package org.gluu.oxauth.model.crypto;

import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.TimeZone;
import org.apache.commons.configuration.DataConfiguration;
import org.apache.log4j.Logger;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.oxauth.model.crypto.signature.AlgorithmFamily;
import org.gluu.oxauth.model.crypto.signature.ECEllipticCurve;
import org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.gluu.oxauth.model.jwk.Algorithm;
import org.gluu.oxauth.model.jwk.JSONWebKey;
import org.gluu.oxauth.model.jwk.JSONWebKeySet;
import org.gluu.oxauth.model.jwk.JWKParameter;
import org.gluu.oxauth.model.jwk.Use;
import org.gluu.oxauth.model.util.Base64Util;
import org.gluu.oxeleven.model.JwksRequestParam;
import org.gluu.oxeleven.model.KeyRequestParam;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import sun.security.rsa.RSAPublicKeyImpl;

/* loaded from: input_file:org/gluu/oxauth/model/crypto/AbstractCryptoProvider.class */
public abstract class AbstractCryptoProvider {
    protected static final Logger LOG = Logger.getLogger((Class<?>) AbstractCryptoProvider.class);

    public JSONObject generateKey(Algorithm algorithm, Long l) throws Exception {
        return generateKey(algorithm, l, Use.SIGNATURE);
    }

    public abstract JSONObject generateKey(Algorithm algorithm, Long l, Use use) throws Exception;

    public abstract String sign(String str, String str2, String str3, SignatureAlgorithm signatureAlgorithm) throws Exception;

    public abstract boolean verifySignature(String str, String str2, String str3, JSONObject jSONObject, String str4, SignatureAlgorithm signatureAlgorithm) throws Exception;

    public abstract boolean deleteKey(String str) throws Exception;

    public abstract boolean containsKey(String str);

    public abstract java.security.PrivateKey getPrivateKey(String str) throws Exception;

    public String getKeyId(JSONWebKeySet jSONWebKeySet, Algorithm algorithm, Use use) throws Exception {
        for (JSONWebKey jSONWebKey : jSONWebKeySet.getKeys()) {
            if (algorithm == jSONWebKey.getAlg() && (use == null || use == jSONWebKey.getUse())) {
                return jSONWebKey.getKid();
            }
        }
        return null;
    }

    public JwksRequestParam getJwksRequestParam(JSONObject jSONObject) throws JSONException {
        JwksRequestParam jwksRequestParam = new JwksRequestParam();
        jwksRequestParam.setKeyRequestParams(new ArrayList());
        KeyRequestParam keyRequestParam = new KeyRequestParam();
        keyRequestParam.setAlg(jSONObject.getString("alg"));
        keyRequestParam.setKid(jSONObject.getString("kid"));
        keyRequestParam.setUse(jSONObject.getString("use"));
        keyRequestParam.setKty(jSONObject.getString("kty"));
        keyRequestParam.setN(jSONObject.optString("n"));
        keyRequestParam.setE(jSONObject.optString("e"));
        keyRequestParam.setCrv(jSONObject.optString("crv"));
        keyRequestParam.setX(jSONObject.optString("x"));
        keyRequestParam.setY(jSONObject.optString("y"));
        jwksRequestParam.getKeyRequestParams().add(keyRequestParam);
        return jwksRequestParam;
    }

    public static JSONObject generateJwks(int i, int i2, AppConfiguration appConfiguration) throws Exception {
        JSONArray jSONArray = new JSONArray();
        generateJwks(jSONArray, i, i2, appConfiguration, Use.SIGNATURE);
        generateJwks(jSONArray, i, i2, appConfiguration, Use.ENCRYPTION);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(JWKParameter.JSON_WEB_KEY_SET, jSONArray);
        return jSONObject;
    }

