package org.apache.cxf.rs.security.oauth2.utils.crypto;

import java.security.Key;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
import org.apache.cxf.rt.security.crypto.CryptoUtils;
import org.apache.cxf.rt.security.crypto.KeyProperties;
import org.apache.xalan.templates.Constants;

/* loaded from: input_file:org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.class */
public final class ModelEncryptionSupport {
    public static final String SEP = "|";

    private ModelEncryptionSupport() {
    }

    public static String encryptClient(Client client, Key key) throws SecurityException {
        return encryptClient(client, key, null);
    }

    public static String encryptClient(Client client, Key key, KeyProperties keyProperties) throws SecurityException {
        return CryptoUtils.encryptSequence(tokenizeClient(client), key, keyProperties);
    }

    public static String encryptAccessToken(ServerAccessToken serverAccessToken, Key key) throws SecurityException {
        return encryptAccessToken(serverAccessToken, key, null);
    }

    public static String encryptAccessToken(ServerAccessToken serverAccessToken, Key key, KeyProperties keyProperties) throws SecurityException {
        return CryptoUtils.encryptSequence(tokenizeServerToken(serverAccessToken), key, keyProperties);
    }

    public static String encryptRefreshToken(RefreshToken refreshToken, Key key) throws SecurityException {
        return encryptRefreshToken(refreshToken, key, null);
    }

    public static String encryptRefreshToken(RefreshToken refreshToken, Key key, KeyProperties keyProperties) throws SecurityException {
        return CryptoUtils.encryptSequence(tokenizeRefreshToken(refreshToken), key, keyProperties);
    }

    public static String encryptCodeGrant(ServerAuthorizationCodeGrant serverAuthorizationCodeGrant, Key key) throws SecurityException {
        return encryptCodeGrant(serverAuthorizationCodeGrant, key, null);
    }

    public static String encryptCodeGrant(ServerAuthorizationCodeGrant serverAuthorizationCodeGrant, Key key, KeyProperties keyProperties) throws SecurityException {
        return CryptoUtils.encryptSequence(tokenizeCodeGrant(serverAuthorizationCodeGrant), key, keyProperties);
    }

    public static Client decryptClient(String str, String str2) throws SecurityException {
        return decryptClient(str, str2, new KeyProperties(AlgorithmUtils.AES));
    }

    public static Client decryptClient(String str, String str2, KeyProperties keyProperties) throws SecurityException {
        return decryptClient(str, CryptoUtils.decodeSecretKey(str2, keyProperties.getKeyAlgo()), keyProperties);
    }

    public static Client decryptClient(String str, Key key) throws SecurityException {
        return decryptClient(str, key, (KeyProperties) null);
    }

    public static Client decryptClient(String str, Key key, KeyProperties keyProperties) throws SecurityException {
        return recreateClient(CryptoUtils.decryptSequence(str, key, keyProperties));
    }

    public static ServerAccessToken decryptAccessToken(OAuthDataProvider oAuthDataProvider, String str, String str2) throws SecurityException {
        return decryptAccessToken(oAuthDataProvider, str, str2, new KeyProperties(AlgorithmUtils.AES));
    }

    public static ServerAccessToken decryptAccessToken(OAuthDataProvider oAuthDataProvider, String str, String str2, KeyProperties keyProperties) throws SecurityException {
        return decryptAccessToken(oAuthDataProvider, str, CryptoUtils.decodeSecretKey(str2, keyProperties.getKeyAlgo()), keyProperties);
    }

    public static ServerAccessToken decryptAccessToken(OAuthDataProvider oAuthDataProvider, String str, Key key) throws SecurityException {
        return decryptAccessToken(oAuthDataProvider, str, key, (KeyProperties) null);
    }

    public static ServerAccessToken decryptAccessToken(OAuthDataProvider oAuthDataProvider, String str, Key key, KeyProperties keyProperties) throws SecurityException {
        return recreateAccessToken(oAuthDataProvider, str, CryptoUtils.decryptSequence(str, key, keyProperties));
    }

    public static RefreshToken decryptRefreshToken(OAuthDataProvider oAuthDataProvider, String str, String str2) throws SecurityException {
        return decryptRefreshToken(oAuthDataProvider, str, str2, new KeyProperties(AlgorithmUtils.AES));
    }

