package datart.security.util;

import com.google.common.collect.Lists;
import com.nimbusds.jose.jwk.JWKMatcher;
import com.nimbusds.jose.jwk.JWKSelector;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyConverter;
import com.nimbusds.jose.jwk.KeyType;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import com.nimbusds.jose.proc.SecurityContext;
import datart.core.base.exception.Exceptions;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwt;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import java.io.File;
import java.io.FileReader;
import java.net.URL;
import java.security.Key;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.interfaces.ECPrivateKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jcajce.provider.config.ProviderConfiguration;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:datart/security/util/JwkUtils.class */
public class JwkUtils {
    private static Provider provider;
    private static final Logger log = LoggerFactory.getLogger(JwkUtils.class);
    private static JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter();

    public static Jwt parseJwt(String str, String str2) {
        List<Key> jwKFromFile = getJwKFromFile(str2);
        JwtParser parser = Jwts.parser();
        Jwt jwt = null;
        Iterator<Key> it = jwKFromFile.iterator();
        while (it.hasNext()) {
            BCECPrivateKey bCECPrivateKey = (Key) it.next();
            try {
                if (bCECPrivateKey instanceof ECPrivateKey) {
                    bCECPrivateKey = EcPrivateToPublic(bCECPrivateKey);
                }
                jwt = parser.setSigningKey(bCECPrivateKey).parse(str);
                break;
            } catch (ExpiredJwtException e) {
                log.info(e.getMessage());
            } catch (JwtException e2) {
                log.warn(e2.getMessage());
            }
        }
        if (jwt == null) {
            Exceptions.base("Jwt token parse failed");
        }
        return jwt;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v9, types: [java.util.List] */
    public static List<Key> getJwKFromFile(String str) {
        ArrayList newArrayList = Lists.newArrayList();
        File file = new File(str);
        try {
            newArrayList = KeyConverter.toJavaKeys(JWKSet.load(file).getKeys());
        } catch (Exception e) {
            log.error("Failed to load jwkSet from file: " + file.getPath());
        }
        return newArrayList;
    }

    public static Key getJwKFromFileByKid(String str, String str2) {
        Key key = null;
        File file = new File(str);
        try {
            List javaKeys = KeyConverter.toJavaKeys(Collections.singletonList(JWKSet.load(file).getKeyByKeyId(str2)));
            if (CollectionUtils.isEmpty(javaKeys)) {
                log.error("Cannot find jwk from file({}) by kid:({}).", file.getPath(), str2);
            } else {
                key = (Key) javaKeys.get(0);
            }
        } catch (Exception e) {
            log.error("Failed to load jwkSet from file({}) by kid:({}).", file.getPath(), str2);
        }
        return key;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v12, types: [java.util.List] */
    public static List<Key> getJwKFromUrl(String str) {
        ArrayList newArrayList = Lists.newArrayList();
        try {
            newArrayList = KeyConverter.toJavaKeys(new RemoteJWKSet(new URL(str)).get(new JWKSelector(new JWKMatcher.Builder().keyUses(new KeyUse[]{KeyUse.SIGNATURE, KeyUse.ENCRYPTION, null}).keyTypes(new KeyType[]{KeyType.OCT, KeyType.RSA, KeyType.EC}).build()), (SecurityContext) null));
        } catch (Exception e) {
            log.error("Failed to load jwkSet from url: " + str);
        }
        return newArrayList;
    }

    public static Key getJwKFromUrlByKid(String str, String str2) {
        Key key = null;
        try {
            List javaKeys = KeyConverter.toJavaKeys(Collections.singletonList(new RemoteJWKSet(new URL(str)).getCachedJWKSet().getKeyByKeyId(str2)));
            if (CollectionUtils.isEmpty(javaKeys)) {
                log.error("Cannot find jwk from url({}) by kid:({}).", str, str2);
            } else {
                key = (Key) javaKeys.get(0);
            }
        } catch (Exception e) {
            log.error("Failed to load jwkSet from url({}) by kid:({}).", str, str2);
        }
        return key;
    }

    public static Key getPublicKeyFromPem(String str) {
        BCECPrivateKey bCECPrivateKey = null;
        try {
            Object readObject = new PEMParser(new FileReader(str)).readObject();
            if (readObject instanceof PEMKeyPair) {
                bCECPrivateKey = keyConverter.getKeyPair((PEMKeyPair) readObject).getPublic();
            } else if (readObject instanceof SubjectPublicKeyInfo) {
                bCECPrivateKey = keyConverter.getPublicKey((SubjectPublicKeyInfo) readObject);
            } else if (readObject instanceof PrivateKeyInfo) {
                BCECPrivateKey privateKey = keyConverter.getPrivateKey((PrivateKeyInfo) readObject);
                bCECPrivateKey = privateKey;
                if (privateKey instanceof BCECPrivateKey) {
                    bCECPrivateKey = EcPrivateToPublic(privateKey);
                }
            }
        } catch (Exception e) {
            log.error("The pem file parsed failed: {}", e.getMessage());
        }
        return bCECPrivateKey;
    }

    public static Key getPrivateKeyFromPem(String str) {
        PrivateKey privateKey = null;
        try {
            Object readObject = new PEMParser(new FileReader(str)).readObject();
            if (readObject instanceof PEMKeyPair) {
                privateKey = keyConverter.getKeyPair((PEMKeyPair) readObject).getPrivate();
            } else if (readObject instanceof PrivateKeyInfo) {
                privateKey = keyConverter.getPrivateKey((PrivateKeyInfo) readObject);
            }
        } catch (Exception e) {
            log.error("The pem file parsed failed: {}", e.getMessage());
        }
        return privateKey;
    }

    private static PublicKey EcPrivateToPublic(ECPrivateKey eCPrivateKey) {
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("ECDSA");
            BCECPrivateKey bCECPrivateKey = new BCECPrivateKey(eCPrivateKey, (ProviderConfiguration) null);
            ECParameterSpec parameters = bCECPrivateKey.getParameters();
            return keyFactory.generatePublic(new ECPublicKeySpec(parameters.getG().multiply(bCECPrivateKey.getD()), parameters));
        } catch (Exception e) {
            log.error("failed to covert ec privateKey to public.");
            return null;
        }
    }

    static {
        provider = null;
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        provider = Security.getProvider("BC");
        keyConverter.setProvider(provider);
    }
}
