package com.gentics.contentnode.security;

import com.gentics.api.lib.exception.NodeException;
import com.gentics.lib.license.LicenseChecker;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.io.IOUtils;

/* loaded from: input_file:com/gentics/contentnode/security/RsaTokenValidator.class */
public class RsaTokenValidator {
    public static String PATH_DEFAULT_PUBLIC_KEY = "/rsa/gentics_public.der";
    public static final int MAX_EXPIRATION_TIME_DIFFERENCE = 86400;
    public PublicKey publicKey;

    public RsaTokenValidator() throws NodeException {
        this.publicKey = null;
        if (this.publicKey == null) {
            InputStream resourceAsStream = RsaTokenValidator.class.getResourceAsStream(PATH_DEFAULT_PUBLIC_KEY);
            if (resourceAsStream == null) {
                throw new NodeException("Public key {" + PATH_DEFAULT_PUBLIC_KEY + "} not found within classpath.");
            }
            this.publicKey = loadPublicKey(resourceAsStream);
        }
    }

    public void setPublicKey(PublicKey publicKey) {
        this.publicKey = publicKey;
    }

    public boolean validate(String str, String str2, int i, String str3) throws NodeException {
        String serial = LicenseChecker.getLicense().getSerial();
        String str4 = serial + str2 + i;
        if (str2.isEmpty() || serial.isEmpty() || !isExpirationTimestampValid(i)) {
            return false;
        }
        try {
            byte[] decodeHex = Hex.decodeHex(str3.toCharArray());
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initVerify(this.publicKey);
            signature.update(str4.getBytes());
            return signature.verify(decodeHex);
        } catch (Exception e) {
            throw new NodeException("Error while validating RSA token for user {" + str + "}", e);
        }
    }

    public PrivateKey loadPrivateKey(InputStream inputStream) throws NodeException {
        try {
            try {
                return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(IOUtils.toByteArray(inputStream)));
            } catch (Exception e) {
                throw new NodeException("Error while loading private RSA key", e);
            }
        } finally {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e2) {
                }
            }
        }
    }

    public PublicKey loadPublicKey(InputStream inputStream) throws NodeException {
        try {
            try {
                return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(IOUtils.toByteArray(inputStream)));
            } catch (Exception e) {
                throw new NodeException("Error while loading public RSA key", e);
            }
        } finally {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e2) {
                }
            }
        }
    }

    public static boolean isExpirationTimestampValid(int i) {
        int currentTimeMillis = i - ((int) (System.currentTimeMillis() / 1000));
        return currentTimeMillis <= 86400 && currentTimeMillis >= 0;
    }

    public static String generateSignature(PrivateKey privateKey, String str, int i) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        String str2 = LicenseChecker.getLicense().getSerial() + str + i;
        Signature signature = Signature.getInstance("SHA1withRSA");
        signature.initSign(privateKey);
        signature.update(str2.getBytes());
        return Hex.encodeHexString(signature.sign());
    }
}
