package de.docware.framework.modules.webservice.restful.oidc;

import de.docware.framework.modules.config.defaultconfig.g;
import de.docware.framework.modules.config.defaultconfig.h;
import de.docware.framework.modules.gui.misc.logger.LogType;
import de.docware.framework.modules.gui.misc.logger.b;
import de.docware.framework.modules.webservice.restful.RESTfulEndpoint;
import de.docware.util.file.DWFile;
import de.docware.util.j;
import de.docware.util.msoauth.c;
import de.docware.util.security.signature.securestart.JWT;
import java.io.UTFDataFormatException;
import java.util.Iterator;
import java.util.List;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:de/docware/framework/modules/webservice/restful/oidc/a.class */
public class a extends de.docware.framework.modules.webservice.restful.jwt.a<OIDCKeystore> {
    private int maxLifeTime;
    private g qBf;
    private g qBg;
    private g qBh;

    public a(String str, h hVar, g gVar, g gVar2, g gVar3, g gVar4, g gVar5, g gVar6, de.docware.framework.modules.gui.misc.logger.a aVar) {
        super(str, hVar, gVar, gVar2, gVar3, aVar);
        this.maxLifeTime = 86400;
        this.qBf = gVar4;
        this.qBg = gVar5;
        this.qBh = gVar6;
    }

    public int getMaxLifeTime() {
        return this.maxLifeTime;
    }

    public String dOh() {
        if (this.qBf == null || this.qBg == null) {
            return null;
        }
        return c.mu(dNW().e(this.qBf), dNW().e(this.qBg));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.docware.framework.modules.webservice.restful.jwt.a
    public void a(OIDCKeystore oIDCKeystore, List<OIDCKeystore> list) {
        List<OIDCPublicKey> keystore = oIDCKeystore.getKeystore();
        if (keystore != null) {
            Iterator<OIDCPublicKey> it = keystore.iterator();
            while (it.hasNext()) {
                it.next().setMaxLifeTime(getMaxLifeTime());
            }
        }
        super.a((a) oIDCKeystore, (List<a>) list);
    }

    public OIDCPublicKey aie(String str) {
        return bI(str, true);
    }

    protected OIDCPublicKey bI(String str, boolean z) {
        Iterator<OIDCKeystore> it = bym().iterator();
        while (it.hasNext()) {
            List<OIDCPublicKey> keystore = it.next().getKeystore();
            if (keystore != null) {
                for (OIDCPublicKey oIDCPublicKey : keystore) {
                    if (j.h(oIDCPublicKey.getKid(), str)) {
                        return oIDCPublicKey;
                    }
                }
            }
        }
        if (z && dOi()) {
            return bI(str, false);
        }
        return null;
    }

    public boolean dOi() {
        DWFile dNY;
        try {
            DWFile aa = DWFile.aa(DWFile.createTempFile("jwks", ".json"));
            String dOh = dOh();
            if (de.docware.util.h.ae(dOh)) {
                return false;
            }
            aa.c(dOh, de.docware.framework.modules.config.defaultconfig.system.a.DEFAULT_IMAGE_CONVERSION_TIME_OUT, "application/json", null);
            if (!aa.I(2000L) || (dNY = dNY()) == null || !dNY.dQO()) {
                return false;
            }
            aa.G(DWFile.o(dNY, "jwks.json"), true);
            List<OIDCKeystore> dOb = dOb();
            if (!j.ak(dOb)) {
                return false;
            }
            kl(dOb);
            return true;
        } catch (Exception e) {
            b.a(dNX(), LogType.ERROR, e);
            return false;
        }
    }

