package ca.nrc.cadc.util;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashSet;
import java.util.Iterator;
import java.util.MissingResourceException;
import java.util.Set;
import org.apache.log4j.Logger;

/* loaded from: input_file:ca/nrc/cadc/util/RsaSignatureVerifier.class */
public class RsaSignatureVerifier {
    private static Logger log = Logger.getLogger(RsaSignatureVerifier.class);
    private static final String DEFAULT_CONFIG_DIR = System.getProperty("user.home") + "/config/";
    protected static RsaSignatureVerifier inst;
    protected Set<PublicKey> pubKeys;
    protected static final String KEY_ALGORITHM = "RSA";
    protected static final String SIG_ALGORITHM = "SHA1withRSA";
    public static final String PUB_KEY_FILE_NAME = "RsaSignaturePub.key";
    public static final String PUB_KEY_START = "-----BEGIN PUBLIC KEY-----";
    public static final String PUB_KEY_END = "-----END PUBLIC KEY-----";

    @Deprecated
    public RsaSignatureVerifier() {
        this(PUB_KEY_FILE_NAME);
    }

    @Deprecated
    public RsaSignatureVerifier(String str) {
        this.pubKeys = new HashSet();
        init(findFile(str));
    }

    public RsaSignatureVerifier(File file) {
        this.pubKeys = new HashSet();
        if (!file.exists()) {
            throw new MissingResourceException(file.getAbsolutePath(), null, null);
        }
        init(file);
    }

    public RsaSignatureVerifier(byte[] bArr) {
        this.pubKeys = new HashSet();
        init(bArr);
    }

    public RsaSignatureVerifier(byte[] bArr, boolean z) {
        this.pubKeys = new HashSet();
        if (z) {
            return;
        }
        init(bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Deprecated
    public RsaSignatureVerifier(String str, boolean z) {
        this.pubKeys = new HashSet();
        File findFile = findFile(str);
        if (z) {
            return;
        }
        init(findFile);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RsaSignatureVerifier(File file, boolean z) {
        this.pubKeys = new HashSet();
        if (!file.exists()) {
            throw new MissingResourceException(file.getAbsolutePath(), null, null);
        }
        if (z) {
            return;
        }
        init(file);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final File findFile(String str) throws MissingResourceException {
        File file = new File(DEFAULT_CONFIG_DIR, str);
        if (!file.exists()) {
            file = FileUtil.getFileFromResource(str, getClass());
        }
        return file;
    }

    protected void init(File file) {
        try {
            log.debug("read pub keys: " + file);
            BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
            StringBuilder sb = null;
            boolean z = false;
            while (true) {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        bufferedReader.close();
                        if (this.pubKeys.isEmpty()) {
                            throw new IllegalStateException("No valid public keys found");
                        }
                        return;
                    } else if (!readLine.equalsIgnoreCase(PUB_KEY_START)) {
                        if (readLine.equalsIgnoreCase(PUB_KEY_END)) {
                            if (!z) {
                                throw new IllegalArgumentException("Corrupted keys file");
                            }
                            z = false;
                            init(Base64.decode(sb.toString()));
                        }
                        if (z) {
                            sb.append(readLine);
                        }
                    } else {
                        if (z) {
                            throw new IllegalArgumentException("Corrupted keys file");
                        }
                        z = true;
                        sb = new StringBuilder();
                    }
                } finally {
                }
            }
        } catch (IOException e) {
            throw new RuntimeException("Could not read keys", e);
        }
    }

    protected void init(byte[] bArr) {
        try {
            try {
                this.pubKeys.add(KeyFactory.getInstance(KEY_ALGORITHM).generatePublic(new X509EncodedKeySpec(bArr)));
            } catch (InvalidKeySpecException e) {
                log.warn("Could not parse public key", e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("BUG: Wrong algorithm RSA", e2);
        }
    }

    public boolean verify(InputStream inputStream, byte[] bArr) throws IOException, InvalidKeyException {
        if (this.pubKeys.size() == 0) {
            throw new IllegalStateException("No public keys available for verifying");
        }
        try {
            HashSet hashSet = new HashSet(this.pubKeys.size());
            for (PublicKey publicKey : this.pubKeys) {
                Signature signature = getSignature();
                signature.initVerify(publicKey);
                hashSet.add(signature);
            }
            byte[] bArr2 = new byte[1024];
            int read = inputStream.read(bArr2);
            while (read > 0) {
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    ((Signature) it.next()).update(bArr2, 0, read);
                }
                read = inputStream.read(bArr2);
            }
            Iterator it2 = hashSet.iterator();
            while (it2.hasNext()) {
                if (((Signature) it2.next()).verify(bArr)) {
                    return true;
                }
            }
            return false;
        } catch (SignatureException e) {
            throw new RuntimeException("Signature problem", e);
        }
    }

    public Set<PublicKey> getPublicKeys() {
        return this.pubKeys;
    }

    private Signature getSignature() {
        try {
            return Signature.getInstance(SIG_ALGORITHM);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("BUG: Wrong signature algorithm SHA1withRSA", e);
        }
    }
}
