package org.bdware.doip.core.crypto.signature;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.annotations.Expose;
import com.google.gson.annotations.SerializedName;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/bdware/doip/core/crypto/signature/JWS.class */
public class JWS {

    @Expose
    public String payload;

    @Expose
    public Sig[] signatures;
    private String entityId;
    private PublicKey pubKey;
    private PrivateKey signingKey;
    private String algorithm;
    private String encoding = "UTF-8";
    Logger logger = Logger.getLogger(JWS.class);

    /* loaded from: input_file:org/bdware/doip/core/crypto/signature/JWS$Alg.class */
    public static class Alg {

        @Expose
        String alg;
    }

    /* loaded from: input_file:org/bdware/doip/core/crypto/signature/JWS$Sig.class */
    public static class Sig {

        @SerializedName("protected")
        @Expose
        public String Protected;

        @Expose
        public Header header;

        @Expose
        public String signature;

        /* loaded from: input_file:org/bdware/doip/core/crypto/signature/JWS$Sig$Header.class */
        public static class Header {

            @Expose
            public String kid;
        }
    }

    public JWS(String str, byte[] bArr, String str2, PrivateKey privateKey) {
        this.entityId = str;
        this.signingKey = privateKey;
        this.algorithm = str2;
        this.payload = Utils.urlSafeEncode(bArr);
        this.logger.debug(String.format("sign algorithm: %s", this.algorithm));
    }

    public String getPayload() {
        return this.payload;
    }

    public void setEntity(String str) {
        this.entityId = str;
    }

    public void setKey(PrivateKey privateKey) {
        this.signingKey = privateKey;
    }

    public void setPubKey(PublicKey publicKey) {
        this.pubKey = publicKey;
    }

    public void setPayload(String str) {
        this.payload = str;
    }

    public void setAlgorithm(String str) {
        this.algorithm = str;
    }

    public void sign() throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Sig sig = new Sig();
        Sig.Header header = new Sig.Header();
        header.kid = this.entityId;
        sig.header = header;
        Alg alg = new Alg();
        alg.alg = this.algorithm;
        sig.Protected = Utils.urlSafeEncode(new Gson().toJson(alg, Alg.class).getBytes(this.encoding));
        if (!this.algorithm.equals("RS256")) {
            this.logger.error(String.format("Unsupported signature algorithm: %s", this.algorithm));
            this.signatures = null;
            return;
        }
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(this.signingKey);
        signature.update((sig.Protected + "." + this.payload).getBytes(this.encoding));
        sig.signature = Utils.urlSafeEncode(signature.sign());
        this.signatures = new Sig[]{sig};
    }

    public boolean verify() throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, UnsupportedEncodingException {
        this.algorithm = ((Alg) new GsonBuilder().excludeFieldsWithoutExposeAnnotation().create().fromJson(new String(Utils.urlSafeDecode(this.signatures[0].Protected.getBytes())), Alg.class)).alg;
        if (!this.algorithm.equals("RS256")) {
            this.logger.error(String.format("Unsupported signature algorithm: %s", this.algorithm));
            return false;
        }
        Signature signature = Signature.getInstance("SHA256withRSA");
        String str = this.signatures[0].Protected + "." + this.payload;
        byte[] urlSafeDecode = Utils.urlSafeDecode(this.signatures[0].signature.getBytes());
        signature.initVerify(this.pubKey);
        signature.update(str.getBytes());
        return signature.verify(urlSafeDecode);
    }
}
