package swim.security;

import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAKey;
import swim.codec.Output;
import swim.recon.Recon;
import swim.structure.Attr;
import swim.structure.Data;
import swim.structure.Item;
import swim.structure.Record;
import swim.structure.Slot;
import swim.structure.Text;
import swim.structure.Value;

/* loaded from: input_file:swim/security/ReconSignature.class */
public class ReconSignature {
    protected final Value payload;
    protected final Value protectedHeader;
    protected final Value signatureHeader;

    public ReconSignature(Value value, Value value2, Value value3) {
        this.payload = value;
        this.protectedHeader = value2;
        this.signatureHeader = value3;
    }

    public final Value payload() {
        return this.payload;
    }

    public final Value protectedHeader() {
        return this.protectedHeader;
    }

    public final Value signatureHeader() {
        return this.signatureHeader;
    }

    public Data hash() {
        Data data = this.signatureHeader.get("hash");
        if (data instanceof Data) {
            return data;
        }
        return null;
    }

    protected Data signingInput() {
        Output output = Data.output();
        Recon.modelWriter().writeValue(this.payload, output);
        Recon.modelWriter().writeAttr(Text.from("protected"), this.protectedHeader, output);
        return (Data) output.bind();
    }

    public boolean verifySignature(PublicKey publicKey) {
        try {
            return verifyRsaSignature(Signature.getInstance(algorithm(publicKey)), publicKey);
        } catch (GeneralSecurityException e) {
            return false;
        }
    }

    public boolean verifyRsaSignature(Signature signature, PublicKey publicKey) {
        try {
            signature.initVerify(publicKey);
            signature.update(signingInput().asByteBuffer());
            Data hash = hash();
            return signature.verify(hash.asByteArray(), 0, hash.size());
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public Value toValue() {
        Value value = this.payload;
        if (this.protectedHeader.isDefined()) {
            value = value.concat(Attr.of("protected", this.protectedHeader));
        }
        return value.concat(Attr.of("signature", this.signatureHeader));
    }

    public static ReconSignature from(Value value) {
        if (!(value instanceof Record)) {
            return null;
        }
        Record record = (Record) value;
        Item item = record.get(record.length() - 1);
        if (!"signature".equals(item.key().stringValue())) {
            return null;
        }
        record.remove(record.length() - 1);
        Item item2 = record.get(record.length() - 1);
        if ("protected".equals(item2.key().stringValue())) {
            record.remove(record.length() - 1);
        } else {
            item2 = Value.absent();
        }
        return new ReconSignature(record, item2.toValue(), item.toValue());
    }

    public static ReconSignature parse(String str) {
        return from(Recon.parse(str));
    }

    public static ReconSignature signRsa(Signature signature, PrivateKey privateKey, Value value, Value value2, Value value3) {
        Output output = Data.output();
        Recon.modelWriter().writeValue(value, output);
        Recon.modelWriter().writeAttr(Text.from("protected"), value2, output);
        Data data = (Data) output.bind();
        try {
            signature.initSign(privateKey);
            signature.update(data.asByteBuffer());
            Data wrap = Data.wrap(signature.sign());
            return new ReconSignature(value, value2, value3.isDefined() ? value3.concat(Slot.of("hash", wrap)) : Record.of(Slot.of("hash", wrap)));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public static ReconSignature signRsa(PrivateKey privateKey, Value value, Value value2, Value value3) {
        try {
            return signRsa(Signature.getInstance(algorithm(privateKey)), privateKey, value, value2, value3);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public static ReconSignature sign(PrivateKey privateKey, Value value, Value value2, Value value3) {
        if (privateKey instanceof RSAKey) {
            return signRsa(privateKey, value, value2, value3);
        }
        throw new IllegalArgumentException("unsupported signing key type");
    }

    private static String rsaAlgorithm(RSAKey rSAKey) {
        return "SHA256withRSA";
    }

    private static String algorithm(Key key) {
        if (key instanceof RSAKey) {
            return rsaAlgorithm((RSAKey) key);
        }
        return null;
    }
}
