package org.openziti.identity;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SigningKeyResolver;
import java.net.URI;
import java.net.URL;
import java.net.URLConnection;
import java.security.Key;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.NotImplementedError;
import kotlin.collections.ArraysKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: ZitiJWT.kt */
@Metadata(mv = {1, 6, 0}, k = 1, xi = 48, d1 = {"��0\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000e\n\u0002\b\u000e\u0018�� \u001e2\u00020\u0001:\u0003\u001e\u001f B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006R\u000e\u0010\u0007\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R\u001b\u0010\b\u001a\u00020\t8FX\u0086\u0084\u0002¢\u0006\f\n\u0004\b\f\u0010\r\u001a\u0004\b\n\u0010\u000bR\u0011\u0010\u000e\u001a\u00020\u000f8F¢\u0006\u0006\u001a\u0004\b\u0010\u0010\u0011R\u001b\u0010\u0012\u001a\u00020\u00138FX\u0086\u0084\u0002¢\u0006\f\n\u0004\b\u0016\u0010\r\u001a\u0004\b\u0014\u0010\u0015R\u0011\u0010\u0017\u001a\u00020\u00138F¢\u0006\u0006\u001a\u0004\b\u0018\u0010\u0015R\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n��\u001a\u0004\b\u0019\u0010\u001aR\u001b\u0010\u001b\u001a\u00020\u00138FX\u0086\u0084\u0002¢\u0006\f\n\u0004\b\u001d\u0010\r\u001a\u0004\b\u001c\u0010\u0015¨\u0006!"}, d2 = {"Lorg/openziti/identity/ZitiJWT;", "", "cl", "Lio/jsonwebtoken/Claims;", "serverKey", "Ljava/security/Key;", "(Lio/jsonwebtoken/Claims;Ljava/security/Key;)V", "claims", "controller", "Ljava/net/URI;", "getController", "()Ljava/net/URI;", "controller$delegate", "Lkotlin/Lazy;", "enrollmentURL", "Ljava/net/URL;", "getEnrollmentURL", "()Ljava/net/URL;", "method", "", "getMethod", "()Ljava/lang/String;", "method$delegate", "name", "getName", "getServerKey", "()Ljava/security/Key;", "token", "getToken", "token$delegate", "Companion", "JwtTrustManager", "KeyResolver", "ziti"})
/* loaded from: input_file:org/openziti/identity/ZitiJWT.class */
public final class ZitiJWT {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private final Key serverKey;

    @NotNull
    private final Claims claims;

    @NotNull
    private final Lazy controller$delegate;

    @NotNull
    private final Lazy token$delegate;

    @NotNull
    private final Lazy method$delegate;

    /* compiled from: ZitiJWT.kt */
    @Metadata(mv = {1, 6, 0}, k = 1, xi = 48, d1 = {"��\u0018\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u000e\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u0006¨\u0006\u0007"}, d2 = {"Lorg/openziti/identity/ZitiJWT$Companion;", "", "()V", "fromJWT", "Lorg/openziti/identity/ZitiJWT;", "jwt", "", "ziti"})
    /* loaded from: input_file:org/openziti/identity/ZitiJWT$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        @NotNull
        public final ZitiJWT fromJWT(@NotNull String jwt) {
            Intrinsics.checkNotNullParameter(jwt, "jwt");
            JwtTrustManager jwtTrustManager = new JwtTrustManager();
            Object body = Jwts.parserBuilder().setSigningKeyResolver(new KeyResolver(jwtTrustManager)).build().parse(jwt).getBody();
            if (body == null) {
                throw new NullPointerException("null cannot be cast to non-null type io.jsonwebtoken.Claims");
            }
            return new ZitiJWT((Claims) body, jwtTrustManager.getServerKey());
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: ZitiJWT.kt */
    @Metadata(mv = {1, 6, 0}, k = 1, xi = 48, d1 = {"��4\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u0001\n��\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\u0006\u0018��2\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J)\u0010\t\u001a\u00020\n2\u0010\u0010\u000b\u001a\f\u0012\u0006\b\u0001\u0012\u00020\r\u0018\u00010\f2\b\u0010\u000e\u001a\u0004\u0018\u00010\u000fH\u0016¢\u0006\u0002\u0010\u0010J'\u0010\u0011\u001a\u00020\u00122\u0010\u0010\u0013\u001a\f\u0012\u0006\b\u0001\u0012\u00020\r\u0018\u00010\f2\u0006\u0010\u0014\u001a\u00020\u000fH\u0016¢\u0006\u0002\u0010\u0015J\u0013\u0010\u0016\u001a\b\u0012\u0004\u0012\u00020\r0\fH\u0016¢\u0006\u0002\u0010\u0017R\u001a\u0010\u0003\u001a\u00020\u0004X\u0086.¢\u0006\u000e\n��\u001a\u0004\b\u0005\u0010\u0006\"\u0004\b\u0007\u0010\b¨\u0006\u0018"}, d2 = {"Lorg/openziti/identity/ZitiJWT$JwtTrustManager;", "Ljavax/net/ssl/X509TrustManager;", "()V", "serverKey", "Ljava/security/Key;", "getServerKey", "()Ljava/security/Key;", "setServerKey", "(Ljava/security/Key;)V", "checkClientTrusted", "", "p0", "", "Ljava/security/cert/X509Certificate;", "p1", "", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;)Ljava/lang/Void;", "checkServerTrusted", "", "certs", "authType", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;)V", "getAcceptedIssuers", "()[Ljava/security/cert/X509Certificate;", "ziti"})
    /* loaded from: input_file:org/openziti/identity/ZitiJWT$JwtTrustManager.class */
    public static final class JwtTrustManager implements X509TrustManager {
        public Key serverKey;

