package org.wso2.carbon.apimgt.core.impl;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import org.wso2.carbon.apimgt.core.api.JWTWithRSASignature;
import org.wso2.carbon.apimgt.core.exception.APIManagementException;

/* loaded from: input_file:org/wso2/carbon/apimgt/core/impl/JWTWithRSASignatureImpl.class */
public class JWTWithRSASignatureImpl implements JWTWithRSASignature {
    @Override // org.wso2.carbon.apimgt.core.api.JWTWithRSASignature
    public PrivateKey getPrivateKey(String str, String str2, String str3, String str4) throws APIManagementException {
        if (str == null) {
            throw new IllegalArgumentException("Path to key store file must not be null");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("The key store password must not be null");
        }
        if (str3 == null) {
            throw new IllegalArgumentException("The Alias must not be null");
        }
        if (str4 == null) {
            throw new IllegalArgumentException("The Alias password not be null");
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            Throwable th = null;
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(fileInputStream, str2.toCharArray());
                    Key key = keyStore.getKey(str3, str4.toCharArray());
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    if (key instanceof PrivateKey) {
                        return (PrivateKey) key;
                    }
                    throw new APIManagementException("Error getting requested key: Private key not found ");
                } finally {
                }
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new APIManagementException("Error getting requested key: Private key not found ", e);
        }
    }

    @Override // org.wso2.carbon.apimgt.core.api.JWTWithRSASignature
    public String rsaSignAndSerialize(RSAPrivateKey rSAPrivateKey, JWTClaimsSet jWTClaimsSet) throws APIManagementException {
        if (rSAPrivateKey == null) {
            throw new IllegalArgumentException("The private key must not be null");
        }
        if (jWTClaimsSet == null) {
            throw new IllegalArgumentException("The JWTClaimsSet must not be null");
        }
        RSASSASigner rSASSASigner = new RSASSASigner(rSAPrivateKey);
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), jWTClaimsSet);
        try {
            signedJWT.sign(rSASSASigner);
            return signedJWT.serialize();
        } catch (JOSEException e) {
            throw new APIManagementException("Error signing JWT ", (Throwable) e);
        }
    }

    @Override // org.wso2.carbon.apimgt.core.api.JWTWithRSASignature
    public PublicKey getPublicKey(String str, String str2, String str3) throws APIManagementException {
        if (str == null) {
            throw new IllegalArgumentException("Path to key store file must not be null");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("The key store password must not be null");
        }
        if (str3 == null) {
            throw new IllegalArgumentException("The Alias must not be null");
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            Throwable th = null;
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(fileInputStream, str2.toCharArray());
                Certificate certificate = keyStore.getCertificate(str3);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return certificate.getPublicKey();
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new APIManagementException("Error getting requested key: Public key not found ", e);
        }
    }

    @Override // org.wso2.carbon.apimgt.core.api.JWTWithRSASignature
    public boolean verifyRSASignature(String str, RSAPublicKey rSAPublicKey) throws APIManagementException {
        if (str == null) {
            throw new IllegalArgumentException("The SignedJWT must not be null");
        }
        if (rSAPublicKey == null) {
            throw new IllegalArgumentException("The public key must not be null");
        }
        try {
            return SignedJWT.parse(str).verify(new RSASSAVerifier(rSAPublicKey));
        } catch (ParseException e) {
            throw new APIManagementException("Error parsing signed JWT string ", e);
        } catch (JOSEException e2) {
            throw new APIManagementException("Failed to verify signature ", (Throwable) e2);
        }
    }
}
