package pl.decerto.hyperon.runtime.license;

import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import javax.xml.bind.DatatypeConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.decerto.hyperon.runtime.exception.HyperonRuntimeException;
import pl.decerto.hyperon.runtime.security.Algorithm;
import pl.decerto.hyperon.runtime.security.DefaultKey;
import pl.decerto.hyperon.runtime.security.KeyProvider;
import pl.decerto.hyperon.runtime.utils.hash.DigestAlgorithm;
import pl.decerto.hyperon.runtime.utils.hash.HashUtils;

/* loaded from: input_file:BOOT-INF/lib/hyperon-runtime-1.12.2.jar:pl/decerto/hyperon/runtime/license/LicenseSignatureServiceImpl.class */
public class LicenseSignatureServiceImpl implements LicenseSignatureService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) LicenseSignatureServiceImpl.class);
    private final Signature signature = createSignature();

    @Override // pl.decerto.hyperon.runtime.license.LicenseSignatureService
    public boolean verify(HyperonLicenseDto hyperonLicenseDto) {
        return verify(hyperonLicenseDto, DefaultKey.PUBLIC.getResourcePath());
    }

    @Override // pl.decerto.hyperon.runtime.license.LicenseSignatureService
    public boolean verify(HyperonLicenseDto hyperonLicenseDto, String str) {
        if (hyperonLicenseDto == null) {
            throw new IllegalArgumentException("cannot verify null license");
        }
        PublicKey publicKey = getPublicKey(str);
        if (publicKey == null) {
            throw new IllegalArgumentException("could not create public key from given path:" + str);
        }
        return verify(hyperonLicenseDto, publicKey);
    }

    @Override // pl.decerto.hyperon.runtime.license.LicenseSignatureService
    public boolean verify(HyperonLicenseDto hyperonLicenseDto, URL url) {
        if (hyperonLicenseDto == null) {
            throw new IllegalArgumentException("cannot verify null license");
        }
        PublicKey publicKey = getPublicKey(url);
        if (publicKey == null) {
            throw new IllegalArgumentException("could not create public key from given URL: " + url);
        }
        return verify(hyperonLicenseDto, publicKey);
    }

    @Override // pl.decerto.hyperon.runtime.license.LicenseSignatureService
    public byte[] sign(HyperonLicenseDetailsDto hyperonLicenseDetailsDto, String str) {
        if (hyperonLicenseDetailsDto == null) {
            throw new IllegalArgumentException("cannot create signature from null license details");
        }
        PrivateKey privateKey = getPrivateKey(str);
        if (privateKey == null) {
            throw new IllegalArgumentException("could not create private key from given path:" + str);
        }
        return sign(hyperonLicenseDetailsDto, privateKey);
    }

    @Override // pl.decerto.hyperon.runtime.license.LicenseSignatureService
    public byte[] sign(HyperonLicenseDetailsDto hyperonLicenseDetailsDto, URL url) {
        if (hyperonLicenseDetailsDto == null) {
            throw new IllegalArgumentException("cannot create signature from null license details");
        }
        PrivateKey privateKey = getPrivateKey(url);
        if (privateKey == null) {
            throw new IllegalArgumentException("could not create private key: " + url);
        }
        return sign(hyperonLicenseDetailsDto, privateKey);
    }

    private boolean verify(HyperonLicenseDto hyperonLicenseDto, PublicKey publicKey) {
        try {
            String hash = hash(hyperonLicenseDto.getLicenseDetails().getDetailsAsKeyValueString());
            log.trace("hash for object {} is:{}", hyperonLicenseDto, hash);
            this.signature.initVerify(publicKey);
            this.signature.update(hash.getBytes());
            return this.signature.verify(hyperonLicenseDto.getSignature());
        } catch (InvalidKeyException | SignatureException e) {
            throw new HyperonRuntimeException("signature error with publicKey: " + publicKey, e);
        }
    }

    private byte[] sign(HyperonLicenseDetailsDto hyperonLicenseDetailsDto, PrivateKey privateKey) {
        try {
            String hash = hash(hyperonLicenseDetailsDto.getDetailsAsKeyValueString());
            log.debug("hash for object {} is:{}", hyperonLicenseDetailsDto, hash);
            this.signature.initSign(privateKey);
            this.signature.update(hash.getBytes(StandardCharsets.UTF_8));
            byte[] sign = this.signature.sign();
            if (log.isDebugEnabled()) {
                log.debug("signature in base64:{}", DatatypeConverter.printBase64Binary(sign));
            }
            return sign;
        } catch (InvalidKeyException | SignatureException e) {
            throw new HyperonRuntimeException("signature error with privateKey: " + privateKey, e);
        }
    }

    private Signature createSignature() {
        try {
            return Signature.getInstance(Algorithm.SIGNATURE_ALGORITHM, Algorithm.SECURITY_ALGORITHM_PROVIDER);
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new HyperonRuntimeException("could not create signature with SHA256withRSAalgorithm from provider SunRsaSign", e);
        }
    }

    private PrivateKey getPrivateKey(String str) {
        return new KeyProvider().getPrivateKey(str);
    }

    private PrivateKey getPrivateKey(URL url) {
        return new KeyProvider().getPrivateKey(url);
    }

    private PublicKey getPublicKey(String str) {
        return new KeyProvider().getPublicKey(str);
    }

    private PublicKey getPublicKey(URL url) {
        return new KeyProvider().getPublicKey(url);
    }

    private String hash(String str) {
        return HashUtils.hashText(DigestAlgorithm.MD5, str);
    }
}
