package edu.uiuc.ncsa.security.oauth_2_0;

import edu.uiuc.ncsa.myproxy.oa4mp.client.ClientXMLTags;
import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.core.util.DebugUtil;
import edu.uiuc.ncsa.security.util.jwk.JSONWebKey;
import edu.uiuc.ncsa.security.util.jwk.JSONWebKeyUtil;
import edu.uiuc.ncsa.security.util.jwk.JSONWebKeys;
import edu.uiuc.ncsa.security.util.pkcs.KeyUtil;
import java.io.File;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import net.sf.json.JSONObject;
import net.sf.json.util.JSONUtils;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;

/* loaded from: input_file:WEB-INF/lib/ncsa-security-oauth-2.0-3.4.jar:edu/uiuc/ncsa/security/oauth_2_0/IDTokenUtil.class */
public class IDTokenUtil {
    public static final String NONE_JWT = "none";
    public static final int NONE_KEY = 100;
    public static final String RS256_JWT = "RS256";
    public static final String RS256_JAVA = "SHA256withRSA";
    public static final int RS256_KEY = 101;
    public static final String RS384_JWT = "RS384";
    public static final String RS384_JAVA = "SHA384withRSA";
    public static final int RS384_KEY = 102;
    public static final String RS512_JWT = "RS512";
    public static final String RS512_JAVA = "SHA512withRSA";
    public static final int RS512_KEY = 103;
    public static String TYPE = "typ";
    public static String KEY_ID = JSONWebKeyUtil.KEY_ID;
    public static String ALGORITHM = JSONWebKeyUtil.ALGORITHM;
    public static String ID_TOKKEN = "eyJ0eXAiOiJKV1QiLCJraWQiOiI5azBIUEczbW9YRU5uZSIsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJodHRwczovL2FzaGlnYXJ1Lm5jc2EudWl1Yy5lZHU6OTQ0MyIsInN1YiI6ImpnYXlub3IiLCJleHAiOjE0ODQ3NjQ3NDQsImF1ZCI6Im15cHJveHk6b2E0bXAsMjAxMjovY2xpZW50X2lkLzE0NjQ5ZTJmNDY4NDUwZGFjMGMxODM0ODExZGJkNGM3IiwiaWF0IjoxNDg0NzYzODQ0LCJub25jZSI6IjBaSWktRXV4ZUNfWDhBZ0IzVmlmT29xS2lYV3N6X05sWFN6SXU3aDhyelUiLCJhdXRoX3RpbWUiOiIxNDg0NzYzODQzIn0.PXxUPRJ1aPQmcgfidz1xf28Ip3g3TCWldAPT25JVhsu5kJw75mDjPFVaHvcGOnxO121PAlisQlqARqpx3ytW720odRHEhv3JmVjvoRyKeCHzAP7va75cZmgOWDUI9SONDuNcuomRbUrRyLwrgH2CtBrKr05AowYojkJspRf3a5z6K5s-6ahbUlm7AAmYFDceNtQBeiutCZBfP4_gMLAxdQb7pHfyocKslAV0CwtAKYvqUpkIHuUYsc5CXYuan2Ox0If_pMJC4uV3Ov4banMNLwKeQPRUyWhHLnhrMl5KeoaEtL2nW4X7JIqK8EX-esmjQmr_NVI7DP8DV1C3OjHkpA";

    public static String createIDToken(JSONObject jSONObject) {
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put(TYPE, "JWT");
        jSONObject2.put(ALGORITHM, "none");
        return concat(jSONObject2, jSONObject) + DefaultExpressionEngine.DEFAULT_PROPERTY_DELIMITER;
    }

