package net.handle.hdllib.trust;

import com.google.gson.JsonParser;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import net.handle.hdllib.GsonUtility;
import net.handle.hdllib.HSG;
import net.handle.hdllib.SecureResolver;
import net.handle.hdllib.Util;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:net/handle/hdllib/trust/JsonWebSignatureImpl.class */
public class JsonWebSignatureImpl implements JsonWebSignature {
    private final String hashAlg;
    private final String keyAlg;
    private final byte[] header;
    private final byte[] serializedHeader;
    private final byte[] payload;
    private final byte[] serializedPayload;
    private final byte[] signature;
    private final byte[] serializedSignature;

    public JsonWebSignatureImpl(String str, PrivateKey privateKey) throws TrustException {
        this(Util.encodeString(str), privateKey);
    }

    public JsonWebSignatureImpl(byte[] bArr, PrivateKey privateKey) throws TrustException {
        this.payload = bArr;
        this.keyAlg = privateKey.getAlgorithm();
        if (HSG.KEY_ALGORITHM.equals(this.keyAlg)) {
            this.hashAlg = "SHA256";
            this.header = Util.encodeString("{\"alg\":\"RS256\"}");
        } else {
            if (!"DSA".equals(this.keyAlg)) {
                throw new IllegalArgumentException("Unsupported key algorithm " + this.keyAlg);
            }
            this.hashAlg = "SHA1";
            this.header = Util.encodeString("{\"alg\":\"DS160\"}");
        }
        this.serializedHeader = Base64.encodeBase64URLSafe(this.header);
        this.serializedPayload = Base64.encodeBase64URLSafe(bArr);
        try {
            Signature signature = Signature.getInstance(this.hashAlg + "with" + this.keyAlg);
            signature.initSign(privateKey);
            signature.update(this.serializedHeader);
            signature.update((byte) 46);
            signature.update(this.serializedPayload);
            this.signature = signature.sign();
            this.serializedSignature = Base64.encodeBase64URLSafe(this.signature);
        } catch (Exception e) {
            throw new TrustException("Error creating JWS", e);
        }
    }

    public JsonWebSignatureImpl(String str) throws TrustException {
        if (isCompact(str)) {
            try {
                String[] split = str.split("\\.");
                this.serializedHeader = Util.encodeString(split[0]);
                this.header = Base64.decodeBase64(this.serializedHeader);
                this.serializedPayload = Util.encodeString(split[1]);
                this.payload = Base64.decodeBase64(this.serializedPayload);
                this.serializedSignature = Util.encodeString(split[2]);
                this.signature = Base64.decodeBase64(this.serializedSignature);
            } catch (Exception e) {
                throw new TrustException("Couldn't parse JWS", e);
            }
        } else {
            JsonWebSignatureJsonSerialization jsonWebSignatureJsonSerialization = (JsonWebSignatureJsonSerialization) GsonUtility.getGson().fromJson(str, JsonWebSignatureJsonSerialization.class);
            this.serializedHeader = Util.encodeString(jsonWebSignatureJsonSerialization.signatures.get(0).protectedPart);
            this.header = Base64.decodeBase64(this.serializedHeader);
            this.serializedPayload = Util.encodeString(jsonWebSignatureJsonSerialization.payload);
            this.payload = Base64.decodeBase64(this.serializedPayload);
            this.serializedSignature = Util.encodeString(jsonWebSignatureJsonSerialization.signatures.get(0).signature);
            this.signature = Base64.decodeBase64(this.serializedSignature);
        }
        String algStringFromHeader = getAlgStringFromHeader(this.header);
        this.keyAlg = getKeyAlgFromAlg(algStringFromHeader);
        this.hashAlg = getHashAlgFromAlg(algStringFromHeader);
    }

    private static String getAlgStringFromHeader(byte[] bArr) throws TrustException {
        try {
            return new JsonParser().parse(Util.decodeString(bArr)).getAsJsonObject().get(SecureResolver.SIG_ALG_TAGNAME).getAsString();
        } catch (Exception e) {
            throw new TrustException("Couldn't parse JWS header", e);
        }
    }

    private static String getKeyAlgFromAlg(String str) throws TrustException {
        if (str.startsWith("RS")) {
            return HSG.KEY_ALGORITHM;
        }
        if (str.startsWith("DS")) {
            return "DSA";
        }
        throw new TrustException("Couldn't parse JWS header");
    }

    private static String getHashAlgFromAlg(String str) throws TrustException {
        if (str.endsWith("256")) {
            return "SHA256";
        }
        if (str.endsWith("160") || str.endsWith("128") || str.equals("DSA") || str.equals("DS")) {
            return "SHA1";
        }
        if (str.endsWith("384")) {
            return "SHA384";
        }
        if (str.endsWith("512")) {
            return "SHA512";
        }
        throw new TrustException("Couldn't parse JWS header");
    }

    private static boolean isCompact(String str) {
        return !str.trim().startsWith("{");
    }

    @Override // net.handle.hdllib.trust.JsonWebSignature
    public String getPayloadAsString() {
        return Util.decodeString(this.payload);
    }

    @Override // net.handle.hdllib.trust.JsonWebSignature
    public byte[] getPayloadAsBytes() {
        return (byte[]) this.payload.clone();
    }

    @Override // net.handle.hdllib.trust.JsonWebSignature
    public boolean validates(PublicKey publicKey) throws TrustException {
        if (!this.keyAlg.equals(publicKey.getAlgorithm())) {
            return false;
        }
        try {
            Signature signature = Signature.getInstance(this.hashAlg + "with" + publicKey.getAlgorithm());
            signature.initVerify(publicKey);
            signature.update(this.serializedHeader);
            signature.update((byte) 46);
            signature.update(this.serializedPayload);
            return signature.verify(this.signature);
        } catch (Exception e) {
            throw new TrustException("Error validating JWS", e);
        }
    }

    @Override // net.handle.hdllib.trust.JsonWebSignature
    public String serialize() {
        return Util.decodeString(this.serializedHeader) + '.' + Util.decodeString(this.serializedPayload) + '.' + Util.decodeString(this.serializedSignature);
    }

    @Override // net.handle.hdllib.trust.JsonWebSignature
    public String serializeToJson() {
        String decodeString = Util.decodeString(this.serializedHeader);
        return "{\"payload\":\"" + Util.decodeString(this.serializedPayload) + "\",\"signatures\":[{\"protected\":\"" + decodeString + "\",\"signature\":\"" + Util.decodeString(this.serializedSignature) + "\"}]}";
    }
}
