package com.ibm.ws.security.common.jwk.impl;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.json.java.JSONArray;
import com.ibm.json.java.JSONObject;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.crypto.KeyAlgorithmChecker;
import com.ibm.ws.security.common.http.HttpUtils;
import com.ibm.ws.security.common.http.SocialLoginWrapperException;
import com.ibm.ws.security.common.jwk.impl.PemKeyUtil;
import com.ibm.ws.security.common.jwk.interfaces.JWK;
import com.ibm.ws.security.common.jwk.internal.JwkConstants;
import com.ibm.ws.security.common.ssl.NoSSLSocketFactoryException;
import com.ibm.ws.security.common.ssl.SecuritySSLUtils;
import com.ibm.wsspi.ssl.SSLSupport;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URL;
import java.security.AccessController;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.BasicCredentialsProvider;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/common/jwk/impl/JwKRetriever.class */
public class JwKRetriever {
    private static final TraceComponent tc = Tr.register(JwKRetriever.class, (String) null, (String) null);
    static final String PEM_BEGIN_TOKEN = "-----BEGIN";
    static final String PEM_END_TOKEN = "--END--";
    static final String JWKS = "keys";
    static final String JSON_START = "{";
    String configId;
    String sslConfigurationName;
    boolean defaultSSLConfig;
    String jwkEndpointUrl;
    String sigAlg;
    JWKSet jwkSet;
    SSLSupport sslSupport;
    String keyFileName;
    boolean hostNameVerificationEnabled;
    String jwkClientId;
    String jwkClientSecret;

    @Sensitive
    String keyLocation;

    @Sensitive
    String keyText;
    String locationUsed;
    public HttpUtils httpUtils;
    static final long serialVersionUID = -3823779430622606765L;

    /* loaded from: input_file:com/ibm/ws/security/common/jwk/impl/JwKRetriever$JwkKeyType.class */
    public enum JwkKeyType {
        PUBLIC,
        PRIVATE
    }

    public JwKRetriever(JWKSet jWKSet) {
        this.configId = null;
        this.sslConfigurationName = null;
        this.defaultSSLConfig = false;
        this.jwkEndpointUrl = null;
        this.sigAlg = null;
        this.jwkSet = null;
        this.sslSupport = null;
        this.keyFileName = null;
        this.hostNameVerificationEnabled = true;
        this.jwkClientId = null;
        this.jwkClientSecret = null;
        this.keyLocation = null;
        this.keyText = null;
        this.locationUsed = null;
        this.jwkSet = jWKSet;
        this.httpUtils = new HttpUtils();
    }

    protected void setHttpUtils(HttpUtils httpUtils) {
        this.httpUtils = httpUtils;
    }

    public JwKRetriever(String str, String str2, String str3, JWKSet jWKSet, SSLSupport sSLSupport, boolean z, String str4, @Sensitive String str5, String str6) {
        this(str, str2, str3, jWKSet, sSLSupport, z, str4, str5, str6, null, null);
    }

    public JwKRetriever(String str, String str2, String str3, JWKSet jWKSet, SSLSupport sSLSupport, boolean z, String str4, @Sensitive String str5, String str6, @Sensitive String str7, @Sensitive String str8) {
        this.configId = null;
        this.sslConfigurationName = null;
        this.defaultSSLConfig = false;
        this.jwkEndpointUrl = null;
        this.sigAlg = null;
        this.jwkSet = null;
        this.sslSupport = null;
        this.keyFileName = null;
        this.hostNameVerificationEnabled = true;
        this.jwkClientId = null;
        this.jwkClientSecret = null;
        this.keyLocation = null;
        this.keyText = null;
        this.locationUsed = null;
        this.configId = str;
        this.sslConfigurationName = str2;
        this.jwkEndpointUrl = str3;
        this.jwkSet = jWKSet;
        this.sslSupport = sSLSupport;
        this.hostNameVerificationEnabled = z;
        this.jwkClientId = str4;
        this.jwkClientSecret = str5;
        this.sigAlg = str6;
        this.keyText = str7;
        this.keyLocation = str8;
        this.httpUtils = new HttpUtils();
    }

    public void defaultssl() {
        this.defaultSSLConfig = true;
    }

    public boolean isdefaultssl() {
        return this.defaultSSLConfig;
    }

    public void setSignatureAlgorithm(String str) {
        this.sigAlg = str;
    }

    public void setKeyText(@Sensitive String str) {
        this.keyText = str;
    }

    public void setKeyLocation(@Sensitive String str) {
        this.keyLocation = str;
    }

