package org.xdi.oxauth.model.util;

import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.Iterator;
import javassist.bytecode.SignatureAttribute;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.commons.io.IOUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.X509CertificateObject;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.math.ec.ECCurve;
import org.bouncycastle.math.ec.ECFieldElement;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.openssl.PEMReader;
import org.codehaus.jettison.json.JSONArray;
import org.codehaus.jettison.json.JSONException;
import org.codehaus.jettison.json.JSONObject;
import org.jboss.resteasy.client.ClientRequest;
import org.jboss.resteasy.client.ClientResponse;
import org.xdi.oxauth.model.crypto.Certificate;
import org.xdi.oxauth.model.crypto.signature.ECDSAEllipticCurve;
import org.xdi.oxauth.model.crypto.signature.ECDSAPrivateKey;
import org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey;
import org.xdi.oxauth.model.crypto.signature.RSAPrivateKey;
import org.xdi.oxauth.model.crypto.signature.RSAPublicKey;
import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.xdi.oxauth.model.jwk.JWKParameter;
import org.xdi.util.StringHelper;

/* loaded from: input_file:org/xdi/oxauth/model/util/JwtUtil.class */
public class JwtUtil {
    private static final Logger log = Logger.getLogger(JwtUtil.class);

    public static byte[] unsignedToBytes(int[] iArr) {
        byte[] bArr = new byte[iArr.length];
        for (int i = 0; i < iArr.length; i++) {
            bArr[i] = (byte) iArr[i];
        }
        return bArr;
    }

    public static String encodeJwt(JSONObject jSONObject, JSONObject jSONObject2, SignatureAlgorithm signatureAlgorithm) {
        if (jSONObject == null || jSONObject2 == null || signatureAlgorithm != SignatureAlgorithm.NONE) {
            return null;
        }
        return encodeJwt(jSONObject, jSONObject2, signatureAlgorithm, null, null, null);
    }

    public static String encodeJwt(JSONObject jSONObject, JSONObject jSONObject2, SignatureAlgorithm signatureAlgorithm, String str) {
        if (jSONObject == null || jSONObject2 == null || signatureAlgorithm == null || str == null) {
            return null;
        }
        return encodeJwt(jSONObject, jSONObject2, signatureAlgorithm, str, null, null);
    }

    public static String encodeJwt(JSONObject jSONObject, JSONObject jSONObject2, SignatureAlgorithm signatureAlgorithm, RSAPrivateKey rSAPrivateKey) {
        if (jSONObject == null || jSONObject2 == null || signatureAlgorithm == null || rSAPrivateKey == null) {
            return null;
        }
        return encodeJwt(jSONObject, jSONObject2, signatureAlgorithm, null, rSAPrivateKey, null);
    }

    public static String encodeJwt(JSONObject jSONObject, JSONObject jSONObject2, SignatureAlgorithm signatureAlgorithm, ECDSAPrivateKey eCDSAPrivateKey) {
        if (jSONObject == null || jSONObject2 == null || signatureAlgorithm == null || eCDSAPrivateKey == null) {
            return null;
        }
        return encodeJwt(jSONObject, jSONObject2, signatureAlgorithm, null, null, eCDSAPrivateKey);
    }

