package cn.com.agree.cipher.jwt;

import cn.com.agree.cipher.exception.JWTException;
import cn.com.agree.cipher.jwe.AAD;
import cn.com.agree.cipher.sm2.SM2KeyPair;
import cn.com.agree.cipher.sm2.SM2Util;
import cn.com.agree.cipher.sm3.SM3Util;
import cn.com.agree.cipher.sm4.SM4Util;
import cn.com.agree.cipher.utils.Util;
import io.jsonwebtoken.Header;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.impl.io.InstanceLocator;
import io.jsonwebtoken.io.Decoder;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.io.DeserializationException;
import io.jsonwebtoken.io.Deserializer;
import io.jsonwebtoken.io.Encoder;
import io.jsonwebtoken.io.Encoders;
import io.jsonwebtoken.io.SerializationException;
import io.jsonwebtoken.io.Serializer;
import io.jsonwebtoken.lang.Assert;
import io.jsonwebtoken.lang.Classes;
import io.jsonwebtoken.lang.Strings;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.bouncycastle.pqc.math.linearalgebra.ByteUtils;

/* loaded from: input_file:cn/com/agree/cipher/jwt/JWT.class */
public class JWT {
    public static String signJWT(String str, String str2, Map<String, Object> map) throws IOException {
        HashMap hashMap = new HashMap();
        hashMap.put(JwsHeader.ALGORITHM, "SM2");
        hashMap.put(Header.TYPE, Header.JWT_TYPE);
        hashMap.put(JwsHeader.KEY_ID, str);
        Encoder<byte[], String> encoder = Encoders.BASE64URL;
        String base64UrlEncode = base64UrlEncode(hashMap, "Unable to serialize header to json.", encoder);
        if (map == null) {
            map = new HashMap();
        }
        String str3 = base64UrlEncode + '.' + encoder.encode(toJson(map));
        return str3 + '.' + SM2Util.sign(str3, str2);
    }

    public static Map<String, ?> checkJWT(String str, String str2) throws JWTException {
        StringBuilder sb = new StringBuilder(128);
        int i = 0;
        String str3 = null;
        String str4 = null;
        for (char c : str.toCharArray()) {
            if (c == '.') {
                CharSequence clean = Strings.clean(sb);
                String charSequence = clean != null ? clean.toString() : null;
                if (i == 0) {
                    str3 = charSequence;
                } else if (i == 1) {
                    str4 = charSequence;
                }
                i++;
                sb.setLength(0);
            } else {
                sb.append(c);
            }
        }
        if (i != 2) {
            throw new MalformedJwtException("JWT strings must contain exactly 2 period characters. Found: " + i);
        }
        String sb2 = sb.length() > 0 ? sb.toString() : null;
        if (str3 == null) {
            throw new MalformedJwtException("JWT string '" + str + "' is missing a header.");
        }
        if (str4 == null) {
            throw new MalformedJwtException("JWT string '" + str + "' is missing a playload.");
        }
        if (sb2 == null) {
            throw new MalformedJwtException("JWT string '" + str + "' is missing a signature.");
        }
        try {
            if (SM2Util.checkSign(str3 + '.' + str4, sb2, str2)) {
                return readValue(new String(Decoders.BASE64URL.decode(str4)));
            }
            return null;
        } catch (IOException e) {
            throw new JWTException("fail to check jwt", e);
        }
    }

    public static String signJWS(String str, String str2, String str3) throws IOException {
        HashMap hashMap = new HashMap();
        hashMap.put(JwsHeader.ALGORITHM, "SM2");
        hashMap.put(Header.TYPE, Header.JWT_TYPE);
        hashMap.put(JwsHeader.KEY_ID, str);
        Encoder<byte[], String> encoder = Encoders.BASE64URL;
        String base64UrlEncode = base64UrlEncode(hashMap, "Unable to serialize header to json.", encoder);
        String str4 = base64UrlEncode + '.' + encoder.encode(toJson(new HashMap()));
        return str4 + '.' + ((str3 == null || str3.equals("")) ? encoder.encode(SM2Util.sign(str4, str2).getBytes(Strings.UTF_8)) : encoder.encode(SM2Util.sign(new String((base64UrlEncode + '.' + str3).getBytes(Strings.UTF_8), Strings.UTF_8), str2).getBytes(Strings.UTF_8)));
    }

