package org.ovirt.engine.core.sso.servlets;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.http.conn.util.InetAddressUtils;
import org.codehaus.jackson.map.ObjectMapper;
import org.ovirt.engine.api.extensions.aaa.Authz;
import org.ovirt.engine.core.sso.utils.SsoConstants;
import org.ovirt.engine.core.sso.utils.SsoSession;

/* loaded from: input_file:org/ovirt/engine/core/sso/servlets/OpenIdUtils.class */
public class OpenIdUtils {
    private static KeyPair keyPair;

    public static String getJson(Object obj) throws IOException {
        return new ObjectMapper().disableDefaultTyping().writeValueAsString(obj);
    }

    public static JWK getJWK() {
        return new RSAKey.Builder((RSAPublicKey) keyPair.getPublic()).privateKey((RSAPrivateKey) keyPair.getPrivate()).keyID("oVirt").build();
    }

    public static String createJWT(HttpServletRequest httpServletRequest, SsoSession ssoSession, String str) throws JOSEException {
        RSASSASigner rSASSASigner = new RSASSASigner(keyPair.getPrivate());
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), createJWTClaimSet(httpServletRequest, ssoSession, str));
        signedJWT.sign(rSASSASigner);
        return signedJWT.serialize();
    }

    public static String createJWT(HttpServletRequest httpServletRequest, SsoSession ssoSession, String str, String str2) throws NoSuchAlgorithmException, JOSEException {
        MACSigner mACSigner = new MACSigner(str2);
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), createJWTClaimSet(httpServletRequest, ssoSession, str));
        signedJWT.sign(mACSigner);
        return signedJWT.serialize();
    }

    private static JWTClaimsSet createJWTClaimSet(HttpServletRequest httpServletRequest, SsoSession ssoSession, String str) {
        String serverName = httpServletRequest.getServerName();
        Object[] objArr = new Object[3];
        objArr[0] = httpServletRequest.getScheme();
        objArr[1] = InetAddressUtils.isIPv6Address(serverName) ? String.format("[%s]", serverName) : serverName;
        objArr[2] = Integer.valueOf(httpServletRequest.getServerPort());
        JWTClaimsSet.Builder claim = new JWTClaimsSet.Builder().jwtID((String) ssoSession.getPrincipalRecord().get(Authz.PrincipalRecord.ID)).issueTime(ssoSession.getAuthTime()).expirationTime(new Date(ssoSession.getAuthTime().getTime() + 1800000)).issuer(String.format("%s://%s:%s", objArr)).subject(ssoSession.getUserIdWithProfile()).audience(str).claim("acr", SsoConstants.OVIRT_SSO_VERSION).claim("auth_time", ssoSession.getAuthTime()).claim("sub", ssoSession.getUserIdWithProfile()).claim("preferred_username", ssoSession.getUserIdWithProfile()).claim("email", ssoSession.getPrincipalRecord().get(Authz.PrincipalRecord.EMAIL)).claim("name", ssoSession.getPrincipalRecord().get(Authz.PrincipalRecord.FIRST_NAME)).claim("family_name", ssoSession.getPrincipalRecord().get(Authz.PrincipalRecord.FIRST_NAME)).claim("given_name", ssoSession.getPrincipalRecord().get(Authz.PrincipalRecord.FIRST_NAME));
        if (StringUtils.isNotEmpty(ssoSession.getOpenIdNonce())) {
            claim.claim(SsoConstants.HTTP_PARAM_OPENID_NONCE, ssoSession.getOpenIdNonce());
        }
        return claim.build();
    }

    static {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(1024);
            keyPair = keyPairGenerator.genKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Unable to generate KeyPair", e);
        }
    }
}
