package com.bfo.json;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.Key;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/bfo/json/COSE.class */
public class COSE extends Json {
    private static final int TAG_COSE_SIGN = 98;
    private static final int TAG_COSE_SIGN1 = 18;
    private static final int TAG_COSE_COUNTERSIG = 19;
    private static final int HEADER_ALG = 1;
    private static final int HEADER_CRIT = 2;
    private static final int HEADER_CONTENTTYPE = 3;
    private static final int HEADER_KID = 4;
    private static final int HEADER_IV = 5;
    private static final int HEADER_PARTIALIV = 6;
    private static final int HEADER_COUNTERSIG = 7;
    private static final int HEADER_COUNTERSIG2 = 11;
    private static final int HEADER_COUNTERSIG02 = 12;
    private static final int ALGORITHM_ES256 = -7;
    private static final int ALGORITHM_ES384 = -35;
    private static final int ALGORITHM_ES512 = -36;
    private static final int ALGORITHM_EDDSA = -8;
    private static final int ALGORITHM_HMAC256_64 = 4;
    private static final int ALGORITHM_HMAC256 = 5;
    private static final int ALGORITHM_HMAC384 = 6;
    private static final int ALGORITHM_HMAC512 = 7;
    private static final int ALGORITHM_PS256 = -37;
    private static final int ALGORITHM_PS384 = -38;
    private static final int ALGORITHM_PS512 = -39;
    private ByteBuffer payload;
    private boolean detached;
    private Json unprotectedAtts;
    private Json protectedAtts;
    private Json externalProtectedAtts;
    private List<X509Certificate> certs;
    private Provider provider;

    public COSE() {
        super(Collections.emptyList());
    }

    public COSE(Json json) {
        super(json);
    }

    public COSE setProvider(Provider provider) {
        this.provider = provider;
        return this;
    }

    public Provider getProvider() {
        return this.provider;
    }

    public boolean isInitialized() {
        return !isEmpty();
    }

    public ByteBuffer getPayload() {
        if (this.payload != null) {
            return this.payload;
        }
        if (!isInitialized()) {
            throw new IllegalStateException("Not initialized");
        }
        if (isNull(2)) {
            return null;
        }
        return get(2).bufferValue();
    }

    public boolean isDetached() {
        return (isInitialized() && isNull(2)) || this.detached;
    }

    public COSE setPayload(ByteBuffer byteBuffer, boolean z) {
        if (z && (!isInitialized() || isDetached())) {
            this.payload = byteBuffer;
            this.detached = true;
        } else {
            if (isInitialized()) {
                throw new IllegalStateException("Already initialized");
            }
            this.payload = byteBuffer;
            this.detached = false;
        }
        return this;
    }

    public Json getUnprotectedAttributes() {
        if (!isInitialized()) {
            return this.unprotectedAtts;
        }
        Json json = get(1);
        if (json.isEmpty()) {
            return null;
        }
        return json;
    }

    public COSE setUnprotectedAttributes(Json json) {
        if (isInitialized()) {
            put(1, json);
        } else {
            this.unprotectedAtts = json;
        }
        this.certs = null;
        return this;
    }

    public Json getProtectedAttributes() {
        if (!isInitialized()) {
            return this.protectedAtts;
        }
        try {
            Json readCbor = Json.readCbor((ByteBuffer) get(0).bufferValue().position(0));
            if (readCbor.isEmpty()) {
                return null;
            }
            return readCbor;
        } catch (Exception e) {
            return null;
        }
    }

    public COSE setProtectedAttributes(Json json) {
        if (isInitialized()) {
            throw new IllegalStateException("Already initialized");
        }
        this.protectedAtts = json;
        return this;
    }

    public Json getExternalProtectedAttributes() {
        return this.externalProtectedAtts;
    }

    public COSE setExternalProtectedAttributes(Json json) {
        this.externalProtectedAtts = json;
        return this;
    }

