package org.id4me;

import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.SignedJWT;
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Base64;
import java.util.Date;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.id4me.Id4meResolver;
import org.id4me.config.Id4meClaimsParameters;
import org.id4me.config.Id4meProperties;
import org.id4me.exceptions.ClientNotRegisteredException;
import org.id4me.exceptions.MandatoryClaimsException;
import org.id4me.exceptions.TokenNotFoundException;
import org.id4me.util.FileReader;
import org.json.JSONArray;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/id4me/Id4meLogon.class */
public class Id4meLogon {
    private static final String CONTENT_TYPE = "Content-Type";
    private static final String AUTHORIZATION = "Authorization";
    private final Id4meIdentityAuthorityStorage storage;
    private Id4meResolver resolver;
    private String clientName;
    private String redirectUri;
    private String logoUri;
    private String registrationDataPath;
    private final Id4meClaimsConfig claimsConfig;
    private static final Logger log = LoggerFactory.getLogger(Id4meLogon.class);
    private static final String UTF_8 = StandardCharsets.UTF_8.name();
    private static final Set<String> REGISTRATION_DATA_PATHS = new HashSet();

    public Id4meLogon(String str, String str2) throws Exception {
        readPropertiesFile(str);
        this.claimsConfig = readClaimsParametersFile(str2);
        makeSureThatNoInstancesShareRegistrationDataPath();
        this.storage = new Id4meIdentityAuthorityStorage(this.registrationDataPath);
        initSSLSocketFactory();
    }

    public Id4meClaimsConfig getClaimsConfig() {
        return this.claimsConfig;
    }

    public Id4meLogon(Id4meProperties id4meProperties, Id4meClaimsParameters id4meClaimsParameters) throws Exception {
        readProperties(id4meProperties);
        this.claimsConfig = new Id4meClaimsConfig(id4meClaimsParameters);
        makeSureThatNoInstancesShareRegistrationDataPath();
        this.storage = new Id4meIdentityAuthorityStorage(this.registrationDataPath);
        initSSLSocketFactory();
    }

    private void makeSureThatNoInstancesShareRegistrationDataPath() {
        synchronized (REGISTRATION_DATA_PATHS) {
            if (REGISTRATION_DATA_PATHS.contains(this.registrationDataPath)) {
                throw new IllegalStateException("registrationDataPath \"" + this.registrationDataPath + "\" used by multiple Id4meLogon instances");
            }
            REGISTRATION_DATA_PATHS.add(this.registrationDataPath);
        }
    }

    private void initSSLSocketFactory() throws NoSuchAlgorithmException, KeyManagementException {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: org.id4me.Id4meLogon.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }
        }};
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(null, trustManagerArr, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
    }

    private void readPropertiesFile(String str) throws Exception {
        Path path = Paths.get(str, new String[0]);
        if (!path.toFile().exists()) {
            throw new Exception("Properties file " + path + " not found!");
        }
        Properties properties = new Properties();
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                properties.load(newInputStream);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                if (!properties.containsKey("client.name")) {
                    throw new Exception("property client.name not found in " + path);
                }
                this.clientName = properties.getProperty("client.name");
                if (!properties.containsKey("redirect.uri")) {
                    throw new Exception("property redirect.uri not found in " + path);
                }
                this.redirectUri = properties.getProperty("redirect.uri");
                if (properties.containsKey("logo.uri")) {
                    this.logoUri = properties.getProperty("logo.uri");
                }
                String property = properties.containsKey("dnssec_root_key") ? properties.getProperty("dnssec_root_key") : properties.containsKey("dnsssec_root_key") ? properties.getProperty("dnsssec_root_key") : ". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5";
                boolean z = true;
                if (properties.containsKey("dnssec_required")) {
                    z = Boolean.parseBoolean(properties.getProperty("dnssec_required"));
                }
                String property2 = properties.containsKey("dns.resolver") ? properties.getProperty("dns.resolver") : "127.0.0.1";
                this.resolver = new Id4meResolver(property2, property, z);
                if (properties.containsKey("registration.data.path")) {
                    this.registrationDataPath = properties.getProperty("registration.data.path", null);
                } else {
                    this.registrationDataPath = "./";
                }
                logProperties(property, property2);
            } finally {
            }
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }

