package org.apache.knox.gateway.services.security.token;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.KeyType;
import com.nimbusds.jose.jwk.ThumbprintUtils;
import com.nimbusds.jose.util.Base64URL;
import java.security.interfaces.RSAPublicKey;
import java.util.LinkedHashMap;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.services.security.AliasService;
import org.apache.knox.gateway.services.security.AliasServiceException;
import org.apache.knox.gateway.services.security.token.impl.JWT;
import org.apache.knox.gateway.services.security.token.impl.JWTToken;

/* loaded from: input_file:org/apache/knox/gateway/services/security/token/TokenUtils.class */
public class TokenUtils {
    public static final String SIGNING_HMAC_SECRET_ALIAS = "gateway.signing.hmac.secret";
    private static final String DEFAULT_RSA_SIG_ALG = "RS256";
    private static final String DEFAULT_HMAC_SIG_ALG = "HS256";

    public static String getTokenId(JWT jwt) {
        return jwt.getClaim(JWTToken.KNOX_ID_CLAIM);
    }

    public static boolean isServerManagedTokenStateEnabled(FilterConfig filterConfig) {
        boolean z = false;
        String initParameter = filterConfig.getInitParameter(TokenStateService.CONFIG_SERVER_MANAGED);
        if (initParameter == null || initParameter.isEmpty()) {
            ServletContext servletContext = filterConfig.getServletContext();
            if (servletContext != null) {
                GatewayConfig gatewayConfig = (GatewayConfig) servletContext.getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
                z = gatewayConfig != null && gatewayConfig.isServerManagedTokenStateEnabled();
            }
        } else {
            z = Boolean.valueOf(initParameter).booleanValue();
        }
        return z;
    }

    public static String getSignatureAlgorithm(String str, AliasService aliasService, String str2) throws AliasServiceException {
        if (StringUtils.isNotBlank(str)) {
            return str;
        }
        char[] passwordFromAliasForGateway = aliasService.getPasswordFromAliasForGateway(SIGNING_HMAC_SECRET_ALIAS);
        return useHMAC(passwordFromAliasForGateway == null ? null : passwordFromAliasForGateway, str2) ? DEFAULT_HMAC_SIG_ALG : DEFAULT_RSA_SIG_ALG;
    }

    public static String getThumbprint(RSAPublicKey rSAPublicKey, String str) throws JOSEException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("e", Base64URL.encode(rSAPublicKey.getPublicExponent()).toString());
        linkedHashMap.put("kty", KeyType.RSA.getValue());
        linkedHashMap.put("n", Base64URL.encode(rSAPublicKey.getModulus()).toString());
        return ThumbprintUtils.compute(str, linkedHashMap).toString();
    }

    private static boolean useHMAC(char[] cArr, String str) {
        return cArr != null && StringUtils.isBlank(str);
    }
}