    @Sensitive
    public PrivateKey getPrivateKeyFromJwk(String str, boolean z) throws IOException {
        return (PrivateKey) getKeyFromJwk(str, null, null, z, JwkKeyType.PRIVATE);
    }

    public PublicKey getPublicKeyFromJwk(String str, String str2, boolean z) throws IOException {
        return getPublicKeyFromJwk(str, str2, null, z);
    }

    public PublicKey getPublicKeyFromJwk(String str, String str2, String str3, boolean z) throws IOException {
        return (PublicKey) getKeyFromJwk(str, str2, str3, z, JwkKeyType.PUBLIC);
    }

    @Sensitive
    Key getKeyFromJwk(String str, String str2, String str3, boolean z, JwkKeyType jwkKeyType) throws IOException {
        return remoteHttpCall(this.jwkEndpointUrl, this.keyText, this.keyLocation) ? getJwkRemote(str, str2, str3, z, jwkKeyType) : getJwkLocal(str, str2, this.keyText, this.keyLocation, str3, jwkKeyType);
    }

    @Sensitive
    private Key getJwkFromJWKSet(@Sensitive String str, String str2, String str3, String str4, @Sensitive String str5, JwkKeyType jwkKeyType) {
        boolean z = (str2 == null && str3 == null) ? false : true;
        Key key = null;
        if (str2 != null) {
            key = this.jwkSet.getKeyBySetIdAndKid(str, str2, jwkKeyType);
        } else if (str3 != null) {
            key = this.jwkSet.getKeyBySetIdAndx5t(str, str3, jwkKeyType);
        } else if (str4 != null) {
            key = this.jwkSet.getKeyBySetIdAndUse(str, str4, jwkKeyType);
        }
        if (key != null) {
            return key;
        }
        if (str5 != null) {
            key = this.jwkSet.getKeyBySetIdAndKeyText(str, str5, jwkKeyType);
        }
        if (key == null && !z) {
            key = this.jwkSet.getKeyBySetId(str, jwkKeyType);
        }
        return key;
    }

    protected boolean remoteHttpCall(String str, @Sensitive String str2, @Sensitive String str3) {
        boolean z = true;
        if (str == null) {
            if (str2 != null) {
                z = false;
            } else if (str3 != null && !str3.startsWith("http")) {
                z = false;
            }
        }
        return z;
    }

    @FFDCIgnore({Exception.class})
    @Sensitive
    protected Key getKeyFromFile(@Sensitive String str, String str2, String str3, String str4, JwkKeyType jwkKeyType) {
        Key key = null;
        try {
            String str5 = Thread.currentThread().getContextClassLoader().toString() + str;
            File file = new File(str.startsWith("file:") ? new URI(str).getPath() : str);
            String canonicalPath = file.getCanonicalPath();
            synchronized (this.jwkSet) {
                key = getJwkFromJWKSet(canonicalPath, str2, str3, str4, null, jwkKeyType);
                if (key == null) {
                    key = getJwkFromJWKSet(str5, str2, str3, str4, null, jwkKeyType);
                }
                if (key == null) {
                    InputStream inputStream = null;
                    try {
                        inputStream = getInputStream(file, canonicalPath, str, str5);
                        if (inputStream != null) {
                            String keyAsString = getKeyAsString(inputStream);
                            parseJwk(keyAsString, null, this.jwkSet, this.sigAlg);
                            key = getJwkFromJWKSet(this.locationUsed, str2, str3, str4, keyAsString, jwkKeyType);
                        }
                        if (inputStream != null) {
                            inputStream.close();
                        }
                    } catch (Throwable th) {
                        if (inputStream != null) {
                            inputStream.close();
                        }
                        throw th;
                    }
                }
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception opening file from location [" + str + "]: " + e, new Object[0]);
            }
        }
        return key;
    }

    @FFDCIgnore({PrivilegedActionException.class})
    protected InputStream getInputStream(@Sensitive final File file, @Sensitive String str, @Sensitive String str2, @Sensitive String str3) throws IOException {
        if (file != null) {
            FileInputStream fileInputStream = null;
            try {
                fileInputStream = (FileInputStream) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.security.common.jwk.impl.JwKRetriever.1
                    static final long serialVersionUID = 692077785079817151L;
                    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.common.jwk.impl.JwKRetriever$1", AnonymousClass1.class, (String) null, (String) null);

