package org.adamalang.runtime.security;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import io.jsonwebtoken.Jwts;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Iterator;
import java.util.Map;
import org.adamalang.ErrorCodes;
import org.adamalang.common.ErrorCodeException;
import org.adamalang.common.ExceptionLogger;
import org.adamalang.common.Json;
import org.adamalang.runtime.natives.NtPrincipal;

/* loaded from: input_file:org/adamalang/runtime/security/Keystore.class */
public class Keystore {
    private static final ExceptionLogger LOGGER = ExceptionLogger.FOR((Class<?>) Keystore.class);
    private final ArrayList<PublicKey> keys = new ArrayList<>();
    private PublicKey mostRecentKey;

    private Keystore(ObjectNode objectNode) throws ErrorCodeException {
        Iterator<Map.Entry<String, JsonNode>> fields = objectNode.fields();
        while (fields.hasNext()) {
            Map.Entry<String, JsonNode> next = fields.next();
            if (!(next.getValue() instanceof ObjectNode)) {
                throw new ErrorCodeException(ErrorCodes.API_KEYSTORE_ROOT_ITEM_NOT_OBJECT);
            }
            this.mostRecentKey = parsePublicKey((ObjectNode) next.getValue());
            this.keys.add(this.mostRecentKey);
        }
    }

    public String persist() {
        ObjectNode newJsonObject = Json.newJsonObject();
        int i = 0;
        Iterator<PublicKey> it = this.keys.iterator();
        while (it.hasNext()) {
            PublicKey next = it.next();
            String str = new String(Base64.getEncoder().encode(next.getEncoded()));
            ObjectNode putObject = newJsonObject.putObject(i);
            putObject.put("algo", next.getAlgorithm());
            putObject.put("bytes64", str);
            i++;
        }
        return newJsonObject.toString();
    }

    public String generate(String str) {
        KeyPair build = Jwts.SIG.ES256.keyPair().build();
        ObjectNode newJsonObject = Json.newJsonObject();
        newJsonObject.put("authority", str);
        newJsonObject.put("algo", "ES256");
        newJsonObject.put("bytes64", new String(Base64.getEncoder().encode(build.getPrivate().getEncoded())));
        this.keys.add(build.getPublic());
        return newJsonObject.toString();
    }

    public static PrivateKey parsePrivateKey(ObjectNode objectNode) throws ErrorCodeException {
        JsonNode jsonNode = objectNode.get("algo");
        JsonNode jsonNode2 = objectNode.get("bytes64");
        if (jsonNode == null || jsonNode.isNull() || !jsonNode.isTextual()) {
            throw new ErrorCodeException(ErrorCodes.API_KEYSTORE_KEY_LACKS_ALGO);
        }
        String textValue = jsonNode.textValue();
        if (jsonNode2 == null || jsonNode2.isNull() || !jsonNode2.isTextual()) {
            throw new ErrorCodeException(ErrorCodes.API_KEYSTORE_KEY_LACKS_BYTES64);
        }
        try {
            byte[] decode = Base64.getDecoder().decode(jsonNode2.textValue());
            try {
                boolean z = -1;
                switch (textValue.hashCode()) {
                    case 66245349:
                        if (textValue.equals("ES256")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        return KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(decode));
                    default:
                        throw new ErrorCodeException(ErrorCodes.API_KEYSTORE_KEY_LACKS_VALID_ALGO);
                }
            } catch (Exception e) {
                throw ErrorCodeException.detectOrWrap(ErrorCodes.API_KEYSTORE_KEY_INTERNAL_ERROR, e, LOGGER);
            }
        } catch (IllegalArgumentException e2) {
            throw new ErrorCodeException(ErrorCodes.API_KEYSTORE_KEY_LACKS_VALID_BYTES64);
        }
    }

    public static PublicKey parsePublicKey(ObjectNode objectNode) throws ErrorCodeException {
        JsonNode jsonNode = objectNode.get("algo");
        JsonNode jsonNode2 = objectNode.get("bytes64");
        if (jsonNode == null || jsonNode.isNull() || !jsonNode.isTextual()) {
            throw new ErrorCodeException(ErrorCodes.API_KEYSTORE_KEY_LACKS_ALGO);
        }
        String textValue = jsonNode.textValue();
        if (jsonNode2 == null || jsonNode2.isNull() || !jsonNode2.isTextual()) {
            throw new ErrorCodeException(ErrorCodes.API_KEYSTORE_KEY_LACKS_BYTES64);
        }
        try {
            byte[] decode = Base64.getDecoder().decode(jsonNode2.textValue());
            try {
                boolean z = -1;
                switch (textValue.hashCode()) {
                    case 2206:
                        if (textValue.equals("EC")) {
                            z = false;
                            break;
                        }
                        break;
                    case 66245349:
                        if (textValue.equals("ES256")) {
                            z = true;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                    case true:
                        return KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(decode));
                    default:
                        throw new ErrorCodeException(ErrorCodes.API_KEYSTORE_KEY_LACKS_VALID_ALGO);
                }
            } catch (Exception e) {
                throw ErrorCodeException.detectOrWrap(ErrorCodes.API_KEYSTORE_KEY_INTERNAL_ERROR, e, LOGGER);
            }
        } catch (IllegalArgumentException e2) {
            throw new ErrorCodeException(ErrorCodes.API_KEYSTORE_KEY_LACKS_VALID_BYTES64);
        }
    }

    public static void validate(ObjectNode objectNode) throws ErrorCodeException {
        new Keystore(objectNode);
    }

    public static Keystore parse(String str) throws ErrorCodeException {
        try {
            return new Keystore(Json.parseJsonObject(str));
        } catch (Exception e) {
            throw ErrorCodeException.detectOrWrap(ErrorCodes.API_KEYSTORE_NOT_JSON, e, LOGGER);
        }
    }

    public NtPrincipal validate(String str, String str2) throws ErrorCodeException {
        Iterator<PublicKey> it = this.keys.iterator();
        while (it.hasNext()) {
            try {
                return new NtPrincipal(Jwts.parser().verifyWith(it.next()).requireIssuer(str).build().parseSignedClaims(str2).getPayload().getSubject(), str);
            } catch (Exception e) {
            }
        }
        throw new ErrorCodeException(ErrorCodes.AUTH_FAILED_VALIDATING_AGAINST_KEYSTORE);
    }
}
