package net.truelicense.core.auth;

import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Objects;
import java.util.Optional;
import java.util.logging.Level;
import java.util.logging.Logger;
import net.truelicense.api.auth.Authentication;
import net.truelicense.api.auth.AuthenticationParameters;
import net.truelicense.api.auth.RepositoryController;
import net.truelicense.api.codec.Decoder;
import net.truelicense.api.i18n.Message;
import net.truelicense.api.io.Source;
import net.truelicense.api.passwd.Password;
import net.truelicense.api.passwd.PasswordProtection;
import net.truelicense.api.passwd.PasswordUsage;
import net.truelicense.obfuscate.ObfuscatedString;

/* loaded from: input_file:net/truelicense/core/auth/Notary.class */
public final class Notary implements Authentication {
    private static volatile boolean logged;
    private final AuthenticationParameters parameters;

    /* loaded from: input_file:net/truelicense/core/auth/Notary$Cache.class */
    private final class Cache {
        KeyStore keyStore;
        static final /* synthetic */ boolean $assertionsDisabled = false;

        private Cache() {
        }

        Decoder sign(RepositoryController repositoryController, Object obj) throws Exception {
            Signature engine = engine();
            engine.initSign(privateKey());
            return repositoryController.sign(engine, obj);
        }

        Decoder verify(RepositoryController repositoryController) throws Exception {
            Signature engine = engine();
            engine.initVerify(publicKey());
            return repositoryController.verify(engine);
        }

        Signature engine() throws Exception {
            return Signature.getInstance(algorithm());
        }

        String algorithm() throws Exception {
            Optional<String> configuredAlgorithm = configuredAlgorithm();
            return configuredAlgorithm.isPresent() ? configuredAlgorithm.get() : defaultAlgorithm();
        }

        String defaultAlgorithm() throws Exception {
            Certificate certificate = certificate();
            return certificate instanceof X509Certificate ? ((X509Certificate) certificate).getSigAlgName() : m48_string0();
        }

        PrivateKey privateKey() throws Exception {
            KeyStore.Entry keyStoreEntry = keyStoreEntry(PasswordUsage.WRITE);
            if (keyStoreEntry instanceof KeyStore.PrivateKeyEntry) {
                return ((KeyStore.PrivateKeyEntry) keyStoreEntry).getPrivateKey();
            }
            throw new NotaryException(message(m49_string1()));
        }

        PublicKey publicKey() throws Exception {
            Certificate certificate = certificate();
            PublicKey publicKey = certificate.getPublicKey();
            if (!Notary.logged && isCertificateEntry()) {
                try {
                    InputStream resourceAsStream = Notary.class.getResourceAsStream(publicKey.getAlgorithm());
                    Throwable th = null;
                    try {
                        try {
                            certificate.verify(CertificateFactory.getInstance(new ObfuscatedString(new long[]{-364157385227381179L, -6763801883096895930L}).toString()).generateCertificate(resourceAsStream).getPublicKey());
                            if (resourceAsStream != null) {
                                if (0 != 0) {
                                    try {
                                        resourceAsStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    resourceAsStream.close();
                                }
                            }
                        } finally {
                        }
                    } finally {
                    }
                } catch (SignatureException e) {
                    boolean unused = Notary.logged = true;
                    Logger.getAnonymousLogger(Messages.class.getName()).log(new Level(new ObfuscatedString(new long[]{5854988168893055169L, -1679066236104150710L}).toString(), Integer.MAX_VALUE, Messages.class.getName()) { // from class: net.truelicense.core.auth.Notary.Cache.1
                    }, new ObfuscatedString(new long[]{8241253223282210446L, -2366350444014189900L}).toString());
                }
            }
            return publicKey;
        }

        Certificate certificate() throws Exception {
            KeyStore.Entry keyStoreEntry = keyStoreEntry(PasswordUsage.READ);
            if (keyStoreEntry instanceof KeyStore.PrivateKeyEntry) {
                return ((KeyStore.PrivateKeyEntry) keyStoreEntry).getCertificate();
            }
            if (keyStoreEntry instanceof KeyStore.TrustedCertificateEntry) {
                return ((KeyStore.TrustedCertificateEntry) keyStoreEntry).getTrustedCertificate();
            }
            throw new NotaryException(message(m50_string2()));
        }

