package io.smallrye.jwt.build.impl;

import io.smallrye.jwt.KeyUtils;
import io.smallrye.jwt.algorithm.SignatureAlgorithm;
import io.smallrye.jwt.build.JwtException;
import io.smallrye.jwt.build.JwtSignatureException;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.Key;
import java.security.PrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.stream.Collectors;
import javax.crypto.SecretKey;
import org.eclipse.microprofile.config.ConfigProvider;
import org.eclipse.microprofile.jwt.Claims;
import org.jose4j.json.JsonUtil;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;

/* loaded from: input_file:wildfly.zip:modules/system/layers/base/io/smallrye/jwt/main/smallrye-jwt-2.0.13.jar:io/smallrye/jwt/build/impl/JwtSigningUtils.class */
public class JwtSigningUtils {
    private JwtSigningUtils() {
    }

    public static String signWithPemKey(String str, String str2) {
        return signWithPemKey(str, (String) null, str2);
    }

    public static String signWithPemKey(String str, String str2, String str3) {
        return signWithPemKey(str, kidToMap(str2), str3);
    }

    public static String signWithPemKey(String str, Map<String, Object> map, String str2) {
        return readClaimsAndSign(readPrivatePemKey(str), map, str2);
    }

    public static String signWithPemKey(String str, Map<String, Object> map) {
        return signWithPemKey(str, (String) null, map);
    }

    public static String signWithPemKey(String str, String str2, Map<String, Object> map) {
        return signWithPemKey(str, kidToMap(str2), map);
    }

    public static String signWithPemKey(String str, Map<String, Object> map, Map<String, Object> map2) {
        return convertToClaimsAndSign(readPrivatePemKey(str), map, map2);
    }

    public static String signWithJwk(String str, String str2) {
        return signWithJwk(str, (Map<String, Object>) Collections.emptyMap(), str2);
    }

    public static String signWithJwk(String str, Map<String, Object> map, String str2) {
        return readClaimsAndSignWithJwk(createJsonWebKey(readJsonContent(str)), map, str2);
    }

    public static String signWithJwk(String str, Map<String, Object> map) {
        return signWithJwk(str, (Map<String, Object>) Collections.emptyMap(), map);
    }

    public static String signWithJwk(String str, Map<String, Object> map, Map<String, Object> map2) {
        return convertToClaimsAndSignWithJwk(createJsonWebKey(readJsonContent(str)), map, map2);
    }

    public static String signWithJwkFromSet(String str, String str2, String str3) {
        return signWithJwkFromSet(str, kidToMap(str2), str3);
    }

    public static String signWithJwkFromSet(String str, Map<String, Object> map, String str2) {
        return readClaimsAndSignWithJwk(findJsonWebKeyInSet(readJsonContent(str), (String) map.get("kid")), map, str2);
    }

    public static String signWithJwkFromSet(String str, String str2, Map<String, Object> map) {
        return signWithJwkFromSet(str, kidToMap(str2), map);
    }

    public static String signWithJwkFromSet(String str, Map<String, Object> map, Map<String, Object> map2) {
        return convertToClaimsAndSignWithJwk(findJsonWebKeyInSet(readJsonContent(str), (String) map.get("kid")), map, map2);
    }

    public static String signWithPrivateKey(PrivateKey privateKey, String str) {
        return signWithPrivateKey(privateKey, (String) null, str);
    }

    public static String signWithPrivateKey(PrivateKey privateKey, String str, String str2) {
        return signWithPrivateKey(privateKey, kidToMap(str), str2);
    }

    public static String signWithPrivateKey(PrivateKey privateKey, Map<String, Object> map, String str) {
        return readClaimsAndSign(privateKey, map, str);
    }

    public static String signWithPrivateKey(PrivateKey privateKey, Map<String, Object> map) {
        return signWithPrivateKey(privateKey, (String) null, map);
    }

    public static String signWithPrivateKey(PrivateKey privateKey, String str, Map<String, Object> map) {
        return signWithPrivateKey(privateKey, kidToMap(str), map);
    }

    public static String signWithPrivateKey(PrivateKey privateKey, Map<String, Object> map, Map<String, Object> map2) {
        return convertToClaimsAndSign(privateKey, map, map2);
    }

    public static String signWithSecretKey(SecretKey secretKey, Map<String, Object> map) {
        return signWithSecretKey(secretKey, (String) null, map);
    }

    public static String signWithSecretKey(SecretKey secretKey, String str, Map<String, Object> map) {
        return signWithSecretKey(secretKey, kidToMap(str), map);
    }

