package org.glassfish.appclient.server.core.jws.servedcontent;

import com.sun.enterprise.security.ssl.SecuritySupportImpl;
import com.sun.enterprise.server.pluggable.SecuritySupport;
import com.sun.enterprise.util.i18n.StringManager;
import com.sun.logging.LogDomains;
import java.io.File;
import java.security.AccessControlException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Permission;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.jvnet.hk2.annotations.Scoped;
import org.jvnet.hk2.annotations.Service;
import org.jvnet.hk2.component.PostConstruct;
import org.jvnet.hk2.component.Singleton;
import sun.security.tools.JarSigner;

@Service
@Scoped(Singleton.class)
/* loaded from: input_file:org/glassfish/appclient/server/core/jws/servedcontent/ASJarSigner.class */
public class ASJarSigner implements PostConstruct {
    public static final String USER_SPECIFIED_ALIAS_PROPERTYNAME = "com.sun.aas.jws.signing.alias";
    private static final String JKS_KEYSTORE_TYPE_VALUE = "jks";
    private static final String DEFAULT_ALIAS_VALUE = "s1as";
    private static final StringManager localStrings = StringManager.getManager(ASJarSigner.class);
    private static SecuritySupport securitySupport;
    private Logger logger;

    /* loaded from: input_file:org/glassfish/appclient/server/core/jws/servedcontent/ASJarSigner$ASJarSignerException.class */
    public static class ASJarSignerException extends Exception {
        public ASJarSignerException(String str, Throwable th) {
            super(str, th);
        }
    }

    /* loaded from: input_file:org/glassfish/appclient/server/core/jws/servedcontent/ASJarSigner$NoExitSecurityManager.class */
    private class NoExitSecurityManager extends SecurityManager {
        private SecurityManager originalManager;

        public NoExitSecurityManager(SecurityManager securityManager) {
            this.originalManager = securityManager;
        }

        @Override // java.lang.SecurityManager
        public void checkExit(int i) {
            throw new AccessControlException("System.exit");
        }

        @Override // java.lang.SecurityManager
        public void checkPermission(Permission permission) {
            if (this.originalManager != null) {
                this.originalManager.checkPermission(permission);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/glassfish/appclient/server/core/jws/servedcontent/ASJarSigner$SigningInfo.class */
    public static abstract class SigningInfo {
        private static final String SIGNEDJAR_OPTION = "-signedjar";
        private static final String KEYSTORE_OPTION = "-keystore";
        private static final String STOREPASS_OPTION = "-storepass";
        private static final String STORETYPE_OPTION = "-storetype";
        private KeyStore keystore;
        private String alias;
        private String password;
        private PrivateKey key = validateKey();
        private String token;
        private Logger logger;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/glassfish/appclient/server/core/jws/servedcontent/ASJarSigner$SigningInfo$JKSSigningInfo.class */
        public static class JKSSigningInfo extends SigningInfo {
            private static final String KEYSTORE_PATH_PROPERTYNAME = "javax.net.ssl.keyStore";

            private static String getJKSKeystoreAbsolutePath() {
                return System.getProperty("javax.net.ssl.keyStore");
            }

            public JKSSigningInfo(String str, String str2, KeyStore keyStore, String str3, Logger logger) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
                super(str, str2, keyStore, str3, logger);
            }

            @Override // org.glassfish.appclient.server.core.jws.servedcontent.ASJarSigner.SigningInfo
            protected void addKeyStoreTypeSpecificArgs(Collection<String> collection) {
                collection.add(SigningInfo.KEYSTORE_OPTION);
                collection.add(getJKSKeystoreAbsolutePath());
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/glassfish/appclient/server/core/jws/servedcontent/ASJarSigner$SigningInfo$PKCS11SigningInfo.class */
        public static class PKCS11SigningInfo extends SigningInfo {
            private static final String PKCS11_PROVIDERNAME_OPTION = "-providerName";
            private static final String PKCS11_KEYSTORE_OPTION_VALUE = "NONE";

            public PKCS11SigningInfo(String str, String str2, KeyStore keyStore, String str3, Logger logger) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
                super(str, str2, keyStore, str3, logger);
            }

            @Override // org.glassfish.appclient.server.core.jws.servedcontent.ASJarSigner.SigningInfo
            protected void addKeyStoreTypeSpecificArgs(Collection<String> collection) {
                collection.add(SigningInfo.KEYSTORE_OPTION);
                collection.add("NONE");
                collection.add(PKCS11_PROVIDERNAME_OPTION);
                collection.add(getKeyStore().getProvider().getName());
            }
        }

        static SigningInfo newInstance(String str, String str2, KeyStore keyStore, String str3, Logger logger) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
            return keyStore.getType().equalsIgnoreCase(ASJarSigner.JKS_KEYSTORE_TYPE_VALUE) ? new JKSSigningInfo(str, str2, keyStore, str3, logger) : new PKCS11SigningInfo(str, str2, keyStore, str3, logger);
        }

        public SigningInfo(String str, String str2, KeyStore keyStore, String str3, Logger logger) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
            this.keystore = keyStore;
            this.alias = str;
            this.password = str2;
            this.token = str3;
            this.logger = logger;
        }

        public String getAlias() {
            return this.alias;
        }

        private PrivateKey validateKey() throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
            Key key = this.keystore.getKey(this.alias, this.password.toCharArray());
            if (key instanceof PrivateKey) {
                return (PrivateKey) key;
            }
            throw new IllegalArgumentException(MessageFormat.format(this.logger.getResourceBundle().getString("jws.sign.keyNotPrivate"), this.alias));
        }

        public String getProviderName() {
            return this.keystore.getProvider().getName();
        }

