package org.jboss.resteasy.security.doseta;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.ws.rs.core.MultivaluedMap;
import org.codehaus.plexus.util.SelectorUtils;
import org.jboss.resteasy.security.SigningAlgorithm;
import org.jboss.resteasy.security.doseta.i18n.Messages;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.jboss.resteasy.util.Base64;
import org.jboss.resteasy.util.ParameterParser;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/layers/base/org/jboss/resteasy/resteasy-crypto/main/resteasy-crypto-3.0.19.Final.jar:org/jboss/resteasy/security/doseta/DKIMSignature.class */
public class DKIMSignature {
    public static final String DKIM_SIGNATURE = "DKIM-Signature";
    public static final String TIMESTAMP = "t";
    public static final String DOMAIN = "d";
    public static final String EXPIRATION = "x";
    public static final String ALGORITHM = "a";
    public static final String SIGNATURE = "b";
    public static final String HEADERS = "h";
    public static final String IDENTITY = "i";
    public static final String VERSION = "v";
    public static final String BODY_HASH = "bh";
    public static final String CANONICALIZATION = "c";
    public static final String QUERY = "q";
    public static final String SELECTOR = "s";
    public static final String LENGTH = "l";
    public static final String SHA256WITH_RSA = "SHA256withRSA";
    protected PrivateKey privateKey;
    protected Map<String, String> attributes;
    protected List<String> headers;
    protected byte[] signature;
    protected String headerValue;
    protected boolean bodyHashRequired;
    public static String DEFAULT_SIGNER = "DEFAULT_SIGNER";
    public static String DEFAULT_ALGORITHM = "SHA256withRSA";

    public DKIMSignature() {
        this.attributes = new LinkedHashMap();
        this.headers = new ArrayList();
        this.bodyHashRequired = true;
    }

    public DKIMSignature(Map<String, String> map) {
        this.attributes = new LinkedHashMap();
        this.headers = new ArrayList();
        this.bodyHashRequired = true;
        this.attributes = map;
        extractAttributes();
    }

    public DKIMSignature(String str) {
        this.attributes = new LinkedHashMap();
        this.headers = new ArrayList();
        this.bodyHashRequired = true;
        this.headerValue = str;
        this.attributes = new ParameterParser().parse(str, ';');
        extractAttributes();
    }

    protected void extractAttributes() {
        String str = this.attributes.get("h");
        if (str != null) {
            this.headers = Arrays.asList(str.split(":"));
        }
        String str2 = this.attributes.get("b");
        if (str2 != null) {
            try {
                this.signature = Base64.decode(str2);
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }

    public List<String> getHeaderList() {
        return this.headers;
    }

    public String toString() {
        return this.headerValue;
    }

    public boolean isBodyHashRequired() {
        return this.bodyHashRequired;
    }

    public void setBodyHashRequired(boolean z) {
        this.bodyHashRequired = z;
    }

    public void addHeader(String str) {
        this.headers.add(str);
    }

    public void setAttribute(String str, String str2) {
        if (str2 == null) {
            this.attributes.remove(str);
        }
        this.attributes.put(str, str2);
    }

    public void setAlgorithm(String str) {
        setAttribute("a", str);
    }

    public void setTimestamp(String str) {
        setAttribute("t", str);
    }

    public void setTimestamp() {
        setAttribute("t", (new Date().getTime() / 1000) + "");
    }

    public void setSelector(String str) {
        setAttribute("s", str);
    }

    public String getSelector() {
        return this.attributes.get("s");
    }

    public String getQuery() {
        return this.attributes.get("q");
    }

    public void setQuery(String str) {
        setAttribute("q", str);
    }

    public void setDomain(String str) {
        setAttribute("d", str);
    }

    public String getDomain() {
        return this.attributes.get("d");
    }

    public void setId(String str) {
        setAttribute("i", str);
    }

    public void setExpiration(Date date) {
        setAttribute("x", (date.getTime() / 1000) + "");
    }

