package org.jboss.resteasy.security.signing;

import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.jboss.resteasy.util.DateUtil;
import org.jboss.resteasy.util.Hex;
import org.jboss.resteasy.util.ParameterParser;

/* loaded from: input_file:org/jboss/resteasy/security/signing/ContentSignature.class */
public class ContentSignature {
    public static final String CONTENT_SIGNATURE = "Content-Signature";
    public static final String TIMESTAMP = "timestamp";
    public static final String SIGNER = "signer";
    public static final String EXPIRATION = "expiration";
    public static final String ALGORITHM = "algorithm";
    public static final String SIGNATURE = "signature";
    public static final String SIGNATURE_REFS = "signature-refs";
    public static final String VALUES = "values";
    public static final String HEADERS = "headers";
    public static final String ID = "id";
    public static String DEFAULT_SIGNER = "DEFAULT_SIGNER";
    public static final String SHA256WITH_RSA = "SHA256withRSA";
    public static String DEFAULT_ALGORITHM = SHA256WITH_RSA;
    protected PrivateKey privateKey;
    protected Map<String, String> attributes;
    protected List<String> displayedAttributes;
    protected List<String> values;
    protected List<String> headers;
    protected List<String> signatureRefs;
    protected String keyAlias;
    protected byte[] signature;

    public ContentSignature() {
        this.attributes = new HashMap();
        this.displayedAttributes = new ArrayList();
        this.values = new ArrayList();
        this.headers = new ArrayList();
        this.signatureRefs = new ArrayList();
    }

    public ContentSignature(Map<String, String> map) {
        this.attributes = new HashMap();
        this.displayedAttributes = new ArrayList();
        this.values = new ArrayList();
        this.headers = new ArrayList();
        this.signatureRefs = new ArrayList();
        this.attributes = map;
        extractAttributes();
    }

    public ContentSignature(String str) {
        this.attributes = new HashMap();
        this.displayedAttributes = new ArrayList();
        this.values = new ArrayList();
        this.headers = new ArrayList();
        this.signatureRefs = new ArrayList();
        ParameterParser parameterParser = new ParameterParser();
        parameterParser.setLowerCaseNames(true);
        this.attributes = parameterParser.parse(str, ';');
        extractAttributes();
    }

    protected void extractAttributes() {
        String str = this.attributes.get(VALUES);
        if (str != null) {
            this.values = Arrays.asList(str.split(":"));
        }
        String str2 = this.attributes.get(HEADERS);
        if (str2 != null) {
            this.headers = Arrays.asList(str2.split(":"));
        }
        String str3 = this.attributes.get(SIGNATURE_REFS);
        if (str3 != null) {
            this.signatureRefs = Arrays.asList(str3.split(":"));
        }
        String str4 = this.attributes.get(SIGNATURE);
        if (str4 != null) {
            this.signature = Hex.decodeHex(str4);
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        boolean z = true;
        if (this.values.size() > 0) {
            if (1 == 0) {
                stringBuffer.append(";");
            } else {
                z = false;
            }
            stringBuffer.append("values=");
            boolean z2 = true;
            for (String str : this.values) {
                if (z2) {
                    z2 = false;
                } else {
                    stringBuffer.append(":");
                }
                stringBuffer.append(str);
            }
        }
        if (this.headers.size() > 0) {
            if (z) {
                z = false;
            } else {
                stringBuffer.append(";");
            }
            stringBuffer.append("headers=");
            boolean z3 = true;
            for (String str2 : this.headers) {
                if (z3) {
                    z3 = false;
                } else {
                    stringBuffer.append(":");
                }
                stringBuffer.append(str2);
            }
        }
        if (this.signatureRefs.size() > 0) {
            if (z) {
                z = false;
            } else {
                stringBuffer.append(";");
            }
            stringBuffer.append("signature-refs=");
            boolean z4 = true;
            for (String str3 : this.signatureRefs) {
                if (z4) {
                    z4 = false;
                } else {
                    stringBuffer.append(":");
                }
                stringBuffer.append(str3);
            }
        }
        for (String str4 : this.displayedAttributes) {
            String str5 = this.attributes.get(str4);
            if (z) {
                z = false;
            } else {
                stringBuffer.append(";");
            }
            stringBuffer.append(str4).append("=");
            boolean z5 = str5.indexOf(44) > -1 || str5.indexOf(59) > -1;
            if (z5) {
                stringBuffer.append("\"");
            }
            stringBuffer.append(str5);
            if (z5) {
                stringBuffer.append("\"");
            }
        }
        if (this.signature != null) {
            if (!z) {
                stringBuffer.append(";");
            }
            stringBuffer.append("signature=").append(Hex.encodeHex(this.signature));
        }
        return stringBuffer.toString();
    }

