package net.cnri.cordra.util;

import com.google.gson.JsonObject;
import java.security.PrivateKey;
import java.security.SecureRandom;
import net.cnri.cordra.api.InternalErrorCordraException;
import net.cnri.cordra.api.Options;
import net.cnri.jws.JsonWebSignature;
import net.cnri.jws.JsonWebSignatureFactory;
import org.apache.commons.codec.binary.Hex;

/* loaded from: input_file:net/cnri/cordra/util/AuthUtil.class */
public class AuthUtil {
    private static final SecureRandom random = new SecureRandom();

    public static JsonObject buildAuthTokenInputFrom(Options options, String str, String str2) throws InternalErrorCordraException {
        JsonObject jsonObject = new JsonObject();
        if (options.authTokenInput != null) {
            jsonObject = options.authTokenInput;
        } else if (options.useDefaultCredentials) {
            jsonObject.addProperty("grant_type", "password");
            jsonObject.addProperty("username", str);
            jsonObject.addProperty("password", str2);
        } else if (options.token != null) {
            jsonObject.addProperty("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
            jsonObject.addProperty("assertion", options.token);
        } else {
            String str3 = options.userId;
            if (str3 == null) {
                str3 = options.username;
            }
            if (options.privateKey != null) {
                String serialize = generateJwt(str3, options.privateKey).serialize();
                jsonObject.addProperty("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
                jsonObject.addProperty("assertion", serialize);
            } else if (options.password != null) {
                jsonObject.addProperty("grant_type", "password");
                jsonObject.addProperty("username", str3);
                jsonObject.addProperty("password", options.password);
            }
        }
        return jsonObject;
    }

    public static JsonWebSignature generateJwt(String str, PrivateKey privateKey) throws InternalErrorCordraException {
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        JsonObject jsonObject = new JsonObject();
        jsonObject.addProperty("iss", str);
        jsonObject.addProperty("sub", str);
        jsonObject.addProperty("jti", generateJti());
        jsonObject.addProperty("iat", Long.valueOf(currentTimeMillis));
        jsonObject.addProperty("exp", Long.valueOf(currentTimeMillis + 600));
        try {
            return JsonWebSignatureFactory.getInstance().create(jsonObject.toString(), privateKey);
        } catch (Exception e) {
            throw new InternalErrorCordraException(e);
        }
    }

    private static String generateJti() {
        byte[] bArr = new byte[10];
        random.nextBytes(bArr);
        return Hex.encodeHexString(bArr);
    }
}
