package io.confluent.kafka.server.plugins.auth.oauth;

import com.amazonaws.regions.ServiceAbbreviations;
import io.confluent.security.authentication.oauthbearer.CloudJwtPrincipal;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import org.apache.kafka.test.TestUtils;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;
import org.jose4j.lang.JoseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/kafka/server/plugins/auth/oauth/OAuthUtils.class */
public class OAuthUtils {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OAuthUtils.class);

    /* loaded from: input_file:io/confluent/kafka/server/plugins/auth/oauth/OAuthUtils$JwsContainer.class */
    public static class JwsContainer {
        private final String jwsToken;
        private final File publicKeyFile;
        private final Map<Integer, String> userTokens;
        private PublicKey key;
        private String kid;

        public JwsContainer(String str, Map<Integer, String> map, File file) {
            this(str, map, file, null, null);
        }

        public JwsContainer(String str, Map<Integer, String> map, File file, PublicKey publicKey, String str2) {
            this.jwsToken = str;
            this.userTokens = map;
            this.publicKeyFile = file;
            this.key = publicKey;
            this.kid = str2;
        }

        public File getPublicKeyFile() {
            return this.publicKeyFile;
        }

        public String getJwsToken() {
            return this.jwsToken;
        }

        public Map<Integer, String> userTokens() {
            return this.userTokens;
        }

        public PublicKey verificationKey() {
            return this.key;
        }

        public String getKid() {
            return this.kid;
        }
    }

    public static JwsContainer setUpJws(Integer num, String str, String str2, Integer[] numArr, String[] strArr, String str3, boolean z) throws Exception {
        KeyPair generateKeyPair = generateKeyPair();
        File tempFile = TestUtils.tempFile();
        writePemFile(tempFile, generateKeyPair.getPublic());
        String uuid = UUID.randomUUID().toString();
        String sign = sign(generateKeyPair.getPrivate(), num, str, str2, strArr, z ? uuid : null, str3);
        HashMap hashMap = new HashMap();
        for (Integer num2 : numArr) {
            hashMap.put(num2, sign(generateKeyPair.getPrivate(), num, str, num2 + "", strArr, z ? uuid : null, str3));
        }
        return new JwsContainer(sign, hashMap, tempFile, generateKeyPair.getPublic(), uuid);
    }

    public static JwsContainer setUpJws(Integer num, String str, String str2, Integer[] numArr, String[] strArr) throws Exception {
        return setUpJws(num, str, str2, numArr, strArr, null, false);
    }

    public static JwsContainer setUpJws(Integer num, String str, String str2, String[] strArr) throws Exception {
        return setUpJws(num, str, str2, new Integer[0], strArr, null, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void writePemFile(File file, PublicKey publicKey) throws IOException {
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new FileWriter(file));
        jcaPEMWriter.writeObject(publicKey);
        jcaPEMWriter.close();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyPair generateKeyPair() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        return keyPairGenerator.genKeyPair();
    }

    private static String sign(PrivateKey privateKey, Integer num, String str, String str2, String[] strArr, String str3, String str4) {
        try {
            JwtClaims jwtClaims = new JwtClaims();
            jwtClaims.setIssuer(str);
            if (num != null) {
                NumericDate now = NumericDate.now();
                now.addSeconds(num.intValue() / 1000);
                jwtClaims.setExpirationTime(now);
            }
            jwtClaims.setGeneratedJwtId();
            jwtClaims.setIssuedAtToNow();
            jwtClaims.setNotBeforeMinutesInThePast(2.0f);
            jwtClaims.setStringListClaim(CloudJwtPrincipal.CLAIM_CLUSTERS, strArr);
            if (str2 != null) {
                jwtClaims.setSubject(str2);
            }
            jwtClaims.setClaim(ServiceAbbreviations.CloudWatch, true);
            jwtClaims.setClaim("userResourceId", "u-" + str2);
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.setPayload(jwtClaims.toJson());
            jsonWebSignature.setKey(privateKey);
            jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
            if (str3 != null) {
                jsonWebSignature.setKeyIdHeaderValue(str3);
            }
            if (str4 != null) {
                jsonWebSignature.setHeader("jku", str4);
            }
            return jsonWebSignature.getCompactSerialization();
        } catch (JoseException e) {
            log.error("Error creating JWS for test");
            return null;
        }
    }

    private static String sign(PrivateKey privateKey, Integer num, String str, String str2, String[] strArr, String str3) {
        return sign(privateKey, num, str, str2, strArr, str3, null);
    }
}
