package org.eclipse.microprofile.jwt.tck.util;

import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import net.minidev.json.JSONObject;
import net.minidev.json.parser.JSONParser;
import org.eclipse.microprofile.jwt.Claims;

/* loaded from: input_file:org/eclipse/microprofile/jwt/tck/util/TokenUtils.class */
public class TokenUtils {

    /* loaded from: input_file:org/eclipse/microprofile/jwt/tck/util/TokenUtils$InvalidClaims.class */
    public enum InvalidClaims {
        ISSUER,
        EXP,
        SIGNER,
        ALG
    }

    private TokenUtils() {
    }

    public static String generateTokenString(String str) throws Exception {
        return generateTokenString(str, Collections.emptySet());
    }

    public static String generateTokenString(String str, Set<InvalidClaims> set) throws Exception {
        return generateTokenString(str, set, null);
    }

    public static String generateTokenString(String str, Set<InvalidClaims> set, Map<String, Long> map) throws Exception {
        return generateTokenString(readPrivateKey("/privateKey.pem"), "/privateKey.pem", str, set, map);
    }

    public static String generateTokenString(PrivateKey privateKey, String str, String str2, Set<InvalidClaims> set, Map<String, Long> map) throws Exception {
        if (set == null) {
            set = Collections.emptySet();
        }
        byte[] bArr = new byte[4096];
        int read = TokenUtils.class.getResourceAsStream(str2).read(bArr);
        byte[] bArr2 = new byte[read];
        System.arraycopy(bArr, 0, bArr2, 0, read);
        JSONObject jSONObject = (JSONObject) new JSONParser(JSONParser.DEFAULT_PERMISSIVE_MODE).parse(bArr2);
        if (set.contains(InvalidClaims.ISSUER)) {
            jSONObject.put(Claims.iss.name(), "INVALID_ISSUER");
        }
        long currentTimeInSecs = currentTimeInSecs();
        long j = currentTimeInSecs + 300;
        long j2 = currentTimeInSecs;
        long j3 = currentTimeInSecs;
        boolean z = false;
        if (map != null && map.containsKey(Claims.exp.name())) {
            j = map.get(Claims.exp.name()).longValue();
            z = true;
        }
        if (z) {
            j2 = j - 5;
            j3 = j - 5;
        }
        jSONObject.put(Claims.iat.name(), Long.valueOf(j2));
        jSONObject.put(Claims.auth_time.name(), Long.valueOf(j3));
        if (!set.contains(InvalidClaims.EXP)) {
            jSONObject.put(Claims.exp.name(), Long.valueOf(j));
        }
        if (map != null) {
            map.put(Claims.iat.name(), Long.valueOf(j2));
            map.put(Claims.auth_time.name(), Long.valueOf(j3));
            map.put(Claims.exp.name(), Long.valueOf(j));
        }
        if (set.contains(InvalidClaims.SIGNER)) {
            privateKey = generateKeyPair(2048).getPrivate();
        }
        MACSigner rSASSASigner = new RSASSASigner(privateKey);
        JWTClaimsSet parse = JWTClaimsSet.parse(jSONObject);
        JWSAlgorithm jWSAlgorithm = JWSAlgorithm.RS256;
        if (set.contains(InvalidClaims.ALG)) {
            jWSAlgorithm = JWSAlgorithm.HS256;
            rSASSASigner = new MACSigner(BigInteger.probablePrime(256, new SecureRandom()).toByteArray());
        }
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(jWSAlgorithm).keyID(str).type(JOSEObjectType.JWT).build(), parse);
        signedJWT.sign(rSASSASigner);
        return signedJWT.serialize();
    }

    public static String readResource(String str) throws IOException {
        InputStream resourceAsStream = TokenUtils.class.getResourceAsStream(str);
        StringWriter stringWriter = new StringWriter();
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(resourceAsStream));
        Throwable th = null;
        try {
            try {
                for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                    stringWriter.write(readLine);
                    stringWriter.write(10);
                }
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                return stringWriter.toString();
            } finally {
            }
        } catch (Throwable th3) {
            if (bufferedReader != null) {
                if (th != null) {
                    try {
                        bufferedReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    bufferedReader.close();
                }
            }
            throw th3;
        }
    }

    public static PrivateKey readPrivateKey(String str) throws Exception {
        byte[] bArr = new byte[4096];
        return decodePrivateKey(new String(bArr, 0, TokenUtils.class.getResourceAsStream(str).read(bArr)));
    }

    public static PublicKey readPublicKey(String str) throws Exception {
        byte[] bArr = new byte[4096];
        return decodePublicKey(new String(bArr, 0, TokenUtils.class.getResourceAsStream(str).read(bArr)));
    }

    public static KeyPair generateKeyPair(int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(i);
        return keyPairGenerator.genKeyPair();
    }

    public static PrivateKey decodePrivateKey(String str) throws Exception {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(toEncodedBytes(str)));
    }

    public static PublicKey decodePublicKey(String str) throws Exception {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(toEncodedBytes(str)));
    }

    private static byte[] toEncodedBytes(String str) {
        return Base64.getDecoder().decode(removeBeginEnd(str));
    }

    private static String removeBeginEnd(String str) {
        return str.replaceAll("-----BEGIN (.*)-----", "").replaceAll("-----END (.*)----", "").replaceAll("\r\n", "").replaceAll("\n", "").trim();
    }

    public static int currentTimeInSecs() {
        return (int) (System.currentTimeMillis() / 1000);
    }
}