    public static RefreshToken decryptRefreshToken(OAuthDataProvider oAuthDataProvider, String str, String str2, KeyProperties keyProperties) throws SecurityException {
        return decryptRefreshToken(oAuthDataProvider, str, CryptoUtils.decodeSecretKey(str2, keyProperties.getKeyAlgo()), keyProperties);
    }

    public static RefreshToken decryptRefreshToken(OAuthDataProvider oAuthDataProvider, String str, Key key) throws SecurityException {
        return decryptRefreshToken(oAuthDataProvider, str, key, (KeyProperties) null);
    }

    public static RefreshToken decryptRefreshToken(OAuthDataProvider oAuthDataProvider, String str, Key key, KeyProperties keyProperties) throws SecurityException {
        return recreateRefreshToken(oAuthDataProvider, str, CryptoUtils.decryptSequence(str, key, keyProperties));
    }

    public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider oAuthDataProvider, String str, String str2) throws SecurityException {
        return decryptCodeGrant(oAuthDataProvider, str, str2, new KeyProperties(AlgorithmUtils.AES));
    }

    public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider oAuthDataProvider, String str, String str2, KeyProperties keyProperties) throws SecurityException {
        return decryptCodeGrant(oAuthDataProvider, str, CryptoUtils.decodeSecretKey(str2, keyProperties.getKeyAlgo()), keyProperties);
    }

    public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider oAuthDataProvider, String str, Key key) throws SecurityException {
        return decryptCodeGrant(oAuthDataProvider, str, key, (KeyProperties) null);
    }

    public static ServerAuthorizationCodeGrant decryptCodeGrant(OAuthDataProvider oAuthDataProvider, String str, Key key, KeyProperties keyProperties) throws SecurityException {
        return recreateCodeGrant(oAuthDataProvider, CryptoUtils.decryptSequence(str, key, keyProperties));
    }

    public static ServerAccessToken recreateAccessToken(OAuthDataProvider oAuthDataProvider, String str, String str2) throws SecurityException {
        return recreateAccessToken(oAuthDataProvider, str, getParts(str2));
    }

    public static RefreshToken recreateRefreshToken(OAuthDataProvider oAuthDataProvider, String str, String str2) throws SecurityException {
        String[] parts = getParts(str2);
        return new RefreshToken(recreateAccessToken(oAuthDataProvider, str, parts), str, parseSimpleList(parts[parts.length - 1]));
    }

    public static ServerAuthorizationCodeGrant recreateCodeGrant(OAuthDataProvider oAuthDataProvider, String str) throws SecurityException {
        return recreateCodeGrantInternal(oAuthDataProvider, str);
    }

    public static Client recreateClient(String str) throws SecurityException {
        return recreateClientInternal(str);
    }

    private static ServerAccessToken recreateAccessToken(OAuthDataProvider oAuthDataProvider, String str, String[] strArr) {
        ServerAccessToken serverAccessToken = new ServerAccessToken(oAuthDataProvider.getClient(strArr[4]), strArr[1], str == null ? strArr[0] : str, Long.valueOf(strArr[2]).longValue(), Long.valueOf(strArr[3]).longValue()) { // from class: org.apache.cxf.rs.security.oauth2.utils.crypto.ModelEncryptionSupport.1
        };
        serverAccessToken.setRefreshToken(getStringPart(strArr[5]));
        serverAccessToken.setGrantType(getStringPart(strArr[6]));
        serverAccessToken.setAudiences(parseSimpleList(strArr[7]));
        serverAccessToken.setParameters(parseSimpleMap(strArr[8]));
        if (!strArr[9].trim().isEmpty()) {
            LinkedList linkedList = new LinkedList();
            String[] split = strArr[9].split("\\.");
            int i = 0;
            while (true) {
                int i2 = i;
                if (i2 + 4 >= split.length) {
                    break;
                }
                OAuthPermission oAuthPermission = new OAuthPermission(split[i2], split[i2 + 1]);
                oAuthPermission.setDefaultPermission(Boolean.valueOf(split[i2 + 2]).booleanValue());
                oAuthPermission.setHttpVerbs(parseSimpleList(split[i2 + 3]));
                oAuthPermission.setUris(parseSimpleList(split[i2 + 4]));
                linkedList.add(oAuthPermission);
                i = i2 + 5;
            }
            serverAccessToken.setScopes(linkedList);
        }
        serverAccessToken.setClientCodeVerifier(strArr[10]);
        serverAccessToken.setSubject(recreateUserSubject(strArr[11]));
        serverAccessToken.setExtraProperties(parseSimpleMap(strArr[12]));
        return serverAccessToken;
    }

