package com.samsung.knoxwsm.util;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.samsung.knoxwsm.identity.KnoxIdentity;
import com.samsung.knoxwsm.identity.KnoxToken;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/samsung/knoxwsm/util/KnoxTokenUtility.class */
public class KnoxTokenUtility {
    private static final String JSON_PRIVATE_KEY_NAME = "Private";
    private static final String JSON_PUBLIC_KEY_NAME = "Public";
    private static final String JSON_ID_NAME = "Identifier";
    private static final String ALGORITHM = "RSA";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/samsung/knoxwsm/util/KnoxTokenUtility$AccessTokenBuilder.class */
    public static class AccessTokenBuilder extends Builder {
        private AccessTokenBuilder() {
            super();
        }
    }

    /* loaded from: input_file:com/samsung/knoxwsm/util/KnoxTokenUtility$Builder.class */
    public static class Builder {
        private static final int DURATION_TOKEN_VALID = 30;
        private KnoxIdentity knoxIdentity;
        private PrivateKey privateKey;
        private PublicKey publicKey;
        private static final String AUDIENCE = "KnoxWSM";
        private static final String CLAIM_ACCESS_TOKEN = "accessToken";
        private static final String CLAIM_CLIENT_IDENTIFIER = "clientIdentifier";
        private static final String CLAIM_PUBLIC_KEY = "publicKey";
        private static final long DURATION_VALID_MILLISECONDS = 1800000;
        private Map<String, Object> claims;
        private long durationValidForInMilliseconds;

        private Builder() {
            this.claims = new HashMap();
        }

        public Builder setSigningKey(PrivateKey privateKey) {
            this.privateKey = privateKey;
            return this;
        }

        public Builder setPublicKeyBase64EncodedString(PublicKey publicKey) {
            this.publicKey = publicKey;
            this.claims.put(CLAIM_PUBLIC_KEY, Base64.encodeBase64String(publicKey.getEncoded()));
            return this;
        }

        public Builder setKnoxIdentity(InputStream inputStream) {
            this.knoxIdentity = KnoxTokenUtility.generateKnoxIdentity(inputStream);
            this.privateKey = this.knoxIdentity.getKeyPair().getPrivate();
            this.publicKey = this.knoxIdentity.getKeyPair().getPublic();
            this.claims.put(CLAIM_PUBLIC_KEY, Base64.encodeBase64String(this.publicKey.getEncoded()));
            return this;
        }

        public Builder setToken(String str) {
            if (this instanceof AccessTokenBuilder) {
                this.claims.put(CLAIM_ACCESS_TOKEN, str);
            } else if (this instanceof ClientIdentifierTokenBuilder) {
                this.claims.put(CLAIM_CLIENT_IDENTIFIER, str);
            }
            return this;
        }

        public Builder setValidForMinutes(int i) {
            if (i < 0 || i > DURATION_TOKEN_VALID) {
                throw new IllegalArgumentException("Invalid duration provided. Duration must be >= 0 and <= 30");
            }
            this.durationValidForInMilliseconds = i * 60 * 1000;
            return this;
        }

        public String build() {
            if (this.claims == null || this.claims.isEmpty()) {
                throw new IllegalArgumentException("Cannot create empty token. Please provide value for token");
            }
            Date date = new Date();
            return Jwts.builder().setClaims(this.claims).setId(UUID.randomUUID().toString() + UUID.randomUUID().toString()).setIssuedAt(date).setExpiration(new Date(date.getTime() + (this.durationValidForInMilliseconds == 0 ? DURATION_VALID_MILLISECONDS : this.durationValidForInMilliseconds))).setAudience(AUDIENCE).signWith(SignatureAlgorithm.RS256, this.privateKey).compact();
        }

