package org.apache.cxf.rs.security.jose.jws;

import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.jaxrs.utils.ResourceUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rs.security.jose.JoseHeaders;
import org.apache.cxf.rs.security.jose.JoseUtils;
import org.apache.cxf.rs.security.jose.jaxrs.KeyManagementUtils;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;

/* loaded from: input_file:org/apache/cxf/rs/security/jose/jws/JwsUtils.class */
public final class JwsUtils {
    private static final String JSON_WEB_SIGNATURE_ALGO_PROP = "rs.security.jws.content.signature.algorithm";
    private static final String RSSEC_SIGNATURE_OUT_PROPS = "rs.security.signature.out.properties";
    private static final String RSSEC_SIGNATURE_IN_PROPS = "rs.security.signature.in.properties";
    private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.properties";

    private JwsUtils() {
    }

    public static String sign(RSAPrivateKey rSAPrivateKey, String str, String str2) {
        return sign(rSAPrivateKey, str, str2, (String) null);
    }

    public static String sign(RSAPrivateKey rSAPrivateKey, String str, String str2, String str3) {
        return sign(getRSAKeySignatureProvider(rSAPrivateKey, str), str2, str3);
    }

    public static String sign(byte[] bArr, String str, String str2) {
        return sign(bArr, str, str2, (String) null);
    }

    public static String sign(byte[] bArr, String str, String str2, String str3) {
        return sign(getHmacSignatureProvider(bArr, str), str2, str3);
    }

    public static String verify(RSAPublicKey rSAPublicKey, String str, String str2) {
        return verify(getRSAKeySignatureVerifier(rSAPublicKey, str), str2).getDecodedJwsPayload();
    }

    public static String verify(byte[] bArr, String str, String str2) {
        return verify(getHmacSignatureVerifier(bArr, str), str2).getDecodedJwsPayload();
    }

    public static JwsSignatureProvider getSignatureProvider(JsonWebKey jsonWebKey) {
        return getSignatureProvider(jsonWebKey, null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v18, types: [org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider] */
    /* JADX WARN: Type inference failed for: r0v22, types: [org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider] */
    public static JwsSignatureProvider getSignatureProvider(JsonWebKey jsonWebKey, String str) {
        String algorithm = jsonWebKey.getAlgorithm() == null ? str : jsonWebKey.getAlgorithm();
        EcDsaJwsSignatureProvider ecDsaJwsSignatureProvider = null;
        if (JsonWebKey.KEY_TYPE_RSA.equals(jsonWebKey.getKeyType())) {
            ecDsaJwsSignatureProvider = getRSAKeySignatureProvider(JwkUtils.toRSAPrivateKey(jsonWebKey), algorithm);
        } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jsonWebKey.getKeyType())) {
            ecDsaJwsSignatureProvider = getHmacSignatureProvider(JoseUtils.decode((String) jsonWebKey.getProperty(JsonWebKey.OCTET_KEY_VALUE)), algorithm);
        } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jsonWebKey.getKeyType())) {
            ecDsaJwsSignatureProvider = new EcDsaJwsSignatureProvider(JwkUtils.toECPrivateKey(jsonWebKey), algorithm);
        }
        return ecDsaJwsSignatureProvider;
    }

    public static JwsSignatureProvider getRSAKeySignatureProvider(RSAPrivateKey rSAPrivateKey, String str) {
        return new PrivateKeyJwsSignatureProvider(rSAPrivateKey, str);
    }

    public static JwsSignatureProvider getHmacSignatureProvider(byte[] bArr, String str) {
        if (Algorithm.isHmacSign(str)) {
            return new HmacJwsSignatureProvider(bArr, str);
        }
        return null;
    }

