package swim.security;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
import java.util.Iterator;
import javax.crypto.Mac;
import swim.codec.Base64;
import swim.codec.Binary;
import swim.codec.Debug;
import swim.codec.Decoder;
import swim.codec.Diagnostic;
import swim.codec.Format;
import swim.codec.Input;
import swim.codec.Output;
import swim.codec.Parser;
import swim.codec.Unicode;
import swim.codec.Utf8;
import swim.codec.Writer;
import swim.collections.FingerTrieSeq;
import swim.collections.HashTrieSet;
import swim.json.Json;
import swim.structure.Data;
import swim.structure.Form;
import swim.structure.Item;
import swim.structure.Num;
import swim.structure.Record;
import swim.structure.Value;
import swim.util.Murmur3;

/* loaded from: input_file:swim/security/JsonWebSignature.class */
public class JsonWebSignature implements Debug {
    protected final Value unprotectedHeader;
    protected final Value protectedHeader;
    protected final Data signingInput;
    protected final Data payloadData;
    protected final Data signatureData;
    private static int hashSeed;

    public JsonWebSignature(Value value, Value value2, Data data, Data data2, Data data3) {
        this.unprotectedHeader = value.commit();
        this.protectedHeader = value2.commit();
        this.signingInput = data;
        this.payloadData = data2;
        this.signatureData = data3;
    }

    public final Value unprotectedHeader() {
        return this.unprotectedHeader;
    }

    public JsonWebSignature unprotectedHeader(Value value) {
        return new JsonWebSignature(value, this.protectedHeader, this.signingInput, this.payloadData, this.signatureData);
    }

    public final Value protectedHeader() {
        return this.protectedHeader;
    }

    public final Data signingInput() {
        return this.signingInput;
    }

    public final Data payloadData() {
        return this.payloadData;
    }

    public final <T> T payload(Decoder<T> decoder) {
        Decoder feed = decoder.feed(this.payloadData.toInputBuffer());
        if (feed.isDone()) {
            return (T) feed.bind();
        }
        Throwable trap = feed.trap();
        if (trap instanceof RuntimeException) {
            throw ((RuntimeException) trap);
        }
        throw new RuntimeException(trap);
    }

    public final <T> T payload(Form<T> form) {
        return (T) payload(Json.formDecoder(form));
    }

    public final Value payload() {
        return (Value) payload(Form.forValue());
    }

    public final Data signatureData() {
        return this.signatureData;
    }

    public Value get(String str) {
        Value value = this.protectedHeader.get(str);
        if (!value.isDefined()) {
            value = this.unprotectedHeader.get(str);
        }
        return value;
    }

    public String algorithm() {
        return get("alg").stringValue((String) null);
    }

    public String jsonWebKeySetUrl() {
        return get("jku").stringValue((String) null);
    }

    public JsonWebKey jsonWebKey() {
        return JsonWebKey.from(get("jwk"));
    }

    public String keyId() {
        return get("kid").stringValue((String) null);
    }

    public String x509Url() {
        return get("x5u").stringValue((String) null);
    }

    public FingerTrieSeq<String> x509CertificateChain() {
        FingerTrieSeq<String> empty = FingerTrieSeq.empty();
        Iterator it = get("x5c").iterator();
        while (it.hasNext()) {
            String stringValue = ((Item) it.next()).stringValue((String) null);
            if (stringValue != null) {
                empty = empty.appended(stringValue);
            }
        }
        return empty;
    }

    public String x509Sha1Thumbprint() {
        return get("x5t").stringValue((String) null);
    }

    public String x509Sha256Thumbprint() {
        return get("x5t#S256").stringValue((String) null);
    }

    public String type() {
        return get("typ").stringValue((String) null);
    }

    public String contentType() {
        return get("cty").stringValue((String) null);
    }

    public HashTrieSet<String> critical() {
        HashTrieSet<String> empty = HashTrieSet.empty();
        Iterator it = get("crit").iterator();
        while (it.hasNext()) {
            String stringValue = ((Item) it.next()).stringValue((String) null);
            if (stringValue != null) {
                empty = empty.added(stringValue);
            }
        }
        return empty;
    }