    public static String createIDToken(JSONObject jSONObject, JSONWebKey jSONWebKey) throws NoSuchAlgorithmException, SignatureException, InvalidKeySpecException, InvalidKeyException, IOException {
        String sign;
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put(TYPE, "JWT");
        jSONObject2.put(KEY_ID, jSONWebKey.id);
        jSONObject2.put(ALGORITHM, jSONWebKey.algorithm);
        if (jSONWebKey.algorithm.equals("none")) {
            sign = "";
        } else {
            DebugUtil.dbg(IDTokenUtil.class, "Signing ID token with algorithm=" + jSONWebKey.algorithm);
            sign = sign(jSONObject2, jSONObject, jSONWebKey);
        }
        return concat(jSONObject2, jSONObject) + DefaultExpressionEngine.DEFAULT_PROPERTY_DELIMITER + sign;
    }

    protected static String concat(JSONObject jSONObject, JSONObject jSONObject2) {
        return Base64.encodeBase64URLSafeString(jSONObject.toString().getBytes()) + DefaultExpressionEngine.DEFAULT_PROPERTY_DELIMITER + Base64.encodeBase64URLSafeString(jSONObject2.toString().getBytes());
    }

    protected static String sign(JSONObject jSONObject, JSONObject jSONObject2, JSONWebKey jSONWebKey) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        return sign(concat(jSONObject, jSONObject2), jSONWebKey);
    }

    protected static String sign(String str, JSONWebKey jSONWebKey) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException {
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(jSONWebKey.privateKey.getEncoded()));
        Signature signature = Signature.getInstance(getJavaSignatureName(jSONWebKey.algorithm));
        signature.initSign(rSAPrivateKey);
        signature.update(str.getBytes());
        return Base64.encodeBase64URLSafeString(signature.sign());
    }

    protected static String getJavaSignatureName(String str) {
        if (str.equals("none")) {
            return "none";
        }
        if (str.equals(RS256_JWT)) {
            return RS256_JAVA;
        }
        if (str.equals(RS384_JWT)) {
            return RS384_JAVA;
        }
        if (str.equals(RS512_JWT)) {
            return RS512_JAVA;
        }
        throw new IllegalArgumentException("Error: unknow algorithm \"" + str + JSONUtils.DOUBLE_QUOTE);
    }

    public static boolean verify(JSONObject jSONObject, JSONObject jSONObject2, String str, JSONWebKey jSONWebKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, InvalidKeySpecException {
        Object obj = jSONObject.get(ALGORITHM);
        if (obj == null || !(obj instanceof String)) {
            throw new IllegalStateException("Unknown algorithm");
        }
        String str2 = (String) obj;
        DebugUtil.dbg(IDTokenUtil.class, "Verifying ID token with algorithm =" + str2);
        if (str2.equals("none")) {
            return true;
        }
        Signature signature = Signature.getInstance(getJavaSignatureName(str2));
        signature.initVerify((RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(jSONWebKey.publicKey.getEncoded())));
        signature.update(concat(jSONObject, jSONObject2).getBytes());
        boolean verify = signature.verify(Base64.decodeBase64(str));
        DebugUtil.dbg(IDTokenUtil.class, "Verification ok?" + verify);
        return verify;
    }

    protected static String[] decat(String str) {
        int indexOf = str.indexOf(DefaultExpressionEngine.DEFAULT_PROPERTY_DELIMITER);
        int lastIndexOf = str.lastIndexOf(DefaultExpressionEngine.DEFAULT_PROPERTY_DELIMITER);
        return new String[]{str.substring(0, indexOf), str.substring(indexOf + 1, lastIndexOf), str.substring(lastIndexOf + 1)};
    }

