package gov.usgs.earthquake.distribution;

import gov.usgs.earthquake.product.Product;
import gov.usgs.earthquake.product.ProductId;
import gov.usgs.util.Config;
import gov.usgs.util.DefaultConfigurable;
import gov.usgs.util.StreamUtils;
import java.io.File;
import java.io.InputStream;
import java.security.PublicKey;
import java.util.Optional;
import java.util.logging.Logger;

/* loaded from: input_file:gov/usgs/earthquake/distribution/SignatureVerifier.class */
public class SignatureVerifier extends DefaultConfigurable {
    private static final Logger LOGGER = Logger.getLogger(SignatureVerifier.class.getName());
    public static final String VERIFY_SIGNATURES_PROPERTY_NAME = "verifySignatures";
    public static final String DEFAULT_VERIFY_SIGNATURE = "off";
    public static final String TEST_VERIFY_SIGNATURE = "test";
    public static final String ONLY_VERIFY_KNOWN = "allowUnknownSigner";
    public static final String KEYCHAIN_PROPERTY_NAME = "keychain";
    public static final String KEYCHAIN_FILE_PROPERTY_NAME = "keychainFile";
    private boolean rejectInvalidSignatures = false;
    private boolean testSignatures = false;
    private boolean allowUnknownSigner = false;
    private ProductKeyChain keychain;

    @Override // gov.usgs.util.DefaultConfigurable, gov.usgs.util.Configurable
    public void configure(Config config) throws Exception {
        String property = config.getProperty(VERIFY_SIGNATURES_PROPERTY_NAME);
        if (property != null) {
            if (property.equals(TEST_VERIFY_SIGNATURE)) {
                this.testSignatures = true;
                LOGGER.config("[" + getName() + "] test message signatures");
            } else if (!property.equals(DEFAULT_VERIFY_SIGNATURE)) {
                this.rejectInvalidSignatures = true;
                LOGGER.config("[" + getName() + "] reject invalid signatures");
            }
            String property2 = config.getProperty(KEYCHAIN_PROPERTY_NAME);
            if (property2 != null) {
                LOGGER.config("[" + getName() + "] using product keys " + property2);
                this.keychain = new ProductKeyChain(property2, Config.getConfig());
                return;
            }
            String property3 = config.getProperty(KEYCHAIN_FILE_PROPERTY_NAME);
            if (property3 == null) {
                LOGGER.warning("[" + getName() + "] no product keys configured");
                return;
            }
            Config config2 = new Config();
            InputStream inputStream = StreamUtils.getInputStream(new File(property3));
            try {
                config2.load(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
                this.keychain = new ProductKeyChain(config2.getProperty(KEYCHAIN_PROPERTY_NAME), config2);
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
    }

    public boolean isRejectInvalidSignatures() {
        return this.rejectInvalidSignatures;
    }

    public void setRejectInvalidSignatures(boolean z) {
        this.rejectInvalidSignatures = z;
    }

    public boolean isTestSignatures() {
        return this.testSignatures;
    }

    public void setTestSignatures(boolean z) {
        this.testSignatures = z;
    }

    public ProductKeyChain getKeychain() {
        return this.keychain;
    }

    public void setKeychain(ProductKeyChain productKeyChain) {
        this.keychain = productKeyChain;
    }

    public boolean isAllowUnknownSigner() {
        return this.allowUnknownSigner;
    }

    public void setAllowUnknownSigner(boolean z) {
        this.allowUnknownSigner = z;
    }

    public boolean verifySignature(Product product) throws Exception {
        PublicKey verifySignatureKey;
        boolean z = false;
        String str = null;
        if (this.testSignatures || this.rejectInvalidSignatures) {
            ProductId id = product.getId();
            PublicKey[] publicKeyArr = new PublicKey[0];
            if (this.keychain != null) {
                publicKeyArr = this.keychain.getProductKeys(id);
                LOGGER.finer("[" + getName() + "] number of candidate keys=" + publicKeyArr.length);
                if (publicKeyArr.length > 0 && (verifySignatureKey = product.verifySignatureKey(publicKeyArr, product.getSignatureVersion())) != null) {
                    z = true;
                    Optional<ProductKey> findAny = this.keychain.getKeychain().stream().filter(productKey -> {
                        return verifySignatureKey.equals(productKey.getKey());
                    }).findAny();
                    if (findAny.isPresent()) {
                        str = findAny.get().getName();
                    }
                }
            } else {
                LOGGER.warning("[" + getName() + "] missing Signature Keychain");
            }
            LOGGER.fine("[" + getName() + "] signature verified=" + z + (z ? " (key=" + str + ")" : "") + ", id=" + product.getId());
            if (this.allowUnknownSigner && publicKeyArr.length == 0) {
                LOGGER.finer("[" + getName() + "] unknown signer, allowed by configuration");
                return false;
            }
            if (!z && this.rejectInvalidSignatures) {
                throw new InvalidSignatureException("[" + getName() + "] bad signature for id=" + id);
            }
        }
        return z;
    }
}
