package com.huawei.cloudtable.hbase.rest.filter.token.utils.pki;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.cms.bc.BcRSASignerInfoVerifierBuilder;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: input_file:com/huawei/cloudtable/hbase/rest/filter/token/utils/pki/Decoder.class */
public class Decoder {
    private static final Logger logger = Logger.getLogger(Decoder.class);
    public static final String UTF_8 = "UTF-8";

    public static String decodeToken(String str, String str2) {
        try {
            try {
                CMSSignedData signedDataFromRawToken = getSignedDataFromRawToken(str);
                SignerInformationVerifier createTokenVerifier = createTokenVerifier(str2);
                if (null == signedDataFromRawToken || null == createTokenVerifier) {
                    logger.info("get CMSSignedData or createTokenVerifier failure");
                    return null;
                }
                if (isValidTokenSignature(signedDataFromRawToken, createTokenVerifier)) {
                    return getTokenContentAsString(signedDataFromRawToken);
                }
                logger.info("token signed validate failure!");
                return null;
            } catch (CMSException e) {
                logger.error("Error: " + e.getMessage());
                return null;
            }
        } catch (OperatorCreationException | IOException e2) {
            logger.error("Error: " + e2.getMessage());
            return null;
        }
    }

    public static SignerInformationVerifier createTokenVerifier(String str) throws IOException, OperatorCreationException {
        PemReader pemReader = new PemReader(new BufferedReader(new InputStreamReader(new ByteArrayInputStream(str.getBytes(UTF_8)), UTF_8)));
        PemObject readPemObject = pemReader.readPemObject();
        pemReader.close();
        if (null == readPemObject) {
            return null;
        }
        return new BcRSASignerInfoVerifierBuilder(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), new DefaultDigestAlgorithmIdentifierFinder(), new BcDigestCalculatorProvider()).build(new X509CertificateHolder(readPemObject.getContent()));
    }

    public static CMSSignedData getSignedDataFromRawToken(String str) throws CMSException {
        try {
            return new CMSSignedData(Base64.decodeBase64(str.replace("-", "/").getBytes(UTF_8)));
        } catch (UnsupportedEncodingException e) {
            logger.error("encoding convert error" + e);
            return null;
        }
    }

    public static String getTokenContentAsString(CMSSignedData cMSSignedData) {
        Object content = cMSSignedData.getSignedContent().getContent();
        if (!(content instanceof byte[])) {
            return null;
        }
        String str = null;
        try {
            str = new String((byte[]) content, UTF_8);
        } catch (UnsupportedEncodingException e) {
            logger.error("encoding convert error" + e);
        }
        return str;
    }

    public static boolean isValidTokenSignature(CMSSignedData cMSSignedData, SignerInformationVerifier signerInformationVerifier) throws CMSException {
        for (Object obj : cMSSignedData.getSignerInfos().getSigners()) {
            if ((obj instanceof SignerInformation) && ((SignerInformation) obj).verify(signerInformationVerifier)) {
                return true;
            }
        }
        return false;
    }
}
