package edu.uiuc.ncsa.myproxy.oauth2.tools;

import edu.uiuc.ncsa.security.core.util.MyLoggingFacade;
import edu.uiuc.ncsa.security.oauth_2_0.JWTUtil;
import edu.uiuc.ncsa.security.servlet.ServiceClient;
import edu.uiuc.ncsa.security.util.cli.CommonCommands;
import edu.uiuc.ncsa.security.util.cli.InputLine;
import edu.uiuc.ncsa.security.util.jwk.JSONWebKey;
import edu.uiuc.ncsa.security.util.jwk.JSONWebKeyUtil;
import edu.uiuc.ncsa.security.util.jwk.JSONWebKeys;
import edu.uiuc.ncsa.security.util.pkcs.KeyUtil;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.math.BigInteger;
import java.net.URI;
import java.security.SecureRandom;
import java.util.Date;
import java.util.StringTokenizer;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:edu/uiuc/ncsa/myproxy/oauth2/tools/JWKUtilCommands.class */
public class JWKUtilCommands extends CommonCommands {
    public static String JWK_EXTENSION = "jwk";
    JSONWebKeys keys;
    String wellKnown;
    protected String showAllKeys;
    String defaultKeyID;
    protected String CL_KEY_FILE_FLAG;
    protected String CL_KEY_ID_FLAG;
    protected String CL_WELL_KNOWN_FLAG;
    protected String CL_IS_PUBLIC_FLAG;
    protected String CL_IS_PRIVATE_FLAG;
    String lastToken;
    protected String LIFETIME_FLAG;
    protected String JTI_FLAG;
    protected String PRINT_CLAIMS_FLAG;
    protected long DEFAULT_LIFETIME;
    protected int JTI_RADIX;
    String base64Encode;
    String base64Dencode;
    String base64Bytes;

    public JWKUtilCommands(MyLoggingFacade myLoggingFacade) {
        super(myLoggingFacade);
        this.keys = null;
        this.wellKnown = null;
        this.showAllKeys = "-showAll";
        this.defaultKeyID = null;
        this.CL_KEY_FILE_FLAG = "-keys";
        this.CL_KEY_ID_FLAG = "-key_id";
        this.CL_WELL_KNOWN_FLAG = "-key_id";
        this.CL_IS_PUBLIC_FLAG = "-public";
        this.CL_IS_PRIVATE_FLAG = "-private";
        this.lastToken = null;
        this.LIFETIME_FLAG = "-lifetime";
        this.JTI_FLAG = "-jti";
        this.PRINT_CLAIMS_FLAG = "-print_claims";
        this.DEFAULT_LIFETIME = 600L;
        this.JTI_RADIX = 36;
        this.base64Encode = "-encode";
        this.base64Dencode = "-decode";
        this.base64Bytes = "-binary";
    }

    public String getPrompt() {
        return "jwt>";
    }

    protected void createKeysHelps() {
        say("create_keys [" + this.CL_INPUT_FILE_FLAG + " set_of_keys " + this.CL_IS_PUBLIC_FLAG + "] | [" + this.CL_IS_PRIVATE_FLAG + "] " + this.CL_OUTPUT_FILE_FLAG + " file");
        say("  Create a set of RSA JSON Web keys and store them in the given file");
        say("  There are several modes of operation. If you do not specify an output file, then the keys are written ");
        say("  to the command line.");
        say("  Interactive mode:");
        say("     E.g.");
        say("     create_keys " + this.CL_OUTPUT_FILE_FLAG + " keys.jwk");
        say("         This will create a set of key pairs with random ids and store the result in the file kwys.jwk");
        say("");
        say("     create_keys");
        say("          with no arguments, a full set of keys will be created and printed to the command line.");
        say("  Batch mode:");
        say("     ");
        say("     You can also take a set of keys and extract the set of public keys. Various JWT toolkits require this.");
        say("     create_keys " + this.CL_IS_PUBLIC_FLAG + " " + this.CL_INPUT_FILE_FLAG + " keys.jwk " + this.CL_OUTPUT_FILE_FLAG + "  pub_keys.jwk");
        say("          This will take the full set of keys in keys.jwk extract the public keys and place the result in pub_keys.jwk");
        say("          Note: including the -public flag implies the -in argument is given and an error will result if it is not found");
        say("See also create_public_keys");
    }