    public boolean verifyMac(Key key) {
        String algorithm = algorithm();
        try {
            if ("HS256".equals(algorithm)) {
                return verifyMac(Mac.getInstance("HmacSHA256"), key);
            }
            if ("HS384".equals(algorithm)) {
                return verifyMac(Mac.getInstance("HmacSHA384"), key);
            }
            if ("HS512".equals(algorithm)) {
                return verifyMac(Mac.getInstance("HmacSHA512"), key);
            }
            return false;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public boolean verifyMac(Mac mac, Key key) {
        try {
            mac.init(key);
            mac.update(this.signingInput.asByteBuffer());
            return compareSignatureData(Data.wrap(mac.doFinal()), this.signatureData);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public boolean verifySignature(PublicKey publicKey) {
        String algorithm = algorithm();
        try {
            if ("ES256".equals(algorithm)) {
                return verifyECDSASignature(Signature.getInstance("SHA256withECDSA"), publicKey);
            }
            if ("ES384".equals(algorithm)) {
                return verifyECDSASignature(Signature.getInstance("SHA384withECDSA"), publicKey);
            }
            if ("ES512".equals(algorithm)) {
                return verifyECDSASignature(Signature.getInstance("SHA512withECDSA"), publicKey);
            }
            if ("RS256".equals(algorithm)) {
                return verifyRSASignature(Signature.getInstance("SHA256withRSA"), publicKey);
            }
            if ("RS384".equals(algorithm)) {
                return verifyRSASignature(Signature.getInstance("SHA384withRSA"), publicKey);
            }
            if ("RS512".equals(algorithm)) {
                return verifyRSASignature(Signature.getInstance("SHA512withRSA"), publicKey);
            }
            return false;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public boolean verifyRSASignature(Signature signature, PublicKey publicKey) {
        try {
            signature.initVerify(publicKey);
            signature.update(this.signingInput.asByteBuffer());
            return signature.verify(this.signatureData.asByteArray(), 0, this.signatureData.size());
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public boolean verifyECDSASignature(Signature signature, PublicKey publicKey) {
        Data derEncodeECDSASignature = derEncodeECDSASignature(this.signatureData);
        try {
            signature.initVerify(publicKey);
            signature.update(this.signingInput.asByteBuffer());
            return signature.verify(derEncodeECDSASignature.asByteArray(), 0, derEncodeECDSASignature.size());
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public Writer<?, JsonWebSignature> writeJws(Output<?> output) {
        return JsonWebSignatureWriter.write(output, this);
    }

    public String toJws() {
        Output<?> stringOutput = Unicode.stringOutput();
        writeJws(stringOutput);
        return (String) stringOutput.bind();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof JsonWebSignature)) {
            return false;
        }
        JsonWebSignature jsonWebSignature = (JsonWebSignature) obj;
        return this.unprotectedHeader.equals(jsonWebSignature.unprotectedHeader) && this.protectedHeader.equals(jsonWebSignature.protectedHeader) && this.signingInput.equals(jsonWebSignature.signingInput) && this.payloadData.equals(jsonWebSignature.payloadData) && this.signatureData.equals(jsonWebSignature.signatureData);
    }

    public int hashCode() {
        if (hashSeed == 0) {
            hashSeed = Murmur3.seed(JsonWebSignature.class);
        }
        return Murmur3.mash(Murmur3.mix(Murmur3.mix(Murmur3.mix(Murmur3.mix(Murmur3.mix(hashSeed, this.unprotectedHeader.hashCode()), this.protectedHeader.hashCode()), this.signingInput.hashCode()), this.payloadData.hashCode()), this.signatureData.hashCode()));
    }

    public void debug(Output<?> output) {
        output.write("JsonWebSignature").write(46).write("from").write(40).debug(this.unprotectedHeader).write(", ").debug(this.protectedHeader).write(", ").debug(this.signingInput).write(", ").debug(this.payloadData).write(", ").debug(this.signatureData).write(41);
    }

    public String toString() {
        return Format.debug(this);
    }

    public static JsonWebSignature from(Value value, Data data, Data data2, Data data3, Data data4) {
        return new JsonWebSignature(value, (Value) Json.structureParser().parseObject(Utf8.decodedInput(data2.toInputBuffer())).bind(), data, data3, data4);
    }

    public static JsonWebSignature from(Data data, Data data2, Data data3, Data data4) {
        return from(Value.absent(), data, data2, data3, data4);
    }

    public static JsonWebSignature from(Value value, Data data, Data data2, Data data3) {
        Output output = Data.output();
        Base64.urlUnpadded().writeByteBuffer(data.asByteBuffer(), output);
        output.write(46);
        Base64.urlUnpadded().writeByteBuffer(data2.asByteBuffer(), output);
        return from(value, (Data) output.bind(), data, data2, data3);
    }

    public static JsonWebSignature from(Data data, Data data2, Data data3) {
        return from(Value.absent(), data, data2, data3);
    }