                    @Override // java.security.PrivilegedExceptionAction
                    @Sensitive
                    public Object run() throws Exception {
                        if (file.exists()) {
                            return new FileInputStream(file);
                        }
                        return null;
                    }
                });
            } catch (PrivilegedActionException e) {
            }
            if (fileInputStream != null) {
                this.locationUsed = str;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "input stream obtained from file system and locationUsed set to: " + getSafeTraceableString(this.locationUsed), new Object[0]);
                }
                return fileInputStream;
            }
        }
        URL resource = Thread.currentThread().getContextClassLoader().getResource(str2);
        this.locationUsed = str3;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "input stream obtained from classloader and  locationUsed set to: " + getSafeTraceableString(this.locationUsed), new Object[0]);
        }
        if (resource != null) {
            return resource.openStream();
        }
        return null;
    }

    @Trivial
    private String getSafeTraceableString(@Sensitive String str) {
        return (str == null || !str.contains(PEM_BEGIN_TOKEN)) ? str : this.locationUsed.substring(0, this.locationUsed.indexOf(PEM_BEGIN_TOKEN));
    }

    @Sensitive
    protected Key getJwkLocal(String str, String str2, @Sensitive String str3, @Sensitive String str4, String str5, JwkKeyType jwkKeyType) {
        Key key;
        if (str3 == null && str4 != null) {
            return getKeyFromFile(str4, str, str2, str5, jwkKeyType);
        }
        if (str3 == null) {
            return null;
        }
        synchronized (this.jwkSet) {
            Key jwkFromJWKSet = getJwkFromJWKSet(str3, str, str2, str5, str3, jwkKeyType);
            if (jwkFromJWKSet == null) {
                parseJwk(str3, null, this.jwkSet, this.sigAlg);
                jwkFromJWKSet = getJwkFromJWKSet(str3, str, str2, str5, str3, jwkKeyType);
            }
            key = jwkFromJWKSet;
        }
        return key;
    }

    @Sensitive
    protected String getKeyAsString(InputStream inputStream) {
        StringBuilder sb = new StringBuilder();
        try {
            InputStreamReader inputStreamReader = new InputStreamReader(inputStream, "UTF-8");
            for (int read = inputStreamReader.read(); read >= 0; read = inputStreamReader.read()) {
                sb.append((char) read);
            }
        } catch (UnsupportedEncodingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.common.jwk.impl.JwKRetriever", "370", this, new Object[]{inputStream});
        } catch (IOException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.common.jwk.impl.JwKRetriever", "372", this, new Object[]{inputStream});
        }
        return sb.toString();
    }

    protected boolean isPEM(@Sensitive String str) {
        return str != null && str.startsWith(PEM_BEGIN_TOKEN);
    }

    @Sensitive
    protected Key getJwkRemote(String str, String str2, String str3, boolean z, JwkKeyType jwkKeyType) throws IOException {
        Key jwkFromJWKSet;
        this.locationUsed = this.jwkEndpointUrl;
        if (this.locationUsed == null) {
            this.locationUsed = this.keyLocation;
        }
        if (this.locationUsed == null || !this.locationUsed.startsWith("http")) {
            return null;
        }
        synchronized (this.jwkSet) {
            jwkFromJWKSet = getJwkFromJWKSet(this.locationUsed, str, str2, str3, null, jwkKeyType);
            if (jwkFromJWKSet == null) {
                jwkFromJWKSet = doJwkRemote(str, str2, str3, z, jwkKeyType);
            }
        }
        return jwkFromJWKSet;
    }

    @FFDCIgnore({IOException.class, Exception.class})
    protected Key doJwkRemote(String str, String str2, String str3, boolean z, JwkKeyType jwkKeyType) throws IOException {
        String str4 = null;
        this.locationUsed = this.jwkEndpointUrl;
        if (this.locationUsed == null) {
            this.locationUsed = this.keyLocation;
        }
        try {
            SSLSocketFactory sSLSocketFactory = null;
            if (this.locationUsed != null && this.locationUsed.toLowerCase().startsWith("https")) {
                sSLSocketFactory = getSSLSocketFactory(this.locationUsed, this.sslConfigurationName, this.sslSupport);
            }
            str4 = getHTTPRequestAsString(createHTTPClient(sSLSocketFactory, this.locationUsed, this.hostNameVerificationEnabled, z), this.locationUsed);
            if (!parseJwk(str4, null, this.jwkSet, this.sigAlg) && tc.isDebugEnabled()) {
                Tr.debug(tc, "No JWK can be found through '" + this.locationUsed + "'", new Object[0]);
            }
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Fail to retrieve remote key: " + e2.getMessage(), new Object[0]);
            }
        }
        return getJwkFromJWKSet(this.locationUsed, str, str2, str3, str4, jwkKeyType);
    }

