package global.namespace.truelicense.core.auth;

import global.namespace.fun.io.api.Decoder;
import global.namespace.fun.io.api.Source;
import global.namespace.truelicense.api.auth.Authentication;
import global.namespace.truelicense.api.auth.AuthenticationParameters;
import global.namespace.truelicense.api.auth.RepositoryController;
import global.namespace.truelicense.api.i18n.Message;
import global.namespace.truelicense.api.passwd.Password;
import global.namespace.truelicense.api.passwd.PasswordProtection;
import global.namespace.truelicense.api.passwd.PasswordUsage;
import global.namespace.truelicense.obfuscate.Obfuscate;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Objects;
import java.util.Optional;

/* loaded from: input_file:global/namespace/truelicense/core/auth/Notary.class */
public final class Notary implements Authentication {

    @Obfuscate
    private static final String DEFAULT_ALGORITHM = "SHA1withDSA";

    @Obfuscate
    static final String NO_PRIVATE_KEY = "noPrivateKey";

    @Obfuscate
    static final String NO_CERTIFICATE = "noCertificate";

    @Obfuscate
    static final String NO_SUCH_ENTRY = "noSuchEntry";
    private final AuthenticationParameters parameters;

    /* loaded from: input_file:global/namespace/truelicense/core/auth/Notary$Cache.class */
    private final class Cache {
        KeyStore keyStore;
        static final /* synthetic */ boolean $assertionsDisabled;

        private Cache() {
        }

        Decoder sign(RepositoryController repositoryController, Object obj) throws Exception {
            Signature engine = engine();
            engine.initSign(privateKey());
            return repositoryController.sign(engine, obj);
        }

        Decoder verify(RepositoryController repositoryController) throws Exception {
            Signature engine = engine();
            engine.initVerify(publicKey());
            return repositoryController.verify(engine);
        }

        Signature engine() throws Exception {
            return Signature.getInstance(algorithm());
        }

        String algorithm() throws Exception {
            Optional<String> configuredAlgorithm = configuredAlgorithm();
            return configuredAlgorithm.isPresent() ? configuredAlgorithm.get() : defaultAlgorithm();
        }

        String defaultAlgorithm() throws Exception {
            Certificate certificate = certificate();
            return certificate instanceof X509Certificate ? ((X509Certificate) certificate).getSigAlgName() : Notary.DEFAULT_ALGORITHM;
        }

        PrivateKey privateKey() throws Exception {
            KeyStore.Entry keyStoreEntry = keyStoreEntry(PasswordUsage.ENCRYPTION);
            if (keyStoreEntry instanceof KeyStore.PrivateKeyEntry) {
                return ((KeyStore.PrivateKeyEntry) keyStoreEntry).getPrivateKey();
            }
            throw new NotaryException(message(Notary.NO_PRIVATE_KEY));
        }

        PublicKey publicKey() throws Exception {
            return certificate().getPublicKey();
        }

        Certificate certificate() throws Exception {
            KeyStore.Entry keyStoreEntry = keyStoreEntry(PasswordUsage.DECRYPTION);
            if (keyStoreEntry instanceof KeyStore.PrivateKeyEntry) {
                return ((KeyStore.PrivateKeyEntry) keyStoreEntry).getCertificate();
            }
            if (keyStoreEntry instanceof KeyStore.TrustedCertificateEntry) {
                return ((KeyStore.TrustedCertificateEntry) keyStoreEntry).getTrustedCertificate();
            }
            throw new NotaryException(message(Notary.NO_CERTIFICATE));
        }

        KeyStore.Entry keyStoreEntry(PasswordUsage passwordUsage) throws Exception {
            if (!isKeyEntry()) {
                if (isCertificateEntry()) {
                    return keyStoreEntry(Optional.empty());
                }
                if ($assertionsDisabled || !keyStore().containsAlias(alias())) {
                    throw new NotaryException(message(Notary.NO_SUCH_ENTRY));
                }
                throw new AssertionError();
            }
            Password password = keyProtection().password(passwordUsage);
            try {
                KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(password.characters());
                try {
                    KeyStore.Entry keyStoreEntry = keyStoreEntry(Optional.of(passwordProtection));
                    passwordProtection.destroy();
                    if (password != null) {
                        password.close();
                    }
                    return keyStoreEntry;
                } catch (Throwable th) {
                    passwordProtection.destroy();
                    throw th;
                }
            } catch (Throwable th2) {
                if (password != null) {
                    try {
                        password.close();
                    } catch (Throwable th3) {
                        th2.addSuppressed(th3);
                    }
                }
                throw th2;
            }
        }

        boolean isKeyEntry() throws Exception {
            return keyStore().isKeyEntry(alias());
        }

        boolean isCertificateEntry() throws Exception {
            return keyStore().isCertificateEntry(alias());
        }

        KeyStore.Entry keyStoreEntry(Optional<KeyStore.PasswordProtection> optional) throws Exception {
            return keyStore().getEntry(alias(), optional.orElse(null));
        }

        KeyStore keyStore() throws Exception {
            KeyStore keyStore = this.keyStore;
            if (null != keyStore) {
                return keyStore;
            }
            KeyStore newKeyStore = newKeyStore();
            this.keyStore = newKeyStore;
            return newKeyStore;
        }

        KeyStore newKeyStore() throws Exception {
            Password password = storeProtection().password(PasswordUsage.DECRYPTION);
            try {
                KeyStore keyStore = KeyStore.getInstance(storeType());
                char[] characters = password.characters();
                Optional<Source> source = source();
                if (source.isPresent()) {
                    source.get().acceptReader(inputStream -> {
                        keyStore.load(inputStream, characters);
                    });
                } else {
                    keyStore.load(null, characters);
                }
                if (password != null) {
                    password.close();
                }
                return keyStore;
            } catch (Throwable th) {
                if (password != null) {
                    try {
                        password.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }

        Message message(String str) {
            return Messages.message(str, alias());
        }

        String alias() {
            return Notary.this.parameters().alias();
        }

        PasswordProtection keyProtection() {
            return Notary.this.parameters().keyProtection();
        }

        Optional<String> configuredAlgorithm() {
            return Notary.this.parameters().algorithm();
        }

        Optional<Source> source() {
            return Notary.this.parameters().source();
        }

        PasswordProtection storeProtection() {
            return Notary.this.parameters().storeProtection();
        }

        String storeType() {
            return Notary.this.parameters().storeType();
        }

        static {
            $assertionsDisabled = !Notary.class.desiredAssertionStatus();
        }
    }

    public Notary(AuthenticationParameters authenticationParameters) {
        this.parameters = (AuthenticationParameters) Objects.requireNonNull(authenticationParameters);
    }

    public Decoder sign(RepositoryController repositoryController, Object obj) throws Exception {
        return new Cache().sign(repositoryController, obj);
    }

    public Decoder verify(RepositoryController repositoryController) throws Exception {
        return new Cache().verify(repositoryController);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AuthenticationParameters parameters() {
        return this.parameters;
    }
}
