package io.vertx.ext.auth.impl.jose;

import io.vertx.core.impl.logging.Logger;
import io.vertx.core.impl.logging.LoggerFactory;
import io.vertx.ext.auth.impl.asn.ASN1;
import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAKey;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import javax.crypto.Mac;
import org.bouncycastle.openssl.PEMParser;

/* loaded from: input_file:io/vertx/ext/auth/impl/jose/JWS.class */
public final class JWS {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) JWS.class);
    public static final String EdDSA = "EdDSA";
    public static final String ES256 = "ES256";
    public static final String ES384 = "ES384";
    public static final String ES512 = "ES512";
    public static final String PS256 = "PS256";
    public static final String PS384 = "PS384";
    public static final String PS512 = "PS512";
    public static final String ES256K = "ES256K";
    public static final String RS256 = "RS256";
    public static final String RS384 = "RS384";
    public static final String RS512 = "RS512";
    public static final String RS1 = "RS1";
    public static final String HS256 = "HS256";
    public static final String HS384 = "HS384";
    public static final String HS512 = "HS512";
    private static final CertificateFactory X509;
    private final JWK jwk;
    private final Signature signature;
    private final int len;

    public JWS(JWK jwk) {
        if (jwk.use() != null && !"sig".equals(jwk.use())) {
            throw new IllegalArgumentException("JWK isn't meant to perform JWS operations");
        }
        try {
            this.signature = getSignature(jwk.getAlgorithm());
            this.len = getSignatureLength(jwk.getAlgorithm(), jwk.publicKey());
            this.jwk = jwk;
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public byte[] sign(byte[] bArr) {
        byte[] doFinal;
        if (bArr == null) {
            throw new NullPointerException("payload is missing");
        }
        Mac mac = this.jwk.mac();
        if (mac != null) {
            synchronized (this.jwk) {
                doFinal = mac.doFinal(bArr);
            }
            return doFinal;
        }
        PrivateKey privateKey = this.jwk.privateKey();
        String kty = this.jwk.kty();
        if (privateKey == null) {
            throw new IllegalStateException("JWK doesn't contain secKey material");
        }
        try {
            synchronized (this.signature) {
                this.signature.initSign(privateKey);
                this.signature.update(bArr);
                byte[] sign = this.signature.sign();
                boolean z = -1;
                switch (kty.hashCode()) {
                    case 2206:
                        if (kty.equals("EC")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        return toJWS(sign, this.len);
                    default:
                        return sign;
                }
            }
        } catch (InvalidKeyException | SignatureException e) {
            throw new RuntimeException(e);
        }
    }

    public boolean verify(byte[] bArr, byte[] bArr2) {
        boolean isEqual;
        if (bArr == null) {
            throw new NullPointerException("signature is missing");
        }
        if (bArr2 == null) {
            throw new NullPointerException("payload is missing");
        }
        if (this.jwk.mac() != null) {
            synchronized (this.jwk) {
                isEqual = MessageDigest.isEqual(bArr, sign(bArr2));
            }
            return isEqual;
        }
        try {
            PublicKey publicKey = this.jwk.publicKey();
            String kty = this.jwk.kty();
            if (publicKey == null) {
                throw new IllegalStateException("JWK doesn't contain pubKey material");
            }
            synchronized (this.signature) {
                this.signature.initVerify(publicKey);
                this.signature.update(bArr2);
                boolean z = -1;
                switch (kty.hashCode()) {
                    case 2206:
                        if (kty.equals("EC")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        if (!isASN1(bArr)) {
                            bArr = toASN1(bArr);
                            break;
                        }
                        break;
                }
                if (bArr.length >= this.len) {
                    return this.signature.verify(bArr);
                }
                byte[] bArr3 = new byte[this.len];
                System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
                return this.signature.verify(bArr3);
            }
        } catch (InvalidKeyException | SignatureException e) {
            throw new RuntimeException(e);
        }
    }