    public static JSONObject verifyAndReadIDToken(String str, JSONWebKeys jSONWebKeys) {
        String[] decat = decat(str);
        JSONObject fromObject = JSONObject.fromObject(new String(Base64.decodeBase64(decat[0])));
        JSONObject fromObject2 = JSONObject.fromObject(new String(Base64.decodeBase64(decat[1])));
        DebugUtil.dbg(IDTokenUtil.class, "header=" + fromObject);
        DebugUtil.dbg(IDTokenUtil.class, "payload=" + fromObject2);
        if (fromObject.get(ALGORITHM) == null) {
            throw new IllegalArgumentException("Error: no algorithm.");
        }
        if (fromObject.get(ALGORITHM).equals("none")) {
            DebugUtil.dbg(IDTokenUtil.class, "unsigned id token. Returning payload");
            return fromObject2;
        }
        if (!fromObject.get(TYPE).equals("JWT")) {
            throw new GeneralException("Unsupported token type.");
        }
        Object obj = fromObject.get(KEY_ID);
        DebugUtil.dbg(IDTokenUtil.class, "key_id=" + obj);
        if (obj == null || !(obj instanceof String)) {
            throw new IllegalArgumentException("Error: Unknown algorithm");
        }
        try {
            if (verify(fromObject, fromObject2, decat[2], jSONWebKeys.get(fromObject.getString(KEY_ID)))) {
                return fromObject2;
            }
            throw new IllegalStateException("Error: could not verify signature");
        } catch (Throwable th) {
            throw new IllegalStateException("Error: could not verify signature", th);
        }
    }

    public static void main(String[] strArr) {
        try {
            generateAndSign();
        } catch (Throwable th) {
            th.printStackTrace();
        }
    }

    public static void otherTest() throws Exception {
        System.out.println("claims=" + verifyAndReadIDToken(ID_TOKKEN, JSONWebKeyUtil.fromJSON(new File("/home/ncsa/dev/csd/config/keys.jwk"))));
    }

    public static void testSigning() throws Exception {
        JSONObject fromObject = JSONObject.fromObject("{\"typ\":\"JWT\",\"kid\":\"9k0HPG3moXENne\",\"alg\":\"RS256\"}");
        System.out.println("header=" + fromObject);
        JSONObject fromObject2 = JSONObject.fromObject("{\"iss\":\"https://ashigaru.ncsa.uiuc.edu:9443\",\"sub\":\"jgaynor\",\"exp\":1484764744,\"aud\":\"myproxy:oa4mp,2012:/client_id/14649e2f468450dac0c1834811dbd4c7\",\"iat\":1484763844,\"nonce\":\"0ZIi-EuxeC_X8AgB3VifOoqKiXWsz_NlXSzIu7h8rzU\",\"auth_time\":\"1484763843\"}\n");
        System.out.println("payload=" + fromObject2);
        System.out.println("base 64=" + concat(fromObject, fromObject2));
        JSONWebKeys fromJSON = JSONWebKeyUtil.fromJSON(new File("/home/ncsa/dev/csd/config/keys.jwk"));
        String createIDToken = createIDToken(fromObject2, fromJSON.get("9k0HPG3moXENne"));
        System.out.println(createIDToken);
        System.out.println("claims = " + verifyAndReadIDToken(createIDToken, fromJSON));
    }

    public static void firstTest() throws Exception {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(TYPE, "JWT");
        jSONObject.put(ALGORITHM, RS256_JWT);
        KeyPair generateKeyPair = KeyUtil.generateKeyPair();
        JSONWebKey jSONWebKey = new JSONWebKey();
        jSONWebKey.algorithm = RS256_JWT;
        jSONWebKey.privateKey = generateKeyPair.getPrivate();
        jSONWebKey.publicKey = generateKeyPair.getPublic();
        jSONWebKey.id = "qwert";
        jSONWebKey.type = "sig";
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("name", "jeff");
        jSONObject2.put(ClientXMLTags.ID, "sukjfhusdfsdjkfh");
        jSONObject2.put("other_claim", "skjdf93489ghiovs 98sd89wehi ws");
        jSONObject2.put("another_claim", "l;kfg8934789dfio9v 92w89 98wer");
        String createIDToken = createIDToken(jSONObject2, jSONWebKey);
        System.out.println("JWT=" + createIDToken);
        JSONWebKeys jSONWebKeys = new JSONWebKeys(null);
        jSONWebKeys.put(jSONWebKey.id, jSONWebKey);
        System.out.println("claims=" + verifyAndReadIDToken(createIDToken, jSONWebKeys));
        System.out.println("-----");
    }

