package com.xforceplus.xplatframework.utils.encrypt.jwt;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.JsonNodeFactory;
import com.fasterxml.jackson.databind.node.ObjectNode;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Header;
import io.jsonwebtoken.JwsHeader;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.naming.OperationNotSupportedException;
import org.apache.commons.codec.binary.Base64;

/* JADX WARN: Classes with same name are omitted:
  input_file:BOOT-INF/lib/xplat-framework-4.0.0-SNAPSHOT.jar:com/xforceplus/xplatframework/utils/encrypt/jwt/JWTSigner.class
 */
/* loaded from: input_file:BOOT-INF/lib/tenant-framework-1.0.0-SNAPSHOT.jar:com/xforceplus/xplatframework/utils/encrypt/jwt/JWTSigner.class */
public class JWTSigner {
    private final byte[] secret;

    /* JADX WARN: Classes with same name are omitted:
      input_file:BOOT-INF/lib/xplat-framework-4.0.0-SNAPSHOT.jar:com/xforceplus/xplatframework/utils/encrypt/jwt/JWTSigner$Options.class
     */
    /* loaded from: input_file:BOOT-INF/lib/tenant-framework-1.0.0-SNAPSHOT.jar:com/xforceplus/xplatframework/utils/encrypt/jwt/JWTSigner$Options.class */
    public static class Options {
        private Algorithm algorithm;
        private Integer expirySeconds;
        private Integer notValidBeforeLeeway;
        private boolean issuedAt;
        private boolean jwtId;

        public Algorithm getAlgorithm() {
            return this.algorithm;
        }

        public Options setAlgorithm(Algorithm algorithm) {
            this.algorithm = algorithm;
            return this;
        }

        public Integer getExpirySeconds() {
            return this.expirySeconds;
        }

        public Options setExpirySeconds(Integer num) {
            this.expirySeconds = num;
            return this;
        }

        public Integer getNotValidBeforeLeeway() {
            return this.notValidBeforeLeeway;
        }

        public Options setNotValidBeforeLeeway(Integer num) {
            this.notValidBeforeLeeway = num;
            return this;
        }

        public boolean isIssuedAt() {
            return this.issuedAt;
        }

        public Options setIssuedAt(boolean z) {
            this.issuedAt = z;
            return this;
        }

        public boolean isJwtId() {
            return this.jwtId;
        }

        public Options setJwtId(boolean z) {
            this.jwtId = z;
            return this;
        }
    }

    public JWTSigner(String str) {
        this(str.getBytes(StandardCharsets.UTF_8));
    }

    public JWTSigner(byte[] bArr) {
        this.secret = bArr;
    }

    private static byte[] sign(Algorithm algorithm, String str, byte[] bArr) throws Exception {
        switch (algorithm) {
            case HS256:
            case HS384:
            case HS512:
                return signHmac(algorithm, str, bArr);
            case RS256:
            case RS384:
            case RS512:
            default:
                throw new OperationNotSupportedException("Unsupported signing method");
        }
    }

    private static byte[] signHmac(Algorithm algorithm, String str, byte[] bArr) throws Exception {
        Mac mac = Mac.getInstance(algorithm.getValue());
        mac.init(new SecretKeySpec(bArr, algorithm.getValue()));
        return mac.doFinal(str.getBytes());
    }

    public String sign(Map<String, Object> map, Options options) {
        Algorithm algorithm = Algorithm.HS256;
        if (options != null && options.getAlgorithm() != null) {
            algorithm = options.getAlgorithm();
        }
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.add(encodedHeader(algorithm));
            arrayList.add(encodedPayload(map, options));
            arrayList.add(encodedSignature(join(arrayList, "."), algorithm));
            return join(arrayList, ".");
        } catch (Exception e) {
            if (e instanceof RuntimeException) {
                throw ((RuntimeException) e);
            }
            throw new RuntimeException(e);
        }
    }

    public String sign(Map<String, Object> map) {
        return sign(map, null);
    }

    private String encodedHeader(Algorithm algorithm) throws UnsupportedEncodingException {
        if (algorithm == null) {
            algorithm = Algorithm.HS256;
        }
        ObjectNode objectNode = JsonNodeFactory.instance.objectNode();
        objectNode.put("typ", Header.JWT_TYPE);
        objectNode.put(JwsHeader.ALGORITHM, algorithm.name());
        return base64UrlEncode(objectNode.toString().getBytes(StandardCharsets.UTF_8));
    }

