package com.github.ibole.infrastructure.security.jwt.jose4j;

import com.github.ibole.infrastructure.common.exception.GenericRuntimeException;
import com.github.ibole.infrastructure.security.CertificateCoder;
import com.github.ibole.infrastructure.security.jwt.JwtConstant;
import com.github.ibole.infrastructure.security.jwt.JwtObject;
import com.github.ibole.infrastructure.security.jwt.TokenParseException;
import com.google.common.base.Preconditions;
import com.google.gson.Gson;
import com.google.gson.JsonObject;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.List;
import org.apache.commons.io.IOUtils;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jwk.EcJwkGenerator;
import org.jose4j.jwk.EllipticCurveJsonWebKey;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.MalformedClaimException;
import org.jose4j.jwt.NumericDate;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.jose4j.jwt.consumer.JwtContext;
import org.jose4j.keys.EllipticCurves;
import org.jose4j.keys.RsaKeyUtil;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:com/github/ibole/infrastructure/security/jwt/jose4j/JwtUtils.class */
public final class JwtUtils {
    private JwtUtils() {
    }

    public static void main(String[] strArr) throws Exception {
        generateECKeyPairFiles("d:/senderJWK.json", "d:/receiverJWK.json");
    }

    public static String[] generateECKeyPair() {
        String[] strArr = new String[2];
        try {
            EllipticCurveJsonWebKey generateJwk = EcJwkGenerator.generateJwk(EllipticCurves.P256);
            EllipticCurveJsonWebKey generateJwk2 = EcJwkGenerator.generateJwk(EllipticCurves.P256);
            strArr[0] = generateJwk.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE);
            strArr[1] = generateJwk2.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE);
            return strArr;
        } catch (JoseException e) {
            throw new GenericRuntimeException("Generating jwk error happened", e);
        }
    }

    public static PublicJsonWebKey toJsonWebKey(String str) {
        File file = new File(str);
        BufferedReader bufferedReader = null;
        StringBuilder sb = new StringBuilder();
        try {
            try {
                bufferedReader = new BufferedReader(new FileReader(file));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        PublicJsonWebKey newPublicJwk = PublicJsonWebKey.Factory.newPublicJwk(sb.toString());
                        IOUtils.closeQuietly(bufferedReader);
                        return newPublicJwk;
                    }
                    sb.append(readLine);
                }
            } catch (IOException | JoseException e) {
                throw new GenericRuntimeException("Reading Json file error happened", e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(bufferedReader);
            throw th;
        }
    }

    public static void generateECKeyPairFiles(String str, String str2) {
        String[] generateECKeyPair = generateECKeyPair();
        generateJsonFile(str, generateECKeyPair[0]);
        generateJsonFile(str2, generateECKeyPair[1]);
    }

    private static void generateJsonFile(String str, String str2) {
        FileWriter fileWriter = null;
        PrintWriter printWriter = null;
        try {
            try {
                fileWriter = new FileWriter(str);
                printWriter = new PrintWriter(fileWriter);
                printWriter.write(str2);
                printWriter.flush();
                IOUtils.closeQuietly(printWriter);
                IOUtils.closeQuietly(fileWriter);
            } catch (IOException e) {
                throw new GenericRuntimeException("Generating Json file error happened", e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(printWriter);
            IOUtils.closeQuietly(fileWriter);
            throw th;
        }
    }

    public static String createJwtWithRSAKey(JwtObject jwtObject, RsaJsonWebKey rsaJsonWebKey) throws JoseException {
        rsaJsonWebKey.setKeyId(JwtConstant.KID_RSA);
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setIssuer(jwtObject.getIssuer());
        jwtClaims.setAudience(jwtObject.getAudience());
        jwtClaims.setExpirationTime(NumericDate.fromMilliseconds(System.currentTimeMillis() + (jwtObject.getTtlSeconds() * 1000)));
        jwtClaims.setGeneratedJwtId();
        jwtClaims.setIssuedAtToNow();
        jwtClaims.setSubject(jwtObject.getSubject());
        jwtClaims.setClaim(JwtConstant.CLIENT_ID, jwtObject.getClientId());
        jwtClaims.setNotBeforeMinutesInThePast(1.0f);
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(jwtClaims.toJson());
        jsonWebSignature.setKey(rsaJsonWebKey.getPrivateKey());
        jsonWebSignature.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId());
        jsonWebSignature.setAlgorithmHeaderValue("RS256");
        return jsonWebSignature.getCompactSerialization();
    }