    public static boolean checkJWS(String str, String str2, String str3) throws JWTException {
        String str4;
        Decoder<String, byte[]> decoder = Decoders.BASE64URL;
        StringBuilder sb = new StringBuilder(128);
        int i = 0;
        String str5 = null;
        String str6 = null;
        for (char c : str.toCharArray()) {
            if (c == '.') {
                CharSequence clean = Strings.clean(sb);
                String charSequence = clean != null ? clean.toString() : null;
                if (i == 0) {
                    str5 = charSequence;
                } else if (i == 1) {
                    str6 = charSequence;
                }
                i++;
                sb.setLength(0);
            } else {
                sb.append(c);
            }
        }
        if (i != 2) {
            throw new MalformedJwtException("JWT strings must contain exactly 2 period characters. Found: " + i);
        }
        String sb2 = sb.length() > 0 ? sb.toString() : null;
        if (str5 == null) {
            throw new MalformedJwtException("JWT string '" + str + "' is missing a header.");
        }
        if (str6 == null) {
            throw new MalformedJwtException("JWT string '" + str + "' is missing a playload.");
        }
        if (sb2 == null) {
            throw new MalformedJwtException("JWT string '" + str + "' is missing a signature.");
        }
        if (str3 != null) {
            try {
                if (!str3.equals("")) {
                    str4 = new String((str5 + '.' + str3).getBytes(Strings.UTF_8), Strings.UTF_8);
                    return SM2Util.checkSign(str4, new String(decoder.decode(sb2), Strings.UTF_8), str2);
                }
            } catch (IOException e) {
                throw new JWTException("fail to check JWS", e);
            }
        }
        str4 = new String((str5 + '.' + str6).getBytes(Strings.UTF_8), Strings.UTF_8);
        return SM2Util.checkSign(str4, new String(decoder.decode(sb2), Strings.UTF_8), str2);
    }

    public static Map<String, ?> getJWSHeader(String str) {
        StringBuilder sb = new StringBuilder(128);
        String str2 = null;
        char[] charArray = str.toCharArray();
        int length = charArray.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            char c = charArray[i];
            if (c == '.') {
                CharSequence clean = Strings.clean(sb);
                str2 = clean != null ? clean.toString() : null;
            } else {
                sb.append(c);
                i++;
            }
        }
        if (str2 == null) {
            throw new MalformedJwtException("JWT string '" + str + "' is missing a header.");
        }
        return readValue(new String(Decoders.BASE64URL.decode(str2)));
    }

    /* JADX WARN: Type inference failed for: r0v43, types: [byte[], byte[][]] */
    public static String signJWE(String str, String str2, String str3) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, InvalidKeyException {
        Encoder<byte[], String> encoder = Encoders.BASE64URL;
        HashMap hashMap = new HashMap();
        hashMap.put(JwsHeader.ALGORITHM, "SM2");
        hashMap.put(Header.TYPE, Header.JWT_TYPE);
        hashMap.put(JwsHeader.KEY_ID, str);
        hashMap.put("enc", SM4Util.ALGORITHM_NAME);
        String base64UrlEncode = base64UrlEncode(hashMap, "Unable to serialize header to json.", encoder);
        String byteToHex = Util.byteToHex(SM4Util.generateKey());
        String byteToHex2 = Util.byteToHex(SM4Util.generateKey());
        String encode = encoder.encode(SM2Util.encrypt(byteToHex2 + byteToHex, str2).getBytes(Strings.UTF_8));
        String byteToHex3 = Util.byteToHex(SM4Util.generateSM4IV(128));
        String encode2 = encoder.encode(byteToHex3.getBytes(Strings.UTF_8));
        String byteToHex4 = Util.byteToHex(SM4Util.encrypt_Cbc_Padding(Util.hexStringToBytes(byteToHex), Util.hexStringToBytes(byteToHex3), str3.getBytes(Strings.UTF_8)));
        String encode3 = encoder.encode(byteToHex4.getBytes(Strings.UTF_8));
        byte[] compute = AAD.compute(base64UrlEncode);
        return base64UrlEncode + '.' + encode + '.' + encode2 + '.' + encode3 + '.' + encoder.encode(ByteUtils.subArray(SM3Util.hmacAsBytes(Util.concatenate(new byte[]{compute, Util.hexToByte(byteToHex3), Util.hexToByte(byteToHex4), AAD.computeLength(compute)}), Util.hexToByte(byteToHex2)), 0, 16));
    }

