package net.netca.pki.encoding.json.jose;

import com.tencent.open.SocialOperation;
import com.tencent.smtt.sdk.TbsVideoCacheTask;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.Base64Url;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.json.JSON;
import net.netca.pki.encoding.json.JSONArray;
import net.netca.pki.encoding.json.JSONBoolean;
import net.netca.pki.encoding.json.JSONObject;
import net.netca.pki.encoding.json.JSONString;

/* loaded from: classes3.dex */
public class JWS {
    public static final int CERTID_TYPE_NONE = 0;
    public static final int CERTID_TYPE_X5C = 1;
    public static final int CERTID_TYPE_X5C_ONLY_CERT = 2;
    public static final int CERTID_TYPE_X5T = 3;
    public static final int CERTID_TYPE_X5T_S256 = 4;
    public static final int COMPACT_SERIALIZATION = 1;
    public static final String ECDSA_SHA256 = "ES256";
    public static final String ECDSA_SHA384 = "ES384";
    public static final String ECDSA_SHA512 = "ES512";
    public static final int FLAG_DETACHED = 1;
    public static final int FLAG_USE_UNENCODED_PAYLOAD = 2;
    public static final String HMAC_SHA256 = "HS256";
    public static final String HMAC_SHA384 = "HS384";
    public static final String HMAC_SHA512 = "HS512";
    public static final String HMAC_SM3 = "HSM3";
    public static final int JSON_SERIALIZATION = 2;
    public static final String RSASSA_PSS_256 = "PS256";
    public static final String RSASSA_PSS_384 = "PS384";
    public static final String RSASSA_PSS_512 = "PS512";
    public static final String RSA_SHA256 = "RS256";
    public static final String RSA_SHA384 = "RS384";
    public static final String RSA_SHA512 = "RS512";
    public static final String SM2_SM3 = "SM2_1";
    private int flag;
    private IHash hashInterface;
    private IMac macImpl;
    private byte[] payloadDataEncodeByte;
    private String payloadEncode;
    private ArrayList<JWSSignerInfo> signerlist;
    private int type;
    private IJWSVerify verifyImpl;

    public JWS(int i2, int i3, byte[] bArr) throws PkiException {
        this.signerlist = new ArrayList<>();
        this.payloadEncode = null;
        this.payloadDataEncodeByte = null;
        this.hashInterface = null;
        this.flag = 0;
        if (i2 != 1 && i2 != 2) {
            throw new PkiException("type invalid " + i2);
        }
        this.type = i2;
        this.flag = i3;
        setPayload(bArr);
    }

    public JWS(int i2, String str) throws PkiException {
        this.signerlist = new ArrayList<>();
        this.payloadEncode = null;
        this.payloadDataEncodeByte = null;
        this.hashInterface = null;
        this.flag = 0;
        if (i2 == 1) {
            initWithCompactSerialization(str);
        } else if (i2 == 2) {
            initJsonSerialization(str);
        }
        this.type = i2;
        byte[] bArr = this.payloadDataEncodeByte;
        if (bArr == null || bArr.length == 0) {
            this.flag |= 1;
        }
    }

    private void checkCritHeaderParameter(Header header, Header header2) {
        JSON headerJsonValue = header.getHeaderJsonValue(HeaderParameterNames.CRITICAL);
        if (headerJsonValue != null && (headerJsonValue instanceof JSONArray)) {
            JSONArray jSONArray = (JSONArray) headerJsonValue;
            for (int i2 = 0; i2 < jSONArray.size(); i2++) {
                if ((jSONArray.get(i2) instanceof JSONString) && ((JSONString) jSONArray.get(i2)).getString().equals(HeaderParameterNames.BASE64URL_ENCODE_PAYLOAD)) {
                    checkUnencodedPayload(header, header2);
                }
            }
        }
    }