    public void create_keys(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            createKeysHelps();
            return;
        }
        if (!inputLine.hasArgs()) {
            SigningCommands signingCommands = new SigningCommands(null);
            signingCommands.setBatchMode(isBatchMode());
            signingCommands.create(inputLine);
            return;
        }
        if (inputLine.hasArg(this.CL_IS_PUBLIC_FLAG) && !inputLine.hasArg(this.CL_INPUT_FILE_FLAG)) {
            if (isBatch()) {
                sayv("Error! Request for public keys but no set odf keys supplied.");
                System.exit(1);
            }
            say("Error! Request for public keys but no set odf keys supplied.");
            return;
        }
        boolean hasArg = inputLine.hasArg(this.CL_IS_PUBLIC_FLAG);
        if (inputLine.hasArg(this.CL_IS_PRIVATE_FLAG) && hasArg) {
            if (isBatch()) {
                sayv("Error: cannot specify both private and public keys at the same time");
                System.exit(1);
            }
            say("Error: cannot specify both private and public keys at the same time");
            return;
        }
        boolean hasArg2 = inputLine.hasArg(this.CL_OUTPUT_FILE_FLAG);
        if (hasArg) {
            JSONObject json = JSONWebKeyUtil.toJSON(JSONWebKeyUtil.makePublic(JSONWebKeyUtil.fromJSON(readFile(inputLine.getNextArgFor(this.CL_INPUT_FILE_FLAG)))));
            if (hasArg2) {
                writeFile(inputLine.getNextArgFor(this.CL_OUTPUT_FILE_FLAG), json.toString(2));
                return;
            } else {
                say(json.toString(2));
                return;
            }
        }
        JSONObject json2 = JSONWebKeyUtil.toJSON(new SigningCommands(null).createJsonWebKeys());
        if (hasArg2) {
            writeFile(inputLine.getNextArgFor(this.CL_OUTPUT_FILE_FLAG), json2.toString(2));
        } else {
            say(json2.toString(2));
        }
    }

    public void print_well_known(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            printWellKnownHelp();
        } else if (this.wellKnown == null || this.wellKnown.isEmpty()) {
            say("(not set)");
        } else {
            say("well known URL=\"" + this.wellKnown + "\"");
        }
    }

    protected void printWellKnownHelp() {
        say("print_well_known: Prints the well-known URL that has been set.");
        say("                  Note that you set it in the set_keys call if you supply its URL");
        say("                  The well-known URL resides on a server and has the public keys listed");
        say("                  While you can validate a signature against it, you cannot create one since");
        say("                  the private key is never available through the well-knwon file.");
        say("Related: set_keys, validate_token");
    }

    protected void setKeysHelp() {
        say("set_keys: [" + this.CL_INPUT_FILE_FLAG + " filename | " + this.CL_WELL_KNOWN_FLAG + " uri]");
        say("          Set the keys used for signing and validation in this session.");
        say("          Either supplied a fully qualified path to the file or a uri. If you pass nothing");
        say("          you will be prompted for a file. You can invoke this at any to change the keys.");
        say("  Related: create_keys, set_default_id");
    }

    public void set_keys(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            setKeysHelp();
            return;
        }
        File file = null;
        if (inputLine.size() == 1) {
            if (!getBooleanInput("Did you want to enter a file name?")) {
                return;
            } else {
                file = new File(getInput("Enter file name"));
            }
        }
        if (inputLine.hasArg(this.CL_INPUT_FILE_FLAG)) {
            file = new File(inputLine.getNextArgFor(this.CL_INPUT_FILE_FLAG));
            if (!file.exists()) {
                say("Sorry, the file you specified, \"" + inputLine.getArg(1) + "\" does not exist.");
                return;
            }
        }
        if (file != null) {
            this.keys = readKeys(file);
            if (this.defaultKeyID == null || !this.keys.containsKey(this.defaultKeyID)) {
                return;
            }
            this.keys.setDefaultKeyID(this.defaultKeyID);
            return;
        }
        this.wellKnown = inputLine.getNextArgFor(this.CL_WELL_KNOWN_FLAG);
        try {
            this.keys = JWTUtil.getJsonWebKeys(new ServiceClient(URI.create("https://cilogon.org")), this.wellKnown);
        } catch (Throwable th) {
            sayi("Sorry, could not parse the url: \"" + th.getMessage() + "\"");
        }
    }

    protected JSONWebKeys readKeys(File file) throws Exception {
        return JSONWebKeyUtil.fromJSON(file);
    }

    protected void listKeysHelp() {
        say("list_keys [" + this.showAllKeys + " file]:This will list all the public keys in the key file in pem format.");
        say("           Each key will be preceeded by its unique ID in the key file.");
        say("           You may invoke this with no argument, in which case the default key file");
        say("           as set in the set_keys command will be used, or you can supply a fully qualified");
        say("           path to a JSON web key file that will be used.");
        say("           If you supply the " + this.showAllKeys + " flag then the private key in PKCS 8 format will be shown");
        say("           too. Note the default is to not show the private key.");
        say("  Related: set_keys, create_keys, print_public_keys (prints in JSON format)");
    }

