package org.wso2.carbon.identity.jwt.client.extension.util;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateKey;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.jwt.client.extension.dto.JWTConfig;
import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientConfigurationException;
import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException;
import org.wso2.carbon.identity.jwt.client.extension.internal.JWTClientExtensionDataHolder;
import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.utils.CarbonUtils;

/* loaded from: input_file:org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.class */
public class JWTClientUtil {
    private static final String HTTPS_PROTOCOL = "https";
    public static final String SIGNED_JWT_AUTH_USERNAME = "Username";
    private static final Log log = LogFactory.getLog(JWTClientUtil.class);
    private static final String JWT_CONFIG_FILE_NAME = "jwt.properties";
    private static final String TENANT_JWT_CONFIG_LOCATION = File.separator + "jwt-config" + File.separator + JWT_CONFIG_FILE_NAME;
    private static final String SUPERTENANT_JWT_CONFIG_LOCATION = CarbonUtils.getEtcCarbonConfigDirPath() + File.separator + JWT_CONFIG_FILE_NAME;

    public static HttpClient getHttpClient(String str) throws IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
        CloseableHttpClient createDefault;
        if (HTTPS_PROTOCOL.equals(str)) {
            SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
            sSLContextBuilder.loadTrustMaterial((KeyStore) null, new TrustSelfSignedStrategy());
            createDefault = HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(sSLContextBuilder.build())).build();
        } else {
            createDefault = HttpClients.createDefault();
        }
        return createDefault;
    }

    public static String getResponseString(HttpResponse httpResponse) throws IOException {
        BufferedReader bufferedReader = null;
        try {
            bufferedReader = new BufferedReader(new InputStreamReader(httpResponse.getEntity().getContent()));
            String str = "";
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                str = str + readLine;
            }
            String str2 = str;
            EntityUtils.consumeQuietly(httpResponse.getEntity());
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException e) {
                    log.warn("Error while closing the connection! " + e.getMessage());
                }
            }
            return str2;
        } catch (Throwable th) {
            EntityUtils.consumeQuietly(httpResponse.getEntity());
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException e2) {
                    log.warn("Error while closing the connection! " + e2.getMessage());
                }
            }
            throw th;
        }
    }

    public static void initialize(JWTClientManagerService jWTClientManagerService) throws RegistryException, IOException, JWTClientConfigurationException {
        File file = new File(SUPERTENANT_JWT_CONFIG_LOCATION);
        if (file.exists()) {
            InputStream inputStream = null;
            try {
                inputStream = file.toURI().toURL().openStream();
                Properties properties = new Properties();
                properties.load(inputStream);
                jWTClientManagerService.setDefaultJWTClient(properties);
                if (inputStream != null) {
                    inputStream.close();
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    inputStream.close();
                }
                throw th;
            }
        }
    }

    public static Resource getConfigRegistryResourceContent(int i, String str) throws RegistryException {
        try {
            Resource resource = null;
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(i, true);
            RegistryService registryService = JWTClientExtensionDataHolder.getInstance().getRegistryService();
            if (registryService != null) {
                UserRegistry configSystemRegistry = registryService.getConfigSystemRegistry(i);
                loadTenantRegistry(i);
                if (configSystemRegistry.resourceExists(str)) {
                    resource = configSystemRegistry.get(str);
                }
            }
            Resource resource2 = resource;
            PrivilegedCarbonContext.endTenantFlow();
            return resource2;
        } catch (Throwable th) {
            PrivilegedCarbonContext.endTenantFlow();
            throw th;
        }
    }

    public static void addJWTConfigResourceToRegistry(int i, String str) throws RegistryException {
        try {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(i, true);
            RegistryService registryService = JWTClientExtensionDataHolder.getInstance().getRegistryService();
            if (registryService != null) {
                UserRegistry configSystemRegistry = registryService.getConfigSystemRegistry(i);
                loadTenantRegistry(i);
                if (!configSystemRegistry.resourceExists(TENANT_JWT_CONFIG_LOCATION)) {
                    Resource newResource = configSystemRegistry.newResource();
                    newResource.setContent(str.getBytes());
                    configSystemRegistry.put(TENANT_JWT_CONFIG_LOCATION, newResource);
                }
            }
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }

    private static void loadTenantRegistry(int i) throws RegistryException {
        TenantRegistryLoader tenantRegistryLoader = JWTClientExtensionDataHolder.getInstance().getTenantRegistryLoader();
        JWTClientExtensionDataHolder.getInstance().getIndexLoaderService().loadTenantIndex(i);
        tenantRegistryLoader.loadTenantRegistry(i);
    }

