package com.mapr.fs.license;

import com.google.protobuf.TextFormat;
import com.mapr.fs.cldb.conf.CLDBConstants;
import com.mapr.fs.proto.License;
import com.mapr.security.SecurityConf;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.Signature;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.codec.binary.Base64;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/mapr/fs/license/LicenseUtil.class */
public class LicenseUtil {
    private static final Logger LOG = LogManager.getLogger(LicenseManager.class);
    public static final String BeginMsg = "-----BEGIN SIGNED MESSAGE-----";
    public static final String BeginData = "-----BEGIN DATA-----";
    public static final String BeginSignature = "-----BEGIN SIGNATURE-----";
    public static final String EndSignature = "-----END SIGNATURE-----";
    public static final String EndLicHash = "-----END MESSAGE HASH-----";
    private static final String BeginCert = "-----BEGIN CERTIFICATE-----";
    private static final String EndCert = "-----END CERTIFICATE-----";

    public static License.LicenseInfo parseMessage(X509Certificate x509Certificate, String str, String str2, StringBuilder sb, File file, List<String> list, boolean z) {
        License.LicenseInfo licenseInfo = null;
        try {
            byte[] dataForSignature = getDataForSignature(str);
            if (isValid(x509Certificate, file, list, sb, dataForSignature, str2, z)) {
                License.LicenseInfo.Builder licenseBuilder = getLicenseBuilder(str);
                setRequiredProperties(licenseBuilder, getHash(dataForSignature, z));
                licenseInfo = licenseBuilder.build();
            }
        } catch (Exception e) {
            String str3 = "failed to decode message: " + e.getMessage();
            if (sb != null) {
                sb.append(str3);
            }
            if (LOG.isErrorEnabled()) {
                LOG.error(str3, e);
            }
        }
        return licenseInfo;
    }

    private static License.LicenseInfo.Builder getLicenseBuilder(String str) throws Exception {
        License.LicenseInfo.Builder newBuilder = License.LicenseInfo.newBuilder();
        int indexOf = str.indexOf(BeginData);
        if (indexOf == -1) {
            TextFormat.merge(str, newBuilder);
        } else {
            newBuilder.mergeFrom(Base64.decodeBase64(str.substring(indexOf + BeginData.length()).getBytes()));
        }
        return newBuilder;
    }

    private static void setRequiredProperties(License.LicenseInfo.Builder builder, String str) {
        builder.setHash(str);
        if (builder.hasExpiresAfterInstallIn()) {
            long currentTimeMillis = System.currentTimeMillis() / 1000;
            builder.setInstallDate(currentTimeMillis);
            builder.setExpirationdate(currentTimeMillis + (builder.getExpiresAfterInstallIn() * 24 * 60 * 60));
        }
    }

    private static byte[] decodeBase64(String str) throws UnsupportedEncodingException {
        return Base64.decodeBase64(str.getBytes("UTF-8"));
    }

    private static boolean isValid(X509Certificate x509Certificate, File file, List<String> list, StringBuilder sb, byte[] bArr, String str, boolean z) {
        boolean z2;
        Signature signature;
        CertStore cRLStore = getCRLStore(list);
        X509Certificate certificate = getCertificate(file);
        if (certificate == null || !validateCertPath(x509Certificate, certificate, cRLStore)) {
            return false;
        }
        try {
            if (z) {
                signature = SecurityConf.isFipsEnabled() ? Signature.getInstance("SHA256withRSA", "BCFIPS") : Signature.getInstance("SHA256withRSA", "SunRsaSign");
            } else {
                if (SecurityConf.isFipsEnabled()) {
                    if (!LOG.isWarnEnabled()) {
                        return false;
                    }
                    LOG.warn("Fips is enabled - skipping unsupported algorightm SHA1");
                    return false;
                }
                signature = Signature.getInstance("SHA1withRSA", "SunRsaSign");
            }
            signature.initVerify(certificate);
            signature.update(bArr, 0, bArr.length);
            z2 = signature.verify(decodeBase64(str));
            if (!z2) {
                if (sb != null) {
                    sb.append("Signature validation failed");
                }
                if (LOG.isErrorEnabled()) {
                    LOG.error("Signature validation failed");
                }
            }
        } catch (Exception e) {
            z2 = false;
            String str2 = "Could not validate signature: " + e.getMessage();
            if (sb != null) {
                sb.append(str2);
            }
            if (LOG.isErrorEnabled()) {
                LOG.error(str2, e);
            }
        }
        return z2;
    }

    private static CertStore getCRLStore(List<String> list) {
        CertStore certStore = null;
        HashSet hashSet = new HashSet();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                hashSet.addAll(certificateFactory.generateCRLs(new ByteArrayInputStream(it.next().getBytes("UTF-8"))));
            }
            if (hashSet.size() > 0) {
                certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(hashSet));
            }
        } catch (Exception e) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("failed to getCRLStore", e);
            }
        }
        return certStore;
    }