    public static boolean validJwtWithRSAKey(String str, String str2, RsaJsonWebKey rsaJsonWebKey) throws InvalidJwtException, MalformedClaimException {
        JwtContext process = new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().build().process(str);
        String issuer = process.getJwtClaims().getIssuer();
        List audience = process.getJwtClaims().getAudience();
        new JwtConsumerBuilder().setRequireExpirationTime().setMaxFutureValidityInMinutes(60).setAllowedClockSkewInSeconds(10).setExpectedIssuer(issuer).setExpectedAudience((String[]) audience.toArray(new String[0])).setRequireSubject().setRequireNotBefore().setExpectedSubject(process.getJwtClaims().getSubject()).setVerificationKey(rsaJsonWebKey.getKey()).registerValidator(new ClientIdentifierValidator(str2)).build().processToClaims(str);
        return true;
    }

    public static JsonObject toJson(String str) {
        return (JsonObject) new Gson().fromJson(str, JsonObject.class);
    }

    public static String createJwtWithECKey(JwtObject jwtObject, EllipticCurveJsonWebKey ellipticCurveJsonWebKey, EllipticCurveJsonWebKey ellipticCurveJsonWebKey2) throws JoseException {
        Preconditions.checkArgument(jwtObject != null, "Param cannot be null!");
        ellipticCurveJsonWebKey.setKeyId(String.valueOf(jwtObject.getIssuer().hashCode()));
        ellipticCurveJsonWebKey2.setKeyId(String.valueOf(jwtObject.getIssuer().hashCode()));
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setIssuer(jwtObject.getIssuer());
        jwtClaims.setAudience(jwtObject.getAudience());
        jwtClaims.setExpirationTime(NumericDate.fromMilliseconds(System.currentTimeMillis() + (jwtObject.getTtlSeconds() * 1000)));
        jwtClaims.setGeneratedJwtId();
        jwtClaims.setIssuedAtToNow();
        jwtClaims.setNotBeforeMinutesInThePast(1.0f);
        jwtClaims.setSubject(jwtObject.getSubject());
        jwtClaims.setClaim(JwtConstant.CLIENT_ID, jwtObject.getClientId());
        jwtClaims.setClaim(JwtConstant.LOGIN_ID, jwtObject.getLoginId());
        jwtClaims.setStringListClaim(JwtConstant.ROLE_ID, jwtObject.getRoles());
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(jwtClaims.toJson());
        jsonWebSignature.setKey(ellipticCurveJsonWebKey.getPrivateKey());
        jsonWebSignature.setKeyIdHeaderValue(ellipticCurveJsonWebKey.getKeyId());
        jsonWebSignature.setAlgorithmHeaderValue("ES256");
        String compactSerialization = jsonWebSignature.getCompactSerialization();
        JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
        jsonWebEncryption.setAlgorithmHeaderValue("ECDH-ES+A128KW");
        jsonWebEncryption.setEncryptionMethodHeaderParameter("A128CBC-HS256");
        jsonWebEncryption.setKey(ellipticCurveJsonWebKey2.getPublicKey());
        jsonWebEncryption.setKeyIdHeaderValue(ellipticCurveJsonWebKey2.getKeyId());
        jsonWebEncryption.setContentTypeHeaderValue("JWT");
        jsonWebEncryption.setPayload(compactSerialization);
        return jsonWebEncryption.getCompactSerialization();
    }

    public static boolean isExpired(String str, String str2, PublicJsonWebKey publicJsonWebKey, PublicJsonWebKey publicJsonWebKey2) {
        try {
            new JwtConsumerBuilder().setRequireExpirationTime().setMaxFutureValidityInMinutes(60).setAllowedClockSkewInSeconds(10).setDecryptionKey(publicJsonWebKey2.getPrivateKey()).setVerificationKey(publicJsonWebKey.getPublicKey()).setExpectedAudience(new String[]{str2}).build().processToClaims(str);
            return false;
        } catch (InvalidJwtException e) {
            return true;
        }
    }

