package org.wso2.carbon.apimgt.keymgt.token;

import com.nimbusds.jwt.JWTClaimsSet;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.TreeSet;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.reflect.Factory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.impl.dto.JwtTokenInfoDTO;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.keymgt.MethodStats;
import org.wso2.carbon.apimgt.keymgt.MethodTimeLogger;
import org.wso2.carbon.apimgt.keymgt.handlers.ResourceConstants;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/token/APIMJWTGenerator.class */
public class APIMJWTGenerator extends JWTGenerator {
    private static final Log log;
    private static final String SHA256_WITH_RSA = "SHA256withRSA";
    private static Base64.Encoder encoder;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;
    private String signatureAlgorithm = SHA256_WITH_RSA;
    private String userAttributeSeparator = ResourceConstants.ATTRIBUTE_VALUE_SEPERATER;

    /* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/token/APIMJWTGenerator$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return APIMJWTGenerator.generateJWT_aroundBody0((APIMJWTGenerator) objArr2[0], (JwtTokenInfoDTO) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/token/APIMJWTGenerator$AjcClosure3.class */
    public class AjcClosure3 extends AroundClosure {
        public AjcClosure3(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return APIMJWTGenerator.buildBody_aroundBody2((APIMJWTGenerator) objArr2[0], (JwtTokenInfoDTO) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/token/APIMJWTGenerator$AjcClosure5.class */
    public class AjcClosure5 extends AroundClosure {
        public AjcClosure5(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return APIMJWTGenerator.populateStandardClaims_aroundBody4((APIMJWTGenerator) objArr2[0], (JwtTokenInfoDTO) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    static {
        ajc$preClinit();
        log = LogFactory.getLog(APIMJWTGenerator.class);
        encoder = Base64.getUrlEncoder().withoutPadding();
    }

    public String generateJWT(JwtTokenInfoDTO jwtTokenInfoDTO) throws APIManagementException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, jwtTokenInfoDTO);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure1(new Object[]{this, jwtTokenInfoDTO, makeJP}).linkClosureAndJoinPoint(69648)) : generateJWT_aroundBody0(this, jwtTokenInfoDTO, makeJP);
    }

    public String buildBody(JwtTokenInfoDTO jwtTokenInfoDTO) throws APIManagementException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this, jwtTokenInfoDTO);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure3(new Object[]{this, jwtTokenInfoDTO, makeJP}).linkClosureAndJoinPoint(69648)) : buildBody_aroundBody2(this, jwtTokenInfoDTO, makeJP);
    }

    public Map<String, Object> populateStandardClaims(JwtTokenInfoDTO jwtTokenInfoDTO) throws APIManagementException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this, jwtTokenInfoDTO);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (Map) MethodTimeLogger.aspectOf().log(new AjcClosure5(new Object[]{this, jwtTokenInfoDTO, makeJP}).linkClosureAndJoinPoint(69648)) : populateStandardClaims_aroundBody4(this, jwtTokenInfoDTO, makeJP);
    }

    static final String generateJWT_aroundBody0(APIMJWTGenerator aPIMJWTGenerator, JwtTokenInfoDTO jwtTokenInfoDTO, JoinPoint joinPoint) {
        String buildHeader = aPIMJWTGenerator.buildHeader(MultitenantUtils.getTenantAwareUsername(jwtTokenInfoDTO.getEndUserName()));
        String encodeToString = buildHeader != null ? encoder.encodeToString(buildHeader.getBytes(Charset.defaultCharset())) : "";
        String buildBody = aPIMJWTGenerator.buildBody(jwtTokenInfoDTO);
        String encodeToString2 = buildBody != null ? encoder.encodeToString(buildBody.getBytes()) : "";
        if (!SHA256_WITH_RSA.equals(aPIMJWTGenerator.signatureAlgorithm)) {
            return String.valueOf(encodeToString) + '.' + encodeToString2 + '.';
        }
        byte[] signJWT = aPIMJWTGenerator.signJWT(String.valueOf(encodeToString) + '.' + encodeToString2, MultitenantUtils.getTenantAwareUsername(jwtTokenInfoDTO.getEndUserName()));
        if (log.isDebugEnabled()) {
            log.debug("signed assertion value : " + new String(signJWT, Charset.defaultCharset()));
        }
        return String.valueOf(encodeToString) + '.' + encodeToString2 + '.' + encoder.encodeToString(signJWT);
    }

