package org.jetbrains.zip.signer.verifier;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.nio.channels.FileChannel;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.security.DigestException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import kotlin.ExperimentalUnsignedTypes;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.Intrinsics;
import kotlin.ranges.RangesKt;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.zip.signer.datasource.DataSource;
import org.jetbrains.zip.signer.datasource.FileChannelDataSource;
import org.jetbrains.zip.signer.digest.DigestUtils;
import org.jetbrains.zip.signer.exceptions.ZipVerificationException;
import org.jetbrains.zip.signer.metadata.ContentDigestAlgorithm;
import org.jetbrains.zip.signer.metadata.Digest;
import org.jetbrains.zip.signer.metadata.SignatureAlgorithm;
import org.jetbrains.zip.signer.metadata.SignatureData;
import org.jetbrains.zip.signer.metadata.SignerBlock;
import org.jetbrains.zip.signer.metadata.ZipMetadata;
import org.jetbrains.zip.signer.signer.CertificateUtils;
import org.jetbrains.zip.signer.zip.ZipSections;
import org.jetbrains.zip.signer.zip.ZipSectionsInformation;
import org.jetbrains.zip.signer.zip.ZipUtils;

/* compiled from: ZipVerifier.kt */
@Metadata(mv = {1, 5, 1}, k = 1, xi = 48, d1 = {"��d\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010$\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\bÇ\u0002\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u001d\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\bH��¢\u0006\u0002\b\tJ\u0010\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rH\u0007J\u0010\u0010\n\u001a\u00020\u000b2\u0006\u0010\u000e\u001a\u00020\u000fH\u0007J\u0010\u0010\n\u001a\u00020\u000b2\u0006\u0010\u0010\u001a\u00020\u0011H\u0002J\u0018\u0010\n\u001a\u00020\u000b2\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\bH\u0002J\u001c\u0010\u0012\u001a\u00020\u00042\u0012\u0010\u0013\u001a\u000e\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00150\u00140\u0014H\u0002J2\u0010\u0016\u001a\b\u0012\u0004\u0012\u00020\u00170\u00142\u0012\u0010\u0018\u001a\u000e\u0012\u0004\u0012\u00020\u001a\u0012\u0004\u0012\u00020\u001b0\u00192\u0006\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\u001fH\u0002J\u001c\u0010\u0016\u001a\u000e\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00170\u00140\u00142\u0006\u0010\u0007\u001a\u00020\bH\u0002¨\u0006 "}, d2 = {"Lorg/jetbrains/zip/signer/verifier/ZipVerifier;", "", "()V", "checkDigests", "", "zipSections", "Lorg/jetbrains/zip/signer/zip/ZipSections;", "zipMetadata", "Lorg/jetbrains/zip/signer/metadata/ZipMetadata;", "checkDigests$lib", "verify", "Lorg/jetbrains/zip/signer/verifier/ZipVerificationResult;", "file", "Ljava/io/File;", "path", "Ljava/nio/file/Path;", "dataSource", "Lorg/jetbrains/zip/signer/datasource/DataSource;", "verifyCertificateChains", "certificateChains", "", "Ljava/security/cert/Certificate;", "verifySignatures", "Ljava/security/cert/X509Certificate;", "digests", "", "Lorg/jetbrains/zip/signer/metadata/ContentDigestAlgorithm;", "Lorg/jetbrains/zip/signer/metadata/Digest;", "signer", "Lorg/jetbrains/zip/signer/metadata/SignerBlock;", "certFactory", "Ljava/security/cert/CertificateFactory;", "lib"})
@ExperimentalUnsignedTypes
/* loaded from: input_file:org/jetbrains/zip/signer/verifier/ZipVerifier.class */
public final class ZipVerifier {

    @NotNull
    public static final ZipVerifier INSTANCE = new ZipVerifier();

    private ZipVerifier() {
    }

    @JvmStatic
    @NotNull
    public static final ZipVerificationResult verify(@NotNull File file) throws IOException {
        Intrinsics.checkNotNullParameter(file, "file");
        ZipVerifier zipVerifier = INSTANCE;
        Path path = file.toPath();
        Intrinsics.checkNotNullExpressionValue(path, "file.toPath()");
        return verify(path);
    }

    @JvmStatic
    @NotNull
    public static final ZipVerificationResult verify(@NotNull Path path) throws IOException {
        Intrinsics.checkNotNullParameter(path, "path");
        FileChannel open = FileChannel.open(path, StandardOpenOption.READ);
        Throwable th = (Throwable) null;
        try {
            try {
                FileChannel fileChannel = open;
                ZipVerifier zipVerifier = INSTANCE;
                Intrinsics.checkNotNullExpressionValue(fileChannel, "it");
                ZipVerificationResult verify = zipVerifier.verify(new FileChannelDataSource(fileChannel, 0L, null, 6, null));
                CloseableKt.closeFinally(open, th);
                return verify;
            } finally {
            }
        } catch (Throwable th2) {
            CloseableKt.closeFinally(open, th);
            throw th2;
        }
    }

    private final ZipVerificationResult verify(DataSource dataSource) {
        ZipSectionsInformation findZipSectionsInformation = ZipUtils.INSTANCE.findZipSectionsInformation(dataSource);
        ZipMetadata findInZip = ZipMetadata.Companion.findInZip(dataSource, findZipSectionsInformation);
        return findInZip == null ? MissingSignatureResult.INSTANCE : verify(ZipUtils.INSTANCE.findZipSections$lib(dataSource, findZipSectionsInformation, findInZip), findInZip);
    }