        public String getToken() {
            return this.token;
        }

        public String getPassword() {
            return this.password;
        }

        public String getStoreType() {
            return this.keystore.getType();
        }

        public X509Certificate[] getCertificateChain() throws KeyStoreException {
            Certificate[] certificateChain = this.keystore.getCertificateChain(this.alias);
            X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
            int i = 0;
            for (Certificate certificate : certificateChain) {
                if (!(certificate instanceof X509Certificate)) {
                    throw new IllegalArgumentException(ASJarSigner.localStrings.getString("jws.sign.notX509Cert", this.alias));
                }
                int i2 = i;
                i++;
                x509CertificateArr[i2] = (X509Certificate) certificate;
            }
            return x509CertificateArr;
        }

        public String toString() {
            return getClass().getName() + ": alias=" + this.alias + "; keystore type=" + this.keystore.getType() + "; provider=" + this.keystore.getProvider().getName();
        }

        public KeyStore getKeyStore() {
            return this.keystore;
        }

        public String[] getSigningArgs(File file, File file2) {
            ArrayList arrayList = new ArrayList();
            addKeyStoreTypeSpecificArgs(arrayList);
            arrayList.add(STORETYPE_OPTION);
            arrayList.add(getKeyStore().getType());
            arrayList.add(STOREPASS_OPTION);
            int size = arrayList.size();
            arrayList.add(getPassword());
            arrayList.add(SIGNEDJAR_OPTION);
            arrayList.add(file2.getAbsolutePath());
            arrayList.add(file.getAbsolutePath());
            arrayList.add(getAlias());
            String[] strArr = (String[]) arrayList.toArray(new String[arrayList.size()]);
            arrayList.set(size, "");
            return strArr;
        }

        protected abstract void addKeyStoreTypeSpecificArgs(Collection<String> collection);
    }

    @Override // org.jvnet.hk2.component.PostConstruct
    public void postConstruct() {
        this.logger = LogDomains.getLogger(ASJarSigner.class, LogDomains.CORE_LOGGER);
        securitySupport = new SecuritySupportImpl();
    }

    public long signJar(File file, File file2, String str) throws Exception {
        if (str == null) {
            str = "s1as";
        }
        SigningInfo createSigningInfo = createSigningInfo(str);
        long currentTimeMillis = System.currentTimeMillis();
        String[] signingArgs = createSigningInfo.getSigningArgs(file, file2);
        synchronized (this) {
            SecurityManager securityManager = System.getSecurityManager();
            try {
                try {
                    System.setSecurityManager(new NoExitSecurityManager(securityManager));
                    JarSigner.main(signingArgs);
                    System.setSecurityManager(securityManager);
                    for (int i = 0; i < signingArgs.length; i++) {
                        signingArgs[i] = null;
                    }
                    this.logger.fine("Signing " + file.getAbsolutePath() + " took " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
                } catch (Throwable th) {
                    System.setSecurityManager(securityManager);
                    for (int i2 = 0; i2 < signingArgs.length; i2++) {
                        signingArgs[i2] = null;
                    }
                    this.logger.fine("Signing " + file.getAbsolutePath() + " took " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
                    throw th;
                }
            } catch (Throwable th2) {
                file2.delete();
                throw new Exception(localStrings.getString("jws.sign.errorSigning", file2.getAbsolutePath(), createSigningInfo.getAlias()), th2);
            }
        }
        return System.currentTimeMillis() - currentTimeMillis;
    }

    private SigningInfo createSigningInfo(String str) throws Exception {
        String[] keyStorePasswords = securitySupport.getKeyStorePasswords();
        String[] tokenNames = securitySupport.getTokenNames();
        ArrayList<SigningInfo> arrayList = new ArrayList<>();
        ArrayList<SigningInfo> arrayList2 = new ArrayList<>();
        int i = 0;
        for (KeyStore keyStore : securitySupport.getKeyStores()) {
            if (str != null && keyStore.containsAlias(str)) {
                arrayList2.add(SigningInfo.newInstance(str, keyStorePasswords[i], keyStore, tokenNames[i], this.logger));
            }
            if (keyStore.containsAlias("s1as")) {
                arrayList.add(SigningInfo.newInstance("s1as", keyStorePasswords[i], keyStore, tokenNames[i], this.logger));
            }
            i++;
        }
        SigningInfo selectSigningInfo = selectSigningInfo(str, arrayList2, arrayList);
        this.logger.fine("Selected signing info " + selectSigningInfo.toString());
        return selectSigningInfo;
    }

    private SigningInfo selectSigningInfo(String str, ArrayList<SigningInfo> arrayList, ArrayList<SigningInfo> arrayList2) {
        ArrayList<SigningInfo> arrayList3;
        String str2;
        if (str == null) {
            arrayList3 = arrayList2;
            str2 = "s1as";
        } else if (arrayList.size() == 0) {
            this.logger.log(Level.WARNING, "jws.sign.userAliasAbsent", str);
            arrayList3 = arrayList2;
            str2 = "s1as";
        } else {
            arrayList3 = arrayList;
            str2 = str;
        }
        if (arrayList3.size() == 0) {
            throw new IllegalArgumentException(localStrings.getString("jws.sign.aliasNotFound", str2));
        }
        if (arrayList3.size() > 1) {
            StringBuilder sb = new StringBuilder();
            Iterator<SigningInfo> it = arrayList3.iterator();
            while (it.hasNext()) {
                SigningInfo next = it.next();
                if (sb.length() > 0) {
                    sb.append(", ");
                }
                sb.append(next);
            }
            this.logger.log(Level.WARNING, "jws.sign.aliasFoundMult", new Object[]{str2, sb.toString()});
        }
        return arrayList3.get(0);
    }
}
