package org.eclipse.microprofile.jwt.tck.config.jwe;

import java.io.StringReader;
import java.util.Optional;
import java.util.logging.Logger;
import javax.annotation.PostConstruct;
import javax.annotation.security.RolesAllowed;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.json.Json;
import javax.json.JsonObject;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.jwt.tck.config.SimpleTokenUtils;

@RequestScoped
@Path("/endp")
/* loaded from: input_file:org/eclipse/microprofile/jwt/tck/config/jwe/PrivateKeyEndpoint.class */
public class PrivateKeyEndpoint {
    private static Logger log = Logger.getLogger("PrivateKeyEndpoint");

    @Inject
    @ConfigProperty(name = "mp.jwt.decrypt.key.location")
    private Optional<String> location;

    @PostConstruct
    private void init() {
        log.info(String.format("PrivateKeyEndpoint.init, location: %s", this.location.orElse("missing")));
    }

    @GET
    @Path("/verifyKeyLocationAsPEMResource")
    @Produces({"application/json"})
    @RolesAllowed({"Tester"})
    public JsonObject verifyKeyLocationAsPEMResource() {
        String str;
        boolean z = false;
        if (this.location.isPresent()) {
            String str2 = this.location.get();
            log.info(String.format("verifyKeyLocationAsPEMResource, location=%s", str2));
            try {
                String readResource = SimpleTokenUtils.readResource(str2);
                log.info(String.format("verifyKeyLocationAsPEMResource, locationValue=%s", readResource));
                log.info(String.format("verifyKeyLocationAsPEMResource, privateKey=%s", SimpleTokenUtils.decodePrivateKey(readResource)));
                str = "key location as resource to PEM PASS";
                z = true;
            } catch (Exception e) {
                str = String.format("Failed to read key with exception: %s", e.getMessage());
            }
        } else {
            str = "no location property injected";
        }
        return Json.createObjectBuilder().add("pass", z).add("msg", str).build();
    }

    @GET
    @Path("/verifyKeyLocationAsJWKResource")
    @Produces({"application/json"})
    @RolesAllowed({"Tester"})
    public JsonObject verifyKeyLocationAsJWKResource(@QueryParam("kid") String str) {
        String str2;
        boolean z = false;
        if (this.location.isPresent()) {
            String str3 = this.location.get();
            log.info(String.format("verifyKeyLocationAsJWKResource, location=%s", str3));
            try {
                String readResource = SimpleTokenUtils.readResource(str3);
                log.info(String.format("verifyKeyLocationAsJWKResource, locationValue=%s", readResource));
                StringBuilder sb = new StringBuilder();
                if (verifyJWK(Json.createReader(new StringReader(readResource)).readObject(), str, sb)) {
                    log.info(String.format("verifyKeyLocationAsJWKResource, privateKey=%s", SimpleTokenUtils.decodeJWKSPrivateKey(readResource)));
                    str2 = "key location as resource to JWK PASS";
                    z = true;
                } else {
                    str2 = sb.toString();
                }
            } catch (Exception e) {
                str2 = String.format("Failed to read key with exception: %s", e.getMessage());
            }
        } else {
            str2 = "no location property injected";
        }
        return Json.createObjectBuilder().add("pass", z).add("msg", str2).build();
    }

    @GET
    @Path("/verifyKeyLocationAsJWKSResource")
    @Produces({"application/json"})
    @RolesAllowed({"Tester"})
    public JsonObject verifyKeyLocationAsJWKSResource(@QueryParam("kid") String str) {
        String str2;
        boolean z = false;
        if (this.location.isPresent()) {
            String str3 = this.location.get();
            log.info(String.format("verifyKeyLocationAsJWKSResource, location=%s", str3));
            try {
                String readResource = SimpleTokenUtils.readResource(str3);
                log.info(String.format("verifyKeyLocationAsJWKResource, locationValue=%s", readResource));
                StringBuilder sb = new StringBuilder();
                if (verifyJWK(Json.createReader(new StringReader(readResource)).readObject().getJsonArray("keys").getJsonObject(0), str, sb)) {
                    log.info(String.format("verifyKeyLocationAsJWKResource, privateKey=%s", SimpleTokenUtils.decodeJWKSPrivateKey(readResource)));
                    str2 = "key location as resource to JWKS PASS";
                    z = true;
                } else {
                    str2 = sb.toString();
                }
            } catch (Exception e) {
                str2 = String.format("Failed to read key with exception: %s", e.getMessage());
            }
        } else {
            str2 = "no location property injected";
        }
        return Json.createObjectBuilder().add("pass", z).add("msg", str2).build();
    }

    private boolean verifyJWK(JsonObject jsonObject, String str, StringBuilder sb) {
        boolean z = true;
        if (!jsonObject.getJsonString("kty").getString().equals("RSA")) {
            sb.append("key != RSA");
            z = false;
        }
        if (!jsonObject.getJsonString("use").getString().equals("enc")) {
            sb.append("use != enc");
            z = false;
        }
        if (!jsonObject.getJsonString("kid").getString().equals(str)) {
            log.info(String.format("kid != %s, was: %s", str, jsonObject.getJsonString("kid").getString()));
            sb.append(String.format("kid != %s, was: %s", str, jsonObject.getJsonString("kid").getString()));
            z = false;
        }
        if (!jsonObject.getJsonString("alg").getString().equals("RSA-OAEP")) {
            sb.append("alg != RSA-OAEP");
            z = false;
        }
        if (!jsonObject.getJsonString("e").getString().equals("AQAB")) {
            sb.append("e != AQAB");
            z = false;
        }
        if (!jsonObject.getJsonString("n").getString().startsWith("vNrRiMGbg3g4d6oApaDCQ09LeCL8Y2ig336NzPlAtzsPscp7y")) {
            sb.append("n != vNrRiMGbg3g4d6oApaDCQ09LeCL8Y2ig336NzPlAtzsPscp7y...");
            z = false;
        }
        if (!jsonObject.getJsonString("d").getString().startsWith("RQ_IHDigxB0MmUYD4o29PJwcvxwcK8YxPkmrVU-5CMiCXsPrL")) {
            sb.append("n != RQ_IHDigxB0MmUYD4o29PJwcvxwcK8YxPkmrVU-5CMiCXsPrL...");
            z = false;
        }
        if (z) {
            sb.append("key as JWKS PASS");
        }
        return z;
    }
}