    public String getAlgorithm(int i) {
        int intValue;
        if (!isInitialized()) {
            throw new IllegalStateException("Not initialized");
        }
        if (!(getTag() == 18)) {
            Json json = get(3);
            if (i < 0 || i >= json.size()) {
                throw new IllegalArgumentException("Invalid signature index " + i + ": not between 0.." + (json.size() - 1));
            }
            Json readCbor = Json.readCbor((ByteBuffer) json.get(Integer.valueOf(i)).get(0).bufferValue().position(0));
            intValue = (readCbor == null || !readCbor.isNumber(1)) ? 0 : readCbor.intValue(1);
        } else {
            if (i != 0) {
                throw new IllegalArgumentException("Invalid signature index " + i + ": single signature");
            }
            Json readCbor2 = Json.readCbor((ByteBuffer) get(0).bufferValue().position(0));
            intValue = (readCbor2 == null || !readCbor2.isNumber(1)) ? 0 : readCbor2.intValue(1);
        }
        if (intValue == 0) {
            return null;
        }
        return JWK.fromCOSEAlgorithm(new Json(Integer.valueOf(intValue))).stringValue();
    }

    public int getNumSignatures() {
        if (!isInitialized()) {
            throw new IllegalStateException("Not initialized");
        }
        if (getTag() == 18) {
            return 1;
        }
        return get(3).size();
    }

    public List<X509Certificate> getCertificates() {
        if (this.certs == null) {
            Json protectedAttributes = getProtectedAttributes();
            Json unprotectedAttributes = getUnprotectedAttributes();
            Json json = 0 != 0 ? null : protectedAttributes != null ? protectedAttributes.get(33) : null;
            Json json2 = json != null ? json : protectedAttributes != null ? protectedAttributes.get(32) : null;
            Json json3 = json2 != null ? json2 : protectedAttributes != null ? protectedAttributes.get("x5chain") : null;
            Json json4 = json3 != null ? json3 : protectedAttributes != null ? protectedAttributes.get("x5bag") : null;
            if (json4 != null) {
                this.certs = JWK.extractCertificates(json4);
            }
            Json json5 = json4 != null ? json4 : unprotectedAttributes != null ? unprotectedAttributes.get(33) : null;
            Json json6 = json5 != null ? json5 : unprotectedAttributes != null ? unprotectedAttributes.get(32) : null;
            Json json7 = json6 != null ? json6 : unprotectedAttributes != null ? unprotectedAttributes.get("x5chain") : null;
            Json json8 = json7 != null ? json7 : unprotectedAttributes != null ? unprotectedAttributes.get("x5bag") : null;
            if (json8 != null) {
                if (this.certs != null) {
                    this.certs = new ArrayList();
                    this.certs.addAll(JWK.extractCertificates(json8));
                } else {
                    this.certs = JWK.extractCertificates(json8);
                }
            }
            if (this.certs == null) {
                Json json9 = 0 != 0 ? null : protectedAttributes != null ? protectedAttributes.get(35) : null;
                Json json10 = json9 != null ? json9 : protectedAttributes != null ? protectedAttributes.get("x5u") : null;
                Json json11 = json10 != null ? json10 : unprotectedAttributes != null ? unprotectedAttributes.get(35) : null;
                Json json12 = json11 != null ? json11 : unprotectedAttributes != null ? unprotectedAttributes.get("x5u") : null;
                Json json13 = 0 != 0 ? null : protectedAttributes != null ? protectedAttributes.get(34) : null;
                Json json14 = json13 != null ? json13 : protectedAttributes != null ? protectedAttributes.get("x5t") : null;
                Json json15 = json14 != null ? json14 : unprotectedAttributes != null ? unprotectedAttributes.get(34) : null;
                Json json16 = json15 != null ? json15 : unprotectedAttributes != null ? unprotectedAttributes.get("x5t") : null;
                if (json12 != null && json12.isString()) {
                    try {
                        this.certs = JWK.downloadCertificates(json12, json16, null);
                    } catch (IOException e) {
                        throw new IllegalStateException("Failed downloading certificate from \"" + json12.stringValue() + "\"", e);
                    }
                }
            }
            if (this.certs == null) {
                this.certs = Collections.emptyList();
            }
            this.certs = Collections.unmodifiableList(this.certs);
        }
        return this.certs;
    }

    public COSE setCertificates(List<X509Certificate> list) {
        this.certs = list;
        return this;
    }

