package org.wso2.micro.gateway.jwt.generator;

import com.nimbusds.jwt.JWTClaimsSet;
import java.io.FileInputStream;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import net.minidev.json.JSONArray;
import net.minidev.json.JSONObject;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:org/wso2/micro/gateway/jwt/generator/AbstractMGWJWTGenerator.class */
public abstract class AbstractMGWJWTGenerator {
    private static final Logger logger = LogManager.getLogger(AbstractMGWJWTGenerator.class);
    private String dialectURI;
    private String signatureAlgorithm;
    private String keyStorePath;
    private String keyStorePassword;
    private String certificateAlias;
    private String privateKeyAlias;
    private int jwtExpiryTime;
    private ArrayList<String> restrictedClaims;
    private boolean cacheEnabled;
    private int cacheExpiry;
    private String tokenIssuer;
    private String[] tokenAudience;
    private Map<String, Object> apiDetails;
    private List<String> defaultRestrictedClaims = new ArrayList(Arrays.asList(MGWJWTGeneratorConstants.ISSUER_CLAIM, MGWJWTGeneratorConstants.SUB_CLAIM, MGWJWTGeneratorConstants.AUDIENCE_CLAIM, MGWJWTGeneratorConstants.EXP_CLAIM, MGWJWTGeneratorConstants.NBF_CLAIM, MGWJWTGeneratorConstants.IAT_CLAIM, MGWJWTGeneratorConstants.JTI_CLAIM, MGWJWTGeneratorConstants.APPLICATION_CLAIM, MGWJWTGeneratorConstants.TIER_INFO_CLAIM, MGWJWTGeneratorConstants.SUBSCRIBED_APIS_CLAIM, MGWJWTGeneratorConstants.KEY_TYPE_CLAIM));

    public AbstractMGWJWTGenerator(String str, String str2, String str3, String str4, String str5, String str6, int i, String[] strArr, boolean z, int i2, String str7, String[] strArr2) {
        this.keyStorePath = str3;
        this.keyStorePassword = str4;
        this.certificateAlias = str5;
        this.privateKeyAlias = str6;
        this.jwtExpiryTime = i;
        this.dialectURI = str;
        this.signatureAlgorithm = str2;
        this.cacheEnabled = z;
        this.cacheExpiry = i2;
        this.tokenIssuer = str7;
        this.tokenAudience = strArr2;
        this.restrictedClaims = new ArrayList<>(Arrays.asList(strArr));
        this.restrictedClaims.addAll(this.defaultRestrictedClaims);
    }

    public String getPrivateKeyAlias() {
        return this.privateKeyAlias;
    }

    public void setPrivateKeyAlias(String str) {
        this.privateKeyAlias = str;
    }

    public List<String> getDefaultRestrictedClaims() {
        return this.defaultRestrictedClaims;
    }

    public void setDefaultRestrictedClaims(List<String> list) {
        this.defaultRestrictedClaims = list;
    }

    public String getCertificateAlias() {
        return this.certificateAlias;
    }

    public void setCertificateAlias(String str) {
        this.certificateAlias = str;
    }

    public Map<String, Object> getApiDetails() {
        return this.apiDetails;
    }

    public void setApiDetails(Map<String, Object> map) {
        this.apiDetails = map;
    }

    public String[] getTokenAudience() {
        return this.tokenAudience;
    }

    public void setTokenAudience(String[] strArr) {
        this.tokenAudience = strArr;
    }

    public String getTokenIssuer() {
        return this.tokenIssuer;
    }

    public void setTokenIssuer(String str) {
        this.tokenIssuer = str;
    }

    public boolean isCacheEnabled() {
        return this.cacheEnabled;
    }

    public void setCacheEnabled(boolean z) {
        this.cacheEnabled = z;
    }

    public int getCacheExpiry() {
        return this.cacheExpiry;
    }

    public void setCacheExpiry(int i) {
        this.cacheExpiry = i;
    }

    public ArrayList<String> getRestrictedClaims() {
        return this.restrictedClaims;
    }

    public void setRestrictedClaims(ArrayList<String> arrayList) {
        this.restrictedClaims = arrayList;
    }

    public String getKeyStorePath() {
        return this.keyStorePath;
    }

    public void setKeyStorePath(String str) {
        this.keyStorePath = str;
    }

    public String getKeyStorePassword() {
        return this.keyStorePassword;
    }

    public void setKeyStorePassword(String str) {
        this.keyStorePassword = str;
    }

    public String getDialectURI() {
        return this.dialectURI;
    }

    public void setDialectURI(String str) {
        this.dialectURI = str;
    }

    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public void setSignatureAlgorithm(String str) {
        this.signatureAlgorithm = str;
    }

