package org.iplass.mtp.impl.auth.oauth.idtoken;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.iplass.mtp.SystemException;
import org.iplass.mtp.impl.auth.oauth.MetaOAuthAuthorization;
import org.iplass.mtp.impl.auth.oauth.MetaOAuthClient;
import org.iplass.mtp.impl.auth.oauth.OAuthAuthorizationService;
import org.iplass.mtp.impl.auth.oauth.code.AuthorizationCode;
import org.iplass.mtp.impl.auth.oauth.jwt.CertificateKeyPair;
import org.iplass.mtp.impl.auth.oauth.jwt.JwtProcessor;
import org.iplass.mtp.impl.auth.oauth.token.AccessToken;

/* loaded from: input_file:org/iplass/mtp/impl/auth/oauth/idtoken/IdToken.class */
public class IdToken {
    private Map<String, Object> userInfoClaims;
    private String aud;
    private long exp;
    private long iat = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
    private long authTime;
    private String nonce;
    private String at;
    private String c;
    private OAuthAuthorizationService service;

    public IdToken(AuthorizationCode authorizationCode, AccessToken accessToken, MetaOAuthAuthorization.OAuthAuthorizationRuntime oAuthAuthorizationRuntime, MetaOAuthClient.OAuthClientRuntime oAuthClientRuntime, OAuthAuthorizationService oAuthAuthorizationService) {
        this.service = oAuthAuthorizationService;
        this.userInfoClaims = oAuthAuthorizationRuntime.userInfo(accessToken, oAuthClientRuntime);
        this.aud = oAuthClientRuntime.m32getMetaData().getName();
        this.exp = this.iat + oAuthAuthorizationService.getIdTokenLifetimeSeconds();
        this.authTime = authorizationCode.getRequest().getAuthTime();
        this.nonce = authorizationCode.getRequest().getNonce();
        this.at = accessToken.getTokenEncoded();
        this.c = authorizationCode.getCodeValue();
    }

    public String getTokenEncoded(String str) {
        JwtProcessor jwtProcessor = this.service.getJwtProcessor();
        if (this.service.getJwtKeyStore() == null) {
            throw new NullPointerException("jwtKeyStore not defined on OAuthAuthorizationService.");
        }
        CertificateKeyPair certificateKeyPair = this.service.getJwtKeyStore().getCertificateKeyPair();
        HashMap hashMap = new HashMap(this.userInfoClaims);
        hashMap.put("iss", str);
        hashMap.put("aud", this.aud);
        hashMap.put("exp", Long.valueOf(this.exp));
        hashMap.put("iat", Long.valueOf(this.iat));
        hashMap.put("auth_time", Long.valueOf(this.authTime));
        if (this.nonce != null) {
            hashMap.put("nonce", this.nonce);
        }
        if (this.at != null || this.c != null) {
            try {
                MessageDigest messageDigest = MessageDigest.getInstance(hashAlg(jwtProcessor.preferredAlgorithm(certificateKeyPair)));
                if (this.at != null) {
                    hashMap.put("at_hash", hashValue(this.at, messageDigest));
                }
                if (this.c != null) {
                    hashMap.put("c_hash", hashValue(this.c, messageDigest));
                }
            } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) {
                throw new SystemException(e);
            }
        }
        return jwtProcessor.encode(hashMap, certificateKeyPair);
    }

    private String hashValue(String str, MessageDigest messageDigest) throws UnsupportedEncodingException {
        byte[] digest = messageDigest.digest(str.getBytes("UTF-8"));
        return Base64.getUrlEncoder().withoutPadding().encodeToString(Arrays.copyOf(digest, digest.length / 2));
    }

    private String hashAlg(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case 66245349:
                if (str.equals("ES256")) {
                    z = true;
                    break;
                }
                break;
            case 66246401:
                if (str.equals("ES384")) {
                    z = 5;
                    break;
                }
                break;
            case 66248104:
                if (str.equals("ES512")) {
                    z = 9;
                    break;
                }
                break;
            case 69015912:
                if (str.equals("HS256")) {
                    z = false;
                    break;
                }
                break;
            case 69016964:
                if (str.equals("HS384")) {
                    z = 4;
                    break;
                }
                break;
            case 69018667:
                if (str.equals("HS512")) {
                    z = 8;
                    break;
                }
                break;
            case 76404080:
                if (str.equals("PS256")) {
                    z = 3;
                    break;
                }
                break;
            case 76405132:
                if (str.equals("PS384")) {
                    z = 7;
                    break;
                }
                break;
            case 76406835:
                if (str.equals("PS512")) {
                    z = 11;
                    break;
                }
                break;
            case 78251122:
                if (str.equals("RS256")) {
                    z = 2;
                    break;
                }
                break;
            case 78252174:
                if (str.equals("RS384")) {
                    z = 6;
                    break;
                }
                break;
            case 78253877:
                if (str.equals("RS512")) {
                    z = 10;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
            case true:
                return "SHA-256";
            case true:
            case true:
            case true:
            case true:
                return "SHA-384";
            case true:
            case true:
            case true:
            case true:
                return "SHA-512";
            default:
                throw new IllegalArgumentException("unknown jwtSignAlg:" + str);
        }
    }

    public Map<String, Object> getUserInfoClaims() {
        return this.userInfoClaims;
    }

    public String getAud() {
        return this.aud;
    }

    public long getExp() {
        return this.exp;
    }

    public long getIat() {
        return this.iat;
    }

    public long getAuthTime() {
        return this.authTime;
    }

    public String getNonce() {
        return this.nonce;
    }

    public String getAt() {
        return this.at;
    }

    public String getC() {
        return this.c;
    }
}
