package org.drools.core.util;

import java.io.IOException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;

/* loaded from: input_file:WEB-INF/lib/drools-core-6.5.0.Beta1.jar:org/drools/core/util/KeyStoreHelper.class */
public class KeyStoreHelper {
    public static final String PROP_SIGN = "drools.serialization.sign";
    public static final String PROP_PVT_KS_URL = "drools.serialization.private.keyStoreURL";
    public static final String PROP_PVT_KS_PWD = "drools.serialization.private.keyStorePwd";
    public static final String PROP_PVT_ALIAS = "drools.serialization.private.keyAlias";
    public static final String PROP_PVT_PWD = "drools.serialization.private.keyPwd";
    public static final String PROP_PUB_KS_URL = "drools.serialization.public.keyStoreURL";
    public static final String PROP_PUB_KS_PWD = "drools.serialization.public.keyStorePwd";
    private boolean signed;
    private URL pvtKeyStoreURL;
    private char[] pvtKeyStorePwd;
    private String pvtKeyAlias;
    private char[] pvtKeyPassword;
    private URL pubKeyStoreURL;
    private char[] pubKeyStorePwd;
    private KeyStore pvtKeyStore;
    private KeyStore pubKeyStore;

    public KeyStoreHelper() {
        try {
            this.signed = Boolean.valueOf(System.getProperty(PROP_SIGN, "false")).booleanValue();
            String property = System.getProperty(PROP_PVT_KS_URL, "");
            if (property.length() > 0) {
                this.pvtKeyStoreURL = new URL(property);
            }
            this.pvtKeyStorePwd = System.getProperty(PROP_PVT_KS_PWD, "").toCharArray();
            this.pvtKeyAlias = System.getProperty(PROP_PVT_ALIAS, "");
            this.pvtKeyPassword = System.getProperty(PROP_PVT_PWD, "").toCharArray();
            String property2 = System.getProperty(PROP_PUB_KS_URL, "");
            if (property2.length() > 0) {
                this.pubKeyStoreURL = new URL(property2);
            }
            this.pubKeyStorePwd = System.getProperty(PROP_PUB_KS_PWD, "").toCharArray();
            initKeyStore();
        } catch (Exception e) {
            throw new RuntimeException("Error initialising KeyStore: " + e.getMessage(), e);
        }
    }

    private void initKeyStore() throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
        if (this.pvtKeyStoreURL != null) {
            this.pvtKeyStore = KeyStore.getInstance("JKS");
            this.pvtKeyStore.load(this.pvtKeyStoreURL.openStream(), this.pvtKeyStorePwd);
        }
        if (this.pubKeyStoreURL != null) {
            this.pubKeyStore = KeyStore.getInstance("JKS");
            this.pubKeyStore.load(this.pubKeyStoreURL.openStream(), this.pubKeyStorePwd);
        }
    }

    public byte[] signDataWithPrivateKey(byte[] bArr) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        if (this.pvtKeyStore == null) {
            throw new RuntimeException("Key store with private key not configured. Please configure it properly before using signed serialization.");
        }
        PrivateKey privateKey = (PrivateKey) this.pvtKeyStore.getKey(this.pvtKeyAlias, this.pvtKeyPassword);
        Signature signature = Signature.getInstance("MD5withRSA");
        signature.initSign(privateKey);
        signature.update(bArr);
        return signature.sign();
    }

    public boolean checkDataWithPublicKey(String str, byte[] bArr, byte[] bArr2) throws KeyStoreException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        if (this.pubKeyStore == null) {
            throw new RuntimeException("Key store with public key not configured. Please configure it properly before using signed serialization.");
        }
        Certificate certificate = this.pubKeyStore.getCertificate(str);
        if (certificate == null) {
            throw new RuntimeException("Public certificate for key '" + str + "' not found in the configured key store. Impossible to deserialize the object.");
        }
        Signature signature = Signature.getInstance("MD5withRSA");
        signature.initVerify(certificate.getPublicKey());
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public boolean isSigned() {
        return this.signed;
    }

    public URL getPvtKeyStoreURL() {
        return this.pvtKeyStoreURL;
    }

    public char[] getPvtKeyStorePwd() {
        return this.pvtKeyStorePwd;
    }

    public String getPvtKeyAlias() {
        return this.pvtKeyAlias;
    }

    public char[] getPvtKeyPassword() {
        return this.pvtKeyPassword;
    }

    public URL getPubKeyStoreURL() {
        return this.pubKeyStoreURL;
    }

    public char[] getPubKeyStorePwd() {
        return this.pubKeyStorePwd;
    }

    public KeyStore getPvtKeyStore() {
        return this.pvtKeyStore;
    }

    public KeyStore getPubKeyStore() {
        return this.pubKeyStore;
    }
}