    public static String generateSignedJWTAssertion(String str, JWTConfig jWTConfig, boolean z) throws JWTClientException {
        return generateSignedJWTAssertion(str, jWTConfig, z, null);
    }

    public static String generateSignedJWTAssertion(String str, JWTConfig jWTConfig, boolean z, Map<String, String> map) throws JWTClientException {
        RSAPrivateKey rSAPrivateKey;
        try {
            long currentTimeMillis = System.currentTimeMillis();
            String issuer = jWTConfig.getIssuer();
            if (issuer == null || issuer.isEmpty()) {
                return null;
            }
            long skew = currentTimeMillis + jWTConfig.getSkew();
            long issuedInternal = skew + (jWTConfig.getIssuedInternal() * 60 * 1000);
            long expirationTime = skew + (jWTConfig.getExpirationTime() * 60 * 1000);
            long validityPeriodFromCurrentTime = skew + (jWTConfig.getValidityPeriodFromCurrentTime() * 60 * 1000);
            String jti = jWTConfig.getJti();
            if (jti == null) {
                jti = skew + "" + new SecureRandom().nextInt();
            }
            List<String> audiences = jWTConfig.getAudiences();
            JWTClaimsSet jWTClaimsSet = new JWTClaimsSet();
            jWTClaimsSet.setIssueTime(new Date(issuedInternal));
            jWTClaimsSet.setExpirationTime(new Date(expirationTime));
            jWTClaimsSet.setIssuer(issuer);
            jWTClaimsSet.setSubject(str);
            jWTClaimsSet.setNotBeforeTime(new Date(validityPeriodFromCurrentTime));
            jWTClaimsSet.setJWTID(jti);
            jWTClaimsSet.setAudience(audiences);
            jWTClaimsSet.setClaim(SIGNED_JWT_AUTH_USERNAME, str);
            if (map != null && !map.isEmpty()) {
                for (String str2 : map.keySet()) {
                    jWTClaimsSet.setClaim(str2, map.get(str2));
                }
            }
            String keyStorePath = jWTConfig.getKeyStorePath();
            String privateKeyAlias = jWTConfig.getPrivateKeyAlias();
            String privateKeyPassword = jWTConfig.getPrivateKeyPassword();
            if (keyStorePath == null || keyStorePath.isEmpty()) {
                int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true);
                loadTenantRegistry(tenantId);
                if (-1234 == tenantId || z) {
                    PrivilegedCarbonContext.startTenantFlow();
                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(-1234);
                    rSAPrivateKey = (RSAPrivateKey) KeyStoreManager.getInstance(-1234).getDefaultPrivateKey();
                    PrivilegedCarbonContext.endTenantFlow();
                } else {
                    KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
                    String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true);
                    rSAPrivateKey = (RSAPrivateKey) keyStoreManager.getPrivateKey(tenantDomain.trim().replace('.', '-') + ".jks", tenantDomain);
                }
            } else {
                rSAPrivateKey = (RSAPrivateKey) loadKeyStore(new File(keyStorePath), jWTConfig.getKeyStorePassword(), "JKS").getKey(privateKeyAlias, privateKeyPassword.toCharArray());
            }
            RSASSASigner rSASSASigner = new RSASSASigner(rSAPrivateKey);
            SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), jWTClaimsSet);
            signedJWT.sign(rSASSASigner);
            return signedJWT.serialize();
        } catch (CertificateException e) {
            throw new JWTClientException("Failed loading the certificate from the keystore.", e);
        } catch (JOSEException e2) {
            throw new JWTClientException((Throwable) e2);
        } catch (IOException e3) {
            throw new JWTClientException("Failed parsing the keystore file.", e3);
        } catch (KeyStoreException e4) {
            throw new JWTClientException("Failed loading the keystore.", e4);
        } catch (NoSuchAlgorithmException e5) {
            throw new JWTClientException("No such algorithm found RS256.", e5);
        } catch (UnrecoverableKeyException e6) {
            throw new JWTClientException("Failed loading the keys from the keystore.", e6);
        } catch (Exception e7) {
            throw new JWTClientException("Failed loading the private key.", e7);
        }
    }

    private static KeyStore loadKeyStore(File file, String str, String str2) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        if (null == file) {
            throw new IllegalArgumentException("Keystore url may not be null");
        }
        URL url = file.toURI().toURL();
        KeyStore keyStore = KeyStore.getInstance(str2);
        InputStream inputStream = null;
        try {
            inputStream = url.openStream();
            keyStore.load(inputStream, null == str ? null : str.toCharArray());
            if (null != inputStream) {
                inputStream.close();
            }
            return keyStore;
        } catch (Throwable th) {
            if (null != inputStream) {
                inputStream.close();
            }
            throw th;
        }
    }
}
