package org.appng.core.security.signing;

import java.io.BufferedWriter;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.file.FileSystems;
import java.nio.file.FileVisitResult;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.PathMatcher;
import java.nio.file.SimpleFileVisitor;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.BasicFileAttributes;
import java.security.Principal;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import org.apache.commons.codec.binary.Hex;
import org.appng.core.security.signing.SigningException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import thredds.inventory.CollectionAbstract;

/* loaded from: input_file:WEB-INF/lib/appng-core-1.20.5-SNAPSHOT.jar:org/appng/core/security/signing/Signer.class */
public class Signer {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) Signer.class);
    private ValidatorConfig validatorConfig;

    private Signer(ValidatorConfig validatorConfig) {
        this.validatorConfig = validatorConfig;
    }

    public static Signer getRepoValidator(ValidatorConfig validatorConfig, byte[] bArr, byte[] bArr2) throws SigningException {
        return getRepoValidator(validatorConfig, bArr, bArr2, null);
    }

    public static Signer getRepoValidator(ValidatorConfig validatorConfig, byte[] bArr, byte[] bArr2, Collection<X509Certificate> collection) throws SigningException {
        X509Certificate signingCert = validatorConfig.getSigningCert();
        boolean z = true;
        Principal subjectDN = signingCert.getSubjectDN();
        if (null != collection) {
            X509Certificate next = collection.iterator().next();
            RSAPublicKey rSAPublicKey = (RSAPublicKey) next.getPublicKey();
            RSAPublicKey rSAPublicKey2 = (RSAPublicKey) validatorConfig.getSigningCert().getPublicKey();
            if (!rSAPublicKey2.getModulus().equals(rSAPublicKey.getModulus()) || !rSAPublicKey2.getPublicExponent().equals(rSAPublicKey.getPublicExponent())) {
                throw new SigningException(SigningException.ErrorType.VERIFY, String.format("the trusted certificate does not match! Expected %s, got %s", next.getSubjectDN().getName(), subjectDN.getName()), null, signingCert);
            }
            z = false;
        }
        if (z) {
            CertChainValidator certChainValidator = validatorConfig.getCertChainValidator();
            if (null != certChainValidator && !certChainValidator.validateKeyChain(new ByteArrayInputStream(validatorConfig.getSigningCertsRaw()))) {
                throw new SigningException(SigningException.ErrorType.VERIFY, String.format("The chain for certificate '%s' is invalid!", subjectDN.getName()), signingCert);
            }
            try {
                signingCert.checkValidity();
            } catch (CertificateException e) {
                throw new SigningException(SigningException.ErrorType.VERIFY, String.format("The certificate '%s' is invalid (expires: %s).", subjectDN.getName(), e, signingCert.getNotAfter()), e, signingCert);
            }
        }
        try {
            LOGGER.info("Validating the release file against signature/certificate '{}'.", subjectDN.getName());
            Signature signature = validatorConfig.getSignature();
            signature.update(bArr);
            if (!signature.verify(bArr2)) {
                throw new SigningException(SigningException.ErrorType.VERIFY, "Release signature did not validate. Cannot continue.", validatorConfig.getSigningCert());
            }
            LOGGER.info("Successfully validated release file.");
            verifyIndex(validatorConfig, bArr);
            String hasMissingKey = validatorConfig.hasMissingKey();
            if (hasMissingKey != null) {
                throw new SigningException(SigningException.ErrorType.VERIFY, String.format("Missing configuration key '%s' in repository.", hasMissingKey), validatorConfig.getSigningCert());
            }
            return new Signer(validatorConfig);
        } catch (SignatureException e2) {
            throw new SigningException(SigningException.ErrorType.VERIFY, "Failed to validate the release signature.", e2, validatorConfig.getSigningCert());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:14:0x0069, code lost:
    
        throw new org.appng.core.security.signing.SigningException(org.appng.core.security.signing.SigningException.ErrorType.VERIFY, java.lang.String.format("Release file has unexpected format on line %d. Expected 'key: value', but got '%s'.", java.lang.Integer.valueOf(r13), r0));
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected static void verifyIndex(org.appng.core.security.signing.ValidatorConfig r9, byte[] r10) throws org.appng.core.security.signing.SigningException {
        /*
            Method dump skipped, instructions count: 234
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.appng.core.security.signing.Signer.verifyIndex(org.appng.core.security.signing.ValidatorConfig, byte[]):void");
    }