        @NotNull
        public final Key getServerKey() {
            Key key = this.serverKey;
            if (key != null) {
                return key;
            }
            Intrinsics.throwUninitializedPropertyAccessException("serverKey");
            return null;
        }

        public final void setServerKey(@NotNull Key key) {
            Intrinsics.checkNotNullParameter(key, "<set-?>");
            this.serverKey = key;
        }

        @Override // javax.net.ssl.X509TrustManager
        @NotNull
        public Void checkClientTrusted(@Nullable X509Certificate[] x509CertificateArr, @Nullable String str) {
            throw new NotImplementedError(Intrinsics.stringPlus("An operation is not implemented: ", "not needed"));
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(@Nullable X509Certificate[] x509CertificateArr, @NotNull String authType) {
            PublicKey publicKey;
            Intrinsics.checkNotNullParameter(authType, "authType");
            if (x509CertificateArr == null) {
                publicKey = null;
            } else {
                X509Certificate x509Certificate = (X509Certificate) ArraysKt.first(x509CertificateArr);
                publicKey = x509Certificate == null ? null : x509Certificate.getPublicKey();
            }
            if (publicKey == null) {
                throw new IllegalStateException("Required value was null.".toString());
            }
            setServerKey(publicKey);
        }

        @Override // javax.net.ssl.X509TrustManager
        @NotNull
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* compiled from: ZitiJWT.kt */
    @Metadata(mv = {1, 6, 0}, k = 1, xi = 48, d1 = {"��.\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0010\u0001\n��\n\u0002\u0010\u000e\n��\u0018��2\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u001e\u0010\u0007\u001a\u0004\u0018\u00010\b2\n\u0010\t\u001a\u0006\u0012\u0002\b\u00030\n2\u0006\u0010\u000b\u001a\u00020\fH\u0016J\u001c\u0010\u0007\u001a\u00020\r2\n\u0010\t\u001a\u0006\u0012\u0002\b\u00030\n2\u0006\u0010\u000e\u001a\u00020\u000fH\u0016R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\u0005\u0010\u0006¨\u0006\u0010"}, d2 = {"Lorg/openziti/identity/ZitiJWT$KeyResolver;", "Lio/jsonwebtoken/SigningKeyResolver;", "tm", "Lorg/openziti/identity/ZitiJWT$JwtTrustManager;", "(Lorg/openziti/identity/ZitiJWT$JwtTrustManager;)V", "getTm", "()Lorg/openziti/identity/ZitiJWT$JwtTrustManager;", "resolveSigningKey", "Ljava/security/Key;", "header", "Lio/jsonwebtoken/JwsHeader;", "claims", "Lio/jsonwebtoken/Claims;", "", "plaintext", "", "ziti"})
    /* loaded from: input_file:org/openziti/identity/ZitiJWT$KeyResolver.class */
    public static final class KeyResolver implements SigningKeyResolver {

        @NotNull
        private final JwtTrustManager tm;

        public KeyResolver(@NotNull JwtTrustManager tm) {
            Intrinsics.checkNotNullParameter(tm, "tm");
            this.tm = tm;
        }