    private void readProperties(Id4meProperties id4meProperties) throws Exception {
        if (id4meProperties.getClientName() == null) {
            throw new Exception("Id4meProperties.clientName not set");
        }
        this.clientName = id4meProperties.getClientName();
        if (id4meProperties.getRedirectURI() == null) {
            throw new Exception("Id4meProperties.redirectURI not set");
        }
        this.redirectUri = id4meProperties.getRedirectURI();
        if (id4meProperties.getLogoURI() != null) {
            this.logoUri = id4meProperties.getLogoURI();
        }
        String dnssecRootKey = id4meProperties.getDnssecRootKey() != null ? id4meProperties.getDnssecRootKey() : ". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5";
        String dnsResolver = id4meProperties.getDnsResolver() != null ? id4meProperties.getDnsResolver() : "127.0.0.1";
        this.resolver = new Id4meResolver(dnsResolver, dnssecRootKey, id4meProperties.isDnssecRequired());
        if (id4meProperties.getRegistrationDataPath() != null) {
            this.registrationDataPath = id4meProperties.getRegistrationDataPath();
        } else {
            this.registrationDataPath = "./";
        }
        logProperties(dnssecRootKey, dnsResolver);
    }

    private void logProperties(String str, String str2) {
        log.info("Configured client name:     {}", this.clientName);
        log.info("Configured redirect URI:    {}", this.redirectUri);
        log.info("Configured logo URI:        {}", this.logoUri);
        log.info("Configured DNSSEC root key: {}", str);
        log.info("Configured DNS resolver:    {}", str2);
        log.info("Configured registration data path: {}", this.registrationDataPath);
    }

    private static String readFile(String str) throws Exception {
        Path path = Paths.get(str, new String[0]);
        if (Files.exists(path, new LinkOption[0])) {
            return FileReader.readFileToString(path);
        }
        throw new Exception("File not found: " + path);
    }

    private Id4meClaimsConfig readClaimsParametersFile(String str) throws Exception {
        Path path = Paths.get(str, new String[0]);
        if (Files.exists(path, new LinkOption[0])) {
            return Id4meClaimsConfigParser.parseClaimsConfigJSON(readFile(str));
        }
        throw new Exception("Claims configuration file " + path.toAbsolutePath() + " not found!");
    }

    public Id4meSessionData createSessionData(String str, boolean z) throws Exception {
        Id4meSessionData id4meSessionData = new Id4meSessionData();
        Id4meResolver.Id4meDnsDataWithLoginHint dataFromDns = this.resolver.getDataFromDns(str);
        Id4meDnsData dnsResponse = dataFromDns.getDnsResponse();
        id4meSessionData.setLoginHint(dataFromDns.getLoginHint());
        id4meSessionData.setIau(dnsResponse.getIau());
        id4meSessionData.setIag(dnsResponse.getIag());
        id4meSessionData.setRedirectUri(URLEncoder.encode(this.redirectUri, UTF_8));
        id4meSessionData.setLogoUri(URLEncoder.encode(this.logoUri, UTF_8));
        log.debug("Creating session data using login hint:   {}", dataFromDns.getLoginHint());
        log.debug("Creating session data using redirect URI: {}", this.redirectUri);
        log.debug("Creating session data using logo URI:     {}", this.logoUri);
        getIauData(id4meSessionData, z);
        return id4meSessionData;
    }

