package org.ow2.petals.binding.rest.exchange.outgoing.auth.jwt;

import com.ebmwebsourcing.easycommons.properties.PropertiesException;
import com.ebmwebsourcing.easycommons.properties.PropertiesHelper;
import io.jsonwebtoken.CompressionCodec;
import io.jsonwebtoken.CompressionCodecs;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.SignatureException;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
import javax.xml.xpath.XPath;
import org.apache.commons.io.IOUtils;
import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.Credentials;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.io.pem.PemReader;
import org.ow2.petals.binding.rest.exchange.outgoing.auth.AbstractTargetHostAuthentication;
import org.ow2.petals.binding.rest.exchange.outgoing.auth.Authentication;
import org.ow2.petals.binding.rest.exchange.outgoing.auth.exception.AuthenticationConfigException;
import org.ow2.petals.binding.rest.exchange.outgoing.auth.exception.AuthenticationRuntimeException;
import org.ow2.petals.binding.rest.exchange.outgoing.auth.jwt.exception.KeyFileUrlRequiredException;
import org.ow2.petals.binding.rest.exchange.outgoing.auth.jwt.exception.MissingSignatureAlgorithmAttrException;
import org.ow2.petals.binding.rest.exchange.outgoing.auth.jwt.exception.NoClaimDefinedException;
import org.ow2.petals.binding.rest.exchange.outgoing.auth.jwt.exception.NoClaimNameException;
import org.ow2.petals.binding.rest.exchange.outgoing.auth.jwt.exception.NoClaimValueException;
import org.ow2.petals.binding.rest.exchange.outgoing.auth.jwt.exception.OnlyOneClaimNameException;
import org.ow2.petals.binding.rest.exchange.outgoing.auth.jwt.exception.OnlyOneClaimValueException;
import org.ow2.petals.binding.rest.exchange.outgoing.auth.jwt.exception.OnlyOneCompressionCodecException;
import org.ow2.petals.binding.rest.exchange.outgoing.auth.jwt.exception.OnlyOneKeyFileUrlException;
import org.ow2.petals.binding.rest.exchange.outgoing.auth.jwt.exception.OnlyOneSignatureAlgorithmException;
import org.ow2.petals.binding.rest.exchange.outgoing.auth.jwt.exception.UnknownCompressionCodecException;
import org.ow2.petals.binding.rest.exchange.outgoing.auth.jwt.exception.UnknownSignatureAlgorithmException;
import org.ow2.petals.binding.rest.utils.CachedExchange;
import org.ow2.petals.binding.rest.utils.extractor.value.ValueExtractorBuilder;
import org.ow2.petals.binding.rest.utils.extractor.value.XMLPayloadValueExtractor;
import org.ow2.petals.binding.rest.utils.extractor.value.exception.ValueExtractorConfigException;
import org.ow2.petals.binding.rest.utils.extractor.value.exception.ValueExtractorRuntimeException;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/ow2/petals/binding/rest/exchange/outgoing/auth/jwt/JwtAuthentication.class */
public class JwtAuthentication extends AbstractTargetHostAuthentication implements Authentication {
    public static final String XML_TAG_NAME = "jwt";
    public static final String JWT_AUTHENT_CLAIM = "claim";
    public static final String JWT_AUTHENT_CLAIM_NAME = "name";
    public static final String JWT_AUTHENT_CLAIM_VALUE = "value";
    public static final String JWT_AUTHENT_COMPRESS_WITH = "compress-with";
    public static final String JWT_AUTHENT_SIGN_WITH = "sign-with";
    public static final String JWT_AUTHENT_SIGN_WITH_ALGORITHM = "algorithm";
    public static final String JWT_AUTHENT_SIGN_WITH_KEYFILE = "key-file-url";
    private final List<ClaimDefinition> claims;
    private final CompressionCodec compressionCodec;
    private final SignatureAlgorithm signatureAlgorithm;
    private final String signatureKeyFileUrlTemplate;
    private Key signatureKey;
    private Object signatureKeyLock;

    public JwtAuthentication(List<ClaimDefinition> list, CompressionCodec compressionCodec, SignatureAlgorithm signatureAlgorithm, String str, Properties properties, Logger logger) {
        super(properties, logger);
        this.signatureKey = null;
        this.signatureKeyLock = new Object();
        this.claims = list;
        this.compressionCodec = compressionCodec;
        this.signatureAlgorithm = signatureAlgorithm;
        this.signatureKeyFileUrlTemplate = str;
        readKey();
    }