    public static void signAndVerify(JSONWebKeys jSONWebKeys, String str) throws Exception {
        JSONObject fromObject = JSONObject.fromObject("{  \"typ\": \"JWT\",  \"kid\": \"9k0HPG3moXENne\",  \"alg\": \"RS256\"}");
        JSONObject fromObject2 = JSONObject.fromObject("{\n  \"iss\": \"https://ashigaru.ncsa.uiuc.edu:9443\",  \"sub\": \"jgaynor\",  \"exp\": 1484764744,  \"aud\": \"myproxy:oa4mp,2012:/client_id/14649e2f468450dac0c1834811dbd4c7\",  \"iat\": 1484763844,  \"nonce\": \"0ZIi-EuxeC_X8AgB3VifOoqKiXWsz_NlXSzIu7h8rzU\",  \"auth_time\": \"1484763843\"}");
        JSONWebKey jSONWebKey = jSONWebKeys.get(str);
        String sign = sign(fromObject, fromObject2, jSONWebKey);
        System.out.println(concat(fromObject, fromObject2) + DefaultExpressionEngine.DEFAULT_PROPERTY_DELIMITER + sign);
        System.out.println(KeyUtil.toX509PEM(jSONWebKey.publicKey));
        System.out.println("verified?" + verify(fromObject, fromObject2, sign, jSONWebKey));
    }

    public static void generateAndSign() throws Exception {
        KeyPair generateKeyPair = KeyUtil.generateKeyPair();
        JSONWebKeys jSONWebKeys = new JSONWebKeys("aQEiCy2fJcVgkOft");
        JSONWebKey jSONWebKey = new JSONWebKey();
        jSONWebKey.privateKey = generateKeyPair.getPrivate();
        jSONWebKey.publicKey = generateKeyPair.getPublic();
        jSONWebKey.algorithm = RS256_JWT;
        jSONWebKey.id = "aQEiCy2fJcVgkOft";
        jSONWebKey.use = "sig";
        jSONWebKey.type = "RSA";
        jSONWebKeys.put(jSONWebKey);
        System.out.println("Generating keys and signing.");
        signAndVerify(jSONWebKeys, "aQEiCy2fJcVgkOft");
        JSONWebKeys fromJSON = JSONWebKeyUtil.fromJSON(JSONWebKeyUtil.toJSON(jSONWebKeys).toString(2));
        fromJSON.get("aQEiCy2fJcVgkOft");
        System.out.println("Serializing, deserializing then signing.");
        signAndVerify(fromJSON, "aQEiCy2fJcVgkOft");
    }

    public static void printKeys() throws Exception {
        KeyPair generateKeyPair = KeyUtil.generateKeyPair();
        JSONWebKeys jSONWebKeys = new JSONWebKeys("aQEiCy2fJcVgkOft");
        JSONWebKey jSONWebKey = new JSONWebKey();
        jSONWebKey.privateKey = generateKeyPair.getPrivate();
        jSONWebKey.publicKey = generateKeyPair.getPublic();
        jSONWebKey.algorithm = RS256_JWT;
        jSONWebKey.id = "aQEiCy2fJcVgkOft";
        jSONWebKey.use = "sig";
        jSONWebKey.type = "RSA";
        jSONWebKeys.put(jSONWebKey);
        System.out.println("----- START keys");
        System.out.println(KeyUtil.toX509PEM(generateKeyPair.getPublic()));
        System.out.println(KeyUtil.toPKCS1PEM(generateKeyPair.getPrivate()));
        System.out.println(KeyUtil.toPKCS8PEM(generateKeyPair.getPrivate()));
        System.out.println("----- END keys\n");
        JSONWebKey jSONWebKey2 = JSONWebKeyUtil.fromJSON(JSONWebKeyUtil.toJSON(jSONWebKeys).toString(2)).get("aQEiCy2fJcVgkOft");
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(jSONWebKey2.privateKey.getEncoded()));
        System.out.println(KeyUtil.toX509PEM(jSONWebKey2.publicKey));
        System.out.println(KeyUtil.toPKCS1PEM(rSAPrivateKey));
        System.out.println(KeyUtil.toPKCS8PEM(rSAPrivateKey));
    }

