package org.wso2.carbon.apimgt.common.gateway.util;

import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParseException;
import com.google.gson.JsonParser;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.common.gateway.exception.JWTGeneratorException;
import org.wso2.carbon.apimgt.common.gateway.jwtgenerator.JWTSignatureAlg;
import org.wso2.choreo.connect.enforcer.subscription.SubscriptionDataStoreUtil;

/* loaded from: input_file:org/wso2/carbon/apimgt/common/gateway/util/JWTUtil.class */
public final class JWTUtil {
    private static final Log log = LogFactory.getLog(JWTUtil.class);
    private static final String NONE = "NONE";
    private static final String SHA256_WITH_RSA = "SHA256withRSA";

    public static String getJWSCompliantAlgorithmCode(String str) {
        return (str == null || "NONE".equals(str)) ? JWTSignatureAlg.NONE.getJwsCompliantCode() : "SHA256withRSA".equals(str) ? JWTSignatureAlg.SHA256_WITH_RSA.getJwsCompliantCode() : str;
    }

    public static String generateHeader(Certificate certificate, String str) throws JWTGeneratorException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(certificate.getEncoded());
            return "{\"typ\":\"JWT\",\"alg\":\"" + getJWSCompliantAlgorithmCode(str) + "\",\"x5t\":\"" + Base64.getUrlEncoder().encodeToString(hexify(messageDigest.digest()).getBytes("UTF-8")) + "\"}";
        } catch (UnsupportedEncodingException | NoSuchAlgorithmException | CertificateEncodingException e) {
            throw new JWTGeneratorException("Error in generating public certificate thumbprint", e);
        }
    }

    public static String hexify(byte[] bArr) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            sb.append(cArr[(b & 240) >> 4]);
            sb.append(cArr[b & 15]);
        }
        return sb.toString();
    }

    public static byte[] signJwt(String str, PrivateKey privateKey, String str2) throws JWTGeneratorException {
        try {
            Signature signature = Signature.getInstance(str2);
            signature.initSign(privateKey);
            signature.update(str.getBytes(Charset.defaultCharset()));
            return signature.sign();
        } catch (InvalidKeyException e) {
            throw new JWTGeneratorException("Invalid private key provided for signing", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new JWTGeneratorException("Signature algorithm not found", e2);
        } catch (SignatureException e3) {
            throw new JWTGeneratorException("Error while signing JWT", e3);
        }
    }

    public static Map<String, String> getJWTClaims(String str) {
        if (!StringUtils.isNotEmpty(str)) {
            return null;
        }
        HashMap hashMap = new HashMap();
        try {
            JsonElement parse = new JsonParser().parse(new String(org.apache.commons.codec.binary.Base64.decodeBase64(str.split(Pattern.quote(SubscriptionDataStoreUtil.DELEM_PERIOD))[1].getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
            if (parse.isJsonObject()) {
                for (Map.Entry<String, JsonElement> entry : parse.getAsJsonObject().entrySet()) {
                    if (entry.getValue().isJsonPrimitive()) {
                        hashMap.put(entry.getKey(), entry.getValue().getAsString());
                    } else if (entry.getValue().isJsonArray()) {
                        JsonArray asJsonArray = entry.getValue().getAsJsonArray();
                        ArrayList arrayList = new ArrayList();
                        Iterator<JsonElement> it = asJsonArray.iterator();
                        while (it.hasNext()) {
                            arrayList.add(it.next().getAsString());
                        }
                        hashMap.put(entry.getKey(), String.join("|", arrayList));
                    } else if (entry.getValue().isJsonObject()) {
                        getJWTClaimsArray(hashMap, (JsonObject) entry.getValue(), entry.getKey());
                    }
                }
            }
        } catch (JsonParseException e) {
            log.error("Error occurred while parsing jwt claims");
        }
        return hashMap;
    }

    private static void getJWTClaimsArray(Map<String, String> map, JsonObject jsonObject, String str) {
        if (jsonObject.isJsonObject()) {
            for (Map.Entry<String, JsonElement> entry : jsonObject.getAsJsonObject().entrySet()) {
                String concat = str.concat(SubscriptionDataStoreUtil.DELEM_PERIOD).concat(entry.getKey());
                if (entry.getValue().isJsonPrimitive()) {
                    map.put(concat, entry.getValue().getAsString());
                } else if (entry.getValue().isJsonArray()) {
                    JsonArray asJsonArray = entry.getValue().getAsJsonArray();
                    ArrayList arrayList = new ArrayList();
                    Iterator<JsonElement> it = asJsonArray.iterator();
                    while (it.hasNext()) {
                        arrayList.add(it.next().getAsString());
                    }
                    map.put(concat, String.join("|", arrayList));
                } else if (entry.getValue().isJsonObject()) {
                    getJWTClaimsArray(map, (JsonObject) entry.getValue(), concat);
                }
            }
        }
    }
}