    @Override // org.ow2.petals.binding.rest.exchange.outgoing.auth.AbstractTargetHostAuthentication
    protected Credentials getCredentials(CachedExchange cachedExchange) throws AuthenticationRuntimeException {
        JwtBuilder builder = Jwts.builder();
        try {
            for (ClaimDefinition claimDefinition : this.claims) {
                builder.claim(claimDefinition.getName().extractAsString(cachedExchange), claimDefinition.getValue().extractAsString(cachedExchange));
            }
            if (this.compressionCodec != null) {
                builder.compressWith(this.compressionCodec);
            }
            synchronized (this.signatureKeyLock) {
                if (this.signatureAlgorithm != null) {
                    if (this.signatureKey != null) {
                        builder.signWith(this.signatureAlgorithm, this.signatureKey);
                    } else {
                        this.logger.warning("No signature key available to sign JWT token. Signature is skipped !");
                    }
                }
            }
            return new JwtCredentials(builder.compact());
        } catch (ValueExtractorRuntimeException e) {
            throw new AuthenticationRuntimeException(e);
        }
    }

    @Override // org.ow2.petals.binding.rest.exchange.outgoing.auth.Authentication
    public void log(String str) {
        this.logger.config(str + "- JWT authentication: ");
        this.logger.config(str + "\t- claims: ");
        for (ClaimDefinition claimDefinition : this.claims) {
            this.logger.config(str + "\t\t- claim: ");
            this.logger.config(str + "\t\t\t- name: ");
            claimDefinition.getName().log(str + "\t\t\t\t");
            this.logger.config(str + "\t\t\t- value: ");
            claimDefinition.getValue().log(str + "\t\t\t\t");
        }
        this.logger.config(str + "\t- compression codec: " + (this.compressionCodec == null ? "No" : this.compressionCodec.getAlgorithmName()));
        if (this.signatureAlgorithm == null) {
            this.logger.config(str + "\t- signature algo: No");
        } else {
            this.logger.config(str + "\t- signature algo: " + this.signatureAlgorithm.getDescription());
        }
        if (this.signatureKey == null) {
            this.logger.config(str + "\t- signature key: No");
        } else {
            this.logger.config(str + "\t- signature key: " + this.signatureKeyFileUrlTemplate);
        }
    }

    @Override // org.ow2.petals.binding.rest.exchange.outgoing.auth.AbstractTargetHostAuthentication, org.ow2.petals.binding.rest.exchange.outgoing.auth.Authentication
    public void onPlaceHolderValuesReloaded() {
        super.onPlaceHolderValuesReloaded();
        for (ClaimDefinition claimDefinition : this.claims) {
            claimDefinition.getName().onPlaceHolderValuesReloaded();
            claimDefinition.getValue().onPlaceHolderValuesReloaded();
        }
        readKey();
    }

    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x0111: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:73:0x0111 */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x010d: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:71:0x010d */
    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r9v0, types: [java.io.InputStream] */
    private void readKey() {
        ?? r9;
        ?? r10;
        try {
            try {
                try {
                    InputStream openStream = new URL(PropertiesHelper.resolveString(this.signatureKeyFileUrlTemplate, this.componentPlaceholders)).openStream();
                    Throwable th = null;
                    if (Security.getProvider("BC") == null) {
                        Security.addProvider(new BouncyCastleProvider());
                    }
                    PemReader pemReader = new PemReader(new StringReader(IOUtils.toString(openStream)));
                    Throwable th2 = null;
                    try {
                        try {
                            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(pemReader.readPemObject().getContent());
                            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
                            synchronized (this.signatureKeyLock) {
                                this.signatureKey = keyFactory.generatePrivate(pKCS8EncodedKeySpec);
                            }
                            if (pemReader != null) {
                                if (0 != 0) {
                                    try {
                                        pemReader.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    pemReader.close();
                                }
                            }
                            if (openStream != null) {
                                if (0 != 0) {
                                    try {
                                        openStream.close();
                                    } catch (Throwable th4) {
                                        th.addSuppressed(th4);
                                    }
                                } else {
                                    openStream.close();
                                }
                            }
                        } catch (Throwable th5) {
                            th2 = th5;
                            throw th5;
                        }
                    } catch (Throwable th6) {
                        if (pemReader != null) {
                            if (th2 != null) {
                                try {
                                    pemReader.close();
                                } catch (Throwable th7) {
                                    th2.addSuppressed(th7);
                                }
                            } else {
                                pemReader.close();
                            }
                        }
                        throw th6;
                    }
                } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
                    this.logger.log(Level.WARNING, "An error occurs reading signature key. The signature key can be not the expected one. Try to reload placeholders again.", e);
                }
            } catch (Throwable th8) {
                if (r9 != 0) {
                    if (r10 != 0) {
                        try {
                            r9.close();
                        } catch (Throwable th9) {
                            r10.addSuppressed(th9);
                        }
                    } else {
                        r9.close();
                    }
                }
                throw th8;
            }
        } catch (PropertiesException | MalformedURLException e2) {
            this.logger.log(Level.WARNING, "An error occurs reloading placeholder. The signature key can be not the expected one. Try to reload placeholders again.", e2);
        }
    }

