package org.broadinstitute.gatk.engine.crypt;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
import org.broadinstitute.gatk.utils.exceptions.ReviewedGATKException;
import org.broadinstitute.gatk.utils.exceptions.UserException;
import org.broadinstitute.gatk.utils.io.IOUtils;

/* loaded from: input_file:org/broadinstitute/gatk/engine/crypt/GATKKey.class */
public class GATKKey {
    private PrivateKey privateKey;
    private PublicKey publicKey;
    private String emailAddress;
    private byte[] signature;
    private String signingAlgorithm;
    public static final String DEFAULT_SIGNING_ALGORITHM = "SHA1withRSA";
    public static final byte GATK_KEY_SECTIONAL_DELIMITER = 0;

    public GATKKey(PrivateKey privateKey, PublicKey publicKey, String str) {
        this(privateKey, publicKey, str, DEFAULT_SIGNING_ALGORITHM);
    }

    public GATKKey(PrivateKey privateKey, PublicKey publicKey, String str, String str2) {
        if (privateKey == null || publicKey == null || str == null || str.length() == 0 || str2 == null) {
            throw new ReviewedGATKException("Cannot construct GATKKey using null/empty arguments");
        }
        this.privateKey = privateKey;
        this.publicKey = publicKey;
        this.emailAddress = str;
        this.signingAlgorithm = str2;
        validateEmailAddress();
        generateSignature();
        if (!isValid()) {
            throw new ReviewedGATKException("Newly-generated GATK key fails validation -- this should never happen!");
        }
    }

    public GATKKey(PublicKey publicKey, File file) {
        this(publicKey, file, DEFAULT_SIGNING_ALGORITHM);
    }

    public GATKKey(PublicKey publicKey, File file, String str) {
        if (publicKey == null || file == null || str == null) {
            throw new ReviewedGATKException("Cannot construct GATKKey using null arguments");
        }
        this.publicKey = publicKey;
        this.signingAlgorithm = str;
        readKey(file);
    }

    public void writeKey(File file) {
        try {
            IOUtils.writeByteArrayToStream(marshalKeyData(), new GZIPOutputStream(new FileOutputStream(file)));
        } catch (IOException e) {
            throw new UserException.CouldNotCreateOutputFile(file, e);
        }
    }

    public boolean isValid() {
        try {
            Signature signature = Signature.getInstance(this.signingAlgorithm);
            signature.initVerify(this.publicKey);
            signature.update(this.emailAddress.getBytes());
            return signature.verify(this.signature);
        } catch (InvalidKeyException e) {
            throw new ReviewedGATKException(String.format("Public key %s is invalid", this.publicKey), e);
        } catch (NoSuchAlgorithmException e2) {
            throw new ReviewedGATKException(String.format("Signing algorithm %s not found", this.signingAlgorithm), e2);
        } catch (SignatureException e3) {
            throw new UserException.UnreadableKeyException("Signature is invalid or signing algorithm was unable to process the input data", e3);
        }
    }

    private void generateSignature() {
        try {
            Signature signature = Signature.getInstance(this.signingAlgorithm);
            signature.initSign(this.privateKey, CryptUtils.createRandomnessSource());
            signature.update(this.emailAddress.getBytes());
            this.signature = signature.sign();
        } catch (InvalidKeyException e) {
            throw new ReviewedGATKException(String.format("Private key %s is invalid", this.privateKey), e);
        } catch (NoSuchAlgorithmException e2) {
            throw new ReviewedGATKException(String.format("Signing algorithm %s not found", this.signingAlgorithm), e2);
        } catch (SignatureException e3) {
            throw new ReviewedGATKException(String.format("Error creating signature for email address %s", this.emailAddress), e3);
        }
    }

    private void readKey(File file) {
        try {
            byte[] readStreamIntoByteArray = IOUtils.readStreamIntoByteArray(new GZIPInputStream(new FileInputStream(file)));
            if (readStreamIntoByteArray.length != IOUtils.getGZIPFileUncompressedSize(file)) {
                throw new UserException.UnreadableKeyException("Number of bytes read does not match the uncompressed size specified in the GZIP ISIZE field");
            }
            unmarshalKeyData(readStreamIntoByteArray);
        } catch (FileNotFoundException e) {
            throw new UserException.CouldNotReadInputFile(file, e);
        } catch (IOException e2) {
            throw new UserException.UnreadableKeyException(file, e2);
        } catch (UserException.CouldNotReadInputFile e3) {
            throw new UserException.UnreadableKeyException(file, e3);
        }
    }

    private byte[] marshalKeyData() {
        byte[] bytes = this.emailAddress.getBytes();
        byte[] bArr = new byte[bytes.length + 1 + this.signature.length];
        System.arraycopy(bytes, 0, bArr, 0, bytes.length);
        bArr[bytes.length] = 0;
        System.arraycopy(this.signature, 0, bArr, bytes.length + 1, this.signature.length);
        return bArr;
    }

    private void unmarshalKeyData(byte[] bArr) {
        int i = -1;
        int i2 = 0;
        while (true) {
            if (i2 >= bArr.length) {
                break;
            }
            if (bArr[i2] == 0) {
                i = i2;
                break;
            }
            i2++;
        }
        if (i == -1) {
            throw new UserException.UnreadableKeyException("Malformed GATK key contains no sectional delimiter");
        }
        if (i == 0) {
            throw new UserException.UnreadableKeyException("Malformed GATK key contains no email address");
        }
        if (i == bArr.length - 1) {
            throw new UserException.UnreadableKeyException("Malformed GATK key contains no signature");
        }
        byte[] bArr2 = new byte[i];
        System.arraycopy(bArr, 0, bArr2, 0, i);
        this.emailAddress = new String(bArr2);
        this.signature = new byte[(bArr.length - i) - 1];
        System.arraycopy(bArr, i + 1, this.signature, 0, (bArr.length - i) - 1);
    }

    private void validateEmailAddress() {
        for (byte b : this.emailAddress.getBytes()) {
            if (b == 0) {
                throw new UserException(String.format("Email address must not contain a byte with value %d", (byte) 0));
            }
        }
    }
}
