package ai.h2o.mojos.runtime.lic;

import ai.h2o.mojos.runtime.api.backend.ReaderBackend;
import ai.h2o.mojos.runtime.lic.LicenseUtils;
import ai.h2o.mojos.runtime.utils.Base64Utils;
import ai.h2o.mojos.runtime.utils.DigestUtils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import java.util.Arrays;
import java.util.Properties;
import org.apache.commons.lang3.BooleanUtils;

/* loaded from: input_file:ai/h2o/mojos/runtime/lic/SignatureManager.class */
class SignatureManager {
    private static final String PUB_KEY_ALGO = "RSA";
    private static final byte[] PUB_KEY = Base64Utils.decode("MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwgzYa8dzlCIFgVaQkDRUX+BOGZtVk5513rMZq0/FL6YB6mhrL1431SJNP5WpGUDdPKnlUU/kloEDbIp1LyAB1xJgpodkleBm4pQudbQZ0h5MtQY0n49tCAoflkWkIYfwkTop4L7P5PTCzjZpnMHnX0A7rmS06e30MMm0d+wElceTrqKcp9c11kq2WnvU8pHxSLtu7rkozVJZBf5G7DFt9j2sNzs7OnK7TgT1IR4w6DDfjPAZOBoXa8Qrf6xoJd1UbTwb5y1hJtfxEHV4mSFFNVDUB02sxk5r/9KE2wf1S1jyjrxWM7S5GBTQJAUl7MAOYYBhL9uHXpawOLTPx0fR7cKIA1R9zv16fo01CbOpKXNAcFKfRub4ZqbWRPTTr+W4uezKiCppBgur/JXrm6wSF7GTnDrZZMFUhevRt7fU0YhAGLxFXmh4XPxvQjQ50imG44ADln6noN80lgZ3broR4F+tyacaW/vW2Fd0yvKGV9c+MHvpOayk6tP7YJj/SLUgR1bBDeAyCsfYoC0fm6+oO6VzTmQeItW2dYqJ/FTqN0eQY42rKvXVEe/8xLBejuQE6lQDxRj153s96y7rdHjW5TCGHhKEL/gUCZTeSgSDr0ysap5h2mWz8fkFbRmCnoByB2Vjro+x8oG/6BffU+SM+jE7bITFBe+7WJZ+VzUpUKECAwEAAQ==".getBytes());
    static final SignatureManager INSTANCE = new SignatureManager();
    static final String SIGNATURE_ALGO = "SHA256withRSA";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:ai/h2o/mojos/runtime/lic/SignatureManager$MojoWatermark.class */
    public static class MojoWatermark {
        final String pipelineFile;
        final byte[] pipelineHash;
        final String hashAlgo;
        final boolean isPerpetual;
        final String signerId;
        final String daiLicenseSerialNumber;
        final String daiLicenseeUserId;
        final String date;

        MojoWatermark(String str, byte[] bArr, String str2, boolean z, String str3, String str4, String str5, String str6) {
            this.pipelineFile = str;
            this.pipelineHash = bArr;
            this.hashAlgo = str2;
            this.isPerpetual = z;
            this.signerId = str3;
            this.daiLicenseSerialNumber = str4;
            this.daiLicenseeUserId = str5;
            this.date = str6;
        }

        byte[] serialize() throws IOException {
            return ((ByteArrayOutputStream) serialize(new ByteArrayOutputStream())).toByteArray();
        }

        <T extends OutputStream> T serialize(T t) throws IOException {
            Properties properties = new Properties();
            properties.put("pipelineFile", this.pipelineFile);
            properties.put("pipelineHash", DigestUtils.toHex(this.pipelineHash));
            properties.put("hashAlgo", this.hashAlgo);
            properties.put("isPerpetual", String.valueOf(this.isPerpetual));
            properties.put("signerId", this.signerId);
            properties.put("daiLicenseSerialNumber", this.daiLicenseSerialNumber);
            properties.put("daiLicenseeUserId", this.daiLicenseeUserId);
            properties.put("date", this.date);
            properties.store(t, "");
            return t;
        }

        static MojoWatermark deserialize(byte[] bArr) throws IOException {
            return deserialize(new ByteArrayInputStream(bArr));
        }

        static MojoWatermark deserialize(InputStream inputStream) throws IOException {
            Properties properties = new Properties();
            properties.load(inputStream);
            return new MojoWatermark(properties.getProperty("pipelineFile"), DigestUtils.fromHex(properties.getProperty("pipelineHash")), properties.getProperty("hashAlgo"), Boolean.valueOf(properties.getProperty("isPerpetual", BooleanUtils.FALSE)).booleanValue(), properties.getProperty("signerId"), properties.getProperty("daiLicenseSerialNumber"), properties.getProperty("daiLicenseeUserId"), properties.getProperty("date"));
        }
    }

    private SignatureManager() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void validate(ReaderBackend readerBackend) throws LicenseException {
        byte[] loadSignatureBytes = loadSignatureBytes(readerBackend);
        byte[] loadWatermarkBytes = loadWatermarkBytes(readerBackend);
        if (loadSignatureBytes == null) {
            throw new MojoSignatureNotFoundException(MojoSignatureConsts.MOJO_SIGNATURE_FILENAME);
        }
        if (loadWatermarkBytes == null) {
            throw new MojoWatermarkNotFoundException(MojoSignatureConsts.MOJO_WATERMARK_FILENAME);
        }
        if (!verifySignature(loadSignatureBytes, loadWatermarkBytes)) {
            throw new InvalidSignatureException();
        }
        if (!verifyWatermark(readerBackend, loadWatermarkBytes, true)) {
            throw new InvalidWatermarkException();
        }
    }

