package com.adobe.granite.ims.yamlloader;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.lang.StringUtils;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/granite/ims/yamlloader/Utils.class */
public final class Utils {
    private static final Logger LOG = LoggerFactory.getLogger(Utils.class);
    public static final String NAME = "name";
    public static final String KEY_KEYSTORE_USERID = "userId";
    public static final String KEY_KEYSTORE_PASSWORD = "password";
    public static final String KEY_KEYSTORE_ALIAS = "alias";
    public static final String KEY_KEYSTORE_PRIVATE_KEY = "privateKey";
    public static final String KEY_KEYSTORE_PUBLIC_KEY = "publicKey";
    public static final String KEY_IMS_TITLE = "title";
    public static final String KEY_IMS_AUTH_SERVER_URL = "authServerUrl";
    public static final String KEY_IMS_KEYPAIR_ALIAS = "keypairAlias";
    public static final String KEY_IMS_CLOUD_SERVICE_NAME = "cloudServiceName";
    public static final String KEY_IMS_API_KEY = "apiKey";
    public static final String KEY_IMS_CLIENT_SECRET = "clientSecret";
    public static final String KEY_IMS_JWT_CLAIMS = "jwtClaims";
    public static final String KEY_IMS_RELAXED_SSL = "relaxedSsl";

    private Utils() {
        throw new IllegalStateException("Utility class");
    }

    public static ArrayList<String> getJwtClaims(String str) throws JSONException {
        ArrayList<String> arrayList = new ArrayList<>();
        JSONObject jSONObject = new JSONObject(str);
        jSONObject.remove("exp");
        jSONObject.remove("jti");
        Iterator keys = jSONObject.keys();
        while (keys.hasNext()) {
            String str2 = (String) keys.next();
            Object obj = jSONObject.get(str2);
            if (obj instanceof String) {
                obj = "\"" + obj + "\"";
            }
            arrayList.add(("\"" + str2 + "\"") + " : " + obj.toString());
        }
        return arrayList;
    }

    public static JSONObject claimsAsJson(String[] strArr) throws JSONException {
        if (strArr == null || strArr.length <= 0) {
            return null;
        }
        return new JSONObject("{" + StringUtils.join(strArr, ",") + "}");
    }

    public static boolean verifyImsConfigurations(Map<String, String> map) {
        LOG.info("Verifying IMS configuration");
        if (map == null) {
            LOG.warn("Null settings detected");
            return false;
        }
        if (StringUtils.isEmpty(map.get(KEY_IMS_API_KEY)) || StringUtils.isEmpty(map.get(KEY_IMS_TITLE)) || StringUtils.isEmpty(map.get(KEY_IMS_AUTH_SERVER_URL)) || StringUtils.isEmpty(map.get(KEY_IMS_JWT_CLAIMS)) || StringUtils.isEmpty(map.get(KEY_IMS_CLIENT_SECRET)) || StringUtils.isEmpty(map.get(KEY_IMS_KEYPAIR_ALIAS))) {
            LOG.warn("Required fields for IMS configuration missed, make sure it include: apiKey, title, authServerUrl, claims, clientSecret and keypairAlias");
            return false;
        }
        if (!map.get(KEY_IMS_AUTH_SERVER_URL).startsWith("https://")) {
            LOG.warn("Auth server URL must use 'https://'!");
            return false;
        }
        try {
            if (getJwtClaims(map.get(KEY_IMS_JWT_CLAIMS)).isEmpty()) {
                throw new IllegalArgumentException("Invalid JWT claims!");
            }
            LOG.info("IMS configuration verified");
            return true;
        } catch (JSONException e) {
            LOG.error("Invalid JSON formatting for JWT claims. (error={})", e.getMessage(), e);
            return false;
        }
    }

    public static PrivateKey generatePrivateKey(String str) throws GeneralSecurityException {
        StringBuilder sb = new StringBuilder();
        for (String str2 : str.split("\n")) {
            if ((!str2.startsWith("-----BEGIN ") || !str2.endsWith(" PRIVATE KEY-----")) && (!str2.startsWith("-----END ") || !str2.endsWith(" PRIVATE KEY-----"))) {
                sb.append(str2);
            }
        }
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(DatatypeConverter.parseBase64Binary(sb.toString())));
    }

    public static Certificate[] generateCertificateChain(String str) throws IOException, CertificateException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        return new Certificate[]{generateCertificate};
    }
}
