package org.xdi.oxauth.model.authorize;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.commons.lang.StringUtils;
import org.codehaus.jettison.json.JSONArray;
import org.codehaus.jettison.json.JSONException;
import org.codehaus.jettison.json.JSONObject;
import org.xdi.oxauth.model.common.Display;
import org.xdi.oxauth.model.common.Prompt;
import org.xdi.oxauth.model.common.ResponseType;
import org.xdi.oxauth.model.config.ConfigurationFactory;
import org.xdi.oxauth.model.crypto.Certificate;
import org.xdi.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm;
import org.xdi.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm;
import org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey;
import org.xdi.oxauth.model.crypto.signature.RSAPrivateKey;
import org.xdi.oxauth.model.crypto.signature.RSAPublicKey;
import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.xdi.oxauth.model.exception.InvalidJweException;
import org.xdi.oxauth.model.exception.InvalidJwtException;
import org.xdi.oxauth.model.jwe.JweDecrypterImpl;
import org.xdi.oxauth.model.jwk.JSONWebKey;
import org.xdi.oxauth.model.jwt.JwtHeader;
import org.xdi.oxauth.model.registration.Client;
import org.xdi.oxauth.model.util.JwtUtil;
import org.xdi.oxauth.model.util.Util;
import org.xdi.util.security.StringEncrypter;

/* loaded from: input_file:org/xdi/oxauth/model/authorize/JwtAuthorizationRequest.class */
public class JwtAuthorizationRequest {
    private String type;
    private String algorithm;
    private String encryptionAlgorithm;
    private String keyId;
    private List<ResponseType> responseTypes;
    private String clientId;
    private List<String> scopes;
    private String redirectUri;
    private String nonce;
    private String state;
    private Display display;
    private List<Prompt> prompts;
    private UserInfoMember userInfoMember;
    private IdTokenMember idTokenMember;
    private String encodedJwt;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.xdi.oxauth.model.authorize.JwtAuthorizationRequest$1, reason: invalid class name */
    /* loaded from: input_file:org/xdi/oxauth/model/authorize/JwtAuthorizationRequest$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm = new int[SignatureAlgorithm.values().length];

        static {
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.HS256.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.HS384.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.HS512.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.RS256.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.RS384.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.RS512.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.ES256.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.ES384.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[SignatureAlgorithm.ES512.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
        }
    }