    public int getJwtExpiryTime() {
        return this.jwtExpiryTime;
    }

    public void setJwtExpiryTime(int i) {
        this.jwtExpiryTime = i;
    }

    public String generateToken(Map<String, Object> map) throws Exception {
        String buildHeader = buildHeader();
        String buildBody = buildBody(map);
        String encode = buildHeader != null ? encode(buildHeader.getBytes(Charset.defaultCharset())) : "";
        String encode2 = buildBody != null ? encode(buildBody.getBytes()) : "";
        if (MGWJWTGeneratorConstants.SHA256_WITH_RSA.equals(this.signatureAlgorithm)) {
            return encode + '.' + encode2 + '.' + encode(signJWT(encode + '.' + encode2));
        }
        return encode + '.' + encode2 + '.';
    }

    public String buildHeader() throws Exception {
        String str = null;
        if (MGWJWTGeneratorConstants.NONE.equals(this.signatureAlgorithm)) {
            HashMap hashMap = new HashMap();
            hashMap.put(MGWJWTGeneratorConstants.TOKEN_TYPE, MGWJWTGeneratorConstants.TOKEN_TYPE_JWT);
            hashMap.put(MGWJWTGeneratorConstants.ALGORITHM, MGWJWTGeneratorConstants.NONE.toLowerCase());
            str = new JSONObject(hashMap).toJSONString();
        } else if (MGWJWTGeneratorConstants.SHA256_WITH_RSA.equals(this.signatureAlgorithm)) {
            str = addCertToHeader();
        }
        return str;
    }

    public byte[] signJWT(String str) throws Exception {
        FileInputStream fileInputStream = new FileInputStream(this.keyStorePath);
        Throwable th = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(fileInputStream, this.keyStorePassword.toCharArray());
                Key key = keyStore.getKey(this.privateKeyAlias, this.keyStorePassword.toCharArray());
                Key key2 = null;
                if (key instanceof PrivateKey) {
                    key2 = key;
                }
                Signature signature = Signature.getInstance(this.signatureAlgorithm);
                signature.initSign((PrivateKey) key2);
                signature.update(str.getBytes(Charset.defaultCharset()));
                fileInputStream.close();
                byte[] sign = signature.sign();
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return sign;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    public long getTTL() {
        return this.cacheEnabled ? this.cacheExpiry : this.jwtExpiryTime;
    }

    public String addCertToHeader() throws Exception {
        FileInputStream fileInputStream = new FileInputStream(this.keyStorePath);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(fileInputStream, this.keyStorePassword.toCharArray());
        Certificate certificate = keyStore.getCertificate(this.certificateAlias);
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
        messageDigest.update(certificate.getEncoded());
        String encodeToString = Base64.getUrlEncoder().encodeToString(hexify(messageDigest.digest()).getBytes("UTF-8"));
        HashMap hashMap = new HashMap();
        hashMap.put(MGWJWTGeneratorConstants.TOKEN_TYPE, MGWJWTGeneratorConstants.TOKEN_TYPE_JWT);
        hashMap.put(MGWJWTGeneratorConstants.ALGORITHM, MGWJWTGeneratorConstants.RS_256);
        hashMap.put(MGWJWTGeneratorConstants.X5T_HEADER, encodeToString);
        JSONObject jSONObject = new JSONObject(hashMap);
        fileInputStream.close();
        return jSONObject.toJSONString();
    }

    public String buildBody(Map<String, Object> map) {
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        Map<String, Object> populateStandardClaims = populateStandardClaims(map);
        for (Map.Entry<String, Object> entry : populateCustomClaims(map, this.restrictedClaims).entrySet()) {
            if (!populateStandardClaims.containsKey(entry.getKey())) {
                populateStandardClaims.put(entry.getKey(), entry.getValue());
            } else if (logger.isDebugEnabled()) {
                logger.debug("Claim key " + entry.getKey() + " already exist");
            }
        }
        for (Map.Entry<String, Object> entry2 : populateStandardClaims.entrySet()) {
            builder.claim(entry2.getKey(), entry2.getValue());
        }
        return new JSONObject(builder.build().toJSONObject()).toJSONString();
    }

    public String encode(byte[] bArr) {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }

    public String hexify(byte[] bArr) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            sb.append(cArr[(b & 240) >> 4]);
            sb.append(cArr[b & 15]);
        }
        return sb.toString();
    }

    public JSONArray arrayToJSONArray(Object[] objArr) {
        JSONArray jSONArray = new JSONArray();
        jSONArray.addAll(Arrays.asList(objArr));
        return jSONArray;
    }

    public abstract Map<String, Object> populateStandardClaims(Map<String, Object> map);

    public abstract Map<String, Object> populateCustomClaims(Map<String, Object> map, ArrayList<String> arrayList);
}
