package com.sap.cloud.security.test;

import com.sap.cloud.security.config.Service;
import com.sap.cloud.security.json.JsonObject;
import com.sap.cloud.security.json.JsonParsingException;
import com.sap.cloud.security.token.SapIdToken;
import com.sap.cloud.security.token.Token;
import com.sap.cloud.security.token.XsuaaToken;
import com.sap.cloud.security.token.validation.validators.JwtSignatureAlgorithm;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.GregorianCalendar;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import org.apache.commons.io.IOUtils;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sap/cloud/security/test/JwtGenerator.class */
public class JwtGenerator {
    public static final String DEFAULT_KEY_ID = "default-kid";
    public static final String DEFAULT_KEY_ID_IAS = "default-kid-ias";
    public static final String DEFAULT_ZONE_ID = "the-zone-id";
    public static final String DEFAULT_USER_ID = "the-user-id";
    private static final String DEFAULT_JWKS_URL = "http://localhost/token_keys";
    private static final char DOT = '.';
    private SignatureCalculator signatureCalculator;
    private Service service;
    private JwtSignatureAlgorithm signatureAlgorithm;
    private String appId;
    public static final Instant NO_EXPIRE_DATE = new GregorianCalendar(2190, 11, 31).getTime().toInstant();
    private static final Logger LOGGER = LoggerFactory.getLogger(JwtGenerator.class);
    private final JSONObject jsonHeader = new JSONObject();
    private final JSONObject jsonPayload = new JSONObject();
    private PrivateKey privateKey = RSAKeys.generate().getPrivate();
    private List<String> scopes = new ArrayList();
    private List<String> localScopes = new ArrayList();

    /* renamed from: com.sap.cloud.security.test.JwtGenerator$1, reason: invalid class name */
    /* loaded from: input_file:com/sap/cloud/security/test/JwtGenerator$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$sap$cloud$security$config$Service = new int[Service.values().length];

        static {
            try {
                $SwitchMap$com$sap$cloud$security$config$Service[Service.IAS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$sap$cloud$security$config$Service[Service.XSUAA.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/sap/cloud/security/test/JwtGenerator$SignatureCalculator.class */
    public interface SignatureCalculator {
        byte[] calculateSignature(PrivateKey privateKey, JwtSignatureAlgorithm jwtSignatureAlgorithm, byte[] bArr) throws InvalidKeyException, SignatureException, NoSuchAlgorithmException;
    }

    private JwtGenerator(Service service, SignatureCalculator signatureCalculator) {
        this.service = service;
        this.signatureCalculator = signatureCalculator;
        predefineTokenClaims();
    }

    public static JwtGenerator getInstance(Service service, String str) {
        JwtGenerator jwtGenerator = new JwtGenerator(service, JwtGenerator::calculateSignature);
        jwtGenerator.setDefaultsForNewToken(str);
        return jwtGenerator;
    }

    public static JwtGenerator getInstanceFromFile(Service service, String str) {
        return new JwtGenerator(service, JwtGenerator::calculateSignature).fromFile(str);
    }

    static JwtGenerator getInstance(Service service, SignatureCalculator signatureCalculator) {
        JwtGenerator jwtGenerator = new JwtGenerator(service, signatureCalculator);
        jwtGenerator.setDefaultsForNewToken("client-id-not-relevant-here");
        return jwtGenerator;
    }

    private JwtGenerator fromFile(String str) {
        JSONObject createJsonObject = createJsonObject(read(str));
        JSONObject optJSONObject = createJsonObject.optJSONObject("header");
        copyJsonProperties(filterPayload(createJsonObject.optJSONObject("payload")), this.jsonPayload);
        copyJsonProperties(filterHeader(optJSONObject), this.jsonHeader);
        this.signatureAlgorithm = extractAlgorithm(this.jsonHeader).orElse(JwtSignatureAlgorithm.RS256);
        return this;
    }

    private void setDefaultsForNewToken(String str) {
        this.signatureAlgorithm = JwtSignatureAlgorithm.RS256;
        withHeaderParameter("alg", JwtSignatureAlgorithm.RS256.value());
        withClaimValue("azp", str);
        withClaimValue("cid", str);
        if (this.service == Service.IAS) {
            this.jsonPayload.put("aud", str);
            this.jsonPayload.put("zone_uuid", DEFAULT_ZONE_ID);
            this.jsonPayload.put("user_uuid", DEFAULT_USER_ID);
        } else {
            withClaimValue("cid", str);
            this.jsonPayload.put("aud", (Collection) Arrays.asList(str));
            this.jsonPayload.put("zid", DEFAULT_ZONE_ID);
            this.jsonPayload.put("ext_attr", createJsonObject("{\"enhancer\" : \"XSUAA\"} "));
        }
    }

    private void predefineTokenClaims() {
        withExpiration(NO_EXPIRE_DATE);
        if (this.service == Service.IAS) {
            withHeaderParameter("kid", DEFAULT_KEY_ID_IAS);
        }
        if (this.service == Service.XSUAA) {
            withHeaderParameter("kid", DEFAULT_KEY_ID);
            withHeaderParameter("jku", DEFAULT_JWKS_URL);
        }
    }

    public JwtGenerator withHeaderParameter(String str, String str2) {
        this.jsonHeader.put(str, str2);
        return this;
    }

    public JwtGenerator withClaimValue(String str, String str2) {
        this.jsonPayload.put(str, str2);
        return this;
    }