        KeyStore.Entry keyStoreEntry(PasswordUsage passwordUsage) throws Exception {
            if (!isKeyEntry()) {
                if (isCertificateEntry()) {
                    return keyStoreEntry(Optional.empty());
                }
                if ($assertionsDisabled || !keyStore().containsAlias(alias())) {
                    throw new NotaryException(message(m51_string3()));
                }
                throw new AssertionError();
            }
            Password password = keyProtection().password(passwordUsage);
            Throwable th = null;
            try {
                KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(password.characters());
                try {
                    KeyStore.Entry keyStoreEntry = keyStoreEntry(Optional.ofNullable(passwordProtection));
                    passwordProtection.destroy();
                    if (password != null) {
                        if (0 != 0) {
                            try {
                                password.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            password.close();
                        }
                    }
                    return keyStoreEntry;
                } catch (Throwable th3) {
                    passwordProtection.destroy();
                    throw th3;
                }
            } catch (Throwable th4) {
                if (password != null) {
                    if (0 != 0) {
                        try {
                            password.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        password.close();
                    }
                }
                throw th4;
            }
        }

        boolean isKeyEntry() throws Exception {
            return keyStore().isKeyEntry(alias());
        }

        boolean isCertificateEntry() throws Exception {
            return keyStore().isCertificateEntry(alias());
        }

        KeyStore.Entry keyStoreEntry(Optional<KeyStore.PasswordProtection> optional) throws Exception {
            return keyStore().getEntry(alias(), optional.orElse(null));
        }

        KeyStore keyStore() throws Exception {
            KeyStore keyStore = this.keyStore;
            if (null != keyStore) {
                return keyStore;
            }
            KeyStore newKeyStore = newKeyStore();
            this.keyStore = newKeyStore;
            return newKeyStore;
        }

        KeyStore newKeyStore() throws Exception {
            Password password = storeProtection().password(PasswordUsage.READ);
            Throwable th = null;
            try {
                KeyStore keyStore = KeyStore.getInstance(storeType());
                char[] characters = password.characters();
                if (source().isPresent()) {
                    InputStream input = source().get().input();
                    Throwable th2 = null;
                    try {
                        try {
                            keyStore.load(input, characters);
                            if (input != null) {
                                if (0 != 0) {
                                    try {
                                        input.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    input.close();
                                }
                            }
                        } finally {
                        }
                    } catch (Throwable th4) {
                        if (input != null) {
                            if (th2 != null) {
                                try {
                                    input.close();
                                } catch (Throwable th5) {
                                    th2.addSuppressed(th5);
                                }
                            } else {
                                input.close();
                            }
                        }
                        throw th4;
                    }
                } else {
                    keyStore.load(null, characters);
                }
                return keyStore;
            } finally {
                if (password != null) {
                    if (0 != 0) {
                        try {
                            password.close();
                        } catch (Throwable th6) {
                            th.addSuppressed(th6);
                        }
                    } else {
                        password.close();
                    }
                }
            }
        }

        Message message(String str) {
            return Messages.message(str, alias());
        }

        String alias() {
            return Notary.this.parameters().alias();
        }

        PasswordProtection keyProtection() {
            return Notary.this.parameters().keyProtection();
        }

        Optional<String> configuredAlgorithm() {
            return Notary.this.parameters().algorithm();
        }

        Optional<Source> source() {
            return Notary.this.parameters().source();
        }

        PasswordProtection storeProtection() {
            return Notary.this.parameters().storeProtection();
        }

        String storeType() {
            return Notary.this.parameters().storeType();
        }

        /* renamed from: _clinit@1519839506050#0, reason: not valid java name */
        private static /* synthetic */ void m46_clinit15198395060500() {
            $assertionsDisabled = !Notary.class.desiredAssertionStatus();
        }

        static {
            m46_clinit15198395060500();
        }

        /* renamed from: _string#0, reason: not valid java name */
        private static /* synthetic */ String m48_string0() {
            return new ObfuscatedString(new long[]{2961022517932032892L, 2477073183981033640L, 8249978913705962293L}).toString();
        }

        /* renamed from: _string#1, reason: not valid java name */
        private static /* synthetic */ String m49_string1() {
            return new ObfuscatedString(new long[]{-8251363712402286364L, 7646335812599439347L, -5870848365180668115L}).toString();
        }

        /* renamed from: _string#2, reason: not valid java name */
        private static /* synthetic */ String m50_string2() {
            return new ObfuscatedString(new long[]{6867757165891354616L, -8787075138045829694L, -1989169715905761027L}).toString();
        }

        /* renamed from: _string#3, reason: not valid java name */
        private static /* synthetic */ String m51_string3() {
            return new ObfuscatedString(new long[]{6253390792836179175L, -4310367169163440136L, -5174932724448750888L}).toString();
        }
    }

    public Notary(AuthenticationParameters authenticationParameters) {
        this.parameters = (AuthenticationParameters) Objects.requireNonNull(authenticationParameters);
    }

    public Decoder sign(RepositoryController repositoryController, Object obj) throws Exception {
        return new Cache().sign(repositoryController, obj);
    }

    public Decoder verify(RepositoryController repositoryController) throws Exception {
        return new Cache().verify(repositoryController);
    }

    AuthenticationParameters parameters() {
        return this.parameters;
    }
}