    private static String encodeJwt(JSONObject jSONObject, JSONObject jSONObject2, SignatureAlgorithm signatureAlgorithm, String str, RSAPrivateKey rSAPrivateKey, ECDSAPrivateKey eCDSAPrivateKey) {
        String str2;
        str2 = "";
        String jSONObject3 = jSONObject.toString();
        String jSONObject4 = jSONObject2.toString();
        try {
            jSONObject3 = base64urlencode(jSONObject3.getBytes("UTF-8"));
            jSONObject4 = base64urlencode(jSONObject4.getBytes("UTF-8"));
            String str3 = jSONObject3 + DefaultExpressionEngine.DEFAULT_PROPERTY_DELIMITER + jSONObject4;
            byte[] bArr = null;
            switch (signatureAlgorithm) {
                case NONE:
                    break;
                case HS256:
                    bArr = getSignatureHS256(str3.getBytes("UTF-8"), str.getBytes("UTF-8"));
                    break;
                case HS384:
                    bArr = getSignatureHS384(str3.getBytes("UTF-8"), str.getBytes("UTF-8"));
                    break;
                case HS512:
                    bArr = getSignatureHS512(str3.getBytes("UTF-8"), str.getBytes("UTF-8"));
                    break;
                case RS256:
                    bArr = getSignatureRS256(str3.getBytes("UTF-8"), rSAPrivateKey);
                    break;
                case RS384:
                    bArr = getSignatureRS384(str3.getBytes("UTF-8"), rSAPrivateKey);
                    break;
                case RS512:
                    bArr = getSignatureRS512(str3.getBytes("UTF-8"), rSAPrivateKey);
                    break;
                case ES256:
                    bArr = getSignatureES256(str3.getBytes("UTF-8"), eCDSAPrivateKey);
                    break;
                case ES384:
                    bArr = getSignatureES384(str3.getBytes("UTF-8"), eCDSAPrivateKey);
                    break;
                case ES512:
                    bArr = getSignatureES512(str3.getBytes("UTF-8"), eCDSAPrivateKey);
                    break;
                default:
                    throw new UnsupportedOperationException("Algorithm not supported");
            }
            str2 = bArr != null ? base64urlencode(bArr) : "";
        } catch (UnsupportedEncodingException e) {
            log.error(e.getMessage(), e);
        } catch (InvalidKeyException e2) {
            log.error(e2.getMessage(), e2);
        } catch (NoSuchAlgorithmException e3) {
            log.error(e3.getMessage(), e3);
        } catch (NoSuchProviderException e4) {
            log.error(e4.getMessage(), e4);
        } catch (SignatureException e5) {
            log.error(e5.getMessage(), e5);
        } catch (InvalidKeySpecException e6) {
            log.error(e6.getMessage(), e6);
        }
        StringBuilder sb = new StringBuilder();
        sb.append(jSONObject3).append('.').append(jSONObject4).append('.').append(str2);
        return sb.toString();
    }

    public static boolean verifySignatureHS256(byte[] bArr, byte[] bArr2, String str) throws IllegalBlockSizeException, IOException, InvalidKeyException, NoSuchProviderException, InvalidKeySpecException, NoSuchAlgorithmException, NoSuchPaddingException, BadPaddingException {
        return Arrays.equals(bArr2, getSignatureHS256(bArr, str.getBytes("UTF-8")));
    }

    public static boolean verifySignatureHS384(byte[] bArr, byte[] bArr2, String str) throws IllegalBlockSizeException, IOException, InvalidKeyException, NoSuchProviderException, InvalidKeySpecException, NoSuchAlgorithmException, NoSuchPaddingException, BadPaddingException {
        return Arrays.equals(bArr2, getSignatureHS384(bArr, str.getBytes("UTF-8")));
    }

    public static boolean verifySignatureHS512(byte[] bArr, byte[] bArr2, String str) throws IllegalBlockSizeException, IOException, InvalidKeyException, NoSuchProviderException, InvalidKeySpecException, NoSuchAlgorithmException, NoSuchPaddingException, BadPaddingException {
        return Arrays.equals(bArr2, getSignatureHS512(bArr, str.getBytes("UTF-8")));
    }

    public static String base64urlencode(byte[] bArr) {
        return Base64Util.base64urlencode(bArr);
    }

    public static byte[] base64urldecode(String str) throws IllegalArgumentException {
        return Base64Util.base64urldecode(str);
    }