    protected void printPublicKeysHelp() {
        say("print_public_keys [file]: This will print the public keys only for a key set.");
        say("                          Note that if no file is supplied the current key set is used.");
        say("                          The result is JSON formatted. If you need PEM format use list_keys instead.");
    }

    public void print_public_keys(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            printPublicKeysHelp();
        } else {
            say(JSONWebKeyUtil.toJSON(JSONWebKeyUtil.makePublic(inputLine.hasArgs() ? readKeys(new File(inputLine.getLastArg())) : this.keys)).toString(2));
        }
    }

    public void create_public_keys(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            printPublicKeysHelp();
        } else {
            say(JSONWebKeyUtil.toJSON(JSONWebKeyUtil.makePublic(inputLine.hasArgs() ? readKeys(new File(inputLine.getArg(1))) : this.keys)).toString(2));
        }
    }

    protected void writeFile(String str, String str2) throws Exception {
        FileWriter fileWriter = new FileWriter(new File(str));
        fileWriter.write(str2);
        fileWriter.flush();
        fileWriter.close();
    }

    public void list_keys(InputLine inputLine) throws Exception {
        JSONWebKeys readKeys;
        if (showHelp(inputLine)) {
            listKeysHelp();
            return;
        }
        boolean hasArg = inputLine.hasArg(this.showAllKeys);
        if (hasArg && 1 == inputLine.size()) {
            if (this.keys == null || this.keys.isEmpty()) {
                say("Sorry, there are no keys specified. Either use setkeys or specify a key file.");
                return;
            }
            readKeys = this.keys;
        } else {
            readKeys = readKeys(new File(inputLine.getLastArg()));
        }
        boolean hasDefaultKey = readKeys.hasDefaultKey();
        String defaultKeyID = hasDefaultKey ? readKeys.getDefaultKeyID() : null;
        for (String str : readKeys.keySet()) {
            if (!hasDefaultKey) {
                say("key id=" + str);
            } else if (str.equals(defaultKeyID)) {
                say("key id=" + str + " (default)");
            } else {
                say("key id=" + str);
            }
            say(KeyUtil.toX509PEM(((JSONWebKey) readKeys.get(str)).publicKey));
            if (hasArg) {
                say(KeyUtil.toPKCS8PEM(((JSONWebKey) readKeys.get(str)).privateKey));
            }
        }
    }

    protected void printCreateClaimsHelp() {
        say("create_claims: Prompt the user for key/value pairs and build a claims object. ");
        say("               This will write the object to a file for future use.");
        say("               Note: You may input JSON objects as values as well. There are various");
        say("               places (such as creating a token) that requires a set of claims. This command");
        say("               lets you create one.");
        say("");
        say("Related: create_token, parse_claims");
    }

    public void create_claims(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            printCreateClaimsHelp();
            return;
        }
        say("Enter a key then a value when prompted. You can enter multiple values separated by commas");
        say("Just hit return (no value) to exit");
        boolean z = false;
        JSONObject jSONObject = new JSONObject();
        while (!z) {
            String input = getInput("Enter key or return to exit.");
            if (isEmpty(input)) {
                z = true;
            } else {
                String input2 = getInput("Enter value. multiple values should be comma separated");
                try {
                    jSONObject.put(input, JSONObject.fromObject(input2));
                } catch (Throwable th) {
                    if (0 < input2.indexOf(",")) {
                        StringTokenizer stringTokenizer = new StringTokenizer(input2, ",");
                        JSONArray jSONArray = new JSONArray();
                        while (stringTokenizer.hasMoreTokens()) {
                            jSONArray.add(stringTokenizer.nextToken());
                        }
                        jSONObject.put(input, jSONArray);
                    } else {
                        jSONObject.put(input, input2);
                    }
                }
            }
        }
        sayi("Here's what you inputted");
        say(jSONObject.toString(2));
        if (getBooleanInput("Would you like to write this to a file?[y/n]")) {
            File file = new File(getInput("Enter filename"));
            if (!file.exists() || Boolean.parseBoolean(getInput("This file exists. Do you want to overwrite it?", "false"))) {
                String jSONObject2 = jSONObject.toString(2);
                FileOutputStream fileOutputStream = new FileOutputStream(file);
                fileOutputStream.write(jSONObject2.getBytes());
                fileOutputStream.flush();
                fileOutputStream.close();
                sayi(file + " written!");
            }
        }
    }