    private static String tokenizeRefreshToken(RefreshToken refreshToken) {
        return tokenizeServerToken(refreshToken) + SEP + refreshToken.getAccessTokens().toString();
    }

    private static String tokenizeServerToken(ServerAccessToken serverAccessToken) {
        StringBuilder sb = new StringBuilder();
        sb.append(tokenizeString(serverAccessToken.getTokenKey()));
        sb.append(SEP);
        sb.append(tokenizeString(serverAccessToken.getTokenType()));
        sb.append(SEP);
        sb.append(serverAccessToken.getExpiresIn());
        sb.append(SEP);
        sb.append(serverAccessToken.getIssuedAt());
        sb.append(SEP);
        sb.append(tokenizeString(serverAccessToken.getClient().getClientId()));
        sb.append(SEP);
        sb.append(tokenizeString(serverAccessToken.getRefreshToken()));
        sb.append(SEP);
        sb.append(tokenizeString(serverAccessToken.getGrantType()));
        sb.append(SEP);
        sb.append(serverAccessToken.getAudiences().toString());
        sb.append(SEP);
        sb.append(serverAccessToken.getParameters().toString());
        sb.append(SEP);
        if (serverAccessToken.getScopes().isEmpty()) {
            sb.append(" ");
        } else {
            for (OAuthPermission oAuthPermission : serverAccessToken.getScopes()) {
                sb.append(tokenizeString(oAuthPermission.getPermission()));
                sb.append(Constants.ATTRVAL_THIS);
                sb.append(tokenizeString(oAuthPermission.getDescription()));
                sb.append(Constants.ATTRVAL_THIS);
                sb.append(oAuthPermission.isDefaultPermission());
                sb.append(Constants.ATTRVAL_THIS);
                sb.append(oAuthPermission.getHttpVerbs().toString());
                sb.append(Constants.ATTRVAL_THIS);
                sb.append(oAuthPermission.getUris().toString());
            }
        }
        sb.append(SEP);
        sb.append(tokenizeString(serverAccessToken.getClientCodeVerifier()));
        sb.append(SEP);
        tokenizeUserSubject(sb, serverAccessToken.getSubject());
        sb.append(SEP);
        sb.append(serverAccessToken.getExtraProperties().toString());
        return sb.toString();
    }

    private static Client recreateClientInternal(String str) {
        String[] parts = getParts(str);
        Client client = new Client(parts[0], parts[1], Boolean.valueOf(parts[2]).booleanValue(), getStringPart(parts[3]), getStringPart(parts[4]));
        client.setApplicationDescription(getStringPart(parts[5]));
        client.setApplicationLogoUri(getStringPart(parts[6]));
        client.setApplicationCertificates(parseSimpleList(parts[7]));
        client.setAllowedGrantTypes(parseSimpleList(parts[8]));
        client.setRedirectUris(parseSimpleList(parts[9]));
        client.setRegisteredScopes(parseSimpleList(parts[10]));
        client.setRegisteredAudiences(parseSimpleList(parts[11]));
        client.setProperties(parseSimpleMap(parts[12]));
        client.setSubject(recreateUserSubject(parts[13]));
        return client;
    }

    private static String tokenizeClient(Client client) {
        StringBuilder sb = new StringBuilder();
        sb.append(tokenizeString(client.getClientId()));
        sb.append(SEP);
        sb.append(tokenizeString(client.getClientSecret()));
        sb.append(SEP);
        sb.append(client.isConfidential());
        sb.append(SEP);
        sb.append(tokenizeString(client.getApplicationName()));
        sb.append(SEP);
        sb.append(tokenizeString(client.getApplicationWebUri()));
        sb.append(SEP);
        sb.append(tokenizeString(client.getApplicationDescription()));
        sb.append(SEP);
        sb.append(tokenizeString(client.getApplicationLogoUri()));
        sb.append(SEP);
        sb.append(client.getApplicationCertificates());
        sb.append(SEP);
        sb.append(client.getAllowedGrantTypes().toString());
        sb.append(SEP);
        sb.append(client.getRedirectUris().toString());
        sb.append(SEP);
        sb.append(client.getRegisteredScopes().toString());
        sb.append(SEP);
        sb.append(client.getRegisteredAudiences().toString());
        sb.append(SEP);
        sb.append(client.getProperties().toString());
        sb.append(SEP);
        tokenizeUserSubject(sb, client.getSubject());
        return sb.toString();
    }

