package org.wso2.carbon.apimgt.common.gateway.jwtgenerator;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jwt.JWTClaimsSet;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.util.Base64;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.common.gateway.constants.JWTConstants;
import org.wso2.carbon.apimgt.common.gateway.dto.JWTConfigurationDto;
import org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto;
import org.wso2.carbon.apimgt.common.gateway.exception.JWTGeneratorException;
import org.wso2.carbon.apimgt.common.gateway.util.JWTUtil;

/* loaded from: input_file:org/wso2/carbon/apimgt/common/gateway/jwtgenerator/AbstractAPIMgtGatewayJWTGenerator.class */
public abstract class AbstractAPIMgtGatewayJWTGenerator {
    public static final String NONE = "NONE";
    public static final String SHA256_WITH_RSA = "SHA256withRSA";
    public static final String API_GATEWAY_ID = "wso2.org/products/am";
    public JWTConfigurationDto jwtConfigurationDto;
    public String dialectURI;
    public String signatureAlgorithm;
    private static final Log log = LogFactory.getLog(AbstractAPIMgtGatewayJWTGenerator.class);
    private static volatile long ttl = -1;

    public void setJWTConfigurationDto(JWTConfigurationDto jWTConfigurationDto) {
        this.jwtConfigurationDto = jWTConfigurationDto;
        this.dialectURI = jWTConfigurationDto.getConsumerDialectUri();
        if (this.dialectURI == null) {
            this.dialectURI = "http://wso2.org/claims";
        }
        this.signatureAlgorithm = jWTConfigurationDto.getSignatureAlgorithm();
        if (this.signatureAlgorithm == null || !(NONE.equals(this.signatureAlgorithm) || SHA256_WITH_RSA.equals(this.signatureAlgorithm))) {
            this.signatureAlgorithm = SHA256_WITH_RSA;
        }
    }

    public String generateToken(JWTInfoDto jWTInfoDto) throws JWTGeneratorException {
        String buildHeader = buildHeader();
        String buildBody = buildBody(jWTInfoDto);
        String encode = buildHeader != null ? encode(buildHeader.getBytes(Charset.defaultCharset())) : "";
        String str = "";
        try {
            str = encode(buildBody.getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
            log.debug("Error in encoding jwt body", e);
        }
        if (!SHA256_WITH_RSA.equals(this.signatureAlgorithm)) {
            return encode + '.' + str + '.';
        }
        byte[] signJWT = signJWT(encode + '.' + str);
        if (log.isDebugEnabled()) {
            log.debug("signed assertion value : " + new String(signJWT, Charset.defaultCharset()));
        }
        return encode + '.' + str + '.' + encode(signJWT);
    }

    public String buildHeader() throws JWTGeneratorException {
        String str = null;
        if (NONE.equals(this.signatureAlgorithm)) {
            str = "{\"typ\":\"JWT\",\"alg\":\"" + JWTUtil.getJWSCompliantAlgorithmCode(NONE) + "\"}";
        } else if (SHA256_WITH_RSA.equals(this.signatureAlgorithm)) {
            str = addCertToHeader();
        }
        return str;
    }

    public byte[] signJWT(String str) throws JWTGeneratorException {
        try {
            return JWTUtil.signJwt(str, this.jwtConfigurationDto.getPrivateKey(), this.signatureAlgorithm);
        } catch (Exception e) {
            throw new JWTGeneratorException(e);
        }
    }

    protected String addCertToHeader() throws JWTGeneratorException {
        try {
            return JWTUtil.generateHeader(this.jwtConfigurationDto.getPublicCert(), this.signatureAlgorithm);
        } catch (Exception e) {
            throw new JWTGeneratorException("Error in obtaining keystore", e);
        }
    }

    public String buildBody(JWTInfoDto jWTInfoDto) {
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        Map<String, Object> populateStandardClaims = populateStandardClaims(jWTInfoDto);
        for (Map.Entry<String, Object> entry : populateCustomClaims(jWTInfoDto).entrySet()) {
            if (!populateStandardClaims.containsKey(entry.getKey())) {
                populateStandardClaims.put(entry.getKey(), entry.getValue());
            } else if (log.isDebugEnabled()) {
                log.debug("Claim key " + entry.getKey() + " already exist");
            }
        }
        ObjectMapper objectMapper = new ObjectMapper();
        for (Map.Entry<String, Object> entry2 : populateStandardClaims.entrySet()) {
            Object value = entry2.getValue();
            if ((value instanceof String) && entry2.toString().contains("{")) {
                try {
                    builder.claim(entry2.getKey(), (Map) objectMapper.readValue(value.toString(), Map.class));
                } catch (IOException e) {
                    log.error(String.format("Error while reading claim values for %s", value), e);
                }
            } else if ((value instanceof String) && value.toString().contains("[\"") && value.toString().contains("\"]")) {
                try {
                    builder.claim(entry2.getKey(), (List) objectMapper.readValue(value.toString(), List.class));
                } catch (IOException e2) {
                    log.error("Error while reading claim values", e2);
                }
            } else if (JWTConstants.EXPIRY_TIME.equals(entry2.getKey())) {
                builder.claim(entry2.getKey(), new Date(TimeUnit.SECONDS.toMillis(Long.parseLong((String) entry2.getValue()))));
            } else if (JWTConstants.ISSUED_TIME.equals(entry2.getKey())) {
                builder.claim(entry2.getKey(), new Date(TimeUnit.SECONDS.toMillis(Long.parseLong((String) entry2.getValue()))));
            } else {
                builder.claim(entry2.getKey(), entry2.getValue());
            }
        }
        builder.jwtID(UUID.randomUUID().toString());
        return builder.build().toJSONObject().toString();
    }

    public String encode(byte[] bArr) throws JWTGeneratorException {
        return Base64.getUrlEncoder().encodeToString(bArr);
    }

    public String getDialectURI() {
        return this.dialectURI;
    }

    public abstract Map<String, Object> populateStandardClaims(JWTInfoDto jWTInfoDto);

    public abstract Map<String, Object> populateCustomClaims(JWTInfoDto jWTInfoDto);
}