    public boolean unsubscribeIau(Id4meSessionData id4meSessionData) {
        String iau = id4meSessionData.getIau();
        JSONObject registrationData = id4meSessionData.getIauData().getRegistrationData();
        String string = registrationData.getString("registration_access_token");
        String string2 = registrationData.getString("registration_client_uri");
        String buildAuthHeader = buildAuthHeader(string);
        log.info("Unsubscribing IAU with registrationClientUri: {}", string2);
        try {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(string2).openConnection();
            httpsURLConnection.setRequestMethod("DELETE");
            httpsURLConnection.setRequestProperty(CONTENT_TYPE, "application/json");
            httpsURLConnection.setRequestProperty(AUTHORIZATION, buildAuthHeader);
            httpsURLConnection.setDoOutput(true);
            DataOutputStream dataOutputStream = new DataOutputStream(httpsURLConnection.getOutputStream());
            Throwable th = null;
            try {
                dataOutputStream.writeBytes("{}");
                dataOutputStream.flush();
                if (dataOutputStream != null) {
                    if (0 != 0) {
                        try {
                            dataOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        dataOutputStream.close();
                    }
                }
                int responseCode = httpsURLConnection.getResponseCode();
                log.info("Unsubscribing IAU response code: {}", Integer.valueOf(responseCode));
                if (responseCode < 200 || responseCode >= 300) {
                    return false;
                }
                StringBuilder sb = new StringBuilder();
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpsURLConnection.getInputStream()));
                Throwable th3 = null;
                while (true) {
                    try {
                        try {
                            String readLine = bufferedReader.readLine();
                            if (readLine == null) {
                                break;
                            }
                            sb.append(readLine);
                        } catch (Throwable th4) {
                            th3 = th4;
                            throw th4;
                        }
                    } finally {
                    }
                }
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th5) {
                            th3.addSuppressed(th5);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                log.info("Unsubscribing IAU response: {}", sb);
                this.storage.removeIauData(iau);
                return true;
            } finally {
            }
        } catch (Exception e) {
            log.error("Error unsubscribing IAU", e.getMessage());
            return false;
        }
    }

    private boolean validateTokens(Id4meSessionData id4meSessionData) throws Exception {
        JSONObject jSONObject = new JSONObject(fetchUrl(id4meSessionData.getIauData().getWellKnown().getString("jwks_uri")));
        validateIdToken(id4meSessionData, jSONObject);
        validateAccessToken(id4meSessionData, jSONObject);
        return false;
    }

    public void doDynamicClientRegistration(Id4meSessionData id4meSessionData) throws Exception {
        String iau = id4meSessionData.getIau();
        log.info("Trying dynamic client registration for IAU: {}", iau);
        JSONObject jSONObject = null;
        Id4meIdentityAuthorityData iauData = id4meSessionData.getIauData();
        if (iauData == null) {
            new Id4meIdentityAuthorityData();
        } else {
            jSONObject = iauData.getWellKnown();
        }
        Id4meIdentityAuthorityData saveRegistrationData = this.storage.saveRegistrationData(iau, getRegistrationData(id4meSessionData));
        saveRegistrationData.setWellKnown(jSONObject);
        id4meSessionData.setIauData(saveRegistrationData);
    }

    public String authorize(Id4meSessionData id4meSessionData) throws UnsupportedEncodingException {
        String encode = URLEncoder.encode(this.claimsConfig.getClaimsParam(), UTF_8);
        Id4meIdentityAuthorityData iauData = id4meSessionData.getIauData();
        log.debug("Authorizing: claims: {}", id4meSessionData.getIauData().getWellKnown().getJSONArray("claims_supported"));
        String str = iauData.getWellKnown().getString("authorization_endpoint") + "?response_type=code&claims=" + encode + "&client_id=" + id4meSessionData.getIauData().getClientId() + "&redirect_uri=" + id4meSessionData.getRedirectUri() + "&scope=openid&state=" + id4meSessionData.getState() + "&nonce=" + id4meSessionData.getNonce() + "&login_hint=" + id4meSessionData.getLoginHint();
        log.info("Authorizing: authorize URI: {}", str);
        return str;
    }

