package com.worklight.core.auth.impl;

import com.ibm.json.java.JSONObject;
import com.worklight.core.auth.impl.JWSAuthenticationValidationException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/worklight/core/auth/impl/DeviceCertificateJWS.class */
public class DeviceCertificateJWS {
    private static final String ALG = "alg";
    private static final Object X5C = "x5c";
    private JWSParts jwsParts;
    private X509Certificate x509Certificate = null;

    public DeviceCertificateJWS(String str) throws JWSAuthenticationValidationException {
        this.jwsParts = null;
        try {
            this.jwsParts = new JWSParts(str);
            validate();
        } catch (UnsupportedEncodingException e) {
            throw new JWSAuthenticationValidationException(JWSAuthenticationValidationException.JWSAuthValidationExceptionCode.UNSUPPORTED_ENCODING, e);
        } catch (IOException e2) {
            throw new JWSAuthenticationValidationException(JWSAuthenticationValidationException.JWSAuthValidationExceptionCode.INVALID_JSON, e2);
        }
    }

    private boolean validate() throws JWSAuthenticationValidationException {
        try {
            JSONObject jSONObject = this.jwsParts.header;
            if (jSONObject.get(ALG) == null || jSONObject.get(X5C) == null) {
                throw new JWSAuthenticationValidationException(JWSAuthenticationValidationException.JWSAuthValidationExceptionCode.MALFORMED_HEADER);
            }
            this.x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(new Base64(true).decode(((String) jSONObject.get(X5C)).getBytes())));
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(this.x509Certificate);
            signature.update((this.jwsParts.header64 + "." + this.jwsParts.payload64).getBytes("UTF-8"));
            return signature.verify(this.jwsParts.signature);
        } catch (UnsupportedEncodingException e) {
            throw new JWSAuthenticationValidationException(JWSAuthenticationValidationException.JWSAuthValidationExceptionCode.UNSUPPORTED_ENCODING, e);
        } catch (ClassCastException e2) {
            throw new JWSAuthenticationValidationException(JWSAuthenticationValidationException.JWSAuthValidationExceptionCode.MALFORMED_HEADER, e2);
        } catch (InvalidKeyException e3) {
            throw new JWSAuthenticationValidationException(JWSAuthenticationValidationException.JWSAuthValidationExceptionCode.INVALID_KEY, e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new RuntimeException(e4);
        } catch (SignatureException e5) {
            throw new RuntimeException(e5);
        } catch (CertificateException e6) {
            throw new JWSAuthenticationValidationException(JWSAuthenticationValidationException.JWSAuthValidationExceptionCode.INVALID_CERTIFICATE, e6);
        }
    }

    public JWSParts getJwsParts() {
        return this.jwsParts;
    }

    public X509Certificate getX509Certificate() {
        return this.x509Certificate;
    }
}
