package oracle.security.restsec.jwt;

import java.io.IOException;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import oracle.security.crypto.token.Token;
import oracle.security.crypto.util.CryptoUtils;
import oracle.security.crypto.util.UnsyncByteArrayInputStream;
import oracle.security.crypto.util.Utils;
import org.codehaus.jackson.JsonGenerationException;
import org.codehaus.jackson.JsonParseException;
import org.codehaus.jackson.map.JsonMappingException;
import org.codehaus.jackson.map.ObjectMapper;

/* loaded from: input_file:oracle/security/restsec/jwt/JwtToken.class */
public class JwtToken implements Token {
    private static final String EXPIRATION_TIME = "exp";
    private static final String ALGORITHM = "alg";
    private static final String AUDIENCE = "aud";
    private static final String ISSUED_AT = "iat";
    private static final String ISSUER = "iss";
    private static final String JSON_KEY_URL = "jku";
    public static final String JWT = "JWT";
    public static final String JWT_URI = "http://openid.net/specs/jwt/1.0";
    private static final String KEY_ID = "kid";
    private static final String SUBJECT = "sub";
    private static final String PRINCIPAL = "prn";
    private static final String TYPE = "typ";
    private static final String x509CERT_THUMBPRINT = "x5t";
    private static final String X509URL = "x5u";
    private static final String x509CERT_CHAIN = "x5c";
    private static final String CONTENT_TYPE = "cty";
    private static final String CRITICAL = "crit";
    private static final String JWT_ID = "jti";
    private Map<String, Object> claimSegment;
    private Map<String, Object> headerSegment;
    private String decodedHeaderString;
    private String decodedClaimString;
    private String encodedClaimString;
    private String encodedHeaderString;
    private String encodedCryptoString;
    private static final ObjectMapper mapper = new ObjectMapper();
    private static final HashMap<String, String> algNameMap = new HashMap<>();

    /* loaded from: input_file:oracle/security/restsec/jwt/JwtToken$SIGN_ALGORITHM.class */
    public enum SIGN_ALGORITHM {
        none,
        RS256,
        RS384,
        RS512,
        ES256,
        ES384,
        ES512,
        HS256,
        HS384,
        HS512
    }

    public static byte[] fromBase64url(String str) {
        String replace = str.replace('-', '+').replace('_', '/');
        switch (replace.length() % 4) {
            case 0:
                break;
            case 1:
            default:
                throw new IllegalArgumentException("Illegal Base64url string!");
            case 2:
                replace = replace + "==";
                break;
            case 3:
                replace = replace + "=";
                break;
        }
        return Utils.fromBase64(replace);
    }

    public static String toBase64url(byte[] bArr) {
        return Utils.toBase64(bArr, false).split("=")[0].replace('+', '-').replace('/', '_');
    }

    public JwtToken() {
        this.claimSegment = new HashMap();
        this.headerSegment = new HashMap();
        setAlgorithm(SIGN_ALGORITHM.none.toString());
    }

    public JwtToken(String str) throws JwtException {
        this.claimSegment = new HashMap();
        this.headerSegment = new HashMap();
        String[] split = str.split("\\.");
        try {
            if (split.length != 3 && (!str.endsWith(".") || split.length != 2)) {
                throw new IllegalArgumentException("The JWT must contain two period (.) characters.");
            }
            this.encodedHeaderString = split[0];
            this.encodedClaimString = split[1];
            if (split.length == 2) {
                this.encodedCryptoString = "";
            } else {
                this.encodedCryptoString = split[2];
            }
            this.decodedHeaderString = new String(fromBase64url(split[0]), "UTF-8");
            this.decodedClaimString = new String(fromBase64url(split[1]), "UTF-8");
            try {
                this.headerSegment = (Map) mapper.readValue(this.decodedHeaderString, Map.class);
                this.claimSegment = (Map) mapper.readValue(this.decodedClaimString, Map.class);
            } catch (JsonParseException e) {
                throw new JwtException((Throwable) e);
            } catch (IOException e2) {
                throw new JwtException(e2);
            } catch (JsonMappingException e3) {
                throw new JwtException((Throwable) e3);
            }
        } catch (UnsupportedEncodingException e4) {
            throw new JwtException(e4);
        } catch (IllegalArgumentException e5) {
            throw new JwtException(e5);
        }
    }