    public JwtAuthorizationRequest(String str, Client client) throws InvalidJwtException, InvalidJweException {
        JweDecrypterImpl jweDecrypterImpl;
        try {
            this.responseTypes = new ArrayList();
            this.scopes = new ArrayList();
            this.prompts = new ArrayList();
            this.encodedJwt = str;
            if (str == null || str.isEmpty()) {
                throw new InvalidJwtException("The JWT is null or empty");
            }
            String[] split = str.split("\\.");
            if (split.length == 5) {
                String str2 = split[0];
                String str3 = split[1];
                String str4 = split[2];
                String str5 = split[3];
                String str6 = split[4];
                JwtHeader jwtHeader = new JwtHeader(str2);
                KeyEncryptionAlgorithm fromName = KeyEncryptionAlgorithm.fromName(jwtHeader.getClaimAsString("alg"));
                BlockEncryptionAlgorithm fromName2 = BlockEncryptionAlgorithm.fromName(jwtHeader.getClaimAsString("enc"));
                if ("RSA".equals(fromName.getFamily())) {
                    JSONWebKey jSONWebKey = (JSONWebKey) ConfigurationFactory.getWebKeys().getKeys(SignatureAlgorithm.RS256).get(0);
                    jweDecrypterImpl = new JweDecrypterImpl(new RSAPrivateKey(jSONWebKey.getPrivateKey().getModulus(), jSONWebKey.getPrivateKey().getPrivateExponent()));
                } else {
                    jweDecrypterImpl = new JweDecrypterImpl(client.getClientSecret().getBytes("UTF-8"));
                }
                jweDecrypterImpl.setKeyEncryptionAlgorithm(fromName);
                jweDecrypterImpl.setBlockEncryptionAlgorithm(fromName2);
                String decryptCipherText = jweDecrypterImpl.decryptCipherText(str5, jweDecrypterImpl.decryptEncryptionKey(str3), JwtUtil.base64urldecode(str4), JwtUtil.base64urldecode(str6), (str2 + "." + str3 + "." + str4).getBytes("UTF-8"));
                String str7 = new String(JwtUtil.base64urldecode(str2), "UTF-8");
                String replace = new String(JwtUtil.base64urldecode(decryptCipherText), "UTF-8").replace("\\", "");
                loadHeader(str7);
                loadPayload(replace);
            } else {
                if (split.length != 2 && split.length != 3) {
                    throw new InvalidJwtException("The JWT is not well formed");
                }
                String str8 = split[0];
                String str9 = split[1];
                String str10 = split.length == 3 ? split[2] : "";
                String str11 = str8 + "." + str9;
                String str12 = new String(JwtUtil.base64urldecode(str8), "UTF-8");
                String replace2 = new String(JwtUtil.base64urldecode(str9), "UTF-8").replace("\\", "");
                byte[] base64urldecode = JwtUtil.base64urldecode(str10);
                JSONObject jSONObject = new JSONObject(str12);
                if (jSONObject.has("typ")) {
                    this.type = jSONObject.getString("typ");
                }
                if (jSONObject.has("alg")) {
                    this.algorithm = jSONObject.getString("alg");
                }
                if (jSONObject.has("kid")) {
                    this.keyId = jSONObject.getString("kid");
                }
                SignatureAlgorithm fromName3 = SignatureAlgorithm.fromName(this.algorithm);
                if (fromName3 == null) {
                    throw new InvalidJwtException("The JWT algorithm is not supported");
                }
                if (!validateSignature(fromName3, client, str11, base64urldecode)) {
                    throw new InvalidJwtException("The JWT signature is not valid");
                }
                JSONObject jSONObject2 = new JSONObject(replace2);
                if (jSONObject2.has("response_type")) {
                    JSONArray optJSONArray = jSONObject2.optJSONArray("response_type");
                    if (optJSONArray != null) {
                        for (int i = 0; i < optJSONArray.length(); i++) {
                            this.responseTypes.add(ResponseType.fromString(optJSONArray.getString(i)));
                        }
                    } else {
                        this.responseTypes.addAll(ResponseType.fromString(jSONObject2.getString("response_type"), " "));
                    }
                }
                if (jSONObject2.has("client_id")) {
                    this.clientId = jSONObject2.getString("client_id");
                }
                if (jSONObject2.has("scope")) {
                    JSONArray optJSONArray2 = jSONObject2.optJSONArray("scope");
                    if (optJSONArray2 != null) {
                        for (int i2 = 0; i2 < optJSONArray2.length(); i2++) {
                            this.scopes.add(optJSONArray2.getString(i2));
                        }
                    } else {
                        this.scopes.addAll(Util.splittedStringAsList(jSONObject2.getString("scope"), " "));
                    }
                }
                if (jSONObject2.has("redirect_uri")) {
                    this.redirectUri = URLDecoder.decode(jSONObject2.getString("redirect_uri"), "UTF-8");
                }
                if (jSONObject2.has("nonce")) {
                    this.nonce = jSONObject2.getString("nonce");
                }
                if (jSONObject2.has("state")) {
                    this.state = jSONObject2.getString("state");
                }
                if (jSONObject2.has("display")) {
                    this.display = Display.fromString(jSONObject2.getString("display"));
                }
                if (jSONObject2.has("prompt")) {
                    JSONArray optJSONArray3 = jSONObject2.optJSONArray("prompt");
                    if (optJSONArray3 != null) {
                        for (int i3 = 0; i3 < optJSONArray3.length(); i3++) {
                            this.prompts.add(Prompt.fromString(optJSONArray3.getString(i3)));
                        }
                    } else {
                        this.prompts.addAll(Prompt.fromString(jSONObject2.getString("prompt"), " "));
                    }
                }
                if (jSONObject2.has("claims")) {
                    JSONObject jSONObject3 = jSONObject2.getJSONObject("claims");
                    if (jSONObject3.has("userinfo")) {
                        this.userInfoMember = new UserInfoMember(jSONObject3.getJSONObject("userinfo"));
                    }
                    if (jSONObject3.has("id_token")) {
                        this.idTokenMember = new IdTokenMember(jSONObject3.getJSONObject("id_token"));
                    }
                }
            }
        } catch (JSONException e) {
            throw new InvalidJwtException(e);
        } catch (Exception e2) {
            throw new InvalidJwtException(e2);
        } catch (StringEncrypter.EncryptionException e3) {
            throw new InvalidJwtException(e3);
        } catch (UnsupportedEncodingException e4) {
            throw new InvalidJwtException(e4);
        }
    }

    public String getEncodedJwt() {
        return this.encodedJwt;
    }

    private void loadHeader(String str) throws JSONException {
        JSONObject jSONObject = new JSONObject(str);
        if (jSONObject.has("typ")) {
            this.type = jSONObject.getString("typ");
        }
        if (jSONObject.has("alg")) {
            this.algorithm = jSONObject.getString("alg");
        }
        if (jSONObject.has("enc")) {
            this.encryptionAlgorithm = jSONObject.getString("enc");
        }
        if (jSONObject.has("kid")) {
            this.keyId = jSONObject.getString("kid");
        }
    }

