package org.wso2.carbon.apimgt.gateway.common.util;

import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.Base64;
import org.wso2.carbon.apimgt.gateway.APIMgtGatewayConstants;
import org.wso2.carbon.apimgt.gateway.common.exception.JWTGeneratorException;
import org.wso2.carbon.apimgt.gateway.common.jwtgenerator.JWTSignatureAlg;

/* loaded from: input_file:org/wso2/carbon/apimgt/gateway/common/util/JWTUtil.class */
public final class JWTUtil {
    private static final String NONE = "NONE";
    private static final String SHA256_WITH_RSA = "SHA256withRSA";

    public static String getJWSCompliantAlgorithmCode(String str) {
        return (str == null || "NONE".equals(str)) ? JWTSignatureAlg.NONE.getJwsCompliantCode() : "SHA256withRSA".equals(str) ? JWTSignatureAlg.SHA256_WITH_RSA.getJwsCompliantCode() : str;
    }

    public static String generateHeader(Certificate certificate, String str) throws JWTGeneratorException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(certificate.getEncoded());
            String encodeToString = Base64.getUrlEncoder().encodeToString(hexify(messageDigest.digest()).getBytes(APIMgtGatewayConstants.UTF8));
            return "{\"typ\":\"JWT\",\"alg\":\"" + getJWSCompliantAlgorithmCode(str) + "\",\"x5t\":\"" + encodeToString + "\",\"kid\":\"" + getKID(encodeToString, getJWSCompliantAlgorithmCode(str)) + APIMgtGatewayConstants.BACKWARD_SLASH + "}";
        } catch (UnsupportedEncodingException | NoSuchAlgorithmException | CertificateEncodingException e) {
            throw new JWTGeneratorException("Error in generating public certificate thumbprint", e);
        }
    }

    public static String hexify(byte[] bArr) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            sb.append(cArr[(b & 240) >> 4]);
            sb.append(cArr[b & 15]);
        }
        return sb.toString();
    }

    private static String getKID(String str, String str2) {
        return str + "_" + str2;
    }

    public static byte[] signJwt(String str, PrivateKey privateKey, String str2) throws JWTGeneratorException {
        try {
            Signature signature = Signature.getInstance(str2);
            signature.initSign(privateKey);
            signature.update(str.getBytes(Charset.defaultCharset()));
            return signature.sign();
        } catch (InvalidKeyException e) {
            throw new JWTGeneratorException("Invalid private key provided for signing", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new JWTGeneratorException("Signature algorithm not found", e2);
        } catch (SignatureException e3) {
            throw new JWTGeneratorException("Error while signing JWT", e3);
        }
    }
}
