package no.nav.security.mock.oauth2.token;

import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.TokenRequest;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.time.Instant;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import no.nav.security.mock.oauth2.extensions.NimbusExtensionsKt;
import okhttp3.HttpUrl;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: OAuth2TokenProvider.kt */
@Metadata(mv = {1, 4, 0}, bv = {1, 0, 3}, k = 1, d1 = {"��T\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010 \n��\n\u0002\u0010$\n��\n\u0002\u0010\t\n\u0002\b\u0005\u0018��  2\u00020\u0001:\u0001 B\u0005¢\u0006\u0002\u0010\u0002J*\u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000e2\n\b\u0002\u0010\u000f\u001a\u0004\u0018\u00010\u0010J\u0010\u0010\u0011\u001a\u00020\b2\u0006\u0010\u0012\u001a\u00020\u0013H\u0002JT\u0010\u0014\u001a\n \u0015*\u0004\u0018\u00010\u00130\u00132\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\u0016\u001a\u00020\u00102\f\u0010\u0017\u001a\b\u0012\u0004\u0012\u00020\u00100\u00182\b\u0010\u000f\u001a\u0004\u0018\u00010\u00102\u0012\u0010\u0019\u001a\u000e\u0012\u0004\u0012\u00020\u0010\u0012\u0004\u0012\u00020\u00010\u001a2\u0006\u0010\u001b\u001a\u00020\u001cH\u0002J&\u0010\u001d\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010\r\u001a\u00020\u000eJ*\u0010\u001e\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000e2\n\b\u0002\u0010\u000f\u001a\u0004\u0018\u00010\u0010J\u0006\u0010\u001f\u001a\u00020\u0004R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082\u0004¢\u0006\u0002\n��¨\u0006!"}, d2 = {"Lno/nav/security/mock/oauth2/token/OAuth2TokenProvider;", "", "()V", "jwkSet", "Lcom/nimbusds/jose/jwk/JWKSet;", "rsaKey", "Lcom/nimbusds/jose/jwk/RSAKey;", "accessToken", "Lcom/nimbusds/jwt/SignedJWT;", "tokenRequest", "Lcom/nimbusds/oauth2/sdk/TokenRequest;", "issuerUrl", "Lokhttp3/HttpUrl;", "oAuth2TokenCallback", "Lno/nav/security/mock/oauth2/token/OAuth2TokenCallback;", "nonce", "", "createSignedJWT", "claimsSet", "Lcom/nimbusds/jwt/JWTClaimsSet;", "defaultClaims", "kotlin.jvm.PlatformType", "subject", "audience", "", "additionalClaims", "", "expiry", "", "exchangeAccessToken", "idToken", "publicJwkSet", "Companion", "mock-oauth2-server"})
/* loaded from: input_file:no/nav/security/mock/oauth2/token/OAuth2TokenProvider.class */
public final class OAuth2TokenProvider {
    private final JWKSet jwkSet = Companion.generateJWKSet(DEFAULT_KEYID);
    private final RSAKey rsaKey;
    private static final String DEFAULT_KEYID = "mock-oauth2-server-key";
    public static final Companion Companion = new Companion(null);

    /* compiled from: OAuth2TokenProvider.kt */
    @Metadata(mv = {1, 4, 0}, bv = {1, 0, 3}, k = 1, d1 = {"��(\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J \u0010\u0005\u001a\n \u0007*\u0004\u0018\u00010\u00060\u00062\u0006\u0010\b\u001a\u00020\u00042\u0006\u0010\t\u001a\u00020\nH\u0002J\u0010\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u0004H\u0002J\b\u0010\u000e\u001a\u00020\nH\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��¨\u0006\u000f"}, d2 = {"Lno/nav/security/mock/oauth2/token/OAuth2TokenProvider$Companion;", "", "()V", "DEFAULT_KEYID", "", "createRSAKey", "Lcom/nimbusds/jose/jwk/RSAKey;", "kotlin.jvm.PlatformType", "keyID", "keyPair", "Ljava/security/KeyPair;", "generateJWKSet", "Lcom/nimbusds/jose/jwk/JWKSet;", "keyId", "generateKeyPair", "mock-oauth2-server"})
    /* loaded from: input_file:no/nav/security/mock/oauth2/token/OAuth2TokenProvider$Companion.class */
    public static final class Companion {
        /* JADX INFO: Access modifiers changed from: private */
        public final JWKSet generateJWKSet(String str) {
            return new JWKSet(createRSAKey(str, generateKeyPair()));
        }

        private final KeyPair generateKeyPair() {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Intrinsics.checkNotNullExpressionValue(generateKeyPair, "KeyPairGenerator.getInst…teKeyPair()\n            }");
            return generateKeyPair;
        }

        private final RSAKey createRSAKey(String str, KeyPair keyPair) {
            PublicKey publicKey = keyPair.getPublic();
            if (publicKey == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
            }
            RSAKey.Builder builder = new RSAKey.Builder((RSAPublicKey) publicKey);
            PrivateKey privateKey = keyPair.getPrivate();
            if (privateKey == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.interfaces.RSAPrivateKey");
            }
            return builder.privateKey((RSAPrivateKey) privateKey).keyUse(KeyUse.SIGNATURE).keyID(str).build();
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @NotNull
    public final JWKSet publicJwkSet() {
        JWKSet publicJWKSet = this.jwkSet.toPublicJWKSet();
        Intrinsics.checkNotNullExpressionValue(publicJWKSet, "jwkSet.toPublicJWKSet()");
        return publicJWKSet;
    }

