package com.bfo.json;

import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import javax.crypto.Mac;
import javax.crypto.SecretKey;

/* loaded from: input_file:com/bfo/json/JWT.class */
public class JWT implements Principal {
    private final Json header;
    private final Json payload;
    private byte[] signature;
    private Provider provider;

    public JWT() {
        this(Json.read("{}"));
    }

    public JWT(Json json) {
        this.payload = json;
        this.header = Json.read("{}");
        this.header.put("typ", "JWT");
        this.header.put("alg", "none");
        this.signature = new byte[0];
    }

    public JWT(CharSequence charSequence) {
        String charSequence2 = charSequence.toString();
        int indexOf = charSequence2.indexOf(46);
        if (indexOf < 0) {
            throw new IllegalArgumentException("No header, not a JWT");
        }
        int indexOf2 = charSequence2.indexOf(46, indexOf + 1);
        indexOf2 = indexOf2 < 0 ? charSequence2.length() : indexOf2;
        this.header = Json.read(new String(base64decode(charSequence2.substring(0, indexOf)), StandardCharsets.UTF_8));
        this.payload = Json.read(new String(base64decode(charSequence2.substring(indexOf + 1, indexOf2)), StandardCharsets.UTF_8));
        this.signature = indexOf2 == charSequence2.length() ? new byte[0] : base64decode(charSequence2.substring(indexOf2 + 1, charSequence2.length()));
    }

    public JWT setProvider(Provider provider) {
        this.provider = provider;
        return this;
    }

    public Provider getProvider() {
        return this.provider;
    }

    @Override // java.security.Principal
    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append(base64encode(this.header.toString()));
        sb.append(".");
        sb.append(base64encode(this.payload.toString()));
        sb.append(".");
        if (this.signature.length > 0) {
            sb.append(base64encode(this.signature));
        }
        return sb.toString();
    }

    public boolean verify(Key key) {
        String stringValue = this.header.isString("typ") ? this.header.get("typ").stringValue() : null;
        if (!"JWT".equalsIgnoreCase(stringValue)) {
            throw new IllegalStateException("Unsupported typ \"" + stringValue + "\"");
        }
        String algorithm = getAlgorithm();
        byte[] bytes = (base64encode(this.header.toString()) + "." + base64encode(this.payload.toString())).getBytes(StandardCharsets.UTF_8);
        try {
            if (algorithm.equals("none")) {
                return key == null && this.signature.length == 0;
            }
            if (key instanceof SecretKey) {
                Mac createMac = JWK.createMac(algorithm, key, this.provider);
                createMac.init((SecretKey) key);
                return Arrays.equals(this.signature, createMac.doFinal(bytes));
            }
            if (!(key instanceof PublicKey)) {
                return false;
            }
            Signature createSignature = JWK.createSignature(algorithm, key, this.provider);
            createSignature.initVerify((PublicKey) key);
            createSignature.update(bytes);
            byte[] bArr = this.signature;
            if (algorithm.startsWith("ES")) {
                bArr = cat2der(bArr);
            }
            return createSignature.verify(bArr);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public JWT sign(Key key) {
        String algorithm = key == null ? "none" : new JWK(key).getAlgorithm();
        Json read = Json.read(this.header.toString());
        read.put("alg", algorithm);
        byte[] bytes = (base64encode(read.toString()) + "." + base64encode(this.payload.toString())).getBytes(StandardCharsets.UTF_8);
        byte[] bArr = null;
        try {
            if (algorithm.equals("none")) {
                bArr = new byte[0];
            } else if (key instanceof SecretKey) {
                Mac createMac = JWK.createMac(algorithm, key, this.provider);
                createMac.init((SecretKey) key);
                bArr = createMac.doFinal(bytes);
            } else if (key instanceof PrivateKey) {
                Signature createSignature = JWK.createSignature(algorithm, key, this.provider);
                createSignature.initSign((PrivateKey) key);
                createSignature.update(bytes);
                bArr = createSignature.sign();
                if (algorithm.equals("ES256")) {
                    bArr = der2cat(bArr, 32);
                } else if (algorithm.equals("ES256K")) {
                    bArr = der2cat(bArr, 32);
                } else if (algorithm.equals("ES384")) {
                    bArr = der2cat(bArr, 48);
                } else if (algorithm.equals("ES512")) {
                    bArr = der2cat(bArr, 66);
                }
            }
            this.header.put("alg", algorithm);
            if (bArr == null) {
                throw new IllegalStateException("Missing or incorrect key for alg \"" + algorithm + "\"");
            }
            this.signature = bArr;
            return this;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public String getAlgorithm() {
        if (this.header.isString("alg")) {
            return this.header.get("alg").stringValue();
        }
        return null;
    }

    public long getIssuedAt() {
        if (this.payload.isNumber("iat")) {
            return this.payload.get("iat").longValue();
        }
        return 0L;
    }

    public long getNotBefore() {
        if (this.payload.isNumber("nbf")) {
            return this.payload.get("nbf").longValue();
        }
        return 0L;
    }

    public long getExpiry() {
        if (this.payload.isNumber("exp")) {
            return this.payload.get("exp").longValue();
        }
        return 0L;
    }

    public String getIssuer() {
        if (this.payload.isString("iss")) {
            return this.payload.stringValue("iss");
        }
        return null;
    }

    public String getSubject() {
        if (this.payload.isString("sub")) {
            return this.payload.stringValue("sub");
        }
        return null;
    }

