package com.android.livefyre.webtoken;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import net.sourceforge.lightcrypto.SafeObject;
import org.json.JSONException;
import org.json.JSONObject;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.eac.CertificateHolderAuthorization;
import org.spongycastle.asn1.sec.SECNamedCurves;
import org.spongycastle.asn1.sec.SECObjectIdentifiers;
import org.spongycastle.asn1.x9.X9ECParameters;
import org.spongycastle.crypto.Digest;
import org.spongycastle.crypto.agreement.ECDHBasicAgreement;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.digests.SHA384Digest;
import org.spongycastle.crypto.digests.SHA512Digest;
import org.spongycastle.crypto.params.ECDomainParameters;
import org.spongycastle.crypto.params.ECPrivateKeyParameters;
import org.spongycastle.crypto.params.ECPublicKeyParameters;
import org.spongycastle.crypto.params.KDFParameters;
import org.spongycastle.crypto.signers.ECDSASigner;
import org.spongycastle.jcajce.provider.asymmetric.ec.ECUtil;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.math.ec.ECCurve;
import org.spongycastle.math.ec.ECPoint;
import org.spongycastle.util.BigIntegers;

/* loaded from: classes.dex */
public class WebToken {
    public static final String ENC_ALG_A128CBC = "A128CBC";
    public static final String ENC_ALG_A128GCM = "A128GCM";
    public static final String ENC_ALG_A128KW = "A128KW";
    public static final String ENC_ALG_A192CBC = "A192CBC";
    public static final String ENC_ALG_A192GCM = "A192GCM";
    public static final String ENC_ALG_A256CBC = "A256CBC";
    public static final String ENC_ALG_A256GCM = "A256GCM";
    public static final String ENC_ALG_A256KW = "A256KW";
    public static final String ENC_ALG_A512CBC = "A512CBC";
    public static final String ENC_ALG_A512GCM = "A512GCM";
    public static final String ENC_ALG_AE128 = "AE128";
    public static final String ENC_ALG_AE192 = "AE192";
    public static final String ENC_ALG_AE256 = "AE256";
    public static final String ENC_ALG_ECDH_ES = "ECDH-ES";
    public static final String ENC_ALG_PE820 = "PE820";
    public static final String ENC_ALG_RE128 = "RE128";
    public static final String ENC_ALG_RE192 = "RE192";
    public static final String ENC_ALG_RE256 = "RE256";
    public static final String ENC_ALG_RSA1_5 = "RSA1_5";
    public static final String ENC_ALG_RSA_OAEP = "RSA-OAEP";
    public static final String SIGN_ALG_ES256 = "ES256";
    public static final String SIGN_ALG_ES383 = "ES384";
    public static final String SIGN_ALG_ES512 = "ES512";
    public static final String SIGN_ALG_HS256 = "HS256";
    public static final String SIGN_ALG_HS383 = "HS384";
    public static final String SIGN_ALG_HS512 = "HS512";
    public static final String SIGN_ALG_RS256 = "RS256";
    public static final String SIGN_ALG_RS383 = "RS384";
    public static final String SIGN_ALG_RS512 = "RS512";
    JSONObject mHeader;
    String mHeaderStr;
    String mJsonStr;
    PrivateKey mPrivateKey = null;

    public WebToken(String str, String str2) throws JSONException {
        this.mJsonStr = null;
        this.mJsonStr = str;
        this.mHeader = new JSONObject(str2);
        this.mHeaderStr = str2;
    }

    public WebToken(String str, JSONObject jSONObject) throws JSONException {
        this.mJsonStr = null;
        this.mJsonStr = str;
        this.mHeader = jSONObject;
        this.mHeaderStr = jSONObject.toString();
    }

    static byte[] aesgcmDecrypt(IvParameterSpec ivParameterSpec, SecretKey secretKey, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", new BouncyCastleProvider());
        cipher.init(2, secretKey, ivParameterSpec);
        return cipher.doFinal(bArr);
    }

    static byte[] aesgcmEncrypt(IvParameterSpec ivParameterSpec, SecretKey secretKey, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", new BouncyCastleProvider());
        cipher.init(1, secretKey, ivParameterSpec);
        return cipher.doFinal(bArr);
    }

