package io.jans.as.model.util;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.datatype.jsonorg.JsonOrgModule;
import io.jans.as.model.crypto.Certificate;
import io.jans.as.model.crypto.KeyFactory;
import io.jans.as.model.crypto.PublicKey;
import io.jans.as.model.crypto.signature.AlgorithmFamily;
import io.jans.as.model.crypto.signature.ECDSAPublicKey;
import io.jans.as.model.crypto.signature.EDDSAPublicKey;
import io.jans.as.model.crypto.signature.RSAPublicKey;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.exception.InvalidParameterException;
import io.jans.as.model.jwk.JWKParameter;
import io.jans.as.model.jwt.Jwt;
import io.jans.util.StringHelper;
import java.io.IOException;
import java.io.StringReader;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.util.Iterator;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.core.Response;
import org.bouncycastle.jce.provider.X509CertificateObject;
import org.bouncycastle.openssl.PEMParser;
import org.jboss.resteasy.client.jaxrs.ClientHttpEngine;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.json.JSONArray;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jans/as/model/util/JwtUtil.class */
public class JwtUtil {
    private static final Logger log = LoggerFactory.getLogger(JwtUtil.class);

    private JwtUtil() {
    }

    public static void printAlgorithmsAndProviders() {
        printAlgorithms("Signature");
        printAlgorithms("MessageDigest");
        printAlgorithms("Cipher");
        printAlgorithms("Mac");
        printAlgorithms("KeyStore");
        for (Provider provider : Security.getProviders()) {
            log.trace("Provider: {}", provider.getName());
        }
    }

    public static void printAlgorithms(String str) {
        Iterator<String> it = Security.getAlgorithms(str).iterator();
        while (it.hasNext()) {
            log.trace("Algorithm ({}}): {}", str, it.next());
        }
    }

    public static String bytesToHex(byte[] bArr) {
        char[] charArray = "0123456789abcdef".toCharArray();
        char[] cArr = new char[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & 255;
            cArr[i * 2] = charArray[i2 >>> 4];
            cArr[(i * 2) + 1] = charArray[i2 & 15];
        }
        return new String(cArr);
    }

    public static byte[] getMessageDigestSHA256(String str) throws NoSuchProviderException, NoSuchAlgorithmException {
        return getMessageDigest(str, "SHA-256");
    }

    public static byte[] getMessageDigestSHA384(String str) throws NoSuchProviderException, NoSuchAlgorithmException {
        return getMessageDigest(str, "SHA-384");
    }

    public static byte[] getMessageDigestSHA512(String str) throws NoSuchProviderException, NoSuchAlgorithmException {
        return getMessageDigest(str, "SHA-512");
    }

    public static byte[] getMessageDigest(String str, String str2) throws NoSuchProviderException, NoSuchAlgorithmException {
        return MessageDigest.getInstance(str2, KeyFactory.DEF_BC).digest(str.getBytes(StandardCharsets.UTF_8));
    }

    public static PublicKey getPublicKey(String str, String str2, SignatureAlgorithm signatureAlgorithm, String str3) {
        JSONObject jsonKey = getJsonKey(str, str2, str3);
        if (jsonKey == null) {
            return null;
        }
        PublicKey publicKey = null;
        try {
            String string = jsonKey.getString("kid");
            if (signatureAlgorithm == null) {
                signatureAlgorithm = SignatureAlgorithm.fromString(jsonKey.getString("alg"));
                if (signatureAlgorithm == null) {
                    log.error(String.format("Failed to determine key '%s' signature algorithm", string));
                    return null;
                }
            }
            JSONObject jSONObject = jsonKey;
            if (jsonKey.has(JWKParameter.PUBLIC_KEY)) {
                jSONObject = jsonKey.getJSONObject(JWKParameter.PUBLIC_KEY);
            }
            AlgorithmFamily family = signatureAlgorithm.getFamily();
            if (family == AlgorithmFamily.RSA) {
                publicKey = new RSAPublicKey(new BigInteger(1, Base64Util.base64urldecode(jSONObject.getString(JWKParameter.MODULUS))), new BigInteger(1, Base64Util.base64urldecode(jSONObject.getString(JWKParameter.EXPONENT))));
            } else if (family == AlgorithmFamily.EC) {
                publicKey = new ECDSAPublicKey(signatureAlgorithm, new BigInteger(1, Base64Util.base64urldecode(jSONObject.getString(JWKParameter.X))), new BigInteger(1, Base64Util.base64urldecode(jSONObject.getString(JWKParameter.Y))));
            } else {
                if (family != AlgorithmFamily.ED) {
                    throw new InvalidParameterException("Wrong value of the AlgorithmFamily: algorithmFamily = " + family);
                }
                publicKey = new EDDSAPublicKey(signatureAlgorithm, new BigInteger(1, Base64Util.base64urldecode(jSONObject.getString(JWKParameter.X))).toByteArray());
            }
            if (jsonKey.has(JWKParameter.CERTIFICATE_CHAIN)) {
                publicKey.setCertificate(new Certificate(signatureAlgorithm, (X509CertificateObject) new PEMParser(new StringReader("-----BEGIN CERTIFICATE-----\n" + jsonKey.getJSONArray(JWKParameter.CERTIFICATE_CHAIN).getString(0) + "\n-----END CERTIFICATE-----")).readObject()));
            }
            publicKey.setKeyId(string);
            publicKey.setSignatureAlgorithm(signatureAlgorithm);
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
        return publicKey;
    }

