package cn.authing.internal;

import com.alibaba.fastjson.JSON;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.math.BigInteger;
import java.net.URL;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Iterator;
import javax.net.ssl.HttpsURLConnection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cn/authing/internal/Jwk.class */
public class Jwk {
    private static final Logger logger = LoggerFactory.getLogger(Jwk.class);
    private ArrayList<Key> keys;
    private ArrayList<PublicKey> publicKey;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:cn/authing/internal/Jwk$Key.class */
    public static class Key {
        private String n;
        private String e;

        private Key() {
        }

        public String getN() {
            return this.n;
        }

        public void setN(String str) {
            this.n = str;
        }

        public String getE() {
            return this.e;
        }

        public void setE(String str) {
            this.e = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Jwk create(String str) {
        try {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(str).openConnection();
            httpsURLConnection.setConnectTimeout(10000);
            int responseCode = httpsURLConnection.getResponseCode();
            if (responseCode != 200) {
                logger.error("init Jwk failed. jwks endpoint:" + str + " status code:" + responseCode);
                return null;
            }
            Jwk jwk = (Jwk) JSON.parseObject(Util.getStringFromStream(httpsURLConnection.getInputStream()), Jwk.class);
            jwk.generatePublicKey();
            return jwk;
        } catch (Exception e) {
            logger.error("init Jwk failed. jwks endpoint:" + str);
            return null;
        }
    }

    private void generatePublicKey() {
        if (this.keys == null || this.keys.size() == 0) {
            return;
        }
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            this.publicKey = new ArrayList<>();
            Iterator<Key> it = this.keys.iterator();
            while (it.hasNext()) {
                Key next = it.next();
                try {
                    String n = next.getN();
                    String e = next.getE();
                    this.publicKey.add(keyFactory.generatePublic(new RSAPublicKeySpec(new BigInteger(1, Base64.getUrlDecoder().decode(n)), new BigInteger(1, Base64.getUrlDecoder().decode(e)))));
                } catch (InvalidKeySpecException e2) {
                    e2.printStackTrace();
                }
            }
        } catch (NoSuchAlgorithmException e3) {
            e3.printStackTrace();
        }
    }

    public ArrayList<Key> getKeys() {
        return this.keys;
    }

    public void setKeys(ArrayList<Key> arrayList) {
        this.keys = arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DecodedJWT verifyToken(String str, Jwk jwk, String str2) {
        if (str == null || jwk == null || jwk.publicKey == null) {
            return null;
        }
        DecodedJWT decode = JWT.decode(str);
        if ("HS256".equalsIgnoreCase(decode.getAlgorithm())) {
            try {
                Algorithm.HMAC256(str2).verify(decode);
                return decode;
            } catch (SignatureVerificationException e) {
                return null;
            }
        }
        for (int i = 0; i < jwk.publicKey.size(); i++) {
            try {
                if ("RS256".equalsIgnoreCase(decode.getAlgorithm())) {
                    Algorithm.RSA256((RSAPublicKey) jwk.publicKey.get(i), (RSAPrivateKey) null).verify(decode);
                }
                return decode;
            } catch (SignatureVerificationException e2) {
            }
        }
        return null;
    }
}
