package org.wso2.carbon.apimgt.impl.utils;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.SignedJWT;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.cert.Certificate;
import java.security.interfaces.RSAPublicKey;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.impl.MethodTimeLogger;

/* loaded from: input_file:org/wso2/carbon/apimgt/impl/utils/JWTUtil.class */
public class JWTUtil {
    private static final Log log;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;

    /* loaded from: input_file:org/wso2/carbon/apimgt/impl/utils/JWTUtil$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return JWTUtil.retrieveJWKSConfiguration_aroundBody0((String) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/impl/utils/JWTUtil$AjcClosure3.class */
    public class AjcClosure3 extends AroundClosure {
        public AjcClosure3(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(JWTUtil.verifyTokenSignature_aroundBody2((SignedJWT) objArr2[0], (RSAPublicKey) objArr2[1], (JoinPoint) objArr2[2]));
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/impl/utils/JWTUtil$AjcClosure5.class */
    public class AjcClosure5 extends AroundClosure {
        public AjcClosure5(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return Conversions.booleanObject(JWTUtil.verifyTokenSignature_aroundBody4((SignedJWT) objArr2[0], (String) objArr2[1], (JoinPoint) objArr2[2]));
        }
    }

    static {
        ajc$preClinit();
        log = LogFactory.getLog(JWTUtil.class);
    }

    public static String retrieveJWKSConfiguration(String str) throws IOException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, (Object) null, (Object) null, str);
        return (MethodTimeLogger.pointCutAll() && MethodTimeLogger.isConfigEnabled()) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure1(new Object[]{str, makeJP}).linkClosureAndJoinPoint(65536)) : retrieveJWKSConfiguration_aroundBody0(str, makeJP);
    }

    public static boolean verifyTokenSignature(SignedJWT signedJWT, RSAPublicKey rSAPublicKey) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, (Object) null, (Object) null, signedJWT, rSAPublicKey);
        return (MethodTimeLogger.pointCutAll() && MethodTimeLogger.isConfigEnabled()) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure3(new Object[]{signedJWT, rSAPublicKey, makeJP}).linkClosureAndJoinPoint(65536))) : verifyTokenSignature_aroundBody2(signedJWT, rSAPublicKey, makeJP);
    }

    public static boolean verifyTokenSignature(SignedJWT signedJWT, String str) throws APIManagementException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, (Object) null, (Object) null, signedJWT, str);
        return (MethodTimeLogger.pointCutAll() && MethodTimeLogger.isConfigEnabled()) ? Conversions.booleanValue(MethodTimeLogger.aspectOf().log(new AjcClosure5(new Object[]{signedJWT, str, makeJP}).linkClosureAndJoinPoint(65536))) : verifyTokenSignature_aroundBody4(signedJWT, str, makeJP);
    }

    /* JADX WARN: Finally extract failed */
    static final String retrieveJWKSConfiguration_aroundBody0(String str, JoinPoint joinPoint) {
        Throwable th;
        URL url = new URL(str);
        Throwable th2 = null;
        try {
            CloseableHttpClient httpClient = APIUtil.getHttpClient(url.getPort(), url.getProtocol());
            try {
                Throwable th3 = null;
                try {
                    CloseableHttpResponse execute = httpClient.execute(new HttpGet(str));
                    try {
                        if (execute.getStatusLine().getStatusCode() != 200) {
                            if (execute != null) {
                                execute.close();
                            }
                            if (httpClient == null) {
                                return null;
                            }
                            httpClient.close();
                            return null;
                        }
                        th3 = null;
                        try {
                            InputStream content = execute.getEntity().getContent();
                            try {
                                String iOUtils = IOUtils.toString(content);
                                if (content != null) {
                                    content.close();
                                }
                                return iOUtils;
                            } catch (Throwable th4) {
                                if (content != null) {
                                    content.close();
                                }
                                throw th4;
                            }
                        } finally {
                        }
                    } finally {
                        if (execute != null) {
                            execute.close();
                        }
                    }
                } finally {
                }
            } finally {
                if (httpClient != null) {
                    httpClient.close();
                }
            }
        } catch (Throwable th5) {
            if (0 == 0) {
                th2 = th5;
            } else if (null != th5) {
                th2.addSuppressed(th5);
            }
            throw th2;
        }
    }

    static final boolean verifyTokenSignature_aroundBody2(SignedJWT signedJWT, RSAPublicKey rSAPublicKey, JoinPoint joinPoint) {
        JWSAlgorithm algorithm = signedJWT.getHeader().getAlgorithm();
        if (!JWSAlgorithm.RS256.equals(algorithm) && !JWSAlgorithm.RS512.equals(algorithm) && !JWSAlgorithm.RS384.equals(algorithm) && !JWSAlgorithm.PS256.equals(algorithm)) {
            log.error("Public key is not a RSA");
            return false;
        }
        try {
            return signedJWT.verify(new RSASSAVerifier(rSAPublicKey));
        } catch (JOSEException e) {
            log.error("Error while verifying JWT signature", e);
            return false;
        }
    }

    static final boolean verifyTokenSignature_aroundBody4(SignedJWT signedJWT, String str, JoinPoint joinPoint) {
        try {
            Certificate certificateFromParentTrustStore = APIUtil.getCertificateFromParentTrustStore(str);
            if (certificateFromParentTrustStore == null) {
                log.error("Couldn't find a public certificate with alias " + str + " to verify the signature");
                throw new APIManagementException("Couldn't find a public certificate with alias " + str + " to verify the signature");
            }
            JWSAlgorithm algorithm = signedJWT.getHeader().getAlgorithm();
            if (JWSAlgorithm.RS256.equals(algorithm) || JWSAlgorithm.RS512.equals(algorithm) || JWSAlgorithm.RS384.equals(algorithm)) {
                return verifyTokenSignature(signedJWT, (RSAPublicKey) certificateFromParentTrustStore.getPublicKey());
            }
            log.error("Public key is not RSA");
            throw new APIManagementException("Public key is not RSA");
        } catch (APIManagementException e) {
            throw new APIManagementException("Error retrieving certificate from truststore ", e);
        }
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("JWTUtil.java", JWTUtil.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("9", "retrieveJWKSConfiguration", "org.wso2.carbon.apimgt.impl.utils.JWTUtil", "java.lang.String", "jwksEndpoint", "java.io.IOException", "java.lang.String"), 52);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("9", "verifyTokenSignature", "org.wso2.carbon.apimgt.impl.utils.JWTUtil", "com.nimbusds.jwt.SignedJWT:java.security.interfaces.RSAPublicKey", "jwt:publicKey", "", "boolean"), 78);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("9", "verifyTokenSignature", "org.wso2.carbon.apimgt.impl.utils.JWTUtil", "com.nimbusds.jwt.SignedJWT:java.lang.String", "jwt:alias", "org.wso2.carbon.apimgt.api.APIManagementException", "boolean"), 104);
    }
}