    public static void printAlgorithmsAndProviders() {
        Iterator<String> it = Security.getAlgorithms(SignatureAttribute.tag).iterator();
        while (it.hasNext()) {
            log.trace("Algorithm (Signature): " + it.next());
        }
        Iterator<String> it2 = Security.getAlgorithms("MessageDigest").iterator();
        while (it2.hasNext()) {
            log.trace("Algorithm (MessageDigest): " + it2.next());
        }
        Iterator<String> it3 = Security.getAlgorithms("Cipher").iterator();
        while (it3.hasNext()) {
            log.trace("Algorithm (Cipher): " + it3.next());
        }
        Iterator<String> it4 = Security.getAlgorithms("Mac").iterator();
        while (it4.hasNext()) {
            log.trace("Algorithm (Mac): " + it4.next());
        }
        Iterator<String> it5 = Security.getAlgorithms("KeyStore").iterator();
        while (it5.hasNext()) {
            log.trace("Algorithm (KeyStore): " + it5.next());
        }
        for (Provider provider : Security.getProviders()) {
            log.trace("Provider: " + provider.getName());
        }
    }

    public static byte[] getMessageDigestSHA256(String str) throws NoSuchProviderException, NoSuchAlgorithmException, UnsupportedEncodingException {
        return MessageDigest.getInstance("SHA-256", "BC").digest(str.getBytes("UTF-8"));
    }

    public static byte[] getMessageDigestSHA384(String str) throws NoSuchProviderException, NoSuchAlgorithmException, UnsupportedEncodingException {
        return MessageDigest.getInstance("SHA-384", "BC").digest(str.getBytes("UTF-8"));
    }

    public static byte[] getMessageDigestSHA512(String str) throws NoSuchProviderException, NoSuchAlgorithmException, UnsupportedEncodingException {
        return MessageDigest.getInstance("SHA-512", "BC").digest(str.getBytes("UTF-8"));
    }

    public static byte[] getSignatureHS256(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "HMACSHA256");
        Mac mac = Mac.getInstance("HMACSHA256");
        mac.init(secretKeySpec);
        return mac.doFinal(bArr);
    }

    public static byte[] getSignatureHS384(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "HMACSHA384");
        Mac mac = Mac.getInstance("HMACSHA384");
        mac.init(secretKeySpec);
        return mac.doFinal(bArr);
    }

    public static byte[] getSignatureHS512(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "HMACSHA512");
        Mac mac = Mac.getInstance("HMACSHA512");
        mac.init(secretKeySpec);
        return mac.doFinal(bArr);
    }

    public static KeyPair generateRsaKey() throws NoSuchAlgorithmException, NoSuchProviderException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(2048, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static byte[] getSignatureRS256(byte[] bArr, RSAPrivateKey rSAPrivateKey) throws SignatureException, InvalidKeyException, NoSuchProviderException, InvalidKeySpecException, NoSuchAlgorithmException {
        PrivateKey generatePrivate = KeyFactory.getInstance("RSA", "BC").generatePrivate(new RSAPrivateKeySpec(rSAPrivateKey.getModulus(), rSAPrivateKey.getPrivateExponent()));
        Signature signature = Signature.getInstance("SHA256withRSA", "BC");
        signature.initSign(generatePrivate);
        signature.update(bArr);
        return signature.sign();
    }

    public static boolean verifySignatureRS256(byte[] bArr, byte[] bArr2, RSAPublicKey rSAPublicKey) throws IllegalBlockSizeException, IOException, InvalidKeyException, NoSuchProviderException, InvalidKeySpecException, NoSuchAlgorithmException, NoSuchPaddingException, BadPaddingException {
        PublicKey generatePublic = KeyFactory.getInstance("RSA", "BC").generatePublic(new RSAPublicKeySpec(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
        Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
        cipher.init(2, generatePublic);
        ASN1InputStream aSN1InputStream = new ASN1InputStream(cipher.doFinal(bArr2));
        try {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1InputStream.readObject();
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256", "BC");
            messageDigest.update(bArr);
            boolean isEqual = MessageDigest.isEqual(messageDigest.digest(), ((ASN1OctetString) aSN1Sequence.getObjectAt(1)).getOctets());
            IOUtils.closeQuietly((InputStream) aSN1InputStream);
            return isEqual;
        } catch (Throwable th) {
            IOUtils.closeQuietly((InputStream) aSN1InputStream);
            throw th;
        }
    }

