package io.vertx.ext.auth.jwt.impl;

import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Mac;

/* loaded from: input_file:io/vertx/ext/auth/jwt/impl/JWT.class */
public final class JWT {
    private static final Charset UTF8 = StandardCharsets.UTF_8;
    private static final Logger log = LoggerFactory.getLogger(JWT.class);
    private static final JsonObject EMPTY = new JsonObject();
    private final Map<String, Crypto> cryptoMap;
    private final boolean unsecure;

    public JWT(KeyStore keyStore, char[] cArr) {
        HashMap hashMap = new HashMap();
        this.unsecure = keyStore == null;
        if (!this.unsecure) {
            for (String str : Arrays.asList("HS256", "HS384", "HS512")) {
                try {
                    Mac mac = getMac(keyStore, cArr, str);
                    if (mac != null) {
                        hashMap.put(str, new CryptoMac(mac));
                    } else {
                        log.info(str + " not available");
                    }
                } catch (RuntimeException e) {
                    log.warn(str + " not supported", e);
                }
            }
            HashMap<String, String> hashMap2 = new HashMap<String, String>() { // from class: io.vertx.ext.auth.jwt.impl.JWT.1
                {
                    put("RS256", "SHA256withRSA");
                    put("RS384", "SHA384withRSA");
                    put("RS512", "SHA512withRSA");
                    put("ES256", "SHA256withECDSA");
                    put("ES384", "SHA384withECDSA");
                    put("ES512", "SHA512withECDSA");
                }
            };
            for (String str2 : Arrays.asList("RS256", "RS384", "RS512", "ES256", "ES384", "ES512")) {
                try {
                    X509Certificate certificate = getCertificate(keyStore, str2);
                    PrivateKey privateKey = getPrivateKey(keyStore, cArr, str2);
                    if (certificate == null || privateKey == null) {
                        log.info(str2 + " not available");
                    } else {
                        hashMap.put(str2, new CryptoSignature(hashMap2.get(str2), certificate, privateKey));
                    }
                } catch (RuntimeException e2) {
                    e2.printStackTrace();
                    log.warn(str2 + " not supported");
                }
            }
        }
        hashMap.put("none", new CryptoNone());
        this.cryptoMap = Collections.unmodifiableMap(hashMap);
    }

    public JWT(String str) {
        HashMap hashMap = new HashMap();
        this.unsecure = str == null;
        if (!this.unsecure) {
            try {
                hashMap.put("RS256", new CryptoPublicKey("SHA256withRSA", KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str)))));
            } catch (RuntimeException | NoSuchAlgorithmException | InvalidKeySpecException e) {
                e.printStackTrace();
                log.warn("RS256 not supported");
            }
        }
        hashMap.put("none", new CryptoNone());
        this.cryptoMap = Collections.unmodifiableMap(hashMap);
    }

    private Mac getMac(KeyStore keyStore, char[] cArr, String str) {
        try {
            Key key = keyStore.getKey(str, cArr);
            if (key == null) {
                return null;
            }
            Mac mac = Mac.getInstance(key.getAlgorithm());
            mac.init(key);
            return mac;
        } catch (InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new RuntimeException(e);
        }
    }

    private X509Certificate getCertificate(KeyStore keyStore, String str) {
        try {
            return (X509Certificate) keyStore.getCertificate(str);
        } catch (KeyStoreException e) {
            throw new RuntimeException(e);
        }
    }

    private PrivateKey getPrivateKey(KeyStore keyStore, char[] cArr, String str) {
        try {
            return (PrivateKey) keyStore.getKey(str, cArr);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new RuntimeException(e);
        }
    }

    public JsonObject decode(String str) {
        String[] split = str.split("\\.");
        if (split.length != 3) {
            throw new RuntimeException("Not enough or too many segments");
        }
        String str2 = split[0];
        String str3 = split[1];
        String str4 = split[2];
        if ("".equals(str4) && !this.unsecure) {
            throw new RuntimeException("Signature is required");
        }
        JsonObject jsonObject = new JsonObject(new String(base64urlDecode(str2), UTF8));
        JsonObject jsonObject2 = new JsonObject(new String(base64urlDecode(str3), UTF8));
        String string = jsonObject.getString("alg");
        Crypto crypto = this.cryptoMap.get(string);
        if (crypto == null) {
            throw new RuntimeException("Algorithm not supported");
        }
        if (!this.unsecure && "none".equals(string)) {
            throw new RuntimeException("Algorithm \"none\" not allowed");
        }
        if (crypto.verify(base64urlDecode(str4), (str2 + "." + str3).getBytes(UTF8))) {
            return jsonObject2;
        }
        throw new RuntimeException("Signature verification failed");
    }

    public String sign(JsonObject jsonObject, JsonObject jsonObject2) {
        String string = jsonObject2.getString("algorithm", "HS256");
        Crypto crypto = this.cryptoMap.get(string);
        if (crypto == null) {
            throw new RuntimeException("Algorithm not supported");
        }
        JsonObject put = new JsonObject().mergeIn(jsonObject2.getJsonObject("header", EMPTY)).put("typ", "JWT").put("alg", string);
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        if (!jsonObject2.getBoolean("noTimestamp", false).booleanValue()) {
            jsonObject.put("iat", jsonObject.getValue("iat", Long.valueOf(currentTimeMillis)));
        }
        Long valueOf = jsonObject2.containsKey("expiresInMinutes") ? Long.valueOf(jsonObject2.getLong("expiresInMinutes").longValue() * 60) : jsonObject2.getLong("expiresInSeconds");
        if (valueOf != null) {
            jsonObject.put("exp", Long.valueOf(currentTimeMillis + valueOf.longValue()));
        }
        if (jsonObject2.containsKey("audience")) {
            jsonObject.put("aud", jsonObject2.getValue("audience"));
        }
        if (jsonObject2.containsKey("issuer")) {
            jsonObject.put("iss", jsonObject2.getValue("issuer"));
        }
        if (jsonObject2.containsKey("subject")) {
            jsonObject.put("sub", jsonObject2.getValue("subject"));
        }
        String base64urlEncode = base64urlEncode(put.encode());
        String base64urlEncode2 = base64urlEncode(jsonObject.encode());
        return base64urlEncode + "." + base64urlEncode2 + "." + base64urlEncode(crypto.sign((base64urlEncode + "." + base64urlEncode2).getBytes(UTF8)));
    }

    private static byte[] base64urlDecode(String str) {
        return Base64.getUrlDecoder().decode(str.getBytes(UTF8));
    }

    private static String base64urlEncode(String str) {
        return base64urlEncode(str.getBytes(UTF8));
    }

    private static String base64urlEncode(byte[] bArr) {
        return Base64.getUrlEncoder().encodeToString(bArr);
    }
}
