package com.auth0.jwt.algorithms;

import com.auth0.jwt.exceptions.SignatureGenerationException;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.ECDSAKeyProvider;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import org.apache.commons.codec.binary.Base64;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:java-jwt-3.8.1.jar:com/auth0/jwt/algorithms/ECDSAAlgorithm.class */
public class ECDSAAlgorithm extends Algorithm {
    private final ECDSAKeyProvider keyProvider;
    private final CryptoHelper crypto;
    private final int ecNumberSize;

    ECDSAAlgorithm(CryptoHelper cryptoHelper, String str, String str2, int i, ECDSAKeyProvider eCDSAKeyProvider) throws IllegalArgumentException {
        super(str, str2);
        if (eCDSAKeyProvider == null) {
            throw new IllegalArgumentException("The Key Provider cannot be null.");
        }
        this.keyProvider = eCDSAKeyProvider;
        this.crypto = cryptoHelper;
        this.ecNumberSize = i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ECDSAAlgorithm(String str, String str2, int i, ECDSAKeyProvider eCDSAKeyProvider) throws IllegalArgumentException {
        this(new CryptoHelper(), str, str2, i, eCDSAKeyProvider);
    }

    @Override // com.auth0.jwt.algorithms.Algorithm
    public void verify(DecodedJWT decodedJWT) throws SignatureVerificationException {
        byte[] decodeBase64 = Base64.decodeBase64(decodedJWT.getSignature());
        try {
            ECPublicKey publicKeyById = this.keyProvider.getPublicKeyById(decodedJWT.getKeyId());
            if (publicKeyById == null) {
                throw new IllegalStateException("The given Public Key is null.");
            }
            if (!this.crypto.verifySignatureFor(getDescription(), publicKeyById, decodedJWT.getHeader(), decodedJWT.getPayload(), JOSEToDER(decodeBase64))) {
                throw new SignatureVerificationException(this);
            }
        } catch (IllegalStateException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new SignatureVerificationException(this, e);
        }
    }

    @Override // com.auth0.jwt.algorithms.Algorithm
    public byte[] sign(byte[] bArr, byte[] bArr2) throws SignatureGenerationException {
        try {
            ECPrivateKey privateKey = this.keyProvider.getPrivateKey();
            if (privateKey == null) {
                throw new IllegalStateException("The given Private Key is null.");
            }
            return DERToJOSE(this.crypto.createSignatureFor(getDescription(), privateKey, bArr, bArr2));
        } catch (IllegalStateException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new SignatureGenerationException(this, e);
        }
    }

    @Override // com.auth0.jwt.algorithms.Algorithm
    @Deprecated
    public byte[] sign(byte[] bArr) throws SignatureGenerationException {
        try {
            ECPrivateKey privateKey = this.keyProvider.getPrivateKey();
            if (privateKey == null) {
                throw new IllegalStateException("The given Private Key is null.");
            }
            return DERToJOSE(this.crypto.createSignatureFor(getDescription(), privateKey, bArr));
        } catch (IllegalStateException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new SignatureGenerationException(this, e);
        }
    }

    @Override // com.auth0.jwt.algorithms.Algorithm
    public String getSigningKeyId() {
        return this.keyProvider.getPrivateKeyId();
    }

    byte[] DERToJOSE(byte[] bArr) throws SignatureException {
        if (!(bArr[0] == 48 && bArr.length != this.ecNumberSize * 2)) {
            throw new SignatureException("Invalid DER signature format.");
        }
        byte[] bArr2 = new byte[this.ecNumberSize * 2];
        int i = 1;
        if (bArr[1] == -127) {
            i = 1 + 1;
        }
        int i2 = i;
        int i3 = i + 1;
        if ((bArr[i2] & 255) != bArr.length - i3) {
            throw new SignatureException("Invalid DER signature format.");
        }
        int i4 = i3 + 1;
        int i5 = i4 + 1;
        byte b = bArr[i4];
        if (b > this.ecNumberSize + 1) {
            throw new SignatureException("Invalid DER signature format.");
        }
        int i6 = this.ecNumberSize - b;
        System.arraycopy(bArr, i5 + Math.max(-i6, 0), bArr2, Math.max(i6, 0), b + Math.min(i6, 0));
        int i7 = i5 + b + 1;
        int i8 = i7 + 1;
        byte b2 = bArr[i7];
        if (b2 > this.ecNumberSize + 1) {
            throw new SignatureException("Invalid DER signature format.");
        }
        int i9 = this.ecNumberSize - b2;
        System.arraycopy(bArr, i8 + Math.max(-i9, 0), bArr2, this.ecNumberSize + Math.max(i9, 0), b2 + Math.min(i9, 0));
        return bArr2;
    }

