package org.wso2.choreo.connect.enforcer.security.jwt.issuer;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jwt.JWTClaimsSet;
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.Base64;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeSet;
import java.util.UUID;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.common.gateway.exception.JWTGeneratorException;
import org.wso2.carbon.apimgt.common.gateway.util.JWTUtil;
import org.wso2.choreo.connect.enforcer.config.ConfigHolder;
import org.wso2.choreo.connect.enforcer.config.dto.JWTIssuerConfigurationDto;
import org.wso2.choreo.connect.enforcer.constants.APIConstants;
import org.wso2.choreo.connect.enforcer.constants.Constants;
import org.wso2.choreo.connect.enforcer.security.TokenValidationContext;

/* loaded from: input_file:org/wso2/choreo/connect/enforcer/security/jwt/issuer/AbstractJWTIssuer.class */
public abstract class AbstractJWTIssuer implements TokenIssuer {
    private static final String SHA256_WITH_RSA = "SHA256withRSA";
    private static final String NONE = "NONE";
    private String signatureAlgorithm = "SHA256withRSA";
    public String dialectURI;
    JWTIssuerConfigurationDto jwtIssuerConfigurationDto;
    private static final Log log = LogFactory.getLog(AbstractJWTIssuer.class);
    private static volatile long ttl = -1;

    public AbstractJWTIssuer() {
        setJWTConfigurationDto();
    }

    public void setJWTConfigurationDto() {
        this.jwtIssuerConfigurationDto = ConfigHolder.getInstance().getConfig().getJwtIssuerConfigurationDto();
        this.dialectURI = this.jwtIssuerConfigurationDto.getConsumerDialectUri();
        this.signatureAlgorithm = this.jwtIssuerConfigurationDto.getSignatureAlgorithm();
        if (this.signatureAlgorithm == null || !(NONE.equals(this.signatureAlgorithm) || "SHA256withRSA".equals(this.signatureAlgorithm))) {
            this.signatureAlgorithm = "SHA256withRSA";
        }
    }

    public abstract Map<String, String> populateStandardClaims(TokenValidationContext tokenValidationContext) throws JWTGeneratorException;

    public String getDialectURI() {
        return this.dialectURI;
    }

    public String encode(byte[] bArr) throws JWTGeneratorException {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }

    @Override // org.wso2.choreo.connect.enforcer.security.jwt.issuer.TokenIssuer
    public String generateToken(TokenValidationContext tokenValidationContext) throws JWTGeneratorException {
        String buildHeader = buildHeader();
        String encode = buildHeader != null ? encode(buildHeader.getBytes(Charset.defaultCharset())) : "";
        String buildBody = buildBody(tokenValidationContext);
        String encode2 = buildBody != null ? encode(buildBody.getBytes()) : "";
        if (!"SHA256withRSA".equals(this.signatureAlgorithm)) {
            return encode + "." + encode2 + ".";
        }
        byte[] signJWT = signJWT(encode + "." + encode2, tokenValidationContext.getValidationInfoDTO().getEndUserName());
        if (log.isDebugEnabled()) {
            log.debug("signed assertion value : " + new String(signJWT, Charset.defaultCharset()));
        }
        return encode + "." + encode2 + "." + encode(signJWT);
    }

    public String buildHeader() throws JWTGeneratorException {
        String str = null;
        if (NONE.equals(this.signatureAlgorithm)) {
            str = "{\"typ\":\"JWT\",\"alg\":\"" + JWTUtil.getJWSCompliantAlgorithmCode(NONE) + "\"}";
        } else if ("SHA256withRSA".equals(this.signatureAlgorithm)) {
            str = addCertToHeader();
        }
        return str;
    }

    public String buildBody(TokenValidationContext tokenValidationContext) throws JWTGeneratorException {
        Map<String, String> populateStandardClaims = populateStandardClaims(tokenValidationContext);
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        if (populateStandardClaims != null) {
            Iterator it = new TreeSet(populateStandardClaims.keySet()).iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                String str2 = populateStandardClaims.get(str);
                if (str2 != null && str2.contains(Constants.START_BRACKET)) {
                    try {
                        builder.claim(str, (Map) new ObjectMapper().readValue(str2, Map.class));
                    } catch (IOException e) {
                        log.error(String.format("Error while reading claim values for %s", str2), e);
                    }
                } else if ("exp".equals(str)) {
                    builder.expirationTime(new Date(Long.valueOf(populateStandardClaims.get(str)).longValue()));
                } else if (APIConstants.JwtTokenConstants.ISSUED_TIME.equals(str)) {
                    builder.issueTime(new Date(Long.valueOf(populateStandardClaims.get(str)).longValue()));
                } else {
                    builder.claim(str, str2);
                }
            }
            builder.jwtID(UUID.randomUUID().toString());
        }
        return builder.build().toJSONObject().toJSONString();
    }

    public byte[] signJWT(String str, String str2) throws JWTGeneratorException {
        try {
            return JWTUtil.signJwt(str, this.jwtIssuerConfigurationDto.getPrivateKey(), this.signatureAlgorithm);
        } catch (Exception e) {
            throw new JWTGeneratorException(e);
        }
    }

    public long getTTL() {
        if (this.jwtIssuerConfigurationDto.getTtl() != 0) {
            ttl = this.jwtIssuerConfigurationDto.getTtl();
        } else {
            Long l = 3600L;
            ttl = l.longValue();
        }
        return ttl;
    }

    protected String addCertToHeader() throws JWTGeneratorException {
        try {
            return JWTUtil.generateHeader(this.jwtIssuerConfigurationDto.getPublicCert(), this.signatureAlgorithm);
        } catch (Exception e) {
            throw new JWTGeneratorException("Error in obtaining keystore", e);
        }
    }
}
