package com.ibm.ws.security.openidconnect.token;

import com.google.gson.Gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonPrimitive;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.openidconnect.clients.common.OidcUtil;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.StringUtils;
import org.joda.time.Duration;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.jose4j.jwt.consumer.JwtContext;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/openidconnect/token/JsonTokenUtil.class */
public class JsonTokenUtil {
    public static final String DELIMITER = ".";
    public static final long DEFAULT_SKEW_IN_SECONDS = 180;
    static final long serialVersionUID = 3330392006565442240L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(JsonTokenUtil.class, "OpenIdConnect", "com.ibm.ws.security.openidconnect.common.internal.resources.OidcCommonMessages");
    public static final Duration SKEW = Duration.standardMinutes(3);

    public static String toBase64(JsonObject jsonObject) {
        return convertToBase64(toJson(jsonObject));
    }

    public static String toJson(JsonObject jsonObject) {
        return new Gson().toJson(jsonObject);
    }

    public static String toJsonFromObj(Object obj) {
        return new Gson().toJson(obj);
    }

    public static String convertToBase64(String str) {
        return Base64.encodeBase64URLSafeString(StringUtils.getBytesUtf8(str));
    }

    public static String decodeFromBase64String(String str) {
        return new String(Base64.decodeBase64(str));
    }

    public static String fromBase64ToJsonString(String str) {
        return StringUtils.newStringUtf8(Base64.decodeBase64(str));
    }

    public static String toDotFormat(String... strArr) {
        StringBuffer stringBuffer = new StringBuffer();
        if (strArr != null) {
            for (int i = 0; i < strArr.length; i++) {
                if (i > 0 && i < strArr.length) {
                    stringBuffer.append(DELIMITER);
                }
                String str = strArr[i];
                stringBuffer.append(str == null ? "" : str);
            }
        }
        return stringBuffer.toString();
    }

    public static boolean isCurrentTimeInInterval(long j, long j2, long j3) {
        long j4 = j * 1000;
        long currentTimeMillis = System.currentTimeMillis();
        return (((currentTimeMillis + j4) > j2 ? 1 : ((currentTimeMillis + j4) == j2 ? 0 : -1)) > 0) && (((currentTimeMillis - j4) > j3 ? 1 : ((currentTimeMillis - j4) == j3 ? 0 : -1)) < 0);
    }

    public static String[] splitTokenString(String str) {
        boolean z = false;
        if (str.endsWith(DELIMITER)) {
            z = true;
        }
        String[] split = str.split(Pattern.quote(DELIMITER));
        if (z || split.length == 3) {
            return split;
        }
        throw new IllegalStateException("Expected JWT to have 3 segments separated by '.', but it has " + split.length + " segments");
    }

    public static WSJsonToken deserialize(String[] strArr, String str) {
        String str2 = strArr[0];
        String str3 = strArr[1];
        JsonParser jsonParser = new JsonParser();
        return new WSJsonToken(jsonParser.parse(fromBase64ToJsonString(str2)).getAsJsonObject(), jsonParser.parse(fromBase64ToJsonString(str3)).getAsJsonObject(), SKEW, str);
    }

    public static void fromJsonToken(WSJsonToken wSJsonToken, JWTPayload jWTPayload) {
        JsonObject payload;
        if (wSJsonToken == null || jWTPayload == null || (payload = wSJsonToken.getPayload()) == null) {
            return;
        }
        for (Map.Entry entry : payload.entrySet()) {
            String str = (String) entry.getKey();
            JsonElement jsonElement = (JsonElement) entry.getValue();
            if (jsonElement.isJsonPrimitive()) {
                jWTPayload.put(str, getJsonPrimitive(jsonElement.getAsJsonPrimitive()));
            } else if (jsonElement.isJsonArray()) {
                jWTPayload.put(str, createListFromJsonArray(jsonElement.getAsJsonArray()));
            } else if (jsonElement.isJsonObject()) {
                jWTPayload.put(str, createMapFromJsonObject(jsonElement.getAsJsonObject()));
            } else {
                jWTPayload.put(str, jsonElement);
            }
        }
    }

