package org.keycloak.util;

import java.io.IOException;
import java.security.Key;
import org.keycloak.OAuth2Constants;
import org.keycloak.jose.jwe.JWE;
import org.keycloak.jose.jwe.JWEConstants;
import org.keycloak.jose.jwe.JWEException;
import org.keycloak.jose.jwe.JWEHeader;
import org.keycloak.jose.jwe.JWEKeyStorage;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.JWSInputException;
import org.keycloak.representations.JsonWebToken;
import org.keycloak.representations.RefreshToken;

/* loaded from: input_file:BOOT-INF/lib/keycloak-core-3.4.3.Final.jar:org/keycloak/util/TokenUtil.class */
public class TokenUtil {
    public static final String TOKEN_TYPE_BEARER = "Bearer";
    public static final String TOKEN_TYPE_ID = "ID";
    public static final String TOKEN_TYPE_REFRESH = "Refresh";
    public static final String TOKEN_TYPE_OFFLINE = "Offline";

    public static String attachOIDCScope(String str) {
        return (str == null || str.isEmpty()) ? OAuth2Constants.SCOPE_OPENID : "openid " + str;
    }

    public static boolean isOIDCRequest(String str) {
        return hasScope(str, OAuth2Constants.SCOPE_OPENID);
    }

    public static boolean isOfflineTokenRequested(String str) {
        return hasScope(str, OAuth2Constants.OFFLINE_ACCESS);
    }

    public static boolean hasScope(String str, String str2) {
        if (str == null || str2 == null) {
            return false;
        }
        for (String str3 : str.split(" ")) {
            if (str2.equals(str3)) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasPrompt(String str, String str2) {
        if (str == null || str2 == null) {
            return false;
        }
        for (String str3 : str.split(" ")) {
            if (str2.equals(str3)) {
                return true;
            }
        }
        return false;
    }

    public static RefreshToken getRefreshToken(byte[] bArr) throws JWSInputException {
        try {
            return (RefreshToken) JsonSerialization.readValue(bArr, RefreshToken.class);
        } catch (IOException e) {
            throw new JWSInputException(e);
        }
    }

    public static RefreshToken getRefreshToken(String str) throws JWSInputException {
        return getRefreshToken(new JWSInput(str).getContent());
    }

    public static boolean isOfflineToken(String str) throws JWSInputException {
        return getRefreshToken(str).getType().equals(TOKEN_TYPE_OFFLINE);
    }

    public static String jweDirectEncode(Key key, Key key2, JsonWebToken jsonWebToken) throws JWEException {
        String str;
        switch (key.getEncoded().length) {
            case 16:
                str = JWEConstants.A128CBC_HS256;
                break;
            case 24:
                str = JWEConstants.A192CBC_HS384;
                break;
            case 32:
                str = JWEConstants.A256CBC_HS512;
                break;
            default:
                throw new IllegalArgumentException("Bad size for Encryption key: " + key + ". Valid sizes are 16, 24, 32.");
        }
        try {
            JWE content = new JWE().header(new JWEHeader("dir", str, null)).content(JsonSerialization.writeValueAsBytes(jsonWebToken));
            content.getKeyStorage().setCEKKey(key, JWEKeyStorage.KeyUse.ENCRYPTION).setCEKKey(key2, JWEKeyStorage.KeyUse.SIGNATURE);
            return content.encodeJwe();
        } catch (IOException e) {
            throw new JWEException(e);
        }
    }

    public static <T extends JsonWebToken> T jweDirectVerifyAndDecode(Key key, Key key2, String str, Class<T> cls) throws JWEException {
        JWE jwe = new JWE();
        jwe.getKeyStorage().setCEKKey(key, JWEKeyStorage.KeyUse.ENCRYPTION).setCEKKey(key2, JWEKeyStorage.KeyUse.SIGNATURE);
        jwe.verifyAndDecodeJwe(str);
        try {
            return (T) JsonSerialization.readValue(jwe.getContent(), cls);
        } catch (IOException e) {
            throw new JWEException(e);
        }
    }
}
