package io.mosip.kernel.signature.util;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.json.JsonMapper;
import com.fasterxml.jackson.module.afterburner.AfterburnerModule;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import io.mosip.kernel.core.logger.spi.Logger;
import io.mosip.kernel.core.util.CryptoUtil;
import io.mosip.kernel.core.util.DateUtils;
import io.mosip.kernel.core.util.HMACUtils2;
import io.mosip.kernel.keymanagerservice.logger.KeymanagerLogger;
import io.mosip.kernel.signature.constant.SignatureConstant;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.time.ZoneId;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Objects;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.codec.digest.DigestUtils;

/* loaded from: input_file:io/mosip/kernel/signature/util/SignatureUtil.class */
public class SignatureUtil {
    private static final Logger LOGGER = KeymanagerLogger.getLogger(SignatureUtil.class);
    private static ObjectMapper mapper = JsonMapper.builder().addModule(new AfterburnerModule()).build();

    public static boolean isDataValid(String str) {
        return (str == null || str.trim().isEmpty()) ? false : true;
    }

    public static boolean isJsonValid(String str) {
        try {
            mapper.readTree(str);
            return true;
        } catch (IOException e) {
            LOGGER.error(SignatureConstant.SESSIONID, SignatureConstant.JWT_SIGN, "", "Provided JSON Data to sign value is invalid.");
            return false;
        }
    }

    public static boolean isIncludeAttrsValid(Boolean bool) {
        return Objects.isNull(bool) ? SignatureConstant.DEFAULT_INCLUDES.booleanValue() : bool.booleanValue();
    }

    /* JADX WARN: Type inference failed for: r0v6, types: [java.time.ZonedDateTime] */
    public static boolean isCertificateDatesValid(X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity(Date.from(DateUtils.getUTCCurrentDateTime().atZone(ZoneId.systemDefault()).toInstant()));
            return true;
        } catch (CertificateExpiredException | CertificateNotYetValidException e) {
            LOGGER.warn(SignatureConstant.SESSIONID, SignatureConstant.JWT_SIGN, "", "Warning thrown when certificate dates are not valid.");
            try {
                x509Certificate.checkValidity();
                return true;
            } catch (CertificateExpiredException | CertificateNotYetValidException e2) {
                LOGGER.warn(SignatureConstant.SESSIONID, SignatureConstant.JWT_SIGN, "", "Warning thrown when certificate dates are not valid.");
                return false;
            }
        }
    }

    public static JWSHeader getJWSHeader(String str, boolean z, boolean z2, boolean z3, String str2, X509Certificate x509Certificate, String str3, boolean z4) {
        JWSAlgorithm jWSAlgorithm;
        boolean z5 = -1;
        switch (str.hashCode()) {
            case 76404080:
                if (str.equals(SignatureConstant.JWS_PS256_SIGN_ALGO_CONST)) {
                    z5 = true;
                    break;
                }
                break;
            case 78251122:
                if (str.equals(SignatureConstant.JWS_RS256_SIGN_ALGO_CONST)) {
                    z5 = false;
                    break;
                }
                break;
        }
        switch (z5) {
            case false:
                jWSAlgorithm = JWSAlgorithm.RS256;
                break;
            case SignatureConstant.PSS_PARAM_TF /* 1 */:
                jWSAlgorithm = JWSAlgorithm.PS256;
                break;
            default:
                jWSAlgorithm = JWSAlgorithm.PS256;
                break;
        }
        JWSHeader.Builder builder = new JWSHeader.Builder(jWSAlgorithm);
        if (!z) {
            builder = builder.base64URLEncodePayload(false).criticalParams(Collections.singleton(SignatureConstant.B64));
        }
        if (z2) {
            try {
                Base64 encode = Base64.encode(x509Certificate.getEncoded());
                ArrayList arrayList = new ArrayList();
                arrayList.add(encode);
                builder = builder.x509CertChain(arrayList);
            } catch (CertificateEncodingException e) {
                LOGGER.warn(SignatureConstant.SESSIONID, SignatureConstant.JWS_SIGN, "", "Warning thrown when certificate not able to parse while adding to jws header.");
            }
        }
        if (z3) {
            try {
                builder = builder.x509CertSHA256Thumbprint(Base64URL.encode(DigestUtils.sha256(x509Certificate.getEncoded())));
            } catch (CertificateEncodingException e2) {
                LOGGER.warn(SignatureConstant.SESSIONID, SignatureConstant.JWS_SIGN, "", "Warning thrown when certificate not able to parse while adding to jws header.");
            }
        }
        if (Objects.nonNull(str2)) {
            try {
                builder.x509CertURL(new URI(str2));
            } catch (URISyntaxException e3) {
                LOGGER.warn(SignatureConstant.SESSIONID, SignatureConstant.JWS_SIGN, "", "Warning thrown when certificate URI not able to parse while adding to jws header.");
            }
        }
        String convertHexToBase64 = convertHexToBase64(str3);
        if (z4 && Objects.nonNull(convertHexToBase64)) {
            builder.keyID(convertHexToBase64);
        }
        return builder.build();
    }

    public static byte[] buildSignData(JWSHeader jWSHeader, byte[] bArr) {
        byte[] bytes = jWSHeader.toBase64URL().toString().getBytes(StandardCharsets.UTF_8);
        byte[] bArr2 = new byte[bytes.length + bArr.length + 1];
        System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
        bArr2[bytes.length] = 46;
        System.arraycopy(bArr, 0, bArr2, bytes.length + 1, bArr.length);
        return bArr2;
    }

    public static String convertHexToBase64(String str) {
        try {
            return CryptoUtil.encodeToURLSafeBase64(HMACUtils2.generateHash(Hex.decodeHex(str)));
        } catch (NoSuchAlgorithmException | DecoderException e) {
            LOGGER.warn(SignatureConstant.SESSIONID, SignatureConstant.JWS_SIGN, "", "Warning thrown when converting hex data to base64 encoded data.");
            return null;
        }
    }
}