    public String getKeyAlias() {
        return this.keyAlias;
    }

    public void setKeyAlias(String str) {
        this.keyAlias = str;
    }

    public void addSignatureRef(ContentSignatures contentSignatures, String str) {
        if (contentSignatures.getFirstBy(ID, str) == null) {
            throw new RuntimeException("ContentSignatures does not contain id, " + str);
        }
        this.signatureRefs.add(str);
    }

    public void addHeader(String str) {
        this.headers.add(str);
    }

    public void setAttribute(String str, String str2, boolean z, boolean z2) {
        this.attributes.put(str, str2);
        if (z) {
            this.values.add(str);
        }
        if (z2) {
            this.displayedAttributes.add(str);
        }
    }

    public void setAlgorithm(String str, boolean z, boolean z2) {
        setAttribute(ALGORITHM, str, z, z2);
    }

    public void setTimestamp(String str) {
        setAttribute(TIMESTAMP, str, true, true);
    }

    public void setTimestamp() {
        setAttribute(TIMESTAMP, DateUtil.formatDate(new Date()), true, true);
    }

    public void setSigner(String str, boolean z, boolean z2) {
        setAttribute(SIGNER, str, z, z2);
    }

    public void setId(String str, boolean z) {
        setAttribute(ID, str, z, true);
    }

    public void setExpiration(Date date) {
        setAttribute(EXPIRATION, DateUtil.formatDate(date), true, true);
    }

    public void setExpiration(int i, int i2, int i3, int i4, int i5, int i6) {
        Calendar calendar = Calendar.getInstance();
        if (i > 0) {
            calendar.add(13, i);
        }
        if (i2 > 0) {
            calendar.add(12, i2);
        }
        if (i3 > 0) {
            calendar.add(10, i3);
        }
        if (i4 > 0) {
            calendar.add(5, i4);
        }
        if (i5 > 0) {
            calendar.add(2, i5);
        }
        if (i6 > 0) {
            calendar.add(1, i6);
        }
        setExpiration(calendar.getTime());
    }

    public boolean isExpired() {
        String str = this.attributes.get(EXPIRATION);
        return str != null && DateUtil.parseDate(str).getTime() < new Date().getTime();
    }

    public boolean isStale(int i, int i2, int i3, int i4, int i5, int i6) {
        String str = this.attributes.get(TIMESTAMP);
        if (str == null) {
            return false;
        }
        Date parseDate = DateUtil.parseDate(str);
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(parseDate);
        if (i > 0) {
            calendar.add(13, i);
        }
        if (i2 > 0) {
            calendar.add(12, i2);
        }
        if (i3 > 0) {
            calendar.add(10, i3);
        }
        if (i4 > 0) {
            calendar.add(5, i4);
        }
        if (i5 > 0) {
            calendar.add(2, i5);
        }
        if (i6 > 0) {
            calendar.add(1, i6);
        }
        return new Date().getTime() > calendar.getTime().getTime();
    }

    public String getId() {
        return this.attributes.get(ID);
    }

    public String getSigner() {
        return this.attributes.get(SIGNER);
    }

    public String getAlgorithm() {
        return this.attributes.get(ALGORITHM);
    }

    public Map<String, String> getAttributes() {
        return this.attributes;
    }

    public String getHexSignature() {
        return this.attributes.get(SIGNATURE);
    }

    public void setHexSignature(String str) {
        setAttribute(SIGNATURE, str, false, true);
    }

