package ru.turikhay.tlauncher.bootstrap.transport;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.X509EncodedKeySpec;
import ru.turikhay.tlauncher.bootstrap.util.Sha256Sign;
import ru.turikhay.tlauncher.bootstrap.util.U;
import shaded.org.apache.commons.io.IOUtils;

/* loaded from: input_file:ru/turikhay/tlauncher/bootstrap/transport/SignedStream.class */
public class SignedStream extends ChecksumStream {
    static final PublicKey PUBLIC_KEY;
    byte[] signedChecksum;

    public SignedStream(InputStream inputStream) {
        super(inputStream);
    }

    @Override // ru.turikhay.tlauncher.bootstrap.transport.ChecksumStream, java.io.FilterInputStream, java.io.InputStream
    public int read() throws IOException {
        readSignature();
        int read = super.read();
        if (read == -1) {
            validateSignature();
        }
        return read;
    }

    @Override // ru.turikhay.tlauncher.bootstrap.transport.ChecksumStream, java.io.FilterInputStream, java.io.InputStream
    public int read(byte[] bArr) throws IOException {
        readSignature();
        int read = super.read(bArr);
        if (read == -1) {
            validateSignature();
        }
        return read;
    }

    @Override // ru.turikhay.tlauncher.bootstrap.transport.ChecksumStream, java.io.FilterInputStream, java.io.InputStream
    public int read(byte[] bArr, int i, int i2) throws IOException {
        readSignature();
        int read = super.read(bArr, i, i2);
        if (read == -1) {
            validateSignature();
        }
        return read;
    }

    @Override // ru.turikhay.tlauncher.bootstrap.transport.ChecksumStream, java.io.FilterInputStream, java.io.InputStream, java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        super.close();
    }

    boolean readSignature() throws IOException {
        if (this.signedChecksum != null) {
            return false;
        }
        byte[] bArr = new byte[256];
        int read = IOUtils.read(this.in, bArr);
        if (read != 256) {
            throw new StreamNotSignedException("invalid signedChecksum length; expected: 256, got: " + read);
        }
        this.signedChecksum = bArr;
        return true;
    }

    public void validateSignature() throws IOException {
        if (this.signedChecksum == null) {
            throw new StreamNotSignedException("signedChecksum not read yet");
        }
        byte[] digest = digest();
        if (digest == null) {
            throw new IOException("calc is not calculated");
        }
        if (!verify(Sha256Sign.toString(digest).getBytes(U.UTF8), this.signedChecksum)) {
            throw new InvalidStreamSignatureException();
        }
    }

    static boolean verify(byte[] bArr, byte[] bArr2) {
        try {
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initVerify(PUBLIC_KEY);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (SignatureException e) {
            U.log("could not verify signature", e);
            return false;
        } catch (Exception e2) {
            throw new Error("verification error", e2);
        }
    }

    static {
        try {
            URL resource = SignedStream.class.getResource("/public.der");
            U.requireNotNull(resource, "could not find public.der");
            PUBLIC_KEY = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(IOUtils.toByteArray(resource)));
        } catch (Exception e) {
            throw new Error("no public key?", e);
        }
    }
}
