package org.jfrog.security.crypto.signing.jws;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory;
import com.nimbusds.jose.util.Base64URL;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.util.Arrays;
import java.util.List;
import org.jfrog.security.crypto.exception.CryptoRuntimeException;
import org.jfrog.security.crypto.signing.gpg.PGPKeyParser;
import org.jfrog.security.crypto.signing.gpg.WrappedPrivateKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jfrog/security/crypto/signing/jws/JwsImpl.class */
public class JwsImpl implements Jws {
    private static final Logger log = LoggerFactory.getLogger(JwsImpl.class);

    @Override // org.jfrog.security.crypto.signing.jws.Jws
    public String createJwsSignature(byte[] bArr, byte[] bArr2, String str) {
        try {
            Payload payload = new Payload(bArr);
            WrappedPrivateKey privateKeyParse = PGPKeyParser.privateKeyParse(bArr2, str);
            return initAndSignJwsObject(payload, privateKeyParse, privateKeyParse.getPrivateKey(), privateKeyParse.getKid()).serialize();
        } catch (Exception e) {
            log.error("Error Creating JWS " + e.getMessage());
            throw new CryptoRuntimeException(e);
        }
    }

    private JWSObject initAndSignJwsObject(Payload payload, WrappedPrivateKey wrappedPrivateKey, PrivateKey privateKey, String str) throws JOSEException {
        JWSHeader build;
        RSASSASigner eCDSASigner;
        String algorithmName = wrappedPrivateKey.getAlgorithmName();
        if ("RSA".equals(algorithmName)) {
            build = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(str).build();
            eCDSASigner = new RSASSASigner(privateKey);
        } else {
            build = new JWSHeader.Builder(JWSAlgorithm.parse(algorithmName)).keyID(str).build();
            eCDSASigner = new ECDSASigner((ECPrivateKey) privateKey);
        }
        JWSObject jWSObject = new JWSObject(build, payload);
        jWSObject.sign(eCDSASigner);
        return jWSObject;
    }

    @Override // org.jfrog.security.crypto.signing.jws.Jws
    public boolean verifyJwsSignature(byte[] bArr, String str) {
        try {
            DefaultJWSVerifierFactory defaultJWSVerifierFactory = new DefaultJWSVerifierFactory();
            PublicKey publicKeyParse = PGPKeyParser.publicKeyParse(bArr);
            List<Base64URL> sigParts = getSigParts(str);
            JWSObject jWSObject = new JWSObject(sigParts.get(0), sigParts.get(1), sigParts.get(2));
            return jWSObject.verify(defaultJWSVerifierFactory.createJWSVerifier(jWSObject.getHeader(), publicKeyParse));
        } catch (Exception e) {
            log.error("Error Verifying JWS " + e.getMessage());
            throw new CryptoRuntimeException(e);
        }
    }

    private static List<Base64URL> getSigParts(String str) {
        String[] split = str.split("\\.");
        return Arrays.asList(new Base64URL(split[0]), new Base64URL(split[1]), new Base64URL(split[2]));
    }
}