    public String getAlgorithm() {
        return (String) this.headerSegment.get("alg");
    }

    public String getAudience() {
        if (!this.claimSegment.containsKey(AUDIENCE)) {
            return null;
        }
        Object obj = this.claimSegment.get(AUDIENCE);
        return obj instanceof String ? (String) obj : (String) ((ArrayList) obj).get(0);
    }

    public String[] getAudiences() {
        if (!this.claimSegment.containsKey(AUDIENCE)) {
            return null;
        }
        Object obj = this.claimSegment.get(AUDIENCE);
        if (obj instanceof String) {
            return new String[]{(String) obj};
        }
        ArrayList arrayList = (ArrayList) obj;
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public String getJwtID() {
        if (this.claimSegment.containsKey(JWT_ID)) {
            return (String) this.claimSegment.get(JWT_ID);
        }
        return null;
    }

    public Object getClaimParameter(String str) {
        return this.claimSegment.get(str);
    }

    public Map<String, Object> getClaimParameters() {
        return this.claimSegment;
    }

    public Date getExpiryTime() {
        Object obj = this.claimSegment.get(EXPIRATION_TIME);
        if (null == obj) {
            return null;
        }
        return new Date(getDate(obj));
    }

    public Object getHeaderParameter(String str) {
        return this.headerSegment.get(str);
    }

    public Map<String, Object> getHeaderParameters() {
        return this.headerSegment;
    }

    public String getIssuer() {
        return (String) this.claimSegment.get(ISSUER);
    }

    public Date getIssueTime() {
        Object obj = this.claimSegment.get(ISSUED_AT);
        if (null == obj) {
            return null;
        }
        return new Date(getDate(obj));
    }

    public URL getJsonKeyURL() throws MalformedURLException {
        String str = (String) this.headerSegment.get(JSON_KEY_URL);
        if (str == null || str.length() <= 0) {
            return null;
        }
        return new URL(str);
    }

    public String getKeyID() {
        return (String) this.headerSegment.get("kid");
    }

    public String getPrincipal() {
        return (String) this.claimSegment.get(PRINCIPAL);
    }

    public String getSubject() {
        if (this.claimSegment.containsKey(SUBJECT)) {
            return (String) this.claimSegment.get(SUBJECT);
        }
        return null;
    }

    public String getType() {
        return (String) this.headerSegment.get(TYPE);
    }

    public byte[] getX509CertThumbprint() {
        String str = (String) this.headerSegment.get("x5t");
        if (str == null || str.length() <= 0) {
            return null;
        }
        return fromBase64url(str);
    }

    public String[] getX509CertificateChain() {
        if (!this.headerSegment.containsKey("x5c")) {
            return null;
        }
        ArrayList arrayList = (ArrayList) this.headerSegment.get("x5c");
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public URL getX509URL() throws MalformedURLException {
        String str = (String) this.headerSegment.get("x5u");
        if (str == null || str.length() <= 0) {
            return null;
        }
        return new URL(str);
    }

    public String getContentType() {
        if (this.headerSegment.containsKey(CONTENT_TYPE)) {
            return (String) this.headerSegment.get(CONTENT_TYPE);
        }
        return null;
    }

    public String[] getCriticalHeader() {
        if (!this.headerSegment.containsKey(CRITICAL)) {
            return null;
        }
        ArrayList arrayList = (ArrayList) this.headerSegment.get(CRITICAL);
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private String parseToJSONBase64url(Map<String, Object> map) throws JwtException {
        StringWriter stringWriter = new StringWriter();
        try {
            mapper.writeValue(stringWriter, map);
            return toBase64url(stringWriter.toString().getBytes("UTF-8"));
        } catch (JsonGenerationException e) {
            throw new JwtException((Throwable) e);
        } catch (IOException e2) {
            throw new JwtException(e2);
        } catch (JsonMappingException e3) {
            throw new JwtException((Throwable) e3);
        }
    }

