package org.wso2.carbon.identity.oauth.endpoint.jwks;

import java.io.FileInputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.interfaces.RSAPublicKey;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONArray;
import org.json.JSONObject;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.core.util.IdentityIOStreamUtils;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.utils.CarbonUtils;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/identity/oauth/endpoint/jwks/JwksEndpoint.class */
public class JwksEndpoint {
    private static final Log log = LogFactory.getLog(JwksEndpoint.class);
    private static final char[] ENCODE_MAP = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_".toCharArray();
    private static final String alg = "RS256";
    private static final String use = "sig";
    private static final String kid = "d0ec514a32b6f88c0abd12a2840699bdd3deba9d";

    @GET
    @Produces({"application/json"})
    @Path("/jwks/{tenantDomain:([\\w.]+)?}")
    public String jwks(@PathParam("tenantDomain") String str) {
        RSAPublicKey rSAPublicKey;
        JSONObject jSONObject = new JSONObject();
        FileInputStream fileInputStream = null;
        try {
            try {
                if (StringUtils.isEmpty(str) || str.equals("carbon.super")) {
                    fileInputStream = new FileInputStream(CarbonUtils.getServerConfiguration().getFirstProperty("Security.KeyStore.Location"));
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    CarbonUtils.getServerConfiguration();
                    keyStore.load(fileInputStream, ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password").toCharArray());
                    CarbonUtils.getServerConfiguration();
                    rSAPublicKey = (RSAPublicKey) keyStore.getCertificate(ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.KeyAlias")).getPublicKey();
                } else {
                    int tenantId = IdentityTenantUtil.getTenantId(str);
                    if (tenantId < 1 && tenantId != -1234) {
                        log.error("The tenant is not existing");
                        IdentityIOStreamUtils.closeInputStream((InputStream) null);
                        return "The tenant is not existing";
                    }
                    rSAPublicKey = (RSAPublicKey) KeyStoreManager.getInstance(tenantId).getKeyStore(generateKSNameFromDomainName(str)).getCertificate(str).getPublicKey();
                }
                String base64EncodeUint = base64EncodeUint(rSAPublicKey.getModulus());
                String base64EncodeUint2 = base64EncodeUint(rSAPublicKey.getPublicExponent());
                String algorithm = rSAPublicKey.getAlgorithm();
                JSONArray jSONArray = new JSONArray();
                JSONObject jSONObject2 = new JSONObject();
                jSONObject2.put("kty", algorithm);
                jSONObject2.put("alg", alg);
                jSONObject2.put("use", use);
                jSONObject2.put("kid", kid);
                jSONObject2.put("n", base64EncodeUint);
                jSONObject2.put("e", base64EncodeUint2);
                jSONArray.put(jSONObject2);
                jSONObject.put("keys", jSONArray);
                IdentityIOStreamUtils.closeInputStream(fileInputStream);
                return jSONObject.toString();
            } catch (Exception e) {
                log.error("Error while generating the keyset");
                IdentityIOStreamUtils.closeInputStream((InputStream) null);
                return "Error while generating the keyset";
            }
        } catch (Throwable th) {
            IdentityIOStreamUtils.closeInputStream((InputStream) null);
            throw th;
        }
    }

    private String generateKSNameFromDomainName(String str) {
        return str.trim().replace(".", "-") + ".jks";
    }

    /* JADX WARN: Multi-variable type inference failed */
    public String base64Encode(byte[] bArr, int i, int i2, boolean z) {
        int i3;
        int i4;
        int i5;
        Object[] objArr;
        StringBuilder sb = new StringBuilder(i2 * 3);
        for (int i6 = i; i6 < i + i2; i6 += 3) {
            int i7 = (bArr[i6] & 252) >> 2;
            int i8 = (bArr[i6] & 3) << 4;
            if (i6 + 1 < i + i2) {
                i3 = (bArr[i6 + 1] & 240) >> 4;
                i4 = (bArr[i6 + 1] & 15) << 2;
            } else {
                i3 = 0;
                i4 = 0;
            }
            if (i6 + 2 < i + i2) {
                i5 = (bArr[i6 + 2] & 192) >> 6;
                objArr = bArr[i6 + 2] & 63 ? 1 : 0;
            } else {
                i5 = 0;
                objArr = false;
            }
            if (i6 + 2 < i + i2) {
                sb.append(ENCODE_MAP[i7]);
                sb.append(ENCODE_MAP[i8 | i3]);
                sb.append(ENCODE_MAP[i4 | i5]);
                sb.append(ENCODE_MAP[objArr == true ? 1 : 0]);
            } else if (i6 + 1 < i + i2) {
                sb.append(ENCODE_MAP[i7]);
                sb.append(ENCODE_MAP[i8 | i3]);
                sb.append(ENCODE_MAP[i4]);
                if (z) {
                    sb.append('=');
                }
            } else {
                sb.append(ENCODE_MAP[i7]);
                sb.append(ENCODE_MAP[i8 | i3]);
                if (z) {
                    sb.append("==");
                }
            }
        }
        return sb.toString();
    }

    public String base64urlEncode(byte[] bArr) {
        return base64Encode(bArr, 0, bArr.length, false);
    }

    public String base64EncodeUint(BigInteger bigInteger) {
        return base64urlEncode(bigInteger.toByteArray());
    }
}