    public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jsonWebKey) {
        return getSignatureVerifier(jsonWebKey, null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v18, types: [org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier] */
    /* JADX WARN: Type inference failed for: r0v22, types: [org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier] */
    public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jsonWebKey, String str) {
        String algorithm = jsonWebKey.getAlgorithm() == null ? str : jsonWebKey.getAlgorithm();
        EcDsaJwsSignatureVerifier ecDsaJwsSignatureVerifier = null;
        if (JsonWebKey.KEY_TYPE_RSA.equals(jsonWebKey.getKeyType())) {
            ecDsaJwsSignatureVerifier = getRSAKeySignatureVerifier(JwkUtils.toRSAPublicKey(jsonWebKey, true), algorithm);
        } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jsonWebKey.getKeyType())) {
            ecDsaJwsSignatureVerifier = getHmacSignatureVerifier(JoseUtils.decode((String) jsonWebKey.getProperty(JsonWebKey.OCTET_KEY_VALUE)), algorithm);
        } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jsonWebKey.getKeyType())) {
            ecDsaJwsSignatureVerifier = new EcDsaJwsSignatureVerifier(JwkUtils.toECPublicKey(jsonWebKey), algorithm);
        }
        return ecDsaJwsSignatureVerifier;
    }

    public static JwsSignatureVerifier getRSAKeySignatureVerifier(RSAPublicKey rSAPublicKey, String str) {
        return new PublicKeyJwsSignatureVerifier(rSAPublicKey, str);
    }

    public static JwsSignatureVerifier getHmacSignatureVerifier(byte[] bArr, String str) {
        if (Algorithm.isHmacSign(str)) {
            return new HmacJwsSignatureVerifier(bArr, str);
        }
        return null;
    }

    public static MultivaluedMap<String, JwsJsonSignatureEntry> getJwsJsonSignatureMap(List<JwsJsonSignatureEntry> list) {
        MetadataMap metadataMap = new MetadataMap();
        for (JwsJsonSignatureEntry jwsJsonSignatureEntry : list) {
            metadataMap.add(jwsJsonSignatureEntry.getUnionHeader().getAlgorithm(), jwsJsonSignatureEntry);
        }
        return metadataMap;
    }

    public static JwsSignatureProvider loadSignatureProvider(boolean z) {
        String str;
        Message currentMessage = JAXRSUtils.getCurrentMessage();
        if (currentMessage != null && (str = (String) MessageUtils.getContextualProperty(currentMessage, RSSEC_SIGNATURE_OUT_PROPS, RSSEC_SIGNATURE_PROPS)) != null) {
            return loadSignatureProvider(str, currentMessage);
        }
        if (z) {
            throw new SecurityException();
        }
        return null;
    }

    public static JwsSignatureProvider loadSignatureProvider(String str, Message message) {
        return loadSignatureProvider(str, message, false);
    }

    public static JwsSignatureVerifier loadSignatureVerifier(boolean z) {
        String str;
        Message currentMessage = JAXRSUtils.getCurrentMessage();
        if (currentMessage != null && (str = (String) MessageUtils.getContextualProperty(currentMessage, RSSEC_SIGNATURE_IN_PROPS, RSSEC_SIGNATURE_PROPS)) != null) {
            return loadSignatureVerifier(str, currentMessage);
        }
        if (z) {
            throw new SecurityException();
        }
        return null;
    }

    public static List<JwsSignatureProvider> loadSignatureProviders(String str, Message message) {
        List<JsonWebKey> loadJsonWebKeys;
        Properties loadProperties = loadProperties(message, str);
        JwsSignatureProvider loadSignatureProvider = loadSignatureProvider(str, message, true);
        if (loadSignatureProvider != null) {
            return Collections.singletonList(loadSignatureProvider);
        }
        ArrayList arrayList = null;
        if ("jwk".equals(loadProperties.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)) && (loadJsonWebKeys = JwkUtils.loadJsonWebKeys(message, loadProperties, JsonWebKey.KEY_OPER_SIGN)) != null) {
            arrayList = new ArrayList(loadJsonWebKeys.size());
            Iterator<JsonWebKey> it = loadJsonWebKeys.iterator();
            while (it.hasNext()) {
                arrayList.add(getSignatureProvider(it.next()));
            }
        }
        if (arrayList == null) {
            throw new SecurityException();
        }
        return arrayList;
    }

    public static JwsSignatureVerifier loadSignatureVerifier(String str, Message message) {
        return loadSignatureVerifier(str, message, false);
    }