    static final String buildBody_aroundBody2(APIMJWTGenerator aPIMJWTGenerator, JwtTokenInfoDTO jwtTokenInfoDTO, JoinPoint joinPoint) {
        Map<String, Object> populateStandardClaims = aPIMJWTGenerator.populateStandardClaims(jwtTokenInfoDTO);
        String multiAttributeSeparator = aPIMJWTGenerator.getMultiAttributeSeparator(APIUtil.getTenantId(jwtTokenInfoDTO.getEndUserName()));
        if (StringUtils.isNotBlank(multiAttributeSeparator)) {
            aPIMJWTGenerator.userAttributeSeparator = multiAttributeSeparator;
        }
        if (populateStandardClaims == null) {
            return null;
        }
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        Iterator it = new TreeSet(populateStandardClaims.keySet()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            Object obj = populateStandardClaims.get(str);
            if (obj instanceof String) {
                String str2 = (String) obj;
                ArrayList arrayList = new ArrayList();
                if (aPIMJWTGenerator.userAttributeSeparator != null && str2.contains(aPIMJWTGenerator.userAttributeSeparator)) {
                    StringTokenizer stringTokenizer = new StringTokenizer(str2, aPIMJWTGenerator.userAttributeSeparator);
                    while (stringTokenizer.hasMoreElements()) {
                        String obj2 = stringTokenizer.nextElement().toString();
                        if (StringUtils.isNotBlank(obj2)) {
                            arrayList.add(obj2);
                        }
                    }
                    builder.claim(str, arrayList.toArray(new String[arrayList.size()]));
                } else if (ResourceConstants.EXP_PARAM_NAME.equals(str)) {
                    builder.claim(ResourceConstants.EXP_PARAM_NAME, new Date(Long.valueOf((String) populateStandardClaims.get(str)).longValue()));
                } else {
                    builder.claim(str, str2);
                }
            } else if (obj != null) {
                builder.claim(str, obj);
            }
        }
        return builder.build().toJSONObject().toJSONString();
    }

    static final Map populateStandardClaims_aroundBody4(APIMJWTGenerator aPIMJWTGenerator, JwtTokenInfoDTO jwtTokenInfoDTO, JoinPoint joinPoint) {
        long seconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
        long expirationTime = seconds + jwtTokenInfoDTO.getExpirationTime();
        String endUserName = jwtTokenInfoDTO.getEndUserName();
        LinkedHashMap linkedHashMap = new LinkedHashMap(20);
        String openIDConnectIDTokenIssuerIdentifier = OAuthServerConfiguration.getInstance().getOpenIDConnectIDTokenIssuerIdentifier();
        linkedHashMap.put("sub", endUserName);
        linkedHashMap.put("jti", UUID.randomUUID().toString());
        linkedHashMap.put("iss", openIDConnectIDTokenIssuerIdentifier);
        linkedHashMap.put("aud", jwtTokenInfoDTO.getAudience());
        linkedHashMap.put(ResourceConstants.IAT_PARAM_NAME, Long.valueOf(seconds));
        linkedHashMap.put(ResourceConstants.EXP_PARAM_NAME, Long.valueOf(expirationTime));
        linkedHashMap.put("scope", jwtTokenInfoDTO.getScopes());
        linkedHashMap.put("subscribedAPIs", jwtTokenInfoDTO.getSubscribedApiDTOList());
        linkedHashMap.put("tierInfo", jwtTokenInfoDTO.getSubscriptionPolicyDTOList());
        linkedHashMap.put("application", jwtTokenInfoDTO.getApplication());
        linkedHashMap.put("keytype", jwtTokenInfoDTO.getKeyType());
        linkedHashMap.put("consumerKey", jwtTokenInfoDTO.getConsumerKey());
        linkedHashMap.put("backendJwt", jwtTokenInfoDTO.getBackendJwt());
        return linkedHashMap;
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("APIMJWTGenerator.java", APIMJWTGenerator.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "generateJWT", "org.wso2.carbon.apimgt.keymgt.token.APIMJWTGenerator", "org.wso2.carbon.apimgt.impl.dto.JwtTokenInfoDTO", "jwtTokenInfoDTO", "org.wso2.carbon.apimgt.api.APIManagementException", "java.lang.String"), 56);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "buildBody", "org.wso2.carbon.apimgt.keymgt.token.APIMJWTGenerator", "org.wso2.carbon.apimgt.impl.dto.JwtTokenInfoDTO", "jwtTokenInfoDTO", "org.wso2.carbon.apimgt.api.APIManagementException", "java.lang.String"), 89);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "populateStandardClaims", "org.wso2.carbon.apimgt.keymgt.token.APIMJWTGenerator", "org.wso2.carbon.apimgt.impl.dto.JwtTokenInfoDTO", "jwtTokenInfoDTO", "org.wso2.carbon.apimgt.api.APIManagementException", "java.util.Map"), 139);
    }
}
