package fr.wseduc.webutils.security;

import fr.wseduc.webutils.Utils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.vertx.java.core.AsyncResult;
import org.vertx.java.core.Handler;
import org.vertx.java.core.Vertx;
import org.vertx.java.core.VoidHandler;
import org.vertx.java.core.buffer.Buffer;
import org.vertx.java.core.http.HttpClient;
import org.vertx.java.core.http.HttpClientResponse;
import org.vertx.java.core.json.JsonObject;
import org.vertx.java.core.json.impl.Base64;
import org.vertx.java.core.logging.Logger;
import org.vertx.java.core.logging.impl.LoggerFactory;

/* loaded from: input_file:fr/wseduc/webutils/security/JWT.class */
public final class JWT {
    private static final Logger log = LoggerFactory.getLogger(JWT.class);
    private String secret;
    private HttpClient httpClient;
    private String certsPath;
    private final ConcurrentMap<String, PublicKey> certificates;
    private final List<Key> privateKeys;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:fr/wseduc/webutils/security/JWT$Algorithm.class */
    public enum Algorithm {
        RS256("SHA256withRSA"),
        RS384("SHA384withRSA"),
        RS512("SHA512withRSA"),
        HS256("HmacSHA256");

        private final String algo;

        Algorithm(String str) {
            this.algo = str;
        }

        public String getAlgo() {
            return this.algo;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:fr/wseduc/webutils/security/JWT$Key.class */
    public class Key {
        private final String kid;
        private final PrivateKey privateKey;

        private Key(String str, PrivateKey privateKey) {
            this.kid = str;
            this.privateKey = privateKey;
        }
    }

    public JWT(Vertx vertx, URI uri) {
        this(vertx, null, uri);
    }

    public JWT(Vertx vertx, String str, URI uri) {
        this.certificates = new ConcurrentHashMap();
        this.privateKeys = new ArrayList();
        if (uri != null) {
            this.httpClient = ((HttpClient) vertx.createHttpClient().setHost(uri.getHost()).setPort(uri.getPort()).setSSL("https".equals(uri.getScheme()))).setMaxPoolSize(4).setKeepAlive(false);
            this.certsPath = uri.getPath();
            findCertificates(null);
        }
        this.secret = str;
    }

    public JWT(Vertx vertx, String str) {
        this.certificates = new ConcurrentHashMap();
        this.privateKeys = new ArrayList();
        this.httpClient = null;
        this.certsPath = null;
        loadPrivateKeys(vertx, str);
    }

    public static void listCertificates(final Vertx vertx, String str, final Handler<JsonObject> handler) {
        final JsonObject jsonObject = new JsonObject();
        vertx.fileSystem().readDir(str, ".*.crt", new Handler<AsyncResult<String[]>>() { // from class: fr.wseduc.webutils.security.JWT.1
            public void handle(AsyncResult<String[]> asyncResult) {
                if (!asyncResult.succeeded()) {
                    JWT.log.error("Error load JWT private keys", asyncResult.cause());
                    handler.handle(jsonObject);
                    return;
                }
                final AtomicInteger atomicInteger = new AtomicInteger(((String[]) asyncResult.result()).length);
                for (final String str2 : (String[]) asyncResult.result()) {
                    vertx.fileSystem().readFile(str2, new Handler<AsyncResult<Buffer>>() { // from class: fr.wseduc.webutils.security.JWT.1.1
                        public void handle(AsyncResult<Buffer> asyncResult2) {
                            if (asyncResult2.succeeded()) {
                                int lastIndexOf = str2.lastIndexOf(File.separator);
                                String substring = lastIndexOf > -1 ? str2.substring(lastIndexOf + 1) : str2;
                                jsonObject.putString(substring.substring(0, substring.lastIndexOf(".")), ((Buffer) asyncResult2.result()).toString());
                            } else {
                                JWT.log.error("Error reading certificate : " + str2, asyncResult2.cause());
                            }
                            if (atomicInteger.decrementAndGet() == 0) {
                                handler.handle(jsonObject);
                            }
                        }
                    });
                }
            }
        });
    }