    private String encodedPayload(Map<String, Object> map, Options options) throws Exception {
        HashMap hashMap = new HashMap(map);
        enforceStringOrURI(hashMap, Claims.ISSUER);
        enforceStringOrURI(hashMap, Claims.SUBJECT);
        enforceStringOrURICollection(hashMap, Claims.AUDIENCE);
        enforceIntDate(hashMap, "exp");
        enforceIntDate(hashMap, Claims.NOT_BEFORE);
        enforceIntDate(hashMap, Claims.ISSUED_AT);
        enforceString(hashMap, Claims.ID);
        if (options != null) {
            processPayloadOptions(hashMap, options);
        }
        return base64UrlEncode(new ObjectMapper().writeValueAsString(hashMap).getBytes(StandardCharsets.UTF_8));
    }

    private void processPayloadOptions(Map<String, Object> map, Options options) {
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        if (options.getExpirySeconds() != null) {
            map.put("exp", Long.valueOf(currentTimeMillis + options.getExpirySeconds().intValue()));
        }
        if (options.getNotValidBeforeLeeway() != null) {
            map.put(Claims.NOT_BEFORE, Long.valueOf(currentTimeMillis - options.getNotValidBeforeLeeway().intValue()));
        }
        if (options.isIssuedAt()) {
            map.put(Claims.ISSUED_AT, Long.valueOf(currentTimeMillis));
        }
        if (options.isJwtId()) {
            map.put(Claims.ID, UUID.randomUUID().toString());
        }
    }

    private void enforceIntDate(Map<String, Object> map, String str) {
        Object handleNullValue = handleNullValue(map, str);
        if (handleNullValue == null) {
            return;
        }
        if (!(handleNullValue instanceof Number)) {
            throw new RuntimeException(String.format("Claim '%s' is invalid: must be an instance of Number", str));
        }
        long longValue = ((Number) handleNullValue).longValue();
        if (longValue < 0) {
            throw new RuntimeException(String.format("Claim '%s' is invalid: must be non-negative", str));
        }
        map.put(str, Long.valueOf(longValue));
    }

    private void enforceStringOrURICollection(Map<String, Object> map, String str) {
        Object handleNullValue = handleNullValue(map, str);
        if (handleNullValue == null) {
            return;
        }
        if (!(handleNullValue instanceof Collection)) {
            enforceStringOrURI(map, Claims.AUDIENCE);
            return;
        }
        Iterator it = ((Collection) handleNullValue).iterator();
        while (it.hasNext()) {
            String checkStringOrURI = checkStringOrURI(it.next());
            if (checkStringOrURI != null) {
                throw new RuntimeException(String.format("Claim 'aud' element is invalid: %s", checkStringOrURI));
            }
        }
    }

    private void enforceStringOrURI(Map<String, Object> map, String str) {
        String checkStringOrURI;
        Object handleNullValue = handleNullValue(map, str);
        if (handleNullValue != null && (checkStringOrURI = checkStringOrURI(handleNullValue)) != null) {
            throw new RuntimeException(String.format("Claim '%s' is invalid: %s", str, checkStringOrURI));
        }
    }

    private void enforceString(Map<String, Object> map, String str) {
        Object handleNullValue = handleNullValue(map, str);
        if (handleNullValue != null && !(handleNullValue instanceof String)) {
            throw new RuntimeException(String.format("Claim '%s' is invalid: not a string", str));
        }
    }

    private Object handleNullValue(Map<String, Object> map, String str) {
        if (!map.containsKey(str)) {
            return null;
        }
        Object obj = map.get(str);
        if (obj != null) {
            return obj;
        }
        map.remove(str);
        return null;
    }

    private String checkStringOrURI(Object obj) {
        if (!(obj instanceof String)) {
            return "not a string";
        }
        String str = (String) obj;
        if (!str.contains(":")) {
            return null;
        }
        try {
            new URI(str);
            return null;
        } catch (URISyntaxException e) {
            return "not a valid URI";
        }
    }

    private String encodedSignature(String str, Algorithm algorithm) throws Exception {
        return base64UrlEncode(sign(algorithm, str, this.secret));
    }

    private String base64UrlEncode(byte[] bArr) {
        return new String(Base64.encodeBase64URLSafe(bArr));
    }

    private String join(List<String> list, String str) {
        int size = list.size();
        int i = 1;
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            sb.append(it.next());
            if (i < size) {
                sb.append(str);
            }
            i++;
        }
        return sb.toString();
    }
}
