package org.wso2.micro.gateway.enforcer.security.jwt;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.SignedJWT;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.lang.annotation.Annotation;
import java.net.URL;
import java.net.URLClassLoader;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import org.apache.commons.io.IOUtils;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.wso2.carbon.apimgt.common.gateway.jwtgenerator.APIMgtGatewayJWTGeneratorImpl;
import org.wso2.carbon.apimgt.common.gateway.jwtgenerator.AbstractAPIMgtGatewayJWTGenerator;
import org.wso2.carbon.apimgt.common.gateway.jwttransformer.JWTTransformer;
import org.wso2.micro.gateway.enforcer.config.ConfigHolder;
import org.wso2.micro.gateway.enforcer.constants.Constants;
import org.wso2.micro.gateway.enforcer.constants.JwtConstants;
import org.wso2.micro.gateway.enforcer.exception.MGWException;
import org.wso2.micro.gateway.enforcer.security.jwt.validator.JWTConstants;
import org.wso2.micro.gateway.enforcer.util.FilterUtils;

/* loaded from: input_file:org/wso2/micro/gateway/enforcer/security/jwt/JWTUtil.class */
public class JWTUtil {
    private static final Logger log = LogManager.getLogger((Class<?>) JWTUtil.class);
    private static volatile long ttl = -1;

    public static String retrieveJWKSConfiguration(String str) throws IOException {
        CloseableHttpClient closeableHttpClient = (CloseableHttpClient) FilterUtils.getHttpClient(new URL(str).getProtocol());
        try {
            CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) new HttpGet(str));
            try {
                if (execute.getStatusLine().getStatusCode() != 200) {
                    if (execute != null) {
                        execute.close();
                    }
                    if (closeableHttpClient != null) {
                        closeableHttpClient.close();
                    }
                    return null;
                }
                InputStream content = execute.getEntity().getContent();
                try {
                    String iOUtils = IOUtils.toString(content);
                    if (content != null) {
                        content.close();
                    }
                    if (execute != null) {
                        execute.close();
                    }
                    if (closeableHttpClient != null) {
                        closeableHttpClient.close();
                    }
                    return iOUtils;
                } catch (Throwable th) {
                    if (content != null) {
                        try {
                            content.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                if (execute != null) {
                    try {
                        execute.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
                throw th3;
            }
        } catch (Throwable th5) {
            if (closeableHttpClient != null) {
                try {
                    closeableHttpClient.close();
                } catch (Throwable th6) {
                    th5.addSuppressed(th6);
                }
            }
            throw th5;
        }
    }

    public static boolean verifyTokenSignature(SignedJWT signedJWT, RSAPublicKey rSAPublicKey) {
        JWSAlgorithm algorithm = signedJWT.getHeader().getAlgorithm();
        if (!JWSAlgorithm.RS256.equals(algorithm) && !JWSAlgorithm.RS512.equals(algorithm) && !JWSAlgorithm.RS384.equals(algorithm)) {
            log.error("Public key is not a RSA");
            return false;
        }
        try {
            return signedJWT.verify(new RSASSAVerifier(rSAPublicKey));
        } catch (JOSEException e) {
            log.error("Error while verifying JWT signature", (Throwable) e);
            return false;
        }
    }

    public static boolean verifyTokenSignature(SignedJWT signedJWT, String str) throws MGWException {
        try {
            Certificate certificate = ConfigHolder.getInstance().getTrustStoreForJWT().getCertificate(str);
            if (certificate == null) {
                log.debug("Couldn't find a public certificate to verify the signature");
                throw new MGWException("Couldn't find a public certificate to verify the signature");
            }
            JWSAlgorithm algorithm = signedJWT.getHeader().getAlgorithm();
            if (JWSAlgorithm.RS256.equals(algorithm) || JWSAlgorithm.RS512.equals(algorithm) || JWSAlgorithm.RS384.equals(algorithm)) {
                return verifyTokenSignature(signedJWT, (RSAPublicKey) certificate.getPublicKey());
            }
            log.error("Public key is not RSA");
            throw new MGWException("Public key is not RSA");
        } catch (KeyStoreException e) {
            throw new MGWException("Error while retrieving the certificate for JWT verification.", e);
        }
    }