    public String serializeUnsigned() throws JwtException {
        return parseToJSONBase64url(this.headerSegment) + "." + parseToJSONBase64url(this.claimSegment) + ".";
    }

    public void setAlgorithm(String str) {
        this.headerSegment.put("alg", str);
    }

    public void setAudience(String str) {
        this.claimSegment.put(AUDIENCE, new String[]{str});
    }

    public void setAudiences(String[] strArr) {
        this.claimSegment.put(AUDIENCE, strArr);
    }

    public void setJwtID(String str) {
        this.claimSegment.put(JWT_ID, str);
    }

    public void setClaimParameter(String str, Object obj) {
        this.claimSegment.put(str, obj);
    }

    public void setExpiryTime(Date date) {
        this.claimSegment.put(EXPIRATION_TIME, Long.valueOf(date.getTime() / 1000));
    }

    public void setExpiryTimeInMS(Date date) {
        this.claimSegment.put(EXPIRATION_TIME, Long.valueOf(date.getTime()));
    }

    public void setHeaderParameter(String str, Object obj) {
        this.headerSegment.put(str, obj);
    }

    public void setIssuer(String str) {
        this.claimSegment.put(ISSUER, str);
    }

    public void setIssueTime(Date date) {
        this.claimSegment.put(ISSUED_AT, Long.valueOf(date.getTime() / 1000));
    }

    public void setIssueTimeInMS(Date date) {
        this.claimSegment.put(ISSUED_AT, Long.valueOf(date.getTime()));
    }

    public void setJsonKeyURL(URL url) {
        this.headerSegment.put(JSON_KEY_URL, url.toString());
    }

    public void setKeyID(String str) {
        this.headerSegment.put("kid", str);
    }

    public void setPrincipal(String str) {
        this.claimSegment.put(PRINCIPAL, str);
    }

    public void setSubject(String str) {
        this.claimSegment.put(SUBJECT, str);
    }

    public void setType(String str) {
        this.headerSegment.put(TYPE, str);
    }

    public void setX509CertThumbprint(X509Certificate x509Certificate) throws JwtException {
        try {
            byte[] digest = MessageDigest.getInstance("SHA-1").digest(x509Certificate.getEncoded());
            if (digest != null && digest.length > 0) {
                this.headerSegment.put("x5t", toBase64url(digest));
            }
        } catch (NoSuchAlgorithmException e) {
            throw new JwtException(e);
        } catch (CertificateEncodingException e2) {
            throw new JwtException(e2);
        }
    }

    public void setX509CertificateChain(String[] strArr) {
        this.headerSegment.put("x5c", strArr);
    }

    public void setX509URL(URL url) {
        this.headerSegment.put("x5u", url.toString());
    }

    public void setContentType(String str) {
        this.headerSegment.put(CONTENT_TYPE, str);
    }

    public void setCritical(String[] strArr) {
        if (strArr == null || strArr.length <= 0) {
            return;
        }
        this.headerSegment.put(CRITICAL, strArr);
    }

    public String signAndSerialize(byte[] bArr) throws SigningException, JwtException {
        String algorithm = getAlgorithm();
        if (algorithm == null || algorithm.isEmpty()) {
            throw new SigningException("Signature algorithm is missing.");
        }
        StringBuilder sb = new StringBuilder();
        sb.append(parseToJSONBase64url(this.headerSegment));
        sb.append(".");
        sb.append(parseToJSONBase64url(this.claimSegment));
        String str = algNameMap.get(algorithm);
        if (str != null) {
            try {
                if (!str.isEmpty()) {
                    Mac mac = Mac.getInstance(str);
                    mac.init(new SecretKeySpec(bArr, str));
                    mac.update(sb.toString().getBytes("UTF-8"));
                    String base64url = toBase64url(mac.doFinal());
                    sb.append(".");
                    sb.append(base64url);
                    return sb.toString();
                }
            } catch (UnsupportedEncodingException e) {
                throw new SigningException(e);
            } catch (InvalidKeyException e2) {
                throw new SigningException(e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new SigningException(e3);
            }
        }
        throw new NoSuchAlgorithmException("Unknown signature algorithm:- " + algorithm);
    }

