package com.auth0.jwt.algorithms;

import com.auth0.jwt.exceptions.SignatureGenerationException;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.ECDSAKeyProvider;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.util.Base64;
import org.apache.tools.tar.TarConstants;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class ECDSAAlgorithm extends Algorithm {
    private final CryptoHelper crypto;
    private final int ecNumberSize;
    private final ECDSAKeyProvider keyProvider;

    ECDSAAlgorithm(CryptoHelper cryptoHelper, String str, String str2, int i, ECDSAKeyProvider eCDSAKeyProvider) throws IllegalArgumentException {
        super(str, str2);
        if (eCDSAKeyProvider == null) {
            throw new IllegalArgumentException("The Key Provider cannot be null.");
        }
        this.keyProvider = eCDSAKeyProvider;
        this.crypto = cryptoHelper;
        this.ecNumberSize = i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ECDSAAlgorithm(String str, String str2, int i, ECDSAKeyProvider eCDSAKeyProvider) throws IllegalArgumentException {
        this(new CryptoHelper(), str, str2, i, eCDSAKeyProvider);
    }

    private int countPadding(byte[] bArr, int i, int i2) {
        int i3;
        int i4 = 0;
        while (true) {
            i3 = i + i4;
            if (i3 >= i2 || bArr[i3] != 0) {
                break;
            }
            i4++;
        }
        return (bArr[i3] & 255) > 127 ? i4 - 1 : i4;
    }

    private boolean isAllZeros(byte[] bArr) {
        for (byte b : bArr) {
            if (b != 0) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ECDSAKeyProvider providerForKeys(final ECPublicKey eCPublicKey, final ECPrivateKey eCPrivateKey) {
        if (eCPublicKey == null && eCPrivateKey == null) {
            throw new IllegalArgumentException("Both provided Keys cannot be null.");
        }
        return new ECDSAKeyProvider() { // from class: com.auth0.jwt.algorithms.ECDSAAlgorithm.1
            @Override // com.auth0.jwt.interfaces.KeyProvider
            public ECPrivateKey getPrivateKey() {
                return eCPrivateKey;
            }

            @Override // com.auth0.jwt.interfaces.KeyProvider
            public String getPrivateKeyId() {
                return null;
            }

            @Override // com.auth0.jwt.interfaces.KeyProvider
            public ECPublicKey getPublicKeyById(String str) {
                return eCPublicKey;
            }
        };
    }

    byte[] DERToJOSE(byte[] bArr) throws SignatureException {
        if (bArr[0] == 48) {
            int length = bArr.length;
            int i = this.ecNumberSize;
            if (length != i * 2) {
                byte[] bArr2 = new byte[i * 2];
                int i2 = bArr[1] == -127 ? 2 : 1;
                if ((bArr[i2] & 255) != bArr.length - (i2 + 1)) {
                    throw new SignatureException("Invalid DER signature format.");
                }
                int i3 = i2 + 2;
                int i4 = i2 + 3;
                int i5 = bArr[i3];
                if (i5 > i + 1) {
                    throw new SignatureException("Invalid DER signature format.");
                }
                int i6 = i - i5;
                System.arraycopy(bArr, Math.max(-i6, 0) + i4, bArr2, Math.max(i6, 0), Math.min(i6, 0) + i5);
                int i7 = i4 + i5 + 1;
                int i8 = i7 + 1;
                byte b = bArr[i7];
                int i9 = this.ecNumberSize;
                if (b > i9 + 1) {
                    throw new SignatureException("Invalid DER signature format.");
                }
                int i10 = i9 - b;
                System.arraycopy(bArr, i8 + Math.max(-i10, 0), bArr2, this.ecNumberSize + Math.max(i10, 0), b + Math.min(i10, 0));
                return bArr2;
            }
        }
        throw new SignatureException("Invalid DER signature format.");
    }

    byte[] JOSEToDER(byte[] bArr) throws SignatureException {
        byte[] bArr2;
        int i;
        int countPadding = countPadding(bArr, 0, this.ecNumberSize);
        int countPadding2 = countPadding(bArr, this.ecNumberSize, bArr.length);
        int i2 = this.ecNumberSize;
        int i3 = i2 - countPadding;
        int i4 = i2 - countPadding2;
        int i5 = i3 + 4 + i4;
        int i6 = 1;
        if (i5 > 127) {
            bArr2 = new byte[i5 + 3];
            bArr2[1] = -127;
            i6 = 2;
        } else {
            bArr2 = new byte[i5 + 2];
        }
        bArr2[0] = TarConstants.LF_NORMAL;
        bArr2[i6] = (byte) (i5 & 255);
        bArr2[i6 + 1] = 2;
        int i7 = i6 + 3;
        bArr2[i6 + 2] = (byte) i3;
        if (countPadding < 0) {
            int i8 = i6 + 4;
            bArr2[i7] = 0;
            System.arraycopy(bArr, 0, bArr2, i8, i2);
            i = i8 + this.ecNumberSize;
        } else {
            int min = Math.min(i2, i3);
            System.arraycopy(bArr, countPadding, bArr2, i7, min);
            i = i7 + min;
        }
        bArr2[i] = 2;
        int i9 = i + 2;
        bArr2[i + 1] = (byte) i4;
        if (countPadding2 < 0) {
            bArr2[i9] = 0;
            int i10 = this.ecNumberSize;
            System.arraycopy(bArr, i10, bArr2, i + 3, i10);
        } else {
            int i11 = this.ecNumberSize;
            System.arraycopy(bArr, countPadding2 + i11, bArr2, i9, Math.min(i11, i4));
        }
        return bArr2;
    }

