package org.apache.james.jmap.crypto;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.util.Base64;
import java.util.Optional;
import javax.inject.Inject;
import org.apache.james.filesystem.api.FileSystem;
import org.apache.james.jmap.JMAPConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/james/jmap/crypto/JamesSignatureHandler.class */
public class JamesSignatureHandler implements SignatureHandler {
    private static final Logger LOGGER = LoggerFactory.getLogger(JamesSignatureHandler.class);
    public static final String ALIAS = "james";
    public static final String ALGORITHM = "SHA1withRSA";
    public static final String JKS = "JKS";
    private final FileSystem fileSystem;
    private final JMAPConfiguration jmapConfiguration;
    private PrivateKey privateKey;
    private PublicKey publicKey;

    @Inject
    @VisibleForTesting
    JamesSignatureHandler(FileSystem fileSystem, JMAPConfiguration jMAPConfiguration) {
        this.fileSystem = fileSystem;
        this.jmapConfiguration = jMAPConfiguration;
    }

    @Override // org.apache.james.jmap.crypto.SignatureHandler
    public void init() throws Exception {
        KeyStore keyStore = KeyStore.getInstance(JKS);
        InputStream resource = this.fileSystem.getResource(this.jmapConfiguration.getKeystore());
        char[] charArray = this.jmapConfiguration.getSecret().toCharArray();
        keyStore.load(resource, charArray);
        this.publicKey = ((Certificate) Optional.ofNullable(keyStore.getCertificate(ALIAS)).orElseThrow(() -> {
            return new KeyStoreException("Alias 'james' keystore can't be found");
        })).getPublicKey();
        Key key = keyStore.getKey(ALIAS, charArray);
        if (!(key instanceof PrivateKey)) {
            throw new KeyStoreException("Provided key is not a PrivateKey");
        }
        this.privateKey = (PrivateKey) key;
    }

    @Override // org.apache.james.jmap.crypto.SignatureHandler
    public String sign(String str) {
        Preconditions.checkNotNull(str);
        try {
            Signature signature = Signature.getInstance(ALGORITHM);
            signature.initSign(this.privateKey);
            signature.update(str.getBytes());
            return Base64.getEncoder().encodeToString(signature.sign());
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.apache.james.jmap.crypto.SignatureHandler
    public boolean verify(String str, String str2) {
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(str2);
        try {
            Signature signature = Signature.getInstance(ALGORITHM);
            signature.initVerify(this.publicKey);
            signature.update(str.getBytes());
            return signature.verify(Base64.getDecoder().decode(str2));
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        } catch (SignatureException e2) {
            LOGGER.warn("Attempt to use a malformed signature '{}' for source '{}'", new Object[]{str2, str, e2});
            return false;
        }
    }
}
