package org.apache.cxf.rs.security.jose.jws;

import java.util.Collections;
import java.util.logging.Logger;
import org.apache.batik.util.XMLConstants;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
import org.apache.cxf.rs.security.jose.common.JoseConstants;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jws.JwsException;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-310-11.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-rs-security-jose-3.1.5.redhat-630310-11.jar:org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.class */
public class JwsJsonSignatureEntry {
    protected static final Logger LOG = LogUtils.getL7dLogger(JwsJsonSignatureEntry.class);
    private String jwsPayload;
    private String encodedProtectedHeader;
    private String encodedSignature;
    private JwsHeaders protectedHeader;
    private JwsHeaders unprotectedHeader;
    private JwsHeaders unionHeaders;
    private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter();

    public JwsJsonSignatureEntry(String str, String str2, String str3, JwsHeaders jwsHeaders) {
        if ((str2 == null && jwsHeaders == null) || str3 == null) {
            LOG.warning("Invalid Signature entry");
            throw new JwsException(JwsException.Error.INVALID_JSON_JWS);
        }
        this.jwsPayload = str;
        this.encodedProtectedHeader = str2;
        this.encodedSignature = str3;
        this.unprotectedHeader = jwsHeaders;
        if (str2 != null) {
            this.protectedHeader = new JwsHeaders(this.writer.fromJson(JoseUtils.decodeToString(str2)));
        }
        prepare();
    }

    private void prepare() {
        this.unionHeaders = new JwsHeaders();
        if (this.protectedHeader != null) {
            this.unionHeaders.asMap().putAll(this.protectedHeader.asMap());
        }
        if (this.unprotectedHeader != null) {
            if (Collections.disjoint(this.unionHeaders.asMap().keySet(), this.unprotectedHeader.asMap().keySet())) {
                this.unionHeaders.asMap().putAll(this.unprotectedHeader.asMap());
            } else {
                LOG.warning("Protected and unprotected headers have duplicate values");
                throw new JwsException(JwsException.Error.INVALID_JSON_JWS);
            }
        }
    }

    public String getJwsPayload() {
        return this.jwsPayload;
    }

    public String getDecodedJwsPayload() {
        return (this.protectedHeader == null || !JwsUtils.isPayloadUnencoded(this.protectedHeader)) ? JoseUtils.decodeToString(this.jwsPayload) : this.jwsPayload;
    }

    public byte[] getDecodedJwsPayloadBytes() {
        return StringUtils.toBytesUTF8(getDecodedJwsPayload());
    }

    public String getEncodedProtectedHeader() {
        return this.encodedProtectedHeader;
    }

    public JwsHeaders getProtectedHeader() {
        return this.protectedHeader;
    }

    public JwsHeaders getUnprotectedHeader() {
        return this.unprotectedHeader;
    }

    public JwsHeaders getUnionHeader() {
        return this.unionHeaders;
    }

    public String getEncodedSignature() {
        return this.encodedSignature;
    }

    public byte[] getDecodedSignature() {
        return JoseUtils.decode(getEncodedSignature());
    }

    public String getUnsignedSequence() {
        return getEncodedProtectedHeader() != null ? getEncodedProtectedHeader() + "." + getJwsPayload() : "." + getJwsPayload();
    }

    public String getKeyId() {
        return getUnionHeader().getKeyId();
    }

    public boolean verifySignatureWith(JwsSignatureVerifier jwsSignatureVerifier) {
        try {
            if (jwsSignatureVerifier.verify(getUnionHeader(), getUnsignedSequence(), getDecodedSignature())) {
                return true;
            }
        } catch (JwsException e) {
        }
        LOG.warning("Invalid Signature Entry");
        return false;
    }

    public boolean verifySignatureWith(JsonWebKey jsonWebKey) {
        return verifySignatureWith(JwsUtils.getSignatureVerifier(jsonWebKey));
    }

    public boolean validateCriticalHeaders() {
        if (getUnprotectedHeader().getHeader(JoseConstants.HEADER_CRITICAL) != null) {
            return false;
        }
        return JwsUtils.validateCriticalHeaders(getUnionHeader());
    }

    public String toJson() {
        return toJson(false);
    }

    public String toJson(boolean z) {
        StringBuilder sb = new StringBuilder();
        if (!z) {
            sb.append("{");
        }
        if (this.protectedHeader != null) {
            sb.append("\"protected\":\"" + Base64UrlUtility.encode(this.writer.toJson(this.protectedHeader)) + XMLConstants.XML_DOUBLE_QUOTE);
        }
        if (this.unprotectedHeader != null) {
            if (this.protectedHeader != null) {
                sb.append(",");
            }
            sb.append("\"header\":" + this.writer.toJson(this.unprotectedHeader));
        }
        sb.append(",");
        sb.append("\"signature\":\"" + this.encodedSignature + XMLConstants.XML_DOUBLE_QUOTE);
        if (!z) {
            sb.append("}");
        }
        return sb.toString();
    }
}
