package io.jans.as.model.crypto;

import com.google.common.collect.Lists;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.crypto.signature.AlgorithmFamily;
import io.jans.as.model.crypto.signature.EllipticEdvardsCurve;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.exception.CryptoProviderException;
import io.jans.as.model.exception.InvalidParameterException;
import io.jans.as.model.fido.u2f.message.RawAuthenticateResponse;
import io.jans.as.model.jwk.Algorithm;
import io.jans.as.model.jwk.JSONWebKey;
import io.jans.as.model.jwk.JSONWebKeySet;
import io.jans.as.model.jwk.JWKParameter;
import io.jans.as.model.jwk.KeyOpsType;
import io.jans.as.model.jwk.Use;
import io.jans.as.model.util.Base64Util;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.NoSuchAlgorithmException;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.List;
import java.util.TimeZone;
import org.apache.log4j.Logger;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: input_file:io/jans/as/model/crypto/AbstractCryptoProvider.class */
public abstract class AbstractCryptoProvider {
    protected static final Logger LOG = Logger.getLogger(AbstractCryptoProvider.class);
    private static final String DEF_EXPIRESON = "\n\tExpires On: ";
    private static final String DEF_TODAYSDATE = "\n\tToday's Date: ";
    private static final String DEF_DAYS = " days";
    private int keyRegenerationIntervalInDays = -1;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.jans.as.model.crypto.AbstractCryptoProvider$1, reason: invalid class name */
    /* loaded from: input_file:io/jans/as/model/crypto/AbstractCryptoProvider$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$jans$as$model$crypto$signature$AlgorithmFamily = new int[AlgorithmFamily.values().length];

        static {
            try {
                $SwitchMap$io$jans$as$model$crypto$signature$AlgorithmFamily[AlgorithmFamily.RSA.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$jans$as$model$crypto$signature$AlgorithmFamily[AlgorithmFamily.EC.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$jans$as$model$crypto$signature$AlgorithmFamily[AlgorithmFamily.ED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public abstract JSONObject generateKey(Algorithm algorithm, Long l) throws CryptoProviderException;

    public abstract JSONObject generateKey(Algorithm algorithm, Long l, int i) throws CryptoProviderException;

    public abstract JSONObject generateKey(Algorithm algorithm, Long l, int i, KeyOpsType keyOpsType) throws CryptoProviderException;

    public abstract String sign(String str, String str2, String str3, SignatureAlgorithm signatureAlgorithm) throws CryptoProviderException;

    public abstract boolean verifySignature(String str, String str2, String str3, JSONObject jSONObject, String str4, SignatureAlgorithm signatureAlgorithm) throws CryptoProviderException;

    public abstract boolean deleteKey(String str) throws CryptoProviderException;

    public abstract boolean containsKey(String str);

    public List<String> getKeys() {
        return Lists.newArrayList();
    }

    public abstract java.security.PrivateKey getPrivateKey(String str) throws CryptoProviderException;

    public abstract java.security.PublicKey getPublicKey(String str) throws CryptoProviderException;

    public String getKeyId(JSONWebKeySet jSONWebKeySet, Algorithm algorithm, Use use, KeyOpsType keyOpsType) throws CryptoProviderException {
        if (algorithm == null || AlgorithmFamily.HMAC.equals(algorithm.getFamily())) {
            return null;
        }
        for (JSONWebKey jSONWebKey : jSONWebKeySet.getKeys()) {
            if (algorithm == jSONWebKey.getAlg() && (use == null || use == jSONWebKey.getUse())) {
                return jSONWebKey.getKid();
            }
        }
        return null;
    }

    public static JSONObject generateJwks(AbstractCryptoProvider abstractCryptoProvider, AppConfiguration appConfiguration) {
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
        gregorianCalendar.add(10, appConfiguration.getKeyRegenerationInterval());
        gregorianCalendar.add(13, appConfiguration.getIdTokenLifetime());
        long timeInMillis = gregorianCalendar.getTimeInMillis();
        List<String> keyAlgsAllowedForGeneration = appConfiguration.getKeyAlgsAllowedForGeneration();
        JSONArray jSONArray = new JSONArray();
        for (Algorithm algorithm : Algorithm.values()) {
            try {
                boolean z = (keyAlgsAllowedForGeneration.isEmpty() || keyAlgsAllowedForGeneration.contains(algorithm.getParamName())) ? false : true;
                boolean z2 = !algorithm.canGenerateKeys();
                if (z || z2) {
                    if (z) {
                        LOG.debug(String.format("Key generation for %s is skipped because it's not allowed by keyAlgsAllowedForGeneration configuration property.", algorithm.toString()));
                    }
                    if (z2) {
                        LOG.trace(algorithm + " does not support keys re-generation.");
                    }
                } else {
                    jSONArray.put(abstractCryptoProvider.generateKey(algorithm, Long.valueOf(timeInMillis)));
                }
            } catch (Exception e) {
                LOG.error(String.format("Algorithm: %s", algorithm), e);
            }
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(JWKParameter.JSON_WEB_KEY_SET, jSONArray);
        return jSONObject;
    }