    private void checkUnencodedPayload(Header header, Header header2) {
        if ((header.getHeaderJsonValue(HeaderParameterNames.BASE64URL_ENCODE_PAYLOAD) instanceof JSONBoolean) && !((JSONBoolean) header.getHeaderJsonValue(HeaderParameterNames.BASE64URL_ENCODE_PAYLOAD)).isTrue()) {
            this.flag |= 2;
        }
        if (header2 == null || !(header2.getHeaderJsonValue(HeaderParameterNames.BASE64URL_ENCODE_PAYLOAD) instanceof JSONBoolean) || ((JSONBoolean) header2.getHeaderJsonValue(HeaderParameterNames.BASE64URL_ENCODE_PAYLOAD)).isTrue()) {
            return;
        }
        this.flag |= 2;
    }

    public static JWS decode(int i2, String str) throws PkiException {
        return new JWS(i2, str);
    }

    public static JWS decode(int i2, byte[] bArr) throws PkiException {
        try {
            return decode(i2, new String(bArr, "UTF-8"));
        } catch (Exception unused) {
            throw new PkiException("UTF-8 encode Fail");
        }
    }

    private String getCompactSerialization() throws PkiException {
        JWSSignerInfo jWSSignerInfo = this.signerlist.get(0);
        StringBuilder sb = new StringBuilder();
        sb.append(jWSSignerInfo.getProtectHeaderEncode());
        sb.append(".");
        if ((this.flag & 1) == 0) {
            sb.append(this.payloadEncode);
        }
        sb.append(".");
        sb.append(jWSSignerInfo.getSignatureEncode());
        return sb.toString();
    }

    private String getFlattenedJSONSerialization() throws PkiException {
        JWSSignerInfo jWSSignerInfo = this.signerlist.get(0);
        JSONObject jSONObject = new JSONObject();
        if ((this.flag & 1) == 0) {
            jSONObject.add("payload", new JSONString(this.payloadEncode));
        }
        jSONObject.add("protected", new JSONString(jWSSignerInfo.getProtectHeaderEncode()));
        if (jWSSignerInfo.getUnProtectHeader() != null && jWSSignerInfo.getUnProtectHeader().getJSONObject() != null) {
            jSONObject.add(TbsVideoCacheTask.KEY_VIDEO_CACHE_PARAM_HEADER, jWSSignerInfo.getUnProtectHeader().getJSONObject());
        }
        jSONObject.add(SocialOperation.GAME_SIGNATURE, new JSONString(jWSSignerInfo.getSignatureEncode()));
        return Utils.getNormalJSONString(jSONObject);
    }

    private String getJSONSerialization() throws PkiException {
        JSONObject jSONObject = new JSONObject();
        if ((this.flag & 1) == 0) {
            jSONObject.add("payload", new JSONString(this.payloadEncode));
        }
        JSONArray jSONArray = new JSONArray();
        int size = this.signerlist.size();
        for (int i2 = 0; i2 < size; i2++) {
            JWSSignerInfo jWSSignerInfo = this.signerlist.get(i2);
            if (!jWSSignerInfo.isSign()) {
                throw new PkiException("exsit signer(s) no sign!");
            }
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.add("protected", new JSONString(jWSSignerInfo.getProtectHeaderEncode()));
            if (jWSSignerInfo.getUnProtectHeader() != null && jWSSignerInfo.getUnProtectHeader().getJSONObject() != null) {
                jSONObject2.add(TbsVideoCacheTask.KEY_VIDEO_CACHE_PARAM_HEADER, jWSSignerInfo.getUnProtectHeader().getJSONObject());
            }
            jSONObject2.add(SocialOperation.GAME_SIGNATURE, new JSONString(jWSSignerInfo.getSignatureEncode()));
            jSONArray.add(jSONObject2);
        }
        jSONObject.add("signatures", jSONArray);
        return Utils.getNormalJSONString(jSONObject);
    }

