package com.worklight.core.auth.impl;

import com.ibm.json.java.JSONObject;
import com.worklight.core.auth.impl.JWSAuthenticationValidationException;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/worklight/core/auth/impl/DevicePublicKeyJWS.class */
public class DevicePublicKeyJWS {
    private static final String ALG = "alg";
    private static final String JPK = "jpk";
    private static final String MOD = "mod";
    private static final String EXP = "exp";
    private static final String RSA = "RSA";
    private JWSParts jwsParts;
    private PublicKey publicKey = null;
    private KeyFactory rsaFactory;

    public DevicePublicKeyJWS(String str) throws JWSAuthenticationValidationException {
        this.jwsParts = null;
        this.rsaFactory = null;
        try {
            this.rsaFactory = KeyFactory.getInstance(RSA);
            this.jwsParts = new JWSParts(str);
            validate();
        } catch (UnsupportedEncodingException e) {
            throw new JWSAuthenticationValidationException(JWSAuthenticationValidationException.JWSAuthValidationExceptionCode.UNSUPPORTED_ENCODING, e);
        } catch (IOException e2) {
            throw new JWSAuthenticationValidationException(JWSAuthenticationValidationException.JWSAuthValidationExceptionCode.INVALID_JSON, e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new RuntimeException(e3);
        }
    }

    private boolean validate() throws JWSAuthenticationValidationException {
        try {
            JSONObject jSONObject = this.jwsParts.header;
            if (jSONObject.get(ALG) == null || jSONObject.get(JPK) == null) {
                throw new JWSAuthenticationValidationException(JWSAuthenticationValidationException.JWSAuthValidationExceptionCode.MALFORMED_HEADER);
            }
            if (!(jSONObject.get(JPK) instanceof JSONObject)) {
                throw new JWSAuthenticationValidationException(JWSAuthenticationValidationException.JWSAuthValidationExceptionCode.MALFORMED_HEADER);
            }
            JSONObject jSONObject2 = (JSONObject) jSONObject.get(JPK);
            if (jSONObject2.get(ALG) == null || jSONObject2.get(MOD) == null || jSONObject2.get(EXP) == null) {
                throw new JWSAuthenticationValidationException(JWSAuthenticationValidationException.JWSAuthValidationExceptionCode.MALFORMED_HEADER);
            }
            if (!RSA.equals(jSONObject2.get(ALG))) {
                throw new JWSAuthenticationValidationException(JWSAuthenticationValidationException.JWSAuthValidationExceptionCode.UNSUPPORTED_ALGORITHM);
            }
            this.publicKey = this.rsaFactory.generatePublic(new RSAPublicKeySpec(new BigInteger(new Base64(true).decode((String) jSONObject2.get(MOD))), new BigInteger(new Base64(true).decode((String) jSONObject2.get(EXP)))));
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(this.publicKey);
            signature.update((this.jwsParts.header64 + "." + this.jwsParts.payload64).getBytes("UTF-8"));
            return signature.verify(this.jwsParts.signature);
        } catch (UnsupportedEncodingException e) {
            throw new JWSAuthenticationValidationException(JWSAuthenticationValidationException.JWSAuthValidationExceptionCode.UNSUPPORTED_ENCODING, e);
        } catch (ClassCastException e2) {
            throw new JWSAuthenticationValidationException(JWSAuthenticationValidationException.JWSAuthValidationExceptionCode.MALFORMED_HEADER, e2);
        } catch (InvalidKeyException e3) {
            throw new JWSAuthenticationValidationException(JWSAuthenticationValidationException.JWSAuthValidationExceptionCode.INVALID_KEY, e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new RuntimeException(e4);
        } catch (SignatureException e5) {
            throw new RuntimeException(e5);
        } catch (InvalidKeySpecException e6) {
            throw new RuntimeException(e6);
        }
    }

    public JWSParts getJwsParts() {
        return this.jwsParts;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }
}
