package com.dawex.weaver.trustframework.vc.core.jose;

import com.apicatalog.jsonld.JsonLd;
import com.apicatalog.jsonld.JsonLdError;
import com.apicatalog.jsonld.JsonLdOptions;
import com.apicatalog.jsonld.context.cache.LruCache;
import com.apicatalog.jsonld.document.JsonDocument;
import com.apicatalog.jsonld.http.media.MediaType;
import com.apicatalog.rdf.RdfDataset;
import com.apicatalog.rdf.io.error.RdfWriterException;
import com.apicatalog.rdf.io.error.UnsupportedContentException;
import com.apicatalog.rdf.spi.RdfProvider;
import com.dawex.weaver.trustframework.vc.core.jose.exception.SignatureException;
import com.dawex.weaver.trustframework.vc.core.jsonld.ExternalContext;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.RSAKey;
import io.setl.rdf.normalization.RdfNormalize;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/dawex/weaver/trustframework/vc/core/jose/JsonWebSignatureUtils.class */
public class JsonWebSignatureUtils {
    private static final String HASH_ALGORITHM_SHA256 = "SHA-256";
    public static final JWSAlgorithm JWS_ALGORITHM = JWSAlgorithm.PS256;
    private static final Map<String, String> PRELOADED_CONTEXT = Map.of(ExternalContext.DID, "/jsonld-contexts/w3org-did-v1.json", ExternalContext.GAIAX_TRUST_FRAMEWORK, "/jsonld-contexts/gaiax-trustframework-v1.json", ExternalContext.SECURITY_JWS_2020, "/jsonld-contexts/w3c-vc-jws-20020-v1.json", ExternalContext.VERIFIABLE_CREDENTIALS, "/jsonld-contexts/w3org-2018-credentials-v1.json");

    private JsonWebSignatureUtils() {
    }

    public static String generateSignature(String str, JWK jwk) {
        try {
            return getSignature(getHash(normalize(str)), jwk);
        } catch (JsonLdError | IOException | RdfWriterException | UnsupportedContentException | NoSuchAlgorithmException | JOSEException e) {
            throw new SignatureException((Throwable) e);
        }
    }

    public static boolean isSignatureValid(String str, String str2, JWK jwk) {
        try {
            return verifySignature(str2, str, new RSASSAVerifier((RSAKey) jwk));
        } catch (JsonLdError | IOException | RdfWriterException | UnsupportedContentException | NoSuchAlgorithmException | ParseException | JOSEException e) {
            throw new SignatureException((Throwable) e);
        }
    }

    public static boolean isSignatureValid(String str, String str2, X509Certificate x509Certificate) {
        try {
            return verifySignature(str2, str, new RSASSAVerifier((RSAPublicKey) x509Certificate.getPublicKey()));
        } catch (JsonLdError | IOException | RdfWriterException | UnsupportedContentException | NoSuchAlgorithmException | ParseException | JOSEException e) {
            throw new SignatureException((Throwable) e);
        }
    }

    private static String normalize(String str) throws JsonLdError, IOException, RdfWriterException, UnsupportedContentException {
        StringReader stringReader = new StringReader(str);
        try {
            JsonDocument of = JsonDocument.of(stringReader);
            stringReader.close();
            RdfDataset normalize = RdfNormalize.normalize(JsonLd.toRdf(of).options(getJsonLdOptionsWithPreloadedContexts()).get());
            StringWriter stringWriter = new StringWriter();
            try {
                RdfProvider.provider().createWriter(MediaType.N_QUADS, stringWriter).write(normalize);
                String stringWriter2 = stringWriter.toString();
                stringWriter.close();
                return stringWriter2;
            } catch (Throwable th) {
                try {
                    stringWriter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (Throwable th3) {
            try {
                stringReader.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }

    private static JsonLdOptions getJsonLdOptionsWithPreloadedContexts() {
        JsonLdOptions jsonLdOptions = new JsonLdOptions();
        jsonLdOptions.setDocumentCache(new LruCache(32));
        PRELOADED_CONTEXT.forEach((str, str2) -> {
            try {
                InputStream resourceAsStream = JsonWebSignatureUtils.class.getResourceAsStream(str2);
                if (resourceAsStream == null) {
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                        return;
                    }
                    return;
                }
                try {
                    jsonLdOptions.getDocumentCache().put(str, JsonDocument.of(resourceAsStream));
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                } catch (Throwable th) {
                    if (resourceAsStream != null) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (IOException | JsonLdError e) {
            }
        });
        return jsonLdOptions;
    }

    private static String getHash(String str) throws NoSuchAlgorithmException {
        return byteArrayToHex(MessageDigest.getInstance(HASH_ALGORITHM_SHA256).digest(str.getBytes(StandardCharsets.UTF_8)));
    }

    private static String byteArrayToHex(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            sb.append(Integer.toString((b & 255) + 256, 16).substring(1));
        }
        return sb.toString().toLowerCase();
    }

    private static String getSignature(String str, JWK jwk) throws JOSEException {
        JWSObject jWSObject = new JWSObject(new JWSHeader.Builder(JWS_ALGORITHM).base64URLEncodePayload(false).criticalParams(Set.of("b64")).build(), new Payload(str));
        jWSObject.sign(new RSASSASigner((RSAKey) jwk));
        return jWSObject.serialize(true);
    }

    private static boolean verifySignature(String str, String str2, RSASSAVerifier rSASSAVerifier) throws JsonLdError, IOException, RdfWriterException, UnsupportedContentException, NoSuchAlgorithmException, ParseException, JOSEException {
        return JWSObject.parse(str2, new Payload(getHash(normalize(str)))).verify(rSASSAVerifier);
    }
}