    @NotNull
    public final SignedJWT idToken(@NotNull TokenRequest tokenRequest, @NotNull HttpUrl httpUrl, @NotNull OAuth2TokenCallback oAuth2TokenCallback, @Nullable String str) {
        Intrinsics.checkNotNullParameter(tokenRequest, "tokenRequest");
        Intrinsics.checkNotNullParameter(httpUrl, "issuerUrl");
        Intrinsics.checkNotNullParameter(oAuth2TokenCallback, "oAuth2TokenCallback");
        JWTClaimsSet defaultClaims = defaultClaims(httpUrl, oAuth2TokenCallback.subject(tokenRequest), CollectionsKt.listOf(NimbusExtensionsKt.clientIdAsString(tokenRequest)), str, oAuth2TokenCallback.addClaims(tokenRequest), oAuth2TokenCallback.tokenExpiry());
        Intrinsics.checkNotNullExpressionValue(defaultClaims, "defaultClaims(\n         …k.tokenExpiry()\n        )");
        return createSignedJWT(defaultClaims);
    }

    public static /* synthetic */ SignedJWT idToken$default(OAuth2TokenProvider oAuth2TokenProvider, TokenRequest tokenRequest, HttpUrl httpUrl, OAuth2TokenCallback oAuth2TokenCallback, String str, int i, Object obj) {
        if ((i & 8) != 0) {
            str = (String) null;
        }
        return oAuth2TokenProvider.idToken(tokenRequest, httpUrl, oAuth2TokenCallback, str);
    }

    @NotNull
    public final SignedJWT accessToken(@NotNull TokenRequest tokenRequest, @NotNull HttpUrl httpUrl, @NotNull OAuth2TokenCallback oAuth2TokenCallback, @Nullable String str) {
        Intrinsics.checkNotNullParameter(tokenRequest, "tokenRequest");
        Intrinsics.checkNotNullParameter(httpUrl, "issuerUrl");
        Intrinsics.checkNotNullParameter(oAuth2TokenCallback, "oAuth2TokenCallback");
        JWTClaimsSet defaultClaims = defaultClaims(httpUrl, oAuth2TokenCallback.subject(tokenRequest), oAuth2TokenCallback.audience(tokenRequest), str, oAuth2TokenCallback.addClaims(tokenRequest), oAuth2TokenCallback.tokenExpiry());
        Intrinsics.checkNotNullExpressionValue(defaultClaims, "defaultClaims(\n         …k.tokenExpiry()\n        )");
        return createSignedJWT(defaultClaims);
    }

    public static /* synthetic */ SignedJWT accessToken$default(OAuth2TokenProvider oAuth2TokenProvider, TokenRequest tokenRequest, HttpUrl httpUrl, OAuth2TokenCallback oAuth2TokenCallback, String str, int i, Object obj) {
        if ((i & 8) != 0) {
            str = (String) null;
        }
        return oAuth2TokenProvider.accessToken(tokenRequest, httpUrl, oAuth2TokenCallback, str);
    }

    @NotNull
    public final SignedJWT exchangeAccessToken(@NotNull TokenRequest tokenRequest, @NotNull HttpUrl httpUrl, @NotNull JWTClaimsSet jWTClaimsSet, @NotNull OAuth2TokenCallback oAuth2TokenCallback) {
        Intrinsics.checkNotNullParameter(tokenRequest, "tokenRequest");
        Intrinsics.checkNotNullParameter(httpUrl, "issuerUrl");
        Intrinsics.checkNotNullParameter(jWTClaimsSet, "claimsSet");
        Intrinsics.checkNotNullParameter(oAuth2TokenCallback, "oAuth2TokenCallback");
        Instant now = Instant.now();
        JWTClaimsSet build = new JWTClaimsSet.Builder(jWTClaimsSet).issuer(httpUrl.toString()).expirationTime(Date.from(now.plusSeconds(oAuth2TokenCallback.tokenExpiry()))).notBeforeTime(Date.from(now)).issueTime(Date.from(now)).jwtID(UUID.randomUUID().toString()).audience(oAuth2TokenCallback.audience(tokenRequest)).build();
        Intrinsics.checkNotNullExpressionValue(build, "JWTClaimsSet.Builder(cla…\n                .build()");
        return createSignedJWT(build);
    }

    private final SignedJWT createSignedJWT(JWTClaimsSet jWTClaimsSet) {
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(this.rsaKey.getKeyID()).type(JOSEObjectType.JWT).build(), jWTClaimsSet);
        signedJWT.sign(new RSASSASigner(this.rsaKey.toPrivateKey()));
        return signedJWT;
    }

    private final JWTClaimsSet defaultClaims(HttpUrl httpUrl, String str, List<String> list, String str2, Map<String, ? extends Object> map, long j) {
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        Instant now = Instant.now();
        builder.subject(str).audience(list).issuer(httpUrl.toString()).issueTime(Date.from(now)).notBeforeTime(Date.from(now)).expirationTime(Date.from(now.plusSeconds(j))).jwtID(UUID.randomUUID().toString());
        if (str2 != null) {
            builder.claim("nonce", str2);
        }
        for (Map.Entry<String, ? extends Object> entry : map.entrySet()) {
            builder.claim(entry.getKey(), entry.getValue());
        }
        return builder.build();
    }

    public OAuth2TokenProvider() {
        RSAKey keyByKeyId = this.jwkSet.getKeyByKeyId(DEFAULT_KEYID);
        if (keyByKeyId == null) {
            throw new NullPointerException("null cannot be cast to non-null type com.nimbusds.jose.jwk.RSAKey");
        }
        this.rsaKey = keyByKeyId;
    }
}