    private void loadPrivateKeys(final Vertx vertx, String str) {
        vertx.fileSystem().readDir(str, ".*.pk8", new Handler<AsyncResult<String[]>>() { // from class: fr.wseduc.webutils.security.JWT.2
            public void handle(AsyncResult<String[]> asyncResult) {
                if (!asyncResult.succeeded()) {
                    JWT.log.error("Error load JWT private keys", asyncResult.cause());
                    return;
                }
                for (final String str2 : (String[]) asyncResult.result()) {
                    vertx.fileSystem().readFile(str2, new Handler<AsyncResult<Buffer>>() { // from class: fr.wseduc.webutils.security.JWT.2.1
                        public void handle(AsyncResult<Buffer> asyncResult2) {
                            if (!asyncResult2.succeeded()) {
                                JWT.log.error("Error reading private key : " + str2, asyncResult2.cause());
                                return;
                            }
                            int lastIndexOf = str2.lastIndexOf(File.separator);
                            String substring = lastIndexOf > -1 ? str2.substring(lastIndexOf + 1) : str2;
                            try {
                                JWT.this.privateKeys.add(new Key(substring.substring(0, substring.lastIndexOf(".")), KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(((Buffer) asyncResult2.result()).getBytes()))));
                            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                                JWT.log.error("Error loading private key : " + str2, e);
                            }
                        }
                    });
                }
            }
        });
    }

    private void findCertificates(final VoidHandler voidHandler) {
        this.httpClient.getNow(this.certsPath, new Handler<HttpClientResponse>() { // from class: fr.wseduc.webutils.security.JWT.3
            public void handle(HttpClientResponse httpClientResponse) {
                if (httpClientResponse.statusCode() == 200) {
                    httpClientResponse.bodyHandler(new Handler<Buffer>() { // from class: fr.wseduc.webutils.security.JWT.3.1
                        public void handle(Buffer buffer) {
                            JsonObject jsonObject = new JsonObject(buffer.toString("UTF-8"));
                            try {
                                try {
                                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                                    for (String str : jsonObject.getFieldNames()) {
                                        String string = jsonObject.getString(str);
                                        if (string != null) {
                                            try {
                                                JWT.this.certificates.putIfAbsent(str, certificateFactory.generateCertificate(new ByteArrayInputStream(string.getBytes("UTF-8"))).getPublicKey());
                                            } catch (UnsupportedEncodingException | CertificateException e) {
                                                JWT.log.error(e.getMessage(), e);
                                            }
                                        }
                                    }
                                    if (voidHandler != null) {
                                        voidHandler.handle((Void) null);
                                    }
                                } catch (Throwable th) {
                                    if (voidHandler != null) {
                                        voidHandler.handle((Void) null);
                                    }
                                    throw th;
                                }
                            } catch (CertificateException e2) {
                                JWT.log.error(e2.getMessage(), e2);
                                if (voidHandler != null) {
                                    voidHandler.handle((Void) null);
                                }
                            }
                        }
                    });
                } else if (voidHandler != null) {
                    voidHandler.handle((Void) null);
                }
            }
        });
    }

    public static String base64Decode(String str) throws UnsupportedEncodingException {
        return new String(base64DecodeToByte(str), "UTF-8");
    }

    public static byte[] base64DecodeToByte(String str) {
        int length = 4 - (str.length() % 4);
        StringBuilder sb = new StringBuilder("");
        for (int i = 0; i < length; i++) {
            sb.append("=");
        }
        return Base64.decode(str + sb.toString(), 16);
    }

    public static String base64Encode(String str) throws UnsupportedEncodingException {
        return base64Encode(str.getBytes("UTF-8"));
    }

    public static String base64Encode(byte[] bArr) throws UnsupportedEncodingException {
        return Base64.encodeBytes(bArr, 16);
    }

