package com.predic8.membrane.core.interceptor.oauth2.tokengenerators;

import com.predic8.membrane.core.http.Request;
import com.predic8.membrane.core.interceptor.oauth2.authorizationservice.AuthorizationService;
import java.math.BigInteger;
import java.security.Key;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
import org.jose4j.jwk.HttpsJwks;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jwk.RsaJwkGenerator;
import org.jose4j.jwk.Use;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.jose4j.keys.resolvers.HttpsJwksVerificationKeyResolver;
import org.jose4j.keys.resolvers.JwksVerificationKeyResolver;
import org.jose4j.keys.resolvers.VerificationKeyResolver;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-6.0.1.jar:com/predic8/membrane/core/interceptor/oauth2/tokengenerators/JwtGenerator.class */
public class JwtGenerator {
    private SecureRandom random = new SecureRandom();
    private RsaJsonWebKey rsaJsonWebKey = RsaJwkGenerator.generateJwk(2048);

    /* loaded from: input_file:WEB-INF/lib/service-proxy-core-6.0.1.jar:com/predic8/membrane/core/interceptor/oauth2/tokengenerators/JwtGenerator$Claim.class */
    public static class Claim {
        private String name;
        private String value;

        public Claim(String str, String str2) {
            setName(str);
            setValue(str2);
        }

        public String getName() {
            return this.name;
        }

        public void setName(String str) {
            this.name = str;
        }

        public String getValue() {
            return this.value;
        }

        public void setValue(String str) {
            this.value = str;
        }
    }

    public String getJwk() {
        return this.rsaJsonWebKey.toJson();
    }

    public JwtGenerator() throws JoseException {
        this.rsaJsonWebKey.setKeyId(new BigInteger(130, this.random).toString(32));
        this.rsaJsonWebKey.setUse(Use.SIGNATURE);
        this.rsaJsonWebKey.setAlgorithm(AlgorithmIdentifiers.RSA_USING_SHA256);
    }

    public String getSignedIdToken(String str, String str2, String str3, int i, Claim... claimArr) throws JoseException {
        return getSignedToken(addNonDefaultClaims(getDefaultClaims(str, str2, str3, i), claimArr));
    }

    private String getSignedToken(JwtClaims jwtClaims) throws JoseException {
        return prepareClaimsSigning(jwtClaims).getCompactSerialization();
    }

    private JsonWebSignature prepareClaimsSigning(JwtClaims jwtClaims) {
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(jwtClaims.toJson());
        jsonWebSignature.setKey(this.rsaJsonWebKey.getPrivateKey());
        jsonWebSignature.setKeyIdHeaderValue(this.rsaJsonWebKey.getKeyId());
        jsonWebSignature.setHeader("typ", "JWT");
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
        return jsonWebSignature;
    }

    private JwtClaims addNonDefaultClaims(JwtClaims jwtClaims, Claim[] claimArr) {
        for (Claim claim : claimArr) {
            jwtClaims.setClaim(claim.getName(), claim.getValue());
        }
        return jwtClaims;
    }

    private JwtClaims getDefaultClaims(String str, String str2, String str3, float f) {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setIssuer(str);
        jwtClaims.setSubject(str2);
        jwtClaims.setAudience(str3);
        jwtClaims.setExpirationTimeMinutesInTheFuture(f / 60.0f);
        jwtClaims.setIssuedAtToNow();
        jwtClaims.setGeneratedJwtId();
        jwtClaims.setNotBeforeMinutesInThePast(2.0f);
        return jwtClaims;
    }

    public List<Claim> getClaimsFromSignedIdToken(String str, String str2, String str3) throws InvalidJwtException {
        ArrayList arrayList = new ArrayList();
        JwtClaims processIdTokenToClaims = processIdTokenToClaims(str, str2, str3);
        for (String str4 : processIdTokenToClaims.getClaimsMap().keySet()) {
            arrayList.add(new Claim(str4, String.valueOf(processIdTokenToClaims.getClaimValue(str4))));
        }
        return arrayList;
    }

    public static List<Claim> getClaimsFromSignedIdToken(String str, String str2, String str3, Key key) throws InvalidJwtException {
        return getClaimsFromClaimsMap(processIdTokenToClaims(str, str2, str3, key));
    }

    public static List<Claim> getClaimsFromSignedIdToken(String str, String str2, String str3, VerificationKeyResolver verificationKeyResolver) throws InvalidJwtException {
        return getClaimsFromClaimsMap(processIdTokenToClaims(str, str2, str3, verificationKeyResolver));
    }

    public static List<Claim> getClaimsFromSignedIdToken(String str, String str2, String str3, String str4) throws InvalidJwtException {
        return getClaimsFromClaimsMap(processIdTokenToClaims(str, str2, str3, new HttpsJwksVerificationKeyResolver(new HttpsJwks(str4))));
    }

    public static List<Claim> getClaimsFromSignedIdToken(String str, String str2, String str3, String str4, AuthorizationService authorizationService) throws Exception {
        return getClaimsFromClaimsMap(processIdTokenToClaims(str, str2, str3, new JwksVerificationKeyResolver(new JsonWebKeySet(authorizationService.doRequest(new Request.Builder().get(str4).buildExchange()).getBodyAsStringDecoded()).getJsonWebKeys())));
    }

    private static List<Claim> getClaimsFromClaimsMap(JwtClaims jwtClaims) {
        ArrayList arrayList = new ArrayList();
        for (String str : jwtClaims.getClaimsMap().keySet()) {
            arrayList.add(new Claim(str, String.valueOf(jwtClaims.getClaimValue(str))));
        }
        return arrayList;
    }

    private JwtClaims processIdTokenToClaims(String str, String str2, String str3) throws InvalidJwtException {
        return processIdTokenToClaims(str, str2, str3, this.rsaJsonWebKey.getKey());
    }

    private static JwtClaims processIdTokenToClaims(String str, String str2, String str3, Key key) throws InvalidJwtException {
        return new JwtConsumerBuilder().setRequireExpirationTime().setAllowedClockSkewInSeconds(30).setRequireSubject().setExpectedIssuer(str2).setExpectedAudience(str3).setVerificationKey(key).build().processToClaims(str);
    }

    private static JwtClaims processIdTokenToClaims(String str, String str2, String str3, VerificationKeyResolver verificationKeyResolver) throws InvalidJwtException {
        return new JwtConsumerBuilder().setRequireExpirationTime().setAllowedClockSkewInSeconds(30).setRequireSubject().setExpectedIssuer(str2).setExpectedAudience(str3).setVerificationKeyResolver(verificationKeyResolver).build().processToClaims(str);
    }
}
