package com.microsoft.windowsazure.services.media.implementation.templates.tokenrestriction;

import com.microsoft.windowsazure.core.utils.Base64;
import com.sun.xml.bind.marshaller.NamespacePrefixMapper;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.io.File;
import java.io.StringReader;
import java.io.StringWriter;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.UUID;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
import javax.xml.validation.SchemaFactory;
import org.xml.sax.SAXException;

/* loaded from: input_file:com/microsoft/windowsazure/services/media/implementation/templates/tokenrestriction/TokenRestrictionTemplateSerializer.class */
public final class TokenRestrictionTemplateSerializer {
    private TokenRestrictionTemplateSerializer() {
    }

    public static String serialize(TokenRestrictionTemplate tokenRestrictionTemplate) throws JAXBException {
        validateTokenRestrictionTemplate(tokenRestrictionTemplate);
        StringWriter stringWriter = new StringWriter();
        Marshaller createMarshaller = JAXBContext.newInstance(new Class[]{TokenRestrictionTemplate.class}).createMarshaller();
        createMarshaller.setProperty("jaxb.formatted.output", true);
        createMarshaller.setProperty("com.sun.xml.bind.namespacePrefixMapper", new NamespacePrefixMapper() { // from class: com.microsoft.windowsazure.services.media.implementation.templates.tokenrestriction.TokenRestrictionTemplateSerializer.1
            public String[] getPreDeclaredNamespaceUris() {
                return new String[]{"http://www.w3.org/2001/XMLSchema-instance"};
            }

            public String getPreferredPrefix(String str, String str2, boolean z) {
                return str.equals("http://www.w3.org/2001/XMLSchema-instance") ? "i" : str2;
            }
        });
        createMarshaller.marshal(tokenRestrictionTemplate, stringWriter);
        return stringWriter.toString();
    }

    private static void validateTokenRestrictionTemplate(TokenRestrictionTemplate tokenRestrictionTemplate) {
        if (tokenRestrictionTemplate.getPrimaryVerificationKey() == null && tokenRestrictionTemplate.getOpenIdConnectDiscoveryDocument() == null) {
            throw new IllegalArgumentException(ErrorMessages.PRIMARY_VERIFICATIONKEY_AND_OPENIDCONNECTDISCOVERYDOCUMENT_ARE_NULL);
        }
        if (tokenRestrictionTemplate.getOpenIdConnectDiscoveryDocument() != null) {
            if (tokenRestrictionTemplate.getOpenIdConnectDiscoveryDocument().getOpenIdDiscoveryUri() == null || tokenRestrictionTemplate.getOpenIdConnectDiscoveryDocument().getOpenIdDiscoveryUri().isEmpty()) {
                throw new IllegalArgumentException(ErrorMessages.OPENIDDISCOVERYURI_STRING_IS_NULL_OR_EMPTY);
            }
            boolean z = true;
            try {
                new URL(tokenRestrictionTemplate.getOpenIdConnectDiscoveryDocument().getOpenIdDiscoveryUri());
            } catch (MalformedURLException e) {
                z = false;
            }
            if (!z) {
                throw new IllegalArgumentException(ErrorMessages.OPENIDDISCOVERYURI_STRING_IS_NOT_ABSOLUTE_URI);
            }
        }
    }

    public static TokenRestrictionTemplate deserialize(String str) throws JAXBException {
        try {
            return deserialize(str, null);
        } catch (SAXException e) {
            return null;
        }
    }

    public static TokenRestrictionTemplate deserialize(String str, String str2) throws JAXBException, SAXException {
        Unmarshaller createUnmarshaller = JAXBContext.newInstance(new Class[]{TokenRestrictionTemplate.class}).createUnmarshaller();
        if (str2 != null) {
            createUnmarshaller.setSchema(SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema").newSchema(new File(str2)));
        }
        TokenRestrictionTemplate tokenRestrictionTemplate = (TokenRestrictionTemplate) createUnmarshaller.unmarshal(new StringReader(str));
        validateTokenRestrictionTemplate(tokenRestrictionTemplate);
        return tokenRestrictionTemplate;
    }

    private static String generateTokenExpiry(Date date) {
        return Long.toString(date.getTime() / 1000);
    }

