package io.fusionauth.jwt;

import io.fusionauth.jwks.domain.JSONWebKey;
import io.fusionauth.jwt.domain.Header;
import io.fusionauth.jwt.domain.JWT;
import io.fusionauth.jwt.domain.KeyPair;
import io.fusionauth.jwt.domain.KeyType;
import io.fusionauth.jwt.json.Mapper;
import io.fusionauth.pem.domain.PEM;
import java.nio.charset.StandardCharsets;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.LinkedHashMap;
import java.util.Objects;
import kotlin.io.ConstantsKt;

/* loaded from: input_file:io/fusionauth/jwt/JWTUtils.class */
public class JWTUtils {
    public static String convertFingerprintToThumbprint(String str) {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(HexUtils.toBytes(str));
    }

    public static String convertThumbprintToFingerprint(String str) {
        return HexUtils.fromBytes(Base64.getUrlDecoder().decode(str.getBytes(StandardCharsets.UTF_8)));
    }

    public static Header decodeHeader(String str) {
        Objects.requireNonNull(str);
        String[] split = str.split("\\.");
        if (split.length == 3 || (split.length == 2 && str.endsWith("."))) {
            return (Header) Mapper.deserialize(Base64.getUrlDecoder().decode(split[0]), Header.class);
        }
        throw new InvalidJWTException("The encoded JWT is not properly formatted. Expected a three part dot separated string.");
    }

    public static JWT decodePayload(String str) {
        Objects.requireNonNull(str);
        String[] split = str.split("\\.");
        if (split.length == 3 || (split.length == 2 && str.endsWith("."))) {
            return (JWT) Mapper.deserialize(Base64.getUrlDecoder().decode(split[1]), JWT.class);
        }
        throw new InvalidJWTException("The encoded JWT is not properly formatted. Expected a three part dot separated string.");
    }

    public static KeyPair generate2048_RSAKeyPair() {
        return generateKeyPair(2048, KeyType.RSA);
    }

    public static KeyPair generate256_ECKeyPair() {
        return generateKeyPair(256, KeyType.EC);
    }

    public static KeyPair generate3072_RSAKeyPair() {
        return generateKeyPair(3072, KeyType.RSA);
    }

    public static KeyPair generate384_ECKeyPair() {
        return generateKeyPair(384, KeyType.EC);
    }

    public static KeyPair generate4096_RSAKeyPair() {
        return generateKeyPair(ConstantsKt.DEFAULT_BLOCK_SIZE, KeyType.RSA);
    }

    public static KeyPair generate521_ECKeyPair() {
        return generateKeyPair(521, KeyType.EC);
    }

    public static String generateJWS_kid(String str, JSONWebKey jSONWebKey) {
        LinkedHashMap linkedHashMap = new LinkedHashMap(4);
        if (jSONWebKey.kty == KeyType.EC) {
            linkedHashMap.put("crv", jSONWebKey.crv);
            linkedHashMap.put("kty", jSONWebKey.kty);
            linkedHashMap.put("x", jSONWebKey.x);
            linkedHashMap.put("y", jSONWebKey.y);
        } else {
            linkedHashMap.put("e", jSONWebKey.e);
            linkedHashMap.put("kty", jSONWebKey.kty);
            linkedHashMap.put("n", jSONWebKey.n);
        }
        return digest(str, Mapper.serialize(linkedHashMap));
    }

    public static String generateJWS_kid(JSONWebKey jSONWebKey) {
        return generateJWS_kid("SHA-1", jSONWebKey);
    }

    public static String generateJWS_kid_S256(JSONWebKey jSONWebKey) {
        return generateJWS_kid("SHA-256", jSONWebKey);
    }

    public static String generateJWS_x5t(String str) {
        return generateJWS_x5t("SHA-1", str);
    }

    public static String generateJWS_x5t(String str, String str2) {
        return generateJWS_x5t(str, Base64.getDecoder().decode(str2.getBytes(StandardCharsets.UTF_8)));
    }

    public static String generateJWS_x5t(byte[] bArr) {
        return generateJWS_x5t("SHA-1", bArr);
    }

    public static String generateJWS_x5t(String str, byte[] bArr) {
        return digest(str, bArr);
    }

    public static String generateSHA256_HMACSecret() {
        return generateSecureRandom(32);
    }

    public static String generateSHA384_HMACSecret() {
        return generateSecureRandom(48);
    }

    public static String generateSHA512_HMACSecret() {
        return generateSecureRandom(64);
    }

    public static String generateSecureRandom(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return Base64.getEncoder().encodeToString(bArr);
    }

    private static String digest(String str, byte[] bArr) {
        try {
            return new String(Base64.getUrlEncoder().withoutPadding().encode(MessageDigest.getInstance(str).digest(bArr)));
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("No such algorithm [" + str + "]");
        }
    }

    private static KeyPair generateKeyPair(int i, KeyType keyType) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyType.name());
            keyPairGenerator.initialize(i);
            java.security.KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            return new KeyPair(PEM.encode(generateKeyPair.getPrivate(), generateKeyPair.getPublic()), PEM.encode(generateKeyPair.getPublic()));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
}