    protected boolean getBooleanInput(String str) {
        String input = getInput(str, "y");
        return input.equalsIgnoreCase("y") || input.equalsIgnoreCase("yes") || input.equalsIgnoreCase("true");
    }

    protected String getInput(String str) {
        sayi2(str + ":");
        String readline = readline();
        if (isEmpty(readline)) {
            return null;
        }
        return readline;
    }

    protected void printSetDefaultIDHelp() {
        say("set_default_id [keyid]: This will set the default key id to be used for all signing and verification.");
        say("                        If this is not set, you will be prompted each time for an id.");
        say("                        Remember that a set of web keys does not have a default. If you import.");
        say("                        a set, you should set one as default.");
    }

    public void set_default_id(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            printSetDefaultIDHelp();
            return;
        }
        if (1 < inputLine.size()) {
            this.defaultKeyID = inputLine.getArg(1);
            return;
        }
        String input = getInput("Enter the key id");
        if (isEmpty(input)) {
            return;
        }
        this.defaultKeyID = input;
    }

    protected void printPrintDefaultIDHelp() {
        say("print_default_id: This will print the current default key id that is to be used for all signing and verification.");
        say("Related: set_default_id");
    }

    public void print_default_id(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            printSetDefaultIDHelp();
        } else if (this.defaultKeyID == null || this.defaultKeyID.isEmpty()) {
            say("(not set)");
        } else {
            say("default key id=\"" + this.defaultKeyID + "\"");
        }
    }

    protected void printParseClaimsHelp() {
        say("parse_claims [filename]");
        say("           Read a file and print out if it parses as JSON.");
        say("           If the filename is omitted, you will be prompted for it.");
        say("           Note that this will try to give some limited feedback in syntax errors.");
        say("           The intent is that if you have written a file with claims, this lets you");
        say("           validate the JSON before using it.");
        say("Related: create_claims");
    }

    public void parse_claims(InputLine inputLine) throws Exception {
        String input;
        if (showHelp(inputLine)) {
            printParseClaimsHelp();
            return;
        }
        if (1 < inputLine.size()) {
            input = inputLine.getArg(1);
        } else {
            input = getInput("Enter full path to the claims file.");
            if (isEmpty(input)) {
                say("No claims file. Exiting...");
                return;
            }
        }
        String readFile = readFile(input);
        if (readFile == null) {
            say("Could not read the file \"" + input + "\"");
            return;
        }
        try {
            JSONObject fromObject = JSONObject.fromObject(readFile);
            if (fromObject == null) {
                say("No JSON object resulted from parsing.");
            } else {
                say("success!");
                say(fromObject.toString(3));
            }
        } catch (Throwable th) {
            say("Parsing fail with a message of \"" + th.getMessage() + "\"");
        }
    }

    protected String getArgValue(InputLine inputLine, String str) {
        return inputLine.getNextArgFor(str);
    }

    protected void createTokenHelp() {
        say("create_token " + this.CL_INPUT_FILE_FLAG + " claims [" + this.CL_KEY_FILE_FLAG + " keyfile " + this.CL_KEY_ID_FLAG + " id " + this.CL_OUTPUT_FILE_FLAG + " outputFile]");
        say("   Interactive mode:                                                                     ");
        say("      This will take the current keys (uses default) and a file containing a JSON");
        say("      format set of claims. It will then sign the claims with the right headers etc.");
        say("      and optionally print out the resulting JWT to the console. Any of the arguments omitted ");
        say("      will cause you to be prompted. NOTE that this only signs the token! If you need to generate");
        say("      accounting information like the timestamps, please use generate_token instead");
        say("      If you have already set the key and keyid these will be used.");
        say("      If the output file is given, the token will be written there instead.");
        say("");
        say("   Batch mode:");
        say("      Creates a token from a set of claims, then signs it using the key with the given id.            ");
        say("      Writes the output to either the target file or prints it at the command line if no output       ");
        say("      file is specified.                                                                              ");
        say("      E.g.                                                                                            ");
        say("      create_token " + this.CL_KEY_FILE_FLAG + " keys.jwk " + this.CL_KEY_ID_FLAG + " ABC123 " + this.CL_INPUT_FILE_FLAG + " my_claims.txt " + this.CL_OUTPUT_FILE_FLAG + " my_token.jwt");
        say("        Will read the keys in the file keys.jwk, select the one with id ABC123 then                   ");
        say("        read in the my_claims.txt file (assumed to be a set of claims in JSON format)                 ");
        say("        and create the header and signature. It will then place the result into the file my_token.jwt ");
        say("                                                                                                      ");
        say("      create_token " + this.CL_WELL_KNOWN_FLAG + " https://fnord.baz/.well-known " + this.CL_KEY_ID_FLAG + " CAFEBEEF " + this.CL_INPUT_FILE_FLAG + " my_claims.txt           ");
        say("         This will read the well-known file, parse it for the keys, load the keys, find the key       ");
        say("         with id CAFEBEEF read in the claims file then print the resulting token to the command line. ");
        say("Related: generate_token, set_keys, set_default_id, print_token, verify_token");
    }