    private void getSignerInfoFromJsonSerialization(JSON json) throws PkiException {
        Header header;
        String str;
        if (!(json instanceof JSONObject)) {
            throw new PkiException("signer node  no JSONObject!");
        }
        JSONObject jSONObject = (JSONObject) json;
        JSON value = jSONObject.getValue("protected");
        JSON value2 = jSONObject.getValue(TbsVideoCacheTask.KEY_VIDEO_CACHE_PARAM_HEADER);
        Header header2 = value2 instanceof JSONObject ? new Header((JSONObject) value2) : null;
        if (value == null) {
            header = new Header();
            str = "";
        } else {
            if (!(value instanceof JSONString)) {
                throw new PkiException("one signature object no header or protected object!");
            }
            str = ((JSONString) value).getString();
            try {
                JSON decode = JSON.decode(new String(Base64Url.decode(false, true, str), "UTF-8"));
                if (decode == null || !(decode instanceof JSONObject)) {
                    throw new PkiException("protectedHeader is no JSONObject!");
                }
                header = new Header((JSONObject) decode);
                if (!header.haveHeaderParam(HeaderParameterNames.ALGORITHM) && header2 != null && !header2.haveHeaderParam(HeaderParameterNames.ALGORITHM)) {
                    throw new PkiException("protectedHeader header no algo!");
                }
            } catch (UnsupportedEncodingException unused) {
                throw new PkiException("protetedHeader no UTF-8 encode !");
            }
        }
        JSON value3 = jSONObject.getValue(SocialOperation.GAME_SIGNATURE);
        if (!(value3 instanceof JSONString)) {
            throw new PkiException("signature node is no JSONString!");
        }
        addSingerInfo(new JWSSignerInfo(header, str, header2, Base64Url.decode(false, true, ((JSONString) value3).getString())));
    }

    private void initJsonSerialization(String str) throws PkiException {
        JSON decode = JSON.decode(str);
        if (!(decode instanceof JSONObject)) {
            throw new PkiException("bad json object string!");
        }
        JSONObject jSONObject = (JSONObject) decode;
        JSON value = jSONObject.getValue("signatures");
        JSON value2 = jSONObject.getValue(SocialOperation.GAME_SIGNATURE);
        if (value == null && value2 == null) {
            throw new PkiException("json no signature(s) node!");
        }
        if (value != null && value2 != null) {
            throw new PkiException("json have signature and signatures node!");
        }
        if (value2 != null) {
            getSignerInfoFromJsonSerialization(jSONObject);
        } else {
            if (!(value instanceof JSONArray)) {
                throw new PkiException("signatures object is not arrayobject!");
            }
            JSONArray jSONArray = (JSONArray) value;
            int size = jSONArray.size();
            if (size <= 0) {
                throw new PkiException("signatures size is zero!");
            }
            for (int i2 = 0; i2 < size; i2++) {
                getSignerInfoFromJsonSerialization(jSONArray.get(i2));
            }
        }
        if (getSignerCount() == 0) {
            throw new PkiException("signer count is zero!");
        }
        checkCritHeaderParameter(getSignerInfo(0).getProtectHeader(), getSignerInfo(0).getUnProtectHeader());
        JSON value3 = jSONObject.getValue("payload");
        if (!(value3 instanceof JSONString)) {
            this.payloadEncode = "";
            this.payloadDataEncodeByte = null;
            this.flag |= 1;
            return;
        }
        JSONString jSONString = (JSONString) value3;
        if ((this.flag & 2) == 0 && !Utils.checkBase64Url(jSONString.getString())) {
            throw new PkiException("JWS payload is no base64url encode!");
        }
        String string = jSONString.getString();
        this.payloadEncode = string;
        try {
            this.payloadDataEncodeByte = string.getBytes("US-ASCII");
        } catch (UnsupportedEncodingException unused) {
            throw new PkiException("payloadData getBytes  US-ASCII Fail!");
        }
    }

    private Header initProtectedHeader(String str) throws PkiException {
        try {
            try {
                JSON decode = JSON.decode(new String(Base64Url.decode(false, true, str), "UTF-8"));
                if (decode == null || !(decode instanceof JSONObject)) {
                    throw new PkiException("JWS protectedHeader not a JSON Object!");
                }
                return new Header((JSONObject) decode);
            } catch (UnsupportedEncodingException unused) {
                throw new PkiException("JWS protectedHeader not UTF-8 encode!");
            }
        } catch (PkiException unused2) {
            throw new PkiException("JWS protectedHeader not base64url encode!");
        }
    }