    public static String decrypt(String str, String str2) throws Exception {
        String[] split = str.split("\\.");
        String str3 = split[0];
        String str4 = split[1];
        String str5 = split[2];
        if ("PE20".equals(new JSONObject(new String(Base64.decodeUrl(str3))).getString("alg"))) {
        }
        JSONObject jSONObject = new JSONObject(new String(Base64.decodeUrl(str4)));
        byte[] decodeUrl = Base64.decodeUrl(jSONObject.getString("wrp"));
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(Base64.decodeUrl(jSONObject.getString("slt")), 20);
        SecretKey generateSecret = SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(new PBEKeySpec(str2.toCharArray()));
        Cipher cipher = Cipher.getInstance("PBEWithMD5AndDES");
        cipher.init(4, generateSecret, pBEParameterSpec);
        Key unwrap = cipher.unwrap(decodeUrl, "DESede", 3);
        Cipher cipher2 = Cipher.getInstance("DESede");
        cipher2.init(2, unwrap);
        return new String(cipher2.doFinal(Base64.decodeUrl(str5)));
    }

    public static String decrypt(String str, BigInteger bigInteger, BigInteger bigInteger2, BigInteger bigInteger3) throws Exception {
        JSONObject jSONObject = new JSONObject(new String(Base64.decodeUrl(str.split("\\.")[0])));
        String string = jSONObject.getString("alg");
        if (!ENC_ALG_ECDH_ES.equals(string)) {
            throw new NoSuchAlgorithmException("JWT algorithm: " + string);
        }
        String string2 = jSONObject.getString("crv");
        SHA256Digest sHA256Digest = new SHA256Digest();
        ASN1ObjectIdentifier namedCurveOid = ECUtil.getNamedCurveOid(string2);
        if (namedCurveOid == null) {
            throw new NoSuchAlgorithmException("JWT EC curve: " + string);
        }
        X9ECParameters namedCurveByOid = ECUtil.getNamedCurveByOid(namedCurveOid);
        ECCurve curve = namedCurveByOid.getCurve();
        ECPoint createPoint = curve.createPoint(bigInteger, bigInteger2, false);
        ECPoint.Fp fp = new ECPoint.Fp(curve, createPoint.getX(), createPoint.getY());
        ECDomainParameters eCDomainParameters = new ECDomainParameters(curve, namedCurveByOid.getG(), namedCurveByOid.getN(), namedCurveByOid.getH(), namedCurveByOid.getSeed());
        return decrypt(str, new ECPublicKeyParameters(fp, eCDomainParameters), new ECPrivateKeyParameters(bigInteger3, eCDomainParameters), sHA256Digest);
    }

