package org.wso2.carbon.apimgt.impl.token;

import com.nimbusds.jwt.JWTClaimsSet;
import java.io.File;
import java.io.FileInputStream;
import java.nio.charset.Charset;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.util.Base64;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONObject;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.dto.JwtTokenInfoDTO;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.base.api.ServerConfigurationService;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;

/* loaded from: input_file:org/wso2/carbon/apimgt/impl/token/DefaultApiKeyGenerator.class */
public class DefaultApiKeyGenerator implements ApiKeyGenerator {
    private static final Log log = LogFactory.getLog(DefaultApiKeyGenerator.class);

    @Override // org.wso2.carbon.apimgt.impl.token.ApiKeyGenerator
    public String generateToken(JwtTokenInfoDTO jwtTokenInfoDTO) throws APIManagementException {
        String buildHeader = buildHeader();
        String encode = buildHeader != null ? encode(buildHeader.getBytes(Charset.defaultCharset())) : "";
        String buildBody = buildBody(jwtTokenInfoDTO);
        String encode2 = buildBody != null ? encode(buildBody.getBytes()) : "";
        byte[] buildSignature = buildSignature(encode + '.' + encode2);
        if (log.isDebugEnabled()) {
            log.debug("signed assertion value : " + new String(buildSignature, Charset.defaultCharset()));
        }
        return encode + '.' + encode2 + '.' + encode(buildSignature);
    }

    protected String buildBody(JwtTokenInfoDTO jwtTokenInfoDTO) {
        long seconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
        long expirationTime = (jwtTokenInfoDTO.getExpirationTime() == -1 || jwtTokenInfoDTO.getExpirationTime() > 2147483647L - seconds) ? -1L : seconds + jwtTokenInfoDTO.getExpirationTime();
        String openIDConnectIDTokenIssuerIdentifier = OAuthServerConfiguration.getInstance().getOpenIDConnectIDTokenIssuerIdentifier();
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        builder.claim(APIConstants.JwtTokenConstants.END_USERNAME, APIUtil.getUserNameWithTenantSuffix(jwtTokenInfoDTO.getEndUserName()));
        builder.claim(APIConstants.JwtTokenConstants.JWT_ID, UUID.randomUUID().toString());
        builder.claim(APIConstants.JwtTokenConstants.ISSUER_IDENTIFIER, openIDConnectIDTokenIssuerIdentifier);
        builder.claim(APIConstants.JwtTokenConstants.ISSUED_TIME, Long.valueOf(seconds));
        if (expirationTime != -1) {
            builder.claim("exp", Long.valueOf(expirationTime));
        }
        builder.claim(APIConstants.JwtTokenConstants.SUBSCRIBED_APIS, jwtTokenInfoDTO.getSubscribedApiDTOList());
        builder.claim(APIConstants.JwtTokenConstants.TIER_INFO, jwtTokenInfoDTO.getSubscriptionPolicyDTOList());
        builder.claim("application", jwtTokenInfoDTO.getApplication());
        builder.claim(APIConstants.JwtTokenConstants.KEY_TYPE, jwtTokenInfoDTO.getKeyType());
        builder.claim("token_type", APIConstants.JwtTokenConstants.API_KEY_TOKEN_TYPE);
        if (jwtTokenInfoDTO.getPermittedIP() != null) {
            builder.claim(APIConstants.JwtTokenConstants.PERMITTED_IP, jwtTokenInfoDTO.getPermittedIP());
        }
        if (jwtTokenInfoDTO.getPermittedReferer() != null) {
            builder.claim(APIConstants.JwtTokenConstants.PERMITTED_REFERER, jwtTokenInfoDTO.getPermittedReferer());
        }
        return builder.build().toJSONObject().toJSONString();
    }

    protected String buildHeader() throws APIManagementException {
        try {
            JSONObject jSONObject = new JSONObject(APIUtil.generateHeader(KeyStoreManager.getInstance(-1234).getDefaultPrimaryCertificate(), APIConstants.SIGNATURE_ALGORITHM_SHA256_WITH_RSA));
            jSONObject.put("kid", APIUtil.getApiKeyAlias());
            return jSONObject.toString();
        } catch (Exception e) {
            throw new APIManagementException("Error while building Api key header", e);
        }
    }

    protected byte[] buildSignature(String str) throws APIManagementException {
        PrivateKey privateKey = null;
        KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(-1234);
        try {
            ServerConfigurationService serverConfigService = keyStoreManager.getServerConfigService();
            String apiKeySignKeyStoreName = APIUtil.getApiKeySignKeyStoreName();
            String firstProperty = serverConfigService.getFirstProperty(APIConstants.KeyStoreManagement.SERVER_APIKEYSIGN_PRIVATE_KEY_PASSWORD.replaceFirst(APIConstants.KeyStoreManagement.KeyStoreName, apiKeySignKeyStoreName));
            String firstProperty2 = serverConfigService.getFirstProperty(APIConstants.KeyStoreManagement.SERVER_APIKEYSIGN_KEYSTORE_KEY_ALIAS.replaceFirst(APIConstants.KeyStoreManagement.KeyStoreName, apiKeySignKeyStoreName));
            KeyStore apiKeySignKeyStore = getApiKeySignKeyStore(keyStoreManager);
            if (apiKeySignKeyStore != null) {
                privateKey = (PrivateKey) apiKeySignKeyStore.getKey(firstProperty2, firstProperty.toCharArray());
            }
            return APIUtil.signJwt(str, privateKey, APIConstants.SIGNATURE_ALGORITHM_SHA256_WITH_RSA);
        } catch (Exception e) {
            throw new APIManagementException("Error while signing Api Key", e);
        }
    }

    private KeyStore getApiKeySignKeyStore(KeyStoreManager keyStoreManager) throws Exception {
        ServerConfigurationService serverConfigService = keyStoreManager.getServerConfigService();
        String apiKeySignKeyStoreName = APIUtil.getApiKeySignKeyStoreName();
        if (serverConfigService.getFirstProperty(APIConstants.KeyStoreManagement.SERVER_APIKEYSIGN_KEYSTORE_FILE.replaceFirst(APIConstants.KeyStoreManagement.KeyStoreName, apiKeySignKeyStoreName)) == null) {
            return null;
        }
        String absolutePath = new File(serverConfigService.getFirstProperty(APIConstants.KeyStoreManagement.SERVER_APIKEYSIGN_KEYSTORE_FILE.replaceFirst(APIConstants.KeyStoreManagement.KeyStoreName, apiKeySignKeyStoreName))).getAbsolutePath();
        KeyStore keyStore = KeyStore.getInstance(serverConfigService.getFirstProperty(APIConstants.KeyStoreManagement.SERVER_APIKEYSIGN_KEYSTORE_TYPE.replaceFirst(APIConstants.KeyStoreManagement.KeyStoreName, apiKeySignKeyStoreName)));
        String firstProperty = serverConfigService.getFirstProperty(APIConstants.KeyStoreManagement.SERVER_APIKEYSIGN_KEYSTORE_PASSWORD.replaceFirst(APIConstants.KeyStoreManagement.KeyStoreName, apiKeySignKeyStoreName));
        FileInputStream fileInputStream = new FileInputStream(absolutePath);
        try {
            keyStore.load(fileInputStream, firstProperty.toCharArray());
            fileInputStream.close();
            return keyStore;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static String encode(byte[] bArr) throws APIManagementException {
        try {
            return Base64.getUrlEncoder().encodeToString(bArr);
        } catch (Exception e) {
            throw new APIManagementException("Error while encoding the Api Key ", e);
        }
    }
}