    public static boolean verifySignatureRS256(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate) throws NoSuchProviderException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
        cipher.init(2, publicKey);
        ASN1InputStream aSN1InputStream = new ASN1InputStream(cipher.doFinal(bArr2));
        try {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1InputStream.readObject();
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256", "BC");
            messageDigest.update(bArr);
            boolean isEqual = MessageDigest.isEqual(messageDigest.digest(), ((ASN1OctetString) aSN1Sequence.getObjectAt(1)).getOctets());
            IOUtils.closeQuietly((InputStream) aSN1InputStream);
            return isEqual;
        } catch (Throwable th) {
            IOUtils.closeQuietly((InputStream) aSN1InputStream);
            throw th;
        }
    }

    public static byte[] getSignatureRS384(byte[] bArr, RSAPrivateKey rSAPrivateKey) throws SignatureException, InvalidKeyException, NoSuchProviderException, InvalidKeySpecException, NoSuchAlgorithmException {
        PrivateKey generatePrivate = KeyFactory.getInstance("RSA", "BC").generatePrivate(new RSAPrivateKeySpec(rSAPrivateKey.getModulus(), rSAPrivateKey.getPrivateExponent()));
        Signature signature = Signature.getInstance("SHA384withRSA", "BC");
        signature.initSign(generatePrivate);
        signature.update(bArr);
        return signature.sign();
    }

    public static boolean verifySignatureRS384(byte[] bArr, byte[] bArr2, RSAPublicKey rSAPublicKey) throws IllegalBlockSizeException, IOException, InvalidKeyException, NoSuchProviderException, InvalidKeySpecException, NoSuchAlgorithmException, NoSuchPaddingException, BadPaddingException {
        PublicKey generatePublic = KeyFactory.getInstance("RSA", "BC").generatePublic(new RSAPublicKeySpec(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
        Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
        cipher.init(2, generatePublic);
        ASN1InputStream aSN1InputStream = new ASN1InputStream(cipher.doFinal(bArr2));
        try {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1InputStream.readObject();
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-384", "BC");
            messageDigest.update(bArr);
            boolean isEqual = MessageDigest.isEqual(messageDigest.digest(), ((ASN1OctetString) aSN1Sequence.getObjectAt(1)).getOctets());
            IOUtils.closeQuietly((InputStream) aSN1InputStream);
            return isEqual;
        } catch (Throwable th) {
            IOUtils.closeQuietly((InputStream) aSN1InputStream);
            throw th;
        }
    }

    public static boolean verifySignatureRS384(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate) throws NoSuchProviderException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
        cipher.init(2, publicKey);
        ASN1InputStream aSN1InputStream = new ASN1InputStream(cipher.doFinal(bArr2));
        try {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1InputStream.readObject();
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-384", "BC");
            messageDigest.update(bArr);
            boolean isEqual = MessageDigest.isEqual(messageDigest.digest(), ((ASN1OctetString) aSN1Sequence.getObjectAt(1)).getOctets());
            IOUtils.closeQuietly((InputStream) aSN1InputStream);
            return isEqual;
        } catch (Throwable th) {
            IOUtils.closeQuietly((InputStream) aSN1InputStream);
            throw th;
        }
    }

    public static byte[] getSignatureRS512(byte[] bArr, RSAPrivateKey rSAPrivateKey) throws SignatureException, InvalidKeyException, NoSuchProviderException, InvalidKeySpecException, NoSuchAlgorithmException {
        PrivateKey generatePrivate = KeyFactory.getInstance("RSA", "BC").generatePrivate(new RSAPrivateKeySpec(rSAPrivateKey.getModulus(), rSAPrivateKey.getPrivateExponent()));
        Signature signature = Signature.getInstance("SHA512withRSA", "BC");
        signature.initSign(generatePrivate);
        signature.update(bArr);
        return signature.sign();
    }