        @NotNull
        public final JwtTrustManager getTm() {
            return this.tm;
        }

        @Override // io.jsonwebtoken.SigningKeyResolver
        @Nullable
        public Key resolveSigningKey(@NotNull JwsHeader<?> header, @NotNull Claims claims) {
            Intrinsics.checkNotNullParameter(header, "header");
            Intrinsics.checkNotNullParameter(claims, "claims");
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(null, new JwtTrustManager[]{getTm()}, new SecureRandom());
            URLConnection openConnection = URI.create(String.valueOf(claims.get(Claims.ISSUER))).toURL().openConnection();
            if (openConnection == null) {
                throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.HttpsURLConnection");
            }
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) openConnection;
            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
            try {
                httpsURLConnection.connect();
                Key serverKey = this.tm.getServerKey();
                httpsURLConnection.disconnect();
                return serverKey;
            } catch (Throwable th) {
                httpsURLConnection.disconnect();
                throw th;
            }
        }

        @NotNull
        public Void resolveSigningKey(@NotNull JwsHeader<?> header, @NotNull String plaintext) {
            Intrinsics.checkNotNullParameter(header, "header");
            Intrinsics.checkNotNullParameter(plaintext, "plaintext");
            throw new NotImplementedError(null, 1, null);
        }

        @Override // io.jsonwebtoken.SigningKeyResolver
        /* renamed from: resolveSigningKey, reason: collision with other method in class */
        public /* bridge */ /* synthetic */ Key mo2572resolveSigningKey(JwsHeader jwsHeader, String str) {
            return (Key) resolveSigningKey((JwsHeader<?>) jwsHeader, str);
        }
    }

    public ZitiJWT(@NotNull Claims cl, @NotNull Key serverKey) {
        Intrinsics.checkNotNullParameter(cl, "cl");
        Intrinsics.checkNotNullParameter(serverKey, "serverKey");
        this.serverKey = serverKey;
        this.claims = cl;
        this.controller$delegate = LazyKt.lazy(new Function0<URI>() { // from class: org.openziti.identity.ZitiJWT$controller$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // kotlin.jvm.functions.Function0
            /* renamed from: invoke */
            public final URI invoke2() {
                Claims claims;
                claims = ZitiJWT.this.claims;
                return URI.create((String) claims.get(Claims.ISSUER, String.class));
            }
        });
        this.token$delegate = LazyKt.lazy(new Function0<String>() { // from class: org.openziti.identity.ZitiJWT$token$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // kotlin.jvm.functions.Function0
            /* renamed from: invoke */
            public final String invoke2() {
                Claims claims;
                claims = ZitiJWT.this.claims;
                return (String) claims.get(Claims.ID, String.class);
            }
        });
        this.method$delegate = LazyKt.lazy(new Function0<String>() { // from class: org.openziti.identity.ZitiJWT$method$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // kotlin.jvm.functions.Function0
            /* renamed from: invoke */
            public final String invoke2() {
                Claims claims;
                claims = ZitiJWT.this.claims;
                return (String) claims.get("em", String.class);
            }
        });
    }

    @NotNull
    public final Key getServerKey() {
        return this.serverKey;
    }

    @NotNull
    public final URI getController() {
        Object value = this.controller$delegate.getValue();
        Intrinsics.checkNotNullExpressionValue(value, "<get-controller>(...)");
        return (URI) value;
    }

    @NotNull
    public final String getToken() {
        Object value = this.token$delegate.getValue();
        Intrinsics.checkNotNullExpressionValue(value, "<get-token>(...)");
        return (String) value;
    }

    @NotNull
    public final String getMethod() {
        Object value = this.method$delegate.getValue();
        Intrinsics.checkNotNullExpressionValue(value, "<get-method>(...)");
        return (String) value;
    }

    @NotNull
    public final String getName() {
        Object obj = this.claims.get(Claims.SUBJECT, String.class);
        Intrinsics.checkNotNullExpressionValue(obj, "claims.get(\"sub\", String::class.java)");
        return (String) obj;
    }

    @NotNull
    public final URL getEnrollmentURL() {
        URL url = getController().resolve("/enroll?method=" + getMethod() + "&token=" + getToken()).toURL();
        Intrinsics.checkNotNullExpressionValue(url, "controller.resolve(\"/enr…&token=${token}\").toURL()");
        return url;
    }
}