    public String signAndSerialize(PrivateKey privateKey) throws SigningException, JwtException {
        String algorithm = getAlgorithm();
        if (algorithm == null || algorithm.isEmpty()) {
            try {
                throw new NoSuchAlgorithmException("Signature algorithm is missing.");
            } catch (NoSuchAlgorithmException e) {
                throw new SigningException(e);
            }
        }
        StringBuilder sb = new StringBuilder();
        sb.append(parseToJSONBase64url(this.headerSegment));
        sb.append(".");
        sb.append(parseToJSONBase64url(this.claimSegment));
        String str = algNameMap.get(algorithm);
        if (str != null) {
            try {
                if (!str.isEmpty()) {
                    Signature signatureInstance = CryptoUtils.getSignatureInstance(str, privateKey);
                    signatureInstance.initSign(privateKey);
                    signatureInstance.update(sb.toString().getBytes("UTF-8"));
                    String base64url = toBase64url(signatureInstance.sign());
                    sb.append(".");
                    sb.append(base64url);
                    return sb.toString();
                }
            } catch (UnsupportedEncodingException e2) {
                throw new SigningException(e2);
            } catch (InvalidKeyException e3) {
                throw new SigningException(e3);
            } catch (NoSuchAlgorithmException e4) {
                throw new SigningException(e4);
            } catch (NoSuchProviderException e5) {
                throw new SigningException(e5);
            } catch (SignatureException e6) {
                throw new SigningException(e6);
            }
        }
        throw new NoSuchAlgorithmException("Unknown signature algorithm:- " + algorithm);
    }

    public String toString() {
        String str = null;
        String str2 = null;
        try {
            str = this.decodedHeaderString != null ? this.decodedHeaderString : new String(fromBase64url(parseToJSONBase64url(this.headerSegment)));
            str2 = this.decodedClaimString != null ? this.decodedClaimString : new String(fromBase64url(parseToJSONBase64url(this.claimSegment)));
        } catch (JwtException e) {
        }
        return "JWT:-\nHeader Segment:-\n" + str + "\nClaim Segment:-\n" + str2;
    }

    public boolean verify(byte[] bArr) throws VerifyException {
        boolean z = false;
        String algorithm = getAlgorithm();
        if (algorithm == null || algorithm.isEmpty()) {
            try {
                throw new NoSuchAlgorithmException("Signature algorithm is missing");
            } catch (NoSuchAlgorithmException e) {
                throw new VerifyException(e);
            }
        }
        if (!SIGN_ALGORITHM.none.toString().equals(algorithm) || !this.encodedCryptoString.isEmpty()) {
            try {
                String str = algNameMap.get(algorithm);
                if (str == null || str.isEmpty()) {
                    throw new NoSuchAlgorithmException("Unknown signature algorithm " + algorithm);
                }
                Mac mac = Mac.getInstance(str);
                mac.init(new SecretKeySpec(bArr, str));
                mac.update((this.encodedHeaderString + "." + this.encodedClaimString).getBytes("UTF-8"));
                z = Utils.areEqual(mac.doFinal(), fromBase64url(this.encodedCryptoString));
            } catch (UnsupportedEncodingException e2) {
                throw new VerifyException(e2);
            } catch (IllegalStateException e3) {
                throw new VerifyException(e3);
            } catch (InvalidKeyException e4) {
                throw new VerifyException(e4);
            } catch (NoSuchAlgorithmException e5) {
                throw new VerifyException(e5);
            }
        }
        return z;
    }