    public static boolean verifySignatureRS512(byte[] bArr, byte[] bArr2, RSAPublicKey rSAPublicKey) throws IllegalBlockSizeException, IOException, InvalidKeyException, NoSuchProviderException, InvalidKeySpecException, NoSuchAlgorithmException, NoSuchPaddingException, BadPaddingException {
        PublicKey generatePublic = KeyFactory.getInstance("RSA", "BC").generatePublic(new RSAPublicKeySpec(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
        Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
        cipher.init(2, generatePublic);
        ASN1InputStream aSN1InputStream = new ASN1InputStream(cipher.doFinal(bArr2));
        try {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1InputStream.readObject();
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-512", "BC");
            messageDigest.update(bArr);
            boolean isEqual = MessageDigest.isEqual(messageDigest.digest(), ((ASN1OctetString) aSN1Sequence.getObjectAt(1)).getOctets());
            IOUtils.closeQuietly((InputStream) aSN1InputStream);
            return isEqual;
        } catch (Throwable th) {
            IOUtils.closeQuietly((InputStream) aSN1InputStream);
            throw th;
        }
    }

    public static boolean verifySignatureRS512(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate) throws NoSuchProviderException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
        cipher.init(2, publicKey);
        ASN1InputStream aSN1InputStream = new ASN1InputStream(cipher.doFinal(bArr2));
        try {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1InputStream.readObject();
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-512", "BC");
            messageDigest.update(bArr);
            boolean isEqual = MessageDigest.isEqual(messageDigest.digest(), ((ASN1OctetString) aSN1Sequence.getObjectAt(1)).getOctets());
            IOUtils.closeQuietly((InputStream) aSN1InputStream);
            return isEqual;
        } catch (Throwable th) {
            IOUtils.closeQuietly((InputStream) aSN1InputStream);
            throw th;
        }
    }

    public static KeyPair generateKeyES256() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(ECDSAEllipticCurve.P_256);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDSA", "BC");
        keyPairGenerator.initialize(parameterSpec, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyPair generateKeyES384() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(ECDSAEllipticCurve.P_384);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDSA", "BC");
        keyPairGenerator.initialize(parameterSpec, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyPair generateKeyES512() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(ECDSAEllipticCurve.P_521);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDSA", "BC");
        keyPairGenerator.initialize(parameterSpec, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static byte[] getSignatureES256(byte[] bArr, ECDSAPrivateKey eCDSAPrivateKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
        PrivateKey generatePrivate = KeyFactory.getInstance("ECDSA", "BC").generatePrivate(new ECPrivateKeySpec(eCDSAPrivateKey.getD(), ECNamedCurveTable.getParameterSpec(ECDSAEllipticCurve.P_256)));
        Signature signature = Signature.getInstance("SHA256WITHECDSA", "BC");
        signature.initSign(generatePrivate);
        signature.update(bArr);
        return signature.sign();
    }

    public static byte[] getSignatureES384(byte[] bArr, ECDSAPrivateKey eCDSAPrivateKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
        PrivateKey generatePrivate = KeyFactory.getInstance("ECDSA", "BC").generatePrivate(new ECPrivateKeySpec(eCDSAPrivateKey.getD(), ECNamedCurveTable.getParameterSpec(ECDSAEllipticCurve.P_384)));
        Signature signature = Signature.getInstance("SHA384WITHECDSA", "BC");
        signature.initSign(generatePrivate);
        signature.update(bArr);
        return signature.sign();
    }

    public static byte[] getSignatureES512(byte[] bArr, ECDSAPrivateKey eCDSAPrivateKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
        PrivateKey generatePrivate = KeyFactory.getInstance("ECDSA", "BC").generatePrivate(new ECPrivateKeySpec(eCDSAPrivateKey.getD(), ECNamedCurveTable.getParameterSpec(ECDSAEllipticCurve.P_521)));
        Signature signature = Signature.getInstance("SHA512WITHECDSA", "BC");
        signature.initSign(generatePrivate);
        signature.update(bArr);
        return signature.sign();
    }