    byte[] JOSEToDER(byte[] bArr) throws SignatureException {
        byte[] bArr2;
        int i;
        int i2;
        if (bArr.length != this.ecNumberSize * 2) {
            throw new SignatureException("Invalid JOSE signature format.");
        }
        int countPadding = countPadding(bArr, 0, this.ecNumberSize);
        int countPadding2 = countPadding(bArr, this.ecNumberSize, bArr.length);
        int i3 = this.ecNumberSize - countPadding;
        int i4 = this.ecNumberSize - countPadding2;
        int i5 = 2 + i3 + 2 + i4;
        if (i5 > 255) {
            throw new SignatureException("Invalid JOSE signature format.");
        }
        if (i5 > 127) {
            bArr2 = new byte[3 + i5];
            bArr2[1] = -127;
            i = 2;
        } else {
            bArr2 = new byte[2 + i5];
            i = 1;
        }
        bArr2[0] = 48;
        int i6 = i;
        int i7 = i + 1;
        bArr2[i6] = (byte) (i5 & 255);
        int i8 = i7 + 1;
        bArr2[i7] = 2;
        int i9 = i8 + 1;
        bArr2[i8] = (byte) i3;
        if (countPadding < 0) {
            int i10 = i9 + 1;
            bArr2[i9] = 0;
            System.arraycopy(bArr, 0, bArr2, i10, this.ecNumberSize);
            i2 = i10 + this.ecNumberSize;
        } else {
            int min = Math.min(this.ecNumberSize, i3);
            System.arraycopy(bArr, countPadding, bArr2, i9, min);
            i2 = i9 + min;
        }
        int i11 = i2;
        int i12 = i2 + 1;
        bArr2[i11] = 2;
        int i13 = i12 + 1;
        bArr2[i12] = (byte) i4;
        if (countPadding2 < 0) {
            bArr2[i13] = 0;
            System.arraycopy(bArr, this.ecNumberSize, bArr2, i13 + 1, this.ecNumberSize);
        } else {
            System.arraycopy(bArr, this.ecNumberSize + countPadding2, bArr2, i13, Math.min(this.ecNumberSize, i4));
        }
        return bArr2;
    }

    private int countPadding(byte[] bArr, int i, int i2) {
        int i3 = 0;
        while (i + i3 < i2 && bArr[i + i3] == 0) {
            i3++;
        }
        return (bArr[i + i3] & 255) > 127 ? i3 - 1 : i3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ECDSAKeyProvider providerForKeys(final ECPublicKey eCPublicKey, final ECPrivateKey eCPrivateKey) {
        if (eCPublicKey == null && eCPrivateKey == null) {
            throw new IllegalArgumentException("Both provided Keys cannot be null.");
        }
        return new ECDSAKeyProvider() { // from class: com.auth0.jwt.algorithms.ECDSAAlgorithm.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.auth0.jwt.interfaces.KeyProvider
            public ECPublicKey getPublicKeyById(String str) {
                return eCPublicKey;
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.auth0.jwt.interfaces.KeyProvider
            public ECPrivateKey getPrivateKey() {
                return eCPrivateKey;
            }

            @Override // com.auth0.jwt.interfaces.KeyProvider
            public String getPrivateKeyId() {
                return null;
            }
        };
    }
}
