package io.jans.as.model.jwt;

import io.jans.as.model.crypto.AbstractCryptoProvider;
import io.jans.as.model.crypto.signature.AsymmetricSignatureAlgorithm;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.exception.CryptoProviderException;
import io.jans.as.model.exception.InvalidJwtException;
import io.jans.as.model.exception.InvalidParameterException;
import io.jans.as.model.jwk.JSONWebKey;
import io.jans.as.model.util.Base64Util;
import io.jans.as.model.util.JwtUtil;
import io.jans.as.model.util.Util;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Date;
import java.util.UUID;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jans/as/model/jwt/DPoP.class */
public class DPoP extends Jwt {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) DPoP.class);
    private final String keyId;
    private String encodedJwt;
    private transient AbstractCryptoProvider cryptoProvider;

    public DPoP(AsymmetricSignatureAlgorithm asymmetricSignatureAlgorithm, JSONWebKey jSONWebKey, String str, String str2, String str3, String str4, AbstractCryptoProvider abstractCryptoProvider) {
        getHeader().setType(JwtType.DPOP_PLUS_JWT);
        this.keyId = str4;
        setSignatureAlgorithm(asymmetricSignatureAlgorithm);
        setJwk(jSONWebKey);
        setJti(str);
        setHtm(str2);
        setHtu(str3);
        setIat(Long.valueOf(new Date().getTime()));
        this.cryptoProvider = abstractCryptoProvider;
    }

    public static String generateJti() {
        return Base64Util.base64urlencode(Util.getBytes(UUID.randomUUID().toString()));
    }

    public static String generateAccessTokenHash(String str) {
        String str2 = null;
        try {
            byte[] messageDigestSHA256 = JwtUtil.getMessageDigestSHA256(str);
            if (messageDigestSHA256 != null) {
                str2 = Base64Util.base64urlencode(messageDigestSHA256);
            }
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            LOG.error(e.getMessage(), (Throwable) e);
        }
        return str2;
    }

    public JwtType getType() {
        return getHeader().getType();
    }

    public AsymmetricSignatureAlgorithm getSignatureAlgorithm() {
        SignatureAlgorithm signatureAlgorithm = getHeader().getSignatureAlgorithm();
        if (signatureAlgorithm == null) {
            return null;
        }
        return AsymmetricSignatureAlgorithm.fromString(signatureAlgorithm.getName());
    }

    public void setSignatureAlgorithm(AsymmetricSignatureAlgorithm asymmetricSignatureAlgorithm) {
        getHeader().setAlgorithm(SignatureAlgorithm.fromString(asymmetricSignatureAlgorithm.getParamName()));
    }

    public JSONWebKey getJwk() {
        return JSONWebKey.fromJSONObject(getHeader().getJwk());
    }

    public void setJwk(JSONWebKey jSONWebKey) {
        getHeader().setJwk(jSONWebKey.toJSONObject());
    }

    public String getJti() {
        return getClaims().getClaimAsString("jti");
    }

    public void setJti(String str) {
        getClaims().setClaim("jti", str);
    }

    public String getHtm() {
        return getClaims().getClaimAsString(DPoPJwtPayloadParam.HTM);
    }

    public void setHtm(String str) {
        getClaims().setClaim(DPoPJwtPayloadParam.HTM, str);
    }

    public String getHtu() {
        return getClaims().getClaimAsString(DPoPJwtPayloadParam.HTU);
    }

    public void setHtu(String str) {
        getClaims().setClaim(DPoPJwtPayloadParam.HTU, str);
    }

    public Long getIat() {
        return getClaims().getClaimAsLong("iat");
    }

    public void setIat(Long l) {
        getClaims().setClaim("iat", l);
    }

    public String getAth() {
        return getClaims().getClaimAsString(DPoPJwtPayloadParam.ATH);
    }

    public void setAth(String str) {
        getClaims().setClaim(DPoPJwtPayloadParam.ATH, str);
    }

    public AbstractCryptoProvider getCryptoProvider() {
        return this.cryptoProvider;
    }

    public void setCryptoProvider(AbstractCryptoProvider abstractCryptoProvider) {
        this.cryptoProvider = abstractCryptoProvider;
    }

    public String getEncodedJwt() throws InvalidJwtException, InvalidParameterException, CryptoProviderException {
        if (getType() != JwtType.DPOP_PLUS_JWT) {
            throw new InvalidJwtException("Type (typ) value must be dpop+jwt");
        }
        if (getSignatureAlgorithm() == null) {
            throw new InvalidJwtException("Algorithm (alg) must be an asymmetric algorithm");
        }
        if (getJwk() == null) {
            throw new InvalidJwtException("JWK (jwk) is required");
        }
        if (StringUtils.isBlank(getJti())) {
            throw new InvalidJwtException("The JWT Unique identifier (jti) is required");
        }
        if (StringUtils.isBlank(getHtm())) {
            throw new InvalidJwtException("The HTTP method (htm) is required");
        }
        if (StringUtils.isBlank(getHtu())) {
            throw new InvalidJwtException("The HTTP URI (htu) is required");
        }
        if (getIat() == null || getIat().longValue() <= 0) {
            throw new InvalidJwtException("The issued at (iat) is required");
        }
        if (this.cryptoProvider == null) {
            throw new InvalidParameterException("The Crypto Provider cannot be null.");
        }
        String base64JsonObject = getHeader().toBase64JsonObject();
        String base64JsonObject2 = getClaims().toBase64JsonObject();
        this.encodedJwt = base64JsonObject + "." + base64JsonObject2 + "." + this.cryptoProvider.sign(base64JsonObject + "." + base64JsonObject2, this.keyId, null, getHeader().getSignatureAlgorithm());
        return this.encodedJwt;
    }

    @Override // io.jans.as.model.jwt.Jwt, io.jans.as.model.token.JsonWebResponse
    public String toString() {
        return this.encodedJwt;
    }
}