    public static boolean verifySignatureES256(byte[] bArr, byte[] bArr2, ECDSAPublicKey eCDSAPublicKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException, SignatureException {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(ECDSAEllipticCurve.P_256);
        BigInteger q = ((ECCurve.Fp) parameterSpec.getCurve()).getQ();
        PublicKey generatePublic = KeyFactory.getInstance("ECDSA", "BC").generatePublic(new ECPublicKeySpec(new ECPoint.Fp(parameterSpec.getCurve(), new ECFieldElement.Fp(q, eCDSAPublicKey.getX()), new ECFieldElement.Fp(q, eCDSAPublicKey.getY())), parameterSpec));
        Signature signature = Signature.getInstance("SHA256WITHECDSA", "BC");
        signature.initVerify(generatePublic);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public static boolean verifySignatureES256(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        Signature signature = Signature.getInstance("SHA256WITHECDSA", "BC");
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public static boolean verifySignatureES384(byte[] bArr, byte[] bArr2, ECDSAPublicKey eCDSAPublicKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException, SignatureException {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(ECDSAEllipticCurve.P_384);
        BigInteger q = ((ECCurve.Fp) parameterSpec.getCurve()).getQ();
        PublicKey generatePublic = KeyFactory.getInstance("ECDSA", "BC").generatePublic(new ECPublicKeySpec(new ECPoint.Fp(parameterSpec.getCurve(), new ECFieldElement.Fp(q, eCDSAPublicKey.getX()), new ECFieldElement.Fp(q, eCDSAPublicKey.getY())), parameterSpec));
        Signature signature = Signature.getInstance("SHA384WITHECDSA", "BC");
        signature.initVerify(generatePublic);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public static boolean verifySignatureES384(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        Signature signature = Signature.getInstance("SHA384WITHECDSA", "BC");
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public static boolean verifySignatureES512(byte[] bArr, byte[] bArr2, ECDSAPublicKey eCDSAPublicKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException, SignatureException {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(ECDSAEllipticCurve.P_521);
        BigInteger q = ((ECCurve.Fp) parameterSpec.getCurve()).getQ();
        PublicKey generatePublic = KeyFactory.getInstance("ECDSA", "BC").generatePublic(new ECPublicKeySpec(new ECPoint.Fp(parameterSpec.getCurve(), new ECFieldElement.Fp(q, eCDSAPublicKey.getX()), new ECFieldElement.Fp(q, eCDSAPublicKey.getY())), parameterSpec));
        Signature signature = Signature.getInstance("SHA512WITHECDSA", "BC");
        signature.initVerify(generatePublic);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public static boolean verifySignatureES512(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        Signature signature = Signature.getInstance("SHA512WITHECDSA", "BC");
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    @Deprecated
    public static org.xdi.oxauth.model.crypto.PublicKey getPublicKey(String str, String str2, SignatureAlgorithm signatureAlgorithm, String str3) {
        org.xdi.oxauth.model.crypto.PublicKey publicKey = null;
        try {
            publicKey = getPublicKeyOldImpl(str, str2, signatureAlgorithm, str3);
        } catch (Exception e) {
        }
        if (publicKey == null) {
            publicKey = getPublicKey(str, str2, str3);
        }
        return publicKey;
    }