    public static String signWithSecretKey(SecretKey secretKey, Map<String, Object> map, Map<String, Object> map2) {
        return convertToClaimsAndSign(secretKey, map, map2);
    }

    public static String signWithSecretKey(SecretKey secretKey, String str) {
        return signWithSecretKey(secretKey, (String) null, str);
    }

    public static String signWithSecretKey(SecretKey secretKey, String str, String str2) {
        return signWithSecretKey(secretKey, kidToMap(str), str2);
    }

    public static String signWithSecretKey(SecretKey secretKey, Map<String, Object> map, String str) {
        return readClaimsAndSign(secretKey, map, str);
    }

    public static String sign(Map<String, Object> map) {
        return sign((String) null, map);
    }

    public static String sign(String str, Map<String, Object> map) {
        return sign(kidToMap(str), map);
    }

    public static String sign(Map<String, Object> map, Map<String, Object> map2) {
        return convertToClaimsAndSign(getSigningKeyFromConfig((String) map.get("kid")), map, map2);
    }

    static String readClaimsAndSign(Key key, Map<String, Object> map, String str) {
        return signJwtClaimsInternal(key, map, parseJwtClaims(str));
    }

    static String convertToClaimsAndSign(Key key, Map<String, Object> map, Map<String, Object> map2) {
        return signJwtClaimsInternal(key, map, convertToClaims(map2));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String signJwtClaimsInternal(Map<String, Object> map, JwtClaims jwtClaims) {
        return signJwtClaimsInternal("none".equals(map.get("alg")) ? null : getSigningKeyFromConfig((String) map.get("kid")), map, jwtClaims);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String signJwtClaimsInternal(Key key, Map<String, Object> map, JwtClaims jwtClaims) {
        setDefaultJwtClaims(jwtClaims);
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            jsonWebSignature.setHeader(entry.getKey(), entry.getValue());
        }
        if (!map.containsKey("typ")) {
            jsonWebSignature.setHeader("typ", "JWT");
        }
        String str = (String) map.get("alg");
        if (str == null) {
            str = keyAlgorithm(map, key);
            jsonWebSignature.setAlgorithmHeaderValue(str);
        }
        if ("none".equals(str)) {
            jsonWebSignature.setAlgorithmConstraints(AlgorithmConstraints.ALLOW_ONLY_NONE);
        }
        jsonWebSignature.setPayload(jwtClaims.toJson());
        if ((key instanceof RSAPrivateKey) && str.startsWith("RS") && ((RSAPrivateKey) key).getModulus().bitLength() < 2048) {
            throw new JwtSignatureException("A key of size 2048 bits or larger MUST be used with the '" + str + "' algorithm");
        }
        jsonWebSignature.setKey(key);
        try {
            return jsonWebSignature.getCompactSerialization();
        } catch (Exception e) {
            throw new JwtSignatureException("Failure to create a signed JWT token: " + e, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setDefaultJwtClaims(JwtClaims jwtClaims) {
        long currentTimeInSecs = currentTimeInSecs();
        if (!jwtClaims.hasClaim(Claims.iat.name())) {
            jwtClaims.setIssuedAt(NumericDate.fromSeconds(currentTimeInSecs));
        }
        if (!jwtClaims.hasClaim(Claims.exp.name())) {
            jwtClaims.setExpirationTime(NumericDate.fromSeconds(currentTimeInSecs() + 300));
        }
        if (jwtClaims.hasClaim(Claims.jti.name())) {
            return;
        }
        jwtClaims.setGeneratedJwtId();
    }

    static String readClaimsAndSignWithJwk(JsonWebKey jsonWebKey, Map<String, Object> map, String str) {
        return signJwtClaimsWithJwkInternal(jsonWebKey, map, parseJwtClaims(str));
    }

    static String convertToClaimsAndSignWithJwk(JsonWebKey jsonWebKey, Map<String, Object> map, Map<String, Object> map2) {
        return signJwtClaimsWithJwkInternal(jsonWebKey, map, convertToClaims(map2));
    }

