package one.credify.crypto;

import com.fasterxml.jackson.core.JsonProcessingException;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import one.credify.sdk.utils.Constants;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.edec.EdECObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.generators.Ed25519KeyPairGenerator;
import org.bouncycastle.crypto.params.Ed25519KeyGenerationParameters;
import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
import org.bouncycastle.crypto.signers.Ed25519Signer;
import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:one/credify/crypto/Signing.class */
public class Signing {
    private Ed25519PublicKeyParameters publicKey;
    private Ed25519PrivateKeyParameters privateKey;
    private String publicKeyPem;
    private String privateKeyPem;

    public Signing() {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    public byte[] getPublicKey() throws IOException {
        return SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(this.publicKey).getEncoded();
    }

    public byte[] getPrivateKey() throws IOException {
        return new PrivateKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), new DEROctetString(this.privateKey.getEncoded()), (ASN1Set) null, (byte[]) null).getEncoded();
    }

    public String getPublicKeyString() throws IOException {
        if (this.publicKeyPem != null) {
            return this.publicKeyPem;
        }
        PemObject pemObject = new PemObject("PUBLIC KEY", getPublicKey());
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        pemWriter.writeObject(pemObject);
        pemWriter.close();
        this.publicKeyPem = stringWriter.toString().trim();
        return this.publicKeyPem;
    }

    public String getPrivateKeyString() throws IOException {
        if (this.privateKeyPem != null) {
            return this.privateKeyPem;
        }
        PemObject pemObject = new PemObject("PRIVATE KEY", getPrivateKey());
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        pemWriter.writeObject(pemObject);
        pemWriter.close();
        this.privateKeyPem = stringWriter.toString().trim();
        return this.privateKeyPem;
    }

    public void generateKeyPair() {
        SecureRandom secureRandom = new SecureRandom();
        Ed25519KeyPairGenerator ed25519KeyPairGenerator = new Ed25519KeyPairGenerator();
        ed25519KeyPairGenerator.init(new Ed25519KeyGenerationParameters(secureRandom));
        AsymmetricCipherKeyPair generateKeyPair = ed25519KeyPairGenerator.generateKeyPair();
        this.privateKey = generateKeyPair.getPrivate();
        this.publicKey = generateKeyPair.getPublic();
    }

    public void importPublicKey(String str) throws IOException, InvalidKeyException {
        if (!str.startsWith(Utils.BEGIN_PUBLIC_KEY)) {
            str = "-----BEGIN PUBLIC KEY-----\n" + str + "\n-----END PUBLIC KEY-----";
        }
        Object readObject = new PEMParser(new StringReader(str)).readObject();
        if (!(readObject instanceof SubjectPublicKeyInfo)) {
            throw new InvalidKeyException("Invalid public key class: " + readObject.getClass().getName());
        }
        this.publicKey = new Ed25519PublicKeyParameters(((SubjectPublicKeyInfo) readObject).getPublicKeyData().getOctets(), 0);
    }

    public void importPrivateKey(String str) throws IOException, InvalidKeyException {
        if (!str.startsWith(Utils.BEGIN_PRIVATE_KEY)) {
            str = "-----BEGIN PRIVATE KEY-----\n" + str + "\n-----END PRIVATE KEY-----";
        }
        Object readObject = new PEMParser(new StringReader(str)).readObject();
        if (!(readObject instanceof PrivateKeyInfo)) {
            throw new InvalidKeyException("Invalid private key class: " + readObject.getClass().getName());
        }
        this.privateKey = new Ed25519PrivateKeyParameters(getRawPrivateKey((PrivateKeyInfo) readObject), 0);
        this.publicKey = this.privateKey.generatePublicKey();
    }

    public void importKey(String str, String str2) throws IOException, PKCSException {
        if (!str.startsWith(Utils.BEGIN_ENCRYPTED_PRIVATE_KEY)) {
            str = "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" + str + "\n-----END ENCRYPTED PRIVATE KEY-----";
        }
        Object readObject = new PEMParser(new StringReader(str)).readObject();
        if (!(readObject instanceof PKCS8EncryptedPrivateKeyInfo)) {
            throw new PKCSException("Invalid encrypted private key class: " + readObject.getClass().getName());
        }
        this.privateKey = new Ed25519PrivateKeyParameters(getRawPrivateKey(((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(new JcePKCSPBEInputDecryptorProviderBuilder().setProvider("BC").build(str2.toCharArray()))), 0);
        this.publicKey = this.privateKey.generatePublicKey();
    }

    public String sign(byte[] bArr) {
        Ed25519Signer ed25519Signer = new Ed25519Signer();
        ed25519Signer.init(true, this.privateKey);
        ed25519Signer.update(bArr, 0, bArr.length);
        return Base64.getUrlEncoder().withoutPadding().encodeToString(ed25519Signer.generateSignature());
    }