    public int verify(PublicKey publicKey) {
        try {
            if (!isInitialized()) {
                throw new IllegalStateException("Not initialized");
            }
            if (getTag() != 98 && getTag() != 18) {
                throw new IllegalStateException("Not a signed type (" + getTag() + ")");
            }
            boolean z = getTag() == 18;
            Json json = get(3);
            int i = 0;
            while (true) {
                if (i >= (z ? 1 : json.size())) {
                    return -1;
                }
                ByteBuffer bufferValue = get(0).bufferValue();
                ByteBuffer bufferValue2 = z ? bufferValue : json.get(Integer.valueOf(i)).get(0).bufferValue();
                ByteBuffer bufferValue3 = z ? get(3).bufferValue() : json.get(Integer.valueOf(i)).get(2).bufferValue();
                ByteBuffer payload = getPayload();
                if (payload == null) {
                    throw new IllegalStateException("Payload is detached, must call {@link #setPayload setPayload(payload, true)} before verifying");
                }
                if (verifySignature(z ? "Signature1" : "Signature", bufferValue, bufferValue2, this.externalProtectedAtts, payload, bufferValue3, publicKey, this.provider)) {
                    return i;
                }
                i++;
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private static boolean verifySignature(String str, ByteBuffer byteBuffer, ByteBuffer byteBuffer2, Json json, ByteBuffer byteBuffer3, ByteBuffer byteBuffer4, PublicKey publicKey, Provider provider) throws IOException {
        Signature signature;
        try {
            signature = JWK.createSignature(JWK.fromCOSEAlgorithm(Json.readCbor((ByteBuffer) byteBuffer2.position(0)).get(1)).stringValue(), publicKey, provider);
            signature.initVerify(publicKey);
        } catch (Exception e) {
            signature = null;
        }
        if (signature == null) {
            return false;
        }
        Json read = Json.read("[]");
        int i = 0 + 1;
        read.put(0, str);
        int i2 = i + 1;
        read.put(Integer.valueOf(i), new Json(byteBuffer));
        if (byteBuffer != byteBuffer2) {
            i2++;
            read.put(Integer.valueOf(i2), new Json(byteBuffer2));
        }
        int i3 = i2;
        int i4 = i2 + 1;
        read.put(Integer.valueOf(i3), new Json(json == null ? ByteBuffer.wrap(new byte[0]) : json.toCbor()));
        int i5 = i4 + 1;
        read.put(Integer.valueOf(i4), new Json(byteBuffer3));
        byte[] array = read.toCbor().array();
        byte[] array2 = byteBuffer4.array();
        if (publicKey.getAlgorithm().equals("EC")) {
            array2 = JWT.cat2der(array2);
        }
        try {
            signature.update(array);
            return signature.verify(array2);
        } catch (Exception e2) {
            e2.printStackTrace();
            return false;
        }
    }

    public COSE sign(Key key, String str) {
        return sign(Collections.singletonMap(key, str));
    }