    public void authenticate(Id4meSessionData id4meSessionData, String str) throws Exception {
        JSONObject token = getToken(id4meSessionData, str);
        log.info("Authenticating with token: {}", token);
        if (token.has("token_type") && !token.getString("token_type").equalsIgnoreCase("bearer")) {
            throw new TokenNotFoundException("Bearer token not found in response!");
        }
        id4meSessionData.setAccessToken(token);
        validateTokens(id4meSessionData);
        if (token.has("expires_in")) {
            long j = token.getLong("expires_in");
            long currentTimeMillis = System.currentTimeMillis() + (j * 1000);
            log.debug("Authenticate: Set token to expire in {} sec", Long.valueOf(j));
            id4meSessionData.setTokenExpires(currentTimeMillis);
        }
        id4meSessionData.setUserinfo(getPayloadFromJwt(token.getString("access_token")));
    }

    public void userinfo(Id4meSessionData id4meSessionData) throws Exception {
        JSONObject userinfo = getUserinfo(id4meSessionData);
        if (userinfo.has("claims")) {
            JSONObject jSONObject = new JSONObject();
            for (String str : JSONObject.getNames(userinfo)) {
                if (!str.equals("claims")) {
                    jSONObject.put(str, userinfo.get(str));
                }
            }
            JSONObject jSONObject2 = userinfo.getJSONObject("claims");
            for (String str2 : JSONObject.getNames(jSONObject2)) {
                jSONObject.put(str2, jSONObject2.get(str2));
            }
            userinfo = jSONObject;
        }
        checkMandatoryClaims(userinfo);
        id4meSessionData.setUserinfo(userinfo);
    }

    private void checkMandatoryClaims(JSONObject jSONObject) throws MandatoryClaimsException {
        for (String str : this.claimsConfig.getEssentialClaims()) {
            if (!jSONObject.has(str)) {
                log.info("Mandatory claim \"{}\" not found in userinfo: {}", str, jSONObject);
                throw new MandatoryClaimsException("Mandatory claim \"" + str + "\" not found!");
            }
        }
    }

    public void registerClient(Id4meSessionData id4meSessionData) throws Exception {
        String iau = id4meSessionData.getIau();
        Id4meIdentityAuthorityData iauData = this.storage.getIauData(iau);
        JSONObject jSONObject = new JSONObject(fetchUrl("https://" + iau + "/.well-known/openid-configuration"));
        if (iauData == null) {
            Id4meIdentityAuthorityData id4meIdentityAuthorityData = new Id4meIdentityAuthorityData();
            id4meIdentityAuthorityData.setIau(iau);
            id4meIdentityAuthorityData.setWellKnown(jSONObject);
            id4meSessionData.setIauData(id4meIdentityAuthorityData);
            doDynamicClientRegistration(id4meSessionData);
        }
    }

    private void getIauData(Id4meSessionData id4meSessionData, boolean z) throws Exception {
        String iau = id4meSessionData.getIau();
        log.info("Retrieving identity authority: {}", iau);
        String str = "https://" + iau + "/.well-known/openid-configuration";
        try {
            Id4meIdentityAuthorityData iauData = this.storage.getIauData(iau);
            JSONObject jSONObject = new JSONObject(fetchUrl(str));
            if (iauData != null) {
                log.info("Identity authority found: {}", iau);
                iauData.setWellKnown(jSONObject);
                id4meSessionData.setIauData(iauData);
            } else {
                if (!z) {
                    throw new ClientNotRegisteredException("Client is not registered at " + iau);
                }
                Id4meIdentityAuthorityData id4meIdentityAuthorityData = new Id4meIdentityAuthorityData();
                id4meIdentityAuthorityData.setIau(iau);
                id4meIdentityAuthorityData.setWellKnown(jSONObject);
                id4meSessionData.setIauData(id4meIdentityAuthorityData);
                doDynamicClientRegistration(id4meSessionData);
            }
        } catch (Exception e) {
            log.warn("Error getting IAU data", e);
            throw new Exception("fetchUrl('" + str + "') - " + e.getMessage());
        }
    }