    private boolean verifySignature(byte[] bArr, byte[] bArr2) {
        try {
            return verifySignature(bArr, bArr2, LicenseUtils.createPubKey(PUB_KEY, PUB_KEY_ALGO));
        } catch (Exception e) {
            return false;
        }
    }

    boolean verifySignature(byte[] bArr, byte[] bArr2, PublicKey publicKey) throws GeneralSecurityException {
        Signature signature = Signature.getInstance(SIGNATURE_ALGO);
        signature.initVerify(publicKey);
        signature.update(bArr2);
        return signature.verify(bArr);
    }

    /* JADX WARN: Removed duplicated region for block: B:13:0x0039  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean verifyWatermark(ai.h2o.mojos.runtime.api.backend.ReaderBackend r5, byte[] r6, boolean r7) {
        /*
            r4 = this;
            r0 = r6
            ai.h2o.mojos.runtime.lic.SignatureManager$MojoWatermark r0 = ai.h2o.mojos.runtime.lic.SignatureManager.MojoWatermark.deserialize(r0)     // Catch: java.io.IOException -> L8b
            r8 = r0
            r0 = r5
            r1 = r8
            java.lang.String r1 = r1.pipelineFile     // Catch: java.io.IOException -> L8b
            java.io.InputStream r0 = r0.getInputStream(r1)     // Catch: java.io.IOException -> L8b
            r9 = r0
            r0 = 0
            r10 = r0
            r0 = r4
            r1 = r9
            r2 = r8
            boolean r0 = r0.verifyWatermark(r1, r2)     // Catch: java.lang.Throwable -> L5a java.lang.Throwable -> L63 java.io.IOException -> L8b
            if (r0 == 0) goto L31
            r0 = r8
            boolean r0 = r0.isPerpetual     // Catch: java.lang.Throwable -> L5a java.lang.Throwable -> L63 java.io.IOException -> L8b
            if (r0 != 0) goto L2d
            r0 = r7
            if (r0 != 0) goto L31
        L2d:
            r0 = 1
            goto L32
        L31:
            r0 = 0
        L32:
            r11 = r0
            r0 = r9
            if (r0 == 0) goto L57
            r0 = r10
            if (r0 == 0) goto L52
            r0 = r9
            r0.close()     // Catch: java.lang.Throwable -> L46 java.io.IOException -> L8b
            goto L57
        L46:
            r12 = move-exception
            r0 = r10
            r1 = r12
            r0.addSuppressed(r1)     // Catch: java.io.IOException -> L8b
            goto L57
        L52:
            r0 = r9
            r0.close()     // Catch: java.io.IOException -> L8b
        L57:
            r0 = r11
            return r0
        L5a:
            r11 = move-exception
            r0 = r11
            r10 = r0
            r0 = r11
            throw r0     // Catch: java.lang.Throwable -> L63 java.io.IOException -> L8b
        L63:
            r13 = move-exception
            r0 = r9
            if (r0 == 0) goto L88
            r0 = r10
            if (r0 == 0) goto L83
            r0 = r9
            r0.close()     // Catch: java.lang.Throwable -> L77 java.io.IOException -> L8b
            goto L88
        L77:
            r14 = move-exception
            r0 = r10
            r1 = r14
            r0.addSuppressed(r1)     // Catch: java.io.IOException -> L8b
            goto L88
        L83:
            r0 = r9
            r0.close()     // Catch: java.io.IOException -> L8b
        L88:
            r0 = r13
            throw r0     // Catch: java.io.IOException -> L8b
        L8b:
            r8 = move-exception
            r0 = 0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: ai.h2o.mojos.runtime.lic.SignatureManager.verifyWatermark(ai.h2o.mojos.runtime.api.backend.ReaderBackend, byte[], boolean):boolean");
    }

    boolean verifyWatermark(InputStream inputStream, MojoWatermark mojoWatermark) throws IOException {
        return Arrays.equals(mojoWatermark.pipelineHash, DigestUtils.hash(mojoWatermark.hashAlgo, inputStream));
    }

    private byte[] loadBytes(ReaderBackend readerBackend, String str, String str2) {
        return LicenseUtils.firstNotNull(new LicenseUtils.BackendLoader(readerBackend, str), new LicenseUtils.BackendLoader(readerBackend, System.getProperty(str2, str)));
    }

    byte[] loadWatermarkBytes(ReaderBackend readerBackend) {
        return loadBytes(readerBackend, MojoSignatureConsts.MOJO_WATERMARK_FILENAME, MojoSignatureConsts.SYS_PROP_WATERMARK_FILENAME);
    }

    byte[] loadSignatureBytes(ReaderBackend readerBackend) {
        return loadBytes(readerBackend, MojoSignatureConsts.MOJO_SIGNATURE_FILENAME, MojoSignatureConsts.SYS_PROP_SIGNATURE_FILENAME);
    }
}