    public static List<JwsSignatureVerifier> loadSignatureVerifiers(String str, Message message) {
        List<JsonWebKey> loadJsonWebKeys;
        Properties loadProperties = loadProperties(message, str);
        JwsSignatureVerifier loadSignatureVerifier = loadSignatureVerifier(str, message, true);
        if (loadSignatureVerifier != null) {
            return Collections.singletonList(loadSignatureVerifier);
        }
        ArrayList arrayList = null;
        if ("jwk".equals(loadProperties.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)) && (loadJsonWebKeys = JwkUtils.loadJsonWebKeys(message, loadProperties, JsonWebKey.KEY_OPER_VERIFY)) != null) {
            arrayList = new ArrayList(loadJsonWebKeys.size());
            Iterator<JsonWebKey> it = loadJsonWebKeys.iterator();
            while (it.hasNext()) {
                arrayList.add(getSignatureVerifier(it.next()));
            }
        }
        if (arrayList == null) {
            throw new SecurityException();
        }
        return arrayList;
    }

    public static boolean validateCriticalHeaders(JoseHeaders joseHeaders) {
        return JoseUtils.validateCriticalHeaders(joseHeaders);
    }

    private static JwsSignatureProvider loadSignatureProvider(String str, Message message, boolean z) {
        Properties loadProperties = loadProperties(message, str);
        JwsSignatureProvider jwsSignatureProvider = null;
        if ("jwk".equals(loadProperties.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
            JsonWebKey loadJsonWebKey = JwkUtils.loadJsonWebKey(message, loadProperties, JsonWebKey.KEY_OPER_SIGN);
            if (loadJsonWebKey != null) {
                jwsSignatureProvider = getSignatureProvider(loadJsonWebKey, getSignatureAlgo(loadProperties, loadJsonWebKey.getAlgorithm()));
            }
        } else {
            jwsSignatureProvider = getRSAKeySignatureProvider((RSAPrivateKey) KeyManagementUtils.loadPrivateKey(message, loadProperties, KeyManagementUtils.RSSEC_SIG_KEY_PSWD_PROVIDER), getSignatureAlgo(loadProperties, null));
        }
        if (jwsSignatureProvider != null || z) {
            return jwsSignatureProvider;
        }
        throw new SecurityException();
    }

    private static JwsSignatureVerifier loadSignatureVerifier(String str, Message message, boolean z) {
        Properties loadProperties = loadProperties(message, str);
        JwsSignatureVerifier jwsSignatureVerifier = null;
        if ("jwk".equals(loadProperties.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
            JsonWebKey loadJsonWebKey = JwkUtils.loadJsonWebKey(message, loadProperties, JsonWebKey.KEY_OPER_VERIFY);
            if (loadJsonWebKey != null) {
                jwsSignatureVerifier = getSignatureVerifier(loadJsonWebKey, getSignatureAlgo(loadProperties, loadJsonWebKey.getAlgorithm()));
            }
        } else {
            jwsSignatureVerifier = getRSAKeySignatureVerifier((RSAPublicKey) KeyManagementUtils.loadPublicKey(message, loadProperties), getSignatureAlgo(loadProperties, null));
        }
        if (jwsSignatureVerifier != null || z) {
            return jwsSignatureVerifier;
        }
        throw new SecurityException();
    }

    private static Properties loadProperties(Message message, String str) {
        try {
            return ResourceUtils.loadProperties(str, message.getExchange().getBus());
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    private static String getSignatureAlgo(Properties properties, String str) {
        return str == null ? properties.getProperty(JSON_WEB_SIGNATURE_ALGO_PROP) : str;
    }

    private static JwsCompactConsumer verify(JwsSignatureVerifier jwsSignatureVerifier, String str) {
        JwsCompactConsumer jwsCompactConsumer = new JwsCompactConsumer(str);
        if (jwsCompactConsumer.verifySignatureWith(jwsSignatureVerifier)) {
            return jwsCompactConsumer;
        }
        throw new SecurityException();
    }

    private static String sign(JwsSignatureProvider jwsSignatureProvider, String str, String str2) {
        JoseHeaders joseHeaders = new JoseHeaders();
        if (str2 != null) {
            joseHeaders.setContentType(str2);
        }
        JwsCompactProducer jwsCompactProducer = new JwsCompactProducer(joseHeaders, str);
        jwsCompactProducer.signWith(jwsSignatureProvider);
        return jwsCompactProducer.getSignedEncodedJws();
    }
}
