package org.eclipse.microprofile.jwt.tck.config;

import jakarta.annotation.PostConstruct;
import jakarta.annotation.security.PermitAll;
import jakarta.annotation.security.RolesAllowed;
import jakarta.enterprise.context.RequestScoped;
import jakarta.inject.Inject;
import jakarta.json.Json;
import jakarta.json.JsonArray;
import jakarta.json.JsonArrayBuilder;
import jakarta.json.JsonObject;
import jakarta.json.JsonObjectBuilder;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Base64;
import java.util.Optional;
import java.util.logging.Logger;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.jwt.Claim;
import org.eclipse.microprofile.jwt.ClaimValue;
import org.eclipse.microprofile.jwt.Claims;

@RequestScoped
@Path("/endp")
/* loaded from: input_file:org/eclipse/microprofile/jwt/tck/config/PublicKeyEndpoint.class */
public class PublicKeyEndpoint {
    private static Logger log = Logger.getLogger("PublicKeyEndpoint");

    @Inject
    @ConfigProperty(name = "mp.jwt.verify.publickey")
    private Optional<String> key;

    @Inject
    @ConfigProperty(name = "mp.jwt.verify.publickey.location")
    private Optional<String> location;

    @Inject
    @ConfigProperty(name = "mp.jwt.verify.publickey.algorithm", defaultValue = "RS256")
    private String algorithm;

    @Inject
    @ConfigProperty(name = "mp.jwt.verify.issuer")
    private Optional<String> issuer;

    @Inject
    @Claim(standard = Claims.iss)
    private ClaimValue<Optional<String>> iss;

    @PostConstruct
    private void init() {
        log.info(String.format("PublicKeyEndpoint.init, key: %s, location: %s, issuer: %s\n", this.key.orElse("Missing"), this.location.orElse("missing"), this.issuer.orElse("missing")));
    }

    @Produces({"application/json"})
    @RolesAllowed({"Tester"})
    @GET
    @Path("/verifyKeyAsPEM")
    public JsonObject verifyKeyAsPEM() {
        boolean z;
        String orElse = this.issuer.orElse("missing-issuer");
        String format = (orElse == null || orElse.length() == 0) ? Claims.iss.name() + " value is null or empty, FAIL" : orElse.equals(this.iss) ? Claims.iss.name() + " PASS" : String.format("%s: %s != %s", Claims.iss.name(), orElse, this.iss);
        try {
            if ("RS256".equals(this.algorithm)) {
                if (SimpleTokenUtils.decodePublicKey(this.key.orElse("bad-key")) instanceof RSAPublicKey) {
                    format = format + " | key as PEM PASS";
                    z = true;
                } else {
                    z = false;
                }
            } else if (!"ES256".equals(this.algorithm)) {
                z = false;
            } else if (SimpleTokenUtils.decodeECPublicKey(this.key.orElse("bad-key")) instanceof ECPublicKey) {
                format = format + " | key as PEM PASS";
                z = true;
            } else {
                z = false;
            }
        } catch (Exception e) {
            format = String.format("Failed to read key with exception: %s", e.getMessage());
            z = false;
        }
        return Json.createObjectBuilder().add("pass", z).add("msg", format).build();
    }

    @Produces({"application/json"})
    @RolesAllowed({"Tester"})
    @GET
    @Path("/verifyKeyLocationAsPEMResource")
    public JsonObject verifyKeyLocationAsPEMResource() {
        boolean z = false;
        String str = null;
        if (this.location.isPresent()) {
            String str2 = this.location.get();
            log.info(String.format("verifyKeyLocationAsPEMResource, location=%s", str2));
            try {
                String readResource = SimpleTokenUtils.readResource(str2);
                log.info(String.format("verifyKeyLocationAsPEMResource, locationValue=%s", readResource));
                if ("RS256".equals(this.algorithm)) {
                    RSAPublicKey decodePublicKey = SimpleTokenUtils.decodePublicKey(readResource);
                    if (decodePublicKey instanceof RSAPublicKey) {
                        log.info(String.format("verifyKeyLocationAsPEMResource, publicKey=%s", decodePublicKey));
                        str = "key location as resource to PEM PASS";
                        z = true;
                    } else {
                        z = false;
                    }
                } else if ("ES256".equals(this.algorithm)) {
                    ECPublicKey decodeECPublicKey = SimpleTokenUtils.decodeECPublicKey(readResource);
                    if (decodeECPublicKey instanceof ECPublicKey) {
                        log.info(String.format("verifyKeyLocationAsPEMResource, publicKey=%s", decodeECPublicKey));
                        str = "key location as resource to PEM PASS";
                        z = true;
                    } else {
                        z = false;
                    }
                } else {
                    z = false;
                }
            } catch (Exception e) {
                str = String.format("Failed to read key with exception: %s", e.getMessage());
            }
        } else {
            str = "no location property injected";
        }
        return Json.createObjectBuilder().add("pass", z).add("msg", str).build();
    }

