package org.ten60.netkernel.security.endpoint;

import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import org.netkernel.layer0.nkf.INKFRequestContext;
import org.netkernel.layer0.nkf.NKFException;
import org.netkernel.layer0.representation.IReadableBinaryStreamRepresentation;
import org.netkernel.layer0.util.Utils;
import org.netkernel.module.standard.endpoint.StandardAccessorImpl;
import org.ten60.netkernel.security.util.SecurityUtils;

/* loaded from: input_file:modules/urn.org.netkernel.mod.security-1.4.11.jar:org/ten60/netkernel/security/endpoint/SignVerifyAccessor.class */
public class SignVerifyAccessor extends StandardAccessorImpl {
    public SignVerifyAccessor() {
        declareThreadSafe();
    }

    public void onSource(INKFRequestContext iNKFRequestContext) throws Exception {
        Certificate trustedCertificate;
        Object valueOf;
        String argumentValue = iNKFRequestContext.getThisRequest().getArgumentValue("activeType");
        IReadableBinaryStreamRepresentation iReadableBinaryStreamRepresentation = (IReadableBinaryStreamRepresentation) iNKFRequestContext.source("arg:operand", IReadableBinaryStreamRepresentation.class);
        String str = null;
        if (iNKFRequestContext.getThisRequest().argumentExists("keyPassword")) {
            str = (String) iNKFRequestContext.source("arg:keyPassword", String.class);
        }
        if (argumentValue.equals("pkiSign")) {
            KeyStore sourceKeyStore = sourceKeyStore(iNKFRequestContext);
            String argumentValue2 = iNKFRequestContext.getThisRequest().getArgumentValue("keyID");
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) sourceKeyStore.getEntry(argumentValue2, new KeyStore.PasswordProtection(SecurityUtils.stringToChar(str)));
            if (privateKeyEntry == null) {
                throw new NKFException("Key: " + argumentValue2 + " not found in keystore");
            }
            valueOf = Utils.toHexString(signStream(privateKeyEntry.getPrivateKey(), iReadableBinaryStreamRepresentation.getInputStream()));
        } else {
            if (iNKFRequestContext.getThisRequest().argumentExists("publicKeyCertificate")) {
                trustedCertificate = CertificateFactory.getInstance("X.509").generateCertificate(((IReadableBinaryStreamRepresentation) iNKFRequestContext.source("arg:publicKeyCertificate", IReadableBinaryStreamRepresentation.class)).getInputStream());
            } else {
                KeyStore sourceKeyStore2 = sourceKeyStore(iNKFRequestContext);
                String argumentValue3 = iNKFRequestContext.getThisRequest().getArgumentValue("keyID");
                KeyStore.PasswordProtection passwordProtection = null;
                if (str != null) {
                    passwordProtection = new KeyStore.PasswordProtection(SecurityUtils.stringToChar(str));
                }
                KeyStore.TrustedCertificateEntry trustedCertificateEntry = (KeyStore.TrustedCertificateEntry) sourceKeyStore2.getEntry(argumentValue3, passwordProtection);
                if (trustedCertificateEntry == null) {
                    throw new NKFException("Key: " + argumentValue3 + " not found in keystore");
                }
                trustedCertificate = trustedCertificateEntry.getTrustedCertificate();
            }
            valueOf = Boolean.valueOf(verifyStream(trustedCertificate, iReadableBinaryStreamRepresentation.getInputStream(), Utils.fromHexString((String) iNKFRequestContext.source("arg:signature", String.class))));
        }
        iNKFRequestContext.createResponseFrom(valueOf);
    }

    private byte[] signStream(PrivateKey privateKey, InputStream inputStream) throws Exception {
        Signature signature = Signature.getInstance("SHA1withRSA");
        signature.initSign(privateKey);
        updateSignature(signature, inputStream);
        return signature.sign();
    }

    private boolean verifyStream(Certificate certificate, InputStream inputStream, byte[] bArr) throws Exception {
        Signature signature = Signature.getInstance("SHA1withRSA");
        signature.initVerify(certificate);
        updateSignature(signature, inputStream);
        return signature.verify(bArr);
    }

    private void updateSignature(Signature signature, InputStream inputStream) throws Exception {
        while (inputStream.available() > 0) {
            byte[] bArr = new byte[256];
            inputStream.read(bArr);
            signature.update(bArr);
        }
    }

    private KeyStore sourceKeyStore(INKFRequestContext iNKFRequestContext) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(((IReadableBinaryStreamRepresentation) iNKFRequestContext.source("arg:keystore", IReadableBinaryStreamRepresentation.class)).getInputStream(), SecurityUtils.stringToChar((String) iNKFRequestContext.source("arg:keystorePassword", String.class)));
        return keyStore;
    }
}