    public static String decrypt(String str, RSAPrivateKey rSAPrivateKey) throws Exception {
        int i;
        SecretKeySpec secretKeySpec;
        String[] split = str.split("\\.");
        String str2 = split[0];
        String str3 = split[1];
        String str4 = split[2];
        JSONObject jSONObject = new JSONObject(new String(Base64.decodeUrl(str2)));
        String str5 = (String) jSONObject.get("enc");
        if (ENC_ALG_A128CBC.equals(str5)) {
            i = 128;
        } else if (ENC_ALG_A192CBC.equals(str5)) {
            i = CertificateHolderAuthorization.CVCA;
        } else if (ENC_ALG_A256CBC.equals(str5)) {
            i = 256;
        } else if (ENC_ALG_A512CBC.equals(str5)) {
            i = 512;
        } else if (ENC_ALG_A128GCM.equals(str5)) {
            i = 128;
        } else if (ENC_ALG_A192GCM.equals(str5)) {
            i = CertificateHolderAuthorization.CVCA;
        } else if (ENC_ALG_A256GCM.equals(str5)) {
            i = 256;
        } else {
            if (!ENC_ALG_A512GCM.equals(str5)) {
                throw new NoSuchAlgorithmException("JWT algorithm: " + str5);
            }
            i = 512;
        }
        byte[] decodeUrl = Base64.decodeUrl(str3);
        String str6 = (String) jSONObject.get("alg");
        if (ENC_ALG_RSA1_5.equals(str6)) {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, rSAPrivateKey);
            byte[] doFinal = cipher.doFinal(decodeUrl);
            if (doFinal.length * 8 != i) {
                throw new Exception("WebToken.decrypt RSA PKCS1Padding symmetric key length mismatch: " + doFinal.length + " != " + i);
            }
            secretKeySpec = new SecretKeySpec(doFinal, "AES");
        } else {
            if (!ENC_ALG_RSA_OAEP.equals(str6)) {
                throw new NoSuchAlgorithmException("RSA decrypt " + str6);
            }
            byte[] decryptRSAOAEP = CryptoUtils.decryptRSAOAEP(decodeUrl, rSAPrivateKey);
            if (decryptRSAOAEP.length * 8 != i) {
                throw new Exception("WebToken.decrypt RSA OAEP symmetric key length mismatch: " + decryptRSAOAEP.length + " != " + i);
            }
            secretKeySpec = new SecretKeySpec(decryptRSAOAEP, "AES");
        }
        if (ENC_ALG_A128CBC.equals(str5) || ENC_ALG_A192CBC.equals(str5) || ENC_ALG_A256CBC.equals(str5) || ENC_ALG_A512CBC.equals(str5)) {
            SafeObject safeObject = new SafeObject();
            safeObject.setText(secretKeySpec.getEncoded());
            return CryptoUtils.decryptAESCBC(new StringBuffer(new String(Base64.decodeUrl(str4))), safeObject).toString();
        }
        if (!ENC_ALG_A128GCM.equals(str5) && !ENC_ALG_A192GCM.equals(str5) && !ENC_ALG_A256GCM.equals(str5) && !ENC_ALG_A512GCM.equals(str5)) {
            throw new NoSuchAlgorithmException("RSA AES decrypt " + str5);
        }
        return new String(aesgcmDecrypt(new IvParameterSpec(Base64.decodeUrl(jSONObject.getString("iv"))), secretKeySpec, Base64.decodeUrl(str4)));
    }

    public static String decrypt(String str, SecretKey secretKey) throws Exception {
        String[] split = str.split("\\.");
        String str2 = split[0];
        String str3 = split[1];
        String str4 = new String(Base64.decodeUrl(str2));
        String algorithm = secretKey.getAlgorithm();
        if (!"AES".equals(algorithm)) {
            throw new NoSuchAlgorithmException("unsupported JWT AES algorithm: " + algorithm);
        }
        JSONObject jSONObject = new JSONObject(str4);
        String str5 = (String) jSONObject.get("alg");
        if (ENC_ALG_AE128.equals(str5) || ENC_ALG_AE192.equals(str5) || ENC_ALG_AE256.equals(str5)) {
            SafeObject safeObject = new SafeObject();
            safeObject.setText(secretKey.getEncoded());
            return CryptoUtils.decryptAESCBC(new StringBuffer(new String(Base64.decodeUrl(str3))), safeObject).toString();
        }
        if (ENC_ALG_A128GCM.equals(str5) || ENC_ALG_A256GCM.equals(str5)) {
            return new String(aesgcmDecrypt(new IvParameterSpec(Base64.decodeUrl(jSONObject.getString("iv"))), secretKey, Base64.decodeUrl(str3)));
        }
        throw new NoSuchAlgorithmException("unsupported keylength JWT AES algorithm: " + str5);
    }

