package com.ftc.kafka.crypto;

import com.ftc.appmod.XMLSigner;
import com.ftc.xml.dsig.DigestMethod;
import com.ftc.xml.dsig.SignatureMethod;
import com.ftc.xml.dsig.SignatureMethodFactoryImpl;
import com.ftc.xml.dsig.VerifyMS;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.OutputStreamWriter;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Base64;
import java.util.Date;
import java.util.List;
import java.util.Map;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.errors.SerializationException;
import org.apache.kafka.common.header.Headers;
import org.apache.kafka.common.utils.Utils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import ru.cft.web.xmlsig.attach.FileReference;

/* loaded from: input_file:com/ftc/kafka/crypto/CryptoCore.class */
public abstract class CryptoCore {
    public static final String CRYPTO_RSA_KEY_FILEPATH = "crypto.rsa.key.filepath";
    static final String CRYPTO_RSA_PASSWORD = "crypto.rsa.key.password";
    static final String CRYPTO_PFX_PASSWORD = "crypto.rsa.store.password";
    static final String CLEAR_VALUE_ON_VERIFY_ERROR = "clear_value_on_verify_error";
    static final String EMPTY_MESSAGE_CLASS = "empty_message_class";
    static final String CLEAR_SIGN_ON_VERIFY = "clear_sign_on_verify";
    static final String X509TOHEADERSTRING = "x509_to_header";
    static final String DEBUG_PASS = "cft.crypto.debug_password";
    private static final String DIGEST_SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1";
    private static final String ENCODING = "utf-8";
    private static final String product = "appmod";
    private static final String TYPE = "PKCS12";
    private boolean ignoreVerifyFailure;
    boolean x509toHeader;
    private boolean clearSign;
    private Class<?> emptyClass;
    Object emptyObject;
    private int opMode;
    private ProducerCryptoSet producerCryptoSet = null;
    private ConsumerCryptoSet consumerCryptoSet = null;
    static final Charset charSet = StandardCharsets.UTF_8;
    public static String SIGNATURE = "CFT.SIGNATURE";
    public static String SIGNER = "CFT.SIGNER";
    public static String PEM_CERT = "CFT.PEM";
    private static final String version = XMLSigner.class.getPackage().getImplementationVersion();
    static final Logger log = LoggerFactory.getLogger(CryptoCore.class);

    /* loaded from: input_file:com/ftc/kafka/crypto/CryptoCore$ConsumerCryptoSet.class */
    private class ConsumerCryptoSet {
        private VerifyMS verifier;
        private DocumentBuilderFactory dbFactory;
        private boolean hasError;

        private ConsumerCryptoSet() {
            this.hasError = false;
            DigestMethod.addImplementation("http://www.w3.org/2001/04/xmldsig-more#gostr34112012-256", "GOST3411_2012_256", (String) null);
            DigestMethod.addImplementation("http://www.w3.org/2001/04/xmldsig-more#gostr34112012-512", "GOST3411_2012_512", (String) null);
            SignatureMethod.setFactory(new SMF());
            this.verifier = null;
            this.dbFactory = DocumentBuilderFactory.newInstance();
            this.dbFactory.setNamespaceAware(true);
        }

        private void ThrowExceptionIfNeeded(Exception exc) throws SerializationException {
            if (!CryptoCore.this.ignoreVerifyFailure) {
                throw new SerializationException(exc);
            }
            this.hasError = true;
            CryptoCore.log.error(exc.getMessage());
        }

        public VerificationResult verify(byte[] bArr) {
            this.hasError = false;
            if (bArr == null) {
                ThrowExceptionIfNeeded(new Exception("Empty payload"));
            }
            VerificationResult verificationResult = null;
            Element element = null;
            if (!this.hasError) {
                try {
                    element = this.dbFactory.newDocumentBuilder().parse(new ByteArrayInputStream(bArr)).getDocumentElement();
                } catch (Exception e) {
                    ThrowExceptionIfNeeded(e);
                }
            }
            this.verifier = new VerifyMS();
            if (!this.hasError) {
                try {
                    this.verifier.verify(element);
                } catch (Exception e2) {
                    ThrowExceptionIfNeeded(e2);
                }
            }
            if (this.verifier.isValid()) {
                try {
                    verificationResult = new VerificationResult(Base64.getDecoder().decode(this.verifier.getSignedData().getFirstChild().getTextContent()), this.verifier.getCertificates());
                } catch (Exception e3) {
                    CryptoCore.log.error("Cannot get content from signed container");
                }
            } else {
                ThrowExceptionIfNeeded(new Exception("Verification has not been passed"));
            }
            return verificationResult;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ftc/kafka/crypto/CryptoCore$ProducerCryptoSet.class */
    public class ProducerCryptoSet {
        private ThreadLocal<ThreadAwareKeyInfo> keyInfo;
        private final KeyStore.PrivateKeyEntry publicKey;

