package org.eclipse.sensinact.gateway.core.security.user.openid;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.Signature;
import java.security.spec.RSAPublicKeySpec;
import java.time.Instant;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.eclipse.sensinact.gateway.core.security.user.openid.KeyCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/sensinact/gateway/core/security/user/openid/JsonWebToken.class */
public class JsonWebToken {
    private static final String ALGORITHM_KEY = "alg";
    private static final Logger LOG = LoggerFactory.getLogger(JsonWebToken.class);
    private final String token;
    private final Map<String, Object> payload;
    private final boolean isValid;

    public JsonWebToken(String str) {
        Map<String, Object> emptyMap;
        boolean z;
        this.token = null;
        try {
            emptyMap = (Map) new ObjectMapper().readValue(str, new TypeReference<Map<String, Object>>() { // from class: org.eclipse.sensinact.gateway.core.security.user.openid.JsonWebToken.1
            });
            z = true;
        } catch (IOException e) {
            LOG.error("Unable to read the JWT payload", e);
            emptyMap = Collections.emptyMap();
            z = false;
        }
        this.payload = emptyMap;
        this.isValid = z;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:30:0x020f. Please report as an issue. */
    public JsonWebToken(String str, List<KeyCollection.Keys> list) {
        String str2;
        String str3;
        Map<String, Object> emptyMap;
        String replace;
        byte[] decode;
        String str4;
        String valueOf;
        boolean z;
        this.token = str;
        ObjectMapper objectMapper = new ObjectMapper();
        Base64.Decoder decoder = Base64.getDecoder();
        Base64.Encoder encoder = Base64.getEncoder();
        int indexOf = str.indexOf(".");
        int lastIndexOf = str.lastIndexOf(".");
        String substring = str.substring(0, indexOf);
        while (true) {
            str2 = substring;
            if ((4 - (str2.length() % 4)) % 4 == 0) {
                break;
            } else {
                substring = str2.concat("=");
            }
        }
        String str5 = new String(decoder.decode(str2.replace("-", "+").replace("_", "/")));
        try {
            Map map = (Map) objectMapper.readValue(str5, new TypeReference<Map<String, Object>>() { // from class: org.eclipse.sensinact.gateway.core.security.user.openid.JsonWebToken.2
            });
            String substring2 = str.substring(indexOf + 1, lastIndexOf);
            while (true) {
                str3 = substring2;
                if ((4 - (str3.length() % 4)) % 4 == 0) {
                    break;
                } else {
                    substring2 = str3.concat("=");
                }
            }
            String str6 = new String(decoder.decode(str3.replace("-", "+").replace("_", "/")));
            boolean z2 = false;
            try {
                String str7 = new String(str.substring(lastIndexOf + 1).getBytes("UTF-8"));
                while ((4 - (str7.length() % 4)) % 4 != 0) {
                    str7 = str7.concat("=");
                }
                replace = str7.replace("-", "+").replace("_", "/");
                decode = decoder.decode(replace);
                str4 = encoder.encodeToString(str5.getBytes("UTF-8")).split("=")[0].replace('+', '-').replace('/', '_') + "." + encoder.encodeToString(str6.getBytes("UTF-8")).split("=")[0].replace('+', '-').replace('/', '_');
                valueOf = String.valueOf(map.get(ALGORITHM_KEY));
                z = -1;
                switch (valueOf.hashCode()) {
                    case 69015912:
                        if (valueOf.equals("HS256")) {
                            z = true;
                            break;
                        }
                        break;
                    case 78251122:
                        if (valueOf.equals("RS256")) {
                            z = false;
                            break;
                        }
                        break;
                }
            } catch (UnsupportedEncodingException | IllegalArgumentException | GeneralSecurityException e) {
                LOG.error("Error while decrypting the token", e);
                z2 = false;
            }
            switch (z) {
                case false:
                    KeyCollection.Keys orElse = list.stream().filter(keys -> {
                        return "RSA".equals(keys.getType()) && "RS256".equals(keys.getAlgorithm());
                    }).findFirst().orElse(null);
                    if (orElse == null) {
                        throw new GeneralSecurityException("No suitable key to decrypt RS256");
                    }
                    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
                    Signature signature = Signature.getInstance("SHA256withRSA");
                    String rsaModulus = orElse.getRsaModulus();
                    while ((4 - (rsaModulus.length() % 4)) % 4 != 0) {
                        rsaModulus = rsaModulus.concat("=");
                    }
                    byte[] decode2 = decoder.decode(rsaModulus.replace("-", "+").replace("_", "/"));
                    String rsaExponent = orElse.getRsaExponent();
                    while ((4 - (rsaExponent.length() % 4)) % 4 != 0) {
                        rsaExponent = rsaExponent.concat("=");
                    }
                    signature.initVerify(keyFactory.generatePublic(new RSAPublicKeySpec(new BigInteger(1, decode2), new BigInteger(1, decoder.decode(rsaExponent.replace("-", "+").replace("_", "/"))))));
                    signature.update(str4.getBytes("UTF-8"));
                    z2 = signature.verify(decode);
                    try {
                        emptyMap = (Map) new ObjectMapper().readValue(str6, new TypeReference<Map<String, Object>>() { // from class: org.eclipse.sensinact.gateway.core.security.user.openid.JsonWebToken.3
                        });
                    } catch (IOException e2) {
                        LOG.error("Unable to parse the JWT payload", e2);
                        emptyMap = Collections.emptyMap();
                        z2 = false;
                    }
                    this.payload = emptyMap;
                    this.isValid = z2;
                    return;
                case true:
                    KeyCollection.Keys orElse2 = list.stream().filter(keys2 -> {
                        return "oct".equals(keys2.getType());
                    }).findFirst().orElse(null);
                    if (orElse2 == null) {
                        throw new GeneralSecurityException("No suitable key to decrypt HS256");
                    }
                    String symmetricKey = orElse2.getSymmetricKey();
                    while ((4 - (symmetricKey.length() % 4)) % 4 != 0) {
                        symmetricKey = symmetricKey.concat("=");
                    }
                    byte[] decode3 = decoder.decode(symmetricKey.replace("-", "+").replace("_", "/"));
                    Mac mac = Mac.getInstance("HmacSHA256");
                    mac.init(new SecretKeySpec(decode3, "HmacSHA256"));
                    String replace2 = encoder.encodeToString(mac.doFinal(str4.getBytes())).split("=")[0].replace('+', '-').replace('/', '_');
                    z2 = new String(replace).equals(replace2);
                    if (!z2) {
                        LOG.error("Invalid signature " + replace2 + " / " + str.substring(lastIndexOf + 1));
                    }
                default:
                    LOG.error("Unknown algorithm {} while decrypting the token", valueOf);
                    emptyMap = (Map) new ObjectMapper().readValue(str6, new TypeReference<Map<String, Object>>() { // from class: org.eclipse.sensinact.gateway.core.security.user.openid.JsonWebToken.3
                    });
                    this.payload = emptyMap;
                    this.isValid = z2;
                    return;
            }
        } catch (IOException e3) {
            LOG.error("Unable to read the JWT header", e3);
            this.payload = Collections.emptyMap();
            this.isValid = false;
        }
    }

