package com.yahoo.elide.modelconfig.verify;

import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Base64;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.Options;
import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yahoo/elide/modelconfig/verify/DynamicConfigVerifier.class */
public class DynamicConfigVerifier {
    private static final Logger log = LoggerFactory.getLogger(DynamicConfigVerifier.class);

    public static void main(String[] strArr) {
        Options prepareOptions = prepareOptions();
        try {
            CommandLine parse = new DefaultParser().parse(prepareOptions, strArr);
            if (parse.hasOption("help")) {
                printHelp(prepareOptions);
                return;
            }
            if (!parse.hasOption("tarFile") || !parse.hasOption("signatureFile") || !parse.hasOption("publicKeyName")) {
                printHelp(prepareOptions);
                System.err.println("Missing required option");
                System.exit(1);
            }
            String optionValue = parse.getOptionValue("tarFile");
            if (verify(readTarContents(optionValue), parse.getOptionValue("signatureFile"), getPublicKey(parse.getOptionValue("publicKeyName")))) {
                System.out.println("Successfully Validated " + optionValue);
            } else {
                System.err.println("Could not verify " + optionValue + " with details provided");
                System.exit(2);
            }
        } catch (Exception e) {
            System.err.println(e.getMessage());
            System.exit(3);
        }
    }

    public static boolean verify(String str, String str2, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initVerify(publicKey);
        signature.update(str.getBytes(StandardCharsets.UTF_8));
        return signature.verify(Base64.getDecoder().decode(str2));
    }

    public static String readTarContents(String str) throws FileNotFoundException, IOException {
        StringBuffer stringBuffer = new StringBuffer();
        BufferedReader bufferedReader = null;
        try {
            TarArchiveInputStream tarArchiveInputStream = new TarArchiveInputStream(new GzipCompressorInputStream(new BufferedInputStream(new FileInputStream(str))));
            Throwable th = null;
            try {
                try {
                    for (TarArchiveEntry nextTarEntry = tarArchiveInputStream.getNextTarEntry(); nextTarEntry != null; nextTarEntry = tarArchiveInputStream.getNextTarEntry()) {
                        bufferedReader = new BufferedReader(new InputStreamReader(tarArchiveInputStream));
                        while (true) {
                            String readLine = bufferedReader.readLine();
                            if (readLine != null) {
                                stringBuffer.append(readLine);
                            }
                        }
                    }
                    if (tarArchiveInputStream != null) {
                        if (0 != 0) {
                            try {
                                tarArchiveInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            tarArchiveInputStream.close();
                        }
                    }
                    return stringBuffer.toString();
                } finally {
                }
            } finally {
            }
        } finally {
            if (bufferedReader != null) {
                bufferedReader.close();
            }
        }
    }

    private static PublicKey getPublicKey(String str) throws KeyStoreException {
        return KeyStore.getInstance(KeyStore.getDefaultType()).getCertificate(str).getPublicKey();
    }

    private static final Options prepareOptions() {
        Options options = new Options();
        options.addOption(new Option("h", "help", false, "Print a help message and exit."));
        options.addOption(new Option("t", "tarFile", true, "Path of the tar.gz file"));
        options.addOption(new Option("s", "signatureFile", true, "Path of the file containing the signature"));
        options.addOption(new Option("p", "publicKeyName", true, "Name of public key in keystore"));
        return options;
    }

    private static void printHelp(Options options) {
        new HelpFormatter().printHelp("java -cp <Jar File> com.yahoo.elide.contrib.dynamicconfighelpers.verify.DynamicConfigVerifier", options);
    }
}