    public static JsonWebSignature hmacSHA(Mac mac, Key key, Value value, Value value2, Data data, Data data2) {
        try {
            mac.init(key);
            mac.update(data.asByteBuffer());
            return new JsonWebSignature(value, value2, data, data2, Data.wrap(mac.doFinal()));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public static JsonWebSignature hmacSHA(Mac mac, Key key, Value value, Value value2, Data data) {
        Data data2 = Json.toData(value2);
        Output output = Data.output();
        Base64.urlUnpadded().writeByteBuffer(data2.asByteBuffer(), output);
        output.write(46);
        Base64.urlUnpadded().writeByteBuffer(data.asByteBuffer(), output);
        return hmacSHA(mac, key, value, value2, (Data) output.bind(), data);
    }

    public static JsonWebSignature hmacSHA(Key key, Value value, Value value2, Data data) {
        Record updatedSlot;
        Mac mac;
        String algorithm = key.getAlgorithm();
        try {
            if ("HmacSHA256".equals(algorithm)) {
                updatedSlot = value2.updatedSlot("alg", "HS256");
                mac = Mac.getInstance("HmacSHA256");
            } else if ("HmacSHA384".equals(algorithm)) {
                updatedSlot = value2.updatedSlot("alg", "HS384");
                mac = Mac.getInstance("HmacSHA384");
            } else {
                if (!"HmacSHA512".equals(algorithm)) {
                    throw new IllegalArgumentException("unsupported key size");
                }
                updatedSlot = value2.updatedSlot("alg", "HS512");
                mac = Mac.getInstance("HmacSHA512");
            }
            return hmacSHA(mac, key, value, updatedSlot, data);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public static JsonWebSignature mac(Key key, Value value, Value value2, Data data) {
        return hmacSHA(key, value, value2, data);
    }

    public static JsonWebSignature mac(Key key, Value value, Data data) {
        return mac(key, Value.absent(), value, data);
    }

    public static JsonWebSignature mac(Key key, Data data) {
        return mac(key, Value.absent(), Value.absent(), data);
    }

    public static JsonWebSignature signRSA(Signature signature, PrivateKey privateKey, int i, Value value, Value value2, Data data, Data data2) {
        try {
            signature.initSign(privateKey);
            signature.update(data.asByteBuffer());
            return new JsonWebSignature(value, value2, data, data2, Data.wrap(signature.sign()));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public static JsonWebSignature signRSA(Signature signature, PrivateKey privateKey, int i, Value value, Value value2, Data data) {
        Data data2 = Json.toData(value2);
        Output output = Data.output();
        Base64.urlUnpadded().writeByteBuffer(data2.asByteBuffer(), output);
        output.write(46);
        Base64.urlUnpadded().writeByteBuffer(data.asByteBuffer(), output);
        return signRSA(signature, privateKey, i, value, value2, (Data) output.bind(), data);
    }

    public static JsonWebSignature signRSA(PrivateKey privateKey, Value value, Value value2, Data data) {
        Record updatedSlot;
        Signature signature;
        int rsaKeyLength = rsaKeyLength(privateKey);
        try {
            if (rsaKeyLength == 32) {
                updatedSlot = value2.updatedSlot("alg", "RS256");
                signature = Signature.getInstance("SHA256withRSA");
            } else if (rsaKeyLength == 48) {
                updatedSlot = value2.updatedSlot("alg", "RS384");
                signature = Signature.getInstance("SHA384withRSA");
            } else {
                if (rsaKeyLength != 64) {
                    throw new IllegalArgumentException("unsupported key size");
                }
                updatedSlot = value2.updatedSlot("alg", "RS512");
                signature = Signature.getInstance("SHA512withRSA");
            }
            return signRSA(signature, privateKey, rsaKeyLength, value, updatedSlot, data);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public static JsonWebSignature signECDSA(Signature signature, PrivateKey privateKey, int i, Value value, Value value2, Data data, Data data2) {
        try {
            signature.initSign(privateKey);
            signature.update(data.asByteBuffer());
            return new JsonWebSignature(value, value2, data, data2, derDecodeECDSASignature(Data.wrap(signature.sign()), i));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public static JsonWebSignature signECDSA(Signature signature, PrivateKey privateKey, int i, Value value, Value value2, Data data) {
        Data data2 = Json.toData(value2);
        Output output = Data.output();
        Base64.urlUnpadded().writeByteBuffer(data2.asByteBuffer(), output);
        output.write(46);
        Base64.urlUnpadded().writeByteBuffer(data.asByteBuffer(), output);
        return signECDSA(signature, privateKey, i, value, value2, (Data) output.bind(), data);
    }