    private String logCWWKS6049E(String str, int i, String str2) {
        String formattedMessage = TraceNLS.getFormattedMessage(getClass(), "com.ibm.ws.security.jwt.internal.resources.JWTMessages", "JWT_JWK_RETRIEVE_FAILED", new Object[]{str, Integer.valueOf(i), str2}, "CWWKS6049E: A JSON Web Key (JWK) was not returned from the URL [" + str + "]. The response status was [" + i + "] and the content returned was [" + str2 + "].");
        Tr.error(tc, formattedMessage, new Object[0]);
        return formattedMessage;
    }

    @FFDCIgnore({SocialLoginWrapperException.class, IOException.class})
    protected String getHTTPRequestAsString(HttpClient httpClient, String str) throws Exception, IOException {
        try {
            return this.httpUtils.getHttpJsonRequest(httpClient, str);
        } catch (SocialLoginWrapperException e) {
            Throwable cause = e.getCause();
            if (cause == null || !(cause instanceof IOException)) {
                throw new Exception(logCWWKS6049E(str, e.getStatusCode(), e.getNlsMessage()), e);
            }
            throw ((IOException) cause);
        } catch (IOException e2) {
            logCWWKS6049E(str, 0, "IOException: " + e2.getMessage() + " " + e2.getCause());
            throw e2;
        }
    }

    public boolean parseJwk(@Sensitive String str, FileInputStream fileInputStream, JWKSet jWKSet, String str2) {
        boolean z = false;
        if (str != null) {
            z = parseKeyText(str, this.locationUsed, jWKSet, str2);
        } else if (fileInputStream != null) {
            z = parseKeyText(getKeyAsString(fileInputStream), this.locationUsed, jWKSet, str2);
        }
        return z;
    }

    protected boolean parseKeyText(@Sensitive String str, String str2, JWKSet jWKSet, String str3) {
        HashSet<JWK> hashSet = new HashSet();
        JWK jwk = null;
        if (isPEM(str) && isPemSupportedAlgorithm(str3)) {
            jwk = parsePEMFormat(str, str3);
        } else {
            JSONObject parseJsonObject = parseJsonObject(str);
            if (parseJsonObject != null) {
                jwk = parseJwkFormat(parseJsonObject, str3);
                if (jwk == null && parseJsonObject.containsKey(JWKS)) {
                    hashSet.addAll(parseJwksFormat(parseJsonObject, str3));
                }
            }
        }
        if (jwk != null) {
            hashSet.add(jwk);
        }
        for (JWK jwk2 : hashSet) {
            if (isPEM(str)) {
                this.jwkSet.addPemKey(str2, str, jwk);
            }
            if (str2 != null) {
                this.jwkSet.add(str2, jwk2);
            }
            if (str != null) {
                this.jwkSet.add(str, jwk2);
            }
        }
        return !hashSet.isEmpty();
    }

    boolean isPemSupportedAlgorithm(String str) {
        return KeyAlgorithmChecker.isRSAlgorithm(str) || KeyAlgorithmChecker.isESAlgorithm(str);
    }

    @FFDCIgnore({Exception.class})
    @Sensitive
    private JWK parsePEMFormat(@Sensitive String str, String str2) {
        PemKeyUtil.KeyType keyType;
        try {
            keyType = PemKeyUtil.getKeyType(str);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception parsing PEM file: " + e, new Object[0]);
            }
        }
        if (isPublicKeyJwk(keyType)) {
            return parsePublicKeyJwk(str, str2);
        }
        if (keyType == PemKeyUtil.KeyType.PRIVATE) {
            return parsePrivateKeyJwk(str, str2);
        }
        return null;
    }

    boolean isPublicKeyJwk(PemKeyUtil.KeyType keyType) {
        return keyType == PemKeyUtil.KeyType.RSA_PUBLIC || keyType == PemKeyUtil.KeyType.EC_PUBLIC || keyType == PemKeyUtil.KeyType.PUBLIC || keyType == PemKeyUtil.KeyType.UNKNOWN;
    }