    @Produces({"application/json"})
    @RolesAllowed({"Tester"})
    @GET
    @Path("/verifyKeyLocationAsPEMUrl")
    public JsonObject verifyKeyLocationAsPEMUrl() {
        String str;
        boolean z = false;
        if (this.location.isPresent()) {
            String str2 = this.location.get();
            log.info(String.format("verifyKeyLocationAsPEMUrl, location=%s", str2));
            try {
                URL url = new URL(str2);
                StringWriter stringWriter = new StringWriter();
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(url.openStream()));
                try {
                    for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                        stringWriter.write(readLine);
                        stringWriter.write(10);
                    }
                    bufferedReader.close();
                    log.info(String.format("verifyKeyLocationAsPEMUrl, locationValue=%s", stringWriter.toString()));
                    log.info(String.format("verifyKeyLocationAsPEMUrl, publicKey=%s", SimpleTokenUtils.decodePublicKey(stringWriter.toString())));
                    str = "key location as URL to PEM PASS";
                    z = true;
                } catch (Throwable th) {
                    try {
                        bufferedReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (MalformedURLException e) {
                str = String.format("Failed to read location contents: %s", e.getMessage());
            } catch (IOException e2) {
                str = String.format("Failed to parse location as URL: %s", e2.getMessage());
            } catch (Exception e3) {
                str = String.format("Failed to read key with exception: %s", e3.getMessage());
            }
        } else {
            str = "no location property injected";
        }
        return Json.createObjectBuilder().add("pass", z).add("msg", str).build();
    }

    @Produces({"application/json"})
    @RolesAllowed({"Tester"})
    @GET
    @Path("/verifyKeyAsJWK")
    public JsonObject verifyKeyAsJWK(@QueryParam("kid") String str) {
        String format;
        boolean z = false;
        try {
            String str2 = this.key.get();
            StringBuilder sb = new StringBuilder();
            z = verifyJWK(Json.createReader(new StringReader(str2)).readObject(), str, sb);
            format = sb.toString();
        } catch (Exception e) {
            format = String.format("Failed to read key with exception: %s", e.getMessage());
        }
        return Json.createObjectBuilder().add("pass", z).add("msg", format).build();
    }

    @Produces({"application/json"})
    @RolesAllowed({"Tester"})
    @GET
    @Path("/verifyKeyAsBase64JWK")
    public JsonObject verifyKeyAsBase64JWK(@QueryParam("kid") String str) {
        String format;
        boolean z = false;
        try {
            String str2 = this.key.get();
            log.info("verifyKeyAsBase64JWK, base64Jwk=" + str2);
            String str3 = new String(Base64.getDecoder().decode(str2));
            log.info("verifyKeyAsBase64JWK, jsonJwk=" + str3);
            StringBuilder sb = new StringBuilder();
            z = verifyJWK(Json.createReader(new StringReader(str3)).readObject(), str, sb);
            format = sb.toString();
        } catch (Exception e) {
            format = String.format("Failed to read key with exception: %s", e.getMessage());
        }
        return Json.createObjectBuilder().add("pass", z).add("msg", format).build();
    }

    @Produces({"application/json"})
    @RolesAllowed({"Tester"})
    @GET
    @Path("/verifyKeyAsJWKS")
    public JsonObject verifyKeyAsJWKS(@QueryParam("kid") String str) {
        String format;
        boolean z = false;
        try {
            String str2 = this.key.get();
            StringBuilder sb = new StringBuilder();
            z = verifyJWKS(str2, str, sb);
            format = sb.toString();
        } catch (Exception e) {
            format = String.format("Failed to read key with exception: %s", e.getMessage());
        }
        return Json.createObjectBuilder().add("pass", z).add("msg", format).build();
    }

    @Produces({"application/json"})
    @RolesAllowed({"Tester"})
    @GET
    @Path("/verifyKeyLocationAsJWKResource")
    public JsonObject verifyKeyLocationAsJWKResource(@QueryParam("kid") String str) {
        String str2;
        boolean z = false;
        if (this.location.isPresent()) {
            String str3 = this.location.get();
            log.info(String.format("verifyKeyLocationAsJWKResource, location=%s", str3));
            try {
                String readResource = SimpleTokenUtils.readResource(str3);
                log.info(String.format("verifyKeyLocationAsJWKResource, locationValue=%s", readResource));
                StringBuilder sb = new StringBuilder();
                if (verifyJWK(Json.createReader(new StringReader(readResource)).readObject(), str, sb)) {
                    if ("RS256".equals(this.algorithm)) {
                        log.info(String.format("verifyKeyLocationAsJWKResource, publicKey=%s", SimpleTokenUtils.decodeJWKSPublicKey(readResource)));
                    }
                    str2 = "key location as resource to JWK PASS";
                    z = true;
                } else {
                    str2 = sb.toString();
                }
            } catch (Exception e) {
                str2 = String.format("Failed to read key with exception: %s", e.getMessage());
            }
        } else {
            str2 = "no location property injected";
        }
        return Json.createObjectBuilder().add("pass", z).add("msg", str2).build();
    }

