package net.oauth.signature;

import com.atlassian.security.auth.trustedapps.BouncyCastleEncryptionProvider;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthException;
import net.oauth.signature.pem.PEMReader;
import net.oauth.signature.pem.PKCS1EncodedKeySpec;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/classes/stash-bundled-plugins.zip:atlassian-oauth-consumer-sal-plugin-1.9.10.jar:META-INF/lib/oauth-20090617.jar:net/oauth/signature/RSA_SHA1.class
 */
/* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:atlassian-oauth-service-provider-plugin-1.9.10.jar:META-INF/lib/oauth-20090617.jar:net/oauth/signature/RSA_SHA1.class */
public class RSA_SHA1 extends OAuthSignatureMethod {
    public static final String PRIVATE_KEY = "RSA-SHA1.PrivateKey";
    public static final String PUBLIC_KEY = "RSA-SHA1.PublicKey";
    public static final String X509_CERTIFICATE = "RSA-SHA1.X509Certificate";
    private PrivateKey privateKey = null;
    private PublicKey publicKey = null;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.oauth.signature.OAuthSignatureMethod
    public void initialize(String str, OAuthAccessor oAuthAccessor) throws OAuthException {
        super.initialize(str, oAuthAccessor);
        try {
            Object property = oAuthAccessor.consumer.getProperty(PRIVATE_KEY);
            if (property != null) {
                this.privateKey = loadPrivateKey(property);
            }
            Object property2 = oAuthAccessor.consumer.getProperty(PUBLIC_KEY);
            if (property2 != null) {
                this.publicKey = loadPublicKey(property2, false);
            } else {
                Object property3 = oAuthAccessor.consumer.getProperty(X509_CERTIFICATE);
                if (property3 != null) {
                    this.publicKey = loadPublicKey(property3, true);
                }
            }
        } catch (IOException e) {
            throw new OAuthException(e);
        } catch (GeneralSecurityException e2) {
            throw new OAuthException(e2);
        }
    }

    private PublicKey getPublicKeyFromDerCert(byte[] bArr) throws GeneralSecurityException {
        return ((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(bArr))).getPublicKey();
    }

    private PublicKey getPublicKeyFromDer(byte[] bArr) throws GeneralSecurityException {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr));
    }

    private PublicKey getPublicKeyFromPem(String str) throws GeneralSecurityException, IOException {
        PublicKey publicKeyFromDerCert;
        PEMReader pEMReader = new PEMReader(new ByteArrayInputStream(str.getBytes("UTF-8")));
        byte[] derBytes = pEMReader.getDerBytes();
        if (PEMReader.PUBLIC_X509_MARKER.equals(pEMReader.getBeginMarker())) {
            publicKeyFromDerCert = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(derBytes));
        } else {
            if (!PEMReader.CERTIFICATE_X509_MARKER.equals(pEMReader.getBeginMarker())) {
                throw new IOException("Invalid PEM fileL: Unknown marker for  public key or cert " + pEMReader.getBeginMarker());
            }
            publicKeyFromDerCert = getPublicKeyFromDerCert(derBytes);
        }
        return publicKeyFromDerCert;
    }

    private PrivateKey getPrivateKeyFromDer(byte[] bArr) throws GeneralSecurityException {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    private PrivateKey getPrivateKeyFromPem(String str) throws GeneralSecurityException, IOException {
        KeySpec pKCS8EncodedKeySpec;
        PEMReader pEMReader = new PEMReader(new ByteArrayInputStream(str.getBytes("UTF-8")));
        byte[] derBytes = pEMReader.getDerBytes();
        if (PEMReader.PRIVATE_PKCS1_MARKER.equals(pEMReader.getBeginMarker())) {
            pKCS8EncodedKeySpec = new PKCS1EncodedKeySpec(derBytes).getKeySpec();
        } else {
            if (!PEMReader.PRIVATE_PKCS8_MARKER.equals(pEMReader.getBeginMarker())) {
                throw new IOException("Invalid PEM file: Unknown marker for private key " + pEMReader.getBeginMarker());
            }
            pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(derBytes);
        }
        return KeyFactory.getInstance("RSA").generatePrivate(pKCS8EncodedKeySpec);
    }