    public static void fromJsonToken(WSJsonToken wSJsonToken, JWSHeader jWSHeader) {
        JsonObject header;
        if (wSJsonToken == null || jWSHeader == null || (header = wSJsonToken.getHeader()) == null) {
            return;
        }
        for (Map.Entry entry : header.entrySet()) {
            String str = (String) entry.getKey();
            JsonElement jsonElement = (JsonElement) entry.getValue();
            if (jsonElement.isJsonPrimitive()) {
                if (jsonElement.getAsJsonPrimitive().isString()) {
                    addToHeaderFields(jWSHeader, str, jsonElement.getAsString());
                }
                jWSHeader.put(str, getJsonPrimitive(jsonElement.getAsJsonPrimitive()));
            } else if (jsonElement.isJsonArray()) {
                JsonArray asJsonArray = jsonElement.getAsJsonArray();
                ArrayList arrayList = new ArrayList();
                for (int i = 0; i < asJsonArray.size(); i++) {
                    JsonElement jsonElement2 = asJsonArray.get(i);
                    if (jsonElement2.isJsonPrimitive() && jsonElement2.getAsJsonPrimitive().isString()) {
                        arrayList.add(jsonElement2.getAsString());
                    }
                }
                jWSHeader.put(str, arrayList);
                addToHeaderFields(jWSHeader, str, arrayList);
            } else if (((JsonElement) entry.getValue()).isJsonObject()) {
            }
        }
    }

    public static void addToHeaderFields(JWSHeader jWSHeader, String str, String str2) {
        switch (AnonymousClass1.$SwitchMap$com$ibm$ws$security$openidconnect$token$HeaderParameter[HeaderParameter.valueOf(str.toUpperCase()).ordinal()]) {
            case 1:
                jWSHeader.setType(str2);
                return;
            case 2:
                jWSHeader.setContentType(str2);
                return;
            case 3:
                jWSHeader.setAlgorithm(str2);
                return;
            case 4:
                jWSHeader.setJwkUrl(str2);
                return;
            case 5:
                jWSHeader.setJwk(str2);
                return;
            case 6:
                jWSHeader.setKeyId(str2);
                return;
            case 7:
                jWSHeader.setX509Url(str2);
                return;
            case 8:
                jWSHeader.setX509Thumbprint(str2);
                return;
            case OidcUtil.RANDOM_LENGTH /* 9 */:
                jWSHeader.setX509Certificate(str2);
                return;
            default:
                return;
        }
    }

    public static void addToHeaderFields(JWSHeader jWSHeader, String str, List<String> list) {
        switch (HeaderParameter.valueOf(str.toUpperCase())) {
            case CRIT:
                jWSHeader.setCritical(list);
                return;
            default:
                return;
        }
    }

    public static JWTPayload getPayload(String str) {
        JWTPayload jWTPayload = null;
        String[] splitTokenString = splitTokenString(str);
        if (splitTokenString.length >= 2) {
            WSJsonToken deserialize = deserialize(splitTokenString, str);
            jWTPayload = new JWTPayload();
            fromJsonToken(deserialize, jWTPayload);
        }
        return jWTPayload;
    }

    protected static String getElement(JWTPayload jWTPayload, String str) {
        String str2 = null;
        if (jWTPayload != null) {
            Object obj = jWTPayload.get(str);
            if (obj instanceof String) {
                str2 = (String) obj;
            } else if ((obj instanceof List) && ((List) obj).size() == 1) {
                str2 = (String) ((List) obj).get(0);
            }
        }
        return str2;
    }

    public static String getAud(JWTPayload jWTPayload) {
        return getElement(jWTPayload, "aud");
    }

    public static String getIss(JWTPayload jWTPayload) {
        return getElement(jWTPayload, "iss");
    }

    public static String getSub(JWTPayload jWTPayload) {
        return getElement(jWTPayload, "sub");
    }

