package es.gob.afirma.crypto.jarverifier;

import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.core.ui.AOUIFactory;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.CodeSource;
import java.security.KeyStore;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.logging.Logger;
import org.spongycastle.cms.C0289l;
import org.spongycastle.cms.CMSException;
import org.spongycastle.util.k;

/* loaded from: input_file:es/gob/afirma/crypto/jarverifier/JarSignatureCertExtractor.class */
public final class JarSignatureCertExtractor {
    private static final Logger a = Logger.getLogger("es.gob.afirma");
    private static final String[] b = {"", "changeit", "changeme"};
    private static String c = null;

    private JarSignatureCertExtractor() {
    }

    static X509Certificate[] a(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        try {
            k b2 = new C0289l(bArr).b();
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ArrayList arrayList = new ArrayList();
            Iterator it = b2.a(null).iterator();
            while (it.hasNext()) {
                arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(((org.spongycastle.cert.a) it.next()).c())));
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
        } catch (CMSException e) {
            a.severe("La firma proporcionada no es un SignedData compatible CMS, se devolvera una lista de certificados vacia: " + e);
            return new X509Certificate[0];
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:12:0x0043, code lost:
    
        r8 = new java.io.ByteArrayOutputStream();
     */
    /* JADX WARN: Code restructure failed: missing block: B:13:0x004b, code lost:
    
        r0 = r0.read(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x0054, code lost:
    
        if (r0 <= 0) goto L28;
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x0057, code lost:
    
        r8.write(r0, 0, r0);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    static byte[] a(java.io.InputStream r5) {
        /*
            r0 = 0
            r6 = r0
            r0 = 0
            r8 = r0
            r0 = 1024(0x400, float:1.435E-42)
            byte[] r0 = new byte[r0]
            r9 = r0
            java.util.zip.ZipInputStream r0 = new java.util.zip.ZipInputStream
            r1 = r0
            r2 = r5
            r1.<init>(r2)
            r10 = r0
        L15:
            r0 = r10
            java.util.zip.ZipEntry r0 = r0.getNextEntry()
            r1 = r0
            r7 = r1
            if (r0 == 0) goto L65
            r0 = r7
            java.lang.String r0 = r0.getName()
            r11 = r0
            r0 = r11
            java.lang.String r1 = "META-INF/"
            boolean r0 = r0.startsWith(r1)
            if (r0 == 0) goto L62
            r0 = r11
            java.lang.String r1 = ".RSA"
            boolean r0 = r0.endsWith(r1)
            if (r0 != 0) goto L43
            r0 = r11
            java.lang.String r1 = ".DSA"
            boolean r0 = r0.endsWith(r1)
            if (r0 == 0) goto L62
        L43:
            java.io.ByteArrayOutputStream r0 = new java.io.ByteArrayOutputStream
            r1 = r0
            r1.<init>()
            r8 = r0
        L4b:
            r0 = r10
            r1 = r9
            int r0 = r0.read(r1)
            r1 = r0
            r6 = r1
            if (r0 <= 0) goto L65
            r0 = r8
            r1 = r9
            r2 = 0
            r3 = r6
            r0.write(r1, r2, r3)
            goto L4b
        L62:
            goto L15
        L65:
            r0 = r8
            if (r0 != 0) goto L6d
            r0 = 0
            goto L71
        L6d:
            r0 = r8
            byte[] r0 = r0.toByteArray()
        L71:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: es.gob.afirma.crypto.jarverifier.JarSignatureCertExtractor.a(java.io.InputStream):byte[]");
    }

    private static InputStream a() {
        CodeSource codeSource = JarSignatureCertExtractor.class.getProtectionDomain().getCodeSource();
        if (codeSource == null) {
            throw new IOException("No se ha podido acceder a los recursos del JAR");
        }
        return codeSource.getLocation().openStream();
    }

    private static File b() {
        String property = System.getProperty("deployment.user.security.trusted.cacerts");
        if (property != null && property.contains("$USER_HOME")) {
            property = property.replace("$USER_HOME", System.getProperty("user.home"));
        }
        File file = property != null ? new File(property) : null;
        if (file == null || !file.getParentFile().exists()) {
            return null;
        }
        return file;
    }