    public static void generateJwks(JSONArray jSONArray, int i, int i2, AppConfiguration appConfiguration, Use use) throws Exception {
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
        gregorianCalendar.add(10, i);
        gregorianCalendar.add(13, i2);
        AbstractCryptoProvider cryptoProvider = CryptoProviderFactory.getCryptoProvider(appConfiguration);
        try {
            jSONArray.put(cryptoProvider.generateKey(Algorithm.RS256, Long.valueOf(gregorianCalendar.getTimeInMillis()), use));
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
        }
        try {
            jSONArray.put(cryptoProvider.generateKey(Algorithm.RS384, Long.valueOf(gregorianCalendar.getTimeInMillis()), use));
        } catch (Exception e2) {
            LOG.error(e2.getMessage(), e2);
        }
        try {
            jSONArray.put(cryptoProvider.generateKey(Algorithm.RS512, Long.valueOf(gregorianCalendar.getTimeInMillis()), use));
        } catch (Exception e3) {
            LOG.error(e3.getMessage(), e3);
        }
        try {
            jSONArray.put(cryptoProvider.generateKey(Algorithm.ES256, Long.valueOf(gregorianCalendar.getTimeInMillis()), use));
        } catch (Exception e4) {
            LOG.error(e4.getMessage(), e4);
        }
        try {
            jSONArray.put(cryptoProvider.generateKey(Algorithm.ES384, Long.valueOf(gregorianCalendar.getTimeInMillis()), use));
        } catch (Exception e5) {
            LOG.error(e5.getMessage(), e5);
        }
        try {
            jSONArray.put(cryptoProvider.generateKey(Algorithm.ES512, Long.valueOf(gregorianCalendar.getTimeInMillis()), use));
        } catch (Exception e6) {
            LOG.error(e6.getMessage(), e6);
        }
        try {
            jSONArray.put(cryptoProvider.generateKey(Algorithm.PS256, Long.valueOf(gregorianCalendar.getTimeInMillis()), use));
        } catch (Exception e7) {
            LOG.error(e7.getMessage(), e7);
        }
        try {
            jSONArray.put(cryptoProvider.generateKey(Algorithm.PS384, Long.valueOf(gregorianCalendar.getTimeInMillis()), use));
        } catch (Exception e8) {
            LOG.error(e8.getMessage(), e8);
        }
        try {
            jSONArray.put(cryptoProvider.generateKey(Algorithm.PS512, Long.valueOf(gregorianCalendar.getTimeInMillis()), use));
        } catch (Exception e9) {
            LOG.error(e9.getMessage(), e9);
        }
        try {
            jSONArray.put(cryptoProvider.generateKey(Algorithm.RSA1_5, Long.valueOf(gregorianCalendar.getTimeInMillis()), use));
        } catch (Exception e10) {
            LOG.error(e10.getMessage(), e10);
        }
        try {
            jSONArray.put(cryptoProvider.generateKey(Algorithm.RSA_OAEP, Long.valueOf(gregorianCalendar.getTimeInMillis()), use));
        } catch (Exception e11) {
            LOG.error(e11.getMessage(), e11);
        }
    }

    public java.security.PublicKey getPublicKey(String str, JSONObject jSONObject) throws Exception {
        RSAPublicKeyImpl rSAPublicKeyImpl = null;
        JSONArray jSONArray = jSONObject.getJSONArray(JWKParameter.JSON_WEB_KEY_SET);
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject2 = jSONArray.getJSONObject(i);
            if (str.equals(jSONObject2.getString("kid"))) {
                AlgorithmFamily algorithmFamily = null;
                if (jSONObject2.has("alg")) {
                    algorithmFamily = Algorithm.fromString(jSONObject2.optString("alg")).getFamily();
                } else if (jSONObject2.has("kty")) {
                    algorithmFamily = AlgorithmFamily.fromString(jSONObject2.getString("kty"));
                }
                if (AlgorithmFamily.RSA.equals(algorithmFamily)) {
                    rSAPublicKeyImpl = new RSAPublicKeyImpl(new BigInteger(1, Base64Util.base64urldecode(jSONObject2.getString("n"))), new BigInteger(1, Base64Util.base64urldecode(jSONObject2.getString("e"))));
                } else if (AlgorithmFamily.EC.equals(algorithmFamily)) {
                    ECEllipticCurve fromString = ECEllipticCurve.fromString(jSONObject2.optString("crv"));
                    AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(AlgorithmFamily.EC.toString());
                    algorithmParameters.init(new ECGenParameterSpec(fromString.getAlias()));
                    rSAPublicKeyImpl = java.security.KeyFactory.getInstance(AlgorithmFamily.EC.toString()).generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, Base64Util.base64urldecode(jSONObject2.getString("x"))), new BigInteger(1, Base64Util.base64urldecode(jSONObject2.getString("y")))), (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
                }
                if (jSONObject2.has("exp")) {
                    checkKeyExpiration(str, Long.valueOf(jSONObject2.getLong("exp")));
                }
            }
        }
        return rSAPublicKeyImpl;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkKeyExpiration(String str, Long l) {
        try {
            Date date = new Date(l.longValue());
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat(DataConfiguration.DEFAULT_DATE_FORMAT);
            Date date2 = new Date();
            long longValue = (l.longValue() - date2.getTime()) / 86400000;
            if (longValue <= 0) {
                LOG.warn("\nWARNING! Expired Key with alias: " + str + "\n\tExpires On: " + simpleDateFormat.format(date) + "\n\tToday's Date: " + simpleDateFormat.format(date2));
            } else if (longValue <= 100) {
                LOG.warn("\nWARNING! Key with alias: " + str + "\n\tExpires In: " + longValue + " days\n\tExpires On: " + simpleDateFormat.format(date) + "\n\tToday's Date: " + simpleDateFormat.format(date2));
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
