package net.java.truelicense.core.auth;

import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.Immutable;
import net.java.truelicense.core.codec.Codec;
import net.java.truelicense.core.io.Source;
import net.java.truelicense.core.io.Store;
import net.java.truelicense.core.util.Message;
import net.java.truelicense.core.util.Objects;
import net.java.truelicense.obfuscate.ObfuscatedString;

@Immutable
/* loaded from: input_file:net/java/truelicense/core/auth/Notary.class */
public final class Notary implements Authentication {
    private final KeyStoreParameters ksp;
    static final /* synthetic */ boolean $assertionsDisabled = false;

    public Notary(KeyStoreParameters keyStoreParameters) {
        this.ksp = (KeyStoreParameters) Objects.requireNonNull(keyStoreParameters);
    }

    @Override // net.java.truelicense.core.auth.AuthenticationParametersProvider
    public KeyStoreParameters parameters() {
        return this.ksp;
    }

    private Source source() {
        return parameters().source();
    }

    private String storeType() {
        return parameters().storeType();
    }

    private char[] storePassword() {
        return parameters().storePassword();
    }

    private String alias() {
        return parameters().alias();
    }

    @CheckForNull
    private char[] keyPassword() {
        return parameters().keyPassword();
    }

    private boolean forSigning() {
        return parameters().forSigning();
    }

    @Nullable
    private InputStream input() throws IOException {
        Source source = source();
        if (null == source) {
            return null;
        }
        return source.input();
    }

    @Override // net.java.truelicense.core.auth.Authentication
    public Artifactory sign(Codec codec, Repository repository, @Nullable Object obj) throws Exception {
        return repository.sign(codec, engine(), privateKey(), obj);
    }

    @Override // net.java.truelicense.core.auth.Authentication
    public Artifactory verify(Codec codec, Repository repository) throws Exception {
        return repository.verify(codec, engine(), publicKey());
    }

    private Signature engine() throws Exception {
        return Signature.getInstance(algorithm());
    }

    private String algorithm() throws Exception {
        Certificate certificate = certificate();
        return certificate instanceof X509Certificate ? ((X509Certificate) certificate).getSigAlgName() : DEFAULT_ALGORITHM();
    }

    private PrivateKey privateKey() throws Exception {
        KeyStore.Entry entry = entry();
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            return ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
        }
        throw new NotaryException(message(NO_PRIVATE_KEY()));
    }

    private PublicKey publicKey() throws Exception {
        Certificate certificate = certificate();
        PublicKey publicKey = certificate.getPublicKey();
        if (!forSigning()) {
            InputStream resourceAsStream = Notary.class.getResourceAsStream(publicKey.getAlgorithm());
            if (!$assertionsDisabled && null == resourceAsStream) {
                throw new AssertionError();
            }
            try {
                try {
                    certificate.verify(CertificateFactory.getInstance(X_509()).generateCertificate(resourceAsStream).getPublicKey());
                    resourceAsStream.close();
                } catch (SignatureException e) {
                    Logger.getLogger("", Messages.class.getName()).log(new Level(NOTICE(), Level.WARNING.intValue(), Messages.class.getName()) { // from class: net.java.truelicense.core.auth.Notary.1
                    }, AGPL3());
                    resourceAsStream.close();
                }
            } catch (Throwable th) {
                resourceAsStream.close();
                throw th;
            }
        }
        return publicKey;
    }

    private Certificate certificate() throws Exception {
        KeyStore.Entry entry = entry();
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            return ((KeyStore.PrivateKeyEntry) entry).getCertificate();
        }
        if (entry instanceof KeyStore.TrustedCertificateEntry) {
            return ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate();
        }
        throw new NotaryException(message(NO_CERTIFICATE()));
    }