    public static void firstTestB() throws Exception {
        JSONWebKeys fromJSON = JSONWebKeyUtil.fromJSON(new File("/home/ncsa/dev/csd/config/keys.jwk"));
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("name", "jeff");
        jSONObject.put(ClientXMLTags.ID, "sukjfhusdfsdjkfh");
        jSONObject.put("other_claim", "skjdf93489ghiovs 98sd89wehi ws");
        jSONObject.put("another_claim", "l;kfg8934789dfio9v 92w89 98wer");
        JSONWebKey jSONWebKey = fromJSON.get("9k0HPG3moXENne");
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(jSONWebKey.privateKey.getEncoded()));
        System.out.println(KeyUtil.toX509PEM(jSONWebKey.publicKey));
        System.out.println(KeyUtil.toPKCS1PEM(rSAPrivateKey));
        System.out.println(KeyUtil.toPKCS8PEM(rSAPrivateKey));
        String createIDToken = createIDToken(jSONObject, fromJSON.get("9k0HPG3moXENne"));
        System.out.println("JWT=" + createIDToken);
        System.out.println("claims=" + verifyAndReadIDToken(createIDToken, fromJSON));
        System.out.println("-----");
    }

    public static void testSigningDirectly() throws Exception {
        JSONWebKeys fromJSON = JSONWebKeyUtil.fromJSON(new File("/home/ncsa/dev/csd/config/keys.jwk"));
        JSONWebKey jSONWebKey = fromJSON.get("9k0HPG3moXENne");
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("name", "jeff");
        jSONObject.put(ClientXMLTags.ID, "sukjfhusdfsdjkfh");
        jSONObject.put("other_claim", "skjdf93489ghiovs 98sd89wehi ws");
        jSONObject.put("another_claim", "l;kfg8934789dfio9v 92w89 98wer");
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put(TYPE, "JWT");
        jSONObject2.put(KEY_ID, jSONWebKey.id);
        jSONObject2.put(ALGORITHM, jSONWebKey.algorithm);
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) keyFactory.generatePrivate(new PKCS8EncodedKeySpec(jSONWebKey.privateKey.getEncoded()));
        Signature signature = Signature.getInstance(getJavaSignatureName(jSONWebKey.algorithm));
        Signature signature2 = Signature.getInstance(getJavaSignatureName(jSONWebKey.algorithm));
        signature.initSign(rSAPrivateKey);
        byte[] bytes = concat(jSONObject2, jSONObject).getBytes();
        signature.update(bytes);
        byte[] sign = signature.sign();
        signature2.initVerify((RSAPublicKey) keyFactory.generatePublic(new X509EncodedKeySpec(JSONWebKeyUtil.makePublic(fromJSON).get("9k0HPG3moXENne").publicKey.getEncoded())));
        signature2.update(bytes);
        System.out.println("sig verifies?=" + signature2.verify(sign));
    }

    public static void testJWT_IO() throws Exception {
        System.out.println(sign(JSONObject.fromObject("{  \"typ\": \"JWT\",  \"kid\": \"9k0HPG3moXENne\",  \"alg\": \"RS256\"}"), JSONObject.fromObject("{\n  \"iss\": \"https://ashigaru.ncsa.uiuc.edu:9443\",  \"sub\": \"jgaynor\",  \"exp\": 1484764744,  \"aud\": \"myproxy:oa4mp,2012:/client_id/14649e2f468450dac0c1834811dbd4c7\",  \"iat\": 1484763844,  \"nonce\": \"0ZIi-EuxeC_X8AgB3VifOoqKiXWsz_NlXSzIu7h8rzU\",  \"auth_time\": \"1484763843\"}"), JSONWebKeyUtil.fromJSON(new File("/home/ncsa/dev/csd/config/keys.jwk")).get("9k0HPG3moXENne")));
    }
}