        public KnoxToken buildKnoxToken() {
            if (this.claims == null || this.claims.isEmpty()) {
                throw new IllegalArgumentException("Cannot create empty token. Please provide value for token");
            }
            Date date = new Date();
            return new KnoxToken(this.knoxIdentity != null ? this.knoxIdentity.getIdentifier() : null, Jwts.builder().setClaims(this.claims).setId(UUID.randomUUID().toString() + UUID.randomUUID().toString()).setIssuedAt(date).setExpiration(new Date(date.getTime() + (this.durationValidForInMilliseconds == 0 ? DURATION_VALID_MILLISECONDS : this.durationValidForInMilliseconds))).setAudience(AUDIENCE).signWith(SignatureAlgorithm.RS256, this.privateKey).compact());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/samsung/knoxwsm/util/KnoxTokenUtility$ClientIdentifierTokenBuilder.class */
    public static class ClientIdentifierTokenBuilder extends Builder {
        private ClientIdentifierTokenBuilder() {
            super();
        }
    }

    private KnoxTokenUtility() {
    }

    public static Builder signedAccessTokenBuilder() {
        return new AccessTokenBuilder();
    }

    public static Builder signedClientIdentifierBuilder() {
        return new ClientIdentifierTokenBuilder();
    }

    public static String generateSignedAccessTokenJWT(PrivateKey privateKey, PublicKey publicKey, String str) {
        return signedAccessTokenBuilder().setSigningKey(privateKey).setPublicKeyBase64EncodedString(publicKey).setToken(str).build();
    }

    public static String generateSignedAccessTokenJWT(KnoxIdentity knoxIdentity, String str) {
        return signedAccessTokenBuilder().setSigningKey(knoxIdentity.getKeyPair().getPrivate()).setPublicKeyBase64EncodedString(knoxIdentity.getKeyPair().getPublic()).setToken(str).build();
    }

    public static String generateSignedAccessTokenJWT(InputStream inputStream, String str) {
        return signedAccessTokenBuilder().setKnoxIdentity(inputStream).setToken(str).build();
    }

    public static String generateSignedClientIdentifierJWT(PrivateKey privateKey, String str) {
        return signedClientIdentifierBuilder().setSigningKey(privateKey).setToken(str).build();
    }

    public static String generateSignedClientIdentifierJWT(KnoxIdentity knoxIdentity, String str) {
        return signedClientIdentifierBuilder().setSigningKey(knoxIdentity.getKeyPair().getPrivate()).setToken(str).build();
    }

    public static String generateSignedClientIdentifierJWT(InputStream inputStream, String str) {
        return signedClientIdentifierBuilder().setKnoxIdentity(inputStream).setToken(str).build();
    }

    public static String generateBase64EncodedStringPublicKey(InputStream inputStream) {
        return Base64.encodeBase64String(generateKnoxIdentity(inputStream).getKeyPair().getPublic().getEncoded());
    }

    private static PrivateKey createPrivateKey(String str) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("Cannot create private key from empty string");
        }
        try {
            return KeyFactory.getInstance(ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(Base64.decodeBase64(str)));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Could not construct private key");
        } catch (InvalidKeySpecException e2) {
            throw new IllegalArgumentException("Could not construct private key");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KnoxIdentity generateKnoxIdentity(InputStream inputStream) {
        try {
            JsonNode readTree = new ObjectMapper().readTree(inputStream);
            return new KnoxIdentity(new KeyPair((PublicKey) constructKey(JSON_PUBLIC_KEY_NAME, readTree.get(JSON_PUBLIC_KEY_NAME).asText()), (PrivateKey) constructKey(JSON_PRIVATE_KEY_NAME, readTree.get(JSON_PRIVATE_KEY_NAME).asText())), null);
        } catch (Exception e) {
            throw new RuntimeException("Could not read contents of file.", e);
        }
    }

    private static Key constructKey(String str, String str2) {
        Key generatePublic;
        try {
            if (JSON_PRIVATE_KEY_NAME.equals(str)) {
                generatePublic = KeyFactory.getInstance(ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(Base64.decodeBase64(str2)));
            } else {
                if (!JSON_PUBLIC_KEY_NAME.equals(str)) {
                    throw new RuntimeException();
                }
                generatePublic = KeyFactory.getInstance(ALGORITHM).generatePublic(new X509EncodedKeySpec(Base64.decodeBase64(str2)));
            }
            return generatePublic;
        } catch (Exception e) {
            throw new RuntimeException("Could not construct KeyPair from provided File", e);
        }
    }
}
