package de.cidaas.jwt;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.JsonNodeFactory;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.naming.OperationNotSupportedException;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:de/cidaas/jwt/JWTGenerator.class */
public class JWTGenerator {
    public String sign(Map<String, Object> map, Options options) {
        Algorithm algorithm = Algorithm.HS256;
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.add(encodedHeader(algorithm));
            arrayList.add(encodedPayload(map, options));
            arrayList.add(encodedSignature(join(arrayList, "."), algorithm, options.getSecret()));
            return join(arrayList, ".");
        } catch (Exception e) {
            if (e instanceof RuntimeException) {
                throw ((RuntimeException) e);
            }
            throw new RuntimeException(e);
        }
    }

    private String encodedHeader(Algorithm algorithm) throws UnsupportedEncodingException {
        if (algorithm == null) {
            algorithm = Algorithm.HS256;
        }
        ObjectNode objectNode = JsonNodeFactory.instance.objectNode();
        objectNode.put("typ", "JWT");
        objectNode.put("alg", algorithm.name());
        return base64UrlEncode(objectNode.toString().getBytes("UTF-8"));
    }

    private String encodedPayload(Map<String, Object> map, Options options) throws Exception {
        return base64UrlEncode(new ObjectMapper().writeValueAsString(JWTHelper.encodedPayload(map, options)).getBytes("UTF-8"));
    }

    private String encodedSignature(String str, Algorithm algorithm, String str2) throws Exception {
        return base64UrlEncode(sign(algorithm, str, str2.getBytes()));
    }

    private String base64UrlEncode(byte[] bArr) {
        return new String(Base64.encodeBase64URLSafe(bArr));
    }

    private static byte[] sign(Algorithm algorithm, String str, byte[] bArr) throws Exception {
        switch (algorithm) {
            case HS256:
            case HS384:
            case HS512:
                return signHmac(algorithm, str, bArr);
            case RS256:
            case RS384:
            case RS512:
            default:
                throw new OperationNotSupportedException("Unsupported signing method");
        }
    }

    private static byte[] signHmac(Algorithm algorithm, String str, byte[] bArr) throws Exception {
        Mac mac = Mac.getInstance(algorithm.getValue());
        mac.init(new SecretKeySpec(bArr, algorithm.getValue()));
        return mac.doFinal(str.getBytes());
    }

    private String join(List<String> list, String str) {
        int size = list.size();
        int i = 1;
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            sb.append(it.next());
            if (i < size) {
                sb.append(str);
            }
            i++;
        }
        return sb.toString();
    }

    public Map<String, Object> verify(String str, Options options) throws NoSuchAlgorithmException, InvalidKeyException, IllegalStateException, IOException, SignatureException, JWTVerifyException {
        if (str == null || "".equals(str)) {
            throw new IllegalStateException("token not set");
        }
        String[] split = str.split("\\.");
        if (split.length != 3) {
            throw new IllegalStateException("Wrong number of segments: " + split.length);
        }
        String algorithm = getAlgorithm(decodeAndParse(split[0]));
        JsonNode decodeAndParse = decodeAndParse(split[1]);
        if (verifySignature(split, algorithm, options.getSecret())) {
            return (Map) new ObjectMapper().treeToValue(decodeAndParse, Map.class);
        }
        return null;
    }

    public Map<String, Object> parse(String str) throws NoSuchAlgorithmException, InvalidKeyException, IllegalStateException, IOException, SignatureException, JWTVerifyException {
        if (str == null || "".equals(str)) {
            throw new IllegalStateException("token not set");
        }
        String[] split = str.split("\\.");
        if (split.length != 3) {
            throw new IllegalStateException("Wrong number of segments: " + split.length);
        }
        return (Map) new ObjectMapper().treeToValue(decodeAndParse(split[1]), Map.class);
    }

    static boolean verifySignature(String[] strArr, String str, String str2) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Mac mac = Mac.getInstance(str);
        mac.init(new SecretKeySpec(str2.getBytes(), str));
        return MessageDigest.isEqual(mac.doFinal(new StringBuilder(strArr[0]).append(".").append(strArr[1]).toString().getBytes()), Base64.decodeBase64(strArr[2]));
    }

    static String getAlgorithm(JsonNode jsonNode) {
        HashMap hashMap = new HashMap();
        hashMap.put("HS256", "HmacSHA256");
        hashMap.put("HS384", "HmacSHA384");
        hashMap.put("HS512", "HmacSHA512");
        String asText = jsonNode.has("alg") ? jsonNode.get("alg").asText() : null;
        if (jsonNode.get("alg") == null) {
            throw new IllegalStateException("algorithm not set");
        }
        if (hashMap.get(asText) == null) {
            throw new IllegalStateException("unsupported algorithm");
        }
        return (String) hashMap.get(asText);
    }

    static JsonNode decodeAndParse(String str) throws IOException {
        return (JsonNode) new ObjectMapper().readValue(new String(Base64.decodeBase64(str), "UTF-8"), JsonNode.class);
    }
}