    public boolean isValid() {
        return this.isValid;
    }

    public Object claim(String str) {
        return this.payload.get(str);
    }

    public String getToken() {
        return this.token;
    }

    public String token() {
        return this.token;
    }

    public boolean expired() {
        return willHaveExpiredAt(Instant.now());
    }

    private boolean willHaveExpiredAt(Instant instant) {
        Object obj = this.payload.get("exp");
        if (obj == null || instant.isAfter(Instant.ofEpochSecond(Long.parseLong(String.valueOf(obj))))) {
            return true;
        }
        Object obj2 = this.payload.get("nbf");
        return obj2 != null && instant.isBefore(Instant.ofEpochSecond(Long.parseLong(String.valueOf(obj2))));
    }

    public boolean willHaveExpiredIn(long j) {
        return willHaveExpiredAt(Instant.now().plusSeconds(j));
    }

    public int remainingValidity() {
        long j;
        Object obj;
        Instant now = Instant.now();
        Object obj2 = this.payload.get("exp");
        if (obj2 != null) {
            long parseLong = Long.parseLong(String.valueOf(obj2));
            j = now.isAfter(Instant.ofEpochSecond(parseLong)) ? -1L : parseLong - now.getEpochSecond();
        } else {
            j = 2147483647L;
        }
        if (j >= 0 && (obj = this.payload.get("nbf")) != null && now.isBefore(Instant.ofEpochSecond(Long.parseLong(String.valueOf(obj))))) {
            j = -1;
        }
        if (j > 2147483647L) {
            j = 2147483647L;
        }
        return (int) j;
    }
}