    public java.security.PublicKey getPublicKey(String str, JSONObject jSONObject, Algorithm algorithm) throws CryptoProviderException {
        java.security.PublicKey processKey;
        JSONArray jSONArray = jSONObject.getJSONArray(JWKParameter.JSON_WEB_KEY_SET);
        try {
            if (str == null) {
                if (jSONArray.length() == 1) {
                    return processKey(algorithm, str, jSONArray.getJSONObject(0));
                }
                return null;
            }
            for (int i = 0; i < jSONArray.length(); i++) {
                JSONObject jSONObject2 = jSONArray.getJSONObject(i);
                if (str.equals(jSONObject2.getString("kid")) && (processKey = processKey(algorithm, str, jSONObject2)) != null) {
                    return processKey;
                }
            }
            return null;
        } catch (InvalidParameterException | NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException e) {
            throw new CryptoProviderException(e);
        }
    }

    private java.security.PublicKey processKey(Algorithm algorithm, String str, JSONObject jSONObject) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidParameterSpecException, InvalidParameterException {
        AlgorithmFamily fromString;
        java.security.PublicKey generatePublic;
        if (jSONObject.has("alg")) {
            Algorithm fromString2 = Algorithm.fromString(jSONObject.optString("alg"));
            if (algorithm != null && !algorithm.equals(fromString2)) {
                LOG.trace("kid matched but algorithm does not match. kid algorithm:" + fromString2 + ", requestedAlgorithm:" + algorithm + ", kid:" + str);
                return null;
            }
            fromString = fromString2.getFamily();
        } else {
            if (!jSONObject.has(JWKParameter.KEY_TYPE)) {
                throw new InvalidParameterException("Wrong key (JSONObject): doesn't contain 'alg' and 'kty' properties");
            }
            fromString = AlgorithmFamily.fromString(jSONObject.getString(JWKParameter.KEY_TYPE));
        }
        switch (AnonymousClass1.$SwitchMap$io$jans$as$model$crypto$signature$AlgorithmFamily[fromString.ordinal()]) {
            case RawAuthenticateResponse.USER_PRESENT_FLAG /* 1 */:
                generatePublic = java.security.KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, Base64Util.base64urldecode(jSONObject.getString(JWKParameter.MODULUS))), new BigInteger(1, Base64Util.base64urldecode(jSONObject.getString(JWKParameter.EXPONENT)))));
                break;
            case AppConfiguration.DEFAULT_STATUS_LIST_BIT_SIZE /* 2 */:
                EllipticEdvardsCurve fromString3 = EllipticEdvardsCurve.fromString(jSONObject.optString(JWKParameter.CURVE));
                AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(AlgorithmFamily.EC.toString());
                algorithmParameters.init(new ECGenParameterSpec(fromString3.getAlias()));
                generatePublic = java.security.KeyFactory.getInstance(AlgorithmFamily.EC.toString()).generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, Base64Util.base64urldecode(jSONObject.getString(JWKParameter.X))), new BigInteger(1, Base64Util.base64urldecode(jSONObject.getString(JWKParameter.Y)))), (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
                break;
            case 3:
                generatePublic = java.security.KeyFactory.getInstance(jSONObject.optString("alg")).generatePublic(new X509EncodedKeySpec(Base64Util.base64urldecode(jSONObject.getString(JWKParameter.X))));
                break;
            default:
                throw new InvalidParameterException(String.format("Wrong AlgorithmFamily value: %s", fromString));
        }
        if (jSONObject.has("exp")) {
            checkKeyExpiration(str, Long.valueOf(jSONObject.getLong("exp")));
        }
        return generatePublic;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkKeyExpiration(String str, Long l) {
        try {
            Date date = new Date(l.longValue());
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
            Date date2 = new Date();
            long longValue = (l.longValue() - date2.getTime()) / 86400000;
            if (longValue == 0) {
                LOG.warn("\nWARNING! Key will expire soon, alias: " + str + "\n\tExpires On: " + simpleDateFormat.format(date) + "\n\tToday's Date: " + simpleDateFormat.format(date2));
                return;
            }
            if (longValue < 0) {
                LOG.warn("\nWARNING! Expired Key is used, alias: " + str + "\n\tExpires On: " + simpleDateFormat.format(date) + "\n\tToday's Date: " + simpleDateFormat.format(date2));
                return;
            }
            if (this.keyRegenerationIntervalInDays <= 0 && longValue < 30) {
                Logger logger = LOG;
                String format = simpleDateFormat.format(date);
                simpleDateFormat.format(date2);
                logger.warn("\nWARNING! Key with alias: " + str + "\n\tExpires In: " + longValue + " days\n\tExpires On: " + logger + "\n\tToday's Date: " + format);
                return;
            }
            if (longValue < this.keyRegenerationIntervalInDays) {
                Logger logger2 = LOG;
                String format2 = simpleDateFormat.format(date);
                int i = this.keyRegenerationIntervalInDays;
                simpleDateFormat.format(date2);
                logger2.warn("\nWARNING! Key with alias: " + str + "\n\tExpires In: " + longValue + " days\n\tExpires On: " + logger2 + "\n\tKey Regeneration In: " + format2 + " days\n\tToday's Date: " + i);
            }
        } catch (Exception e) {
            LOG.error("Failed to check key expiration.", e);
        }
    }

    public int getKeyRegenerationIntervalInDays() {
        return this.keyRegenerationIntervalInDays;
    }

    public void setKeyRegenerationIntervalInDays(int i) {
        this.keyRegenerationIntervalInDays = i;
    }
}
