package org.silvertunnel_ng.netlib.layer.tor.directory;

import java.io.UnsupportedEncodingException;
import java.security.interfaces.RSAPublicKey;
import java.util.Date;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.xml.bind.DatatypeConverter;
import org.silvertunnel_ng.netlib.layer.tor.api.Fingerprint;
import org.silvertunnel_ng.netlib.layer.tor.util.Encryption;
import org.silvertunnel_ng.netlib.layer.tor.util.TorException;
import org.silvertunnel_ng.netlib.layer.tor.util.Util;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/silvertunnel_ng/netlib/layer/tor/directory/AuthorityKeyCertificate.class */
public class AuthorityKeyCertificate implements Cloneable {
    private static final Logger LOG = LoggerFactory.getLogger(AuthorityKeyCertificate.class);
    private final String authorityKeyCertificateStr;
    private static Pattern pattern;
    private final Fingerprint dirIdentityKeyDigest;
    private final Date dirKeyPublished;
    private final Date dirKeyExpires;
    private final RSAPublicKey dirIdentityKey;
    private final RSAPublicKey dirSigningKey;
    private final Fingerprint dirSigningKeyDigest;

    public AuthorityKeyCertificate(String str) throws TorException {
        this.authorityKeyCertificateStr = str;
        Matcher matcher = pattern.matcher(str);
        matcher.find();
        this.dirIdentityKeyDigest = new FingerprintImpl(DatatypeConverter.parseHexBinary(matcher.group(2)));
        this.dirKeyPublished = Util.parseUtcTimestamp(matcher.group(3));
        this.dirKeyExpires = Util.parseUtcTimestamp(matcher.group(4));
        String group = matcher.group(5);
        this.dirIdentityKey = Encryption.extractPublicRSAKey(group);
        this.dirSigningKey = Encryption.extractPublicRSAKey(matcher.group(6));
        this.dirSigningKeyDigest = new FingerprintImpl(Encryption.getDigest(Encryption.getPKCS1EncodingFromRSAPublicKey(this.dirSigningKey)));
        try {
            byte[] digest = Encryption.getDigest(Encryption.getPKCS1EncodingFromRSAPublicKey(this.dirIdentityKey));
            if (!new FingerprintImpl(digest).equals(this.dirIdentityKeyDigest)) {
                throw new TorException("dirIdentityKey hash(" + new FingerprintImpl(digest) + ")!=fingerprint(" + this.dirIdentityKeyDigest + ")");
            }
            String group2 = matcher.group(9);
            while (group.length() % 4 != 0) {
                group = group + "=";
            }
            byte[] parseBase64Binary = DatatypeConverter.parseBase64Binary(group2);
            byte[] bArr = null;
            try {
                bArr = matcher.group(1).getBytes(Util.UTF8);
            } catch (UnsupportedEncodingException e) {
                LOG.warn("unexpected", e);
            }
            if (!Encryption.verifySignature(parseBase64Binary, this.dirIdentityKey, bArr)) {
                throw new TorException("dirKeyCertification check failed for fingerprint=" + this.dirIdentityKeyDigest);
            }
        } catch (TorException e2) {
            throw e2;
        } catch (Exception e3) {
            LOG.warn("error while verify identity-key against fingerprint", e3);
            throw new TorException("error while verify identity-key against fingerprint: " + e3);
        }
    }

    public String toString() {
        return "AuthorityKeyCertificate(fingerprint=" + this.dirIdentityKeyDigest + ",dirKeyPublished=" + Util.formatUtcTimestamp(this.dirKeyPublished) + ",dirKeyExpires=" + Util.formatUtcTimestamp(this.dirKeyExpires) + ",dirIdentityKey=" + this.dirIdentityKey + ",dirSigningKey=" + this.dirSigningKey + ")";
    }

    public String getAuthorityKeyCertificateStr() {
        return this.authorityKeyCertificateStr;
    }

    public Fingerprint getDirIdentityKeyDigest() {
        return this.dirIdentityKeyDigest;
    }

    public Date getDirKeyPublished() {
        return this.dirKeyPublished;
    }

    public Date getDirKeyExpires() {
        return this.dirKeyExpires;
    }

    public RSAPublicKey getDirIdentityKey() {
        return this.dirIdentityKey;
    }

    public RSAPublicKey getDirSigningKey() {
        return this.dirSigningKey;
    }

    public Fingerprint getDirSigningKeyDigest() {
        return this.dirSigningKeyDigest;
    }

    static {
        try {
            pattern = Pattern.compile("^(dir-key-certificate-version 3\nfingerprint (\\w+)\ndir-key-published ([0-9: \\-]+)\ndir-key-expires ([0-9: \\-]+)\ndir-identity-key\n(-----BEGIN RSA PUBLIC KEY.*?END RSA PUBLIC KEY-----)\ndir-signing-key\n(-----BEGIN RSA PUBLIC KEY.*?END RSA PUBLIC KEY-----)\n(dir-key-crosscert\n-----BEGIN ID SIGNATURE-----(.*?)-----END ID SIGNATURE-----\n){0,1}dir-key-certification\n)-----BEGIN SIGNATURE-----(.*?)-----END SIGNATURE-----", 43);
        } catch (Exception e) {
            LOG.error("could not initialze class AuthorityKeyCertificate", e);
        }
    }
}