    private String fetchUrl(String str) throws IOException {
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(str).openConnection();
        StringBuilder sb = new StringBuilder();
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpsURLConnection.getInputStream()));
        Throwable th = null;
        while (true) {
            try {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    sb.append(readLine);
                } finally {
                }
            } catch (Throwable th2) {
                if (bufferedReader != null) {
                    if (th != null) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                throw th2;
            }
        }
        if (bufferedReader != null) {
            if (0 != 0) {
                try {
                    bufferedReader.close();
                } catch (Throwable th4) {
                    th.addSuppressed(th4);
                }
            } else {
                bufferedReader.close();
            }
        }
        log.debug("Fetched from URL:          {}", str);
        log.debug("Fetched from URL response: {}", sb);
        return sb.toString();
    }

    private JSONObject getRegistrationData(Id4meSessionData id4meSessionData) throws Exception {
        String string = id4meSessionData.getIauData().getWellKnown().getString("registration_endpoint");
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(string).openConnection();
        httpsURLConnection.setRequestMethod("POST");
        httpsURLConnection.setRequestProperty(CONTENT_TYPE, "application/json");
        httpsURLConnection.setDoOutput(true);
        String decode = URLDecoder.decode(id4meSessionData.getRedirectUri(), UTF_8);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("redirect_uris", new JSONArray().put(decode));
        jSONObject.put("client_name", this.clientName);
        if (this.logoUri != null && !"".equals(this.logoUri.trim())) {
            jSONObject.put("logo_uri", this.logoUri);
        }
        String jSONObject2 = jSONObject.toString();
        log.info("Registration data request: {}", jSONObject2);
        DataOutputStream dataOutputStream = new DataOutputStream(httpsURLConnection.getOutputStream());
        Throwable th = null;
        try {
            try {
                dataOutputStream.writeBytes(jSONObject2);
                dataOutputStream.flush();
                if (dataOutputStream != null) {
                    if (0 != 0) {
                        try {
                            dataOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        dataOutputStream.close();
                    }
                }
                int responseCode = httpsURLConnection.getResponseCode();
                log.info("Registration data request response code: {}, message: {}", Integer.valueOf(responseCode), httpsURLConnection.getResponseMessage());
                if (responseCode != 200) {
                    throw new Exception("Error " + responseCode + " on url " + string);
                }
                StringBuilder sb = new StringBuilder();
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpsURLConnection.getInputStream()));
                Throwable th3 = null;
                while (true) {
                    try {
                        try {
                            String readLine = bufferedReader.readLine();
                            if (readLine == null) {
                                break;
                            }
                            sb.append(readLine);
                        } finally {
                        }
                    } catch (Throwable th4) {
                        if (bufferedReader != null) {
                            if (th3 != null) {
                                try {
                                    bufferedReader.close();
                                } catch (Throwable th5) {
                                    th3.addSuppressed(th5);
                                }
                            } else {
                                bufferedReader.close();
                            }
                        }
                        throw th4;
                    }
                }
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th6) {
                            th3.addSuppressed(th6);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                JSONObject jSONObject3 = new JSONObject(sb.toString());
                log.info("Registration data:\n{}", jSONObject3.toString(2));
                return jSONObject3;
            } finally {
            }
        } catch (Throwable th7) {
            if (dataOutputStream != null) {
                if (th != null) {
                    try {
                        dataOutputStream.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    dataOutputStream.close();
                }
            }
            throw th7;
        }
    }