    JWK parsePublicKeyJwk(String str, String str2) throws Exception {
        PublicKey publicKey = PemKeyUtil.getPublicKey(str);
        return KeyAlgorithmChecker.isESAlgorithm(str2) ? getEcJwkPublicKey(publicKey, str2) : getRsaJwkPublicKey(publicKey, str2);
    }

    @Sensitive
    JWK parsePrivateKeyJwk(@Sensitive String str, String str2) throws Exception {
        PrivateKey privateKey = PemKeyUtil.getPrivateKey(str);
        return KeyAlgorithmChecker.isESAlgorithm(str2) ? getEcJwkPrivateKey(privateKey, str2) : getRsaJwkPrivateKey(privateKey, str2);
    }

    @FFDCIgnore({Exception.class})
    private Jose4jEllipticCurveJWK getEcJwkPublicKey(PublicKey publicKey, String str) {
        if (!(publicKey instanceof ECPublicKey)) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Provided public key was not of type ECPublicKey", new Object[0]);
            return null;
        }
        Jose4jEllipticCurveJWK jose4jEllipticCurveJWK = null;
        try {
            jose4jEllipticCurveJWK = Jose4jEllipticCurveJWK.getInstance((ECPublicKey) publicKey, str, JwkConstants.sig);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception instantiating EC JWK object: " + e, new Object[0]);
            }
        }
        return jose4jEllipticCurveJWK;
    }

    @FFDCIgnore({Exception.class})
    @Sensitive
    private Jose4jEllipticCurveJWK getEcJwkPrivateKey(@Sensitive PrivateKey privateKey, String str) {
        if (!(privateKey instanceof ECPrivateKey)) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Provided private key was not of type ECPrivateKey", new Object[0]);
            return null;
        }
        Jose4jEllipticCurveJWK jose4jEllipticCurveJWK = null;
        try {
            jose4jEllipticCurveJWK = Jose4jEllipticCurveJWK.getInstance(null, str, JwkConstants.sig);
            jose4jEllipticCurveJWK.setPrivateKey(privateKey);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception instantiating EC JWK object: " + e, new Object[0]);
            }
        }
        return jose4jEllipticCurveJWK;
    }

    @FFDCIgnore({Exception.class})
    private Jose4jRsaJWK getRsaJwkPublicKey(PublicKey publicKey, String str) {
        Jose4jRsaJWK jose4jRsaJWK = null;
        try {
            jose4jRsaJWK = new Jose4jRsaJWK((RSAPublicKey) publicKey);
            jose4jRsaJWK.setAlgorithm(str);
            jose4jRsaJWK.setUse(JwkConstants.sig);
        } catch (Exception e) {
        }
        return jose4jRsaJWK;
    }

    @FFDCIgnore({Exception.class})
    @Sensitive
    private Jose4jRsaJWK getRsaJwkPrivateKey(@Sensitive PrivateKey privateKey, String str) {
        Jose4jRsaJWK jose4jRsaJWK = null;
        try {
            jose4jRsaJWK = Jose4jRsaJWK.getInstance(str, null, null, privateKey, null);
        } catch (Exception e) {
        }
        return jose4jRsaJWK;
    }

    @Sensitive
    private JWK parseJwkFormat(@Sensitive JSONObject jSONObject, String str) {
        Object obj = jSONObject.get(JwkConstants.kty);
        if (obj == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "JSON object is missing 'kty' entry", new Object[0]);
            return null;
        }
        if (!(obj instanceof String)) {
            return null;
        }
        JWK createJwkBasedOnKty = createJwkBasedOnKty((String) obj, jSONObject, str);
        if (createJwkBasedOnKty != null) {
            createJwkBasedOnKty.parse();
        }
        return createJwkBasedOnKty;
    }

    @Sensitive
    private Set<JWK> parseJwksFormat(@Sensitive JSONObject jSONObject, String str) {
        JWK parseJwkFormat;
        Set<JWK> emptySet = Collections.emptySet();
        new JSONArray();
        Object obj = jSONObject.get(JWKS);
        if (obj != null) {
            emptySet = new HashSet();
            Iterator it = parseJsonArray(obj.toString()).iterator();
            while (it.hasNext()) {
                JSONObject parseJsonObject = parseJsonObject(it.next().toString());
                if (parseJsonObject != null && (parseJwkFormat = parseJwkFormat(parseJsonObject, str)) != null) {
                    emptySet.add(parseJwkFormat);
                }
            }
        }
        return emptySet;
    }