    public static String decrypt(String str, ECPublicKeyParameters eCPublicKeyParameters, ECPrivateKeyParameters eCPrivateKeyParameters, Digest digest) throws Exception {
        String[] split = str.split("\\.");
        String str2 = split[0];
        String str3 = split[2];
        JSONObject jSONObject = new JSONObject(new String(Base64.decodeUrl(str2)));
        String str4 = (String) jSONObject.get("alg");
        if (!ENC_ALG_ECDH_ES.equals(str4)) {
            throw new NoSuchAlgorithmException("JWT algorithm: " + str4);
        }
        ECDHBasicAgreement eCDHBasicAgreement = new ECDHBasicAgreement();
        eCDHBasicAgreement.init(eCPrivateKeyParameters);
        byte[] asUnsignedByteArray = BigIntegers.asUnsignedByteArray(eCDHBasicAgreement.calculateAgreement(eCPublicKeyParameters));
        KDFConcatGenerator kDFConcatGenerator = new KDFConcatGenerator(digest, new byte[]{69, 110, 99, 114, 121, 112, 116, 105, 111, 110});
        kDFConcatGenerator.init(new KDFParameters(asUnsignedByteArray, null));
        byte[] bArr = new byte[32];
        kDFConcatGenerator.generateBytes(bArr, 0, bArr.length);
        return new String(aesgcmDecrypt(new IvParameterSpec(Base64.decodeUrl(jSONObject.getString("iv"))), new SecretKeySpec(bArr, "AES"), Base64.decodeUrl(str3)));
    }

    private String rs2jwt(BigInteger bigInteger, BigInteger bigInteger2) {
        byte[] byteArray = bigInteger.toByteArray();
        byte[] byteArray2 = bigInteger2.toByteArray();
        byte[] bArr = new byte[64];
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = 0;
        }
        if (byteArray.length >= 32) {
            System.arraycopy(byteArray, byteArray.length - 32, bArr, 0, 32);
        } else {
            System.arraycopy(byteArray, 0, bArr, 32 - byteArray.length, byteArray.length);
        }
        if (byteArray2.length >= 32) {
            System.arraycopy(byteArray2, byteArray2.length - 32, bArr, 32, 32);
        } else {
            System.arraycopy(byteArray2, 0, bArr, 64 - byteArray2.length, byteArray2.length);
        }
        return Base64.encodeBytes(bArr, 24);
    }

    private String signECDSA(ECPrivateKeyParameters eCPrivateKeyParameters, byte[] bArr) throws UnsupportedEncodingException {
        ECDSASigner eCDSASigner = new ECDSASigner();
        eCDSASigner.init(true, eCPrivateKeyParameters);
        BigInteger[] generateSignature = eCDSASigner.generateSignature(bArr);
        return rs2jwt(generateSignature[0], generateSignature[1]);
    }

    public static boolean verify(String str, RSAPublicKey rSAPublicKey) throws Exception {
        String str2;
        String[] split = str.split("\\.");
        String str3 = split[0];
        String str4 = split[1];
        String str5 = split[2];
        String str6 = (String) new JSONObject(str3).get("alg");
        if (SIGN_ALG_RS256.equals(str6)) {
            str2 = "SHA256withRSA";
        } else if (SIGN_ALG_RS383.equals(str6)) {
            str2 = "SHA384withRSA";
        } else {
            if (!SIGN_ALG_RS512.equals(str6)) {
                throw new NoSuchAlgorithmException("JWT algorithm: " + str6);
            }
            str2 = "SHA512withRSA";
        }
        Signature signature = Signature.getInstance(str2);
        signature.initVerify(rSAPublicKey);
        signature.update((str3 + "." + str4).getBytes("utf-8"));
        return signature.verify(Base64.decodeUrl(str5));
    }