    @Deprecated
    private static org.xdi.oxauth.model.crypto.PublicKey getPublicKeyOldImpl(String str, String str2, SignatureAlgorithm signatureAlgorithm, String str3) {
        log.debug("Retrieving JWK...");
        org.xdi.oxauth.model.crypto.PublicKey publicKey = null;
        try {
            if (org.apache.commons.lang.StringUtils.isBlank(str2)) {
                ClientRequest clientRequest = new ClientRequest(str);
                clientRequest.setHttpMethod("GET");
                ClientResponse clientResponse = clientRequest.get(String.class);
                int status = clientResponse.getStatus();
                log.debug(String.format("Status: %n%d", Integer.valueOf(status)));
                if (status == 200) {
                    str2 = (String) clientResponse.getEntity(String.class);
                    log.debug(String.format("JWK: %s", str2));
                }
            }
            if (org.apache.commons.lang.StringUtils.isNotBlank(str2)) {
                JSONArray jSONArray = new JSONObject(str2).getJSONArray(JWKParameter.JSON_WEB_KEY_SET);
                if (jSONArray.length() > 0) {
                    JSONObject jSONObject = null;
                    if (!StringHelper.isEmpty(str3)) {
                        int i = 0;
                        while (true) {
                            if (i >= jSONArray.length()) {
                                break;
                            }
                            JSONObject jSONObject2 = jSONArray.getJSONObject(i);
                            if (jSONObject2.get("kid").equals(str3)) {
                                jSONObject = jSONObject2;
                                break;
                            }
                            i++;
                        }
                    } else {
                        jSONObject = jSONArray.getJSONObject(0);
                    }
                    if (jSONObject == null) {
                        return null;
                    }
                    if (signatureAlgorithm == SignatureAlgorithm.RS256 || signatureAlgorithm == SignatureAlgorithm.RS384 || signatureAlgorithm == SignatureAlgorithm.RS512) {
                        publicKey = new RSAPublicKey(new BigInteger(1, base64urldecode(jSONObject.getString(JWKParameter.MODULUS))), new BigInteger(1, base64urldecode(jSONObject.getString(JWKParameter.EXPONENT))));
                    } else if (signatureAlgorithm == SignatureAlgorithm.ES256 || signatureAlgorithm == SignatureAlgorithm.ES384 || signatureAlgorithm == SignatureAlgorithm.ES512) {
                        publicKey = new ECDSAPublicKey(signatureAlgorithm, new BigInteger(1, base64urldecode(jSONObject.getString(JWKParameter.X))), new BigInteger(1, base64urldecode(jSONObject.getString(JWKParameter.Y))));
                    }
                    if (publicKey != null && jSONObject.has(JWKParameter.X5C)) {
                        publicKey.setCertificate(new Certificate(signatureAlgorithm, (X509CertificateObject) new PEMReader(new StringReader("-----BEGIN CERTIFICATE-----\n" + jSONObject.getJSONArray(JWKParameter.X5C).getString(0) + IOUtils.LINE_SEPARATOR_UNIX + "-----END CERTIFICATE-----")).readObject()));
                    }
                }
            }
        } catch (JSONException e) {
            log.error(e.getMessage(), e);
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
        }
        return publicKey;
    }

    public static JSONObject getJsonKey(String str, String str2, String str3) {
        log.debug("Retrieving JWK Key...");
        JSONObject jSONObject = null;
        try {
            if (org.apache.commons.lang.StringUtils.isBlank(str2)) {
                ClientRequest clientRequest = new ClientRequest(str);
                clientRequest.setHttpMethod("GET");
                ClientResponse clientResponse = clientRequest.get(String.class);
                int status = clientResponse.getStatus();
                log.debug(String.format("Status: %n%d", Integer.valueOf(status)));
                if (status == 200) {
                    str2 = (String) clientResponse.getEntity(String.class);
                    log.debug(String.format("JWK: %s", str2));
                }
            }
            if (org.apache.commons.lang.StringUtils.isNotBlank(str2)) {
                JSONArray jSONArray = new JSONObject(str2).getJSONArray(JWKParameter.JSON_WEB_KEY_SET);
                if (jSONArray.length() > 0) {
                    if (!StringHelper.isEmpty(str3)) {
                        int i = 0;
                        while (true) {
                            if (i >= jSONArray.length()) {
                                break;
                            }
                            JSONObject jSONObject2 = jSONArray.getJSONObject(i);
                            if (jSONObject2.getString(JWKParameter.JWKS_KEY_ID).equals(str3)) {
                                jSONObject = jSONObject2;
                                break;
                            }
                            i++;
                        }
                    } else {
                        jSONObject = jSONArray.getJSONObject(0);
                    }
                }
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
        return jSONObject;
    }