    public void create_token(InputLine inputLine) throws Exception {
        String input;
        JSONObject fromObject;
        if (showHelp(inputLine)) {
            createTokenHelp();
            return;
        }
        File file = null;
        if (inputLine.hasArg(this.CL_OUTPUT_FILE_FLAG)) {
            file = new File(inputLine.getNextArgFor(this.CL_OUTPUT_FILE_FLAG));
        }
        JSONWebKeys jSONWebKeys = null;
        if (inputLine.hasArg(this.CL_KEY_FILE_FLAG)) {
            File file2 = new File(getArgValue(inputLine, this.CL_KEY_FILE_FLAG));
            if (!file2.exists()) {
                say("Sorry, that file does not seem to exist");
                return;
            } else {
                if (!file2.isFile()) {
                    say("Sorry, the thing you specified is not a file.");
                    return;
                }
                jSONWebKeys = readKeys(file2);
            }
        }
        if (inputLine.hasArg(this.CL_WELL_KNOWN_FLAG)) {
            jSONWebKeys = JWTUtil.getJsonWebKeys(inputLine.getNextArgFor(this.CL_WELL_KNOWN_FLAG));
        }
        if (jSONWebKeys == null) {
            if (isBatchMode()) {
                sayv("Error: no keys specified");
                return;
            }
            if (this.keys != null && !this.keys.isEmpty()) {
                jSONWebKeys = this.keys;
            } else if (getBooleanInput("No keys set. Would you like to specify keys for signing?")) {
                String input2 = getInput("Enter fully qualified path and file name");
                if (isEmpty(input2)) {
                    say("no file entered, exiting...");
                    return;
                }
                jSONWebKeys = readKeys(new File(input2));
            }
        }
        if (inputLine.hasArg(this.CL_KEY_ID_FLAG)) {
            input = getArgValue(inputLine, this.CL_KEY_ID_FLAG);
        } else if (this.defaultKeyID != null) {
            input = this.defaultKeyID;
        } else if (!getBooleanInput("No key id found. Do you want to enter one?")) {
            return;
        } else {
            input = getInput("Enter key id:");
        }
        if (inputLine.hasArg(this.CL_INPUT_FILE_FLAG)) {
            fromObject = JSONObject.fromObject(readFile(getArgValue(inputLine, this.CL_INPUT_FILE_FLAG)));
        } else {
            String input3 = getInput("Enter the name of the file containing the JSON object to use:");
            if (isEmpty(input3)) {
                say("No argument, exiting...");
                return;
            }
            fromObject = JSONObject.fromObject(readFile(input3));
        }
        String createJWT = JWTUtil.createJWT(fromObject, (JSONWebKey) jSONWebKeys.get(input));
        this.lastToken = createJWT;
        if (file == null) {
            say(createJWT);
            return;
        }
        FileWriter fileWriter = new FileWriter(file);
        fileWriter.write(createJWT);
        fileWriter.flush();
        fileWriter.close();
    }

    protected void generateTokenHelp() {
        say("generate_token " + this.CL_INPUT_FILE_FLAG + "  claims " + this.CL_KEY_FILE_FLAG + " keyFile " + this.LIFETIME_FLAG + "  lifetime " + this.JTI_FLAG + " " + this.PRINT_CLAIMS_FLAG + " " + this.CL_KEY_ID_FLAG + " keyId " + this.CL_OUTPUT_FILE_FLAG + " outFile");
        say("    Generate a token from the claims. This includes adding in the current time and using the lifetime (if given)");
        say("    to create the token. A JTI will also be created. ");
        say("    The meaning of the various optional flags is as follows");
        say("    " + this.LIFETIME_FLAG + " (optional) Specifies the lifetime in seconds for this token. The default is " + this.DEFAULT_LIFETIME + " seconds.");
        say("    " + this.JTI_FLAG + " (optional) If specified, generate a unique identifier for this id token. You may also just");
        say("         put one in the claims file if you need it immutable.");
        say("    " + this.PRINT_CLAIMS_FLAG + " (optional) If specified, this will print out the generated claims (not token!) to the command line.");
        say("        Note: not specifying an output file will print the resulting token.");
        say("    " + this.CL_INPUT_FILE_FLAG + " (required) The text file of a JSON object that has the claims.");
        say("    " + this.CL_KEY_FILE_FLAG + " (required) + The JWK format file containing the keys. This must contain a private key.");
        say("    " + this.CL_KEY_ID_FLAG + " (required) The id in the key file of the key to use.");
        say("    " + this.CL_OUTPUT_FILE_FLAG + " (optional) The file to which the resulting token is written. Omitting this dumps it to the command line.");
    }