    private JSONObject getToken(Id4meSessionData id4meSessionData, String str) throws Exception {
        String string = id4meSessionData.getIauData().getWellKnown().getString("token_endpoint");
        String str2 = "grant_type=authorization_code&code=" + str + "&redirect_uri=" + id4meSessionData.getRedirectUri() + "&nonce=" + id4meSessionData.getNonce();
        String encodeToString = Base64.getEncoder().encodeToString((id4meSessionData.getIauData().getClientId() + ":" + id4meSessionData.getIauData().getClientSecret()).getBytes(UTF_8));
        URL url = new URL(string);
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
        httpsURLConnection.setRequestMethod("POST");
        httpsURLConnection.setRequestProperty(CONTENT_TYPE, "application/x-www-form-urlencoded");
        httpsURLConnection.setRequestProperty(AUTHORIZATION, "Basic " + encodeToString);
        httpsURLConnection.setDoOutput(true);
        log.info("Get token: sending 'POST' request to URL: {} with parameters: {}", url, str2);
        DataOutputStream dataOutputStream = new DataOutputStream(httpsURLConnection.getOutputStream());
        Throwable th = null;
        try {
            try {
                dataOutputStream.writeBytes(str2);
                dataOutputStream.flush();
                if (dataOutputStream != null) {
                    if (0 != 0) {
                        try {
                            dataOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        dataOutputStream.close();
                    }
                }
                int responseCode = httpsURLConnection.getResponseCode();
                if (responseCode != 200) {
                    log.warn("Get token: Error response code: {}", Integer.valueOf(responseCode));
                    throw new Exception("Error " + responseCode + " on url " + string);
                }
                StringBuilder sb = new StringBuilder();
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpsURLConnection.getInputStream()));
                Throwable th3 = null;
                while (true) {
                    try {
                        try {
                            String readLine = bufferedReader.readLine();
                            if (readLine == null) {
                                break;
                            }
                            sb.append(readLine);
                        } catch (Throwable th4) {
                            if (bufferedReader != null) {
                                if (th3 != null) {
                                    try {
                                        bufferedReader.close();
                                    } catch (Throwable th5) {
                                        th3.addSuppressed(th5);
                                    }
                                } else {
                                    bufferedReader.close();
                                }
                            }
                            throw th4;
                        }
                    } finally {
                    }
                }
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th6) {
                            th3.addSuppressed(th6);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                log.info("Get token: Response: {}", sb);
                return new JSONObject(sb.toString());
            } finally {
            }
        } catch (Throwable th7) {
            if (dataOutputStream != null) {
                if (th != null) {
                    try {
                        dataOutputStream.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    dataOutputStream.close();
                }
            }
            throw th7;
        }
    }

    private JSONObject getUserinfo(Id4meSessionData id4meSessionData) throws Exception {
        String str = "_443._tcp." + id4meSessionData.getIag() + ".";
        Id4meResolver.LookupResponse lookupDane = this.resolver.lookupDane(str);
        if (lookupDane != null) {
            log.info("TLSA lookup response: {} = \"{}\", DNSSEC = {}", new Object[]{str, lookupDane.getData(), Boolean.valueOf(lookupDane.isDnssec())});
        } else {
            log.info("TLSA lookup failed");
        }
        String fetchUserinfo = fetchUserinfo(id4meSessionData.getIauData().getWellKnown().getString("userinfo_endpoint"), id4meSessionData.getAccessToken().getString("access_token"));
        JSONObject jSONObject = fetchUserinfo.trim().indexOf(123) == 0 ? new JSONObject(fetchUserinfo) : getPayloadFromJwt(fetchUserinfo.trim());
        if (jSONObject.has("_claim_sources") && jSONObject.has("_claim_names")) {
            jSONObject = getDistributedClaims(jSONObject);
        }
        return jSONObject;
    }

    private JSONObject getDistributedClaims(JSONObject jSONObject) throws Exception {
        JSONObject jSONObject2 = new JSONObject();
        JSONObject jSONObject3 = jSONObject.getJSONObject("_claim_sources");
        for (String str : JSONObject.getNames(jSONObject3)) {
            JSONObject jSONObject4 = jSONObject3.getJSONObject(str);
            String string = jSONObject4.getString("endpoint");
            String string2 = jSONObject4.getString("access_token");
            log.debug("Get distributed claims: accessToken: {}", string2);
            log.debug("Get distributed claims: endpoint:    {}", string);
            String fetchUserinfo = fetchUserinfo(string, string2);
            log.debug("Get distributed claims: response:    {}", fetchUserinfo);
            JSONObject jSONObject5 = fetchUserinfo.startsWith("{") ? new JSONObject(fetchUserinfo) : getPayloadFromJwt(fetchUserinfo);
            for (String str2 : JSONObject.getNames(jSONObject5)) {
                jSONObject2.put(str2, jSONObject5.get(str2));
            }
        }
        return jSONObject2;
    }

