package org.xdi.oxauth.model.util;

import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.math.ec.ECFieldElement;
import org.bouncycastle.math.ec.ECPoint;
import org.codehaus.jettison.json.JSONObject;
import org.xdi.oxauth.model.common.SignatureAlgorithm;
import org.xdi.oxauth.model.webkey.k.KeyValue;

/* loaded from: input_file:org/xdi/oxauth/model/util/JwtUtil.class */
public class JwtUtil {
    public static String encodeJwt(JSONObject jSONObject, JSONObject jSONObject2, byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        String str = "";
        String jSONObject3 = jSONObject.toString();
        String jSONObject4 = jSONObject2.toString();
        String base64urlencode = base64urlencode(jSONObject3.getBytes());
        String base64urlencode2 = base64urlencode(jSONObject4.getBytes());
        try {
            str = base64urlencode(getSignatureHS256((base64urlencode + "." + base64urlencode2).getBytes(), bArr));
        } catch (InvalidKeyException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
        }
        sb.append(base64urlencode).append('.').append(base64urlencode2).append('.').append(str);
        return sb.toString();
    }

    public static boolean validateSignature(String str, String str2, String str3, String str4) {
        boolean z = false;
        try {
            z = Arrays.equals(base64urldecode(str3), getSignatureHS256((str + "." + str2).getBytes(), base64urldecode(str4)));
        } catch (InvalidKeyException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
        } catch (Exception e3) {
            e3.printStackTrace();
        }
        return z;
    }

    public static boolean validateSignature(byte[] bArr, byte[] bArr2, SignatureAlgorithm signatureAlgorithm, KeyValue keyValue, byte[] bArr3) throws InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, IOException, NoSuchProviderException, InvalidKeySpecException, NoSuchPaddingException, BadPaddingException, SignatureException {
        boolean z = false;
        switch (signatureAlgorithm) {
            case HS256:
                z = Arrays.equals(bArr, getSignatureHS256(bArr2, bArr3));
                break;
            case HS384:
                z = Arrays.equals(bArr, getSignatureHS384(bArr2, bArr3));
                break;
            case HS512:
                z = Arrays.equals(bArr, getSignatureHS512(bArr2, bArr3));
                break;
            case RS256:
                z = verifySignatureRS256(bArr2, bArr, new RSAPublicKeySpec(keyValue.getModulus(), keyValue.getExponent()));
                break;
            case RS384:
                z = verifySignatureRS384(bArr2, bArr, new RSAPublicKeySpec(keyValue.getModulus(), keyValue.getExponent()));
                break;
            case RS512:
                z = verifySignatureRS512(bArr2, bArr, new RSAPublicKeySpec(keyValue.getModulus(), keyValue.getExponent()));
                break;
            case ES256:
                z = verifySignatureES256(bArr2, bArr, keyValue.getX(), keyValue.getY());
                break;
            case ES384:
                z = verifySignatureES384(bArr2, bArr, keyValue.getX(), keyValue.getY());
                break;
            case ES512:
                z = verifySignatureES512(bArr2, bArr, keyValue.getX(), keyValue.getY());
                break;
        }
        return z;
    }

    public static String base64urlencode(byte[] bArr) {
        return Base64.encodeBase64String(bArr).split("=")[0].replace('+', '-').replace('/', '_');
    }

    public static byte[] base64urldecode(String str) throws IllegalArgumentException {
        String replace = str.replace('-', '+').replace('_', '/');
        switch (replace.length() % 4) {
            case 0:
                break;
            case 1:
            default:
                throw new IllegalArgumentException("Illegal base64url string.");
            case 2:
                replace = replace + "==";
                break;
            case 3:
                replace = replace + "=";
                break;
        }
        return Base64.decodeBase64(replace);
    }

    public static void printAlgorithmsAndProviders() {
        Security.addProvider(new BouncyCastleProvider());
        Iterator<String> it = Security.getAlgorithms("Signature").iterator();
        while (it.hasNext()) {
            System.out.println("Algorithm (Signature): " + it.next());
        }
        Iterator<String> it2 = Security.getAlgorithms("MessageDigest").iterator();
        while (it2.hasNext()) {
            System.out.println("Algorithm (MessageDigest): " + it2.next());
        }
        Iterator<String> it3 = Security.getAlgorithms("Cipher").iterator();
        while (it3.hasNext()) {
            System.out.println("Algorithm (Cipher): " + it3.next());
        }
        Iterator<String> it4 = Security.getAlgorithms("Mac").iterator();
        while (it4.hasNext()) {
            System.out.println("Algorithm (Mac): " + it4.next());
        }
        Iterator<String> it5 = Security.getAlgorithms("KeyStore").iterator();
        while (it5.hasNext()) {
            System.out.println("Algorithm (KeyStore): " + it5.next());
        }
        for (Provider provider : Security.getProviders()) {
            System.out.println("Provider: " + provider.getName());
        }
    }