    public void generate_token(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            generateTokenHelp();
            return;
        }
        if (gracefulExit(!inputLine.hasArg(this.CL_INPUT_FILE_FLAG), "Missing claims file.")) {
            return;
        }
        if (gracefulExit(!inputLine.hasArg(this.CL_KEY_FILE_FLAG), "Missing keys file.")) {
            return;
        }
        if (gracefulExit(!inputLine.hasArg(this.CL_KEY_ID_FLAG), "Missing key id for signature.")) {
            return;
        }
        String argValue = getArgValue(inputLine, this.CL_KEY_ID_FLAG);
        JSONWebKeys readKeys = readKeys(new File(inputLine.getNextArgFor(this.CL_KEY_FILE_FLAG)));
        if (gracefulExit(!readKeys.containsKey(argValue), "The key id is not in the key set. Check the id.")) {
            return;
        }
        long j = this.DEFAULT_LIFETIME;
        if (inputLine.hasArg(this.LIFETIME_FLAG)) {
            j = Long.parseLong(inputLine.getNextArgFor(this.LIFETIME_FLAG));
        }
        long time = new Date().getTime();
        JSONObject readJSON = readJSON(inputLine.getNextArgFor(this.CL_INPUT_FILE_FLAG));
        readJSON.put("iat", Long.valueOf(time / 1000));
        readJSON.put("nbf", Long.valueOf(time / 1000));
        readJSON.put("exp", Long.valueOf((time / 1000) + j));
        if (inputLine.hasArg(this.JTI_FLAG)) {
            byte[] bArr = new byte[32];
            new SecureRandom().nextBytes(bArr);
            readJSON.put("jti", "jti://" + new BigInteger(bArr).abs().toString(this.JTI_RADIX));
        }
        if (inputLine.hasArg(this.PRINT_CLAIMS_FLAG)) {
            say(readJSON.toString(2));
        }
        String createJWT = JWTUtil.createJWT(readJSON, (JSONWebKey) readKeys.get(argValue));
        if (inputLine.hasArg(this.CL_OUTPUT_FILE_FLAG)) {
            writeFile(inputLine.getNextArgFor(this.CL_OUTPUT_FILE_FLAG), createJWT);
        } else {
            say(createJWT);
        }
    }

    protected void printTokenHelp() {
        say("print_token: [" + this.CL_INPUT_FILE_FLAG + " file | token] Print the given token's header and payload, doing no verification.");
        say("    Interactive mode:");
        say("        If you omit the argument, it will print the last token generated by the create_token call.");
        say("        If there is no last token, that will be shown too. ");
        say("    Batch mode:");
        say("        Print the token specified by the file or given at the command line.");
        say("Related: create_token");
    }

    public void print_token(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            printTokenHelp();
            return;
        }
        if (inputLine.isEmpty()) {
            if (this.lastToken == null) {
                say("(no token has been created)");
                return;
            } else {
                say(this.lastToken);
                return;
            }
        }
        JSONObject[] readJWT = JWTUtil.readJWT(inputLine.hasArg(this.CL_INPUT_FILE_FLAG) ? readFile(inputLine.getNextArgFor(this.CL_INPUT_FILE_FLAG)) : inputLine.getLastArg());
        say("header");
        say(readJWT[0].toString(2));
        say("payload");
        say(readJWT[1].toString(2));
    }

    protected void printListKeyIDs() {
        say("list_key_ids [filename]");
        say("                List the unique key ids in the file");
        say("                If you do not supply an argument, the globally set keys will be used");
        say("                If there is no default set of keys, you will be prompted for a file");
        say("      related: set_keys, set_default_id");
    }