    public static boolean validateToken(String str, String str2, String str3, PublicJsonWebKey publicJsonWebKey, PublicJsonWebKey publicJsonWebKey2) throws TokenParseException {
        return validateClientUniqueIdentifier(str, str2, str3, publicJsonWebKey2) && validateSignature(str, publicJsonWebKey, publicJsonWebKey2);
    }

    private static boolean validateClientUniqueIdentifier(String str, String str2, String str3, PublicJsonWebKey publicJsonWebKey) throws TokenParseException {
        try {
            JwtContext parseJwt = parseJwt(str, publicJsonWebKey);
            if (str2.equals(parseJwt.getJwtClaims().getStringClaimValue(JwtConstant.CLIENT_ID))) {
                return str3.equals(parseJwt.getJwtClaims().getStringClaimValue(JwtConstant.LOGIN_ID));
            }
            return false;
        } catch (InvalidJwtException | MalformedClaimException e) {
            throw new TokenParseException((Throwable) e);
        }
    }

    private static boolean validateSignature(String str, PublicJsonWebKey publicJsonWebKey, PublicJsonWebKey publicJsonWebKey2) throws TokenParseException {
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        try {
            JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
            jsonWebEncryption.setKey(publicJsonWebKey2.getPrivateKey());
            jsonWebEncryption.setCompactSerialization(str);
            jsonWebSignature.setCompactSerialization(jsonWebEncryption.getPayload());
            jsonWebSignature.setKey(publicJsonWebKey.getPublicKey());
            return jsonWebSignature.verifySignature();
        } catch (JoseException e) {
            throw new TokenParseException((Throwable) e);
        }
    }

    public static JwtObject claimsOfTokenWithoutValidation(String str, PublicJsonWebKey publicJsonWebKey) throws TokenParseException {
        try {
            JwtContext parseJwt = parseJwt(str, publicJsonWebKey);
            JwtObject jwtObject = new JwtObject();
            if (parseJwt.getJwtClaims().getAudience() != null && parseJwt.getJwtClaims().getAudience().size() > 0) {
                jwtObject.setAudience((String) parseJwt.getJwtClaims().getAudience().get(0));
            }
            jwtObject.setIssuer(parseJwt.getJwtClaims().getIssuer());
            jwtObject.setClientId(parseJwt.getJwtClaims().getStringClaimValue(JwtConstant.CLIENT_ID));
            jwtObject.setLoginId(parseJwt.getJwtClaims().getStringClaimValue(JwtConstant.LOGIN_ID));
            jwtObject.setSubject(parseJwt.getJwtClaims().getSubject());
            jwtObject.getRoles().addAll((List) parseJwt.getJwtClaims().getClaimsMap().get(JwtConstant.ROLE_ID));
            return jwtObject;
        } catch (MalformedClaimException | InvalidJwtException e) {
            throw new TokenParseException((Throwable) e);
        }
    }

    private static JwtContext parseJwt(String str, PublicJsonWebKey publicJsonWebKey) throws InvalidJwtException {
        return new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().setDecryptionKey(publicJsonWebKey.getPrivateKey()).build().process(str);
    }

    public PublicKey jwtPublicKey(String str) throws TokenParseException {
        Preconditions.checkArgument(str != null, "Param cannot be null!");
        try {
            if (!str.startsWith("-----BEGIN CERTIFICATE-----")) {
                if (str.startsWith("-----BEGIN PUBLIC KEY-----")) {
                    return new RsaKeyUtil().fromPemEncoded(str);
                }
                throw new IllegalArgumentException("Only support X.509 pem certs or Public RSA Keys for jwt keyValue");
            }
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes("UTF-8"));
            Throwable th = null;
            try {
                try {
                    PublicKey publicKey = ((X509Certificate) CertificateFactory.getInstance(CertificateCoder.X509).generateCertificate(byteArrayInputStream)).getPublicKey();
                    if (byteArrayInputStream != null) {
                        if (0 != 0) {
                            try {
                                byteArrayInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            byteArrayInputStream.close();
                        }
                    }
                    return publicKey;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new TokenParseException(e);
        }
    }
}
