package com.ibm.ws.security.oauth20.plugins.jose4j;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.webcontainer.security.openidconnect.JSONWebKey;
import com.ibm.ws.webcontainer.security.openidconnect.OidcServerConfig;
import java.security.Key;
import java.security.interfaces.RSAPrivateKey;
import org.jose4j.keys.HmacKey;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.oauth.2.0_1.1.20.jar:com/ibm/ws/security/oauth20/plugins/jose4j/JWTData.class */
public class JWTData {
    private static final String SIGNATURE_ALG_HS256 = "HS256";
    private static final String SIGNATURE_ALG_RS256 = "RS256";
    private static TraceComponent tc = Tr.register((Class<?>) JWTData.class, "OAUTH", "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages");
    public static final String TYPE_ID_TOKEN = "ID Token";
    public static final String TYPE_JWT_TOKEN = "Json Web Token";
    boolean bIdToken;
    boolean bJwtToken;
    private Key _signingKey;
    private String _keyId;
    OidcServerConfig oidcServerConfig;
    String tokenType;
    String signatureAlgorithm;
    JWTTokenException noKeyException;
    static final long serialVersionUID = -7285187860255002214L;

    public JWTData(@Sensitive String str, OidcServerConfig oidcServerConfig, String str2) {
        this.bIdToken = false;
        this.bJwtToken = false;
        this._signingKey = null;
        this._keyId = null;
        this.oidcServerConfig = null;
        this.tokenType = TYPE_ID_TOKEN;
        this.signatureAlgorithm = null;
        this.noKeyException = null;
        this.oidcServerConfig = oidcServerConfig;
        this.tokenType = str2;
        this.signatureAlgorithm = oidcServerConfig.getSignatureAlgorithm();
        this.bIdToken = TYPE_ID_TOKEN.equals(str2);
        this.bJwtToken = TYPE_JWT_TOKEN.equals(str2);
        initSigningKey(str);
    }

    @FFDCIgnore({Exception.class})
    @Sensitive
    protected void initSigningKey(@Sensitive String str) {
        try {
            if (this.oidcServerConfig.isJwkEnabled() && "RS256".equals(this.signatureAlgorithm)) {
                JSONWebKey jSONWebKey = this.oidcServerConfig.getJSONWebKey();
                this._signingKey = jSONWebKey.getPrivateKey();
                this._keyId = jSONWebKey.getKeyID();
            } else if ("HS256".equals(this.signatureAlgorithm)) {
                this._signingKey = new HmacKey(str.getBytes("UTF-8"));
            } else if ("RS256".equals(this.signatureAlgorithm)) {
                this._signingKey = this.oidcServerConfig.getPrivateKey();
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "RSAPrivateKey: " + (this._signingKey instanceof RSAPrivateKey), new Object[0]);
                }
                if (!(this._signingKey instanceof RSAPrivateKey)) {
                    this.noKeyException = JWTTokenException.newInstance(false, "JWT_BAD_SIGNING_KEY", new Object[]{this.signatureAlgorithm, Tr.formatMessage(tc, "SIGNING_KEY_NOT_RSA", this.signatureAlgorithm)});
                    this._signingKey = null;
                }
            }
        } catch (Exception e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception obtaining the signing key: " + e, new Object[0]);
            }
            this.noKeyException = JWTTokenException.newInstance(false, "JWT_BAD_SIGNING_KEY", new Object[]{this.signatureAlgorithm, e.getLocalizedMessage()});
        }
    }

    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    @Sensitive
    public JWTData(Key key, String str) {
        this.bIdToken = false;
        this.bJwtToken = false;
        this._signingKey = null;
        this._keyId = null;
        this.oidcServerConfig = null;
        this.tokenType = TYPE_ID_TOKEN;
        this.signatureAlgorithm = null;
        this.noKeyException = null;
        this._signingKey = key;
        this._keyId = str;
    }

    @Sensitive
    public Key getSigningKey() {
        return this._signingKey;
    }

    public String getKeyID() {
        return this._keyId;
    }

    public String getTokenType() {
        return this.tokenType;
    }

    public JWTTokenException getNoKeyException() {
        return this.noKeyException != null ? this.noKeyException : new JWTTokenException("No signing key found");
    }

    public boolean isJwt() {
        return this.bJwtToken;
    }
}
