package craterdog.security;

import craterdog.primitives.Tag;
import craterdog.smart.SmartObject;
import craterdog.utils.Base32Utils;
import java.io.UnsupportedEncodingException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import org.joda.time.DateTime;
import org.slf4j.ext.XLogger;
import org.slf4j.ext.XLoggerFactory;

/* loaded from: input_file:craterdog/security/RsaDigitalNotary.class */
public final class RsaDigitalNotary implements Notarization {
    private static final XLogger logger = XLoggerFactory.getXLogger(RsaDigitalNotary.class);
    private static final String HASH_ALGORITHM = "SHA256";
    private final CertificateManager manager = new RsaCertificateManager();
    private final MessageCryptex cryptex = new RsaAesMessageCryptex();
    public final String algorithm = this.cryptex.getAsymmetricSignatureAlgorithm();
    public final int majorVersion = 1;
    public final int minorVersion = 0;

    public NotaryKey generateNotaryKey() {
        logger.entry(new Object[0]);
        logger.debug("Generating a new RSA key pair...");
        KeyPair generateKeyPair = this.manager.generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        PublicKey publicKey = generateKeyPair.getPublic();
        logger.debug("Creating a notary key...");
        NotaryKey notaryKey = new NotaryKey();
        notaryKey.keyId = new Tag();
        notaryKey.signingKey = privateKey;
        notaryKey.verificationKey = publicKey;
        logger.debug("Adding a watermark...");
        notaryKey.watermark = generateWatermark(31536000);
        logger.exit(notaryKey);
        return notaryKey;
    }

    public Watermark generateWatermark(int i) {
        logger.entry(new Object[]{Integer.valueOf(i)});
        Watermark watermark = new Watermark();
        watermark.signingAlgorithm = this.algorithm;
        watermark.majorVersion = 1;
        watermark.minorVersion = 0;
        watermark.creationTimestamp = DateTime.now();
        watermark.expirationTimestamp = watermark.creationTimestamp.plusSeconds(i);
        logger.exit(watermark);
        return watermark;
    }

    public boolean watermarkIsValid(Watermark watermark) {
        logger.entry(new Object[]{watermark});
        boolean z = true;
        try {
            validateWatermark(watermark);
        } catch (Exception e) {
            logger.debug("A '{}' exception was thrown while validating the following watermark: {}", e.getMessage(), watermark);
            z = false;
        }
        logger.exit(Boolean.valueOf(z));
        return z;
    }

    public DigitalSeal notarizeDocument(String str, String str2, NotaryKey notaryKey) {
        logger.entry(new Object[]{str2, notaryKey});
        logger.debug("Verifying that the notary key has not expired...");
        validateWatermark(notaryKey.watermark);
        logger.debug("Signing and verifying the document...");
        PublicKey publicKey = notaryKey.verificationKey;
        PrivateKey privateKey = notaryKey.signingKey;
        String generateSignature = generateSignature(str2, privateKey);
        validateSignature(str2, generateSignature, publicKey);
        logger.debug("Generate a SHA-256 hash of the verification key...");
        String generateHash = generateHash(publicKey);
        logger.debug("Create a digital notary seal...");
        SealAttributes sealAttributes = new SealAttributes();
        sealAttributes.notaryKeyId = notaryKey.keyId;
        sealAttributes.sha256VerificationKeyHash = generateHash;
        sealAttributes.timestamp = DateTime.now();
        sealAttributes.documentType = str;
        sealAttributes.documentSignature = generateSignature;
        DigitalSeal digitalSeal = new DigitalSeal();
        digitalSeal.attributes = sealAttributes;
        validateAttributes(digitalSeal);
        digitalSeal.notarySignature = generateSignature(sealAttributes.toString(), privateKey);
        logger.exit(digitalSeal);
        return digitalSeal;
    }

    public boolean documentIsValid(String str, DigitalSeal digitalSeal, PublicKey publicKey) {
        logger.entry(new Object[]{str, publicKey, digitalSeal});
        boolean z = true;
        try {
            logger.debug("Validating the digital seal's attributes...");
            validateAttributes(digitalSeal);
            logger.debug("Validating the SHA-256 hash of the verification key...");
            validateHash(digitalSeal.attributes.sha256VerificationKeyHash, publicKey);
            logger.debug("Validating the notary signature of the document...");
            validateSignature(str, digitalSeal.attributes.documentSignature, publicKey);
            logger.debug("Validating the notary signature of the digital seal...");
            validateSignature(digitalSeal.attributes.toString(), digitalSeal.notarySignature, publicKey);
        } catch (Exception e) {
            logger.debug("A '{}' exception was thrown while validating the following document: {}", e.getMessage(), str);
            z = false;
        }
        logger.exit(Boolean.valueOf(z));
        return z;
    }

    public DigitalSeal notarizeDocument(String str, SmartObject<? extends SmartObject<?>> smartObject, NotaryKey notaryKey) {
        logger.entry(new Object[]{smartObject, notaryKey});
        logger.debug("Converting the document to a JSON string...");
        DigitalSeal notarizeDocument = notarizeDocument(str, smartObject.toString(), notaryKey);
        logger.exit(notarizeDocument);
        return notarizeDocument;
    }

    public boolean documentIsValid(SmartObject<? extends SmartObject<?>> smartObject, DigitalSeal digitalSeal, PublicKey publicKey) {
        logger.entry(new Object[]{smartObject, publicKey, digitalSeal});
        logger.debug("Converting the document to a JSON string...");
        boolean documentIsValid = documentIsValid(smartObject.toString(), digitalSeal, publicKey);
        logger.exit(Boolean.valueOf(documentIsValid));
        return documentIsValid;
    }

    private void validateWatermark(Watermark watermark) {
        if (watermark.expirationTimestamp.isBeforeNow()) {
            throw new RuntimeException("The notary key has expired.");
        }
    }

    private String generateHash(PublicKey publicKey) {
        try {
            return Base32Utils.encode(MessageDigest.getInstance(HASH_ALGORITHM).digest(publicKey.getEncoded()));
        } catch (RuntimeException | NoSuchAlgorithmException e) {
            throw new RuntimeException("The following public key is invalid: " + publicKey);
        }
    }

    private void validateHash(String str, PublicKey publicKey) {
        if (!str.equals(generateHash(publicKey))) {
            throw new RuntimeException("The following public key hash is invalid: " + str);
        }
    }

    private void validateAttributes(DigitalSeal digitalSeal) {
        SealAttributes sealAttributes = digitalSeal.attributes;
        if (sealAttributes.notaryKeyId == null || sealAttributes.sha256VerificationKeyHash == null || sealAttributes.timestamp == null || sealAttributes.documentType == null || sealAttributes.documentType.isEmpty() || sealAttributes.documentSignature == null) {
            throw new RuntimeException("The following seal has invalid attributes: " + digitalSeal);
        }
    }

    private String generateSignature(String str, PrivateKey privateKey) {
        try {
            return Base32Utils.encode(this.cryptex.signBytes(privateKey, str.getBytes("UTF-8")));
        } catch (Exception e) {
            throw new RuntimeException("Unable to notarize the following document due to a " + e.getMessage() + " exception: " + str);
        }
    }

    private void validateSignature(String str, String str2, PublicKey publicKey) {
        try {
            if (this.cryptex.bytesAreValid(publicKey, str.getBytes("UTF-8"), Base32Utils.decode(str2))) {
            } else {
                throw new RuntimeException("The following document signature is invalid: " + str2);
            }
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("Unable to validate the following document due to a " + e.getMessage() + " exception: " + str);
        }
    }
}