    public JWK jwk() {
        return this.jwk;
    }

    private static Signature getSignature(String str) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        boolean z = -1;
        switch (str.hashCode()) {
            case 81424:
                if (str.equals(RS1)) {
                    z = 10;
                    break;
                }
                break;
            case 66245349:
                if (str.equals(ES256)) {
                    z = 3;
                    break;
                }
                break;
            case 66246401:
                if (str.equals(ES384)) {
                    z = 5;
                    break;
                }
                break;
            case 66248104:
                if (str.equals(ES512)) {
                    z = 6;
                    break;
                }
                break;
            case 66770035:
                if (str.equals(EdDSA)) {
                    z = 14;
                    break;
                }
                break;
            case 69015912:
                if (str.equals(HS256)) {
                    z = false;
                    break;
                }
                break;
            case 69016964:
                if (str.equals(HS384)) {
                    z = true;
                    break;
                }
                break;
            case 69018667:
                if (str.equals(HS512)) {
                    z = 2;
                    break;
                }
                break;
            case 76404080:
                if (str.equals(PS256)) {
                    z = 11;
                    break;
                }
                break;
            case 76405132:
                if (str.equals(PS384)) {
                    z = 12;
                    break;
                }
                break;
            case 76406835:
                if (str.equals(PS512)) {
                    z = 13;
                    break;
                }
                break;
            case 78251122:
                if (str.equals(RS256)) {
                    z = 7;
                    break;
                }
                break;
            case 78252174:
                if (str.equals(RS384)) {
                    z = 8;
                    break;
                }
                break;
            case 78253877:
                if (str.equals(RS512)) {
                    z = 9;
                    break;
                }
                break;
            case 2053605894:
                if (str.equals(ES256K)) {
                    z = 4;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
                return null;
            case true:
            case true:
                return Signature.getInstance("SHA256withECDSA");
            case true:
                return Signature.getInstance("SHA384withECDSA");
            case true:
                return Signature.getInstance("SHA512withECDSA");
            case true:
                return Signature.getInstance("SHA256withRSA");
            case true:
                return Signature.getInstance("SHA384withRSA");
            case true:
                return Signature.getInstance("SHA512withRSA");
            case true:
                return Signature.getInstance("SHA1withRSA");
            case true:
                Signature signature = Signature.getInstance("RSASSA-PSS");
                signature.setParameter(new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1));
                return signature;
            case true:
                Signature signature2 = Signature.getInstance("RSASSA-PSS");
                signature2.setParameter(new PSSParameterSpec("SHA-384", "MGF1", MGF1ParameterSpec.SHA384, 48, 1));
                return signature2;
            case true:
                Signature signature3 = Signature.getInstance("RSASSA-PSS");
                signature3.setParameter(new PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, 64, 1));
                return signature3;
            case true:
                return Signature.getInstance(EdDSA);
            default:
                throw new NoSuchAlgorithmException();
        }
    }

    public static boolean verifySignature(String str, X509Certificate x509Certificate, byte[] bArr, byte[] bArr2) throws InvalidKeyException, SignatureException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        if (str == null || x509Certificate == null || bArr == null || bArr2 == null) {
            throw new SignatureException("Cannot validate signature, one of {alg, certificate, signature, data} is null");
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case 66245349:
                if (str.equals(ES256)) {
                    z = false;
                    break;
                }
                break;
            case 66246401:
                if (str.equals(ES384)) {
                    z = true;
                    break;
                }
                break;
            case 66248104:
                if (str.equals(ES512)) {
                    z = 2;
                    break;
                }
                break;
            case 2053605894:
                if (str.equals(ES256K)) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
            case true:
                if (!isASN1(bArr)) {
                    bArr = toASN1(bArr);
                    break;
                }
                break;
        }
        Signature signature = getSignature(str);
        if (signature == null) {
            throw new SignatureException("Cannot get a signature for: " + str);
        }
        signature.initVerify(x509Certificate);
        signature.update(bArr2);
        return signature.verify(bArr);
    }