    public boolean verify(PublicKey publicKey) throws VerifyException {
        boolean z = false;
        String algorithm = getAlgorithm();
        if (algorithm == null || algorithm.isEmpty()) {
            try {
                throw new NoSuchAlgorithmException("Signature algorithm is missing");
            } catch (NoSuchAlgorithmException e) {
                throw new VerifyException(e);
            }
        }
        if (!SIGN_ALGORITHM.none.toString().equals(algorithm) || !this.encodedCryptoString.isEmpty()) {
            try {
                String str = algNameMap.get(algorithm);
                if (str == null || str.isEmpty()) {
                    throw new NoSuchAlgorithmException("Unknown signature algorithm " + algorithm);
                }
                Signature signatureInstance = CryptoUtils.getSignatureInstance(str, publicKey);
                signatureInstance.initVerify(publicKey);
                byte[] fromBase64url = fromBase64url(this.encodedCryptoString);
                signatureInstance.update((this.encodedHeaderString + "." + this.encodedClaimString).getBytes("UTF-8"));
                z = signatureInstance.verify(fromBase64url);
            } catch (UnsupportedEncodingException e2) {
                throw new VerifyException(e2);
            } catch (InvalidKeyException e3) {
                throw new VerifyException(e3);
            } catch (NoSuchAlgorithmException e4) {
                throw new VerifyException(e4);
            } catch (NoSuchProviderException e5) {
                throw new VerifyException(e5);
            } catch (SignatureException e6) {
                throw new VerifyException(e6);
            }
        }
        return z;
    }

    public boolean verify() throws VerifyException {
        boolean z = false;
        String algorithm = getAlgorithm();
        if (algorithm == null || algorithm.isEmpty()) {
            try {
                throw new NoSuchAlgorithmException("Signature algorithm is missing");
            } catch (NoSuchAlgorithmException e) {
                throw new VerifyException(e);
            }
        }
        if (!SIGN_ALGORITHM.none.toString().equals(algorithm) || !this.encodedCryptoString.isEmpty()) {
            try {
                String str = algNameMap.get(algorithm);
                if (str == null || str.isEmpty()) {
                    throw new NoSuchAlgorithmException("Unknown signature algorithm " + algorithm);
                }
                ArrayList arrayList = (ArrayList) this.headerSegment.get("x5c");
                if (arrayList == null || arrayList.size() == 0) {
                    throw new VerifyException("x5c certificate chain claim is missing");
                }
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new UnsyncByteArrayInputStream(Utils.fromBase64((String) arrayList.get(0))));
                Signature signatureInstance = CryptoUtils.getSignatureInstance(str, x509Certificate.getPublicKey());
                signatureInstance.initVerify(x509Certificate.getPublicKey());
                byte[] fromBase64url = fromBase64url(this.encodedCryptoString);
                signatureInstance.update((this.encodedHeaderString + "." + this.encodedClaimString).getBytes("UTF-8"));
                z = signatureInstance.verify(fromBase64url);
            } catch (UnsupportedEncodingException e2) {
                throw new VerifyException(e2);
            } catch (InvalidKeyException e3) {
                throw new VerifyException(e3);
            } catch (NoSuchAlgorithmException e4) {
                throw new VerifyException(e4);
            } catch (NoSuchProviderException e5) {
                throw new VerifyException(e5);
            } catch (SignatureException e6) {
                throw new VerifyException(e6);
            } catch (CertificateException e7) {
                throw new VerifyException(e7);
            }
        }
        return z;
    }

    private static long getDate(Object obj) {
        long longValue = obj instanceof Long ? ((Long) obj).longValue() : ((Integer) obj).longValue();
        if (Long.toString(longValue).length() < 13) {
            longValue *= 1000;
        }
        return longValue;
    }

    static {
        algNameMap.put(SIGN_ALGORITHM.HS256.toString(), "HmacSHA256");
        algNameMap.put(SIGN_ALGORITHM.HS384.toString(), "HmacSHA384");
        algNameMap.put(SIGN_ALGORITHM.HS512.toString(), "HmacSHA512");
        algNameMap.put(SIGN_ALGORITHM.RS256.toString(), "SHA256withRSA");
        algNameMap.put(SIGN_ALGORITHM.RS384.toString(), "SHA384withRSA");
        algNameMap.put(SIGN_ALGORITHM.RS512.toString(), "SHA512withRSA");
        algNameMap.put(SIGN_ALGORITHM.ES256.toString(), "SHA256withECDSA");
        algNameMap.put(SIGN_ALGORITHM.ES384.toString(), "SHA384withECDSA");
        algNameMap.put(SIGN_ALGORITHM.ES512.toString(), "SHA512withECDSA");
    }
}