    @FFDCIgnore({Exception.class})
    @Sensitive
    JSONObject parseJsonObject(@Sensitive String str) {
        JSONObject jSONObject = null;
        if (str == null) {
            return null;
        }
        String trim = str.trim();
        try {
            if (!trim.startsWith(JSON_START)) {
                trim = new String(Base64.decodeBase64(trim), "UTF-8");
            }
            jSONObject = JSONObject.parse(trim);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception parsing JSON string [" + trim + "]: " + e, new Object[0]);
            }
        }
        return jSONObject;
    }

    @FFDCIgnore({Exception.class})
    @Sensitive
    JSONObject parseJsonObject(InputStream inputStream) {
        JSONObject jSONObject = null;
        try {
            jSONObject = JSONObject.parse(inputStream);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception parsing input stream [" + inputStream.toString() + "]: " + e, new Object[0]);
            }
        }
        return jSONObject;
    }

    @FFDCIgnore({Exception.class})
    @Sensitive
    JSONArray parseJsonArray(@Sensitive String str) {
        JSONArray jSONArray = null;
        try {
            jSONArray = JSONArray.parse(str);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception parsing JSON string [" + str + "]: " + e, new Object[0]);
            }
        }
        return jSONArray;
    }

    @Sensitive
    JWK createJwkBasedOnKty(String str, @Sensitive JSONObject jSONObject, String str2) {
        JWK jwk = null;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "kty of JWK is '" + str + "'", new Object[0]);
        }
        if ("RSA".equalsIgnoreCase(str)) {
            jwk = getRsaJwk(jSONObject);
        } else if (JwkConstants.EC.equalsIgnoreCase(str)) {
            jwk = getEllipticCurveJwk(jSONObject, str2);
        }
        return jwk;
    }

    @Sensitive
    JWK getRsaJwk(@Sensitive JSONObject jSONObject) {
        return Jose4jRsaJWK.getInstance(jSONObject);
    }

    @Sensitive
    JWK getEllipticCurveJwk(@Sensitive JSONObject jSONObject, String str) {
        if (str == null || !str.startsWith("ES")) {
            return null;
        }
        return Jose4jEllipticCurveJWK.getInstance(jSONObject);
    }

    protected JSSEHelper getJSSEHelper(SSLSupport sSLSupport) throws SSLException {
        if (sSLSupport != null) {
            return sSLSupport.getJSSEHelper();
        }
        return null;
    }

    @FFDCIgnore({NoSSLSocketFactoryException.class})
    protected SSLSocketFactory getSSLSocketFactory(String str, String str2, SSLSupport sSLSupport) throws SSLException {
        SSLSocketFactory sSLSocketFactory = null;
        try {
            sSLSocketFactory = isdefaultssl() ? SecuritySSLUtils.getSSLSocketFactory(sSLSupport) : SecuritySSLUtils.getSSLSocketFactory(sSLSupport, str2);
        } catch (NoSSLSocketFactoryException e) {
            if (str != null && str.startsWith("https")) {
                throw new SSLException(Tr.formatMessage(tc, "JWT_HTTPS_WITH_SSLCONTEXT_NULL", new Object[]{"Null ssl socket factory", this.configId}));
            }
        } catch (javax.net.ssl.SSLException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.common.jwk.impl.JwKRetriever", "783", this, new Object[]{str, str2, sSLSupport});
            throw new SSLException(e2);
        }
        return sSLSocketFactory;
    }

    public HttpClient createHTTPClient(SSLSocketFactory sSLSocketFactory, String str, boolean z, boolean z2) {
        HttpClient createHttpClient;
        if (this.jwkClientId == null || this.jwkClientSecret == null) {
            createHttpClient = this.httpUtils.createHttpClient(sSLSocketFactory, str, z, z2, (BasicCredentialsProvider) null);
        } else {
            createHttpClient = this.httpUtils.createHttpClient(sSLSocketFactory, str, z, z2, this.httpUtils.createCredentialsProvider(this.jwkClientId, this.jwkClientSecret));
        }
        return createHttpClient;
    }
}