    private void loadPayload(String str) throws JSONException, UnsupportedEncodingException {
        JSONObject jSONObject = new JSONObject(str);
        if (jSONObject.has("response_type")) {
            JSONArray optJSONArray = jSONObject.optJSONArray("response_type");
            if (optJSONArray != null) {
                for (int i = 0; i < optJSONArray.length(); i++) {
                    this.responseTypes.add(ResponseType.fromString(optJSONArray.getString(i)));
                }
            } else {
                this.responseTypes.addAll(ResponseType.fromString(jSONObject.getString("response_type"), " "));
            }
        }
        if (jSONObject.has("client_id")) {
            this.clientId = jSONObject.getString("client_id");
        }
        if (jSONObject.has("scope")) {
            JSONArray optJSONArray2 = jSONObject.optJSONArray("scope");
            if (optJSONArray2 != null) {
                for (int i2 = 0; i2 < optJSONArray2.length(); i2++) {
                    this.scopes.add(optJSONArray2.getString(i2));
                }
            } else {
                this.scopes.addAll(Util.splittedStringAsList(jSONObject.getString("scope"), " "));
            }
        }
        if (jSONObject.has("redirect_uri")) {
            this.redirectUri = URLDecoder.decode(jSONObject.getString("redirect_uri"), "UTF-8");
        }
        if (jSONObject.has("nonce")) {
            this.nonce = jSONObject.getString("nonce");
        }
        if (jSONObject.has("state")) {
            this.state = jSONObject.getString("state");
        }
        if (jSONObject.has("display")) {
            this.display = Display.fromString(jSONObject.getString("display"));
        }
        if (jSONObject.has("prompt")) {
            JSONArray optJSONArray3 = jSONObject.optJSONArray("prompt");
            if (optJSONArray3 != null) {
                for (int i3 = 0; i3 < optJSONArray3.length(); i3++) {
                    this.prompts.add(Prompt.fromString(optJSONArray3.getString(i3)));
                }
            } else {
                this.prompts.addAll(Prompt.fromString(jSONObject.getString("prompt"), " "));
            }
        }
        if (jSONObject.has("claims")) {
            JSONObject jSONObject2 = jSONObject.getJSONObject("claims");
            if (jSONObject2.has("userinfo")) {
                this.userInfoMember = new UserInfoMember(jSONObject2.getJSONObject("userinfo"));
            }
            if (jSONObject2.has("id_token")) {
                this.idTokenMember = new IdTokenMember(jSONObject2.getJSONObject("id_token"));
            }
        }
    }

