package org.openlca.license;

import com.google.gson.GsonBuilder;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import java.util.zip.ZipOutputStream;
import javax.crypto.BadPaddingException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.openlca.license.certificate.CertUtils;
import org.openlca.license.certificate.CertificateGenerator;
import org.openlca.license.certificate.CertificateInfo;
import org.openlca.license.certificate.Person;
import org.openlca.license.signature.Signer;

/* loaded from: input_file:org/openlca/license/Licensor.class */
public class Licensor {
    private static final String BC = "BC";
    private static final String KEY_ALGORITHM = "RSA";
    public static final String JSON = "license.json";
    public static List<String> INDICES = List.of("index_A", "index_B", "index_C");
    public static final int BUFFER_SIZE = 8192;
    public final X509CertificateHolder certAuthority;
    public final PrivateKey privateKeyCA;
    public final PublicKey publicKeyCA;
    private KeyPair keyPair;
    private Signer signer;

    private Licensor(X509CertificateHolder x509CertificateHolder, PublicKey publicKey, PrivateKey privateKey) {
        this.certAuthority = x509CertificateHolder;
        this.publicKeyCA = publicKey;
        this.privateKeyCA = privateKey;
    }

    public static Licensor getInstance(File file) throws IOException {
        X509CertificateHolder x509CertificateHolder = CertUtils.getX509CertificateHolder(new File(file, file.getName() + ".crt"));
        if (x509CertificateHolder == null) {
            throw new IOException("Error while parsing the CA certificate.");
        }
        PublicKey publicKeyCA = CertUtils.getPublicKeyCA(x509CertificateHolder);
        PrivateKey privateKeyCA = CertUtils.getPrivateKeyCA(file);
        if (privateKeyCA == null) {
            throw new IOException("Error while getting the private key from the certificate authority folder.");
        }
        return new Licensor(x509CertificateHolder, publicKeyCA, privateKeyCA);
    }

    public void license(ZipInputStream zipInputStream, ZipOutputStream zipOutputStream, char[] cArr, CertificateInfo certificateInfo) throws IOException {
        checkValidity(cArr, certificateInfo);
        this.keyPair = generateKeyPair();
        String createCertificate = createCertificate(certificateInfo);
        String authority = getAuthority();
        this.signer = new Signer(this.keyPair.getPrivate());
        ZipEntry nextEntry = zipInputStream.getNextEntry();
        while (true) {
            ZipEntry zipEntry = nextEntry;
            if (zipEntry == null) {
                Map<String, byte[]> signatures = this.signer.getSignatures();
                HashMap hashMap = new HashMap();
                signatures.forEach((str, bArr) -> {
                    hashMap.put(str, new String(Base64.encode(bArr)));
                });
                writeLicenseToJson(new License(createCertificate, hashMap, authority), zipOutputStream);
                return;
            }
            processEntry(zipInputStream, zipOutputStream, zipEntry, cArr);
            nextEntry = zipInputStream.getNextEntry();
        }
    }

    public CertificateInfo createCertificateInfo(Date date, Date date2, Person person) {
        return new CertificateInfo(date, determineEndDate(date2), person, Person.of(this.certAuthority.getSubject()));
    }

    public CertificateInfo createCertificateInfo(Date date, Person person) {
        return createCertificateInfo(date, null, person);
    }

    private void checkValidity(char[] cArr, CertificateInfo certificateInfo) {
        if (certificateInfo.notAfter().before(certificateInfo.notBefore()) || certificateInfo.notAfter().after(this.certAuthority.getNotAfter())) {
            throw new RuntimeException("Error while licensing the library. The start and end date provided are not valid.");
        }
        if (cArr == null || cArr.length == 0) {
            throw new RuntimeException("Error while licensing the library. The password provided is null or empty.");
        }
    }

    private void processEntry(ZipInputStream zipInputStream, ZipOutputStream zipOutputStream, ZipEntry zipEntry, char[] cArr) throws IOException {
        String name = zipEntry.getName();
        String substring = name.substring(0, name.length() - ".bin".length());
        if (!INDICES.contains(substring)) {
            zipOutputStream.putNextEntry(zipEntry);
            this.signer.sign(zipInputStream, name, zipOutputStream);
            return;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            Crypto.encrypt(cArr, this.keyPair.getPublic().getEncoded(), zipInputStream, byteArrayOutputStream);
            ZipEntry zipEntry2 = new ZipEntry(substring + ".enc");
            zipOutputStream.putNextEntry(zipEntry2);
            this.signer.sign(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), zipEntry2.getName(), zipOutputStream);
        } catch (BadPaddingException e) {
            throw new RuntimeException("Error while encrypting the following file: " + name, e);
        }
    }

    private void writeLicenseToJson(License license, ZipOutputStream zipOutputStream) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(new GsonBuilder().setPrettyPrinting().create().toJson(license).getBytes());
        ZipEntry zipEntry = new ZipEntry(JSON);
        zipOutputStream.putNextEntry(zipEntry);
        write(byteArrayInputStream, zipEntry.getName(), zipOutputStream);
    }

    private void write(InputStream inputStream, String str, OutputStream outputStream) {
        byte[] bArr = new byte[8192];
        while (true) {
            try {
                int read = inputStream.read(bArr);
                if (read < 0) {
                    return;
                } else {
                    outputStream.write(bArr, 0, read);
                }
            } catch (IOException e) {
                throw new RuntimeException("Error while writing the following file: " + str, e);
            }
        }
    }

    private String getAuthority() {
        try {
            return CertificateGenerator.toBase64(getCertificateAuthority());
        } catch (CertificateEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    public X509Certificate getCertificateAuthority() {
        try {
            return new JcaX509CertificateConverter().setProvider(BC).getCertificate(this.certAuthority);
        } catch (CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    public Date determineEndDate(Date date) {
        Date notAfter = getCertificateAuthority().getNotAfter();
        if (date != null && !date.after(notAfter)) {
            return date;
        }
        return notAfter;
    }

    public String createCertificate(CertificateInfo certificateInfo) {
        try {
            return CertificateGenerator.toBase64(new CertificateGenerator(this.certAuthority, new KeyPair(this.publicKeyCA, this.privateKeyCA)).createCertificate(certificateInfo, this.keyPair));
        } catch (CertificateEncodingException e) {
            throw new RuntimeException("Error while encoding the license certificate to Base64.", e);
        }
    }

    public static KeyPair generateKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM, BC);
            keyPairGenerator.initialize(2048);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new RuntimeException("Error while generating the key pair of the license certificate.", e);
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
