package org.drools.compiler.kie.builder.impl;

import com.google.protobuf.ByteString;
import com.google.protobuf.ExtensionRegistry;
import com.google.protobuf.Message;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import org.drools.compiler.kie.builder.impl.KieModuleCache;
import org.drools.core.util.Drools;
import org.drools.core.util.KeyStoreHelper;

/* loaded from: input_file:WEB-INF/lib/drools-compiler-7.6.0.Final.jar:org/drools/compiler/kie/builder/impl/KieModuleCacheHelper.class */
public class KieModuleCacheHelper {
    public static void writeToStreamWithHeader(OutputStream outputStream, Message message) throws IOException {
        KieModuleCache.Header.Builder newBuilder = KieModuleCache.Header.newBuilder();
        newBuilder.setVersion(KieModuleCache.Version.newBuilder().setVersionMajor(Drools.getMajorVersion()).setVersionMinor(Drools.getMinorVersion()).setVersionRevision(Drools.getRevisionVersion()).build());
        byte[] byteArray = message.toByteArray();
        sign(newBuilder, byteArray);
        newBuilder.setPayload(ByteString.copyFrom(byteArray));
        outputStream.write(newBuilder.build().toByteArray());
    }

    private static void sign(KieModuleCache.Header.Builder builder, byte[] bArr) {
        KeyStoreHelper keyStoreHelper = new KeyStoreHelper();
        if (keyStoreHelper.isSigned()) {
            try {
                builder.setSignature(KieModuleCache.Signature.newBuilder().setKeyAlias(keyStoreHelper.getPvtKeyAlias()).setSignature(ByteString.copyFrom(keyStoreHelper.signDataWithPrivateKey(bArr))).build());
            } catch (Exception e) {
                throw new RuntimeException("Error signing session: " + e.getMessage(), e);
            }
        }
    }

    public static KieModuleCache.Header readFromStreamWithHeaderPreloaded(InputStream inputStream, ExtensionRegistry extensionRegistry) throws IOException, ClassNotFoundException {
        KieModuleCache.Header parseFrom = KieModuleCache.Header.parseFrom(preload(inputStream), extensionRegistry);
        checkSignature(parseFrom, parseFrom.getPayload().toByteArray());
        return parseFrom;
    }

    private static byte[] preload(InputStream inputStream) throws IOException {
        byte[] bArr = new byte[4096];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    private static void checkSignature(KieModuleCache.Header header, byte[] bArr) {
        KeyStoreHelper keyStoreHelper = new KeyStoreHelper();
        boolean hasSignature = header.hasSignature();
        if (keyStoreHelper.isSigned() != hasSignature) {
            throw new RuntimeException("This environment is configured to work with " + (keyStoreHelper.isSigned() ? "signed" : "unsigned") + " serialized objects, but the given object is " + (hasSignature ? "signed" : "unsigned") + ". Deserialization aborted.");
        }
        if (hasSignature) {
            if (keyStoreHelper.getPubKeyStore() == null) {
                throw new RuntimeException("The session was serialized with a signature. Please configure a public keystore with the public key to check the signature. Deserialization aborted.");
            }
            try {
                if (keyStoreHelper.checkDataWithPublicKey(header.getSignature().getKeyAlias(), bArr, header.getSignature().getSignature().toByteArray())) {
                } else {
                    throw new RuntimeException("Signature does not match serialized package. This is a security violation. Deserialisation aborted.");
                }
            } catch (InvalidKeyException e) {
                throw new RuntimeException("Invalid key checking signature: " + e.getMessage(), e);
            } catch (KeyStoreException e2) {
                throw new RuntimeException("Error accessing Key Store: " + e2.getMessage(), e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new RuntimeException("No algorithm available: " + e3.getMessage(), e3);
            } catch (SignatureException e4) {
                throw new RuntimeException("Signature Exception: " + e4.getMessage(), e4);
            }
        }
    }

    public static ExtensionRegistry buildRegistry() {
        return ExtensionRegistry.newInstance();
    }

    public static final byte[] intToByteArray(int i) {
        return new byte[]{(byte) ((i >>> 24) & 255), (byte) ((i >>> 16) & 255), (byte) ((i >>> 8) & 255), (byte) (i & 255)};
    }

    public static final int byteArrayToInt(byte[] bArr) {
        return (bArr[0] << 24) + ((bArr[1] & 255) << 16) + ((bArr[2] & 255) << 8) + (bArr[3] & 255);
    }

    public static final byte[] longToByteArray(long j) {
        return new byte[]{(byte) ((j >>> 56) & 255), (byte) ((j >>> 48) & 255), (byte) ((j >>> 40) & 255), (byte) ((j >>> 32) & 255), (byte) ((j >>> 24) & 255), (byte) ((j >>> 16) & 255), (byte) ((j >>> 8) & 255), (byte) (j & 255)};
    }

    public static final long byteArrayToLong(byte[] bArr) {
        return ((bArr[0] & 255) << 56) + ((bArr[1] & 255) << 48) + ((bArr[2] & 255) << 40) + ((bArr[3] & 255) << 32) + ((bArr[4] & 255) << 24) + ((bArr[5] & 255) << 16) + ((bArr[6] & 255) << 8) + (bArr[7] & 255);
    }
}
