package com.inet.authentication.oauth2.internal;

import com.inet.annotations.InternalApi;
import com.inet.authentication.AuthenticationDescription;
import com.inet.authentication.oauth2.api.OAuthServerDescription;
import com.inet.cache.MemoryStoreMap;
import com.inet.config.Configuration;
import com.inet.config.structure.model.FileUploadConfigProperty;
import com.inet.http.ClientMessageException;
import com.inet.lib.json.Json;
import com.inet.lib.util.EncodingFunctions;
import com.inet.lib.util.StringFunctions;
import com.inet.persistence.Persistence;
import com.inet.persistence.PersistenceEntry;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.io.SerializationException;
import io.jsonwebtoken.io.Serializer;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Base64;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.annotation.Nonnull;

/* loaded from: input_file:com/inet/authentication/oauth2/internal/AppleServerDescription.class */
public class AppleServerDescription implements OAuthServerDescription {
    private static final MemoryStoreMap<String, String> d = new MemoryStoreMap<>(604800000, false);

    /* JADX INFO: Access modifiers changed from: private */
    @InternalApi
    /* loaded from: input_file:com/inet/authentication/oauth2/internal/AppleServerDescription$AppleSerializer.class */
    public static class AppleSerializer implements Serializer<Map<String, ?>> {
        static final Serializer<Map<String, ?>> e = new AppleSerializer();

        private AppleSerializer() {
        }

        public byte[] serialize(Map<String, ?> map) throws SerializationException {
            return new Json().toJson(map).getBytes();
        }

        public void serialize(Map<String, ?> map, OutputStream outputStream) throws SerializationException {
            try {
                new Json().toJson(map, outputStream);
            } catch (IOException e2) {
                throw new SerializationException("Could not serialize", e2);
            }
        }
    }

    private PersistenceEntry a() {
        PersistenceEntry resolve = Persistence.getInstance().resolve("config/apple.privatekey.file");
        String name = resolve.getName();
        return resolve.getCryptoInstance(name.toCharArray(), name.getBytes(StandardCharsets.UTF_8));
    }

    @Override // com.inet.authentication.oauth2.api.OAuthServerDescription
    @Nonnull
    public String name() {
        return "apple";
    }

    @Override // com.inet.authentication.oauth2.api.OAuthServerDescription
    public String getColor(Map<String, String> map) {
        return "#000000";
    }

    @Override // com.inet.authentication.oauth2.api.OAuthServerDescription
    @Nonnull
    public String getScope(@Nonnull AuthenticationDescription authenticationDescription) {
        return "name email";
    }

    @Override // com.inet.authentication.oauth2.api.OAuthServerDescription
    @Nonnull
    public String getAuthenticationURL(@Nonnull AuthenticationDescription authenticationDescription) {
        return "https://appleid.apple.com/auth/authorize";
    }

    @Override // com.inet.authentication.oauth2.api.OAuthServerDescription
    public String getTokenURL(@Nonnull AuthenticationDescription authenticationDescription) {
        return "https://appleid.apple.com/auth/oauth2/v2/token";
    }

    @Override // com.inet.authentication.oauth2.api.OAuthServerDescription
    public String getAuthenticationURL(AuthenticationDescription authenticationDescription, String str, String str2) {
        return super.getAuthenticationURL(authenticationDescription, str, str2) + "&response_mode=form_post";
    }

    @Override // com.inet.authentication.oauth2.api.OAuthServerDescription
    public String getTokenData(AuthenticationDescription authenticationDescription, String str, String str2) {
        String str3 = (String) authenticationDescription.getSettings().get(OAuthServerDescription.CLIENT_ID);
        String a = a(str3, (String) authenticationDescription.getSettings().get("apple.team.id"), (String) authenticationDescription.getSettings().get("apple.key.id"));
        StringBuilder sb = new StringBuilder();
        sb.append("grant_type=authorization_code&code=");
        sb.append(EncodingFunctions.encodeUrlParameter(str2));
        sb.append("&redirect_uri=");
        sb.append(EncodingFunctions.encodeUrlParameter(str));
        sb.append("&client_id=");
        sb.append(EncodingFunctions.encodeUrlParameter(str3));
        if (!StringFunctions.isEmpty(a)) {
            sb.append("&client_secret=");
            sb.append(EncodingFunctions.encodeUrlParameter(a));
        }
        return sb.toString();
    }

    private String a(String str, String str2, String str3) {
        String str4 = (String) d.get("apple.privatekey.file");
        if (StringFunctions.isEmpty(str4)) {
            str4 = a(a().getString(), str, str2, str3);
            d.put("apple.privatekey.file", str4);
        }
        return str4;
    }

    @Nonnull
    public static String a(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull String str4) {
        try {
            Objects.requireNonNull(str2);
            Objects.requireNonNull(str3);
            Objects.requireNonNull(str4);
            return ((JwtBuilder) ((JwtBuilder) Jwts.builder().json(AppleSerializer.e).header().add("alg", "ES256").add("kid", str4).and()).issuer(str3).issuedAt(Date.from(Instant.now())).expiration(Date.from(Instant.now().plus(7L, (TemporalUnit) ChronoUnit.DAYS))).audience().add("https://appleid.apple.com").and()).subject(str2).signWith(KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(str.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replaceAll("\\s+", "")))), Jwts.SIG.ES256).compact();
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new ClientMessageException(e.getMessage());
        }
    }

    @Override // com.inet.authentication.oauth2.api.OAuthServerDescription
    public InputStream getAvatar(String str) {
        return super.getAvatar(str);
    }

    @Override // com.inet.authentication.oauth2.api.OAuthServerDescription
    public Map<String, String> applySettings(Map<String, String> map, Configuration configuration, List<Map<String, String>> list) {
        Map<String, String> applySettings = super.applySettings(map, configuration, list);
        applySettings.put(OAuthServerDescription.CLIENT_SECRET, null);
        try {
            a().setInputStream(FileUploadConfigProperty.decodeUploadData(applySettings.remove("apple.privatekey.file")));
        } catch (IOException e) {
        }
        return applySettings;
    }

    @Override // com.inet.authentication.oauth2.api.OAuthServerDescription
    public void transformGuiProperties(Map<String, Object> map) {
        super.transformGuiProperties(map);
    }

    @Override // com.inet.authentication.oauth2.api.OAuthServerDescription
    public String getIconURL(Map<String, String> map) {
        try {
            return f.class.getResource("apple.svg").toString();
        } catch (Exception e) {
            return super.getIconURL(map);
        }
    }
}