    private JsonTokenUtil() {
    }

    public static String accessTokenHash(@Sensitive String str) {
        byte[] digest;
        byte[] bytes = Base64Coder.getBytes(str);
        byte[] bArr = new byte[16];
        String str2 = null;
        MessageDigest messageDigest = null;
        try {
            messageDigest = MessageDigest.getInstance("SHA-256");
        } catch (NoSuchAlgorithmException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.openidconnect.token.JsonTokenUtil", "316", (Object) null, new Object[]{"<sensitive java.lang.String>"});
        }
        if (messageDigest != null && (digest = messageDigest.digest(bytes)) != null) {
            System.arraycopy(digest, 0, bArr, 0, 16);
            str2 = Base64.encodeBase64URLSafeString(bArr);
        }
        return str2;
    }

    public static void validateTokenString(String str, String str2, @Sensitive Key key, long j, boolean z) throws InvalidJwtException {
        AlgorithmConstraints algorithmConstraints = new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, new String[]{str2});
        JwtContext process = new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().build().process(str);
        JwtConsumerBuilder skipDefaultAudienceValidation = new JwtConsumerBuilder().setVerificationKey(key).setJwsAlgorithmConstraints(algorithmConstraints).setRelaxVerificationKeyValidation().setSkipDefaultAudienceValidation();
        if (z) {
            skipDefaultAudienceValidation.setSkipAllValidators();
        } else {
            if (j > 2147483647L) {
                j = 2147483647L;
            }
            skipDefaultAudienceValidation = skipDefaultAudienceValidation.setAllowedClockSkewInSeconds((int) j);
        }
        skipDefaultAudienceValidation.build().processContext(process);
    }

    static Object getJsonPrimitive(JsonPrimitive jsonPrimitive) {
        return jsonPrimitive == null ? jsonPrimitive : jsonPrimitive.isNumber() ? getJsonPrimitiveNumber(jsonPrimitive) : jsonPrimitive.isString() ? jsonPrimitive.getAsString() : jsonPrimitive.isBoolean() ? Boolean.valueOf(jsonPrimitive.getAsBoolean()) : jsonPrimitive;
    }

    static Number getJsonPrimitiveNumber(JsonPrimitive jsonPrimitive) {
        long asLong = jsonPrimitive.getAsLong();
        double asDouble = jsonPrimitive.getAsDouble();
        return ((double) asLong) < asDouble ? Double.valueOf(asDouble) : Long.valueOf(asLong);
    }

    static List<Object> createListFromJsonArray(JsonArray jsonArray) {
        if (jsonArray == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < jsonArray.size(); i++) {
            JsonElement jsonElement = jsonArray.get(i);
            if (jsonElement.isJsonPrimitive()) {
                arrayList.add(getJsonPrimitive(jsonElement.getAsJsonPrimitive()));
            } else if (jsonElement.isJsonArray()) {
                arrayList.add(createListFromJsonArray(jsonElement.getAsJsonArray()));
            } else if (jsonElement.isJsonObject()) {
                arrayList.add(createMapFromJsonObject(jsonElement.getAsJsonObject()));
            } else {
                arrayList.add(jsonElement);
            }
        }
        return arrayList;
    }

    static Map<String, Object> createMapFromJsonObject(JsonObject jsonObject) {
        if (jsonObject == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        for (Map.Entry entry : jsonObject.entrySet()) {
            String str = (String) entry.getKey();
            JsonElement jsonElement = (JsonElement) entry.getValue();
            if (jsonElement.isJsonPrimitive()) {
                hashMap.put(str, getJsonPrimitive(jsonElement.getAsJsonPrimitive()));
            } else if (jsonElement.isJsonArray()) {
                hashMap.put(str, createListFromJsonArray(jsonElement.getAsJsonArray()));
            } else if (jsonElement.isJsonObject()) {
                hashMap.put(str, createMapFromJsonObject(jsonElement.getAsJsonObject()));
            } else {
                hashMap.put(str, jsonElement);
            }
        }
        return hashMap;
    }
}