    private static ServerAuthorizationCodeGrant recreateCodeGrantInternal(OAuthDataProvider oAuthDataProvider, String str) {
        String[] parts = getParts(str);
        ServerAuthorizationCodeGrant serverAuthorizationCodeGrant = new ServerAuthorizationCodeGrant(oAuthDataProvider.getClient(parts[0]), parts[1], Long.valueOf(parts[2]).longValue(), Long.valueOf(parts[3]).longValue());
        serverAuthorizationCodeGrant.setRedirectUri(getStringPart(parts[4]));
        serverAuthorizationCodeGrant.setAudience(getStringPart(parts[5]));
        serverAuthorizationCodeGrant.setClientCodeChallenge(getStringPart(parts[6]));
        serverAuthorizationCodeGrant.setApprovedScopes(parseSimpleList(parts[7]));
        serverAuthorizationCodeGrant.setSubject(recreateUserSubject(parts[8]));
        serverAuthorizationCodeGrant.setExtraProperties(parseSimpleMap(parts[9]));
        return serverAuthorizationCodeGrant;
    }

    private static String tokenizeCodeGrant(ServerAuthorizationCodeGrant serverAuthorizationCodeGrant) {
        StringBuilder sb = new StringBuilder();
        sb.append(serverAuthorizationCodeGrant.getClient().getClientId());
        sb.append(SEP);
        sb.append(tokenizeString(serverAuthorizationCodeGrant.getCode()));
        sb.append(SEP);
        sb.append(serverAuthorizationCodeGrant.getExpiresIn());
        sb.append(SEP);
        sb.append(serverAuthorizationCodeGrant.getIssuedAt());
        sb.append(SEP);
        sb.append(tokenizeString(serverAuthorizationCodeGrant.getRedirectUri()));
        sb.append(SEP);
        sb.append(tokenizeString(serverAuthorizationCodeGrant.getAudience()));
        sb.append(SEP);
        sb.append(tokenizeString(serverAuthorizationCodeGrant.getClientCodeChallenge()));
        sb.append(SEP);
        sb.append(serverAuthorizationCodeGrant.getApprovedScopes().toString());
        sb.append(SEP);
        tokenizeUserSubject(sb, serverAuthorizationCodeGrant.getSubject());
        sb.append(SEP);
        sb.append(serverAuthorizationCodeGrant.getExtraProperties().toString());
        return sb.toString();
    }

    public static String getStringPart(String str) {
        if (" ".equals(str)) {
            return null;
        }
        return str;
    }

    private static String prepareSimpleString(String str) {
        return str.trim().isEmpty() ? "" : str.substring(1, str.length() - 1);
    }

    private static List<String> parseSimpleList(String str) {
        String prepareSimpleString = prepareSimpleString(str);
        return prepareSimpleString.isEmpty() ? Collections.emptyList() : Arrays.asList(prepareSimpleString.split(","));
    }

    public static Map<String, String> parseSimpleMap(String str) {
        HashMap hashMap = new HashMap();
        Iterator<String> it = parseSimpleList(str).iterator();
        while (it.hasNext()) {
            String[] split = it.next().split("=");
            hashMap.put(split[0], split[1]);
        }
        return hashMap;
    }

    public static String[] getParts(String str) {
        return str.split("\\|");
    }

    private static UserSubject recreateUserSubject(String str) {
        UserSubject userSubject = null;
        if (!str.trim().isEmpty()) {
            String[] split = str.split("\\.");
            userSubject = new UserSubject(getStringPart(split[0]), getStringPart(split[1]));
            userSubject.setRoles(parseSimpleList(split[2]));
            userSubject.setProperties(parseSimpleMap(split[3]));
        }
        return userSubject;
    }

    private static void tokenizeUserSubject(StringBuilder sb, UserSubject userSubject) {
        if (userSubject == null) {
            sb.append(" ");
            return;
        }
        sb.append(tokenizeString(userSubject.getLogin()));
        sb.append(Constants.ATTRVAL_THIS);
        sb.append(tokenizeString(userSubject.getId()));
        sb.append(Constants.ATTRVAL_THIS);
        sb.append(userSubject.getRoles().toString());
        sb.append(Constants.ATTRVAL_THIS);
        sb.append(userSubject.getProperties().toString());
    }

    public static String tokenizeString(String str) {
        return str != null ? str : " ";
    }
}