    private void initWithCompactSerialization(String str) throws PkiException {
        String[] split = str.split("\\.");
        if (split.length != 3) {
            throw new PkiException("JWS CompactEncode Invalid!");
        }
        String str2 = split[0];
        Header initProtectedHeader = initProtectedHeader(str2);
        String headerStringValue = initProtectedHeader.getHeaderStringValue(HeaderParameterNames.ALGORITHM);
        if (headerStringValue == null || headerStringValue.length() == 0) {
            throw new PkiException("JWS no  algo header params!");
        }
        checkCritHeaderParameter(initProtectedHeader, null);
        if ((this.flag & 2) == 0 && !Utils.checkBase64Url(split[1])) {
            throw new PkiException("JWS payload is no base64url encode!");
        }
        String str3 = split[1];
        this.payloadEncode = str3;
        byte[] aSCIIArrayFromString = Utils.getASCIIArrayFromString(str3);
        this.payloadDataEncodeByte = aSCIIArrayFromString;
        if (aSCIIArrayFromString == null) {
            throw new PkiException("payloadData getBytes  US-ASCII Fail!");
        }
        addSingerInfo(new JWSSignerInfo(initProtectedHeader, str2, null, Base64Url.decode(false, true, split[2])));
    }

    public JWS addSingerInfo(JWSSignerInfo jWSSignerInfo) {
        this.signerlist.add(jWSSignerInfo);
        return this;
    }

    public boolean checkCompactUnencodedPayload(byte[] bArr) {
        for (int i2 = 0; i2 < bArr.length; i2++) {
            int i3 = bArr[i2] & 255;
            if (i3 < 32 || i3 > 126 || bArr[i2] == 46) {
                return false;
            }
        }
        return true;
    }

    public String encode() throws PkiException {
        if (this.signerlist.size() != 0) {
            return this.type == 1 ? getCompactSerialization() : this.signerlist.size() == 1 ? getFlattenedJSONSerialization() : getJSONSerialization();
        }
        throw new PkiException("no signer cannot  encode!");
    }

    public int getCritHeaderCount(int i2) throws PkiException {
        JWSSignerInfo signerInfo = getSignerInfo(i2);
        JSON headerJsonValue = signerInfo.getProtectHeader().getHeaderJsonValue(HeaderParameterNames.CRITICAL);
        if (!(headerJsonValue == null && (signerInfo.getUnProtectHeader() == null || (headerJsonValue = signerInfo.getUnProtectHeader().getHeaderJsonValue(HeaderParameterNames.CRITICAL)) == null)) && (headerJsonValue instanceof JSONArray)) {
            return ((JSONArray) headerJsonValue).size();
        }
        return 0;
    }

    public JSON getCritHeaderValue(int i2, int i3) throws PkiException {
        JWSSignerInfo signerInfo = getSignerInfo(i2);
        JSON headerJsonValue = signerInfo.getProtectHeader().getHeaderJsonValue(HeaderParameterNames.CRITICAL);
        if ((headerJsonValue == null && (signerInfo.getUnProtectHeader() == null || (headerJsonValue = signerInfo.getUnProtectHeader().getHeaderJsonValue(HeaderParameterNames.CRITICAL)) == null)) || !(headerJsonValue instanceof JSONArray)) {
            return null;
        }
        JSONArray jSONArray = (JSONArray) headerJsonValue;
        if (jSONArray.size() <= i3 || i3 < 0) {
            throw new PkiException("crit index out of range!");
        }
        return jSONArray.get(i3);
    }

    public int getFlag() {
        return this.flag;
    }

    public byte[] getPayload() throws PkiException {
        if ((this.flag & 2) != 0) {
            return this.payloadDataEncodeByte;
        }
        if (this.payloadEncode.length() == 0) {
            return null;
        }
        try {
            return Base64Url.decode(false, true, this.payloadEncode);
        } catch (PkiException e2) {
            throw new PkiException("payloadEncode decode fail," + e2);
        }
    }

