package org.zowe.apiml.gateway.security.login.zosmf;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.text.ParseException;
import java.util.Base64;
import java.util.Calendar;
import java.util.Date;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.zowe.apiml.security.HttpsConfig;
import org.zowe.apiml.security.SecurityUtils;

/* loaded from: input_file:org/zowe/apiml/gateway/security/login/zosmf/JwkToPublicKeyConverter.class */
public class JwkToPublicKeyConverter {
    public String convertFirstPublicKeyJwkToPem(String str, String str2, String str3, String str4, char[] cArr, char[] cArr2) {
        try {
            HttpsConfig build = HttpsConfig.builder().keyAlias(str2).keyStore(str3).keyStoreType(str4).keyStorePassword(cArr).keyPassword(cArr2).build();
            KeyStore loadKeyStore = SecurityUtils.loadKeyStore(build);
            Certificate certificate = loadKeyStore.getCertificate(build.getKeyAlias());
            PrivateKey privateKey = (PrivateKey) loadKeyStore.getKey(build.getKeyAlias(), build.getKeyPassword());
            SubjectPublicKeyInfo extractPublicKey = extractPublicKey(str);
            ContentSigner build2 = new JcaContentSignerBuilder("Sha256With" + privateKey.getAlgorithm()).build(privateKey);
            Date date = new Date();
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(date);
            calendar.add(1, 10);
            return certificateHolderToPem(new X509v3CertificateBuilder(new X509CertificateHolder(certificate.getEncoded()).getSubject(), new BigInteger(Long.toString(System.currentTimeMillis())), date, calendar.getTime(), new X500Name(new RDN[]{new RDN(BCStyle.CN, new DERPrintableString("Zowe JWT Public Key"))}), extractPublicKey).addExtension(Extension.subjectKeyIdentifier, false, new BcX509ExtensionUtils().createSubjectKeyIdentifier(extractPublicKey)).addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth})).addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(certificate.getPublicKey())).build(build2));
        } catch (ParseException | JOSEException | IOException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException | OperatorCreationException | KeyStoreException e) {
            throw new JwkConversionError(e);
        }
    }

    private SubjectPublicKeyInfo extractPublicKey(String str) throws JOSEException, ParseException, IOException {
        return (SubjectPublicKeyInfo) new PEMParser(new StringReader(convertFirstPublicKeyJwkToPublicKeyPem(str))).readObject();
    }

    private String certificateHolderToPem(X509CertificateHolder x509CertificateHolder) throws CertificateException, IOException {
        StringWriter stringWriter = new StringWriter();
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()));
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        jcaPEMWriter.writeObject(generateCertificate);
        jcaPEMWriter.flush();
        return stringWriter.toString();
    }

    String convertFirstPublicKeyJwkToPublicKeyPem(String str) throws JOSEException, ParseException {
        String encodeToString = Base64.getEncoder().encodeToString(((JWK) JWKSet.parse(str).toPublicJWKSet().getKeys().get(0)).toRSAKey().toPublicKey().getEncoded());
        StringBuilder sb = new StringBuilder();
        sb.append("-----BEGIN PUBLIC KEY-----");
        for (int i = 0; i < encodeToString.length(); i++) {
            if (i % 64 == 0 && i != encodeToString.length() - 1) {
                sb.append("\n");
            }
            sb.append(encodeToString.charAt(i));
        }
        sb.append("\n");
        sb.append("-----END PUBLIC KEY-----\n");
        return sb.toString();
    }
}
