package one.microproject.iamservice.core.utils;

import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.impl.DefaultClaims;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URI;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import one.microproject.iamservice.core.model.ClientId;
import one.microproject.iamservice.core.model.JWToken;
import one.microproject.iamservice.core.model.KeyId;
import one.microproject.iamservice.core.model.KeyPairData;
import one.microproject.iamservice.core.model.OrganizationId;
import one.microproject.iamservice.core.model.PKIException;
import one.microproject.iamservice.core.model.Permission;
import one.microproject.iamservice.core.model.ProjectId;
import one.microproject.iamservice.core.model.TokenType;
import one.microproject.iamservice.core.model.UserId;
import one.microproject.iamservice.core.services.dto.IdTokenRequest;
import one.microproject.iamservice.core.services.dto.Scope;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:one/microproject/iamservice/core/utils/TokenUtils.class */
public final class TokenUtils {
    private static final String BC_PROVIDER = "BC";
    private static final String SHA256_RSA = "SHA256withRSA";
    private static final String CN_DIR_NAME = "CN=";
    private static final String X509_TYPE = "X.509";
    private static final String ALGORITHM = "RSA";
    public static final String ROLES_CLAIM = "roles";
    public static final String PERMISSIONS_CLAIM = "permissions";
    public static final String TYPE_CLAIM = "typ";
    public static final String NONCE_CLAIM = "nonce";
    public static final String AUDIENCE_CLAIM = "aud";
    public static final String AUTH_TIME_CLAIM = "auth_time";
    public static final String SCOPE_CLAIM = "scope";
    public static final String KEY_ID = "kid";
    public static final String TYP_ID = "typ";
    public static final String TYP_VALUE = "JWT";

    private TokenUtils() {
    }

    public static Scope filterScopes(Set<Permission> set, Scope scope) {
        return scope.isEmpty() ? new Scope((Set) set.stream().map(permission -> {
            return permission.asStringValue();
        }).collect(Collectors.toSet())) : new Scope((Set) set.stream().filter(permission2 -> {
            return scope.getValues().contains(permission2.asStringValue());
        }).map(permission3 -> {
            return permission3.asStringValue();
        }).collect(Collectors.toSet()));
    }

    public static Map<String, Set<String>> getPermissionsClaims(Set<Permission> set) {
        HashMap hashMap = new HashMap();
        hashMap.put(PERMISSIONS_CLAIM, (Set) set.stream().map(permission -> {
            return permission.asStringValue();
        }).collect(Collectors.toSet()));
        return hashMap;
    }

    public static JWToken issueToken(URI uri, OrganizationId organizationId, ProjectId projectId, Set<String> set, ClientId clientId, Long l, TimeUnit timeUnit, Scope scope, Map<String, Set<String>> map, KeyId keyId, PrivateKey privateKey, TokenType tokenType) {
        return issueToken(uri, organizationId, projectId, set, clientId.getId(), l, timeUnit, scope, map, keyId, privateKey, tokenType);
    }

    public static JWToken issueToken(URI uri, OrganizationId organizationId, ProjectId projectId, Set<String> set, UserId userId, Long l, TimeUnit timeUnit, Scope scope, Map<String, Set<String>> map, KeyId keyId, PrivateKey privateKey, TokenType tokenType) {
        return issueToken(uri, organizationId, projectId, set, userId.getId(), l, timeUnit, scope, map, keyId, privateKey, tokenType);
    }

    public static JWToken issueToken(URI uri, OrganizationId organizationId, ProjectId projectId, Set<String> set, String str, Long l, TimeUnit timeUnit, Scope scope, Map<String, Set<String>> map, KeyId keyId, PrivateKey privateKey, TokenType tokenType) {
        Date date = new Date();
        return issueToken(uri, organizationId, projectId, str, set, new Date(date.getTime() + timeUnit.toMillis(l.longValue())), date, date, scope, map, keyId, privateKey, tokenType);
    }

    public static JWToken issueIdToken(URI uri, OrganizationId organizationId, ProjectId projectId, ClientId clientId, String str, Long l, TimeUnit timeUnit, IdTokenRequest idTokenRequest, KeyId keyId, PrivateKey privateKey) {
        String str2 = organizationId.getId() + "/" + projectId.getId() + "/" + str;
        Date date = new Date();
        Date date2 = new Date(date.getTime() + timeUnit.toMillis(l.longValue()));
        JwtBuilder builder = Jwts.builder();
        builder.setHeaderParam("typ", TYP_VALUE);
        builder.setHeaderParam(KEY_ID, keyId.getId());
        builder.setIssuer(uri.toString());
        builder.setSubject(str2);
        builder.setAudience(clientId.getId());
        builder.setExpiration(date2);
        builder.setIssuedAt(date);
        builder.claim(AUTH_TIME_CLAIM, Long.valueOf(date.getTime()));
        if (idTokenRequest.getNonce() != null) {
            builder.claim(NONCE_CLAIM, idTokenRequest.getNonce());
        }
        builder.signWith(privateKey);
        return JWToken.from(builder.compact());
    }

    public static JWToken issueToken(URI uri, OrganizationId organizationId, ProjectId projectId, String str, Set<String> set, Date date, Date date2, Date date3, Scope scope, Map<String, Set<String>> map, KeyId keyId, PrivateKey privateKey, TokenType tokenType) {
        JwtBuilder builder = Jwts.builder();
        builder.setHeaderParam("typ", TYP_VALUE);
        builder.setHeaderParam(KEY_ID, keyId.getId());
        builder.setSubject(str);
        builder.signWith(privateKey);
        builder.setExpiration(date);
        builder.setIssuer(uri.toString());
        builder.setIssuedAt(date3);
        builder.setNotBefore(date2);
        builder.claim(AUDIENCE_CLAIM, set);
        builder.claim("typ", tokenType.getType());
        builder.claim(SCOPE_CLAIM, String.join(" ", scope.getValues()));
        builder.setId(UUID.randomUUID().toString());
        if (map != null) {
            map.forEach((str2, set2) -> {
                builder.claim(str2, set2);
            });
        }
        return JWToken.from(builder.compact());
    }