    private static int getSignatureLength(String str, PublicKey publicKey) throws NoSuchAlgorithmException {
        if (publicKey instanceof RSAKey) {
            return (((RSAKey) publicKey).getModulus().bitLength() + 7) >> 3;
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case 81424:
                if (str.equals(RS1)) {
                    z = 6;
                    break;
                }
                break;
            case 66245349:
                if (str.equals(ES256)) {
                    z = true;
                    break;
                }
                break;
            case 66246401:
                if (str.equals(ES384)) {
                    z = 3;
                    break;
                }
                break;
            case 66248104:
                if (str.equals(ES512)) {
                    z = 4;
                    break;
                }
                break;
            case 66770035:
                if (str.equals(EdDSA)) {
                    z = false;
                    break;
                }
                break;
            case 69015912:
                if (str.equals(HS256)) {
                    z = 5;
                    break;
                }
                break;
            case 69016964:
                if (str.equals(HS384)) {
                    z = 9;
                    break;
                }
                break;
            case 69018667:
                if (str.equals(HS512)) {
                    z = 12;
                    break;
                }
                break;
            case 76404080:
                if (str.equals(PS256)) {
                    z = 8;
                    break;
                }
                break;
            case 76405132:
                if (str.equals(PS384)) {
                    z = 11;
                    break;
                }
                break;
            case 76406835:
                if (str.equals(PS512)) {
                    z = 14;
                    break;
                }
                break;
            case 78251122:
                if (str.equals(RS256)) {
                    z = 7;
                    break;
                }
                break;
            case 78252174:
                if (str.equals(RS384)) {
                    z = 10;
                    break;
                }
                break;
            case 78253877:
                if (str.equals(RS512)) {
                    z = 13;
                    break;
                }
                break;
            case 2053605894:
                if (str.equals(ES256K)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
                return 64;
            case true:
                return 96;
            case true:
                return 132;
            case true:
            case true:
            case true:
            case true:
                return 256;
            case true:
            case true:
            case true:
                return 384;
            case true:
            case true:
            case true:
                return 512;
            default:
                throw new NoSuchAlgorithmException();
        }
    }

    public static X509Certificate parseX5c(String str) throws CertificateException {
        String extractCRLs;
        X509Certificate x509Certificate = (X509Certificate) X509.generateCertificate(new ByteArrayInputStream(addBoundaries(str, PEMParser.TYPE_CERTIFICATE).getBytes(StandardCharsets.UTF_8)));
        if (LOG.isDebugEnabled() && (extractCRLs = extractCRLs(x509Certificate)) != null) {
            LOG.debug("CRL Distribution Point: " + extractCRLs);
        }
        return x509Certificate;
    }

    public static X509Certificate parseX5c(byte[] bArr) throws CertificateException {
        String extractCRLs;
        X509Certificate x509Certificate = (X509Certificate) X509.generateCertificate(new ByteArrayInputStream(bArr));
        if (LOG.isDebugEnabled() && (extractCRLs = extractCRLs(x509Certificate)) != null) {
            LOG.debug("CRL Distribution Point: " + extractCRLs);
        }
        return x509Certificate;
    }

    public static String extractCRLs(X509Certificate x509Certificate) throws CertificateException {
        byte[] extensionValue;
        if (x509Certificate == null || (extensionValue = x509Certificate.getExtensionValue("2.5.29.31")) == null) {
            return null;
        }
        ASN1.ASN parseASN1 = ASN1.parseASN1(extensionValue);
        if (!parseASN1.is(4)) {
            throw new CertificateException("2.5.29.31 Extension is not an ASN.1 OCTET STRING!");
        }
        ASN1.ASN parseASN12 = ASN1.parseASN1(parseASN1.binary(0));
        if (!parseASN12.is(16)) {
            throw new CertificateException("2.5.29.31 Extension is not an ASN.1 SEQUENCE!");
        }
        for (int i = 0; i < parseASN12.length(); i++) {
            ASN1.ASN object = parseASN12.object(i, 16).object(0).object(0).object(0, 134);
            if (object != null) {
                return new String(object.binary(0), StandardCharsets.US_ASCII);
            }
        }
        return null;
    }

    public static X509CRL parseX5crl(String str) throws CRLException {
        return (X509CRL) X509.generateCRL(new ByteArrayInputStream(addBoundaries(str, PEMParser.TYPE_X509_CRL).getBytes(StandardCharsets.UTF_8)));
    }

    public static X509CRL parseX5crl(byte[] bArr) throws CRLException {
        return (X509CRL) X509.generateCRL(new ByteArrayInputStream(bArr));
    }

    private static boolean byteAtIndexIs(byte[] bArr, int i, int i2) {
        return bArr != null && bArr.length > i && Byte.toUnsignedInt(bArr[i]) == i2;
    }