    @Produces({"application/json"})
    @RolesAllowed({"Tester"})
    @GET
    @Path("/verifyKeyLocationAsJWKSResource")
    public JsonObject verifyKeyLocationAsJWKSResource(@QueryParam("kid") String str) {
        String str2;
        boolean z = false;
        if (this.location.isPresent()) {
            String str3 = this.location.get();
            log.info(String.format("verifyKeyLocationAsJWKSResource, location=%s", str3));
            try {
                String readResource = SimpleTokenUtils.readResource(str3);
                log.info(String.format("verifyKeyLocationAsJWKSResource, locationValue=%s", readResource));
                StringBuilder sb = new StringBuilder();
                if (verifyJWKS(readResource, str, sb)) {
                    log.info(String.format("verifyKeyLocationAsJWKSResource, publicKey=%s", SimpleTokenUtils.decodeJWKSPublicKey(readResource)));
                    str2 = "key location as resource to JWKS PASS";
                    z = true;
                } else {
                    str2 = sb.toString();
                }
            } catch (Exception e) {
                str2 = String.format("Failed to read key with exception: %s", e.getMessage());
            }
        } else {
            str2 = "no location property injected";
        }
        return Json.createObjectBuilder().add("pass", z).add("msg", str2).build();
    }

    @Produces({"application/json"})
    @RolesAllowed({"Tester"})
    @GET
    @Path("/verifyKeyLocationAsJWKSUrl")
    public JsonObject verifyKeyLocationAsJWKSUrl(@QueryParam("kid") String str) {
        String str2;
        boolean z = false;
        if (this.location.isPresent()) {
            String str3 = this.location.get();
            log.info(String.format("verifyKeyLocationAsJWKSUrl, location=%s", str3));
            try {
                URL url = new URL(str3);
                StringWriter stringWriter = new StringWriter();
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(url.openStream()));
                try {
                    for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                        stringWriter.write(readLine);
                        stringWriter.write(10);
                    }
                    bufferedReader.close();
                    log.info(String.format("verifyKeyLocationAsJWKSUrl, locationValue=%s", stringWriter.toString()));
                    StringBuilder sb = new StringBuilder();
                    if (verifyJWKS(stringWriter.toString(), str, sb)) {
                        if ("RS256".equals(this.algorithm)) {
                            log.info(String.format("verifyKeyLocationAsJWKSResource, publicKey=%s", SimpleTokenUtils.decodeJWKSPublicKey(stringWriter.toString())));
                        }
                        str2 = "key location as URL to JWKS PASS";
                        z = true;
                    } else {
                        str2 = sb.toString();
                    }
                } catch (Throwable th) {
                    try {
                        bufferedReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (MalformedURLException e) {
                str2 = String.format("Failed to read location contents: %s", e.getMessage());
            } catch (IOException e2) {
                str2 = String.format("Failed to parse location as URL: %s", e2.getMessage());
            } catch (Exception e3) {
                str2 = String.format("Failed to read key with exception: %s", e3.getMessage());
            }
        } else {
            str2 = "no location property injected";
        }
        return Json.createObjectBuilder().add("pass", z).add("msg", str2).build();
    }

    @Produces({"application/json"})
    @RolesAllowed({"Tester"})
    @GET
    @Path("/verifyIssIsOk")
    public JsonObject verifyIssIsOk() {
        String str;
        boolean z = false;
        if (!((Optional) this.iss.getValue()).isPresent()) {
            str = String.format("MP-JWT missing iss claim", new Object[0]);
        } else if (this.issuer.isPresent()) {
            String str2 = (String) ((Optional) this.iss.getValue()).get();
            String str3 = this.issuer.get();
            if (str3.equals(str2)) {
                str = String.format("endpoint accessed with iss(%s) = config.iss(%s) as expected PASS", str2, str3);
                z = true;
            } else {
                str = String.format("mp.jwt.verify.issuer(%s) != jwt.iss(%s)", str3, str2);
            }
        } else {
            str = "No mp.jwt.verify.issuer provided";
        }
        return Json.createObjectBuilder().add("pass", z).add("msg", str).build();
    }