    @Override // net.oauth.signature.OAuthSignatureMethod
    protected String getSignature(String str) throws OAuthException {
        try {
            return base64Encode(sign(str.getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
            throw new OAuthException(e);
        } catch (GeneralSecurityException e2) {
            throw new OAuthException(e2);
        }
    }

    @Override // net.oauth.signature.OAuthSignatureMethod
    protected boolean isValid(String str, String str2) throws OAuthException {
        try {
            return verify(decodeBase64(str), str2.getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
            throw new OAuthException(e);
        } catch (GeneralSecurityException e2) {
            throw new OAuthException(e2);
        }
    }

    private byte[] sign(byte[] bArr) throws GeneralSecurityException {
        if (this.privateKey == null) {
            throw new IllegalStateException("need to set private key with OAuthConsumer.setProperty when generating RSA-SHA1 signatures.");
        }
        Signature signature = Signature.getInstance(BouncyCastleEncryptionProvider.SIGNATURE_ALGORITHM);
        signature.initSign(this.privateKey);
        signature.update(bArr);
        return signature.sign();
    }

    private boolean verify(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        if (this.publicKey == null) {
            throw new IllegalStateException("need to set public key with  OAuthConsumer.setProperty when verifying RSA-SHA1 signatures.");
        }
        Signature signature = Signature.getInstance(BouncyCastleEncryptionProvider.SIGNATURE_ALGORITHM);
        signature.initVerify(this.publicKey);
        signature.update(bArr2);
        return signature.verify(bArr);
    }

    private PrivateKey loadPrivateKey(Object obj) throws IOException, GeneralSecurityException {
        PrivateKey privateKeyFromDer;
        if (obj instanceof PrivateKey) {
            privateKeyFromDer = (PrivateKey) obj;
        } else if (obj instanceof String) {
            try {
                privateKeyFromDer = getPrivateKeyFromPem((String) obj);
            } catch (IOException e) {
                privateKeyFromDer = getPrivateKeyFromDer(decodeBase64((String) obj));
            }
        } else {
            if (!(obj instanceof byte[])) {
                throw new IllegalArgumentException("Private key set through RSA_SHA1.PRIVATE_KEY must be of type PrivateKey, String or byte[] and not " + obj.getClass().getName());
            }
            privateKeyFromDer = getPrivateKeyFromDer((byte[]) obj);
        }
        return privateKeyFromDer;
    }

    private PublicKey loadPublicKey(Object obj, boolean z) throws IOException, GeneralSecurityException {
        PublicKey publicKeyFromDer;
        if (obj instanceof PublicKey) {
            publicKeyFromDer = (PublicKey) obj;
        } else if (obj instanceof X509Certificate) {
            publicKeyFromDer = ((X509Certificate) obj).getPublicKey();
        } else if (obj instanceof String) {
            try {
                publicKeyFromDer = getPublicKeyFromPem((String) obj);
            } catch (IOException e) {
                if (z) {
                    throw e;
                }
                publicKeyFromDer = getPublicKeyFromDer(decodeBase64((String) obj));
            }
        } else {
            if (!(obj instanceof byte[])) {
                throw new IllegalArgumentException("Public key or certificate set through " + (z ? "RSA_SHA1.X509_CERTIFICATE" : "RSA_SHA1.PUBLIC_KEY") + " must be of type PublicKey, String or byte[], and not " + obj.getClass().getName());
            }
            publicKeyFromDer = z ? getPublicKeyFromDerCert((byte[]) obj) : getPublicKeyFromDer((byte[]) obj);
        }
        return publicKeyFromDer;
    }
}
