package org.reaktivity.specification.nukleus.oauth.internal;

import com.hierynomus.asn1.encodingrules.der.DERDecoder;
import com.hierynomus.asn1.types.ASN1Tag;
import com.hierynomus.asn1.types.constructed.ASN1Sequence;
import com.hierynomus.asn1.types.primitive.ASN1Integer;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import java.util.function.Supplier;
import java.util.function.UnaryOperator;
import java.util.stream.Collectors;
import org.agrona.LangUtil;
import org.agrona.MutableDirectBuffer;
import org.agrona.concurrent.UnsafeBuffer;
import org.kaazing.k3po.lang.el.Function;
import org.kaazing.k3po.lang.el.spi.FunctionMapperSpi;
import org.reaktivity.specification.oauth.internal.types.control.OAuthResolveExFW;

/* loaded from: input_file:org/reaktivity/specification/nukleus/oauth/internal/OAuthFunctions.class */
public final class OAuthFunctions {
    private static final Map<String, Supplier<JwtHelper>> HELPER_FACTORIES;

    /* loaded from: input_file:org/reaktivity/specification/nukleus/oauth/internal/OAuthFunctions$JwtHelper.class */
    public static final class JwtHelper {
        private final KeyPair keyPair;
        private final String kind;
        private final String algorithm;
        private final List<String> claims;

        private JwtHelper(KeyPair keyPair, String str, String str2) {
            this.keyPair = keyPair;
            this.kind = str;
            this.algorithm = str2;
            this.claims = new ArrayList();
        }

        public JwtHelper expiresInSeconds(int i) {
            return claim("exp", Long.valueOf(TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis()) + i));
        }

        public JwtHelper claim(String str, Object... objArr) {
            if (objArr != null) {
                if (objArr.length == 1) {
                    Object obj = objArr[0];
                    this.claims.add(String.format(obj instanceof String ? "\"%s\":\"%s\"" : "\"%s\":%d", str, obj));
                } else {
                    StringBuilder sb = new StringBuilder();
                    sb.append(String.format("\"%s\":[", str));
                    for (int i = 0; i < objArr.length; i++) {
                        if (i > 0) {
                            sb.append(',');
                        }
                        Object obj2 = objArr[i];
                        sb.append(String.format(obj2 instanceof String ? "\"%s\"" : ":%d", obj2));
                    }
                    sb.append(']');
                    this.claims.add(sb.toString());
                }
            }
            return this;
        }

        public String sign() throws GeneralSecurityException {
            String format = String.format("{\"kid\":\"%s\",\"alg\":\"%s\"}", this.kind, this.kind);
            String str = (String) this.claims.stream().collect(Collectors.joining(",", "{", "}"));
            Base64.Encoder withoutPadding = Base64.getUrlEncoder().withoutPadding();
            String format2 = String.format("%s.%s", new String(withoutPadding.encode(format.getBytes(StandardCharsets.UTF_8)), StandardCharsets.US_ASCII), new String(withoutPadding.encode(str.getBytes(StandardCharsets.UTF_8)), StandardCharsets.US_ASCII));
            JwtSigner jwtSigner = JwtSigner.getInstance(this.algorithm);
            jwtSigner.initSign(this.keyPair.getPrivate());
            jwtSigner.update(format2.getBytes(StandardCharsets.US_ASCII));
            return String.format("%s.%s", format2, new String(withoutPadding.encode(jwtSigner.sign()), StandardCharsets.US_ASCII));
        }
    }

    /* loaded from: input_file:org/reaktivity/specification/nukleus/oauth/internal/OAuthFunctions$JwtSigner.class */
    private static final class JwtSigner {
        private static final Map<String, JwtSigner> SIGNERS;
        private final Signature signature;
        private final UnaryOperator<byte[]> decoder;
        static final /* synthetic */ boolean $assertionsDisabled;

        public static JwtSigner getInstance(String str) {
            return SIGNERS.computeIfAbsent(str, JwtSigner::newSigner);
        }

        public void initSign(PrivateKey privateKey) throws InvalidKeyException {
            this.signature.initSign(privateKey);
        }

        public void update(byte[] bArr) throws SignatureException {
            this.signature.update(bArr);
        }

        public byte[] sign() throws SignatureException {
            return (byte[]) this.decoder.apply(this.signature.sign());
        }