    private static boolean byteAtIndexLte(byte[] bArr, int i, int i2) {
        return bArr != null && bArr.length > i && bArr[i] > 0 && Byte.toUnsignedInt(bArr[i]) <= i2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v11, types: [int] */
    /* JADX WARN: Type inference failed for: r0v25, types: [int] */
    public static boolean isASN1(byte[] bArr) {
        int i;
        if (!byteAtIndexIs(bArr, 0, 48)) {
            return false;
        }
        if (bArr.length < 128) {
            i = 0;
        } else {
            if (!byteAtIndexIs(bArr, 1, 129)) {
                return false;
            }
            i = 1;
        }
        if (!byteAtIndexIs(bArr, i + 1, (bArr.length - i) - 2)) {
            return false;
        }
        byte b = i + 2;
        for (int i2 = 0; i2 < 2; i2++) {
            if (!byteAtIndexIs(bArr, b, 2) || !byteAtIndexLte(bArr, b + 1, (bArr.length - b) - 2)) {
                return false;
            }
            b = b + bArr[b + 1] + 2;
        }
        return b == bArr.length;
    }

    public static byte[] toJWS(byte[] bArr, int i) {
        int i2;
        if (bArr.length < 8 || bArr[0] != 48) {
            throw new RuntimeException("Invalid ECDSA signature format");
        }
        if (bArr[1] > 0) {
            i2 = 2;
        } else {
            if (bArr[1] != -127) {
                throw new RuntimeException("Invalid ECDSA signature format");
            }
            i2 = 3;
        }
        byte b = bArr[i2 + 1];
        int i3 = b;
        while (i3 > 0 && bArr[((i2 + 2) + b) - i3] == 0) {
            i3--;
        }
        byte b2 = bArr[i2 + 2 + b + 1];
        int i4 = b2;
        while (i4 > 0 && bArr[((((i2 + 2) + b) + 2) + b2) - i4] == 0) {
            i4--;
        }
        int max = Math.max(Math.max(i3, i4), i / 2);
        if ((bArr[i2 - 1] & 255) != bArr.length - i2 || (bArr[i2 - 1] & 255) != 2 + b + 2 + b2 || bArr[i2] != 2 || bArr[i2 + 2 + b] != 2) {
            throw new RuntimeException("Invalid ECDSA signature format");
        }
        byte[] bArr2 = new byte[2 * max];
        System.arraycopy(bArr, ((i2 + 2) + b) - i3, bArr2, max - i3, i3);
        System.arraycopy(bArr, ((((i2 + 2) + b) + 2) + b2) - i4, bArr2, (2 * max) - i4, i4);
        return bArr2;
    }

    public static byte[] toASN1(byte[] bArr) {
        byte[] bArr2;
        int i;
        int length = bArr.length / 2;
        int i2 = length;
        while (i2 > 0 && bArr[length - i2] == 0) {
            i2--;
        }
        int i3 = i2;
        if (bArr[length - i2] < 0) {
            i3++;
        }
        int i4 = length;
        while (i4 > 0 && bArr[(2 * length) - i4] == 0) {
            i4--;
        }
        if (i4 == 0) {
            throw new RuntimeException("Invalid ECDSA signature");
        }
        int i5 = i4;
        if (bArr[(2 * length) - i4] < 0) {
            i5++;
        }
        int i6 = 2 + i3 + 2 + i5;
        if (i6 > 255) {
            throw new RuntimeException("Invalid ECDSA signature format");
        }
        if (i6 < 128) {
            bArr2 = new byte[4 + i3 + 2 + i5];
            i = 1;
        } else {
            bArr2 = new byte[5 + i3 + 2 + i5];
            bArr2[1] = -127;
            i = 2;
        }
        bArr2[0] = 48;
        int i7 = i;
        int i8 = i + 1;
        bArr2[i7] = (byte) i6;
        int i9 = i8 + 1;
        bArr2[i8] = 2;
        int i10 = i9 + 1;
        bArr2[i9] = (byte) i3;
        System.arraycopy(bArr, length - i2, bArr2, (i10 + i3) - i2, i2);
        int i11 = i10 + i3;
        int i12 = i11 + 1;
        bArr2[i11] = 2;
        bArr2[i12] = (byte) i5;
        System.arraycopy(bArr, (2 * length) - i4, bArr2, ((i12 + 1) + i5) - i4, i4);
        return bArr2;
    }

    private static String addBoundaries(String str, String str2) {
        String str3 = "-----BEGIN " + str2 + "-----\n";
        String str4 = "\n-----END " + str2 + "-----\n";
        return (str.contains(str3) && str.contains(str4)) ? str : str3 + str + str4;
    }

    static {
        try {
            X509 = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new RuntimeException(e);
        }
    }
}
