package ptolemy.actor.lib.security;

import java.security.Key;
import java.security.KeyStoreException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import ptolemy.actor.TypedIOPort;
import ptolemy.data.BooleanToken;
import ptolemy.data.expr.Parameter;
import ptolemy.data.expr.StringParameter;
import ptolemy.data.type.BaseType;
import ptolemy.kernel.CompositeEntity;
import ptolemy.kernel.util.Attribute;
import ptolemy.kernel.util.IllegalActionException;
import ptolemy.kernel.util.NameDuplicationException;
import ptolemy.kernel.util.Settable;

/* loaded from: input_file:lib/ptolemy.jar:ptolemy/actor/lib/security/KeyReader.class */
public class KeyReader extends KeyStoreActor {
    public Parameter getPublicKey;
    public TypedIOPort output;
    public TypedIOPort trigger;
    public StringParameter signatureAlgorithm;
    public Parameter verifyCertificate;
    private boolean _getPublicKey;
    private Key _key;
    private boolean _updateKeyNeeded;
    private boolean _verifyCertificate;

    public KeyReader(CompositeEntity compositeEntity, String str) throws IllegalActionException, NameDuplicationException {
        super(compositeEntity, str);
        this.output = null;
        this.trigger = null;
        this._updateKeyNeeded = true;
        this.getPublicKey = new Parameter(this, "getPublicKey", new BooleanToken(true));
        this.getPublicKey.setTypeEquals(BaseType.BOOLEAN);
        this.output = new TypedIOPort(this, "output", false, true);
        this.output.setTypeEquals(KeyToken.KEY);
        this.trigger = new TypedIOPort(this, "trigger", true, false);
        this.trigger.setMultiport(true);
        this.signatureAlgorithm = new StringParameter(this, "signatureAlgorithm");
        this.signatureAlgorithm.setExpression("Unknown, will be set after first run");
        this.signatureAlgorithm.setVisibility(Settable.NOT_EDITABLE);
        this.signatureAlgorithm.setPersistent(false);
        this.verifyCertificate = new Parameter(this, "verifyCertificate", new BooleanToken(true));
        this.verifyCertificate.setTypeEquals(BaseType.BOOLEAN);
    }

    @Override // ptolemy.actor.lib.security.KeyStoreActor, ptolemy.kernel.util.NamedObj
    public void attributeChanged(Attribute attribute) throws IllegalActionException {
        if (attribute == this.getPublicKey) {
            this._updateKeyNeeded = true;
            this._getPublicKey = ((BooleanToken) this.getPublicKey.getToken()).booleanValue();
        } else if (attribute != this.verifyCertificate) {
            super.attributeChanged(attribute);
        } else {
            this._updateKeyNeeded = true;
            this._verifyCertificate = ((BooleanToken) this.verifyCertificate.getToken()).booleanValue();
        }
    }

    @Override // ptolemy.actor.lib.security.KeyStoreActor, ptolemy.actor.AtomicActor, ptolemy.actor.Executable
    public void fire() throws IllegalActionException {
        super.fire();
        _updateKey();
        for (int i = 0; i < this.trigger.getWidth(); i++) {
            if (this.trigger.hasToken(i)) {
                this.trigger.get(i);
            }
        }
        this.output.broadcast(new KeyToken(this._key));
    }

    protected void _updateKey() throws IllegalActionException {
        if (this._updateKeyNeeded) {
            this._loadKeyStoreNeeded = true;
            _loadKeyStore();
            try {
                if (this._verifyCertificate) {
                    Certificate certificate = this._keyStore.getCertificate(this._alias);
                    if (certificate == null) {
                        throw new KeyStoreException("Failed to get certificate for alias '" + this._alias + "' from  " + fileOrURLDescription());
                    }
                    PublicKey publicKey = certificate.getPublicKey();
                    certificate.verify(publicKey);
                    if (certificate instanceof X509Certificate) {
                        this.signatureAlgorithm.setExpression(((X509Certificate) certificate).getSigAlgName());
                    } else {
                        this.signatureAlgorithm.setExpression("Unknown, certificate was not a X509 cert.");
                    }
                    this._key = publicKey;
                } else if (this._getPublicKey) {
                    throw new IllegalActionException(this, "To get the public key, one must use certificates, so the verifyCertificate parameter must be set to true if the getPublicKey parameter is true.");
                }
                if (this._getPublicKey) {
                    return;
                }
                this._key = this._keyStore.getKey(this._alias, this._keyPassword.toCharArray());
            } catch (Throwable th) {
                throw new IllegalActionException(this, th, "Failed to get key store alias '" + this._alias + "' or certificate from " + fileOrURLDescription());
            }
        }
    }
}