    @Override // org.ow2.petals.binding.rest.exchange.outgoing.auth.AbstractTargetHostAuthentication
    protected AuthScheme getAuthScheme() {
        return new JwtScheme();
    }

    public static JwtAuthentication build(Element element, QName qName, XPath xPath, Properties properties, Logger logger) throws AuthenticationConfigException {
        CompressionCodec compressionCodec;
        SignatureAlgorithm signatureAlgorithm;
        String str;
        String namespaceURI = element.getNamespaceURI();
        try {
            ArrayList arrayList = new ArrayList();
            NodeList elementsByTagNameNS = element.getElementsByTagNameNS(namespaceURI, JWT_AUTHENT_CLAIM);
            if (elementsByTagNameNS.getLength() == 0) {
                throw new NoClaimDefinedException(qName);
            }
            for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
                Element element2 = (Element) elementsByTagNameNS.item(i);
                NodeList elementsByTagNameNS2 = element2.getElementsByTagNameNS(namespaceURI, "name");
                if (elementsByTagNameNS2.getLength() > 1) {
                    throw new OnlyOneClaimNameException(qName);
                }
                if (elementsByTagNameNS2.getLength() == 0) {
                    throw new NoClaimNameException(qName);
                }
                XMLPayloadValueExtractor build = ValueExtractorBuilder.build((Element) elementsByTagNameNS2.item(0), xPath, properties, logger);
                NodeList elementsByTagNameNS3 = element2.getElementsByTagNameNS(namespaceURI, JWT_AUTHENT_CLAIM_VALUE);
                if (elementsByTagNameNS3.getLength() > 1) {
                    throw new OnlyOneClaimValueException(qName);
                }
                if (elementsByTagNameNS3.getLength() == 0) {
                    throw new NoClaimValueException(qName);
                }
                arrayList.add(new ClaimDefinition(build, ValueExtractorBuilder.build((Element) elementsByTagNameNS3.item(0), xPath, properties, logger)));
            }
            NodeList elementsByTagNameNS4 = element.getElementsByTagNameNS(namespaceURI, JWT_AUTHENT_COMPRESS_WITH);
            if (elementsByTagNameNS4.getLength() == 1) {
                String textContent = elementsByTagNameNS4.item(0).getTextContent();
                if (CompressionCodecs.DEFLATE.getAlgorithmName().equalsIgnoreCase(textContent)) {
                    compressionCodec = CompressionCodecs.DEFLATE;
                } else {
                    if (!CompressionCodecs.GZIP.getAlgorithmName().equalsIgnoreCase(textContent)) {
                        throw new UnknownCompressionCodecException(textContent, qName);
                    }
                    compressionCodec = CompressionCodecs.GZIP;
                }
            } else {
                if (elementsByTagNameNS4.getLength() > 1) {
                    throw new OnlyOneCompressionCodecException(qName);
                }
                compressionCodec = null;
            }
            NodeList elementsByTagNameNS5 = element.getElementsByTagNameNS(namespaceURI, JWT_AUTHENT_SIGN_WITH);
            if (elementsByTagNameNS5.getLength() == 1) {
                Element element3 = (Element) elementsByTagNameNS5.item(0);
                String attribute = element3.getAttribute(JWT_AUTHENT_SIGN_WITH_ALGORITHM);
                if (attribute.isEmpty()) {
                    throw new MissingSignatureAlgorithmAttrException(qName);
                }
                try {
                    signatureAlgorithm = SignatureAlgorithm.forName(attribute);
                    NodeList elementsByTagNameNS6 = element3.getElementsByTagNameNS(namespaceURI, JWT_AUTHENT_SIGN_WITH_KEYFILE);
                    if (elementsByTagNameNS6.getLength() > 1) {
                        throw new OnlyOneKeyFileUrlException(qName);
                    }
                    if (elementsByTagNameNS6.getLength() == 0) {
                        throw new KeyFileUrlRequiredException(qName);
                    }
                    str = ((Element) elementsByTagNameNS6.item(0)).getTextContent();
                } catch (SignatureException e) {
                    throw new UnknownSignatureAlgorithmException(attribute, qName, e);
                }
            } else {
                if (elementsByTagNameNS5.getLength() > 1) {
                    throw new OnlyOneSignatureAlgorithmException(qName);
                }
                signatureAlgorithm = null;
                str = null;
            }
            return new JwtAuthentication(arrayList, compressionCodec, signatureAlgorithm, str, properties, logger);
        } catch (ValueExtractorConfigException e2) {
            throw new AuthenticationConfigException((Throwable) e2);
        }
    }
}