    public static boolean verify(String str, byte[] bArr, byte[] bArr2) throws Exception {
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        Digest sHA512Digest;
        String[] split = str.split("\\.");
        String str2 = split[0];
        String str3 = split[1];
        byte[] decodeUrl = Base64.decodeUrl(split[2]);
        byte[] bArr3 = new byte[32];
        System.arraycopy(decodeUrl, 0, bArr3, 0, 32);
        byte[] bArr4 = new byte[32];
        System.arraycopy(decodeUrl, 32, bArr4, 0, 32);
        BigInteger bigInteger = new BigInteger(1, bArr3);
        BigInteger bigInteger2 = new BigInteger(1, bArr4);
        String str4 = (String) new JSONObject(new String(Base64.decodeUrl(str2))).get("alg");
        if (SIGN_ALG_ES256.equals(str4)) {
            aSN1ObjectIdentifier = SECObjectIdentifiers.secp256r1;
            sHA512Digest = new SHA256Digest();
        } else if (SIGN_ALG_ES383.equals(str4)) {
            aSN1ObjectIdentifier = SECObjectIdentifiers.secp384r1;
            sHA512Digest = new SHA384Digest();
        } else {
            if (!SIGN_ALG_ES512.equals(str4)) {
                throw new NoSuchAlgorithmException("JWT algorithm: " + str4);
            }
            aSN1ObjectIdentifier = SECObjectIdentifiers.secp521r1;
            sHA512Digest = new SHA512Digest();
        }
        X9ECParameters byOID = SECNamedCurves.getByOID(aSN1ObjectIdentifier);
        ECDSASigner eCDSASigner = new ECDSASigner();
        BigInteger bigInteger3 = new BigInteger(1, bArr);
        BigInteger bigInteger4 = new BigInteger(1, bArr2);
        ECCurve curve = byOID.getCurve();
        ECPoint createPoint = curve.createPoint(bigInteger3, bigInteger4, false);
        eCDSASigner.init(false, new ECPublicKeyParameters(new ECPoint.Fp(curve, createPoint.getX(), createPoint.getY()), new ECDomainParameters(curve, byOID.getG(), byOID.getN(), byOID.getH(), byOID.getSeed())));
        byte[] bytes = (str2 + "." + str3).getBytes("utf-8");
        sHA512Digest.update(bytes, 0, bytes.length);
        byte[] bArr5 = new byte[sHA512Digest.getDigestSize()];
        sHA512Digest.doFinal(bArr5, 0);
        return eCDSASigner.verifySignature(bArr5, bigInteger, bigInteger2);
    }

    public String encrypt(String str) throws Exception {
        StringBuffer stringBuffer = new StringBuffer(Base64.encodeBytes(this.mHeaderStr.getBytes("utf-8"), 24));
        stringBuffer.append('.');
        SecretKey generateKey = KeyGenerator.getInstance("DESede").generateKey();
        byte[] bArr = new byte[8];
        new SecureRandom().nextBytes(bArr);
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, 20);
        SecretKey generateSecret = SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(new PBEKeySpec(str.toCharArray()));
        Cipher cipher = Cipher.getInstance("PBEWithMD5AndDES");
        cipher.init(3, generateSecret, pBEParameterSpec);
        byte[] wrap = cipher.wrap(generateKey);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("wrp", Base64.encodeBytes(wrap, 24));
        jSONObject.put("slt", Base64.encodeBytes(bArr, 24));
        stringBuffer.append(Base64.encodeBytes(jSONObject.toString().getBytes("utf-8"), 24));
        stringBuffer.append('.');
        Cipher cipher2 = Cipher.getInstance("DESede");
        cipher2.init(1, generateKey);
        stringBuffer.append(Base64.encodeBytes(cipher2.doFinal(this.mJsonStr.getBytes()), 24));
        return stringBuffer.toString();
    }

    public String encrypt(BigInteger bigInteger, BigInteger bigInteger2, BigInteger bigInteger3) throws Exception {
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        Digest sHA256Digest;
        String str = (String) this.mHeader.get("alg");
        if ("EE256".equals(str) || ENC_ALG_ECDH_ES.equals(str)) {
            aSN1ObjectIdentifier = SECObjectIdentifiers.secp256r1;
            sHA256Digest = new SHA256Digest();
        } else if ("EE384".equals(str)) {
            aSN1ObjectIdentifier = SECObjectIdentifiers.secp384r1;
            sHA256Digest = new SHA384Digest();
        } else {
            if (!"EE512".equals(str)) {
                throw new NoSuchAlgorithmException("JWT algorithm: " + str);
            }
            aSN1ObjectIdentifier = SECObjectIdentifiers.secp521r1;
            sHA256Digest = new SHA512Digest();
        }
        X9ECParameters byOID = SECNamedCurves.getByOID(aSN1ObjectIdentifier);
        ECCurve curve = byOID.getCurve();
        ECPoint createPoint = curve.createPoint(bigInteger, bigInteger2, false);
        ECPoint.Fp fp = new ECPoint.Fp(curve, createPoint.getX(), createPoint.getY());
        ECDomainParameters eCDomainParameters = new ECDomainParameters(curve, byOID.getG(), byOID.getN(), byOID.getH(), byOID.getSeed());
        return encrypt(new ECPublicKeyParameters(fp, eCDomainParameters), new ECPrivateKeyParameters(bigInteger3, eCDomainParameters), sHA256Digest);
    }