    public static byte[] getMessageDigestSHA256(String str) throws NoSuchProviderException, NoSuchAlgorithmException {
        Security.addProvider(new BouncyCastleProvider());
        return MessageDigest.getInstance("SHA-256", "BC").digest(str.getBytes());
    }

    public static byte[] getMessageDigestSHA384(String str) throws NoSuchProviderException, NoSuchAlgorithmException {
        Security.addProvider(new BouncyCastleProvider());
        return MessageDigest.getInstance("SHA-384", "BC").digest(str.getBytes());
    }

    public static byte[] getMessageDigestSHA512(String str) throws NoSuchProviderException, NoSuchAlgorithmException {
        Security.addProvider(new BouncyCastleProvider());
        return MessageDigest.getInstance("SHA-512", "BC").digest(str.getBytes());
    }

    public static byte[] getSignatureHS256(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "HMACSHA256");
        Mac mac = Mac.getInstance("HMACSHA256");
        mac.init(secretKeySpec);
        return mac.doFinal(bArr);
    }

    public static byte[] getSignatureHS384(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "HMACSHA384");
        Mac mac = Mac.getInstance("HMACSHA384");
        mac.init(secretKeySpec);
        return mac.doFinal(bArr);
    }

    public static byte[] getSignatureHS512(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "HMACSHA512");
        Mac mac = Mac.getInstance("HMACSHA512");
        mac.init(secretKeySpec);
        return mac.doFinal(bArr);
    }

    public static KeyPair generateRsaKey() throws NoSuchAlgorithmException, NoSuchProviderException {
        Security.addProvider(new BouncyCastleProvider());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(2048, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        generateKeyPair.getPrivate();
        generateKeyPair.getPublic();
        return generateKeyPair;
    }

    public static byte[] getSignatureRS256(byte[] bArr, RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
        Security.addProvider(new BouncyCastleProvider());
        PrivateKey generatePrivate = KeyFactory.getInstance("RSA", "BC").generatePrivate(rSAPrivateCrtKeySpec);
        Signature signature = Signature.getInstance("SHA256withRSA", "BC");
        signature.initSign(generatePrivate);
        signature.update(bArr);
        return signature.sign();
    }

    public static boolean verifySignatureRS256(byte[] bArr, byte[] bArr2, RSAPublicKeySpec rSAPublicKeySpec) throws NoSuchProviderException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException {
        Security.addProvider(new BouncyCastleProvider());
        PublicKey generatePublic = KeyFactory.getInstance("RSA", "BC").generatePublic(rSAPublicKeySpec);
        Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
        cipher.init(2, generatePublic);
        ASN1Sequence readObject = new ASN1InputStream(cipher.doFinal(bArr2)).readObject();
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256", "BC");
        messageDigest.update(bArr);
        return MessageDigest.isEqual(messageDigest.digest(), readObject.getObjectAt(1).getOctets());
    }

    public static byte[] getSignatureRS384(byte[] bArr, RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
        Security.addProvider(new BouncyCastleProvider());
        PrivateKey generatePrivate = KeyFactory.getInstance("RSA", "BC").generatePrivate(rSAPrivateCrtKeySpec);
        Signature signature = Signature.getInstance("SHA384withRSA", "BC");
        signature.initSign(generatePrivate);
        signature.update(bArr);
        return signature.sign();
    }

    public static boolean verifySignatureRS384(byte[] bArr, byte[] bArr2, RSAPublicKeySpec rSAPublicKeySpec) throws NoSuchProviderException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException {
        Security.addProvider(new BouncyCastleProvider());
        PublicKey generatePublic = KeyFactory.getInstance("RSA", "BC").generatePublic(rSAPublicKeySpec);
        Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
        cipher.init(2, generatePublic);
        ASN1Sequence readObject = new ASN1InputStream(cipher.doFinal(bArr2)).readObject();
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-384", "BC");
        messageDigest.update(bArr);
        return MessageDigest.isEqual(messageDigest.digest(), readObject.getObjectAt(1).getOctets());
    }

    public static byte[] getSignatureRS512(byte[] bArr, RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
        Security.addProvider(new BouncyCastleProvider());
        PrivateKey generatePrivate = KeyFactory.getInstance("RSA", "BC").generatePrivate(rSAPrivateCrtKeySpec);
        Signature signature = Signature.getInstance("SHA512withRSA", "BC");
        signature.initSign(generatePrivate);
        signature.update(bArr);
        return signature.sign();
    }

    public static boolean verifySignatureRS512(byte[] bArr, byte[] bArr2, RSAPublicKeySpec rSAPublicKeySpec) throws NoSuchProviderException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException {
        Security.addProvider(new BouncyCastleProvider());
        PublicKey generatePublic = KeyFactory.getInstance("RSA", "BC").generatePublic(rSAPublicKeySpec);
        Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
        cipher.init(2, generatePublic);
        ASN1Sequence readObject = new ASN1InputStream(cipher.doFinal(bArr2)).readObject();
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-512", "BC");
        messageDigest.update(bArr);
        return MessageDigest.isEqual(messageDigest.digest(), readObject.getObjectAt(1).getOctets());
    }