    public static PrivateKey getPrivateKey(String str) throws MGWException {
        try {
            return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(Files.readString(Paths.get(str, new String[0]), Charset.defaultCharset()).replace(Constants.BEGINING_OF_PRIVATE_KEY, "").replaceAll(System.lineSeparator(), "").replace(Constants.END_OF_PRIVATE_KEY, ""))));
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            log.debug("Error obtaining private key", e);
            throw new MGWException("Error obtaining private key");
        }
    }

    public static long getTTL() {
        return ttl * 1000;
    }

    public static AbstractAPIMgtGatewayJWTGenerator getApiMgtGatewayJWTGenerator() {
        String gatewayJWTGeneratorImpl = ConfigHolder.getInstance().getConfig().getJwtConfigurationDto().getGatewayJWTGeneratorImpl();
        AbstractAPIMgtGatewayJWTGenerator abstractAPIMgtGatewayJWTGenerator = null;
        if (gatewayJWTGeneratorImpl.equals(JWTConstants.DEFAULT_JWT_GENERATOR_CLASS_NAME)) {
            return new APIMgtGatewayJWTGeneratorImpl();
        }
        List<String> jarFilesList = getJarFilesList();
        for (int i = 0; i < jarFilesList.size(); i++) {
            try {
                String str = "/home/wso2/lib/dropins/" + jarFilesList.get(i);
                Enumeration<JarEntry> entries = new JarFile(str).entries();
                URLClassLoader newInstance = URLClassLoader.newInstance(new URL[]{new URL("jar:file:" + str + "!/")});
                while (entries.hasMoreElements()) {
                    JarEntry nextElement = entries.nextElement();
                    if (!nextElement.isDirectory() && nextElement.getName().endsWith(JwtConstants.CLASS)) {
                        String replace = nextElement.getName().substring(0, nextElement.getName().length() - 6).replace('/', '.');
                        if (gatewayJWTGeneratorImpl.equals(replace)) {
                            try {
                                abstractAPIMgtGatewayJWTGenerator = (AbstractAPIMgtGatewayJWTGenerator) newInstance.loadClass(replace).newInstance();
                                return abstractAPIMgtGatewayJWTGenerator;
                            } catch (IllegalAccessException | InstantiationException e) {
                                log.debug("Error in generating an object from the class", e);
                            }
                        }
                    }
                }
            } catch (IOException | ClassNotFoundException e2) {
                log.debug("Error in loading class", e2);
            }
        }
        return abstractAPIMgtGatewayJWTGenerator;
    }

    public static List<String> getJarFilesList() {
        ArrayList arrayList = new ArrayList();
        for (File file : new File(JwtConstants.DROPINS_FOLDER).listFiles()) {
            if (file.isFile() && file.getName().endsWith(JwtConstants.JAR)) {
                arrayList.add(file.getName());
            }
        }
        return arrayList;
    }

    public static Map<String, JWTTransformer> loadJWTTransformers() {
        List<String> jarFilesList = getJarFilesList();
        HashMap hashMap = new HashMap();
        for (int i = 0; i < jarFilesList.size(); i++) {
            try {
                String str = "/home/wso2/lib/dropins/" + jarFilesList.get(i);
                Enumeration<JarEntry> entries = new JarFile(str).entries();
                URLClassLoader newInstance = URLClassLoader.newInstance(new URL[]{new URL("jar:file:" + str + "!/")});
                while (entries.hasMoreElements()) {
                    JarEntry nextElement = entries.nextElement();
                    if (!nextElement.isDirectory() && nextElement.getName().endsWith(JwtConstants.CLASS)) {
                        Class loadClass = newInstance.loadClass(nextElement.getName().substring(0, nextElement.getName().length() - 6).replace('/', '.'));
                        try {
                            for (Annotation annotation : loadClass.getAnnotations()) {
                                if (annotation instanceof JwtTransformerAnnotation) {
                                    JwtTransformerAnnotation jwtTransformerAnnotation = (JwtTransformerAnnotation) annotation;
                                    if (jwtTransformerAnnotation.enabled()) {
                                        hashMap.put(jwtTransformerAnnotation.issuer(), (JWTTransformer) loadClass.newInstance());
                                    }
                                }
                            }
                        } catch (IllegalAccessException | InstantiationException e) {
                            log.debug("Error in generating an object from the class", e);
                        }
                    }
                }
            } catch (IOException | ClassNotFoundException e2) {
                log.debug("Error in loading class", e2);
            }
        }
        return hashMap;
    }
}