    private KeyStore.Entry entry() throws Exception {
        KeyStore keyStore = keyStore();
        String alias = alias();
        char[] keyPassword = keyPassword();
        if (null != keyPassword) {
            try {
                if (keyStore.isKeyEntry(alias)) {
                    KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(keyPassword);
                    try {
                        KeyStore.Entry entry = keyStore.getEntry(alias, passwordProtection);
                        passwordProtection.destroy();
                        Arrays.fill(keyPassword, (char) 0);
                        return entry;
                    } catch (Throwable th) {
                        passwordProtection.destroy();
                        throw th;
                    }
                }
                if (keyStore.isCertificateEntry(alias)) {
                    throw new NotaryException(message(SUPERFLUOUS_PASSWORD()));
                }
            } finally {
                Arrays.fill(keyPassword, (char) 0);
            }
        } else {
            if (keyStore.isCertificateEntry(alias)) {
                return keyStore.getEntry(alias, null);
            }
            if (keyStore.isKeyEntry(alias)) {
                throw new NotaryException(message(MISSING_PASSWORD()));
            }
        }
        if ($assertionsDisabled || !keyStore.containsAlias(alias)) {
            throw new NotaryException(message(NO_SUCH_ENTRY()));
        }
        throw new AssertionError();
    }

    private Message message(String str) {
        return Messages.message(str, alias());
    }

    private KeyStore keyStore() throws Exception {
        char[] storePassword = storePassword();
        if (null == storePassword) {
            throw new NotaryException(message(NO_STORE_PASSWORD()));
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(storeType());
            BufferedInputStream bufferedInputStream = new BufferedInputStream(input(), Store.BUFSIZE);
            try {
                keyStore.load(bufferedInputStream, storePassword);
                bufferedInputStream.close();
                return keyStore;
            } catch (Throwable th) {
                bufferedInputStream.close();
                throw th;
            }
        } finally {
            Arrays.fill(storePassword, (char) 0);
        }
    }

    /* renamed from: _clinit@1365846525781#0, reason: not valid java name */
    private static /* synthetic */ void m24_clinit13658465257810() {
        $assertionsDisabled = !Notary.class.desiredAssertionStatus();
    }

    static {
        m24_clinit13658465257810();
    }

    private static final /* synthetic */ String DEFAULT_ALGORITHM() {
        return new ObfuscatedString(new long[]{-6536446698875785483L, 8923761784672779749L, -2714792225760536296L}).toString();
    }

    static final /* synthetic */ String NO_STORE_PASSWORD() {
        return new ObfuscatedString(new long[]{-334023357339497954L, -170827910804442204L, 1725712956394715491L}).toString();
    }

    static final /* synthetic */ String NO_PRIVATE_KEY() {
        return new ObfuscatedString(new long[]{-3913501027534475976L, -6375119361504699228L, -9066234951454501403L}).toString();
    }

    static final /* synthetic */ String NO_CERTIFICATE() {
        return new ObfuscatedString(new long[]{8176802552878512340L, 7797232699725128497L, -2636522769051943396L}).toString();
    }

    static final /* synthetic */ String MISSING_PASSWORD() {
        return new ObfuscatedString(new long[]{9010897913873434116L, 8615168042028620563L, 3421421836467481879L}).toString();
    }

    static final /* synthetic */ String SUPERFLUOUS_PASSWORD() {
        return new ObfuscatedString(new long[]{2271081142507461271L, -2144767072444641543L, -8757787116196232900L, 1219721966027371417L}).toString();
    }

    static final /* synthetic */ String NO_SUCH_ENTRY() {
        return new ObfuscatedString(new long[]{-8653621838697497034L, -3714898092338497788L, -7582613731615597525L}).toString();
    }

    static final /* synthetic */ String X_509() {
        return new ObfuscatedString(new long[]{5541800518256790505L, -7368984590036855126L}).toString();
    }

    static final /* synthetic */ String NOTICE() {
        return new ObfuscatedString(new long[]{3535487561834837034L, -5135428118389928146L}).toString();
    }

    static final /* synthetic */ String AGPL3() {
        return new ObfuscatedString(new long[]{5380959604935165334L, 3812058251592499419L}).toString();
    }
}
