package org.appng.core.security.signing;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.uima.pear.tools.InstallationController;
import org.appng.core.security.signing.BaseConfig;
import org.appng.core.security.signing.SigningException;

/* loaded from: input_file:WEB-INF/lib/appng-core-1.26.1-SNAPSHOT.jar:org/appng/core/security/signing/ValidatorConfig.class */
public class ValidatorConfig extends BaseConfig {
    protected Map<String, String> pkgDigests = new HashMap();
    protected Signature signature;
    private byte[] signingCertsRaw;
    private byte[] trustStore;
    private char[] trustStorePassword;

    public ValidatorConfig() throws SigningException {
        setMsgDigest(BaseConfig.DigestAlgorithm.SHA256);
    }

    public void setSigningCert(byte[] bArr, BaseConfig.SigningAlgorithm signingAlgorithm) throws SigningException {
        this.signingCertsRaw = ArrayUtils.clone(bArr);
        setSigningCerts(this.signingCertsRaw, SigningException.ErrorType.VERIFY);
        try {
            this.signature = Signature.getInstance(signingAlgorithm.toString());
            this.signature.initVerify(getSigningCert());
        } catch (InvalidKeyException e) {
            throw new SigningException(SigningException.ErrorType.VERIFY, String.format("Certificate key was successfully loaded, but failed to instantiate at Signature(%s).initVerify().", signingAlgorithm), e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SigningException(SigningException.ErrorType.VERIFY, String.format("Signing algorithm '%s' could not be loaded, but it should. This should not happen with one of the tested Java versions (1.7+).", signingAlgorithm), e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Signature getSignature() {
        return this.signature;
    }

    public void setTrustStore(byte[] bArr) {
        this.trustStore = bArr;
    }

    public void setTrustStorePassword(char[] cArr) {
        this.trustStorePassword = cArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getSigningCertsRaw() {
        return this.signingCertsRaw;
    }

    public void setupDefaultTruststore() throws SigningException {
        File file = new File(System.getProperty("java.home") + File.separatorChar + InstallationController.PACKAGE_LIB_DIR + File.separatorChar + "security");
        try {
            this.trustStore = FileUtils.readFileToByteArray(new File(file, "cacerts"));
            this.trustStorePassword = "changeit".toCharArray();
        } catch (IOException e) {
            throw new SigningException(SigningException.ErrorType.VERIFY, String.format("error reading cacerts from %s", file.getAbsolutePath()), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertChainValidator getCertChainValidator() throws SigningException {
        if (null == this.trustStore && null == this.trustStorePassword) {
            return null;
        }
        return new CertChainValidator(new ByteArrayInputStream(this.trustStore), this.trustStorePassword);
    }
}