        private ProducerCryptoSet(KeyStore.PrivateKeyEntry privateKeyEntry) throws Exception {
            this.keyInfo = new ThreadLocal<ThreadAwareKeyInfo>() { // from class: com.ftc.kafka.crypto.CryptoCore.ProducerCryptoSet.1
                /* JADX INFO: Access modifiers changed from: protected */
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.lang.ThreadLocal
                public ThreadAwareKeyInfo initialValue() {
                    try {
                        return new ThreadAwareKeyInfo(ProducerCryptoSet.this.publicKey);
                    } catch (Exception e) {
                        throw new KafkaException(e);
                    }
                }
            };
            this.publicKey = privateKeyEntry;
        }

        private byte[] toXML(byte[] bArr) throws Exception {
            ThreadAwareKeyInfo threadAwareKeyInfo = this.keyInfo.get();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(byteArrayOutputStream, CryptoCore.ENCODING);
            Document newDocument = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
            Element createElement = newDocument.createElement("root");
            newDocument.appendChild(createElement);
            createElement.appendChild(newDocument.createTextNode(Base64.getEncoder().encodeToString(bArr)));
            Attr createAttribute = newDocument.createAttribute("document_type");
            createAttribute.setValue("a");
            createElement.setAttributeNode(createAttribute);
            XMLSigner xMLSigner = new XMLSigner();
            outputStreamWriter.write(String.format("<Document stan=\"%s\">\n", threadAwareKeyInfo.StanValue));
            xMLSigner.signDetached(outputStreamWriter, newDocument.getDocumentElement(), new PrivateKey[]{threadAwareKeyInfo.privateKey}, new Certificate[]{threadAwareKeyInfo.cert}, (FileReference[]) null, false, (String) null, (List) null, CryptoCore.DIGEST_SHA1, (String) null);
            outputStreamWriter.write("</Document>");
            outputStreamWriter.flush();
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            outputStreamWriter.close();
            return byteArray;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public byte[] Sign(byte[] bArr) throws KafkaException {
            try {
                return toXML(bArr);
            } catch (Exception e) {
                throw new KafkaException(e);
            }
        }
    }

    /* loaded from: input_file:com/ftc/kafka/crypto/CryptoCore$SMF.class */
    private static class SMF extends SignatureMethodFactoryImpl {
        SMF() {
            addImplementation("http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411", "GOST3411withGOST3410EL", "http://www.w3.org/2001/04/xmldsig-more#gostr3411", null);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ftc/kafka/crypto/CryptoCore$ThreadAwareKeyInfo.class */
    public class ThreadAwareKeyInfo {
        private final KeyStore.PrivateKeyEntry keyEntry;
        private PrivateKey privateKey;
        X509Certificate cert;
        String StanValue = CryptoCore.access$200();

        protected ThreadAwareKeyInfo(KeyStore.PrivateKeyEntry privateKeyEntry) {
            this.keyEntry = privateKeyEntry;
            this.privateKey = this.keyEntry.getPrivateKey();
            this.cert = (X509Certificate) this.keyEntry.getCertificate();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void init(int i, Map<String, ?> map) throws KafkaException {
        this.opMode = i;
        if (i != 2) {
            try {
                this.producerCryptoSet = new ProducerCryptoSet(getPrivateKey(map));
                return;
            } catch (Exception e) {
                throw new KafkaException("Cannot initialize com.ftc.kafka.crypto deserialize properties " + e.getMessage());
            }
        }
        this.consumerCryptoSet = new ConsumerCryptoSet();
        this.ignoreVerifyFailure = Boolean.parseBoolean((String) map.get(CLEAR_VALUE_ON_VERIFY_ERROR));
        this.clearSign = Boolean.parseBoolean((String) map.get(CLEAR_SIGN_ON_VERIFY));
        this.x509toHeader = Boolean.parseBoolean((String) map.get(X509TOHEADERSTRING));
        try {
            this.emptyClass = Class.forName((String) map.get(EMPTY_MESSAGE_CLASS));
            this.emptyObject = this.emptyClass.newInstance();
        } catch (Exception e2) {
            throw new KafkaException(e2.getMessage());
        }
    }

