package ch.admin.bj.swiyu.didtoolbox;

import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.ECDSAVerifier;
import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileWriter;
import java.io.IOException;
import java.io.StringWriter;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.attribute.PosixFileAttributeView;
import java.nio.file.attribute.PosixFilePermissions;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemObjectGenerator;

/* loaded from: input_file:ch/admin/bj/swiyu/didtoolbox/JwkUtils.class */
public class JwkUtils {
    private JwkUtils() {
    }

    public static String loadECPublicJWKasJSON(File file, String str) throws IOException, InvalidKeySpecException {
        if (!file.isFile() || !file.exists()) {
            throw new FileNotFoundException(String.format("The file '%s' doesn't exist.", file.getAbsolutePath()));
        }
        try {
            return new ECKey.Builder(Curve.P_256, (ECPublicKey) PemUtils.getPublicKey(PemUtils.parsePEMFile(file), "EC")).keyID(str).build().toPublicJWK().toJSONString();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public static String loadECPublicJWKasJSON(KeyStore keyStore, String str, String str2) throws KeyStoreException {
        return new ECKey.Builder(Curve.P_256, (ECPublicKey) keyStore.getCertificate(str).getPublicKey()).keyID(str2).build().toPublicJWK().toJSONString();
    }

    public static String generatePublicEC256(String str, File file, boolean z) throws IOException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", BouncyCastleProviderSingleton.getInstance());
            keyPairGenerator.initialize(256);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            StringWriter stringWriter = new StringWriter();
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            try {
                jcaPEMWriter.writeObject(generateKeyPair);
                jcaPEMWriter.close();
                String stringWriter2 = stringWriter.toString();
                StringWriter stringWriter3 = new StringWriter();
                jcaPEMWriter = new JcaPEMWriter(stringWriter3);
                try {
                    jcaPEMWriter.writeObject(generateKeyPair.getPublic());
                    jcaPEMWriter.close();
                    try {
                        ECKey eCKey = JWK.parseFromPEMEncodedObjects(stringWriter3.toString()).toECKey();
                        JsonObject asJsonObject = JsonParser.parseString(eCKey.toJSONString()).getAsJsonObject();
                        asJsonObject.addProperty("kid", str);
                        if (file != null) {
                            if (file.exists() && !z) {
                                throw new IOException("The PEM file(s) exist(s) already and will remain intact until overwrite mode is engaged: " + file.getPath());
                            }
                            BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(file));
                            try {
                                bufferedWriter.write(stringWriter2);
                                bufferedWriter.flush();
                                bufferedWriter.close();
                                exportEcPublicKeyToPem(eCKey, file);
                                PosixFileAttributeView posixFileAttributeView = (PosixFileAttributeView) Files.getFileAttributeView(file.toPath(), PosixFileAttributeView.class, new LinkOption[0]);
                                if (System.getProperty("os.name").toLowerCase().contains("win") || posixFileAttributeView == null) {
                                    file.setReadable(true, true);
                                    file.setWritable(true, true);
                                } else {
                                    Files.setPosixFilePermissions(file.toPath(), PosixFilePermissions.fromString("rw-------"));
                                }
                            } catch (Throwable th) {
                                bufferedWriter.close();
                                throw th;
                            }
                        }
                        return asJsonObject.toString();
                    } catch (JOSEException e) {
                        throw new RuntimeException(e);
                    }
                } finally {
                }
            } finally {
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    private static void exportEcPublicKeyToPem(ECKey eCKey, File file) throws IOException {
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new FileWriter(file.getPath() + ".pub"));
        try {
            try {
                jcaPEMWriter.writeObject((PemObjectGenerator) new PemObject(PEMParser.TYPE_PUBLIC_KEY, eCKey.toPublicKey().getEncoded()));
                jcaPEMWriter.flush();
                ecPemSanityCheck(new File(file.getPath()), new File(file.getPath() + ".pub"));
                jcaPEMWriter.close();
            } catch (JOSEException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | InvalidKeySpecException | InvalidParameterSpecException e) {
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            jcaPEMWriter.close();
            throw th;
        }
    }

    static void ecPemSanityCheck(File file, File file2) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, InvalidParameterSpecException, NoSuchProviderException, JOSEException {
        ECPrivateKey eCPrivateKey = (ECPrivateKey) JWK.parseFromPEMEncodedObjects(Files.readString(file.toPath())).toECKey().toPrivateKey();
        ECPublicKey eCPublicKey = (ECPublicKey) PemUtils.getPublicKey(PemUtils.parsePEMFile(file2), "EC");
        JWSObject jWSObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.ES256).build(), new Payload("hello world"));
        jWSObject.sign(new ECDSASigner(eCPrivateKey));
        if (!jWSObject.verify(new ECDSAVerifier(eCPublicKey)) || !"hello world".equals(jWSObject.getPayload().toString())) {
            throw new RuntimeException("exported key do not match");
        }
    }
}
