package org.xdi.oxauth.model.jws;

import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.xdi.oxauth.model.exception.InvalidJwtException;
import org.xdi.oxauth.model.jwt.Jwt;
import org.xdi.oxauth.model.util.Base64Util;
import org.xdi.oxauth.model.util.JwtUtil;

/* loaded from: input_file:org/xdi/oxauth/model/jws/AbstractJwsSigner.class */
public abstract class AbstractJwsSigner implements JwsSigner {
    private static final Logger LOG = Logger.getLogger((Class<?>) AbstractJwsSigner.class);
    private SignatureAlgorithm signatureAlgorithm;

    public AbstractJwsSigner(SignatureAlgorithm signatureAlgorithm) {
        this.signatureAlgorithm = signatureAlgorithm;
    }

    @Override // org.xdi.oxauth.model.jws.JwsSigner
    public SignatureAlgorithm getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    @Override // org.xdi.oxauth.model.jws.JwsSigner
    public Jwt sign(Jwt jwt) throws InvalidJwtException, SignatureException {
        jwt.setEncodedSignature(generateSignature(jwt.getSigningInput()));
        return jwt;
    }

    @Override // org.xdi.oxauth.model.jws.JwsSigner
    public boolean validate(Jwt jwt) {
        try {
            return validateSignature(jwt.getSigningInput(), jwt.getEncodedSignature());
        } catch (SignatureException e) {
            LOG.error(e.getMessage(), e);
            return false;
        } catch (InvalidJwtException e2) {
            LOG.error(e2.getMessage(), e2);
            return false;
        } catch (Exception e3) {
            LOG.error(e3.getMessage(), e3);
            return false;
        }
    }

    public boolean validateAuthorizationCode(String str, Jwt jwt) {
        return validateHash(str, jwt.getClaims().getClaimAsString("c_hash"));
    }

    public boolean validateAccessToken(String str, Jwt jwt) {
        return validateHash(str, jwt.getClaims().getClaimAsString("at_hash"));
    }

    private boolean validateHash(String str, String str2) {
        boolean z = false;
        try {
            if (this.signatureAlgorithm != null && StringUtils.isNotBlank(str) && StringUtils.isNotBlank(str2)) {
                byte[] bArr = null;
                if (this.signatureAlgorithm == SignatureAlgorithm.HS256 || this.signatureAlgorithm == SignatureAlgorithm.RS256 || this.signatureAlgorithm == SignatureAlgorithm.ES256) {
                    bArr = JwtUtil.getMessageDigestSHA256(str);
                } else if (this.signatureAlgorithm == SignatureAlgorithm.HS384 || this.signatureAlgorithm == SignatureAlgorithm.RS384 || this.signatureAlgorithm == SignatureAlgorithm.ES512) {
                    bArr = JwtUtil.getMessageDigestSHA384(str);
                } else if (this.signatureAlgorithm == SignatureAlgorithm.HS512 || this.signatureAlgorithm == SignatureAlgorithm.RS384 || this.signatureAlgorithm == SignatureAlgorithm.ES512) {
                    bArr = JwtUtil.getMessageDigestSHA512(str);
                }
                if (bArr != null) {
                    byte[] bArr2 = new byte[bArr.length / 2];
                    System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
                    z = Base64Util.base64urlencode(bArr2).equals(str2);
                }
            }
        } catch (NoSuchAlgorithmException e) {
            LOG.error(e.getMessage(), e);
            z = false;
        } catch (NoSuchProviderException e2) {
            LOG.error(e2.getMessage(), e2);
            z = false;
        } catch (Exception e3) {
            LOG.error(e3.getMessage(), e3);
            z = false;
        }
        return z;
    }

    public abstract String generateSignature(String str) throws SignatureException;

    public abstract boolean validateSignature(String str, String str2) throws SignatureException;
}
