package org.trellisldp.auth.oauth;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.security.Keys;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/trellisldp/auth/oauth/OAuthUtils.class */
public final class OAuthUtils {
    public static final String WEBID = "webid";
    public static final String WEBSITE = "website";
    private static final Logger LOGGER = LoggerFactory.getLogger(OAuthUtils.class);

    public static Optional<Principal> withWebIdClaim(Claims claims) {
        return Optional.ofNullable(claims.get(WEBID, String.class)).map(str -> {
            LOGGER.debug("Using JWT claim with webid: {}", str);
            return new OAuthPrincipal(str);
        });
    }

    public static Optional<Principal> withSubjectClaim(Claims claims) {
        return Optional.ofNullable(claims.getSubject()).flatMap(str -> {
            if (isUrl(str)) {
                LOGGER.debug("Using JWT claim with sub: {}", str);
                return Optional.of(str).map(OAuthPrincipal::new);
            }
            String issuer = claims.getIssuer();
            if (Objects.nonNull(issuer) && isUrl(issuer)) {
                String str = issuer.endsWith("/") ? issuer + str : issuer + "/" + str;
                LOGGER.debug("Using JWT claim with generated webid: {}", str);
                return Optional.of(str).map(OAuthPrincipal::new);
            }
            if (!claims.containsKey(WEBSITE)) {
                return Optional.empty();
            }
            String str2 = (String) claims.get(WEBSITE, String.class);
            LOGGER.debug("Using JWT claim with website: {}", str2);
            return Optional.ofNullable(str2).map(OAuthPrincipal::new);
        });
    }

    public static Authenticator buildAuthenticatorWithJwk(String str) {
        return (Authenticator) Optional.ofNullable(str).filter(OAuthUtils::isUrl).map(JwksAuthenticator::new).orElse(null);
    }

    public static Optional<Key> buildRSAPublicKey(String str, BigInteger bigInteger, BigInteger bigInteger2) {
        try {
            return Optional.of(KeyFactory.getInstance(str).generatePublic(new RSAPublicKeySpec(bigInteger, bigInteger2)));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            LOGGER.error("Error generating RSA Key from JWKS entry", e);
            return Optional.empty();
        }
    }

    public static Authenticator buildAuthenticatorWithSharedSecret(String str) {
        return (Authenticator) Optional.ofNullable(str).filter(str2 -> {
            return !str2.isEmpty();
        }).map(str3 -> {
            return Keys.hmacShaKeyFor(str3.getBytes(StandardCharsets.UTF_8));
        }).map((v1) -> {
            return new JwtAuthenticator(v1);
        }).orElse(null);
    }

    public static Authenticator buildAuthenticatorWithTruststore(String str, char[] cArr, List<String> list) {
        return (Authenticator) Optional.ofNullable(str).map(File::new).filter((v0) -> {
            return v0.exists();
        }).flatMap(file -> {
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                Throwable th = null;
                try {
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(fileInputStream, cArr);
                    List<String> filterKeyIds = filterKeyIds(keyStore, list);
                    switch (filterKeyIds.size()) {
                        case 0:
                            LOGGER.warn("No valid key ids provided! Skipping keystore: {}", str);
                            Optional empty = Optional.empty();
                            if (fileInputStream != null) {
                                if (0 != 0) {
                                    try {
                                        fileInputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    fileInputStream.close();
                                }
                            }
                            return empty;
                        case 1:
                            Optional of = Optional.of(new JwtAuthenticator(keyStore.getCertificate(filterKeyIds.get(0)).getPublicKey()));
                            if (fileInputStream != null) {
                                if (0 != 0) {
                                    try {
                                        fileInputStream.close();
                                    } catch (Throwable th3) {
                                        th.addSuppressed(th3);
                                    }
                                } else {
                                    fileInputStream.close();
                                }
                            }
                            return of;
                        default:
                            Optional of2 = Optional.of(new FederatedJwtAuthenticator(keyStore, filterKeyIds));
                            if (fileInputStream != null) {
                                if (0 != 0) {
                                    try {
                                        fileInputStream.close();
                                    } catch (Throwable th4) {
                                        th.addSuppressed(th4);
                                    }
                                } else {
                                    fileInputStream.close();
                                }
                            }
                            return of2;
                    }
                } catch (Throwable th5) {
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th6) {
                                th.addSuppressed(th6);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    throw th5;
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                LOGGER.error("Error reading keystore: {}", e.getMessage());
                LOGGER.warn("Ignoring JWT authenticator with keystore: {}", str);
                return Optional.empty();
            }
            LOGGER.error("Error reading keystore: {}", e.getMessage());
            LOGGER.warn("Ignoring JWT authenticator with keystore: {}", str);
            return Optional.empty();
        }).orElse(null);
    }

    private static List<String> filterKeyIds(KeyStore keyStore, List<String> list) throws KeyStoreException {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String trim = it.next().trim();
            if (keyStore.containsAlias(trim)) {
                arrayList.add(trim);
            }
        }
        return arrayList;
    }

    private static boolean isUrl(String str) {
        return str.startsWith("http://") || str.startsWith("https://");
    }

    private OAuthUtils() {
    }
}