    public JwtGenerator withClaimValue(String str, JsonObject jsonObject) {
        try {
            this.jsonPayload.put(str, new JSONObject(jsonObject.asJsonString()));
            return this;
        } catch (JSONException e) {
            throw new JsonParsingException(e.getMessage());
        }
    }

    public JwtGenerator withClaimValues(String str, String... strArr) {
        this.jsonPayload.put(str, strArr);
        return this;
    }

    public JwtGenerator withClaimsFromFile(String str) throws IOException {
        copyJsonProperties(createJsonObject(read(str)), this.jsonPayload);
        return this;
    }

    public JwtGenerator withExpiration(@Nonnull Instant instant) {
        this.jsonPayload.put("exp", instant.getEpochSecond());
        return this;
    }

    public JwtGenerator withSignatureAlgorithm(JwtSignatureAlgorithm jwtSignatureAlgorithm) {
        if (jwtSignatureAlgorithm != JwtSignatureAlgorithm.RS256) {
            throw new UnsupportedOperationException(jwtSignatureAlgorithm + " is not supported yet");
        }
        this.signatureAlgorithm = jwtSignatureAlgorithm;
        return this;
    }

    public JwtGenerator withPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
        return this;
    }

    public JwtGenerator withScopes(String... strArr) {
        if (this.service != Service.XSUAA) {
            throw new UnsupportedOperationException("Scopes are not supported for service " + this.service);
        }
        this.scopes = Arrays.asList(strArr);
        putScopesInJsonPayload();
        return this;
    }

    public JwtGenerator withLocalScopes(String... strArr) {
        if (this.appId == null) {
            throw new IllegalStateException("Cannot create local scopes because appId has not been set!");
        }
        if (this.service != Service.XSUAA) {
            throw new UnsupportedOperationException("Scopes are not supported for service " + this.service);
        }
        this.localScopes = (List) Stream.of((Object[]) strArr).map(str -> {
            return this.appId + "." + str;
        }).collect(Collectors.toList());
        putScopesInJsonPayload();
        return this;
    }

    public JwtGenerator withAppId(String str) {
        this.appId = str;
        return this;
    }

    public Token createToken() {
        if (this.privateKey == null) {
            throw new IllegalStateException("Private key was not set!");
        }
        switch (AnonymousClass1.$SwitchMap$com$sap$cloud$security$config$Service[this.service.ordinal()]) {
            case 1:
                return new SapIdToken(createTokenAsString());
            case 2:
                return new XsuaaToken(createTokenAsString());
            default:
                throw new UnsupportedOperationException("Identity Service " + this.service + " is not supported.");
        }
    }

    private JSONObject filterPayload(JSONObject jSONObject) {
        if (jSONObject != null) {
            jSONObject.remove("exp");
            jSONObject.remove("iss");
        }
        return jSONObject;
    }

    private JSONObject filterHeader(JSONObject jSONObject) {
        if (jSONObject != null) {
            jSONObject.remove("jku");
            jSONObject.remove("kid");
        }
        return jSONObject;
    }

    private void copyJsonProperties(JSONObject jSONObject, JSONObject jSONObject2) {
        if (jSONObject != null) {
            for (String str : jSONObject.keySet()) {
                jSONObject2.put(str, jSONObject.get(str));
            }
        }
    }

    private JSONObject createJsonObject(String str) {
        try {
            return new JSONObject(str);
        } catch (JSONException e) {
            throw new JsonParsingException(e.getMessage());
        }
    }

    private void putScopesInJsonPayload() {
        this.jsonPayload.put("scope", (Collection) Stream.concat(this.localScopes.stream(), this.scopes.stream()).collect(Collectors.toList()));
    }

    private String createTokenAsString() {
        String str = base64Encode(this.jsonHeader.toString().getBytes()) + '.' + base64Encode(this.jsonPayload.toString().getBytes());
        return str + '.' + calculateSignature(str);
    }

    private static byte[] calculateSignature(PrivateKey privateKey, JwtSignatureAlgorithm jwtSignatureAlgorithm, byte[] bArr) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        Signature signature = Signature.getInstance(jwtSignatureAlgorithm.javaSignature());
        signature.initSign(privateKey);
        signature.update(bArr);
        return signature.sign();
    }

    private String calculateSignature(String str) {
        try {
            return base64Encode(this.signatureCalculator.calculateSignature(this.privateKey, this.signatureAlgorithm, str.getBytes()));
        } catch (InvalidKeyException e) {
            LOGGER.error("Invalid private key.");
            throw new UnsupportedOperationException(e);
        } catch (NoSuchAlgorithmException e2) {
            LOGGER.error("Algorithm '{}' not found.", this.signatureAlgorithm.javaSignature());
            throw new UnsupportedOperationException(e2);
        } catch (SignatureException e3) {
            LOGGER.error("Error creating JWT signature.");
            throw new UnsupportedOperationException(e3);
        }
    }

    private String base64Encode(byte[] bArr) {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }

    private String read(String str) {
        try {
            return IOUtils.resourceToString(str, StandardCharsets.UTF_8);
        } catch (IOException e) {
            throw new IllegalArgumentException("Error reading resource file: " + e.getMessage());
        }
    }

    private Optional<JwtSignatureAlgorithm> extractAlgorithm(JSONObject jSONObject) {
        if (jSONObject == null || !jSONObject.has("alg")) {
            return Optional.empty();
        }
        String string = jSONObject.getString("alg");
        JwtSignatureAlgorithm fromValue = JwtSignatureAlgorithm.fromValue(string);
        if (fromValue == null) {
            throw new UnsupportedOperationException(String.format("Algorithm %s of token not supported!", string));
        }
        return Optional.of(fromValue);
    }
}
