package bluecrystal.service.jwt;

import bluecrystal.service.service.ServiceFacade;
import com.auth0.jwt.JWTAlgorithmException;
import com.auth0.jwt.internal.org.apache.commons.lang3.StringUtils;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.JsonNodeFactory;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:bluecrystal/service/jwt/AppJWTSigner.class */
public class AppJWTSigner {
    private byte[] secret;
    private PrivateKey privateKey;
    protected static final AppAlgorithm DEFAULT_ALGORITHM = AppAlgorithm.HS256;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: bluecrystal.service.jwt.AppJWTSigner$1, reason: invalid class name */
    /* loaded from: input_file:bluecrystal/service/jwt/AppJWTSigner$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$bluecrystal$service$jwt$AppAlgorithm = new int[AppAlgorithm.values().length];

        static {
            try {
                $SwitchMap$bluecrystal$service$jwt$AppAlgorithm[AppAlgorithm.HS256.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$bluecrystal$service$jwt$AppAlgorithm[AppAlgorithm.HS384.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$bluecrystal$service$jwt$AppAlgorithm[AppAlgorithm.HS512.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$bluecrystal$service$jwt$AppAlgorithm[AppAlgorithm.RS256.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$bluecrystal$service$jwt$AppAlgorithm[AppAlgorithm.RS384.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$bluecrystal$service$jwt$AppAlgorithm[AppAlgorithm.RS512.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    public AppJWTSigner(String str) {
        this.secret = str.getBytes();
    }

    public AppJWTSigner(byte[] bArr) {
        this.secret = bArr;
    }

    public AppJWTSigner(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    public String sign(Map<String, Object> map, AppAlgorithm appAlgorithm) throws Exception {
        String preSign = preSign(map, appAlgorithm);
        return postSign(signByAlg(preSign, appAlgorithm), preSign);
    }

    public String preSign(Map<String, Object> map, AppAlgorithm appAlgorithm) {
        AppAlgorithm appAlgorithm2 = appAlgorithm != null ? appAlgorithm : DEFAULT_ALGORITHM;
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.add(encodedHeader(appAlgorithm2));
            arrayList.add(encodedPayload(map));
            return join(arrayList, ".");
        } catch (Exception e) {
            throw new RuntimeException(e.getCause());
        }
    }

    public String postSign(byte[] bArr, String str) {
        ArrayList arrayList = new ArrayList();
        try {
            String postEncodedSignature = postEncodedSignature(bArr);
            arrayList.add(str);
            arrayList.add(postEncodedSignature);
            return join(arrayList, ".");
        } catch (Exception e) {
            throw new RuntimeException(e.getCause());
        }
    }

    private String encodedHeader(AppAlgorithm appAlgorithm) throws UnsupportedEncodingException {
        ObjectNode objectNode = JsonNodeFactory.instance.objectNode();
        objectNode.put("typ", "JWT");
        objectNode.put("alg", appAlgorithm.name());
        return base64UrlEncode(objectNode.toString().getBytes("UTF-8"));
    }

    private String encodedPayload(Map<String, Object> map) throws IOException {
        return base64UrlEncode(new ObjectMapper().writeValueAsString(new HashMap(map)).getBytes("UTF-8"));
    }

    private String base64UrlEncode(byte[] bArr) {
        return new String(Base64.encodeBase64URLSafe(bArr));
    }

    private String join(List<String> list, String str) {
        return StringUtils.join(list.iterator(), str);
    }

    public byte[] signByAlg(String str, AppAlgorithm appAlgorithm) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException, JWTAlgorithmException {
        switch (AnonymousClass1.$SwitchMap$bluecrystal$service$jwt$AppAlgorithm[appAlgorithm.ordinal()]) {
            case ServiceFacade.NDX_SHA224 /* 1 */:
            case ServiceFacade.NDX_SHA256 /* 2 */:
            case ServiceFacade.NDX_SHA384 /* 3 */:
                return signHmac(appAlgorithm, str, this.secret);
            case ServiceFacade.NDX_SHA512 /* 4 */:
            case 5:
            case 6:
                return signRs(appAlgorithm, str, this.privateKey);
            default:
                throw new JWTAlgorithmException("Unsupported signing method");
        }
    }

    private String postEncodedSignature(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException, JWTAlgorithmException {
        return base64UrlEncode(bArr);
    }

    private static byte[] signHmac(AppAlgorithm appAlgorithm, String str, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance(appAlgorithm.getValue());
        mac.init(new SecretKeySpec(bArr, appAlgorithm.getValue()));
        return mac.doFinal(str.getBytes());
    }

    private static byte[] signRs(AppAlgorithm appAlgorithm, String str, PrivateKey privateKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        byte[] bytes = str.getBytes();
        Signature signature = Signature.getInstance(appAlgorithm.getValue(), "BC");
        signature.initSign(privateKey);
        signature.update(bytes);
        return signature.sign();
    }
}
