package org.eclipse.microprofile.jwt.tck.util;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StringWriter;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Collections;
import java.util.Map;
import java.util.Scanner;
import java.util.Set;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.eclipse.microprofile.jwt.Claims;
import org.jose4j.json.JsonUtil;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;

/* loaded from: input_file:org/eclipse/microprofile/jwt/tck/util/TokenUtils.class */
public class TokenUtils {

    /* loaded from: input_file:org/eclipse/microprofile/jwt/tck/util/TokenUtils$InvalidClaims.class */
    public enum InvalidClaims {
        ISSUER,
        IAT,
        EXP,
        SIGNER,
        ENCRYPTOR,
        ALG
    }

    private TokenUtils() {
    }

    @Deprecated
    public static String generateTokenString(String str) throws Exception {
        return signClaims(str);
    }

    public static String signClaims(String str) throws Exception {
        return signClaims(str, SignatureAlgorithm.RS256);
    }

    public static String signClaims(String str, SignatureAlgorithm signatureAlgorithm) throws Exception {
        return signClaims(str, signatureAlgorithm, (Set<InvalidClaims>) Collections.emptySet());
    }

    @Deprecated
    public static String generateTokenString(String str, Set<InvalidClaims> set) throws Exception {
        return signClaims(str, SignatureAlgorithm.RS256, set);
    }

    public static String signClaims(String str, SignatureAlgorithm signatureAlgorithm, Set<InvalidClaims> set) throws Exception {
        return signClaims(str, signatureAlgorithm, set, null);
    }

    @Deprecated
    public static String generateTokenString(String str, Set<InvalidClaims> set, Map<String, Long> map) throws Exception {
        return signClaims(str, SignatureAlgorithm.RS256, set, map);
    }

    public static String signClaims(String str, SignatureAlgorithm signatureAlgorithm, Set<InvalidClaims> set, Map<String, Long> map) throws Exception {
        return signClaims(signatureAlgorithm == SignatureAlgorithm.RS256 ? readPrivateKey("/privateKey.pem") : readECPrivateKey("/ecPrivateKey.pem"), str, str, set, map);
    }

    @Deprecated
    public static String generateTokenString(PrivateKey privateKey, String str, String str2, Set<InvalidClaims> set, Map<String, Long> map) throws Exception {
        return signClaims(privateKey, str, str2, set, map);
    }

    public static String signClaims(PrivateKey privateKey, String str, String str2) throws Exception {
        return signClaims(privateKey, str, str2, null, null);
    }

    public static String signClaims(PrivateKey privateKey, String str, String str2, Set<InvalidClaims> set, Map<String, Long> map) throws Exception {
        if (set == null) {
            set = Collections.emptySet();
        }
        JwtClaims createJwtClaims = createJwtClaims(str2, set, map);
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(createJwtClaims.toJson());
        if (str != null) {
            jsonWebSignature.setKeyIdHeaderValue(str);
        }
        jsonWebSignature.setHeader("typ", "JWT");
        if (set.contains(InvalidClaims.ALG)) {
            jsonWebSignature.setAlgorithmHeaderValue("HS256");
            jsonWebSignature.setKey(KeyGenerator.getInstance("HMACSHA256").generateKey());
        } else {
            jsonWebSignature.setAlgorithmHeaderValue(privateKey instanceof RSAPrivateKey ? "RS256" : "ES256");
            if (set.contains(InvalidClaims.SIGNER)) {
                privateKey = generateKeyPair(2048).getPrivate();
            }
            jsonWebSignature.setKey(privateKey);
        }
        jsonWebSignature.setDoKeyValidation(false);
        return jsonWebSignature.getCompactSerialization();
    }

    public static String encryptClaims(String str) throws Exception {
        return encryptClaims(str, (Set<InvalidClaims>) Collections.emptySet());
    }

    public static String encryptClaims(String str, Set<InvalidClaims> set) throws Exception {
        return encryptClaims(str, set, (Map<String, Long>) null);
    }

    public static String encryptClaims(String str, Set<InvalidClaims> set, Map<String, Long> map) throws Exception {
        return encryptClaims(readPublicKey("/publicKey.pem"), str, str, set, map);
    }

    public static String encryptClaims(PublicKey publicKey, String str) throws Exception {
        return encryptClaims(publicKey, str, str);
    }

    public static String encryptClaims(PublicKey publicKey, String str, String str2) throws Exception {
        return encryptClaims(publicKey, str, str2, null, null);
    }