        static byte[] decodeDER(byte[] bArr) {
            ASN1Sequence aSN1Sequence = new ASN1Sequence.Parser(new DERDecoder()).parse(ASN1Tag.SEQUENCE, bArr).get(0);
            ASN1Integer aSN1Integer = aSN1Sequence.get(0);
            ASN1Integer aSN1Integer2 = aSN1Sequence.get(1);
            byte[] byteArray = aSN1Integer.getValue().toByteArray();
            byte[] byteArray2 = aSN1Integer2.getValue().toByteArray();
            int length = byteArray.length & 1;
            int length2 = byteArray.length - length;
            int length3 = byteArray2.length & 1;
            int length4 = byteArray2.length - length3;
            if (!$assertionsDisabled) {
                if (!((length == 0) ^ (byteArray[0] == 0))) {
                    throw new AssertionError();
                }
            }
            if (!$assertionsDisabled) {
                if (!((length3 == 0) ^ (byteArray2[0] == 0))) {
                    throw new AssertionError();
                }
            }
            byte[] bArr2 = new byte[length2 + length4];
            System.arraycopy(byteArray, length, bArr2, 0, length2);
            System.arraycopy(byteArray2, length3, bArr2, length2, length4);
            return bArr2;
        }

        private JwtSigner(Signature signature, UnaryOperator<byte[]> unaryOperator) {
            this.signature = signature;
            this.decoder = unaryOperator;
        }

        private static JwtSigner newSigner(String str) {
            JwtSigner jwtSigner = null;
            try {
                jwtSigner = new JwtSigner(Signature.getInstance(str), str.endsWith("withECDSA") ? JwtSigner::decodeDER : UnaryOperator.identity());
            } catch (NoSuchAlgorithmException e) {
                LangUtil.rethrowUnchecked(e);
            }
            return jwtSigner;
        }

        static {
            $assertionsDisabled = !OAuthFunctions.class.desiredAssertionStatus();
            SIGNERS = new ConcurrentHashMap();
        }
    }

    /* loaded from: input_file:org/reaktivity/specification/nukleus/oauth/internal/OAuthFunctions$Mapper.class */
    public static class Mapper extends FunctionMapperSpi.Reflective {
        public Mapper() {
            super(OAuthFunctions.class);
        }

        public String getPrefixName() {
            return "oauth";
        }
    }

    /* loaded from: input_file:org/reaktivity/specification/nukleus/oauth/internal/OAuthFunctions$OAuthResolveExBuilder.class */
    public static final class OAuthResolveExBuilder {
        private final OAuthResolveExFW.Builder resolveExRW;

        /* JADX WARN: Type inference failed for: r1v2, types: [org.reaktivity.specification.oauth.internal.types.control.OAuthResolveExFW$Builder] */
        private OAuthResolveExBuilder() {
            MutableDirectBuffer unsafeBuffer = new UnsafeBuffer(new byte[8192]);
            this.resolveExRW = new OAuthResolveExFW.Builder().wrap2(unsafeBuffer, 0, unsafeBuffer.capacity());
        }

        public OAuthResolveExBuilder issuer(String str) {
            this.resolveExRW.issuer(str);
            return this;
        }

        public OAuthResolveExBuilder audience(String str) {
            this.resolveExRW.audience(str);
            return this;
        }

        public byte[] build() {
            OAuthResolveExFW build = this.resolveExRW.build();
            byte[] bArr = new byte[build.sizeof()];
            build.buffer().getBytes(build.offset(), bArr);
            return bArr;
        }
    }

    @Function
    public static OAuthResolveExBuilder resolveEx() {
        return new OAuthResolveExBuilder();
    }

    @Function
    public static JwtHelper jwt(String str) {
        return HELPER_FACTORIES.get(str).get();
    }

    static JwtHelper jwt(KeyPair keyPair, String str, String str2) {
        return new JwtHelper(keyPair, str, str2);
    }

    static byte[] decodeIntegrity(byte[] bArr) {
        return JwtSigner.decodeDER(bArr);
    }

    private OAuthFunctions() {
    }

    static {
        HashMap hashMap = new HashMap();
        hashMap.put("RS256", () -> {
            return new JwtHelper(OAuthJwtKeys.RFC7515_RS256, "RS256", "SHA256withRSA");
        });
        hashMap.put("ES256", () -> {
            return new JwtHelper(OAuthJwtKeys.RFC7515_ES256, "ES256", "SHA256withECDSA");
        });
        HELPER_FACTORIES = Collections.unmodifiableMap(hashMap);
    }
}