    /* JADX WARN: Finally extract failed */
    public static JSONObject getJsonKey(String str, String str2, String str3) {
        JSONObject jSONObject = null;
        try {
            if (StringHelper.isEmpty(str2)) {
                Client newClient = ClientBuilder.newClient();
                try {
                    Response invoke = newClient.target(str).request().buildGet().invoke();
                    int status = invoke.getStatus();
                    log.debug(String.format("Status: %n%d", Integer.valueOf(status)));
                    if (status == 200) {
                        str2 = (String) invoke.readEntity(String.class);
                        if (log.isDebugEnabled()) {
                            log.debug(String.format("JWK: %s", str2));
                        }
                    }
                    newClient.close();
                } catch (Throwable th) {
                    newClient.close();
                    throw th;
                }
            }
            if (StringHelper.isNotEmpty(str2)) {
                JSONArray jSONArray = new JSONObject(str2).getJSONArray(JWKParameter.JSON_WEB_KEY_SET);
                if (jSONArray.length() > 0) {
                    if (!StringHelper.isEmpty(str3)) {
                        int i = 0;
                        while (true) {
                            if (i >= jSONArray.length()) {
                                break;
                            }
                            JSONObject jSONObject2 = jSONArray.getJSONObject(i);
                            if (jSONObject2.getString("kid").equals(str3)) {
                                jSONObject = jSONObject2;
                                break;
                            }
                            i++;
                        }
                    } else {
                        jSONObject = jSONArray.getJSONObject(0);
                    }
                }
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
        return jSONObject;
    }

    public static JSONObject getJSONWebKeys(String str) {
        return getJSONWebKeys(str, null);
    }

    /* JADX WARN: Finally extract failed */
    public static JSONObject getJSONWebKeys(String str, ClientHttpEngine clientHttpEngine) {
        log.debug("Retrieving jwks {}...", str);
        JSONObject jSONObject = null;
        try {
            if (!StringHelper.isEmpty(str)) {
                ResteasyClientBuilder newBuilder = ClientBuilder.newBuilder();
                if (clientHttpEngine != null) {
                    newBuilder.httpEngine(clientHttpEngine);
                }
                Client build = newBuilder.build();
                try {
                    Response invoke = build.target(str).request().buildGet().invoke();
                    int status = invoke.getStatus();
                    log.debug(String.format("Status: %n%d", Integer.valueOf(status)));
                    if (status == 200) {
                        jSONObject = fromJson((String) invoke.readEntity(String.class));
                        if (log.isDebugEnabled()) {
                            log.debug(String.format("JWK: %s", jSONObject));
                        }
                    }
                    build.close();
                } catch (Throwable th) {
                    build.close();
                    throw th;
                }
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
        return jSONObject;
    }

    public static JSONObject fromJson(String str) throws IOException {
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.registerModule(new JsonOrgModule());
        return (JSONObject) objectMapper.readValue(str, JSONObject.class);
    }

    public static void transferIntoJwtClaims(JSONObject jSONObject, Jwt jwt) {
        if (jSONObject == null || jwt == null) {
            return;
        }
        for (String str : jSONObject.keySet()) {
            jwt.getClaims().setClaimObject(str, jSONObject.opt(str), true);
        }
    }
}