    public static String encryptClaims(PublicKey publicKey, String str, String str2, Set<InvalidClaims> set, Map<String, Long> map) throws Exception {
        return encryptClaims(publicKey, null, str, str2, set, map);
    }

    public static String encryptClaims(PublicKey publicKey, KeyManagementAlgorithm keyManagementAlgorithm, String str, String str2, Set<InvalidClaims> set, Map<String, Long> map) throws Exception {
        Key key;
        if (set == null) {
            set = Collections.emptySet();
        }
        JwtClaims createJwtClaims = createJwtClaims(str2, set, map);
        if (set.contains(InvalidClaims.ENCRYPTOR)) {
            key = generateKeyPair(2048).getPublic();
        } else if (set.contains(InvalidClaims.ALG)) {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            key = keyGenerator.generateKey();
        } else {
            key = publicKey;
        }
        return encryptString(key, keyManagementAlgorithm, str, createJwtClaims.toJson(), false);
    }

    public static String signEncryptClaims(String str) throws Exception {
        return signEncryptClaims(str, SignatureAlgorithm.RS256);
    }

    public static String signEncryptClaims(String str, SignatureAlgorithm signatureAlgorithm) throws Exception {
        return signEncryptClaims(signatureAlgorithm == SignatureAlgorithm.RS256 ? readPrivateKey("/privateKey.pem") : readECPrivateKey("/ecPrivateKey.pem"), readPublicKey("/publicKey.pem"), str);
    }

    public static String signEncryptClaims(PrivateKey privateKey, PublicKey publicKey, String str) throws Exception {
        return signEncryptClaims(privateKey, str + "-signed", publicKey, str + "-encrypted", str);
    }

    public static String signEncryptClaims(PrivateKey privateKey, String str, PublicKey publicKey, String str2, String str3) throws Exception {
        return signEncryptClaims(privateKey, str, publicKey, str2, str3, true);
    }

    public static String signEncryptClaims(PrivateKey privateKey, String str, PublicKey publicKey, String str2, String str3, boolean z) throws Exception {
        return signEncryptClaims(privateKey, str, publicKey, null, str2, str3, z);
    }

    public static String signEncryptClaims(PrivateKey privateKey, String str, PublicKey publicKey, KeyManagementAlgorithm keyManagementAlgorithm, String str2, String str3, boolean z) throws Exception {
        return encryptString(publicKey, keyManagementAlgorithm, str2, signClaims(privateKey, str, str3, null, null), z);
    }

    private static String encryptString(Key key, KeyManagementAlgorithm keyManagementAlgorithm, String str, String str2, boolean z) throws Exception {
        JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
        jsonWebEncryption.setPlaintext(str2);
        if (str != null) {
            jsonWebEncryption.setKeyIdHeaderValue(str);
        }
        if (z && str2.split("\\.").length == 3) {
            jsonWebEncryption.setHeader("cty", "JWT");
        }
        jsonWebEncryption.setEncryptionMethodHeaderParameter("A256GCM");
        if (keyManagementAlgorithm != null) {
            jsonWebEncryption.setAlgorithmHeaderValue(keyManagementAlgorithm.getAlgorithm());
        } else if (key instanceof SecretKey) {
            int length = ((SecretKey) key).getEncoded().length * 8;
            if (length != 256 && length != 192 && length != 128) {
                throw new IllegalStateException("Invalid AES secret key length (valid values are 256, 192 or 128): " + length);
            }
            jsonWebEncryption.setAlgorithmHeaderValue("A" + length + "KW");
        } else {
            jsonWebEncryption.setAlgorithmHeaderValue("RSA-OAEP");
        }
        jsonWebEncryption.setKey(key);
        return jsonWebEncryption.getCompactSerialization();
    }

    private static JwtClaims createJwtClaims(String str, Set<InvalidClaims> set, Map<String, Long> map) throws Exception {
        JwtClaims parse = JwtClaims.parse(readJsonContent(str));
        if (set.contains(InvalidClaims.ISSUER)) {
            parse.setIssuer("INVALID_ISSUER");
        }
        long currentTimeInSecs = currentTimeInSecs();
        long j = currentTimeInSecs + 300;
        long j2 = currentTimeInSecs;
        long j3 = j2;
        boolean z = false;
        if (map != null && map.containsKey(Claims.exp.name())) {
            j = map.get(Claims.exp.name()).longValue();
            z = true;
        }
        if (z) {
            j2 = j - 5;
            j3 = j2;
        } else if (set.contains(InvalidClaims.IAT)) {
            j2 = j + 5;
            j3 = j2;
        }
        parse.setIssuedAt(NumericDate.fromSeconds(j2));
        parse.setClaim(Claims.auth_time.name(), Long.valueOf(j3));
        if (!set.contains(InvalidClaims.EXP)) {
            parse.setExpirationTime(NumericDate.fromSeconds(j));
        }
        if (map != null) {
            map.put(Claims.iat.name(), Long.valueOf(j2));
            map.put(Claims.auth_time.name(), Long.valueOf(j3));
            map.put(Claims.exp.name(), Long.valueOf(j));
        }
        return parse;
    }