    private boolean validateSignature(SignatureAlgorithm signatureAlgorithm, Client client, String str, byte[] bArr) throws InvalidJwtException {
        boolean z = false;
        try {
            if (StringUtils.isNotBlank(client.getRequestObjectSigningAlg()) && signatureAlgorithm != SignatureAlgorithm.fromName(client.getRequestObjectSigningAlg())) {
                return false;
            }
            if (signatureAlgorithm == SignatureAlgorithm.NONE) {
                return true;
            }
            if (signatureAlgorithm == SignatureAlgorithm.HS256 || signatureAlgorithm == SignatureAlgorithm.HS384 || signatureAlgorithm == SignatureAlgorithm.HS512) {
                String clientSecret = client.getClientSecret();
                switch (AnonymousClass1.$SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[signatureAlgorithm.ordinal()]) {
                    case 1:
                        z = Arrays.equals(bArr, JwtUtil.getSignatureHS256(str.getBytes("UTF-8"), clientSecret.getBytes("UTF-8")));
                        break;
                    case 2:
                        z = Arrays.equals(bArr, JwtUtil.getSignatureHS384(str.getBytes("UTF-8"), clientSecret.getBytes("UTF-8")));
                        break;
                    case 3:
                        z = Arrays.equals(bArr, JwtUtil.getSignatureHS512(str.getBytes("UTF-8"), clientSecret.getBytes("UTF-8")));
                        break;
                    default:
                        throw new InvalidJwtException("The algorithm is not supported");
                }
            } else if (client.getJwksUri() != null) {
                RSAPublicKey publicKey = JwtUtil.getPublicKey(client.getJwksUri(), signatureAlgorithm, this.keyId);
                if (publicKey == null) {
                    throw new InvalidJwtException("Cannot retrieve the JWK file");
                }
                if (publicKey.getCertificate() != null) {
                    Certificate certificate = publicKey.getCertificate();
                    switch (AnonymousClass1.$SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[signatureAlgorithm.ordinal()]) {
                        case 4:
                            z = JwtUtil.verifySignatureRS256(str.getBytes("UTF-8"), bArr, certificate.getRsaPublicKey());
                            break;
                        case 5:
                            z = JwtUtil.verifySignatureRS384(str.getBytes("UTF-8"), bArr, certificate.getRsaPublicKey());
                            break;
                        case 6:
                            z = JwtUtil.verifySignatureRS512(str.getBytes("UTF-8"), bArr, certificate.getRsaPublicKey());
                            break;
                        case 7:
                            z = JwtUtil.verifySignatureES256(str.getBytes("UTF-8"), bArr, certificate.getEcdsaPublicKey());
                            break;
                        case 8:
                            z = JwtUtil.verifySignatureES384(str.getBytes("UTF-8"), bArr, certificate.getEcdsaPublicKey());
                            break;
                        case 9:
                            z = JwtUtil.verifySignatureES512(str.getBytes("UTF-8"), bArr, certificate.getEcdsaPublicKey());
                            break;
                        default:
                            throw new InvalidJwtException("The algorithm is not supported");
                    }
                } else {
                    switch (AnonymousClass1.$SwitchMap$org$xdi$oxauth$model$crypto$signature$SignatureAlgorithm[signatureAlgorithm.ordinal()]) {
                        case 4:
                            z = JwtUtil.verifySignatureRS256(str.getBytes("UTF-8"), bArr, publicKey);
                            break;
                        case 5:
                            z = JwtUtil.verifySignatureRS384(str.getBytes("UTF-8"), bArr, publicKey);
                            break;
                        case 6:
                            z = JwtUtil.verifySignatureRS512(str.getBytes("UTF-8"), bArr, publicKey);
                            break;
                        case 7:
                            z = JwtUtil.verifySignatureES256(str.getBytes("UTF-8"), bArr, (ECDSAPublicKey) publicKey);
                            break;
                        case 8:
                            z = JwtUtil.verifySignatureES384(str.getBytes("UTF-8"), bArr, (ECDSAPublicKey) publicKey);
                            break;
                        case 9:
                            z = JwtUtil.verifySignatureES512(str.getBytes("UTF-8"), bArr, (ECDSAPublicKey) publicKey);
                            break;
                        default:
                            throw new InvalidJwtException("The algorithm is not supported");
                    }
                }
            }
            return z;
        } catch (UnsupportedEncodingException e) {
            throw new InvalidJwtException(e);
        } catch (IOException e2) {
            throw new InvalidJwtException(e2);
        } catch (InvalidKeyException e3) {
            throw new InvalidJwtException(e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new InvalidJwtException(e4);
        } catch (NoSuchProviderException e5) {
            throw new InvalidJwtException(e5);
        } catch (SignatureException e6) {
            throw new InvalidJwtException(e6);
        } catch (InvalidKeySpecException e7) {
            throw new InvalidJwtException(e7);
        } catch (BadPaddingException e8) {
            throw new InvalidJwtException(e8);
        } catch (IllegalBlockSizeException e9) {
            throw new InvalidJwtException(e9);
        } catch (NoSuchPaddingException e10) {
            throw new InvalidJwtException(e10);
        } catch (Exception e11) {
            throw new InvalidJwtException(e11);
        } catch (StringEncrypter.EncryptionException e12) {
            throw new InvalidJwtException(e12);
        }
    }

    public String getKeyId() {
        return this.keyId;
    }

    public String getType() {
        return this.type;
    }

    public void setType(String str) {
        this.type = str;
    }

    public String getAlgorithm() {
        return this.algorithm;
    }

    public void setAlgorithm(String str) {
        this.algorithm = str;
    }

    public List<ResponseType> getResponseTypes() {
        return this.responseTypes;
    }

    public void setResponseTypes(List<ResponseType> list) {
        this.responseTypes = list;
    }

    public String getClientId() {
        return this.clientId;
    }

    public void setClientId(String str) {
        this.clientId = str;
    }

    public List<String> getScopes() {
        return this.scopes;
    }

    public void setScopes(List<String> list) {
        this.scopes = list;
    }

    public String getRedirectUri() {
        return this.redirectUri;
    }

    public void setRedirectUri(String str) {
        this.redirectUri = str;
    }

    public String getNonce() {
        return this.nonce;
    }

    public void setNonce(String str) {
        this.nonce = str;
    }

    public String getState() {
        return this.state;
    }

    public void setState(String str) {
        this.state = str;
    }

    public Display getDisplay() {
        return this.display;
    }

    public void setDisplay(Display display) {
        this.display = display;
    }

    public List<Prompt> getPrompts() {
        return this.prompts;
    }

    public void setPrompts(List<Prompt> list) {
        this.prompts = list;
    }

    public UserInfoMember getUserInfoMember() {
        return this.userInfoMember;
    }

    public void setUserInfoMember(UserInfoMember userInfoMember) {
        this.userInfoMember = userInfoMember;
    }

    public IdTokenMember getIdTokenMember() {
        return this.idTokenMember;
    }

    public void setIdTokenMember(IdTokenMember idTokenMember) {
        this.idTokenMember = idTokenMember;
    }
}