    public RESTfulEndpoint.c h(String str, de.docware.util.security.b bVar) {
        String str2 = null;
        int i = 0;
        try {
            try {
                JWT.b anh = JWT.anh(str);
                String string = new JSONObject(anh.cJL()).getString("kid");
                if (!de.docware.util.h.af(string)) {
                    b.a(dNX(), LogType.ERROR, "Signing key ID (kid) attribute not found in token header");
                    return new RESTfulEndpoint.c(RESTfulEndpoint.SecureReturnCode.TOKEN_WRONG_FORMAT, "Signing key ID (kid) attribute not found in token header");
                }
                JSONObject jSONObject = new JSONObject(anh.dVd());
                String string2 = jSONObject.getString("iss");
                if (!de.docware.util.h.af(string2)) {
                    b.a(dNX(), LogType.ERROR, "Audience (aud) and/or issuer (iss) attribute not found in token payload");
                    return new RESTfulEndpoint.c(RESTfulEndpoint.SecureReturnCode.TOKEN_WRONG_FORMAT, "Audience (aud) and/or issuer (iss) attribute not found in token payload");
                }
                if (this.qBh != null) {
                    String string3 = jSONObject.getString("aud");
                    if (!de.docware.util.h.af(string3)) {
                        b.a(dNX(), LogType.ERROR, "Audience (aud) attribute not found in token payload");
                        return new RESTfulEndpoint.c(RESTfulEndpoint.SecureReturnCode.TOKEN_WRONG_FORMAT, "Audience (aud) attribute not found in token payload");
                    }
                    if (!string3.contains(dNW().e(this.qBh))) {
                        b.a(dNX(), LogType.ERROR, "Audience (aud) attribute does not contain the OIDC client ID");
                        return new RESTfulEndpoint.c(RESTfulEndpoint.SecureReturnCode.ISSUER_UNKNOWN, "Audience (aud) attribute does not contain the OIDC client ID");
                    }
                }
                String ani = JWT.ani(anh.cJL());
                if (ani.equals("SHA256withRSA")) {
                    OIDCPublicKey aie = aie(string);
                    if (aie != null && !j.h(aie.getIssuer(), string2)) {
                        aie = null;
                    }
                    if (aie == null) {
                        String str3 = "No public key definition found for kid '" + string + "' and issuer '" + string2 + "'";
                        b.a(dNX(), LogType.ERROR, str3);
                        return new RESTfulEndpoint.c(RESTfulEndpoint.SecureReturnCode.ISSUER_UNKNOWN, str3);
                    }
                    try {
                        str2 = aie.getKey();
                        i = aie.getMaxLifeTime();
                    } catch (Exception e) {
                        b.a(dNX(), LogType.ERROR, "X5C certificate cannot be converted to an X509 public key");
                        b.a(dNX(), LogType.ERROR, e);
                        return new RESTfulEndpoint.c(RESTfulEndpoint.SecureReturnCode.TOKEN_WRONG_FORMAT, "X5C certificate cannot be converted to an X509 public key");
                    }
                } else if (ani.equals("HmacSHA256")) {
                    if (bVar == null || bVar.isEmpty()) {
                        b.a(dNX(), LogType.ERROR, "Algorithm HS256 supported but not allowed");
                        return new RESTfulEndpoint.c(RESTfulEndpoint.SecureReturnCode.TOKEN_WRONG_FORMAT, "Algorithm HS256 supported but not allowed");
                    }
                    str2 = bVar.dUW();
                }
                return JWT.a(null, str, str2, System.currentTimeMillis() / 1000, 7200, i, dNX());
            } catch (UTFDataFormatException e2) {
                b.a(dNX(), LogType.ERROR, e2);
                return new RESTfulEndpoint.c(RESTfulEndpoint.SecureReturnCode.TOKEN_WRONG_FORMAT, "Payload has no valid UTF-8 encoding", e2);
            }
        } catch (de.docware.util.security.signature.securestart.a | JSONException e3) {
            b.a(dNX(), LogType.ERROR, e3);
            return new RESTfulEndpoint.c(RESTfulEndpoint.SecureReturnCode.TOKEN_WRONG_FORMAT, e3.getMessage(), e3);
        }
    }
}