    private JSONObject getPayloadFromJwt(String str) {
        JSONObject jSONObject = null;
        if (str.indexOf(46) < 0) {
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put("payload", str);
            return jSONObject2;
        }
        String[] split = str.split("\\.");
        String str2 = new String(Base64.getDecoder().decode(split[0]));
        String str3 = new String(Base64.getDecoder().decode(split[1]));
        log.info("Userinfo extracted from token: header:  {}", str2);
        log.info("Userinfo extracted from token: payload: {}", str3);
        jSONObject = new JSONObject(str3);
        return jSONObject;
    }

    private String fetchUserinfo(String str, String str2) throws Exception {
        URL url = new URL(str);
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
        httpsURLConnection.setRequestMethod("GET");
        String buildAuthHeader = buildAuthHeader(str2);
        httpsURLConnection.setRequestProperty(AUTHORIZATION, buildAuthHeader);
        log.info("Fetch userinfo: URL:         {}", url);
        log.info("Fetch userinfo: authHeader:  {}", buildAuthHeader);
        InputStream inputStream = httpsURLConnection.getInputStream();
        StringBuilder sb = new StringBuilder();
        InputStreamReader inputStreamReader = new InputStreamReader(inputStream);
        Throwable th = null;
        try {
            BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
            Throwable th2 = null;
            while (true) {
                try {
                    try {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        sb.append(readLine);
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (bufferedReader != null) {
                        if (th2 != null) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th4) {
                                th2.addSuppressed(th4);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    throw th3;
                }
            }
            if (bufferedReader != null) {
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (Throwable th5) {
                        th2.addSuppressed(th5);
                    }
                } else {
                    bufferedReader.close();
                }
            }
            log.info("Fetch userinfo: response:    {}", sb);
            return sb.toString().trim();
        } finally {
            if (inputStreamReader != null) {
                if (0 != 0) {
                    try {
                        inputStreamReader.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    inputStreamReader.close();
                }
            }
        }
    }

    private String buildAuthHeader(String str) {
        return "Bearer " + str;
    }

    private void validateTokenSignature(JSONObject jSONObject, SignedJWT signedJWT, String str, String str2) throws Exception {
        JSONArray jSONArray = jSONObject.getJSONArray("keys");
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject2 = jSONArray.getJSONObject(i);
            String string = jSONObject2.getString("kid");
            log.debug("Validating token signature: kid: {}", string);
            if (string.equals(str)) {
                String upperCase = str2.toUpperCase();
                boolean z = -1;
                switch (upperCase.hashCode()) {
                    case 78251122:
                        if (upperCase.equals("RS256")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        if (!signedJWT.verify(new RSASSAVerifier((RSAPublicKey) RSAKey.parse(jSONObject2.toString()).toPublicKey()))) {
                            throw new Exception("Error on validating the token signature, kid=RS256, alg=RSA");
                        }
                        log.debug("Validating token signature: token RS256 signature valid");
                        return;
                    default:
                        throw new IllegalArgumentException("Unhandled value for header_alg: " + str2);
                }
            }
        }
        throw new Exception("No valid public key for token validation found!");
    }