    public byte[] getSignature() {
        return this.signature;
    }

    public void setSignature(byte[] bArr) {
        this.signature = bArr;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    public void sign(Map map, byte[] bArr, ContentSignatures contentSignatures, PrivateKey privateKey) throws SignatureException {
        PrivateKey privateKey2 = this.privateKey == null ? privateKey : this.privateKey;
        if (privateKey2 == null) {
            throw new SignatureException("private key is null, cannot sign");
        }
        String algorithm = getAlgorithm();
        if (algorithm == null) {
            algorithm = DEFAULT_ALGORITHM;
        }
        try {
            Signature signature = Signature.getInstance(algorithm);
            signature.initSign(privateKey2);
            Iterator<String> it = this.values.iterator();
            while (it.hasNext()) {
                String str = getAttributes().get(it.next());
                if (str == null) {
                    throw new SignatureException("Unable to find attribute " + str + " to sign header");
                }
                signature.update(str.getBytes());
            }
            Iterator<String> it2 = this.headers.iterator();
            while (it2.hasNext()) {
                updateSignatureWithHeader(map, signature, it2.next());
            }
            for (String str2 : this.signatureRefs) {
                if (contentSignatures == null) {
                    throw new SignatureException("ContentSignatures was null so could not look up signature-ref: " + str2);
                }
                ContentSignature firstBy = contentSignatures.getFirstBy(ID, str2);
                if (firstBy == null) {
                    throw new SignatureException("Could not find ContentSignature with id " + str2 + " to add as signature-ref");
                }
                if (firstBy.getHexSignature() == null) {
                    throw new SignatureException("Referenced signature " + str2 + " is not signed.  Order your signatures correctly.");
                }
                signature.update(firstBy.getHexSignature().getBytes());
            }
            signature.update(bArr);
            setSignature(signature.sign());
        } catch (Exception e) {
            throw new SignatureException(e);
        }
    }

    private void updateSignatureWithHeader(Map map, Signature signature, String str) throws SignatureException {
        Object obj = map.get(str);
        if (obj == null) {
            throw new SignatureException("Unable to find header " + str + " to sign header with");
        }
        if (!(obj instanceof List)) {
            signature.update(obj.toString().getBytes());
            return;
        }
        Iterator it = ((List) obj).iterator();
        while (it.hasNext()) {
            signature.update(it.next().toString().getBytes());
        }
    }

    public boolean verify(Map map, byte[] bArr, PublicKey publicKey) throws SignatureException {
        return verify(map, bArr, null, publicKey, null, null);
    }

    public boolean verify(Map map, byte[] bArr, ContentSignatures contentSignatures, PublicKey publicKey, String str, Map<String, String> map2) throws SignatureException {
        String algorithm = getAlgorithm();
        if (algorithm == null) {
            algorithm = str == null ? DEFAULT_ALGORITHM : str;
        }
        try {
            Signature signature = Signature.getInstance(algorithm);
            signature.initVerify(publicKey);
            for (String str2 : this.values) {
                String str3 = getAttributes().get(str2);
                if (str3 == null && map2 != null) {
                    str3 = map2.get(str2);
                }
                if (str3 == null) {
                    throw new SignatureException("Could not find attribute value for " + str2 + " within signature.");
                }
                signature.update(str3.getBytes());
            }
            Iterator<String> it = this.headers.iterator();
            while (it.hasNext()) {
                updateSignatureWithHeader(map, signature, it.next());
            }
            for (String str4 : this.signatureRefs) {
                if (contentSignatures == null) {
                    throw new SignatureException("ContentSignatures was null so could not look up signature-ref: " + str4);
                }
                ContentSignature firstBy = contentSignatures.getFirstBy(ID, str4);
                if (firstBy == null) {
                    throw new SignatureException("Could not find ContentSignature with id " + str4 + " to add as signature-ref");
                }
                if (firstBy.getHexSignature() == null) {
                    throw new SignatureException("Signature attribute was null for signature-ref " + str4);
                }
                signature.update(firstBy.getHexSignature().getBytes());
            }
            signature.update(bArr);
            return signature.verify(getSignature());
        } catch (Exception e) {
            throw new SignatureException(e);
        }
    }
}