    public static KeyStore.PrivateKeyEntry getPrivateKey(Map<String, ?> map) throws Exception {
        try {
            String str = (String) map.get(CRYPTO_RSA_KEY_FILEPATH);
            String str2 = (String) map.get(CRYPTO_RSA_PASSWORD);
            String str3 = (String) map.getOrDefault(CRYPTO_PFX_PASSWORD, null);
            String str4 = str3 == null ? str2 : str3;
            FileInputStream fileInputStream = new FileInputStream(str);
            String str5 = (String) map.getOrDefault(DEBUG_PASS, null);
            if (str5 != null && str5.equals("yes")) {
                System.out.printf("Store password is : \"%s\"\n", str4);
                System.out.printf("Key password is : \"%s\"\n", str2);
            }
            return KeyEntryUtil.getPrivateKeyEntry(TYPE, fileInputStream, null, str4, str2);
        } catch (Exception e) {
            throw new Exception("Cannot initialize keyStore " + e.getMessage());
        }
    }

    private static String makeStanValue() {
        return String.format("v:%s_%s %s", product, version, new SimpleDateFormat("dd.MM.yyyy HH:mm:ss.SSS").format(new Date()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T> T newInstance(Map<String, ?> map, String str, Class<T> cls) throws KafkaException {
        Object obj = map.get(str);
        if (obj == null) {
            throw new KafkaException("No value for '" + str + "' found");
        }
        if (obj instanceof String) {
            try {
                return (T) Utils.newInstance(Class.forName((String) obj));
            } catch (Exception e) {
                throw new KafkaException(e);
            }
        }
        if (obj instanceof Class) {
            return (T) Utils.newInstance((Class) obj);
        }
        throw new KafkaException("Unexpected type '" + obj.getClass() + "' for '" + str + "'");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public VerificationResult sign(byte[] bArr) throws KafkaException {
        return (bArr == null || bArr.length == 0) ? new VerificationResult(bArr) : this.opMode == 2 ? this.consumerCryptoSet.verify(bArr) : new VerificationResult(this.producerCryptoSet.Sign(bArr));
    }

    protected Boolean canIgnoreVerification() {
        return Boolean.valueOf(this.ignoreVerifyFailure);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Boolean needClearSign() {
        return Boolean.valueOf(this.clearSign);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getSignature(Headers headers) {
        try {
            return headers.lastHeader(SIGNATURE).value();
        } catch (Exception e) {
            throw new KafkaException("Header " + SIGNATURE + " not found");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Headers clearSignature(Headers headers) {
        return headers.remove(SIGNATURE);
    }

    public Boolean compareWithPayload(Object obj, Object obj2) {
        Boolean bool = false;
        if ((obj instanceof String) && (obj2 instanceof String)) {
            bool = Boolean.valueOf(obj2.equals(obj));
        } else if ((obj instanceof String) && (obj2 instanceof byte[])) {
            bool = Boolean.valueOf(Arrays.equals((byte[]) obj2, ((String) obj).getBytes(charSet)));
        } else if ((obj instanceof byte[]) && (obj2 instanceof String)) {
            bool = Boolean.valueOf(Arrays.equals((byte[]) obj, ((String) obj2).getBytes(charSet)));
        } else if ((obj instanceof byte[]) && (obj2 instanceof byte[])) {
            bool = Boolean.valueOf(Arrays.equals((byte[]) obj, (byte[]) obj2));
        }
        return bool;
    }

    static /* synthetic */ String access$200() {
        return makeStanValue();
    }
}
