package no.nav.security.token.support.client.core.jwk;

import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.util.Base64URL;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.Optional;
import java.util.function.Supplier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/nav/security/token/support/client/core/jwk/JwkFactory.class */
public class JwkFactory {
    private static final Logger log = LoggerFactory.getLogger(JwkFactory.class);
    private static final boolean USE_CERTIFICATE_SHA1_THUMBPRINT = true;

    /* loaded from: input_file:no/nav/security/token/support/client/core/jwk/JwkFactory$JwkInvalidException.class */
    public static class JwkInvalidException extends RuntimeException {
        JwkInvalidException(String str) {
            super(str);
        }

        JwkInvalidException(Throwable th) {
            super(th);
        }
    }

    public static RSAKey fromJsonFile(String str) {
        try {
            log.debug("attempting to read jwk from path: {}", Path.of(str, new String[0]).toAbsolutePath());
            return fromJson(Files.readString(Path.of(str, new String[0]), StandardCharsets.UTF_8));
        } catch (IOException e) {
            throw new JwkInvalidException(e);
        }
    }

    public static RSAKey fromJson(String str) {
        try {
            return RSAKey.parse(str);
        } catch (ParseException e) {
            throw new JwkInvalidException(e);
        }
    }

    public static RSAKey fromKeyStore(String str, InputStream inputStream, String str2) {
        RSAKey keyByKeyId = fromKeyStore(inputStream, str2).getKeyByKeyId(str);
        return new RSAKey.Builder(keyByKeyId).keyID(getX509CertSHA1Thumbprint(keyByKeyId)).build();
    }

    private static JWKSet fromKeyStore(InputStream inputStream, String str) {
        try {
            char[] cArr = (char[]) Optional.ofNullable(str).map((v0) -> {
                return v0.toCharArray();
            }).orElseThrow(jwkInvalid("password cannot be null"));
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(inputStream, cArr);
            return JWKSet.load(keyStore, str2 -> {
                return cArr;
            });
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    private static String getX509CertSHA1Thumbprint(RSAKey rSAKey) {
        X509Certificate x509Certificate = (X509Certificate) rSAKey.getParsedX509CertChain().stream().findFirst().orElse(null);
        if (x509Certificate == null) {
            return null;
        }
        try {
            return createSHA1DigestBase64Url(x509Certificate.getEncoded());
        } catch (CertificateEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    private static String createSHA1DigestBase64Url(byte[] bArr) {
        try {
            return Base64URL.encode(MessageDigest.getInstance("SHA-1").digest(bArr)).toString();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private static Supplier<JwkInvalidException> jwkInvalid(String str) {
        return () -> {
            return new JwkInvalidException(str);
        };
    }
}
