package org.appng.core.security.signing;

import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.appng.core.security.signing.BaseConfig;
import org.appng.core.security.signing.SigningException;

/* loaded from: input_file:WEB-INF/lib/appng-core-1.18.0-RC2.jar:org/appng/core/security/signing/SignerConfig.class */
public class SignerConfig extends BaseConfig {
    protected RSAPrivateKey signingKey;
    protected Signature signature;

    public SignerConfig(String str, String str2, String str3, byte[] bArr, byte[] bArr2, BaseConfig.SigningAlgorithm signingAlgorithm, BaseConfig.PrivateKeyFormat privateKeyFormat) throws SigningException {
        this.repoAttributes.put("repoCodeName", str);
        this.repoAttributes.put("repoDescription", str2);
        this.repoAttributes.put("repoVersion", str3);
        setSignKey(bArr, signingAlgorithm, privateKeyFormat);
        setSigningCerts(bArr2, SigningException.ErrorType.SIGN);
        setMsgDigest(BaseConfig.DigestAlgorithm.SHA256);
        if (!getSigningKey().getModulus().equals(getCertPublicKey().getModulus())) {
            throw new SigningException(SigningException.ErrorType.SIGN, "Signing key and cerfiticate were successfully loaded, but the key does not match the certificate. You may want to verify that the keys have the same modulus using the '-modulus' switch of openssl.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.appng.core.security.signing.BaseConfig
    public String hasMissingKey() {
        String hasMissingKey = super.hasMissingKey();
        if (hasMissingKey != null) {
            return hasMissingKey;
        }
        if (this.signingKey == null) {
            return "signingKey";
        }
        if (this.signature == null) {
            return "signature";
        }
        return null;
    }

    private void setSignKey(byte[] bArr, BaseConfig.SigningAlgorithm signingAlgorithm, BaseConfig.PrivateKeyFormat privateKeyFormat) throws SigningException {
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            switch (privateKeyFormat) {
                case PEM:
                    this.signingKey = (RSAPrivateKey) keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.decodeBase64(new String(bArr).replaceAll("(\\r)?(\\n)?-----(.*)(\\r)?\\n", ""))));
                    break;
                case DER:
                    this.signingKey = (RSAPrivateKey) keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr));
                    break;
            }
            try {
                this.signature = Signature.getInstance(signingAlgorithm.toString());
                this.signature.initSign(this.signingKey);
            } catch (InvalidKeyException e) {
                throw new SigningException(SigningException.ErrorType.SIGN, String.format("Private key was successfully loaded, but failed to instantiate at Signature(%s).initSign().", signingAlgorithm), e);
            } catch (NoSuchAlgorithmException e2) {
                throw new SigningException(SigningException.ErrorType.SIGN, String.format("Signing algorithm '%s' could not be loaded, but it should. This should not happen with one of the tested Java versions (1.7+).", signingAlgorithm), e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new SigningException(SigningException.ErrorType.SIGN, String.format("Got NoSuchAlgorithmException while loading private key as 'RSA' key. This should not happen with one of the tested Java versions (1.7+).", new Object[0]), e3);
        } catch (InvalidKeySpecException e4) {
            if (privateKeyFormat != BaseConfig.PrivateKeyFormat.DER) {
                throw new SigningException(SigningException.ErrorType.SIGN, String.format("Error while loading private key. You may want to check if the key is valid with OpenSSL: 'openssl rsa -in %s -inform PEM -text'", "<cert>.pem"), e4);
            }
            throw new SigningException(SigningException.ErrorType.SIGN, String.format("Error while loading private key. You may want to check if the key is valid with OpenSSL: 'openssl pkcs8 -in %s -inform DER -nocrypt'", "<cert>.der"), e4);
        }
    }

    private RSAPrivateKey getSigningKey() {
        return this.signingKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Signature getSignature() {
        return this.signature;
    }
}