    public String encrypt(RSAPublicKey rSAPublicKey) throws Exception {
        int i;
        String encodeBytes;
        String encodeBytes2;
        byte[] decodeUrl;
        String str = (String) this.mHeader.get("enc");
        if (ENC_ALG_A128CBC.equals(str)) {
            i = 128;
        } else if (ENC_ALG_A192CBC.equals(str)) {
            i = CertificateHolderAuthorization.CVCA;
        } else if (ENC_ALG_A256CBC.equals(str)) {
            i = 256;
        } else if (ENC_ALG_A512CBC.equals(str)) {
            i = 512;
        } else if (ENC_ALG_A128GCM.equals(str)) {
            i = 128;
        } else {
            if (!ENC_ALG_A256GCM.equals(str)) {
                throw new NoSuchAlgorithmException("WebToken RSA encrypt: enc=" + str);
            }
            i = 256;
        }
        SecretKey genAesKey = CryptoUtils.genAesKey(i);
        String str2 = (String) this.mHeader.get("alg");
        if (ENC_ALG_RSA1_5.equals(str2)) {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, rSAPublicKey);
            encodeBytes = Base64.encodeBytes(cipher.doFinal(genAesKey.getEncoded()), 24);
        } else {
            if (!ENC_ALG_RSA_OAEP.equals(str2)) {
                throw new NoSuchAlgorithmException("JWT algorithm: " + str2);
            }
            encodeBytes = Base64.encodeBytes(CryptoUtils.rsaoaepEncryptBytes(genAesKey.getEncoded(), rSAPublicKey), 24);
        }
        String str3 = this.mHeaderStr;
        if (ENC_ALG_A128CBC.equals(str) || ENC_ALG_A192CBC.equals(str) || ENC_ALG_A256CBC.equals(str) || ENC_ALG_A512CBC.equals(str)) {
            SafeObject safeObject = new SafeObject();
            safeObject.setText(genAesKey.getEncoded());
            encodeBytes2 = Base64.encodeBytes(CryptoUtils.encryptAESCBC(new StringBuffer(this.mJsonStr), safeObject).toString().getBytes("utf-8"), 24);
        } else {
            if (!ENC_ALG_A128GCM.equals(str) && !ENC_ALG_A256GCM.equals(str)) {
                throw new NoSuchAlgorithmException("WebToken RSA encrypt: enc=" + str);
            }
            JSONObject jSONObject = new JSONObject(this.mHeaderStr);
            String optString = jSONObject.optString("iv", null);
            if (optString == null) {
                decodeUrl = new byte[12];
                new SecureRandom().nextBytes(decodeUrl);
                jSONObject.put("iv", Base64.encodeBytes(decodeUrl, 24));
                str3 = jSONObject.toString();
            } else {
                decodeUrl = Base64.decodeUrl(optString);
            }
            encodeBytes2 = Base64.encodeBytes(aesgcmEncrypt(new IvParameterSpec(decodeUrl), genAesKey, this.mJsonStr.getBytes("utf-8")), 24);
        }
        StringBuffer stringBuffer = new StringBuffer(Base64.encodeBytes(str3.getBytes("utf-8"), 24));
        stringBuffer.append('.');
        stringBuffer.append(encodeBytes);
        stringBuffer.append('.');
        stringBuffer.append(encodeBytes2);
        return stringBuffer.toString();
    }