    private static X509Certificate getCertificate(File file) {
        X509Certificate x509Certificate = null;
        FileInputStream fileInputStream = null;
        try {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                fileInputStream = new FileInputStream(file);
                x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e) {
                    }
                }
            } catch (Exception e2) {
                if (LOG.isErrorEnabled()) {
                    LOG.error("failed to create certfificate from: " + file, e2);
                }
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e3) {
                    }
                }
            }
            return x509Certificate;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e4) {
                    throw th;
                }
            }
            throw th;
        }
    }

    private static boolean validateCertPath(X509Certificate x509Certificate, X509Certificate x509Certificate2, CertStore certStore) {
        boolean z = false;
        try {
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(x509Certificate, null)));
            if (certStore != null) {
                pKIXParameters.setRevocationEnabled(true);
                pKIXParameters.addCertStore(certStore);
            } else {
                pKIXParameters.setRevocationEnabled(false);
            }
            ArrayList arrayList = new ArrayList(1);
            arrayList.add(x509Certificate2);
            z = true;
        } catch (Exception e) {
            if (LOG.isErrorEnabled()) {
                LOG.error("couldn't validate issuer certificate with CA: " + e.getMessage(), e);
            }
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int parseLicense(String str, StringBuilder sb, StringBuilder sb2, StringBuilder sb3, int i) {
        int indexOf = str.indexOf(BeginMsg, i);
        if (indexOf == -1) {
            if (sb3 != null) {
                sb3.append("Missing preamble: -----BEGIN SIGNED MESSAGE-----");
            }
            if (LOG.isErrorEnabled()) {
                LOG.error("Missing preamble: -----BEGIN SIGNED MESSAGE-----");
            }
            return -1;
        }
        int length = indexOf + BeginMsg.length();
        int indexOf2 = str.indexOf(BeginSignature, length);
        if (indexOf2 == -1) {
            if (sb3 != null) {
                sb3.append("Missing signature: (begin-marker)-----BEGIN SIGNATURE-----");
            }
            if (LOG.isErrorEnabled()) {
                LOG.error("Missing signature: (begin-marker)-----BEGIN SIGNATURE-----");
            }
            return -1;
        }
        int indexOf3 = str.indexOf(EndSignature, indexOf2);
        if (indexOf3 == -1) {
            if (sb3 != null) {
                sb3.append("Missing signature (end-marker): -----END SIGNATURE-----");
            }
            if (LOG.isErrorEnabled()) {
                LOG.error("Missing signature (end-marker): -----END SIGNATURE-----");
            }
            return indexOf3;
        }
        char[] charArray = str.toCharArray();
        sb.append(charArray, length, indexOf2 - length);
        int length2 = indexOf2 + BeginSignature.length();
        sb2.append(charArray, length2, indexOf3 - length2);
        return indexOf3;
    }

    public static boolean validateCRL(String str, StringBuilder sb, X509Certificate x509Certificate) {
        boolean z = false;
        try {
            ((X509CRL) CertificateFactory.getInstance("X.509").generateCRL(new ByteArrayInputStream(str.getBytes("UTF-8")))).verify(x509Certificate.getPublicKey());
            z = true;
        } catch (Exception e) {
            sb.append("could not validate CRL: ").append(e.getMessage());
        }
        return z;
    }

    public static String getHash(byte[] bArr, boolean z) {
        String str = null;
        try {
            str = new String(Base64.encodeBase64((z ? MessageDigest.getInstance("SHA-256") : MessageDigest.getInstance("SHA-1")).digest(bArr)), "UTF-8");
        } catch (Exception e) {
            if (LOG.isErrorEnabled()) {
                LOG.error("could not create hash: ", e);
            }
        }
        return str;
    }

    public static void main(String[] strArr) throws Exception {
        if (strArr.length > 0) {
            DERToASN1(strArr[0]);
        }
    }

    private static void DERToASN1(String str) throws Exception {
        StringBuilder sb = new StringBuilder();
        BufferedReader bufferedReader = new BufferedReader(new FileReader(str));
        if (!bufferedReader.readLine().equals(BeginCert)) {
            System.out.printf("DER certificate missing %s\n", BeginCert);
            return;
        }
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null || readLine.equals(EndCert)) {
                break;
            } else {
                sb.append(readLine).append("\n");
            }
        }
        byte[] decodeBase64 = Base64.decodeBase64(sb.toString().getBytes("UTF-8"));
        for (int i = 0; i < decodeBase64.length; i++) {
            if (i % 15 == 0) {
                System.out.println();
            }
            System.out.printf("%4d,", Byte.valueOf(decodeBase64[i]));
        }
        System.out.println();
    }

    public static byte[] getDataForSignature(String str) {
        int length = str.length();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            if (!Character.isWhitespace(charAt)) {
                byteArrayOutputStream.write(charAt);
            }
        }
        return byteArrayOutputStream.toByteArray();
    }

    public static byte[] readFully(InputStream inputStream) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[CLDBConstants.SnapCidAmortizeFactor];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                inputStream.close();
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }
}