    public static JsonWebSignature signECDSA(PrivateKey privateKey, Value value, Value value2, Data data) {
        Record updatedSlot;
        Signature signature;
        int ecKeyLength = ecKeyLength(privateKey);
        try {
            if (ecKeyLength == 32) {
                updatedSlot = value2.updatedSlot("alg", "ES256");
                signature = Signature.getInstance("SHA256withECDSA");
            } else if (ecKeyLength == 48) {
                updatedSlot = value2.updatedSlot("alg", "ES384");
                signature = Signature.getInstance("SHA384withECDSA");
            } else {
                if (ecKeyLength != 66) {
                    throw new IllegalArgumentException("unsupported key size");
                }
                updatedSlot = value2.updatedSlot("alg", "ES512");
                signature = Signature.getInstance("SHA512withECDSA");
            }
            return signECDSA(signature, privateKey, ecKeyLength, value, updatedSlot, data);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public static JsonWebSignature sign(PrivateKey privateKey, Value value, Value value2, Data data) {
        if (privateKey instanceof ECKey) {
            return signECDSA(privateKey, value, value2, data);
        }
        if (privateKey instanceof RSAKey) {
            return signRSA(privateKey, value, value2, data);
        }
        throw new IllegalArgumentException("unsupported signing key type");
    }

    public static JsonWebSignature sign(PrivateKey privateKey, Value value, Data data) {
        return sign(privateKey, Value.absent(), value, data);
    }

    public static JsonWebSignature sign(PrivateKey privateKey, Data data) {
        return sign(privateKey, Value.absent(), Value.absent(), data);
    }

    public static Parser<JsonWebSignature> parser() {
        return new JsonWebSignatureParser();
    }

    public static JsonWebSignature parse(String str) {
        Input stringInput = Unicode.stringInput(str);
        Parser<JsonWebSignature> parse = JsonWebSignatureParser.parse(stringInput);
        if (stringInput.isCont() && !parse.isError()) {
            parse = Parser.error(Diagnostic.unexpected(stringInput));
        } else if (stringInput.isError()) {
            parse = Parser.error(stringInput.trap());
        }
        return (JsonWebSignature) parse.bind();
    }

    static boolean compareSignatureData(Data data, Data data2) {
        boolean z = true;
        int min = Math.min(data.size(), data2.size());
        for (int i = 0; i < min; i++) {
            z = data.getByte(i) == data2.getByte(i) && z;
        }
        return z;
    }

    static int ecKeyLength(Key key) {
        int bitLength = ((ECKey) key).getParams().getOrder().bitLength();
        if (bitLength <= 256) {
            return 32;
        }
        if (bitLength <= 384) {
            return 48;
        }
        if (bitLength <= 521) {
            return 66;
        }
        throw new IllegalArgumentException("unsupported key size");
    }

    static int rsaKeyLength(Key key) {
        int bitLength = ((RSAKey) key).getModulus().bitLength();
        if (bitLength <= 2048) {
            return 32;
        }
        if (bitLength <= 3072) {
            return 48;
        }
        if (bitLength <= 4096) {
            return 64;
        }
        throw new IllegalArgumentException("unsupported key size");
    }

    static Data derDecodeECDSASignature(Data data, int i) {
        Value value = (Value) Der.structureDecoder().decodeValue(data.toInputBuffer()).bind();
        byte[] byteArray = value.getItem(0).integerValue().toByteArray();
        byte[] byteArray2 = value.getItem(1).integerValue().toByteArray();
        byte[] bArr = new byte[i << 1];
        if (byteArray.length <= i) {
            System.arraycopy(byteArray, 0, bArr, i - byteArray.length, byteArray.length);
        } else {
            System.arraycopy(byteArray, byteArray.length - i, bArr, 0, i);
        }
        if (byteArray2.length <= i) {
            System.arraycopy(byteArray2, 0, bArr, i + (i - byteArray2.length), byteArray2.length);
        } else {
            System.arraycopy(byteArray2, byteArray2.length - i, bArr, i, i);
        }
        return Data.wrap(bArr);
    }

    static Data derEncodeECDSASignature(Data data) {
        int size = data.size() >>> 1;
        byte[] asByteArray = data.asByteArray();
        byte[] bArr = new byte[size];
        System.arraycopy(asByteArray, 0, bArr, 0, size);
        Num from = Num.from(new BigInteger(1, bArr));
        System.arraycopy(asByteArray, size, bArr, 0, size);
        Value of = Record.of(new Object[]{from, Num.from(new BigInteger(1, bArr))});
        byte[] bArr2 = new byte[Der.structureEncoder().sizeOf(of)];
        Der.structureEncoder().encode(of, Binary.outputBuffer(bArr2));
        return Data.wrap(bArr2);
    }
}
