package com.appiancorp.plugins.component;

import com.appiancorp.core.expr.portable.string.Strings;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.openssl.PEMParser;

/* loaded from: input_file:com/appiancorp/plugins/component/DeveloperTokenVerificationHelper.class */
public final class DeveloperTokenVerificationHelper {
    private static final Logger LOG = Logger.getLogger(DeveloperTokenVerificationHelper.class);
    private static final String DEV_INSTANCE_KEY_NAME = "devInstancePublic.pem";
    private static final String KEY_ALGORITHM = "RSA";
    private static final String SIGNATURE_ALGORITHM = "SHA512withRSA";
    private PublicKey devInstancePublicKey;
    private boolean initialized;
    protected String cachedToken;
    public boolean cachedResponse;

    public DeveloperTokenVerificationHelper() {
        try {
            this.devInstancePublicKey = getPublicKey();
            this.initialized = true;
        } catch (Exception e) {
            LOG.error(e.getMessage());
            this.initialized = false;
        }
    }

    private PublicKey getPublicKey() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        Reader readPublicKey = readPublicKey(DEV_INSTANCE_KEY_NAME);
        Throwable th = null;
        try {
            PEMParser pEMParser = new PEMParser(readPublicKey);
            Throwable th2 = null;
            try {
                try {
                    PublicKey generatePublic = KeyFactory.getInstance(KEY_ALGORITHM).generatePublic(new X509EncodedKeySpec(((SubjectPublicKeyInfo) pEMParser.readObject()).getEncoded()));
                    if (pEMParser != null) {
                        if (0 != 0) {
                            try {
                                pEMParser.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            pEMParser.close();
                        }
                    }
                    return generatePublic;
                } finally {
                }
            } catch (Throwable th4) {
                if (pEMParser != null) {
                    if (th2 != null) {
                        try {
                            pEMParser.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        pEMParser.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (readPublicKey != null) {
                if (0 != 0) {
                    try {
                        readPublicKey.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    readPublicKey.close();
                }
            }
        }
    }

    private static Reader readPublicKey(String str) {
        return new InputStreamReader(getResource(str, DeveloperTokenVerificationHelper.class), StandardCharsets.UTF_8);
    }

    public static InputStream getResource(String str, Class cls) {
        return cls.getClassLoader().getResourceAsStream("resources/" + cls.getName().replaceAll("\\.", "/") + "/" + str);
    }

    public boolean verifyDevInstanceSignature(String str, String str2) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        if (!this.initialized || Strings.isNullOrEmpty(str2)) {
            return false;
        }
        if (!str2.equals(this.cachedToken)) {
            this.cachedToken = str2;
            this.cachedResponse = verifySignature(str.getBytes(StandardCharsets.UTF_8), Base64.getDecoder().decode(str2));
            LOG.info(this.cachedResponse ? "This instance is now registered as a developer instance" : "Unable to verify conf.plugins.INTEGRATION_SDK_DEVELOPER_TOKEN. This instance will NOT be registered as a developer instance.");
        }
        return this.cachedResponse;
    }

    private boolean verifySignature(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
        signature.initVerify(this.devInstancePublicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }
}