    @Produces({"text/plain"})
    @PermitAll
    @GET
    @Path("/publicKey4k")
    public String publicKey4k() throws IOException {
        return SimpleTokenUtils.readResource("/publicKey4k.pem");
    }

    @Produces({"application/json"})
    @PermitAll
    @GET
    @Path("/publicKey4kAsJWKS")
    public JsonObject publicKey4kAsJWKS(@QueryParam("kid") String str) throws Exception {
        RSAPublicKey decodePublicKey = SimpleTokenUtils.decodePublicKey(SimpleTokenUtils.readResource("/publicKey4k.pem"));
        JsonObjectBuilder createObjectBuilder = Json.createObjectBuilder();
        JsonObjectBuilder createObjectBuilder2 = Json.createObjectBuilder();
        BigInteger modulus = decodePublicKey.getModulus();
        byte[] byteArray = modulus.toByteArray();
        if (modulus.bitLength() % 8 == 0 && byteArray[0] == 0 && byteArray.length > 1) {
            byte[] bArr = new byte[byteArray.length - 1];
            System.arraycopy(byteArray, 1, bArr, 0, bArr.length);
            byteArray = bArr;
        }
        String str2 = new String(Base64.getUrlEncoder().withoutPadding().encode(byteArray));
        BigInteger publicExponent = decodePublicKey.getPublicExponent();
        byte[] byteArray2 = publicExponent.toByteArray();
        if (publicExponent.bitLength() % 8 == 0 && byteArray2[0] == 0 && byteArray2.length > 1) {
            byte[] bArr2 = new byte[byteArray.length - 1];
            System.arraycopy(byteArray, 1, bArr2, 0, bArr2.length);
            byteArray2 = bArr2;
        }
        createObjectBuilder2.add("kty", "RSA").add("use", "sig").add("alg", "RS256").add("kid", str).add("e", new String(Base64.getUrlEncoder().withoutPadding().encode(byteArray2))).add("n", str2);
        JsonArrayBuilder createArrayBuilder = Json.createArrayBuilder();
        createArrayBuilder.add(createObjectBuilder2);
        createObjectBuilder.add("keys", createArrayBuilder);
        return createObjectBuilder.build();
    }

    private boolean verifyJWKS(String str, String str2, StringBuilder sb) {
        boolean z;
        JsonObject readObject = Json.createReader(new StringReader(str)).readObject();
        JsonArray jsonArray = readObject.getJsonArray("keys");
        if (jsonArray != null) {
            z = verifyJWK(jsonArray.getJsonObject(0), str2, new StringBuilder());
        } else {
            sb.append("No keys member found in: " + readObject);
            z = false;
        }
        return z;
    }

    private boolean verifyJWK(JsonObject jsonObject, String str, StringBuilder sb) {
        boolean z = true;
        String str2 = "RS256".equals(this.algorithm) ? "RSA" : "EC";
        if (!jsonObject.getJsonString("kty").getString().equals(str2)) {
            sb.append("key != " + str2);
            z = false;
        }
        if (!jsonObject.getJsonString("use").getString().equals("sig")) {
            sb.append("use != sig");
            z = false;
        }
        if (!jsonObject.getJsonString("kid").getString().equals(str)) {
            log.info(String.format("kid != %s, was: %s", str, jsonObject.getJsonString("kid").getString()));
            sb.append(String.format("kid != %s, was: %s", str, jsonObject.getJsonString("kid").getString()));
            z = false;
        }
        if (!jsonObject.getJsonString("alg").getString().equals(this.algorithm)) {
            sb.append("alg != " + this.algorithm);
            z = false;
        }
        if ("RS256".equals(this.algorithm)) {
            if (!jsonObject.getJsonString("e").getString().equals("AQAB")) {
                sb.append("e != AQAB");
                z = false;
            }
            if (!jsonObject.getJsonString("n").getString().startsWith("tL6HShqY5H4y56rsCo7VdhT9")) {
                sb.append("n != tL6HShqY5H4y56rsCo7VdhT9...");
                z = false;
            }
        } else if ("ES256".equals(this.algorithm)) {
            if (!jsonObject.getJsonString("crv").getString().equals("P-256")) {
                sb.append("crv != P-256");
                z = false;
            }
            if (!jsonObject.getJsonString("x").getString().startsWith("w4HohvwOj21FBQE1Pr")) {
                sb.append("x != w4HohvwOj21FBQE1Pr...");
                z = false;
            }
            if (!jsonObject.getJsonString("y").getString().startsWith("osZEjUhZa79-kClcGm")) {
                sb.append("y != osZEjUhZa79-kClcGm...");
                z = false;
            }
        } else {
            z = false;
        }
        if (z) {
            sb.append("key as JWKS PASS");
        }
        return z;
    }
}