    private static String urlEncode(String str) {
        StringBuilder sb = new StringBuilder(URLEncoder.encode(str));
        for (int i = 0; i < sb.length() - 2; i++) {
            if (sb.charAt(i) == '%') {
                sb.setCharAt(i + 1, Character.toLowerCase(sb.charAt(i + 1)));
                sb.setCharAt(i + 2, Character.toLowerCase(sb.charAt(i + 2)));
            }
        }
        return sb.toString();
    }

    public static String generateTestToken(TokenRestrictionTemplate tokenRestrictionTemplate, TokenVerificationKey tokenVerificationKey, UUID uuid, Date date, Date date2) {
        if (tokenRestrictionTemplate == null) {
            throw new NullPointerException("tokenTemplate");
        }
        if (tokenVerificationKey == null) {
            tokenVerificationKey = tokenRestrictionTemplate.getPrimaryVerificationKey();
        }
        if (date == null) {
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(new Date());
            calendar.add(12, 10);
            date = calendar.getTime();
        }
        if (date2 == null) {
            Calendar calendar2 = Calendar.getInstance();
            calendar2.setTime(new Date());
            calendar2.add(12, -5);
            date2 = calendar2.getTime();
        }
        return tokenRestrictionTemplate.getTokenType().equals(TokenType.SWT) ? generateTestTokenSWT(tokenRestrictionTemplate, tokenVerificationKey, uuid, date) : generateTestTokenJWT(tokenRestrictionTemplate, tokenVerificationKey, uuid, date, date2);
    }

    public static String generateTestTokenJWT(TokenRestrictionTemplate tokenRestrictionTemplate, TokenVerificationKey tokenVerificationKey, UUID uuid, Date date, Date date2) {
        SecretKeySpec secretKeySpec = new SecretKeySpec(((SymmetricVerificationKey) tokenVerificationKey).getKeyValue(), "HmacSHA256");
        HashMap hashMap = new HashMap();
        for (TokenClaim tokenClaim : tokenRestrictionTemplate.getRequiredClaims()) {
            String claimValue = tokenClaim.getClaimValue();
            if (claimValue == null && tokenClaim.getClaimType().equals(TokenClaim.getContentKeyIdentifierClaimType())) {
                if (uuid == null) {
                    throw new IllegalArgumentException(String.format("The 'keyIdForContentKeyIdentifierClaim' parameter cannot be null when the token template contains a required '%s' claim type.", TokenClaim.getContentKeyIdentifierClaimType()));
                }
                claimValue = uuid.toString();
            }
            hashMap.put(tokenClaim.getClaimType(), claimValue);
        }
        return Jwts.builder().setHeaderParam("typ", "JWT").setClaims(hashMap).setIssuer(tokenRestrictionTemplate.getIssuer().toString()).setAudience(tokenRestrictionTemplate.getAudience().toString()).setIssuedAt(date2).setExpiration(date).signWith(SignatureAlgorithm.HS256, secretKeySpec).compact();
    }

    public static String generateTestTokenSWT(TokenRestrictionTemplate tokenRestrictionTemplate, TokenVerificationKey tokenVerificationKey, UUID uuid, Date date) {
        StringBuilder sb = new StringBuilder();
        for (TokenClaim tokenClaim : tokenRestrictionTemplate.getRequiredClaims()) {
            String claimValue = tokenClaim.getClaimValue();
            if (tokenClaim.getClaimType().equals(TokenClaim.getContentKeyIdentifierClaimType())) {
                if (uuid == null) {
                    throw new IllegalArgumentException(String.format("The 'keyIdForContentKeyIdentifierClaim' parameter cannot be null when the token template contains a required '%s' claim type.", TokenClaim.getContentKeyIdentifierClaimType()));
                }
                claimValue = uuid.toString();
            }
            sb.append(String.format("%s=%s&", urlEncode(tokenClaim.getClaimType()), urlEncode(claimValue)));
        }
        sb.append(String.format("Audience=%s&", urlEncode(tokenRestrictionTemplate.getAudience().toString())));
        sb.append(String.format("ExpiresOn=%s&", generateTokenExpiry(date)));
        sb.append(String.format("Issuer=%s", urlEncode(tokenRestrictionTemplate.getIssuer().toString())));
        SecretKeySpec secretKeySpec = new SecretKeySpec(((SymmetricVerificationKey) tokenVerificationKey).getKeyValue(), "HmacSHA256");
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec);
            sb.append(String.format("&HMACSHA256=%s", urlEncode(new String(Base64.encode(mac.doFinal(sb.toString().getBytes()))))));
            return sb.toString();
        } catch (InvalidKeyException e) {
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }
}
