                    allZipNames.put(replace, zipFile);
                }
                if (zipFile.getEntry(stringBuffer) == null) {
                    zipFile = null;
                }
            }
            String name = zipFile.getName();
            if (name.endsWith(".zip")) {
                name = name.substring(0, name.length() - 4);
            }
            File file = new File(new StringBuffer(String.valueOf(name)).append(".sec").toString());
            if (!file.exists()) {
                done(new StringBuffer("Cannot find <").append(file).append(RPTMap.GT).toString());
            }
            pkgs[lastPos] = packageOf;
            Securit[] securitArr = secs;
            int i3 = lastPos;
            Securit securit = new Securit(zipFile, null, packageOf, file, null);
            securitArr[i3] = securit;
            lastPos++;
            return securit;
        } catch (FailedException e) {
            throw e;
        } catch (Exception e2) {
            done(new StringBuffer("Failed to lookup <").append(str).append(">: ").append(e2).toString());
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Securit checkAccess0(String str) {
        Securit checkAccess1 = System.getProperty("ARMED") == null ? checkAccess1(str) : checkAccess2(str);
        if (bv) {
            System.err.println(new StringBuffer("Access granted to <").append(str).append(">\n").append("  baseDir=").append(checkAccess1.baseDir).append(RPTMap.NL).append("  zipFile=").append(checkAccess1.zipFile == null ? "null" : checkAccess1.zipFile.getName()).toString());
        }
        return checkAccess1;
    }

    Securit(ZipFile zipFile, String str, String str2, File file, PrintStream printStream) {
        this.zipFile = zipFile;
        this.baseDir = str;
        this.pkgQual = str2;
        this.secFile = file;
        if (zipFile != null) {
            int lastIndexOf = zipFile.getName().lastIndexOf(File.separatorChar);
            this.baseDir = lastIndexOf < 0 ? new StringBuffer(".").append(File.separatorChar).toString() : zipFile.getName().substring(0, lastIndexOf + 1);
            this.zipName = zipFile.getName().substring(lastIndexOf < 0 ? 0 : lastIndexOf + 1);
        }
        if (api != null) {
            initSecurit(printStream);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void initSecurit(PrintStream printStream) {
        if (this.secFile == null) {
            return;
        }
        try {
            RandomAccessFile randomAccessFile = new RandomAccessFile(this.secFile, "r");
            int readUnsignedShort = randomAccessFile.readUnsignedShort();
            if (readUnsignedShort > 0) {
                done(new StringBuffer("Can't handle version ").append(readUnsignedShort / 256).append(".").append(readUnsignedShort % 256).append(" of file <").append(this.secFile).append(RPTMap.GT).toString());
            }
            int readUnsignedShort2 = randomAccessFile.readUnsignedShort();
            if (printStream != null) {
                printStream.println(new StringBuffer("Signature size:      ").append(readUnsignedShort2).toString());
            }
            byte[] bArr = new byte[readUnsignedShort2];
            randomAccessFile.readFully(bArr);
            byte[] bArr2 = new byte[randomAccessFile.readInt()];
            randomAccessFile.readFully(bArr2);
            randomAccessFile.close();
            DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr2));
            String readUTF = dataInputStream.readUTF();
            String readUTF2 = dataInputStream.readUTF();
            if (printStream != null) {
                printStream.println(new StringBuffer("Signature algorithm: ").append(readUTF).append(RPTMap.NL).append("Hash algorithm:      ").append(readUTF2).toString());
            }
            Signature find = Signature.find(readUTF, api);
            this.hashAlg = Digest.find(readUTF2, api);
            int readUnsignedShort3 = dataInputStream.readUnsignedShort();
            int readUnsignedShort4 = dataInputStream.readUnsignedShort();
            this.pathNames = new String[readUnsignedShort4];
            this.hashes = new byte[readUnsignedShort4][this.hashAlg.digestSize()];
            if (readUnsignedShort3 != this.hashAlg.digestSize()) {
                done("Inconsistent Securit file: Mismatching hash sizes.");
            }
            for (int i = 0; i < readUnsignedShort4; i++) {
                this.pathNames[i] = dataInputStream.readUTF();
                dataInputStream.readFully(this.hashes[i]);
            }
            if (!find.verify(readUTF.indexOf("RSA") >= 0 ? pkr : pkd, bArr2, 0, bArr2.length, bArr, 0, bArr.length)) {
                done(new StringBuffer("Broken signature: ").append(this.secFile).toString());
            }
            verifyBaseZip();
        } catch (Throwable th) {
            if (bv) {
                th.printStackTrace();
            }
            done(new StringBuffer("Failed to read/verify <").append(this.secFile).append(">: ").append(th).toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] signedResources() {
        return this.pathNames;
    }