    public String encrypt(SecretKey secretKey, IvParameterSpec ivParameterSpec) throws Exception {
        StringBuffer stringBuffer = new StringBuffer(Base64.encodeBytes(this.mHeaderStr.getBytes("utf-8"), 24));
        stringBuffer.append('.');
        String string = this.mHeader.getString("alg");
        if (ENC_ALG_AE128.equals(string) || ENC_ALG_AE192.equals(string) || ENC_ALG_AE256.equals(string)) {
            SafeObject safeObject = new SafeObject();
            safeObject.setText(secretKey.getEncoded());
            stringBuffer.append(Base64.encodeBytes(CryptoUtils.encryptAESCBC(new StringBuffer(this.mJsonStr), safeObject).toString().getBytes("utf-8"), 24));
        } else {
            if (!ENC_ALG_A128GCM.equals(string) && !ENC_ALG_A256GCM.equals(string)) {
                throw new NoSuchAlgorithmException("unsupported JWT AES algorithm: " + string);
            }
            stringBuffer = new StringBuffer(Base64.encodeBytes(this.mHeaderStr.getBytes("utf-8"), 24));
            stringBuffer.append('.');
            stringBuffer.append(Base64.encodeBytes(aesgcmEncrypt(ivParameterSpec, secretKey, this.mJsonStr.getBytes("utf-8")), 24));
        }
        return stringBuffer.toString();
    }

    public String encrypt(ECPublicKeyParameters eCPublicKeyParameters, ECPrivateKeyParameters eCPrivateKeyParameters, Digest digest) throws Exception {
        int i;
        byte[] decodeUrl;
        String str = (String) this.mHeader.get("enc");
        if (ENC_ALG_A128GCM.equals(str)) {
            i = 128;
        } else {
            if (!ENC_ALG_A256GCM.equals(str)) {
                throw new NoSuchAlgorithmException("JWT enc: " + str);
            }
            i = 256;
        }
        String str2 = (String) this.mHeader.get("alg");
        if (!ENC_ALG_ECDH_ES.equals(str2)) {
            throw new NoSuchAlgorithmException("JWT algorithm: " + str2);
        }
        ECDHBasicAgreement eCDHBasicAgreement = new ECDHBasicAgreement();
        eCDHBasicAgreement.init(eCPrivateKeyParameters);
        byte[] asUnsignedByteArray = BigIntegers.asUnsignedByteArray(eCDHBasicAgreement.calculateAgreement(eCPublicKeyParameters));
        KDFConcatGenerator kDFConcatGenerator = new KDFConcatGenerator(digest, new byte[]{69, 110, 99, 114, 121, 112, 116, 105, 111, 110});
        kDFConcatGenerator.init(new KDFParameters(asUnsignedByteArray, null));
        byte[] bArr = new byte[i / 8];
        kDFConcatGenerator.generateBytes(bArr, 0, bArr.length);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "RAW");
        String str3 = this.mHeaderStr;
        if (!ENC_ALG_A128GCM.equals(str) && !ENC_ALG_A256GCM.equals(str)) {
            throw new NoSuchAlgorithmException("WebToken ECDH-ES encrypt: enc=" + str);
        }
        JSONObject jSONObject = new JSONObject(this.mHeaderStr);
        String optString = jSONObject.optString("iv", null);
        if (optString == null) {
            decodeUrl = new byte[12];
            new SecureRandom().nextBytes(decodeUrl);
            jSONObject.put("iv", Base64.encodeBytes(decodeUrl, 24));
            str3 = jSONObject.toString();
        } else {
            decodeUrl = Base64.decodeUrl(optString);
        }
        String encodeBytes = Base64.encodeBytes(aesgcmEncrypt(new IvParameterSpec(decodeUrl), secretKeySpec, this.mJsonStr.getBytes("utf-8")), 24);
        StringBuffer stringBuffer = new StringBuffer(Base64.encodeBytes(str3.getBytes("utf-8"), 24));
        stringBuffer.append('.');
        stringBuffer.append("");
        stringBuffer.append('.');
        stringBuffer.append(encodeBytes);
        return stringBuffer.toString();
    }