    public int getSignerCount() {
        return this.signerlist.size();
    }

    public JWSSignerInfo getSignerInfo(int i2) throws PkiException {
        if (i2 < 0 || i2 >= this.signerlist.size()) {
            throw new PkiException("signer index out of range!");
        }
        return this.signerlist.get(i2);
    }

    public byte[] getSigningInput(String str) throws PkiException {
        if (getPayload() == null) {
            throw new PkiException("no payload data!");
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(str.getBytes("US-ASCII"));
            byteArrayOutputStream.write(46);
            byteArrayOutputStream.write(this.payloadDataEncodeByte);
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e2) {
            throw new PkiException("getSignInputByte ByteArrayOutputStream error ", e2);
        }
    }

    public int getType() {
        return this.type;
    }

    public JWS setHashImplement(IHash iHash) {
        this.hashInterface = iHash;
        return this;
    }

    public JWS setMacImplement(IMac iMac) {
        this.macImpl = iMac;
        return this;
    }

    public JWS setPayload(byte[] bArr) throws PkiException {
        if (bArr == null) {
            throw new PkiException("payloadData data is empty!");
        }
        if (getSignerCount() > 1) {
            throw new PkiException("has mul sign jws ,don't set payload!");
        }
        int i2 = this.flag;
        if ((i2 & 2) != 0) {
            if ((i2 & 1) == 0) {
                if (this.type != 1) {
                    String uTF8String = Utils.getUTF8String(bArr);
                    this.payloadEncode = uTF8String;
                    if (uTF8String == null) {
                        throw new PkiException("payloadData no valid JSONUnencodedPayload!");
                    }
                } else {
                    if (!checkCompactUnencodedPayload(bArr)) {
                        throw new PkiException("payloadData no valid CompactUnencodedPayload!");
                    }
                    String aSCIIString = Utils.getASCIIString(bArr);
                    this.payloadEncode = aSCIIString;
                    if (aSCIIString == null) {
                        throw new PkiException("payloadData no valid CompactUnencodedPayload!");
                    }
                }
            }
            this.payloadDataEncodeByte = bArr;
        } else {
            String encode = Base64Url.encode(false, false, 0, null, bArr, 0, bArr.length);
            this.payloadEncode = encode;
            this.payloadDataEncodeByte = Utils.getASCIIArrayFromString(encode);
        }
        return this;
    }

    public JWS setVerifyImplement(IJWSVerify iJWSVerify) {
        this.verifyImpl = iJWSVerify;
        return this;
    }

    public boolean verifyMac(int i2, byte[] bArr) throws PkiException {
        if (this.macImpl == null) {
            throw new PkiException("no set IMac implement!");
        }
        if (getPayload() == null) {
            throw new PkiException("no payload data!");
        }
        JWSSignerInfo signerInfo = getSignerInfo(i2);
        if (!signerInfo.isSign()) {
            throw new PkiException("current signer no mac!");
        }
        byte[] mac = this.macImpl.mac(signerInfo.getAlgo(), getSigningInput(signerInfo.getProtectHeaderEncode()), bArr);
        return Base64Url.encode(false, false, 0, null, mac, 0, mac.length).equals(signerInfo.getSignatureEncode());
    }

    public boolean verifySignature(int i2, X509Certificate x509Certificate) throws PkiException {
        if (this.verifyImpl == null) {
            throw new PkiException("no set IJWSVerify implement!");
        }
        if (getPayload() == null) {
            throw new PkiException("no payload data!");
        }
        JWSSignerInfo signerInfo = getSignerInfo(i2);
        if (!signerInfo.isSign()) {
            throw new PkiException("current signer no sign!");
        }
        X509Certificate checkSignCert = signerInfo.checkSignCert(x509Certificate, this.hashInterface);
        if (checkSignCert == null) {
            throw new PkiException("cannot find signer cert!");
        }
        return this.verifyImpl.verifySignature(checkSignCert.getSubjectPublicKeyInfo(), signerInfo.getAlgo(), getSigningInput(signerInfo.getProtectHeaderEncode()), signerInfo.getSignature());
    }
}
