package org.wso2.carbon.apimgt.keymgt.token;

import com.nimbusds.jwt.JWTClaimsSet;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.TreeSet;
import java.util.UUID;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.impl.dto.JwtTokenInfoDTO;
import org.wso2.carbon.apimgt.impl.factory.KeyManagerHolder;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.keymgt.handlers.ResourceConstants;

/* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/token/APIMJWTGenerator.class */
public class APIMJWTGenerator extends JWTGenerator {
    private static final Log log = LogFactory.getLog(APIMJWTGenerator.class);
    private static final String SHA256_WITH_RSA = "SHA256withRSA";
    private static final String NONE = "NONE";
    private String signatureAlgorithm = SHA256_WITH_RSA;
    private String userAttributeSeparator = ResourceConstants.ATTRIBUTE_VALUE_SEPERATER;

    public String generateJWT(JwtTokenInfoDTO jwtTokenInfoDTO) throws APIManagementException {
        String buildHeader = buildHeader(jwtTokenInfoDTO);
        String encodeToString = buildHeader != null ? Base64.getUrlEncoder().encodeToString(buildHeader.getBytes(Charset.defaultCharset())) : "";
        String buildBody = buildBody(jwtTokenInfoDTO);
        String encodeToString2 = buildBody != null ? Base64.getUrlEncoder().encodeToString(buildBody.getBytes()) : "";
        if (!SHA256_WITH_RSA.equals(this.signatureAlgorithm)) {
            return encodeToString + '.' + encodeToString2 + '.';
        }
        byte[] signJWT = signJWT(encodeToString + '.' + encodeToString2, jwtTokenInfoDTO.getEndUserName());
        if (log.isDebugEnabled()) {
            log.debug("signed assertion value : " + new String(signJWT, Charset.defaultCharset()));
        }
        return encodeToString + '.' + encodeToString2 + '.' + Base64.getUrlEncoder().encodeToString(signJWT);
    }

    public String buildHeader(JwtTokenInfoDTO jwtTokenInfoDTO) throws APIManagementException {
        String str = null;
        if (NONE.equals(this.signatureAlgorithm)) {
            str = "{\"typ\":\"JWT\",\"alg\":\"" + getJWSCompliantAlgorithmCode(NONE) + "\"}";
        } else if (SHA256_WITH_RSA.equals(this.signatureAlgorithm)) {
            str = addCertToHeader(jwtTokenInfoDTO.getEndUserName());
        }
        return str;
    }

    public String buildBody(JwtTokenInfoDTO jwtTokenInfoDTO) throws APIManagementException {
        Map<String, Object> populateStandardClaims = populateStandardClaims(jwtTokenInfoDTO);
        String multiAttributeSeparator = getMultiAttributeSeparator(APIUtil.getTenantId(jwtTokenInfoDTO.getEndUserName()));
        if (StringUtils.isNotBlank(multiAttributeSeparator)) {
            this.userAttributeSeparator = multiAttributeSeparator;
        }
        if (populateStandardClaims == null) {
            return null;
        }
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        Iterator it = new TreeSet(populateStandardClaims.keySet()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            Object obj = populateStandardClaims.get(str);
            if (obj instanceof String) {
                String str2 = (String) obj;
                ArrayList arrayList = new ArrayList();
                if (this.userAttributeSeparator != null && str2.contains(this.userAttributeSeparator)) {
                    StringTokenizer stringTokenizer = new StringTokenizer(str2, this.userAttributeSeparator);
                    while (stringTokenizer.hasMoreElements()) {
                        String obj2 = stringTokenizer.nextElement().toString();
                        if (StringUtils.isNotBlank(obj2)) {
                            arrayList.add(obj2);
                        }
                    }
                    builder.claim(str, arrayList.toArray(new String[arrayList.size()]));
                } else if (ResourceConstants.EXP_PARAM_NAME.equals(str)) {
                    builder.claim(ResourceConstants.EXP_PARAM_NAME, new Date(Long.valueOf((String) populateStandardClaims.get(str)).longValue()));
                } else {
                    builder.claim(str, str2);
                }
            } else if (obj != null) {
                builder.claim(str, obj);
            }
        }
        return builder.build().toJSONObject().toJSONString();
    }

    public Map<String, Object> populateStandardClaims(JwtTokenInfoDTO jwtTokenInfoDTO) throws APIManagementException {
        long currentTimeMillis = System.currentTimeMillis();
        long expirationTime = currentTimeMillis + (jwtTokenInfoDTO.getExpirationTime() * 1000);
        String endUserName = jwtTokenInfoDTO.getEndUserName();
        LinkedHashMap linkedHashMap = new LinkedHashMap(20);
        String parameter = KeyManagerHolder.getKeyManagerInstance().getKeyManagerConfiguration().getParameter("TokenURL");
        linkedHashMap.put("sub", endUserName);
        linkedHashMap.put("jti", UUID.randomUUID().toString());
        linkedHashMap.put("iss", parameter);
        linkedHashMap.put("aud", jwtTokenInfoDTO.getAudience());
        linkedHashMap.put(ResourceConstants.IAT_PARAM_NAME, Long.valueOf(currentTimeMillis));
        linkedHashMap.put(ResourceConstants.EXP_PARAM_NAME, Long.valueOf(expirationTime));
        linkedHashMap.put("scope", jwtTokenInfoDTO.getScopes());
        linkedHashMap.put("subscribedAPIs", jwtTokenInfoDTO.getSubscribedApiDTOList());
        linkedHashMap.put("application", jwtTokenInfoDTO.getApplication());
        linkedHashMap.put("keytype", jwtTokenInfoDTO.getKeyType());
        linkedHashMap.put("consumerKey", jwtTokenInfoDTO.getConsumerKey());
        return linkedHashMap;
    }
}