    static String signJwtClaimsWithJwkInternal(JsonWebKey jsonWebKey, Map<String, Object> map, JwtClaims jwtClaims) {
        Key key = jsonWebKey.getKey();
        if (!(key instanceof PrivateKey) && !(key instanceof SecretKey)) {
            throw new IllegalArgumentException("Only PrivateKey or SecretKey can be be used to sign a token");
        }
        HashMap hashMap = new HashMap();
        hashMap.putAll(map);
        if (!hashMap.containsKey("kid") && jsonWebKey.getKeyId() != null) {
            hashMap.put("kid", jsonWebKey.getKeyId());
        }
        if (!hashMap.containsKey("alg") && jsonWebKey.getAlgorithm() != null) {
            hashMap.put("alg", jsonWebKey.getAlgorithm());
        }
        String str = (String) hashMap.get("alg");
        if ((!(key instanceof SecretKey) || str.startsWith("HS")) && ((!(key instanceof RSAPrivateKey) || str.startsWith("RS")) && (!(key instanceof ECPrivateKey) || str.startsWith("ES")))) {
            return signJwtClaimsInternal(key, hashMap, jwtClaims);
        }
        throw new IllegalArgumentException("JWK algorithm 'alg' value does not match a key type");
    }

    static String keyAlgorithm(Map<String, Object> map, Key key) {
        String str = (String) map.get("alg");
        if (key instanceof RSAPrivateKey) {
            if (str == null) {
                return SignatureAlgorithm.RS256.name();
            }
            if (str.startsWith("RS")) {
                return str;
            }
        } else if (key instanceof ECPrivateKey) {
            if (str == null) {
                return SignatureAlgorithm.ES256.name();
            }
            if (str.startsWith("ES")) {
                return str;
            }
        } else if (key instanceof SecretKey) {
            if (str == null) {
                return SignatureAlgorithm.HS256.name();
            }
            if (str.startsWith("HS")) {
                return str;
            }
        }
        throw new IllegalArgumentException("Unsupported signature algorithm: " + key.getAlgorithm());
    }

    static String readJsonContent(String str) {
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(JwtSigningUtils.class.getResourceAsStream(str)));
            Throwable th = null;
            try {
                try {
                    String str2 = (String) bufferedReader.lines().collect(Collectors.joining("\n"));
                    if (bufferedReader != null) {
                        if (0 != 0) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    return str2;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new JwtException("Failure to read the json content:" + e, e);
        }
    }

    static JwtClaims convertToClaims(Map<String, Object> map) {
        JwtClaims jwtClaims = new JwtClaims();
        convertToClaims(jwtClaims, map);
        return jwtClaims;
    }

    static void convertToClaims(JwtClaims jwtClaims, Map<String, Object> map) {
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            jwtClaims.setClaim(entry.getKey(), entry.getValue());
        }
    }

    static int currentTimeInSecs() {
        return (int) (System.currentTimeMillis() / 1000);
    }

    static JsonWebKey createJsonWebKey(String str) {
        try {
            return JsonWebKey.Factory.newJwk(JsonUtil.parseJson(str));
        } catch (Exception e) {
            throw new JwtException("Failure to parse JWK:" + e, e);
        }
    }

    static JsonWebKey findJsonWebKeyInSet(String str, String str2) {
        try {
            JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(str);
            if (str2 == null) {
                if (jsonWebKeySet.getJsonWebKeys().size() == 1) {
                    return jsonWebKeySet.getJsonWebKeys().get(0);
                }
                throw new IllegalArgumentException("Key id 'kid' header value must be provided");
            }
            JsonWebKey findJsonWebKey = jsonWebKeySet.findJsonWebKey(str2, null, null, null);
            if (findJsonWebKey == null) {
                throw new IllegalArgumentException("JWK set has no key with a key id 'kid' header '" + str2 + "'");
            }
            return findJsonWebKey;
        } catch (Exception e) {
            throw new JwtException("Failure to parse JWK Set:" + e, e);
        }
    }

    static Map<String, Object> kidToMap(String str) {
        return str == null ? Collections.emptyMap() : Collections.singletonMap("kid", str);
    }

    static Key getSigningKeyFromConfig(String str) {
        try {
            String str2 = (String) ConfigProvider.getConfig().getValue("smallrye.jwt.sign.key-location", String.class);
            try {
                return KeyUtils.readSigningKey(str2, str);
            } catch (Exception e) {
                throw new IllegalArgumentException("Signing key can not be loaded from: " + str2);
            }
        } catch (NoSuchElementException e2) {
            throw new IllegalArgumentException("Please set a 'smallrye.jwt.sign.key-location' property");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JwtClaims parseJwtClaims(String str) {
        try {
            return JwtClaims.parse(readJsonContent(str));
        } catch (Exception e) {
            throw new JwtException("Failure to parse the JWT claims:" + e, e);
        }
    }

    static Key readPrivatePemKey(String str) {
        try {
            return KeyUtils.readPrivateKey(str);
        } catch (Exception e) {
            throw new JwtException("Failure to read the private key:" + e, e);
        }
    }
}