    /* JADX WARN: Type inference failed for: r0v43, types: [byte[], byte[][]] */
    public static String decryptJWE(String str, String str2) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidAlgorithmParameterException, UnsupportedEncodingException {
        StringBuilder sb = new StringBuilder(128);
        int i = 0;
        String str3 = null;
        String str4 = null;
        String str5 = null;
        String str6 = null;
        for (char c : str.toCharArray()) {
            if (c == '.') {
                CharSequence clean = Strings.clean(sb);
                String charSequence = clean != null ? clean.toString() : null;
                if (i == 0) {
                    str3 = charSequence;
                } else if (i == 1) {
                    str4 = charSequence;
                } else if (i == 2) {
                    str5 = charSequence;
                } else if (i == 3) {
                    str6 = charSequence;
                }
                i++;
                sb.setLength(0);
            } else {
                sb.append(c);
            }
        }
        if (i != 4) {
            throw new MalformedJwtException("JWE strings must contain exactly 4 period characters. Found: " + i);
        }
        String sb2 = sb.length() > 0 ? sb.toString() : null;
        if (str3 == null) {
            throw new MalformedJwtException("JWE string '" + str + "' is missing a header.");
        }
        if (str4 == null) {
            throw new MalformedJwtException("JWE string '" + str + "' is missing a encryptedKey.");
        }
        if (str5 == null) {
            throw new MalformedJwtException("JWE string '" + str + "' is missing a iv.");
        }
        if (str6 == null) {
            throw new MalformedJwtException("JWE string '" + str + "' is missing a ciphertext.");
        }
        if (sb2 == null) {
            throw new MalformedJwtException("JWE string '" + str + "' is missing a tag.");
        }
        Decoder<String, byte[]> decoder = Decoders.BASE64URL;
        Encoder<byte[], String> encoder = Encoders.BASE64URL;
        byte[] hexToByte = Util.hexToByte(SM2Util.decrypt(new String(decoder.decode(str4)), str2));
        if (hexToByte.length != 32) {
            throw new MalformedJwtException("JWE string's encryption key must contain exactly 256 bits.");
        }
        String byteToHex = Util.byteToHex(ByteUtils.subArray(hexToByte, 0, 16));
        String byteToHex2 = Util.byteToHex(ByteUtils.subArray(hexToByte, 16));
        String str7 = new String(decoder.decode(str5));
        String str8 = new String(decoder.decode(str6));
        byte[] compute = AAD.compute(str3);
        if (encoder.encode(ByteUtils.subArray(SM3Util.hmacAsBytes(Util.concatenate(new byte[]{compute, Util.hexToByte(str7), Util.hexToByte(str8), AAD.computeLength(compute)}), Util.hexToByte(byteToHex)), 0, 16)).equals(sb2)) {
            return new String(SM4Util.decrypt_Cbc_Padding(Util.hexStringToBytes(byteToHex2), Util.hexStringToBytes(str7), Util.hexToByte(str8)), Strings.UTF_8);
        }
        throw new MalformedJwtException("JWE tag '" + sb2 + "' is error.");
    }

    public static String sm4Encrypt(String str, String str2, String str3) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, InvalidKeyException {
        return Util.byteToHex(SM4Util.encrypt_Cbc_Padding(Util.hexStringToBytes(str), Util.hexStringToBytes(str2), str3.getBytes(Strings.UTF_8)));
    }

    public static String sm4Decrypt(String str, String str2, String str3) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidAlgorithmParameterException, UnsupportedEncodingException {
        return new String(SM4Util.decrypt_Cbc_Padding(Util.hexStringToBytes(str), Util.hexStringToBytes(str2), Util.hexToByte(str3)), Strings.UTF_8);
    }

    public static String createKey() {
        SM2KeyPair generateKeyPair = SM2Util.generateKeyPair();
        return generateKeyPair.getPrivateKey().toString(16).toUpperCase() + "," + Util.byteToHex(generateKeyPair.getPublicKey().getEncoded(false));
    }

    protected static Map<String, ?> readValue(String str) {
        try {
            return (Map) ((Deserializer) ((InstanceLocator) Classes.newInstance("io.jsonwebtoken.impl.io.RuntimeClasspathDeserializerLocator")).getInstance2()).deserialize(str.getBytes(Strings.UTF_8));
        } catch (DeserializationException e) {
            throw new MalformedJwtException("Unable to read JSON value: " + str, e);
        }
    }

    protected static String base64UrlEncode(Object obj, String str, Encoder<byte[], String> encoder) {
        Assert.isInstanceOf(Map.class, obj, "object argument must be a map.");
        try {
            return encoder.encode(toJson((Map) obj));
        } catch (SerializationException e) {
            throw new IllegalStateException(str, e);
        }
    }

    protected static byte[] toJson(Object obj) throws SerializationException {
        Assert.isInstanceOf(Map.class, obj, "object argument must be a map.");
        return ((Serializer) ((InstanceLocator) Classes.newInstance("io.jsonwebtoken.impl.io.RuntimeClasspathSerializerLocator")).getInstance2()).serialize((Map) obj);
    }

    public static void main(String[] strArr) throws Exception {
        String signJWE = signJWE("kid1", "0446fdfdd70d9a9c3c80fbbbf790abdaa954ce62b3642390923f706acced5b5db0864f6873397b94ab48d1d0bf05bcfa5b4c2e032de4f25556f72e2ed9ebe69bfc", "明文报文体");
        System.out.println("签jwe= " + signJWE);
        System.out.println("解出报文体= " + decryptJWE(signJWE, "f4e08d945183fc9fa6425561e4799efa8facfe0b715cb93c2db8a8142aad6f24"));
    }
}
