package org.bdware.irp.crypto;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.ECDHDecrypter;
import com.nimbusds.jose.crypto.ECDHEncrypter;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.ECDSAVerifier;
import com.nimbusds.jose.crypto.RSADecrypter;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.KeyType;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.text.ParseException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:org/bdware/irp/crypto/CertUtils.class */
public class CertUtils {
    static Logger logger = LogManager.getLogger(CertUtils.class);

    public static String Sign(byte[] bArr, JWK jwk) throws Exception {
        RSASSASigner eCDSASigner;
        JWSObject jWSObject;
        if (jwk.getKeyType() == KeyType.RSA) {
            eCDSASigner = new RSASSASigner(jwk.toRSAKey());
            jWSObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(jwk.getKeyID()).build(), new Payload(bArr));
        } else {
            if (jwk.getKeyType() != KeyType.EC) {
                logger.error("unsupported Algorithm");
                throw new NoSuchAlgorithmException("unsupported Algorithm");
            }
            eCDSASigner = new ECDSASigner(jwk.toECKey());
            jWSObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.ES256).keyID(jwk.getKeyID()).build(), new Payload(bArr));
        }
        jWSObject.sign(eCDSASigner);
        return jWSObject.serialize(true);
    }

    public static boolean verify(byte[] bArr, String str, JWK jwk) throws Exception {
        RSASSAVerifier eCDSAVerifier;
        JWSObject parse = JWSObject.parse(str, new Payload(bArr));
        if (jwk.getKeyType() == KeyType.RSA) {
            eCDSAVerifier = new RSASSAVerifier(jwk.toRSAKey().toRSAPublicKey());
        } else {
            if (jwk.getKeyType() != KeyType.EC) {
                logger.error("unsupported Algorithm");
                return false;
            }
            eCDSAVerifier = new ECDSAVerifier(jwk.toECKey().toECPublicKey());
        }
        return parse.verify(eCDSAVerifier);
    }

    public static byte[] encrypt(byte[] bArr, JWK jwk) throws JOSEException {
        JWEObject jWEObject;
        logger.debug("===do encryption");
        EncryptionMethod encryptionMethod = EncryptionMethod.A256GCM;
        if (jwk.getKeyType() == KeyType.RSA) {
            jWEObject = new JWEObject(new JWEHeader(JWEAlgorithm.RSA_OAEP_256, encryptionMethod), new Payload(bArr));
            jWEObject.encrypt(new RSAEncrypter(jwk.toRSAKey().toRSAPublicKey()));
        } else {
            if (jwk.getKeyType() != KeyType.EC) {
                throw new JOSEException("only support RSA or EC key");
            }
            jWEObject = new JWEObject(new JWEHeader(JWEAlgorithm.ECDH_ES, encryptionMethod), new Payload(bArr));
            jWEObject.encrypt(new ECDHEncrypter(jwk.toECKey().toECPublicKey()));
        }
        return jWEObject.serialize().getBytes();
    }

    public static byte[] decrypt(byte[] bArr, JWK jwk) throws ParseException, JOSEException {
        logger.debug("===do decryption");
        JWEObject parse = JWEObject.parse(new String(bArr));
        if (jwk.getKeyType() == KeyType.RSA) {
            parse.decrypt(new RSADecrypter(jwk.toRSAKey().toRSAPrivateKey()));
        } else {
            if (jwk.getKeyType() != KeyType.EC) {
                throw new JOSEException("only support RSA or EC key");
            }
            parse.decrypt(new ECDHDecrypter(jwk.toECKey().toECPrivateKey()));
        }
        return parse.getPayload().toBytes();
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