    private void validateIdToken(Id4meSessionData id4meSessionData, JSONObject jSONObject) throws Exception {
        JSONObject accessToken = id4meSessionData.getAccessToken();
        log.debug("Validate Id token:          {}", accessToken);
        String string = accessToken.getString("id_token");
        String[] split = string.split("\\.");
        String str = new String(Base64.getDecoder().decode(split[0]));
        JSONObject jSONObject2 = new JSONObject(str);
        String str2 = new String(Base64.getDecoder().decode(split[1]));
        JSONObject jSONObject3 = new JSONObject(str2);
        log.debug("Validate Id token: header:  {}", str);
        log.debug("Validate Id token: payload: {}", str2);
        if (!jSONObject3.has("nonce")) {
            throw new Exception("Field nonce missing in ID token payload!");
        }
        if (!jSONObject2.has("kid")) {
            throw new Exception("Field kid missing in ID token payload!");
        }
        if (!jSONObject2.has("alg")) {
            throw new Exception("Field alg missing in ID token payload!");
        }
        if (!jSONObject3.has("exp")) {
            throw new Exception("Field exp missing in ID token payload!");
        }
        if (!jSONObject3.has("iss")) {
            throw new Exception("Field iss missing in ID token payload!");
        }
        if (!jSONObject3.has("sub")) {
            throw new Exception("Field sub missing in ID token payload!");
        }
        if (!jSONObject3.has("aud")) {
            throw new Exception("Field aud missing in ID token payload!");
        }
        if (!jSONObject3.has("iat")) {
            throw new Exception("Field iat missing in ID token payload!");
        }
        String string2 = jSONObject2.getString("kid");
        String string3 = jSONObject2.getString("alg");
        long j = jSONObject3.getLong("exp");
        String string4 = jSONObject3.getString("nonce");
        String nonce = id4meSessionData.getNonce();
        if (!id4meSessionData.getIauData().getWellKnown().getString("issuer").equals(jSONObject3.getString("iss"))) {
            throw new Exception("Error on validating the ID token request issuer != token payload iss!");
        }
        long j2 = j * 1000;
        log.debug("Validate Id token: token expiration threshold: {}", new Date(j2));
        if (System.currentTimeMillis() > j2) {
            throw new Exception("Token is expired!");
        }
        id4meSessionData.setTokenExpires(j2);
        if (!nonce.equals(string4)) {
            throw new Exception("Error on validating the ID token request nonce != token nonce!");
        }
        if (!string3.equalsIgnoreCase("RS256")) {
            throw new Exception("ID Token signature algorithm mismatch, expected RS256, found " + string3);
        }
        validateTokenSignature(jSONObject, (SignedJWT) JWTParser.parse(string), string2, string3);
    }

    private void validateAccessToken(Id4meSessionData id4meSessionData, JSONObject jSONObject) throws Exception {
        JSONObject accessToken = id4meSessionData.getAccessToken();
        log.debug("Validate access token:          {}", accessToken);
        String string = accessToken.getString("access_token");
        String[] split = string.split("\\.");
        String str = new String(Base64.getDecoder().decode(split[0]));
        JSONObject jSONObject2 = new JSONObject(str);
        String str2 = new String(Base64.getDecoder().decode(split[1]));
        log.debug("Validate access token: header:  {}", str);
        log.debug("Validate access token: payload: {}", str2);
        if (!jSONObject2.has("kid")) {
            throw new Exception("Field kid missing in token payload!");
        }
        if (!jSONObject2.has("alg")) {
            throw new Exception("Field alg missing in token payload!");
        }
        String string2 = jSONObject2.getString("kid");
        String string3 = jSONObject2.getString("alg");
        if (!string3.equalsIgnoreCase("RS256")) {
            throw new Exception("ID Token signature algorithm mismatch, expected RS256, found " + string3);
        }
        validateTokenSignature(jSONObject, (SignedJWT) JWTParser.parse(string), string2, string3);
        JSONObject jSONObject3 = new JSONObject(str2);
        if (jSONObject3.has("id4me")) {
            id4meSessionData.setId4me(jSONObject3.getString("id4me"));
        }
        id4meSessionData.setIdentityHandle(jSONObject3.getString("iss").trim() + "#" + jSONObject3.getString("sub").trim());
    }
}