    public boolean validatePackage(byte[] bArr, String str) throws SigningException {
        if (!this.validatorConfig.pkgDigests.containsKey(str)) {
            throw new SigningException(SigningException.ErrorType.VERIFY, String.format("Package '%s' not found.", str));
        }
        String str2 = new String(Hex.encodeHex(this.validatorConfig.getDigest().digest(bArr), true));
        String str3 = this.validatorConfig.pkgDigests.get(str);
        if (!str2.equals(str3)) {
            throw new SigningException(SigningException.ErrorType.VERIFY, String.format("Digests missmatch for {}, expected {}, got {}", str, str3, str2));
        }
        LOGGER.debug("Package {} has the expected digest {}", str, str3);
        return true;
    }

    public static SignatureWrapper signRepo(Path path, SignerConfig signerConfig) throws SigningException {
        String hasMissingKey = signerConfig.hasMissingKey();
        if (hasMissingKey != null) {
            throw new SigningException(SigningException.ErrorType.SIGN, String.format("Missing configuration key '%s' in SignerConfig.", hasMissingKey));
        }
        LOGGER.info("Signing repository '{}'", path);
        try {
            Path[] fileGlob = fileGlob(path, "*.{jar,zip}");
            Path resolve = path.resolve("index");
            LOGGER.info("Writing release file '{}'", resolve);
            BufferedWriter newBufferedWriter = Files.newBufferedWriter(resolve, signerConfig.getCharset(), StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
            Throwable th = null;
            try {
                try {
                    LOGGER.info("..adding repository attributes");
                    Iterator<String> it = BaseConfig.validRepoAttributes.iterator();
                    while (it.hasNext()) {
                        String next = it.next();
                        newBufferedWriter.append((CharSequence) String.format("%s: %s\n", next, signerConfig.repoAttributes.get(next)));
                    }
                    newBufferedWriter.append((CharSequence) String.format("%s\n", "[package digests]"));
                    for (Path path2 : fileGlob) {
                        LOGGER.info("..adding message digest of package '{}'", path2.getFileName());
                        newBufferedWriter.append((CharSequence) String.format("%s: %s\n", path2.getFileName(), Hex.encodeHexString(signerConfig.getDigest().digest(Files.readAllBytes(path2)))));
                    }
                    newBufferedWriter.close();
                    Signature signature = signerConfig.getSignature();
                    signature.update(Files.readAllBytes(resolve));
                    byte[] sign = signature.sign();
                    SignatureWrapper signatureWrapper = new SignatureWrapper();
                    signatureWrapper.setSignature(sign);
                    signatureWrapper.setIndex(Files.readAllBytes(resolve));
                    if (newBufferedWriter != null) {
                        if (0 != 0) {
                            try {
                                newBufferedWriter.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newBufferedWriter.close();
                        }
                    }
                    return signatureWrapper;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new SigningException(SigningException.ErrorType.SIGN, "IOException during repo signing. Please check the configured paths and masks.", e);
        } catch (SignatureException e2) {
            throw new SigningException(SigningException.ErrorType.SIGN, String.format("SignatureException during repo signing. There is no plausible reason in this part of the code. You probably found a bug!", new Object[0]), e2);
        }
    }

    static Path[] fileGlob(Path path, String str) throws IOException {
        final PathMatcher pathMatcher = FileSystems.getDefault().getPathMatcher(CollectionAbstract.GLOB + str);
        final ArrayList arrayList = new ArrayList(128);
        Files.walkFileTree(path, new SimpleFileVisitor<Path>() { // from class: org.appng.core.security.signing.Signer.1
            @Override // java.nio.file.SimpleFileVisitor, java.nio.file.FileVisitor
            public FileVisitResult visitFile(Path path2, BasicFileAttributes basicFileAttributes) throws IOException {
                if (pathMatcher.matches(path2.getFileName())) {
                    arrayList.add(path2);
                }
                return FileVisitResult.CONTINUE;
            }
        });
        Collections.sort(arrayList);
        return (Path[]) arrayList.toArray(new Path[arrayList.size()]);
    }
}