    @Override // java.security.Principal
    public String getName() {
        return getSubject();
    }

    public List<String> getAudience() {
        Json json = this.payload.get("aud");
        if (json == null) {
            return Collections.emptyList();
        }
        if (json.isString("aud")) {
            return Collections.singletonList(this.payload.stringValue("aud"));
        }
        if (!this.payload.isList("aud")) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < json.size(); i++) {
            if (json.get(Integer.valueOf(i)).isString()) {
                arrayList.add(json.get(Integer.valueOf(i)).stringValue());
            }
        }
        return arrayList;
    }

    public String getUniqueID() {
        if (this.payload.isString("jti")) {
            return this.payload.stringValue("jti");
        }
        return null;
    }

    public void setIssuedAt(long j) {
        if (j <= 0) {
            this.payload.remove("iat");
        } else {
            this.payload.put("iat", Long.valueOf(j > 20000000000L ? j / 1000 : j));
        }
    }

    public void setNotBefore(long j) {
        if (j <= 0) {
            this.payload.remove("nbf");
        } else {
            this.payload.put("nbf", Long.valueOf(j > 20000000000L ? j / 1000 : j));
        }
    }

    public void setExpiry(long j) {
        if (j <= 0) {
            this.payload.remove("exp");
        } else {
            this.payload.put("exp", Long.valueOf(j > 20000000000L ? j / 1000 : j));
        }
    }

    public void setIssuer(String str) {
        if (str == null) {
            this.payload.remove("iss");
        } else {
            this.payload.put("iss", str);
        }
    }

    public void setSubject(String str) {
        if (str == null) {
            this.payload.remove("sub");
        } else {
            this.payload.put("sub", str);
        }
    }

    public void setAudience(List<String> list) {
        if (list == null) {
            this.payload.remove("aud");
            return;
        }
        Json read = Json.read("[]");
        for (String str : list) {
            if (str != null) {
                read.put(Integer.valueOf(read.size()), str);
            }
        }
        if (read.size() == 0) {
            this.payload.remove("aud");
        } else {
            this.payload.put("aud", read);
        }
    }

    public void setUniqueID(String str) {
        if (str == null) {
            this.payload.remove("jti");
        } else {
            this.payload.put("jti", str);
        }
    }

    public boolean isValidAt(long j) {
        if (j == 0) {
            j = System.currentTimeMillis() / 1000;
        }
        long j2 = j > 20000000000L ? j / 1000 : j;
        if (getExpiry() == 0 || getExpiry() >= j2) {
            return getNotBefore() == 0 || getNotBefore() <= j2;
        }
        return false;
    }

    public Json getPayload() {
        return this.payload;
    }

    public Json getHeader() {
        return this.header;
    }

    public byte[] getSignature() {
        return this.signature;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] base64decode(String str) {
        return Base64.getUrlDecoder().decode(str);
    }

    static String base64encode(String str) {
        return base64encode(str.getBytes(StandardCharsets.UTF_8));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String base64encode(byte[] bArr) {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }

    static String hex(byte[] bArr) {
        return hex(bArr, 0, bArr.length);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String hex(byte[] bArr, int i, int i2) {
        char[] cArr = new char[i2 * 2];
        for (int i3 = 0; i3 < i2; i3++) {
            int i4 = bArr[i + i3] & 255;
            int i5 = i4 >> 4;
            cArr[i3 * 2] = (char) (i5 < 10 ? i5 + 48 : (i5 + 65) - 10);
            int i6 = i4 & 15;
            cArr[(i3 * 2) + 1] = (char) (i6 < 10 ? i6 + 48 : (i6 + 65) - 10);
        }
        return new String(cArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] cat2der(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length / 2];
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        BigInteger bigInteger = new BigInteger(1, bArr2);
        System.arraycopy(bArr, bArr2.length, bArr2, 0, bArr2.length);
        BigInteger bigInteger2 = new BigInteger(1, bArr2);
        byte[] byteArray = bigInteger.toByteArray();
        byte[] byteArray2 = bigInteger2.toByteArray();
        int length = byteArray.length + byteArray2.length + 4;
        byte[] bArr3 = new byte[(length < 128 ? 2 : 3) + length];
        int i = 0 + 1;
        bArr3[0] = 48;
        if (length >= 128) {
            i++;
            bArr3[i] = -127;
        }
        int i2 = i;
        int i3 = i + 1;
        bArr3[i2] = (byte) length;
        int i4 = i3 + 1;
        bArr3[i3] = 2;
        int i5 = i4 + 1;
        bArr3[i4] = (byte) byteArray.length;
        System.arraycopy(byteArray, 0, bArr3, i5, byteArray.length);
        int length2 = i5 + byteArray.length;
        int i6 = length2 + 1;
        bArr3[length2] = 2;
        int i7 = i6 + 1;
        bArr3[i6] = (byte) byteArray2.length;
        System.arraycopy(byteArray2, 0, bArr3, i7, byteArray2.length);
        int length3 = i7 + byteArray2.length;
        return bArr3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] der2cat(byte[] bArr, int i) {
        byte[] bArr2 = new byte[i * 2];
        int i2 = bArr[1] == -127 ? 5 : 4;
        int i3 = bArr[i2 - 1] & 255;
        int i4 = i2 + i3 + 2;
        System.arraycopy(bArr, i3 > i ? i2 + 1 : i2, bArr2, i - Math.min(i, i3), Math.min(i, i3));
        int i5 = i2 + i3 + 2;
        int i6 = bArr[i5 - 1] & 255;
        System.arraycopy(bArr, i6 > i ? i5 + 1 : i5, bArr2, (i + i) - Math.min(i, i6), Math.min(i, i6));
        return bArr2;
    }
}