    @Override // com.auth0.jwt.algorithms.Algorithm
    public String getSigningKeyId() {
        return this.keyProvider.getPrivateKeyId();
    }

    @Override // com.auth0.jwt.algorithms.Algorithm
    public byte[] sign(byte[] bArr) throws SignatureGenerationException {
        try {
            ECPrivateKey privateKey = this.keyProvider.getPrivateKey();
            if (privateKey != null) {
                return DERToJOSE(this.crypto.createSignatureFor(getDescription(), privateKey, bArr));
            }
            throw new IllegalStateException("The given Private Key is null.");
        } catch (IllegalStateException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new SignatureGenerationException(this, e);
        }
    }

    @Override // com.auth0.jwt.algorithms.Algorithm
    public byte[] sign(byte[] bArr, byte[] bArr2) throws SignatureGenerationException {
        try {
            ECPrivateKey privateKey = this.keyProvider.getPrivateKey();
            if (privateKey != null) {
                return DERToJOSE(this.crypto.createSignatureFor(getDescription(), privateKey, bArr, bArr2));
            }
            throw new IllegalStateException("The given Private Key is null.");
        } catch (IllegalStateException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new SignatureGenerationException(this, e);
        }
    }

    void validateSignatureStructure(byte[] bArr, ECPublicKey eCPublicKey) throws SignatureException {
        if (bArr.length != this.ecNumberSize * 2) {
            throw new SignatureException("Invalid JOSE signature format.");
        }
        if (isAllZeros(bArr)) {
            throw new SignatureException("Invalid signature format.");
        }
        int i = this.ecNumberSize;
        byte[] bArr2 = new byte[i];
        System.arraycopy(bArr, 0, bArr2, 0, i);
        if (isAllZeros(bArr2)) {
            throw new SignatureException("Invalid signature format.");
        }
        int i2 = this.ecNumberSize;
        byte[] bArr3 = new byte[i2];
        System.arraycopy(bArr, i2, bArr3, 0, i2);
        if (isAllZeros(bArr3)) {
            throw new SignatureException("Invalid signature format.");
        }
        int countPadding = countPadding(bArr, 0, this.ecNumberSize);
        int countPadding2 = countPadding(bArr, this.ecNumberSize, bArr.length);
        int i3 = this.ecNumberSize;
        if ((i3 - countPadding) + 4 + (i3 - countPadding2) > 255) {
            throw new SignatureException("Invalid JOSE signature format.");
        }
        BigInteger order = eCPublicKey.getParams().getOrder();
        BigInteger bigInteger = new BigInteger(1, bArr2);
        BigInteger bigInteger2 = new BigInteger(1, bArr3);
        if (order.compareTo(bigInteger) < 1) {
            throw new SignatureException("Invalid signature format.");
        }
        if (order.compareTo(bigInteger2) < 1) {
            throw new SignatureException("Invalid signature format.");
        }
    }

    @Override // com.auth0.jwt.algorithms.Algorithm
    public void verify(DecodedJWT decodedJWT) throws SignatureVerificationException {
        Base64.Decoder urlDecoder;
        byte[] decode;
        try {
            urlDecoder = Base64.getUrlDecoder();
            decode = urlDecoder.decode(decodedJWT.getSignature());
            ECPublicKey publicKeyById = this.keyProvider.getPublicKeyById(decodedJWT.getKeyId());
            if (publicKeyById == null) {
                throw new IllegalStateException("The given Public Key is null.");
            }
            validateSignatureStructure(decode, publicKeyById);
            if (!this.crypto.verifySignatureFor(getDescription(), publicKeyById, decodedJWT.getHeader(), decodedJWT.getPayload(), JOSEToDER(decode))) {
                throw new SignatureVerificationException(this);
            }
        } catch (IllegalArgumentException | IllegalStateException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new SignatureVerificationException(this, e);
        }
    }
}