    public void list_key_ids(InputLine inputLine) throws Exception {
        JSONWebKeys jSONWebKeys;
        if (showHelp(inputLine)) {
            printListKeyIDs();
            return;
        }
        if (1 < inputLine.size()) {
            jSONWebKeys = JSONWebKeyUtil.fromJSON(new File(inputLine.getArg(1)));
        } else if (this.keys != null) {
            jSONWebKeys = this.keys;
        } else if (!getBooleanInput("Do you want to enter a file name?")) {
            return;
        } else {
            jSONWebKeys = JSONWebKeyUtil.fromJSON(new File(getInput("Enter path and name of the key file")));
        }
        String defaultKeyID = jSONWebKeys.hasDefaultKey() ? jSONWebKeys.getDefaultKeyID() : this.defaultKeyID;
        for (String str : jSONWebKeys.keySet()) {
            JSONWebKey jSONWebKey = (JSONWebKey) jSONWebKeys.get(str);
            say("id=" + str + ", alg=" + jSONWebKey.algorithm + ", type=" + jSONWebKey.type + ", use=" + jSONWebKey.use + (jSONWebKey.id.equals(defaultKeyID) ? " (default)" : ""));
        }
    }

    protected void printValidateTokenHelp() {
        say("validate_token [" + this.CL_WELL_KNOWN_FLAG + " url | " + this.CL_KEY_FILE_FLAG + " file " + this.CL_INPUT_FILE_FLAG + " filename  | token]");
        say("    Interactive mode:                                                                                                            ");
        say("         This will take a token and check the signature. It will also print out the payload");
        say("         and header information.");
        say("         The validation is against the current set of keys or against a URL specified with the");
        say("         -wellKnown flag. You can also point to a key file (file with JSON web keys in it) with");
        say("         the -keyFile flag.");
        say("         You may supply either the token itself or specify with the -file flag that this is in a file.");
        say("     Batch mode:");
        say("          This will verify a given jwt given either a set of keys or a well-known url (from which the key will            ");
        say("          be extracted. You may either specify the token in a file or as the final argument.                              ");
        say("          This will result in a return code of 1 if the token is valid or 0 if not.                                       ");
        say("          E.g.s                                                                                                          ");
        say("          validate_token " + this.CL_WELL_KNOWN_FLAG + " https://foo.bar/.well-known " + this.CL_INPUT_FILE_FLAG + " my_token.jwt                                         ");
        say("             This will read the keys in the well-known file and read the token in the file                                ");
        say("                                                                                                                       ");
        say("          validate_token " + this.CL_WELL_KNOWN_FLAG + "https://foo.bar/.well-known -v " + this.CL_INPUT_FILE_FLAG + " my_token.jwt                                      ");
        say("             Identical behavior to the first example but note the -v flag: This causes any information about              ");
        say("             the token to be printed. Normally this is not used except for trying to debug issues.                        ");
        say("                                              ");
        say("          validate_token " + this.CL_KEY_FILE_FLAG + "  keys.jwk eyJ...........                                                                    ");
        say("             This will read in the keys from the give file and the assumption is that the last argument is the token itself");
        say("             Note that in this example the token is truncated so it fits here.                                     ");
        say("Related: create_token");
    }

    public void validate_token(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            printValidateTokenHelp();
            return;
        }
        if (1 == inputLine.size()) {
            say("Sorry, no argument");
            return;
        }
        String nextArgFor = inputLine.hasArg(this.CL_INPUT_FILE_FLAG) ? inputLine.getNextArgFor(this.CL_INPUT_FILE_FLAG) : inputLine.getLastArg();
        JSONWebKeys jSONWebKeys = this.keys;
        if (inputLine.hasArg(this.CL_WELL_KNOWN_FLAG)) {
            String nextArgFor2 = inputLine.getNextArgFor(this.CL_WELL_KNOWN_FLAG);
            try {
                jSONWebKeys = JWTUtil.getJsonWebKeys(new ServiceClient(URI.create("https://cilogon.org")), nextArgFor2);
            } catch (Throwable th) {
                sayi("Sorry, could not parse the url: \"" + nextArgFor2 + "\". Message=\"" + th.getMessage() + "\"");
            }
        }
        if (inputLine.hasArg(this.CL_KEY_FILE_FLAG) && !inputLine.hasArg(this.CL_WELL_KNOWN_FLAG)) {
            File file = new File(inputLine.getNextArgFor(this.CL_KEY_FILE_FLAG));
            if (gracefulExit(!file.exists(), "Sorry, the file \" + f + \" does not exist")) {
                return;
            }
            try {
                jSONWebKeys = readKeys(file);
            } catch (Throwable th2) {
                if (gracefulExit(true, "Sorry, could not load the file: \"" + inputLine.getNextArgFor("-keyFile") + "\". Message=\"" + th2.getMessage() + "\"")) {
                    return;
                }
            }
        }
        if (gracefulExit(jSONWebKeys == null, "Sorry, no keys set, please set keys or specify a well-known URL.")) {
            return;
        }
        String[] decat = JWTUtil.decat(nextArgFor);
        JSONObject fromObject = JSONObject.fromObject(new String(Base64.decodeBase64(decat[0])));
        if (JWTUtil.verify(fromObject, JSONObject.fromObject(new String(Base64.decodeBase64(decat[1]))), decat[2], (JSONWebKey) jSONWebKeys.get(fromObject.getString("kid")))) {
            if (isBatch()) {
                sayv("token valid!");
                return;
            } else {
                say("token valid!");
                return;
            }
        }
        if (isBatch()) {
            sayv("could not validate token");
            System.exit(1);
        }
        say("could not validate token");
    }

