package org.ten60.netkernel.security.endpoint;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.net.URI;
import java.security.DigestOutputStream;
import java.security.MessageDigest;
import java.util.Comparator;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import org.netkernel.layer0.nkf.INKFRequest;
import org.netkernel.layer0.nkf.INKFRequestContext;
import org.netkernel.layer0.nkf.NKFException;
import org.netkernel.layer0.representation.ByteArrayRepresentation;
import org.netkernel.layer0.representation.IHDSNode;
import org.netkernel.layer0.representation.IHDSNodeList;
import org.netkernel.layer0.representation.IReadableBinaryStreamRepresentation;
import org.netkernel.layer0.representation.impl.HDSBuilder;
import org.netkernel.layer0.util.Utils;
import org.netkernel.module.standard.endpoint.StandardAccessorImpl;
import org.ten60.netkernel.security.util.SecurityUtils;

/* loaded from: input_file:modules/urn.org.netkernel.mod.security-1.0.11.jar:org/ten60/netkernel/security/endpoint/SignVerifyModuleAccessor.class */
public class SignVerifyModuleAccessor extends StandardAccessorImpl {
    public static final String MODULE_SIGNATURE_FILE = "module.signature";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:modules/urn.org.netkernel.mod.security-1.0.11.jar:org/ten60/netkernel/security/endpoint/SignVerifyModuleAccessor$DigestValue.class */
    public class DigestValue {
        protected byte[] mDigest;
        protected String mSignature;

        private DigestValue() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:modules/urn.org.netkernel.mod.security-1.0.11.jar:org/ten60/netkernel/security/endpoint/SignVerifyModuleAccessor$NodeFileComparator.class */
    public class NodeFileComparator implements Comparator<IHDSNode> {
        private NodeFileComparator() {
        }

        @Override // java.util.Comparator
        public int compare(IHDSNode iHDSNode, IHDSNode iHDSNode2) {
            return ((File) iHDSNode.getValue()).getAbsolutePath().compareTo(((File) iHDSNode2.getValue()).getAbsolutePath());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:modules/urn.org.netkernel.mod.security-1.0.11.jar:org/ten60/netkernel/security/endpoint/SignVerifyModuleAccessor$SigFilter.class */
    public class SigFilter implements FileFilter {
        private SigFilter() {
        }

        @Override // java.io.FileFilter
        public boolean accept(File file) {
            return !file.getName().equals(SignVerifyModuleAccessor.MODULE_SIGNATURE_FILE);
        }
    }

    public SignVerifyModuleAccessor() {
        declareThreadSafe();
    }

    @Override // org.netkernel.layer0.nkf.impl.NKFEndpointImpl
    public void onSource(INKFRequestContext iNKFRequestContext) throws Exception {
        String argumentValue = iNKFRequestContext.getThisRequest().getArgumentValue("activeType");
        String argumentValue2 = iNKFRequestContext.getThisRequest().getArgumentValue("operand");
        iNKFRequestContext.createResponseFrom(argumentValue.equals("pkiSignModule") ? signModule(iNKFRequestContext, argumentValue2) : verifyModule(iNKFRequestContext, argumentValue2));
    }

    private Object signModule(INKFRequestContext iNKFRequestContext, String str) throws Exception {
        INKFRequest createPartialRequest = createPartialRequest(iNKFRequestContext, "active:pkiSign", createDigest(iNKFRequestContext, str));
        createPartialRequest.addArgument("keyPassword", iNKFRequestContext.getThisRequest().getArgumentValue("keyPassword"));
        return iNKFRequestContext.issueRequest(createPartialRequest);
    }

    private Object verifyModule(INKFRequestContext iNKFRequestContext, String str) throws Exception {
        DigestValue createDigest = createDigest(iNKFRequestContext, str);
        INKFRequest createPartialRequest = createPartialRequest(iNKFRequestContext, "active:pkiVerify", createDigest);
        if (iNKFRequestContext.getThisRequest().argumentExists("signature")) {
            createPartialRequest.addArgument("signature", iNKFRequestContext.getThisRequest().getArgumentValue("signature"));
        } else if (createDigest.mSignature != null) {
            createPartialRequest.addArgumentByValue("signature", createDigest.mSignature);
        } else {
            createPartialRequest.addArgument("signature", str + MODULE_SIGNATURE_FILE);
        }
        return iNKFRequestContext.issueRequest(createPartialRequest);
    }