    public String sign(String str) {
        return sign(Base64.getUrlDecoder().decode(str));
    }

    public Boolean verify(byte[] bArr, byte[] bArr2) {
        Ed25519Signer ed25519Signer = new Ed25519Signer();
        ed25519Signer.init(false, this.publicKey);
        ed25519Signer.update(bArr2, 0, bArr2.length);
        return Boolean.valueOf(ed25519Signer.verifySignature(bArr));
    }

    public Boolean verify(String str, String str2) {
        return verify(Base64.getUrlDecoder().decode(str), str2.getBytes());
    }

    public String generateApprovalToken(String str, String str2, String[] strArr, String str3) throws JsonProcessingException {
        long currentTimeMillis = (System.currentTimeMillis() / 1000) - 60;
        HashMap hashMap = new HashMap();
        hashMap.put("client_id", str);
        hashMap.put("iat", Long.valueOf(currentTimeMillis));
        hashMap.put("iss", str2);
        hashMap.put("scopes", String.join(" ", strArr));
        if (str3 != null) {
            hashMap.put("offer_code", str3);
        }
        return Jwt.generateJwt(this, hashMap);
    }

    public ClaimToken generateClaimToken(String str, String str2, String str3, Map<String, Object> map, String str4) throws NoSuchAlgorithmException, JsonProcessingException {
        long currentTimeMillis = (System.currentTimeMillis() / 1000) - 60;
        if (StringUtils.isEmpty(str4)) {
            str4 = generateCommitment();
        }
        HashMap hashMap = new HashMap(map);
        Map<String, Object> convertJsonToMap = convertJsonToMap(map);
        hashMap.put(str3.contentEquals(Constants.CUSTOM_SCOPE_NAME_SPLIT) ? str3 + ":commitment" : str3 + "_commitment", str4);
        byte[] hashObject = Utils.hashObject(hashMap);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("iat", Long.valueOf(currentTimeMillis));
        hashMap2.put("iss", str);
        hashMap2.put("user_id", str2);
        hashMap2.put("scope_name", str3);
        hashMap2.put("scope_hash", Base64.getUrlEncoder().withoutPadding().encodeToString(hashObject));
        hashMap2.put("claims", convertJsonToMap);
        return ClaimToken.builder().token(Jwt.generateJwt(this, hashMap2)).commitment(str4).build();
    }

    public String generateRequestToken(String str, String str2, List<String> list, String str3, String str4, String str5) throws JsonProcessingException {
        long currentTimeMillis = (System.currentTimeMillis() / 1000) - 60;
        HashMap hashMap = new HashMap();
        if (StringUtils.isNotEmpty(str2)) {
            hashMap.put("encryption_public_key", str2);
        }
        hashMap.put("iat", Long.valueOf(currentTimeMillis));
        hashMap.put("iss", str);
        hashMap.put("scopes", StringUtils.join(list.toArray(), " "));
        if (str3 != null && str3.length() > 0) {
            hashMap.put("offer_code", str3);
        }
        if (str4 != null && str4.length() > 0) {
            hashMap.put("package_code", str4);
        }
        if (str5 != null && str5.length() > 0) {
            hashMap.put("dop_code", str5);
        }
        return Jwt.generateJwt(this, hashMap);
    }

    public boolean verifyJwt(String str) throws Exception {
        String[] split = str.split("\\.");
        if (split.length < 3) {
            throw new Exception("invalid jwt token");
        }
        return verify(split[2], split[0] + "." + split[1]).booleanValue();
    }

    private String generateCommitment() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }

    private static byte[] parsePemString(String str) throws IOException {
        PemReader pemReader = new PemReader(new StringReader(str));
        byte[] content = pemReader.readPemObject().getContent();
        pemReader.close();
        return content;
    }

    private static byte[] getRawPrivateKey(PrivateKeyInfo privateKeyInfo) throws IOException {
        byte[] octets = ASN1OctetString.getInstance(privateKeyInfo.parsePrivateKey()).getOctets();
        if (32 != octets.length) {
            throw new RuntimeException("private key encoding has incorrect length");
        }
        return octets;
    }

    private static Map<String, Object> convertJsonToMap(Map<String, Object> map) {
        if (map == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            String key = entry.getKey();
            Object value = entry.getValue();
            if (value != null && (!(value instanceof String) || !((String) value).isEmpty())) {
                if (value instanceof Map) {
                    Map<String, Object> convertJsonToMap = convertJsonToMap((Map) value);
                    if (convertJsonToMap != null && !convertJsonToMap.isEmpty()) {
                        hashMap.put(key, convertJsonToMap);
                    }
                } else if (!key.contains("commitment")) {
                    hashMap.put(key, Boolean.TRUE);
                }
            }
        }
        return hashMap;
    }
}
