package org.id4me.agent;

import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.SignedJWT;
import java.security.interfaces.RSAPublicKey;
import java.util.UUID;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.lang.JoseException;
import org.json.JSONArray;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/id4me/agent/TokenHandler.class */
public class TokenHandler {
    private static final Logger log = LoggerFactory.getLogger(TokenHandler.class);
    private boolean isValidated = false;
    private SignedJWT signedToken = null;
    private JSONObject headerJson = null;
    private JSONObject payloadJson = null;
    private DataProvider data;

    public TokenHandler(String str) throws Exception {
        this.data = new DataProvider(str);
    }

    public DataProvider getDataProvider() {
        return this.data;
    }

    public JSONObject getHeader() {
        if (this.isValidated) {
            return this.headerJson;
        }
        return null;
    }

    public JSONObject getPayload() {
        if (this.isValidated) {
            return this.payloadJson;
        }
        return null;
    }

    public String createSignedToken(String str) throws Exception {
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setKey(this.data.getPemPrivateKey());
        jsonWebSignature.setAlgorithmHeaderValue("RS256");
        jsonWebSignature.setHeader("kid", this.data.getKid());
        jsonWebSignature.setPayload(str);
        String str2 = null;
        try {
            str2 = jsonWebSignature.getCompactSerialization();
        } catch (JoseException e) {
            e.printStackTrace();
        }
        return str2;
    }

    public String getTokenWithJwk(String str, String str2) throws Exception {
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setKey(this.data.getPemPrivateKey());
        jsonWebSignature.setAlgorithmHeaderValue("RS256");
        jsonWebSignature.setHeader("url", str);
        jsonWebSignature.setHeader("method", "POST");
        jsonWebSignature.getHeaders().setObjectHeaderValue("jwk", new RSAKey.Builder((RSAPublicKey) this.data.getPemPublicKey()).keyUse(KeyUse.SIGNATURE).keyID(UUID.randomUUID().toString()).build().toJSONObject());
        jsonWebSignature.setPayload(str2);
        String str3 = null;
        try {
            str3 = jsonWebSignature.getCompactSerialization();
        } catch (JoseException e) {
            e.printStackTrace();
        }
        return str3;
    }

    public String getIdToken(String str, String str2, String str3, String str4) throws Exception {
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setKey(this.data.getPemPrivateKey());
        jsonWebSignature.setAlgorithmHeaderValue("RS256");
        jsonWebSignature.setHeader("url", str);
        jsonWebSignature.setHeader("method", str2);
        jsonWebSignature.setHeader("kid", str3);
        jsonWebSignature.setPayload(str4);
        log.info(jsonWebSignature.toString());
        String str5 = null;
        try {
            str5 = jsonWebSignature.getCompactSerialization();
        } catch (JoseException e) {
            e.printStackTrace();
        }
        return str5;
    }

    public JSONObject generateJwks() throws Exception {
        RSAKey build = new RSAKey.Builder((RSAPublicKey) this.data.getPemPublicKey()).keyUse(KeyUse.SIGNATURE).keyID(UUID.randomUUID().toString()).build();
        JSONObject jSONObject = new JSONObject();
        JSONArray jSONArray = new JSONArray();
        JSONObject jSONObject2 = new JSONObject(build.toJSONString());
        jSONObject2.remove("use");
        jSONArray.put(jSONObject2);
        jSONObject.put("keys", jSONArray);
        return jSONObject;
    }

    private JSONObject fetchJwtsData(String str) throws Exception {
        return new JSONObject(this.data.fetchUrl(str));
    }

    private JSONObject fetchWellKnownData(String str) throws Exception {
        String fetchUrl = this.data.fetchUrl(str + "/.well-known/openid-configuration");
        log.info("fetchWellKnownData(), config: " + fetchUrl);
        return new JSONObject(fetchUrl);
    }

    public void valiateToken() throws Exception {
        log.info("valiateToken(), PAYLOAD: " + this.payloadJson.toString());
        String string = this.payloadJson.getString("iss");
        log.info("valiateToken(), ISS: " + string);
        JSONObject fetchJwtsData = fetchJwtsData(fetchWellKnownData(string).getString("jwks_uri"));
        log.debug("SIGNED TOKEN: " + this.signedToken.getParsedString());
        validateSignedToken(fetchJwtsData, this.signedToken);
        this.isValidated = true;
    }

    public void parseToken(String str) throws Exception {
        log.info("parseToken(), TOKEN: " + str);
        this.signedToken = JWTParser.parse(str);
        this.headerJson = new JSONObject(this.signedToken.getHeader().toString());
        this.payloadJson = new JSONObject(this.signedToken.getPayload().toString());
        log.debug("HEADER: " + this.headerJson.toString(2));
        log.debug("PAYLOAD: " + this.payloadJson.toString(2));
    }

    private void validateSignedToken(JSONObject jSONObject, SignedJWT signedJWT) throws Exception {
        log.debug("Validate signed token:          {}", signedJWT.toString());
        String str = null;
        if (this.headerJson.has("kid")) {
            str = this.headerJson.getString("kid");
        }
        if (!this.headerJson.has("alg")) {
            throw new Exception("Field alg missing in token payload!");
        }
        String string = this.headerJson.getString("alg");
        if (!string.equalsIgnoreCase("RS256")) {
            throw new Exception("JWTS signature algorithm mismatch, expected RS256, found " + string);
        }
        validateTokenSignature(jSONObject, signedJWT, str, string);
    }

    private void validateTokenSignature(JSONObject jSONObject, SignedJWT signedJWT, String str, String str2) throws Exception {
        JSONArray jSONArray = jSONObject.getJSONArray("keys");
        if (jSONArray == null || jSONArray.length() <= 0) {
            throw new IllegalArgumentException("Error on validating the token, keys == NULL");
        }
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject2 = jSONArray.getJSONObject(i);
            String string = jSONObject2.getString("kid");
            log.debug("Validating token signature: kid: {}", string);
            if (str == null || string.equals(str)) {
                String upperCase = str2.toUpperCase();
                boolean z = -1;
                switch (upperCase.hashCode()) {
                    case 78251122:
                        if (upperCase.equals("RS256")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        if (!signedJWT.verify(new RSASSAVerifier((RSAPublicKey) RSAKey.parse(jSONObject2.toString()).toPublicKey()))) {
                            throw new Exception("Error on validating the token signature, kid=RS256, alg=RSA");
                        }
                        log.debug("Validating token signature: token RS256 signature valid");
                        return;
                    default:
                        throw new IllegalArgumentException("Unhandled value for header_alg: " + str2);
                }
            }
        }
        throw new Exception("No valid public key for token validation found!");
    }
}