    private final ZipVerificationResult verify(ZipSections zipSections, ZipMetadata zipMetadata) {
        ZipVerificationResult invalidSignatureResult;
        try {
            checkDigests$lib(zipSections, zipMetadata);
            List<List<X509Certificate>> verifySignatures = verifySignatures(zipMetadata);
            verifyCertificateChains(verifySignatures);
            invalidSignatureResult = new SuccessfulVerificationResult(verifySignatures);
        } catch (ZipVerificationException e) {
            invalidSignatureResult = new InvalidSignatureResult(e.getMessage());
        }
        return invalidSignatureResult;
    }

    private final void verifyCertificateChains(List<? extends List<? extends Certificate>> list) {
        boolean z;
        List<? extends List<? extends Certificate>> list2 = list;
        if (!(list2 instanceof Collection) || !list2.isEmpty()) {
            Iterator<T> it = list2.iterator();
            while (true) {
                if (!it.hasNext()) {
                    z = false;
                    break;
                } else {
                    if (!CertificateUtils.INSTANCE.isValidCertificateChain((List) it.next())) {
                        z = true;
                        break;
                    }
                }
            }
        } else {
            z = false;
        }
        if (z) {
            throw new ZipVerificationException("One of signature blocks contains invalid certificate chain");
        }
    }

    private final List<List<X509Certificate>> verifySignatures(ZipMetadata zipMetadata) {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        List<Digest> digests = zipMetadata.getDigests();
        LinkedHashMap linkedHashMap = new LinkedHashMap(RangesKt.coerceAtLeast(MapsKt.mapCapacity(CollectionsKt.collectionSizeOrDefault(digests, 10)), 16));
        for (Object obj : digests) {
            linkedHashMap.put(((Digest) obj).getAlgorithm(), obj);
        }
        List<SignerBlock> signers = zipMetadata.getSigners();
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(signers, 10));
        for (SignerBlock signerBlock : signers) {
            ZipVerifier zipVerifier = INSTANCE;
            Intrinsics.checkNotNullExpressionValue(certificateFactory, "certFactory");
            arrayList.add(zipVerifier.verifySignatures(linkedHashMap, signerBlock, certificateFactory));
        }
        return arrayList;
    }

    private final List<X509Certificate> verifySignatures(Map<ContentDigestAlgorithm, Digest> map, SignerBlock signerBlock, CertificateFactory certificateFactory) {
        if (signerBlock.getSignatures().isEmpty()) {
            throw new ZipVerificationException("Signer block contains no signatures");
        }
        List<byte[]> encodedCertificates = signerBlock.getEncodedCertificates();
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(encodedCertificates, 10));
        Iterator<T> it = encodedCertificates.iterator();
        while (it.hasNext()) {
            Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream((byte[]) it.next()));
            if (generateCertificate == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            arrayList.add((X509Certificate) generateCertificate);
        }
        ArrayList arrayList2 = arrayList;
        if (arrayList2.isEmpty()) {
            throw new ZipVerificationException("Signer has no certificates");
        }
        for (SignatureData signatureData : signerBlock.getSignatures()) {
            SignatureAlgorithm algorithm = signatureData.getAlgorithm();
            Digest digest = map.get(signatureData.getAlgorithm().getContentDigestAlgorithm());
            if (digest == null) {
                throw new ZipVerificationException(Intrinsics.stringPlus("Missing digest ", signatureData.getAlgorithm().getContentDigestAlgorithm()));
            }
            new DefaultSignatureVerifier(arrayList2, algorithm).verify(digest.getDigestBytes(), signatureData.getSignatureBytes());
        }
        return arrayList2;
    }

    public final void checkDigests$lib(@NotNull ZipSections zipSections, @NotNull ZipMetadata zipMetadata) {
        Object obj;
        Intrinsics.checkNotNullParameter(zipSections, "zipSections");
        Intrinsics.checkNotNullParameter(zipMetadata, "zipMetadata");
        try {
            DigestUtils digestUtils = DigestUtils.INSTANCE;
            List<Digest> digests = zipMetadata.getDigests();
            ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(digests, 10));
            Iterator<T> it = digests.iterator();
            while (it.hasNext()) {
                arrayList.add(((Digest) it.next()).getAlgorithm());
            }
            for (Digest digest : DigestUtils.computeDigest$default(digestUtils, arrayList, zipSections, 0, 4, (Object) null)) {
                Iterator<T> it2 = zipMetadata.getDigests().iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        obj = null;
                        break;
                    }
                    Object next = it2.next();
                    if (((Digest) next).getAlgorithm() == digest.getAlgorithm()) {
                        obj = next;
                        break;
                    }
                }
                Digest digest2 = (Digest) obj;
                if (digest2 == null) {
                    throw new RuntimeException("Missing " + digest.getAlgorithm() + " digest in metadata");
                }
                if (!Arrays.equals(digest2.getDigestBytes(), digest.getDigestBytes())) {
                    throw new ZipVerificationException("ZIP integrity check failed. " + digest.getAlgorithm() + "s digest mismatch.");
                }
            }
        } catch (DigestException e) {
            throw new ZipVerificationException("Failed to compute content digests");
        }
    }
}