    private byte[] findHash(String str) {
        if (this.secFile == null) {
            return null;
        }
        for (int i = 0; i < this.pathNames.length; i++) {
            if (this.pathNames[i].compareTo(str) == 0) {
                return this.hashes[i];
            }
        }
        done(new StringBuffer("Illegal resource: <").append(str).append("> is not signed.").toString());
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Object findVerifiedResource(String str, boolean z, boolean z2) {
        ZipEntry entry;
        try {
            if (this.zipFile != null && !z && !z && (entry = this.zipFile.getEntry(new StringBuffer(String.valueOf(this.pkgQual.replace('.', '/'))).append(str).toString())) != null) {
                if (z2) {
                    System.out.println(new StringBuffer(RPTMap.LT).append(str).append("> part of verified <").append(this.zipFile.getName()).append(RPTMap.GT).toString());
                }
                if (bv) {
                    System.err.println(new StringBuffer("Resource <").append(str).append("> located: ").append(this.zipFile.getName()).append("(").append(entry.getName()).append(")").toString());
                }
                return this.zipFile.getInputStream(entry);
            }
            if (this.secFile != null && api == null && str.compareTo(this.zipName) != 0) {
                done("Boot strapping failed.");
            }
            File file = new File(new StringBuffer(String.valueOf(this.baseDir)).append(File.separatorChar == '/' ? str : str.replace('/', File.separatorChar)).toString());
            if (!file.exists()) {
                done(new StringBuffer("Cannot find resource <").append(str).append("> at <").append(file).append(">.").toString());
            }
            if (z2) {
                System.out.println(new StringBuffer("Verifying <").append(file).append(">...").toString());
            }
            if (bv) {
                System.err.println(new StringBuffer("Resource <").append(str).append("> located: ").append(file).toString());
            }
            verifyInputStream(file.toString(), new FileInputStream(file), findHash(str));
            return z ? file : new FileInputStream(file);
        } catch (Exception e) {
            done(new StringBuffer("Failed to verify resource <").append(str).append(">: ").append(e).toString());
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public InputStream findVerifiedResourceAsInputStream(String str) {
        return (InputStream) findVerifiedResource(str, false, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public File findVerifiedResourceAsFile(String str) {
        return (File) findVerifiedResource(str, true, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public File loadVerifiedLibrary(String str) {
        File findVerifiedResourceAsFile = findVerifiedResourceAsFile(str);
        try {
            Runtime.getRuntime().load(findVerifiedResourceAsFile.toString());
        } catch (Throwable th) {
            done(new StringBuffer("Cannot load library <").append(findVerifiedResourceAsFile).append(">: ").append(th).toString());
        }
        return findVerifiedResourceAsFile;
    }

    void verifyBaseZip() {
        if (api != null) {
            Hashtable hashtable = allZipNames;
            String stringBuffer = new StringBuffer("��").append(this.zipFile.getName()).toString();
            if (hashtable.containsKey(stringBuffer)) {
                return;
            }
            findVerifiedResourceAsFile(this.zipName);
            allZipNames.put(stringBuffer, Boolean.TRUE);
        }
    }

    private void verifyInputStream(String str, InputStream inputStream, byte[] bArr) {
        if (bArr == null) {
            return;
        }
        try {
            byte[] bArr2 = new byte[8192];
            DigestEngine makeDigestEngine = this.hashAlg.makeDigestEngine();
            while (true) {
                int read = inputStream.read(bArr2);
                if (read <= 0) {
                    break;
                } else {
                    makeDigestEngine.update(bArr2, 0, read);
                }
            }
            inputStream.close();
            byte[] digest = makeDigestEngine.digest();
            makeDigestEngine.destroyEngine();
            if (Util.arraycmp(bArr, 0, bArr.length, digest, 0, digest.length) != 0) {
                done(new StringBuffer("Verification of resource <").append(str).append("> failed.").toString());
            }
            if (bv) {
                System.err.println(new StringBuffer("Resource <").append(str).append("> verified.").toString());
            }
        } catch (Exception e) {
            done(new StringBuffer("Cannot compute hash over file <").append(str).append(">: ").append(e).toString());
        }
    }

    static {
        try {
            bv = System.getProperty("VERBOSE.SECURIT") != null;
            StringTokenizer stringTokenizer = new StringTokenizer(System.getProperty("java.class.path"), File.pathSeparator);
            classPath = new Object[stringTokenizer.countTokens()];
            int i = 0;
            while (stringTokenizer.hasMoreTokens()) {
                File file = new File(FileName.localize(stringTokenizer.nextToken()));
                classPath[i] = file;
                if (file.exists() && !file.isDirectory()) {
                    try {
                        classPath[i] = new ZipFile(file);
                    } catch (Exception unused) {
                    }
                }
                i++;
            }
        } catch (Throwable th) {
            if (bv) {
                th.printStackTrace();
            }
        }
        pkgs = new String[5];
        secs = new Securit[5];
    }
}