    public String serialize(BigInteger bigInteger) throws NoSuchAlgorithmException, JSONException, InvalidKeyException, SignatureException, IOException, InvalidKeySpecException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        Digest sHA512Digest;
        String str = (String) this.mHeader.get("alg");
        if (SIGN_ALG_ES256.equals(str)) {
            aSN1ObjectIdentifier = SECObjectIdentifiers.secp256r1;
            sHA512Digest = new SHA256Digest();
        } else if (SIGN_ALG_ES383.equals(str)) {
            aSN1ObjectIdentifier = SECObjectIdentifiers.secp384r1;
            sHA512Digest = new SHA384Digest();
        } else {
            if (!SIGN_ALG_ES512.equals(str)) {
                throw new NoSuchAlgorithmException("JWT algorithm: " + str);
            }
            aSN1ObjectIdentifier = SECObjectIdentifiers.secp521r1;
            sHA512Digest = new SHA512Digest();
        }
        X9ECParameters byOID = SECNamedCurves.getByOID(aSN1ObjectIdentifier);
        ECPrivateKeyParameters eCPrivateKeyParameters = new ECPrivateKeyParameters(bigInteger, new ECDomainParameters(byOID.getCurve(), byOID.getG(), byOID.getN(), byOID.getH(), byOID.getSeed()));
        StringBuffer stringBuffer = new StringBuffer(Base64.encodeBytes(this.mHeaderStr.getBytes("utf-8"), 24));
        stringBuffer.append('.');
        stringBuffer.append(Base64.encodeBytes(this.mJsonStr.getBytes("utf-8"), 24));
        byte[] bytes = stringBuffer.toString().getBytes("utf-8");
        sHA512Digest.update(bytes, 0, bytes.length);
        byte[] bArr = new byte[sHA512Digest.getDigestSize()];
        sHA512Digest.doFinal(bArr, 0);
        stringBuffer.append('.');
        stringBuffer.append(signECDSA(eCPrivateKeyParameters, bArr));
        return stringBuffer.toString();
    }

    public String serialize(RSAPrivateKey rSAPrivateKey) throws JSONException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException {
        String str;
        StringBuffer stringBuffer = new StringBuffer(Base64.encodeBytes(this.mHeaderStr.getBytes("utf-8"), 24));
        stringBuffer.append('.');
        stringBuffer.append(Base64.encodeBytes(this.mJsonStr.getBytes("utf-8"), 24));
        String stringBuffer2 = stringBuffer.toString();
        stringBuffer.append('.');
        String string = this.mHeader.getString("alg");
        if (SIGN_ALG_RS256.equals(string)) {
            str = "SHA256withRSA";
        } else if (SIGN_ALG_RS383.equals(string)) {
            str = "SHA384withRSA";
        } else {
            if (!SIGN_ALG_RS512.equals(string)) {
                throw new NoSuchAlgorithmException("JWT algorithm: " + string);
            }
            str = "SHA512withRSA";
        }
        Signature signature = Signature.getInstance(str);
        signature.initSign(rSAPrivateKey);
        signature.update(stringBuffer2.getBytes("utf-8"));
        stringBuffer.append(Base64.encodeBytes(signature.sign(), 24));
        return stringBuffer.toString();
    }

    public String serialize(byte[] bArr) throws JSONException, NoSuchAlgorithmException, InvalidKeyException, IllegalStateException, UnsupportedEncodingException {
        String str;
        StringBuffer stringBuffer = new StringBuffer(Base64.encodeBytes(this.mHeaderStr.getBytes("utf-8"), 24));
        stringBuffer.append('.');
        stringBuffer.append(Base64.encodeBytes(this.mJsonStr.getBytes("utf-8"), 24));
        String stringBuffer2 = stringBuffer.toString();
        stringBuffer.append('.');
        String string = this.mHeader.getString("alg");
        if (SIGN_ALG_HS256.equals(string)) {
            str = "HMACSHA256";
        } else if (SIGN_ALG_HS383.equals(string)) {
            str = "HMACSHA384";
        } else {
            if (!SIGN_ALG_HS512.equals(string)) {
                throw new NoSuchAlgorithmException("JWT shared secret" + string);
            }
            str = "HMACSHA512";
        }
        Mac mac = Mac.getInstance(str);
        mac.init(new SecretKeySpec(bArr, mac.getAlgorithm()));
        mac.update(stringBuffer2.getBytes("utf-8"));
        stringBuffer.append(Base64.encodeBytes(mac.doFinal(), 24));
        return stringBuffer.toString();
    }
}