    private static String readJsonContent(String str) throws IOException {
        InputStream resourceAsStream = TokenUtils.class.getResourceAsStream(str);
        if (resourceAsStream == null) {
            throw new IllegalStateException("Failed to find resource: " + str);
        }
        Scanner scanner = new Scanner(resourceAsStream);
        Throwable th = null;
        try {
            try {
                scanner.useDelimiter("\\A");
                String next = scanner.hasNext() ? scanner.next() : "";
                if (scanner != null) {
                    if (0 != 0) {
                        try {
                            scanner.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        scanner.close();
                    }
                }
                return next;
            } finally {
            }
        } catch (Throwable th3) {
            if (scanner != null) {
                if (th != null) {
                    try {
                        scanner.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    scanner.close();
                }
            }
            throw th3;
        }
    }

    public static String readResource(String str) throws IOException {
        InputStream resourceAsStream = TokenUtils.class.getResourceAsStream(str);
        StringWriter stringWriter = new StringWriter();
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(resourceAsStream));
        Throwable th = null;
        try {
            try {
                for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                    stringWriter.write(readLine);
                    stringWriter.write(10);
                }
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                return stringWriter.toString();
            } finally {
            }
        } catch (Throwable th3) {
            if (bufferedReader != null) {
                if (th != null) {
                    try {
                        bufferedReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    bufferedReader.close();
                }
            }
            throw th3;
        }
    }

    public static RSAPrivateKey readPrivateKey(String str) throws Exception {
        byte[] bArr = new byte[4096];
        return decodePrivateKey(new String(bArr, 0, TokenUtils.class.getResourceAsStream(str).read(bArr)));
    }

    public static ECPrivateKey readECPrivateKey(String str) throws Exception {
        byte[] bArr = new byte[4096];
        return decodeECPrivateKey(new String(bArr, 0, TokenUtils.class.getResourceAsStream(str).read(bArr)));
    }

    public static RSAPublicKey readPublicKey(String str) throws Exception {
        byte[] bArr = new byte[4096];
        return decodePublicKey(new String(bArr, 0, TokenUtils.class.getResourceAsStream(str).read(bArr)));
    }

    public static ECPublicKey readECPublicKey(String str) throws Exception {
        byte[] bArr = new byte[4096];
        return decodeECPublicKey(new String(bArr, 0, TokenUtils.class.getResourceAsStream(str).read(bArr)));
    }

    public static PublicKey readJwkPublicKey(String str) throws Exception {
        return ((PublicJsonWebKey) PublicJsonWebKey.class.cast(JsonWebKey.Factory.newJwk(JsonUtil.parseJson(readJsonContent(str))))).getPublicKey();
    }

    public static PrivateKey readJwkPrivateKey(String str) throws Exception {
        return ((PublicJsonWebKey) PublicJsonWebKey.class.cast(JsonWebKey.Factory.newJwk(JsonUtil.parseJson(readJsonContent(str))))).getPrivateKey();
    }

    public static KeyPair generateKeyPair(int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(i);
        return keyPairGenerator.genKeyPair();
    }

    public static RSAPrivateKey decodePrivateKey(String str) throws Exception {
        return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(toEncodedBytes(str)));
    }

    public static ECPrivateKey decodeECPrivateKey(String str) throws Exception {
        return (ECPrivateKey) KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(toEncodedBytes(str)));
    }

    public static RSAPublicKey decodePublicKey(String str) throws Exception {
        return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(toEncodedBytes(str)));
    }

    public static ECPublicKey decodeECPublicKey(String str) throws Exception {
        return (ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(toEncodedBytes(str)));
    }

    private static byte[] toEncodedBytes(String str) {
        return Base64.getDecoder().decode(removeBeginEnd(str));
    }

    private static String removeBeginEnd(String str) {
        return str.replaceAll("-----BEGIN (.*)-----", "").replaceAll("-----END (.*)----", "").replaceAll("\r\n", "").replaceAll("\n", "").trim();
    }

    public static int currentTimeInSecs() {
        return (int) (System.currentTimeMillis() / 1000);
    }
}