    public void error(Throwable th, String str) {
        if (this.logger != null) {
            this.logger.error(str, th);
        }
    }

    public static void main(String[] strArr) {
        try {
            byte[] decodeBase64 = Base64.decodeBase64("L2ZN8jp_-SmPmAiEels5DsGKx-nh--EPo3lgGTqp6Kpp5IpwKrgpK0Wc34Cs2iALYtQqyaqvrWVhr1kZxS9_TI4WrE84BIYlpuFc-hSqKl4JVRHhn0ij_Jg7_Y6KuwPdfKeWNq6L9wUxKJPyIMU3WxGV-Nrcl9nAYt9SlrqMBOA7bARuUQfl1maZ05HRZFImL0Ol1PbAOfnbff74P323dbwzGJ1AxqQIvfVmniJXwr_4K88yZxrcYTs81yse8oT1SAsTffiVKJvwoD4DctMxkYas-_mJPaW-WNylBME8GR-R3f0RjTxJ-xO5WlMP8kbVJ2V5rcdzjirqIWqfF9i1Eg");
            File file = new File("/home/ncsa/temp/rokwire/sig.b");
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(decodeBase64, 0, decodeBase64.length);
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            byteArrayOutputStream.writeTo(fileOutputStream);
            fileOutputStream.flush();
            fileOutputStream.close();
        } catch (Throwable th) {
            th.printStackTrace();
        }
    }

    protected void base64Help() {
        say("base64 " + this.base64Encode + " | " + this.base64Dencode + " " + this.base64Bytes + " " + this.CL_INPUT_FILE_FLAG + " in_file " + this.CL_OUTPUT_FILE_FLAG + " out_file | arg");
        say("  This will encode or decode a base 64 arg. ");
        say("  You may specify which input or output. If none is given, then the assumption is that the input is the arg");
        say("  and the output is to the terminal.");
        say("   " + this.base64Dencode + ": the input is base64 encoded, output is plain text");
        say("   " + this.base64Encode + ": the input is plain text, output is base 64 encoded.");
        say("   " + this.base64Bytes + " treat the output as bytes. Generally this implies you have specified an output file.");
        say("   Note: i the output is binary, you should specify a file as the target since otherwise you get gibbersih.");
    }

    public void base64(InputLine inputLine) throws Exception {
        if (showHelp(inputLine)) {
            base64Help();
            return;
        }
        boolean hasArg = inputLine.hasArg(this.CL_INPUT_FILE_FLAG);
        boolean hasArg2 = inputLine.hasArg(this.CL_OUTPUT_FILE_FLAG);
        boolean hasArg3 = inputLine.hasArg(this.base64Encode);
        boolean hasArg4 = inputLine.hasArg(this.base64Dencode);
        boolean hasArg5 = inputLine.hasArg(this.base64Bytes);
        gracefulExit(hasArg4 && hasArg3, "Sorry, you cannot specify both encoding and decoding at the same time");
        String readFile = hasArg ? readFile(inputLine.getNextArgFor(this.CL_INPUT_FILE_FLAG)) : inputLine.getLastArg();
        if (hasArg3) {
            String encodeBase64String = Base64.encodeBase64String(readFile.getBytes());
            if (hasArg2) {
                writeFile(inputLine.getNextArgFor(this.CL_OUTPUT_FILE_FLAG), encodeBase64String);
                return;
            } else {
                say(encodeBase64String);
                return;
            }
        }
        byte[] decodeBase64 = Base64.decodeBase64(readFile);
        if (!hasArg2) {
            say(new String(decodeBase64));
            return;
        }
        if (!hasArg5) {
            writeFile(inputLine.getNextArgFor(this.CL_OUTPUT_FILE_FLAG), new String(decodeBase64));
            return;
        }
        FileOutputStream fileOutputStream = new FileOutputStream(new File(inputLine.getNextArgFor(this.CL_OUTPUT_FILE_FLAG)));
        fileOutputStream.write(decodeBase64);
        fileOutputStream.flush();
        fileOutputStream.close();
    }
}