    public static KeyPair generateKeyES256() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        Security.addProvider(new BouncyCastleProvider());
        AlgorithmParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("P-256");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDSA", "BC");
        keyPairGenerator.initialize(parameterSpec, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        generateKeyPair.getPrivate();
        generateKeyPair.getPublic();
        return generateKeyPair;
    }

    public static KeyPair generateKeyES384() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        Security.addProvider(new BouncyCastleProvider());
        AlgorithmParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("P-384");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDSA", "BC");
        keyPairGenerator.initialize(parameterSpec, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        generateKeyPair.getPrivate();
        generateKeyPair.getPublic();
        return generateKeyPair;
    }

    public static KeyPair generateKeyES512() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        Security.addProvider(new BouncyCastleProvider());
        AlgorithmParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("P-521");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDSA", "BC");
        keyPairGenerator.initialize(parameterSpec, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        generateKeyPair.getPrivate();
        generateKeyPair.getPublic();
        return generateKeyPair;
    }

    public static byte[] getSignatureES256(byte[] bArr, BigInteger bigInteger) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
        Security.addProvider(new BouncyCastleProvider());
        PrivateKey generatePrivate = KeyFactory.getInstance("ECDSA", "BC").generatePrivate(new ECPrivateKeySpec(bigInteger, ECNamedCurveTable.getParameterSpec("P-256")));
        Signature signature = Signature.getInstance("SHA256WITHECDSA", "BC");
        signature.initSign(generatePrivate);
        signature.update(bArr);
        return signature.sign();
    }

    public static byte[] getSignatureES384(byte[] bArr, BigInteger bigInteger) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
        Security.addProvider(new BouncyCastleProvider());
        PrivateKey generatePrivate = KeyFactory.getInstance("ECDSA", "BC").generatePrivate(new ECPrivateKeySpec(bigInteger, ECNamedCurveTable.getParameterSpec("P-384")));
        Signature signature = Signature.getInstance("SHA384WITHECDSA", "BC");
        signature.initSign(generatePrivate);
        signature.update(bArr);
        return signature.sign();
    }

    public static byte[] getSignatureES512(byte[] bArr, BigInteger bigInteger) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
        Security.addProvider(new BouncyCastleProvider());
        PrivateKey generatePrivate = KeyFactory.getInstance("ECDSA", "BC").generatePrivate(new ECPrivateKeySpec(bigInteger, ECNamedCurveTable.getParameterSpec("P-521")));
        Signature signature = Signature.getInstance("SHA512WITHECDSA", "BC");
        signature.initSign(generatePrivate);
        signature.update(bArr);
        return signature.sign();
    }

    public static boolean verifySignatureES256(byte[] bArr, byte[] bArr2, BigInteger bigInteger, BigInteger bigInteger2) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException, SignatureException {
        Security.addProvider(new BouncyCastleProvider());
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("P-256");
        BigInteger q = parameterSpec.getCurve().getQ();
        PublicKey generatePublic = KeyFactory.getInstance("ECDSA", "BC").generatePublic(new ECPublicKeySpec(new ECPoint.Fp(parameterSpec.getCurve(), new ECFieldElement.Fp(q, bigInteger), new ECFieldElement.Fp(q, bigInteger2)), parameterSpec));
        Signature signature = Signature.getInstance("SHA256WITHECDSA", "BC");
        signature.initVerify(generatePublic);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public static boolean verifySignatureES384(byte[] bArr, byte[] bArr2, BigInteger bigInteger, BigInteger bigInteger2) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException, SignatureException {
        Security.addProvider(new BouncyCastleProvider());
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("P-384");
        BigInteger q = parameterSpec.getCurve().getQ();
        PublicKey generatePublic = KeyFactory.getInstance("ECDSA", "BC").generatePublic(new ECPublicKeySpec(new ECPoint.Fp(parameterSpec.getCurve(), new ECFieldElement.Fp(q, bigInteger), new ECFieldElement.Fp(q, bigInteger2)), parameterSpec));
        Signature signature = Signature.getInstance("SHA384WITHECDSA", "BC");
        signature.initVerify(generatePublic);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public static boolean verifySignatureES512(byte[] bArr, byte[] bArr2, BigInteger bigInteger, BigInteger bigInteger2) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException, SignatureException {
        Security.addProvider(new BouncyCastleProvider());
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("P-521");
        BigInteger q = parameterSpec.getCurve().getQ();
        PublicKey generatePublic = KeyFactory.getInstance("ECDSA", "BC").generatePublic(new ECPublicKeySpec(new ECPoint.Fp(parameterSpec.getCurve(), new ECFieldElement.Fp(q, bigInteger), new ECFieldElement.Fp(q, bigInteger2)), parameterSpec));
        Signature signature = Signature.getInstance("SHA512WITHECDSA", "BC");
        signature.initVerify(generatePublic);
        signature.update(bArr);
        return signature.verify(bArr2);
    }
}