    public void setExpiration(int i, int i2, int i3, int i4, int i5, int i6) {
        Calendar calendar = Calendar.getInstance();
        if (i > 0) {
            calendar.add(13, i);
        }
        if (i2 > 0) {
            calendar.add(12, i2);
        }
        if (i3 > 0) {
            calendar.add(10, i3);
        }
        if (i4 > 0) {
            calendar.add(5, i4);
        }
        if (i5 > 0) {
            calendar.add(2, i5);
        }
        if (i6 > 0) {
            calendar.add(1, i6);
        }
        setExpiration(calendar.getTime());
    }

    public boolean isExpired() {
        String str = this.attributes.get("x");
        return str != null && Long.parseLong(str) * 1000 < new Date().getTime();
    }

    public boolean isStale(int i, int i2, int i3, int i4, int i5, int i6) {
        String str = this.attributes.get("t");
        if (str == null) {
            return true;
        }
        Date date = new Date(Long.parseLong(str) * 1000);
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        if (i > 0) {
            calendar.add(13, i);
        }
        if (i2 > 0) {
            calendar.add(12, i2);
        }
        if (i3 > 0) {
            calendar.add(10, i3);
        }
        if (i4 > 0) {
            calendar.add(5, i4);
        }
        if (i5 > 0) {
            calendar.add(2, i5);
        }
        if (i6 > 0) {
            calendar.add(1, i6);
        }
        return new Date().getTime() > calendar.getTime().getTime();
    }

    public String getId() {
        return this.attributes.get("i");
    }

    public String getAlgorithm() {
        return this.attributes.get("a");
    }

    public Map<String, String> getAttributes() {
        return this.attributes;
    }

    public String getBased64Signature() {
        return this.attributes.get("b");
    }

    public void setBase64Signature(String str) {
        setAttribute("b", str);
    }

    public byte[] getSignature() {
        return this.signature;
    }

    public void setSignature(byte[] bArr) {
        this.signature = bArr;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    public void sign(Map map, byte[] bArr, PrivateKey privateKey) throws SignatureException {
        PrivateKey privateKey2 = this.privateKey == null ? privateKey : this.privateKey;
        if (privateKey2 == null) {
            throw new SignatureException(Messages.MESSAGES.privateKeyIsNull());
        }
        this.attributes.put("v", "1");
        this.attributes.put("a", SigningAlgorithm.SHA256withRSA.getRfcNotation());
        this.attributes.put("c", "simple/simple");
        String javaSecNotation = SigningAlgorithm.SHA256withRSA.getJavaSecNotation();
        String javaHashNotation = SigningAlgorithm.SHA256withRSA.getJavaHashNotation();
        try {
            Signature signature = Signature.getInstance(javaSecNotation);
            signature.initSign(privateKey2);
            if (this.headers.size() > 0) {
                StringBuffer stringBuffer = new StringBuffer();
                for (int i = 0; i < this.headers.size(); i++) {
                    String str = this.headers.get(i);
                    if (i > 0) {
                        stringBuffer.append(":");
                    }
                    stringBuffer.append(str);
                }
                this.attributes.put("h", stringBuffer.toString());
                updateSignatureWithHeader(map, signature);
            }
            if (bArr != null && this.bodyHashRequired) {
                this.attributes.put(BODY_HASH, calculateEncodedHash(bArr, javaHashNotation));
            }
            StringBuffer stringBuffer2 = new StringBuffer();
            boolean z = true;
            for (Map.Entry<String, String> entry : this.attributes.entrySet()) {
                if (z) {
                    z = false;
                } else {
                    stringBuffer2.append(";");
                }
                stringBuffer2.append(entry.getKey()).append("=").append(entry.getValue());
            }
            if (!z) {
                stringBuffer2.append(";");
            }
            stringBuffer2.append("b=");
            String stringBuffer3 = stringBuffer2.toString();
            signature.update(stringBuffer3.getBytes());
            byte[] sign = signature.sign();
            setSignature(sign);
            this.headerValue = stringBuffer3 + Base64.encodeBytes(sign);
        } catch (Exception e) {
            throw new SignatureException(e);
        }
    }

    private String calculateEncodedHash(byte[] bArr, String str) throws SignatureException {
        return Base64.encodeBytes(hash(bArr, str));
    }

