package com.liferay.lcs.messaging.internal.security;

import com.liferay.lcs.messaging.CommandMessage;
import com.liferay.lcs.messaging.Message;
import com.liferay.lcs.messaging.security.DigitalSignature;
import com.liferay.lcs.messaging.security.exception.DigitalSignatureException;
import com.liferay.lcs.security.KeyStoreAdvisor;
import com.liferay.lcs.security.KeyStoreFactory;
import java.security.KeyStore;
import java.security.Signature;
import javax.xml.bind.DatatypeConverter;
import org.osgi.service.component.annotations.Component;

@Component(immediate = true, service = {DigitalSignature.class})
/* loaded from: input_file:com/liferay/lcs/messaging/internal/security/DigitalSignatureImpl.class */
public class DigitalSignatureImpl implements DigitalSignature {
    private String _keyAlias;
    private KeyStore _keyStore;
    private final KeyStoreAdvisor _keyStoreAdvisor = new KeyStoreAdvisor();
    private String _keyStorePassword = "_k3y#5t0r3-p45S";
    private String _keyStorePath;
    private String _keyStoreType;
    private String _signingAlgorithm;

    @Override // com.liferay.lcs.messaging.security.DigitalSignature
    public String getSignature(int i, String str) {
        try {
            return doGetSignature(i, str.getBytes());
        } catch (Exception e) {
            throw new RuntimeException("Unable to sign value", e);
        }
    }

    public void setKeyName(String str) {
        this._keyAlias = str;
    }

    public void setKeyStorePassword(String str) {
        this._keyStorePassword = str;
    }

    public void setKeyStorePath(String str) {
        this._keyStorePath = str;
    }

    public void setKeyStoreType(String str) {
        this._keyStoreType = str;
    }

    public void setSigningAlgorithm(String str) {
        this._signingAlgorithm = str;
    }

    @Override // com.liferay.lcs.messaging.security.DigitalSignature
    public void signMessage(int i, Message message) {
        if (message instanceof CommandMessage) {
            CommandMessage commandMessage = (CommandMessage) message;
            try {
                commandMessage.setSignature(doGetSignature(i, getBytes(commandMessage)));
            } catch (Exception e) {
                throw new RuntimeException("Unable to sign message", e);
            }
        }
    }

    @Override // com.liferay.lcs.messaging.security.DigitalSignature
    public void signMessage(Message message) {
        if (message instanceof CommandMessage) {
            CommandMessage commandMessage = (CommandMessage) message;
            try {
                commandMessage.setSignature(doGetSignature(0, getBytes(commandMessage)));
            } catch (Exception e) {
                throw new RuntimeException("Unable to sign message", e);
            }
        }
    }

    @Override // com.liferay.lcs.messaging.security.DigitalSignature
    public boolean verifyMessage(int i, Message message) throws DigitalSignatureException {
        if (!(message instanceof CommandMessage)) {
            return true;
        }
        CommandMessage commandMessage = (CommandMessage) message;
        try {
            return doVerifyMessage(i, getBytes(commandMessage), commandMessage.getSignature());
        } catch (Exception e) {
            throw new DigitalSignatureException("Unable to verify message", e);
        }
    }

    @Override // com.liferay.lcs.messaging.security.DigitalSignature
    public boolean verifyValue(String str, String str2) throws DigitalSignatureException {
        try {
            return doVerifyMessage(0, str.getBytes(), str2);
        } catch (Exception e) {
            throw new DigitalSignatureException("Unable to verify message", e);
        }
    }

    protected String doGetSignature(int i, byte[] bArr) throws Exception {
        Signature signature = Signature.getInstance(this._signingAlgorithm);
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(this._keyStorePassword.toCharArray());
        KeyStore keyStore = getKeyStore();
        signature.initSign(((KeyStore.PrivateKeyEntry) keyStore.getEntry(this._keyStoreAdvisor.getKeyAlias(i, this._keyAlias, keyStore), passwordProtection)).getPrivateKey());
        signature.update(bArr);
        return DatatypeConverter.printBase64Binary(signature.sign());
    }

    protected boolean doVerifyMessage(int i, byte[] bArr, String str) throws Exception {
        Signature signature = Signature.getInstance(this._signingAlgorithm);
        KeyStore keyStore = getKeyStore();
        signature.initVerify(keyStore.getCertificate(this._keyStoreAdvisor.getKeyAlias(i, this._keyAlias, keyStore)));
        signature.update(bArr);
        return signature.verify(DatatypeConverter.parseBase64Binary(str));
    }

    protected byte[] getBytes(CommandMessage commandMessage) {
        return commandMessage.getSignatureString().getBytes();
    }

    protected KeyStore getKeyStore() throws Exception {
        if (this._keyStore != null) {
            return this._keyStore;
        }
        this._keyStore = KeyStoreFactory.getInstance(this._keyStorePath, this._keyStoreType, this._keyStorePassword);
        return this._keyStore;
    }
}