    public void verifyAndGet(final String str, final Handler<JsonObject> handler) {
        String[] split = str.split("\\.");
        if (split.length != 3) {
            handler.handle((Object) null);
            return;
        }
        try {
            JsonObject jsonObject = new JsonObject(base64Decode(split[0]));
            switch (Algorithm.valueOf(jsonObject.getString("alg"))) {
                case RS256:
                case RS384:
                case RS512:
                    final String string = jsonObject.getString("kid");
                    if (string == null) {
                        log.error("missing key id");
                        handler.handle((Object) null);
                        return;
                    }
                    PublicKey publicKey = this.certificates.get(string);
                    if (publicKey == null) {
                        findCertificates(new VoidHandler() { // from class: fr.wseduc.webutils.security.JWT.4
                            protected void handle() {
                                handler.handle(JWT.verifyAndGet(str, (PublicKey) JWT.this.certificates.get(string)));
                            }
                        });
                        return;
                    } else {
                        handler.handle(verifyAndGet(str, publicKey));
                        return;
                    }
                case HS256:
                    handler.handle(verifyAndGet(str, this.secret));
                    return;
                default:
                    log.error("Unsupported signature algorithm.");
                    return;
            }
        } catch (UnsupportedEncodingException e) {
            log.error(e.getMessage(), e);
            handler.handle((Object) null);
        }
    }

    public static JsonObject verifyAndGet(String str, PublicKey publicKey) {
        log.debug(str);
        String[] split = str.split("\\.");
        if (split.length != 3 || publicKey == null) {
            return null;
        }
        try {
            JsonObject jsonObject = new JsonObject(base64Decode(split[0]));
            JsonObject jsonObject2 = new JsonObject(base64Decode(split[1]));
            byte[] base64DecodeToByte = base64DecodeToByte(split[2]);
            Signature signature = Signature.getInstance(Algorithm.valueOf(jsonObject.getString("alg")).getAlgo());
            signature.initVerify(publicKey);
            signature.update((split[0] + "." + split[1]).getBytes("UTF-8"));
            if (signature.verify(base64DecodeToByte)) {
                return jsonObject2;
            }
            return null;
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            return null;
        }
    }

    public static JsonObject verifyAndGet(String str, String str2) {
        log.debug(str);
        String[] split = str.split("\\.");
        if (split.length != 3 || Utils.isEmpty(str2)) {
            return null;
        }
        try {
            JsonObject jsonObject = new JsonObject(base64Decode(split[0]));
            JsonObject jsonObject2 = new JsonObject(base64Decode(split[1]));
            String algo = Algorithm.valueOf(jsonObject.getString("alg")).getAlgo();
            SecretKeySpec secretKeySpec = new SecretKeySpec(str2.getBytes(), algo);
            Mac mac = Mac.getInstance(algo);
            mac.init(secretKeySpec);
            if (Arrays.equals(base64DecodeToByte(split[2]), mac.doFinal((split[0] + "." + split[1]).getBytes("UTF-8")))) {
                return jsonObject2;
            }
            return null;
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            return null;
        }
    }

    public String encodeAndSign(JsonObject jsonObject) throws Exception {
        Key key = this.privateKeys.get(0);
        return encodeAndSign(jsonObject, key.kid, key.privateKey);
    }

    public static String encodeAndSign(JsonObject jsonObject, String str, PrivateKey privateKey) throws Exception {
        JsonObject putString = new JsonObject().putString("typ", "JWT").putString("alg", "RS256");
        if (Utils.isNotEmpty(str)) {
            putString.putString("kid", str);
        }
        StringBuilder sb = new StringBuilder();
        sb.append(base64Encode(putString.encode())).append(".").append(base64Encode(jsonObject.encode()));
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(privateKey);
        signature.update(sb.toString().getBytes("UTF-8"));
        sb.append(".").append(base64Encode(signature.sign()));
        return sb.toString();
    }
}