    public COSE sign(Map<Key, String> map) {
        if (isInitialized()) {
            while (size() > 0) {
                remove(Integer.valueOf(size() - 1));
            }
        }
        if (this.payload == null) {
            throw new IllegalStateException("No payload");
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (Map.Entry<Key, String> entry : map.entrySet()) {
            if (entry.getKey() instanceof PrivateKey) {
                PrivateKey privateKey = (PrivateKey) entry.getKey();
                String value = entry.getValue();
                if (value == null) {
                    value = new JWK(privateKey).getAlgorithm();
                }
                if (value != null && !value.startsWith("RS")) {
                    linkedHashMap.put(privateKey, value);
                }
            }
        }
        if (linkedHashMap.isEmpty()) {
            throw new IllegalArgumentException("No suitable keys");
        }
        if (this.protectedAtts == null) {
            this.protectedAtts = Json.read("{}");
        }
        if (this.unprotectedAtts == null) {
            this.unprotectedAtts = Json.read("{}");
        }
        if (this.certs != null && !this.certs.isEmpty()) {
            Json read = Json.read("[]");
            Iterator<X509Certificate> it = this.certs.iterator();
            while (it.hasNext()) {
                try {
                    read.put(Integer.valueOf(read.size()), it.next().getEncoded());
                } catch (CertificateEncodingException e) {
                    throw new RuntimeException(e);
                }
            }
            this.unprotectedAtts.put("x5chain", read);
        }
        if (linkedHashMap.size() == 1) {
            PrivateKey privateKey2 = (PrivateKey) linkedHashMap.keySet().iterator().next();
            String str = (String) linkedHashMap.get(privateKey2);
            JWK jwk = new JWK(privateKey2);
            jwk.put("alg", str);
            this.protectedAtts.put(1, jwk.toCOSEKey().get(3));
            byte[] signSignature = signSignature("Signature1", this.protectedAtts, this.protectedAtts, this.externalProtectedAtts, this.payload, privateKey2, str, this.provider);
            setValue(Json.read("[]"));
            put(0, new Json(this.protectedAtts.isEmpty() ? ByteBuffer.wrap(new byte[0]) : this.protectedAtts.toCbor()));
            put(1, this.unprotectedAtts);
            put(2, new Json(this.detached ? null : this.payload));
            put(3, new Json(signSignature));
            setTag(18L);
        } else {
            Json read2 = Json.read("[]");
            for (PrivateKey privateKey3 : linkedHashMap.keySet()) {
                String str2 = (String) linkedHashMap.get(privateKey3);
                JWK jwk2 = new JWK(privateKey3);
                jwk2.put("alg", str2);
                Json read3 = Json.read("{}");
                Json read4 = Json.read("{}");
                read3.put(1, jwk2.toCOSEKey().get(3));
                byte[] signSignature2 = signSignature("Signature", this.protectedAtts, read3, this.externalProtectedAtts, this.payload, privateKey3, str2, this.provider);
                Json read5 = Json.read("[]");
                read5.put(0, new Json(read3.isEmpty() ? ByteBuffer.wrap(new byte[0]) : read3.toCbor()));
                read5.put(1, read4);
                read5.put(2, new Json(signSignature2));
                read2.put(Integer.valueOf(read2.size()), read5);
            }
            setValue(Json.read("[]"));
            put(0, new Json(this.protectedAtts.isEmpty() ? ByteBuffer.wrap(new byte[0]) : this.protectedAtts.toCbor()));
            put(1, this.unprotectedAtts);
            put(2, new Json(this.detached ? null : this.payload));
            put(3, read2);
            setTag(98L);
        }
        this.unprotectedAtts = null;
        this.protectedAtts = null;
        this.payload = null;
        return this;
    }

    private static byte[] signSignature(String str, Json json, Json json2, Json json3, ByteBuffer byteBuffer, PrivateKey privateKey, String str2, Provider provider) {
        int i;
        if (json2 == null) {
            json2 = json;
        }
        if (str2 == null) {
            try {
                str2 = new JWK(privateKey).getAlgorithm();
                if (str2 == null) {
                    throw new IllegalStateException("Cannot determine algorithm from key");
                }
            } catch (RuntimeException e) {
                throw e;
            } catch (Exception e2) {
                throw new RuntimeException(e2);
            }
        }
        if (str2.startsWith("RS")) {
            throw new IllegalStateException("Algorithm \"" + str2 + "\" cannot be used with COSE");
        }
        Signature createSignature = JWK.createSignature(str2, privateKey, provider);
        createSignature.initSign(privateKey);
        Json read = Json.read("[]");
        int i2 = 0 + 1;
        read.put(0, str);
        int i3 = i2 + 1;
        read.put(Integer.valueOf(i2), new Json(json.isEmpty() ? ByteBuffer.wrap(new byte[0]) : json.toCbor()));
        if (json != json2) {
            i3++;
            read.put(Integer.valueOf(i3), new Json(json2.isEmpty() ? ByteBuffer.wrap(new byte[0]) : json2.toCbor()));
        }
        int i4 = i3;
        int i5 = i3 + 1;
        read.put(Integer.valueOf(i4), new Json((json3 == null || json3.isEmpty()) ? ByteBuffer.wrap(new byte[0]) : json3.toCbor()));
        int i6 = i5 + 1;
        read.put(Integer.valueOf(i5), new Json(byteBuffer));
        createSignature.update(read.toCbor().array());
        byte[] sign = createSignature.sign();
        if (privateKey.getAlgorithm().equals("EC")) {
            String algorithm = createSignature.getAlgorithm();
            if (algorithm.startsWith("SHA256")) {
                i = 32;
            } else if (algorithm.startsWith("SHA384")) {
                i = 48;
            } else {
                if (!algorithm.startsWith("SHA512")) {
                    throw new IllegalStateException("Bad EC alg " + createSignature.getAlgorithm());
                }
                i = 66;
            }
            sign = JWT.der2cat(sign, i);
        }
        return sign;
    }
}