    public static org.xdi.oxauth.model.crypto.PublicKey getPublicKey(String str, String str2, String str3) {
        SignatureAlgorithm fromName;
        log.debug("Retrieving JWK Public Key...");
        JSONObject jsonKey = getJsonKey(str, str2, str3);
        if (jsonKey == null) {
            return null;
        }
        org.xdi.oxauth.model.crypto.PublicKey publicKey = null;
        try {
            fromName = SignatureAlgorithm.fromName(jsonKey.getString(JWKParameter.JWKS_ALGORITHM));
        } catch (JSONException e) {
            log.error(e.getMessage(), e);
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
        }
        if (fromName == null) {
            log.error(String.format("Failed to determine key '%s' signature algorithm", str3));
            return null;
        }
        JSONObject jSONObject = jsonKey.getJSONObject(JWKParameter.PUBLIC_KEY);
        if (fromName == SignatureAlgorithm.RS256 || fromName == SignatureAlgorithm.RS384 || fromName == SignatureAlgorithm.RS512) {
            publicKey = new RSAPublicKey(new BigInteger(1, base64urldecode(jSONObject.getString("modulus"))), new BigInteger(1, base64urldecode(jSONObject.getString(JWKParameter.PUBLIC_EXPONENT))));
        } else if (fromName == SignatureAlgorithm.ES256 || fromName == SignatureAlgorithm.ES384 || fromName == SignatureAlgorithm.ES512) {
            publicKey = new ECDSAPublicKey(fromName, new BigInteger(1, base64urldecode(jSONObject.getString(JWKParameter.X))), new BigInteger(1, base64urldecode(jSONObject.getString(JWKParameter.Y))));
        }
        if (publicKey != null && jSONObject.has(JWKParameter.X5C)) {
            PEMReader pEMReader = new PEMReader(new StringReader("-----BEGIN CERTIFICATE-----\n" + jSONObject.getJSONArray(JWKParameter.X5C).getString(0) + IOUtils.LINE_SEPARATOR_UNIX + "-----END CERTIFICATE-----"));
            try {
                publicKey.setCertificate(new Certificate(fromName, (X509CertificateObject) pEMReader.readObject()));
                pEMReader.close();
            } catch (Throwable th) {
                pEMReader.close();
                throw th;
            }
        }
        return publicKey;
    }

    public static org.xdi.oxauth.model.crypto.PrivateKey getPrivateKey(String str, String str2, String str3) {
        SignatureAlgorithm fromName;
        String string;
        log.debug("Retrieving JWK Private Key...");
        JSONObject jsonKey = getJsonKey(str, str2, str3);
        if (jsonKey == null) {
            return null;
        }
        org.xdi.oxauth.model.crypto.PrivateKey privateKey = null;
        try {
            fromName = SignatureAlgorithm.fromName(jsonKey.getString(JWKParameter.JWKS_ALGORITHM));
            string = jsonKey.getString(JWKParameter.JWKS_KEY_ID);
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
        if (fromName == null) {
            log.error(String.format("Failed to determine key '%s' signature algorithm", string));
            return null;
        }
        JSONObject jSONObject = jsonKey.getJSONObject(JWKParameter.PRIVATE_KEY);
        if (fromName == SignatureAlgorithm.RS256 || fromName == SignatureAlgorithm.RS384 || fromName == SignatureAlgorithm.RS512) {
            privateKey = new RSAPrivateKey(new BigInteger(1, base64urldecode(jSONObject.getString("modulus"))), new BigInteger(1, base64urldecode(jSONObject.getString(JWKParameter.PRIVATE_EXPONENT))));
        } else if (fromName == SignatureAlgorithm.ES256 || fromName == SignatureAlgorithm.ES384 || fromName == SignatureAlgorithm.ES512) {
            privateKey = new ECDSAPrivateKey(new BigInteger(1, base64urldecode(jSONObject.getString(JWKParameter.D))));
        }
        if (privateKey != null) {
            privateKey.setSignatureAlgorithm(fromName);
            privateKey.setKeyId(string);
        }
        return privateKey;
    }
}