    private byte[] hash(byte[] bArr, String str) throws SignatureException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            int length = bArr.length;
            if (this.attributes.containsKey(LENGTH)) {
                length = Integer.parseInt(this.attributes.get(LENGTH));
            }
            messageDigest.update(bArr, 0, length);
            return messageDigest.digest();
        } catch (Exception e) {
            throw new SignatureException(e);
        }
    }

    private MultivaluedMap<String, String> updateSignatureWithHeader(Map map, Signature signature) throws SignatureException {
        MultivaluedMapImpl multivaluedMapImpl = new MultivaluedMapImpl();
        List<String> list = this.headers;
        HashMap hashMap = new HashMap();
        for (String str : list) {
            int intValue = hashMap.containsKey(str) ? ((Integer) hashMap.get(str)).intValue() + 1 : 0;
            hashMap.put(str, Integer.valueOf(intValue));
            Object obj = map.get(str);
            if (obj == null) {
                throw new SignatureException(Messages.MESSAGES.unableToFindHeader(str, intValue > 0 ? SelectorUtils.PATTERN_HANDLER_PREFIX + intValue + SelectorUtils.PATTERN_HANDLER_SUFFIX : ""));
            }
            if (obj instanceof List) {
                List list2 = (List) obj;
                int size = (list2.size() - 1) - intValue;
                if (size < 0) {
                    throw new SignatureException(Messages.MESSAGES.unableToFindHeader(str, intValue > 0 ? SelectorUtils.PATTERN_HANDLER_PREFIX + intValue + SelectorUtils.PATTERN_HANDLER_SUFFIX : ""));
                }
                obj = list2.get(size);
            } else if (intValue > 0) {
                throw new SignatureException(Messages.MESSAGES.unableToFindHeader(str, intValue > 0 ? SelectorUtils.PATTERN_HANDLER_PREFIX + intValue + SelectorUtils.PATTERN_HANDLER_SUFFIX : ""));
            }
            signature.update((str + ":" + obj.toString() + "\r\n").getBytes());
            multivaluedMapImpl.add(str, obj.toString());
        }
        return multivaluedMapImpl;
    }

    public MultivaluedMap<String, String> verify(Map map, byte[] bArr, PublicKey publicKey) throws SignatureException {
        return verify(true, map, bArr, publicKey);
    }

    public MultivaluedMap<String, String> verify(boolean z, Map map, byte[] bArr, PublicKey publicKey) throws SignatureException {
        if (publicKey == null) {
            throw new SignatureException(Messages.MESSAGES.noKeyToVerifyWith());
        }
        String algorithm = getAlgorithm();
        if (algorithm == null || !SigningAlgorithm.SHA256withRSA.getRfcNotation().toLowerCase().equals(algorithm.toLowerCase())) {
            throw new SignatureException(Messages.MESSAGES.unsupportedAlgorithm(algorithm));
        }
        try {
            Signature signature = Signature.getInstance(SigningAlgorithm.SHA256withRSA.getJavaSecNotation());
            signature.initVerify(publicKey);
            String str = this.attributes.get(BODY_HASH);
            if (str != null) {
                try {
                    if (!Arrays.equals(hash(bArr, SigningAlgorithm.SHA256withRSA.getJavaHashNotation()), Base64.decode(str))) {
                        throw new SignatureException(Messages.MESSAGES.bodyHashesDoNotMatch());
                    }
                } catch (IOException e) {
                    throw new SignatureException(Messages.MESSAGES.failedToParseBodyHash(), e);
                }
            } else if (bArr != null && z) {
                throw new SignatureException(Messages.MESSAGES.thereWasNoBodyHash());
            }
            MultivaluedMap<String, String> updateSignatureWithHeader = updateSignatureWithHeader(map, signature);
            signature.update(new ParameterParser().setAttribute(this.headerValue.toCharArray(), 0, this.headerValue.length(), ';', "b", "").getBytes());
            if (signature.verify(getSignature())) {
                return updateSignatureWithHeader;
            }
            throw new SignatureException(Messages.MESSAGES.failedToVerifySignature());
        } catch (Exception e2) {
            throw new SignatureException(e2);
        }
    }
}
