package com.wso2.openbanking.accelerator.common.util;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SimpleSecurityContext;
import com.nimbusds.jose.util.DefaultResourceRetriever;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import com.wso2.openbanking.accelerator.common.config.OpenBankingConfigParser;
import com.wso2.openbanking.accelerator.common.constant.OpenBankingConstants;
import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.text.ParseException;
import java.util.Base64;
import java.util.Date;
import java.util.concurrent.ConcurrentHashMap;
import net.minidev.json.JSONObject;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/wso2/openbanking/accelerator/common/util/JWTUtils.class */
public class JWTUtils {
    private static final Log log = LogFactory.getLog(JWTUtils.class);
    private static final String RS = "RS";
    private static final String ALGORITHM_RSA = "RSA";

    public static JSONObject decodeRequestJWT(String str, String str2) throws ParseException {
        JSONObject jSONObject = new JSONObject();
        JWSObject parse = JWSObject.parse(str);
        if ("head".equals(str2)) {
            jSONObject = parse.getHeader().toJSONObject();
        } else if (OpenBankingConstants.JWT_BODY.equals(str2)) {
            jSONObject = parse.getPayload().toJSONObject();
        }
        return jSONObject;
    }

    @Generated(message = "Excluding from code coverage since can not call this method due to external https call")
    public static boolean validateJWTSignature(String str, String str2, String str3) throws ParseException, BadJOSEException, JOSEException, MalformedURLException {
        DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
        SignedJWT parse = JWTParser.parse(str);
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
        RemoteJWKSet remoteJWKSet = (RemoteJWKSet) concurrentHashMap.get(str2);
        if (remoteJWKSet == null) {
            int parseInt = Integer.parseInt(OpenBankingConfigParser.getInstance().getJWKSConnectionTimeOut());
            int parseInt2 = Integer.parseInt(OpenBankingConfigParser.getInstance().getJWKSReadTimeOut());
            if (parseInt == 0 && parseInt2 == 0) {
                parseInt = 3000;
                parseInt2 = 3000;
            }
            remoteJWKSet = new RemoteJWKSet(new URL(str2), new DefaultResourceRetriever(parseInt, parseInt2, 51200));
            concurrentHashMap.put(str2, remoteJWKSet);
        }
        defaultJWTProcessor.setJWSKeySelector(new JWSVerificationKeySelector(JWSAlgorithm.parse(str3), remoteJWKSet));
        defaultJWTProcessor.process(parse, new SimpleSecurityContext());
        return true;
    }

    @Generated(message = "Excluding from code coverage as KeyFactory does not initialize in testsuite")
    public static boolean isValidSignature(SignedJWT signedJWT, String str) throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException, OpenBankingException {
        return signedJWT.verify(new RSASSAVerifier((RSAPublicKey) getKeyFactory(signedJWT.getHeader().getAlgorithm().getName()).generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str)))));
    }

    public static boolean isValidJWSFormat(String str) {
        return !StringUtils.isBlank(str) && StringUtils.countMatches(str, OpenBankingConstants.DOT_SEPARATOR) == 2;
    }

    public static SignedJWT getSignedJWT(String str) throws ParseException {
        if (isValidJWSFormat(str)) {
            return SignedJWT.parse(str);
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Provided token identifier is not a parsable JWT: %s", str));
        }
        throw new IllegalArgumentException("Provided token identifier is not a parsable JWT.");
    }

    public static boolean isValidExpiryTime(Date date, long j) {
        if (date == null) {
            return false;
        }
        return System.currentTimeMillis() + (j * 1000) <= date.getTime();
    }

    public static boolean isValidNotValidBeforeTime(Date date, long j) {
        if (date == null) {
            return false;
        }
        return System.currentTimeMillis() + (j * 1000) >= date.getTime();
    }

    @Generated(message = "Excluding from code coverage as KeyFactory does not initialize in testsuite")
    private static KeyFactory getKeyFactory(String str) throws OpenBankingException, NoSuchAlgorithmException {
        if (str.indexOf(RS) == 0) {
            return KeyFactory.getInstance(ALGORITHM_RSA);
        }
        throw new OpenBankingException("Algorithm " + str + " not yet supported.");
    }
}
