package org.to2mbn.jmccc.auth.yggdrasil.core.yggdrasil;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.to2mbn.jmccc.auth.yggdrasil.core.util.Base64;

/* loaded from: input_file:org/to2mbn/jmccc/auth/yggdrasil/core/yggdrasil/SignaturedPropertiesDeserializer.class */
public class SignaturedPropertiesDeserializer implements Serializable, PropertiesDeserializer {
    private static final long serialVersionUID = 1;
    private PublicKey signaturePublicKey;

    private static PublicKey loadDefaultSignaturePublicKey() throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        InputStream resourceAsStream = SignaturedPropertiesDeserializer.class.getResourceAsStream("/yggdrasil_session_pubkey.der");
        Throwable th = null;
        try {
            byte[] bArr = new byte[8192];
            while (true) {
                int read = resourceAsStream.read(bArr);
                if (read == -1) {
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
            return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(byteArrayOutputStream.toByteArray()));
        } finally {
            if (resourceAsStream != null) {
                if (0 != 0) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
        }
    }

    public SignaturedPropertiesDeserializer() {
        try {
            this.signaturePublicKey = loadDefaultSignaturePublicKey();
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new IllegalStateException("failed to load default yggdrasil signature key", e);
        }
    }

    public SignaturedPropertiesDeserializer(PublicKey publicKey) {
        this.signaturePublicKey = publicKey;
    }

    @Override // org.to2mbn.jmccc.auth.yggdrasil.core.yggdrasil.PropertiesDeserializer
    public Map<String, String> toProperties(JSONArray jSONArray, boolean z) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, JSONException {
        if (jSONArray == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject = jSONArray.getJSONObject(i);
            String string = jSONObject.getString("name");
            String string2 = jSONObject.getString("value");
            if (jSONObject.has("signature")) {
                if (this.signaturePublicKey != null) {
                    checkSignature(string, string2, jSONObject.getString("signature"));
                } else {
                    if (z) {
                        throw new InvalidKeyException("no key is available");
                    }
                }
            } else if (z) {
                throw new SignatureException("no signature");
            }
            hashMap.put(string, string2);
        }
        return hashMap;
    }

    private void checkSignature(String str, String str2, String str3) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        Signature signature = Signature.getInstance("SHA1withRSA");
        signature.initVerify(this.signaturePublicKey);
        signature.update(str2.getBytes());
        if (!signature.verify(Base64.decode(str3.toCharArray()))) {
            throw new SignatureException("invalid signature");
        }
    }
}