    private static File c() {
        String property = System.getProperty("deployment.system.security.cacerts");
        if (property == null) {
            return null;
        }
        File file = new File(property);
        if (file.exists()) {
            return file;
        }
        return null;
    }

    private static KeyStore a(File file) {
        FileInputStream fileInputStream = new FileInputStream(file);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        for (String str : b) {
            try {
                keyStore.load(fileInputStream, str.toCharArray());
                c = str;
                break;
            } catch (IOException e) {
                if (!(e.getCause() instanceof UnrecoverableKeyException)) {
                    fileInputStream.close();
                    throw e;
                }
            }
        }
        fileInputStream.close();
        return keyStore;
    }

    private static void a(X509Certificate[] x509CertificateArr, KeyStore keyStore) {
        if (keyStore.size() == 0) {
            throw new CertPathValidatorException("No hay certificados en el almacen de confianza");
        }
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            if (x509Certificate.getSerialNumber().equals(((X509Certificate) keyStore.getCertificate(aliases.nextElement())).getSerialNumber())) {
                a.info("El extremo de la cadena de certificados esta en el truststore de Java");
                return;
            }
        }
        PKIXParameters pKIXParameters = new PKIXParameters(keyStore);
        pKIXParameters.setRevocationEnabled(false);
        CertPathValidator.getInstance(CertPathValidator.getDefaultType()).validate(CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(x509CertificateArr)), pKIXParameters);
    }

    public static void insertJarSignerOnCACerts(Object obj) {
        KeyStore a2;
        InputStream a3 = a();
        byte[] a4 = a(a3);
        try {
            a3.close();
        } catch (Exception e) {
        }
        X509Certificate[] a5 = a(a4);
        if (a5 == null || a5.length < 1) {
            a.warning("La aplicacion no esta firmada");
            return;
        }
        File c2 = c();
        if (c2 != null) {
            try {
                a(a5, a(c2));
                a.warning("Los certificados de firma del JAR son de confianza en Java");
                return;
            } catch (Exception e2) {
                a.warning("Error en la validacion de los certificados contra el almacen de Java: " + e2);
            }
        }
        File b2 = b();
        if (b2 == null) {
            a.warning("No se puede localizar el almacen de confianza del usuario, se suspende la validacion");
            return;
        }
        if (b2.exists()) {
            try {
                a2 = a(b2);
            } catch (Exception e3) {
                a.warning("No se ha podido cargar el almacen de certificados de CA de confianza del usuario, no se agregara el certificado: " + e3);
                return;
            }
        } else {
            c = "";
            a2 = KeyStore.getInstance(KeyStore.getDefaultType());
            a2.load(null, c.toCharArray());
            a.info("Creamos el truststore ya que no existia previamente");
        }
        try {
            a(a5, a2);
            a.info("Los certificados de firma del JAR ya son de confianza para el usuario");
        } catch (CertPathValidatorException e4) {
            a.warning("Debemos agregar el certificado al truststore del usuario para que sea de confianza: " + e4);
            StringBuilder sb = new StringBuilder("<br>");
            for (X509Certificate x509Certificate : a5) {
                sb.append("&nbsp;- ");
                sb.append(AOUtil.getCN(x509Certificate));
                sb.append("<br>");
            }
            if (AOUIFactory.showConfirmDialog(obj, "<html><p>" + a.a("JarSignatureCertExtractor.0") + "</p><p>" + a.a("JarSignatureCertExtractor.1") + "</p><p>&nbsp;<br>" + a.a("JarSignatureCertExtractor.2") + sb.toString() + "&nbsp;</p></html>", a.a("JarSignatureCertExtractor.3"), AOUIFactory.YES_NO_OPTION, AOUIFactory.WARNING_MESSAGE) == AOUIFactory.NO_OPTION) {
                return;
            }
            for (X509Certificate x509Certificate2 : a5) {
                a2.setCertificateEntry(AOUtil.getCN(x509Certificate2) + x509Certificate2.getSerialNumber(), x509Certificate2);
            }
            FileOutputStream fileOutputStream = new FileOutputStream(b2);
            a2.store(fileOutputStream, c.toCharArray());
            fileOutputStream.close();
            a.info("Se han insertado correctamente certificados en el cacerts del usuario");
        }
    }
}
