package org.bdware.doip.core.crypto.signature;

import com.google.gson.GsonBuilder;
import com.google.gson.annotations.Expose;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.util.Arrays;
import org.bdware.doip.core.model.handleRecord.DoipServiceHandleRecord;
import org.bdware.doip.endpoint.irpClient.GlobalIrpClient;

/* loaded from: input_file:org/bdware/doip/core/crypto/signature/DOSignature.class */
public class DOSignature {

    @Expose
    BytesAlg bytesAlg;
    String doSigSegment;
    byte[] payload;
    String publicKey;

    @Expose
    public JWS signatures;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:org/bdware/doip/core/crypto/signature/DOSignature$BytesAlg.class */
    public static class BytesAlg {

        @Expose
        String hashAlg;
    }

    public DOSignature(String str, byte[] bArr, String str2, PrivateKey privateKey, String str3) throws NoSuchAlgorithmException {
        this.bytesAlg = new BytesAlg();
        this.bytesAlg.hashAlg = str;
        this.signatures = new JWS(str2, str.equals("SHA-256") ? Utils.preprocess(bArr) : bArr, str3, privateKey);
    }

    public DOSignature(byte[] bArr, String str) throws Exception {
        this.payload = bArr;
        this.doSigSegment = str;
    }

    public DOSignature(byte[] bArr, String str, String str2) throws Exception {
        this.payload = bArr;
        this.doSigSegment = str;
        this.publicKey = str2;
    }

    public String createSegment() throws SignatureException, NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException {
        if (this.signatures == null) {
            return null;
        }
        this.signatures.sign();
        if (this.signatures.signatures != null) {
            return new GsonBuilder().excludeFieldsWithoutExposeAnnotation().create().toJson(this);
        }
        return null;
    }

    public boolean verifySegment() throws Exception {
        if (this.doSigSegment == null || this.doSigSegment.equals("")) {
            return false;
        }
        DOSignature dOSignature = (DOSignature) new GsonBuilder().excludeFieldsWithoutExposeAnnotation().create().fromJson(this.doSigSegment, DOSignature.class);
        byte[] bArr = this.payload;
        if (dOSignature.bytesAlg.hashAlg.equals("SHA-256")) {
            bArr = Utils.preprocess(this.payload);
        }
        if (dOSignature.signatures == null) {
            return false;
        }
        byte[] urlSafeDecode = Utils.urlSafeDecode(dOSignature.signatures.payload.getBytes());
        if (!$assertionsDisabled && !Arrays.equals(bArr, urlSafeDecode)) {
            throw new AssertionError(String.format("payload to be verified is not the payload in signature, payload to be verified:\n%s\npayload in signature:\n%s\n", Arrays.toString(bArr), Arrays.toString(urlSafeDecode)));
        }
        if (this.publicKey == null || this.publicKey.equals("")) {
            this.publicKey = new DoipServiceHandleRecord(GlobalIrpClient.getGlobalClient().resolve(dOSignature.signatures.signatures[0].header.kid)).getPublicKey();
        }
        dOSignature.signatures.setPubKey(JWK.load(this.publicKey).getPublicKey());
        return dOSignature.signatures.verify();
    }

    static {
        $assertionsDisabled = !DOSignature.class.desiredAssertionStatus();
    }
}