    public static KeyPair generateKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", BC_PROVIDER);
        keyPairGenerator.initialize(2048, SecureRandom.getInstance("NativePRNG"));
        return keyPairGenerator.generateKeyPair();
    }

    public static DefaultClaims extractClaims(JWToken jWToken) {
        String token = jWToken.getToken();
        return (DefaultClaims) Jwts.parserBuilder().build().parse(token.substring(0, token.lastIndexOf(46) + 1)).getBody();
    }

    public static X509Certificate createSignedCertificate(String str, String str2, Long l, TimeUnit timeUnit, PublicKey publicKey, PrivateKey privateKey) throws OperatorCreationException, IOException, CertificateException, NoSuchProviderException {
        Date date = new Date();
        return createSignedCertificate(str, str2, date, new Date(date.getTime() + timeUnit.toMillis(l.longValue())), publicKey, privateKey);
    }

    public static X509Certificate createSignedCertificate(String str, String str2, Date date, Date date2, PublicKey publicKey, PrivateKey privateKey) throws OperatorCreationException, IOException, CertificateException, NoSuchProviderException {
        return (X509Certificate) CertificateFactory.getInstance(X509_TYPE, BC_PROVIDER).generateCertificate(new ByteArrayInputStream(new X509v3CertificateBuilder(new X500Name("CN=" + str), BigInteger.valueOf(System.currentTimeMillis()), date, date2, new X500Name("CN=" + str2), SubjectPublicKeyInfo.getInstance(publicKey.getEncoded())).build(new JcaContentSignerBuilder(SHA256_RSA).build(privateKey)).getEncoded()));
    }

    public static X509Certificate createSelfSignedCertificate(String str, Date date, Date date2, KeyPair keyPair) throws OperatorCreationException, IOException, CertificateException, NoSuchProviderException {
        return createSignedCertificate(str, str, date, date2, keyPair.getPublic(), keyPair.getPrivate());
    }

    public static X509Certificate createSelfSignedCertificate(String str, Long l, TimeUnit timeUnit, KeyPair keyPair) throws OperatorCreationException, IOException, CertificateException, NoSuchProviderException {
        Date date = new Date();
        return createSelfSignedCertificate(str, date, new Date(date.getTime() + timeUnit.toMillis(l.longValue())), keyPair);
    }

    public static void verifyCertificate(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertificateException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        x509Certificate.checkValidity();
        x509Certificate2.checkValidity();
        x509Certificate2.verify(x509Certificate.getPublicKey());
    }

    public static KeyPairData createSelfSignedKeyPairData(String str, Long l, TimeUnit timeUnit) throws PKIException {
        try {
            KeyId from = KeyId.from(UUID.randomUUID().toString());
            KeyPair generateKeyPair = generateKeyPair();
            return new KeyPairData(from, generateKeyPair.getPrivate(), createSelfSignedCertificate(str, l, timeUnit, generateKeyPair));
        } catch (Exception e) {
            throw new PKIException(e);
        }
    }

    public static KeyPairData createSignedKeyPairData(String str, String str2, Long l, TimeUnit timeUnit, PrivateKey privateKey) throws PKIException {
        try {
            KeyId from = KeyId.from(UUID.randomUUID().toString());
            KeyPair generateKeyPair = generateKeyPair();
            return new KeyPairData(from, generateKeyPair.getPrivate(), createSignedCertificate(str, str2, l, timeUnit, generateKeyPair.getPublic(), privateKey));
        } catch (Exception e) {
            throw new PKIException(e);
        }
    }

    public static void verifySignedCertificate(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws PKIException {
        try {
            verifyCertificate(x509Certificate, x509Certificate2);
        } catch (Exception e) {
            throw new PKIException(e);
        }
    }

    public static void verifySelfSignedCertificate(X509Certificate x509Certificate) throws PKIException {
        try {
            verifyCertificate(x509Certificate, x509Certificate);
        } catch (Exception e) {
            throw new PKIException(e);
        }
    }

    public static String serializeX509Certificate(X509Certificate x509Certificate) throws PKIException {
        try {
            return Base64.getEncoder().encodeToString(x509Certificate.getEncoded());
        } catch (Exception e) {
            throw new PKIException(e);
        }
    }

    public static X509Certificate deserializeX509Certificate(String str) throws PKIException {
        try {
            return (X509Certificate) CertificateFactory.getInstance(X509_TYPE, BC_PROVIDER).generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(str)));
        } catch (Exception e) {
            throw new PKIException(e);
        }
    }

    public static String serializePrivateKey(PrivateKey privateKey) {
        return Base64.getEncoder().encodeToString(privateKey.getEncoded());
    }

    public static PrivateKey deserializePrivateKey(String str) throws PKIException {
        try {
            return KeyFactory.getInstance("RSA", BC_PROVIDER).generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(str)));
        } catch (Exception e) {
            throw new PKIException(e);
        }
    }

    public static byte[] toBytesUnsigned(BigInteger bigInteger) {
        return bigInteger.toByteArray();
    }

    public static boolean isPKCEEnabled(String str, String str2) {
        return (isNullOrEmpty(str) && isNullOrEmpty(str2)) ? false : true;
    }

    private static boolean isNullOrEmpty(String str) {
        if (str == null) {
            return true;
        }
        return str.isEmpty();
    }
}
