package net.fabricmc.loom.configuration.providers.minecraft.verify;

import java.io.IOException;
import java.nio.file.Path;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.stream.Stream;
import net.fabricmc.loom.util.Constants;
import net.fabricmc.loom.util.ZipReprocessorUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/fabricmc/loom/configuration/providers/minecraft/verify/JarVerifier.class */
public final class JarVerifier {
    private static final Logger LOGGER = LoggerFactory.getLogger(JarVerifier.class);

    private JarVerifier() {
    }

    public static void verify(Path path, CertificateChain certificateChain) throws IOException, SignatureVerificationFailure {
        Objects.requireNonNull(path, "jarPath");
        Objects.requireNonNull(certificateChain, "certificateChain");
        if (certificateChain.issuer() != null) {
            throw new IllegalStateException("Can only verify jars from a root certificate");
        }
        HashSet hashSet = new HashSet();
        JarFile jarFile = new JarFile(path.toFile(), true);
        try {
            Iterator it = Collections.list(jarFile.entries()).iterator();
            while (it.hasNext()) {
                JarEntry jarEntry = (JarEntry) it.next();
                if (!ZipReprocessorUtil.isSpecialFile(jarEntry.getName()) && !jarEntry.getName().equals(Constants.Manifest.PATH) && !jarEntry.isDirectory()) {
                    try {
                        jarFile.getInputStream(jarEntry).readAllBytes();
                        Certificate[] certificates = jarEntry.getCertificates();
                        if (certificates == null) {
                            throw new SignatureVerificationFailure("Jar entry " + jarEntry.getName() + " does not have a signature");
                        }
                        Stream map = Arrays.stream(certificates).map(certificate -> {
                            return (X509Certificate) certificate;
                        });
                        Objects.requireNonNull(hashSet);
                        map.forEach((v1) -> {
                            r1.add(v1);
                        });
                    } catch (SecurityException e) {
                        throw new SignatureVerificationFailure("Jar entry " + jarEntry.getName() + " failed signature verification", e);
                    }
                }
            }
            jarFile.close();
            CertificateChain.getRoot(hashSet).verifyChainMatches(certificateChain);
            LOGGER.debug("Jar {} is signed by the expected certificate", path);
        } catch (Throwable th) {
            try {
                jarFile.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
