package org.wso2.sample.identity.oauth2;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.crypto.RSADecrypter;
import com.nimbusds.jwt.EncryptedJWT;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Base64;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletOutputStream;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.minidev.json.JSONObject;
import org.apache.commons.lang.StringUtils;
import org.apache.xml.serialize.LineSeparator;
import org.wso2.securevault.definition.CipherInformation;

@WebServlet(name = "IDTokenDecrypterServlet")
/* loaded from: input_file:WEB-INF/classes/org/wso2/sample/identity/oauth2/IDTokenDecrypterServlet.class */
public class IDTokenDecrypterServlet extends HttpServlet {
    private static Logger LOGGER = Logger.getLogger(IDTokenDecrypterServlet.class.getName());

    @Override // javax.servlet.http.HttpServlet
    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter("idToken");
        String parameter2 = httpServletRequest.getParameter("privateKeyString");
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        if (StringUtils.isBlank(parameter2)) {
            httpServletResponse.setStatus(400);
            outputStream.print("Client private key cannot be empty!");
            return;
        }
        if (StringUtils.isBlank(parameter)) {
            httpServletResponse.setStatus(400);
            outputStream.print("Error occurred while decrypting: Empty id token received!");
            return;
        }
        httpServletResponse.setContentType("application/json");
        try {
            EncryptedJWT decryptJWE = decryptJWE(parameter, parameter2);
            JSONObject jSONObject = new JSONObject();
            JSONObject jSONObject2 = new JSONObject();
            for (Map.Entry<String, Object> entry : decryptJWE.getJWTClaimsSet().getClaims().entrySet()) {
                jSONObject2.put(entry.getKey(), entry.getValue());
            }
            jSONObject.put("claims", jSONObject2);
            jSONObject.put("header", decryptJWE.getHeader().toJSONObject());
            outputStream.print(jSONObject.toString());
        } catch (JOSEException | IllegalArgumentException | NoSuchAlgorithmException | ParseException e) {
            LOGGER.log(Level.SEVERE, e.getMessage(), (Throwable) e);
            httpServletResponse.setStatus(400);
            outputStream.print("Error occurred while decrypting id token.");
        } catch (InvalidKeySpecException e2) {
            LOGGER.log(Level.SEVERE, e2.getMessage(), (Throwable) e2);
            httpServletResponse.setStatus(400);
            outputStream.print("Invalid client private key.");
        }
    }

    private EncryptedJWT decryptJWE(String str, String str2) throws NoSuchAlgorithmException, InvalidKeySpecException, ParseException, JOSEException, IllegalArgumentException {
        PrivateKey generatePrivate = KeyFactory.getInstance(CipherInformation.DEFAULT_ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(str2.replace("\n", "").replace(LineSeparator.Macintosh, ""))));
        EncryptedJWT parse = EncryptedJWT.parse(str);
        parse.decrypt(new RSADecrypter((RSAPrivateKey) generatePrivate));
        return parse;
    }
}