    private INKFRequest createPartialRequest(INKFRequestContext iNKFRequestContext, String str, DigestValue digestValue) throws Exception {
        INKFRequest createRequest = iNKFRequestContext.createRequest(str);
        createRequest.addArgumentByValue("operand", new ByteArrayRepresentation(digestValue.mDigest));
        if (iNKFRequestContext.getThisRequest().argumentExists("publicKeyCertificate")) {
            createRequest.addArgument("publicKeyCertificate", iNKFRequestContext.getThisRequest().getArgumentValue("publicKeyCertificate"));
        } else {
            createRequest.addArgument("keystore", iNKFRequestContext.getThisRequest().getArgumentValue("keystore"));
            createRequest.addArgument("keystorePassword", iNKFRequestContext.getThisRequest().getArgumentValue("keystorePassword"));
            createRequest.addArgument("keyID", iNKFRequestContext.getThisRequest().getArgumentValue("keyID"));
        }
        return createRequest;
    }

    private DigestValue createDigest(INKFRequestContext iNKFRequestContext, String str) throws Exception {
        if (str.endsWith("jar")) {
            return createJarDigest(iNKFRequestContext, str);
        }
        URI create = URI.create(str);
        if (create.getScheme().equals("file")) {
            return createFileDigest(new File(create));
        }
        throw new NKFException("Unsupported module URI  " + str);
    }

    private DigestValue createFileDigest(File file) throws Exception {
        HDSBuilder hDSBuilder = new HDSBuilder();
        recurseFileTree(file, hDSBuilder);
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        DigestOutputStream digestOutputStream = new DigestOutputStream(new ByteArrayOutputStream(1024), messageDigest);
        IHDSNodeList sort = hDSBuilder.getRoot().getNodes("/file").sort(new NodeFileComparator());
        for (int i = 0; i < sort.size(); i++) {
            Utils.pipe(new FileInputStream((File) sort.get(i).getValue()), digestOutputStream);
        }
        digestOutputStream.flush();
        DigestValue digestValue = new DigestValue();
        digestValue.mDigest = messageDigest.digest();
        return digestValue;
    }

    private DigestValue createJarDigest(INKFRequestContext iNKFRequestContext, String str) throws Exception {
        String GUID = SecurityUtils.GUID();
        File createTempFile = File.createTempFile("nk-module-" + GUID, ".tmp");
        createTempFile.deleteOnExit();
        File file = new File(createTempFile.getParent(), "nk-module" + GUID);
        file.mkdir();
        file.deleteOnExit();
        createTempFile.delete();
        File file2 = new File(file, "tmp-nk-module.zip");
        file2.deleteOnExit();
        Utils.pipe(((IReadableBinaryStreamRepresentation) iNKFRequestContext.source(str, IReadableBinaryStreamRepresentation.class)).getInputStream(), new FileOutputStream(file2));
        unzip(new FileInputStream(file2), file2.toURI().toString());
        file2.delete();
        DigestValue createFileDigest = createFileDigest(file);
        File file3 = new File(file, MODULE_SIGNATURE_FILE);
        if (file3.exists()) {
            createFileDigest.mSignature = (String) iNKFRequestContext.source(file3.toURI().toString(), String.class);
        }
        rmdir(file);
        return createFileDigest;
    }

    private void recurseFileTree(File file, HDSBuilder hDSBuilder) {
        File[] listFiles = file.listFiles(new SigFilter());
        if (listFiles != null) {
            for (int i = 0; i < listFiles.length; i++) {
                if (listFiles[i].isDirectory()) {
                    recurseFileTree(listFiles[i], hDSBuilder);
                } else {
                    hDSBuilder.addNode("file", listFiles[i]);
                }
            }
        }
    }

    private void rmdir(File file) {
        if (file.isDirectory()) {
            for (File file2 : file.listFiles()) {
                rmdir(file2);
            }
        }
        file.delete();
    }

    public void unzip(InputStream inputStream, String str) throws Exception {
        ZipInputStream zipInputStream = new ZipInputStream(inputStream);
        URI create = URI.create(str);
        while (true) {
            ZipEntry nextEntry = zipInputStream.getNextEntry();
            if (nextEntry == null) {
                zipInputStream.close();
                return;
            } else if (!nextEntry.isDirectory()) {
                File file = new File(create.resolve(nextEntry.getName()));
                new File(file.getParent()).mkdirs();
                file.createNewFile();
                unzip(zipInputStream, file);
            }
        }
    }

    private void unzip(ZipInputStream zipInputStream, File file) throws Exception {
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        byte[] bArr = new byte[512];
        while (true) {
            int read = zipInputStream.read(bArr);
            if (read == -1) {
                fileOutputStream.close();
                return;
            }
            fileOutputStream.write(bArr, 0, read);
        }
    }
}
