package org.jclouds.oauth.v2.functions;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.List;
import javax.inject.Inject;
import javax.inject.Named;
import org.jclouds.json.Json;
import org.jclouds.oauth.v2.config.Authorization;
import org.jclouds.oauth.v2.config.OAuthProperties;
import org.jclouds.openstack.swift.v1.reference.SwiftHeaders;
import org.jclouds.rest.AuthorizationException;
import shaded.com.google.common.base.Charsets;
import shaded.com.google.common.base.Function;
import shaded.com.google.common.base.Joiner;
import shaded.com.google.common.base.Preconditions;
import shaded.com.google.common.base.Supplier;
import shaded.com.google.common.collect.ImmutableList;
import shaded.com.google.common.io.BaseEncoding;

/* loaded from: input_file:WEB-INF/lib/jclouds-shaded-2.3.0.jar:org/jclouds/oauth/v2/functions/ClaimsToAssertion.class */
public final class ClaimsToAssertion implements Function<Object, String> {
    private static final List<String> SUPPORTED_ALGS = ImmutableList.of("RS256", "none");
    private final Supplier<PrivateKey> privateKey;
    private final Json json;
    private final String alg;

    @Inject
    ClaimsToAssertion(@Named("jclouds.oauth.jws-alg") String str, @Authorization Supplier<PrivateKey> supplier, Json json) {
        this.alg = str;
        Preconditions.checkArgument(SUPPORTED_ALGS.contains(str), "%s %s not in supported list", OAuthProperties.JWS_ALG, str, SUPPORTED_ALGS);
        this.privateKey = supplier;
        this.json = json;
    }

    @Override // shaded.com.google.common.base.Function, java.util.function.Function
    public String apply(Object obj) {
        String format = String.format("{\"alg\":\"%s\",\"typ\":\"JWT\"}", this.alg);
        String json = this.json.toJson(obj);
        String encode = BaseEncoding.base64Url().omitPadding().encode(format.getBytes(Charsets.UTF_8));
        String encode2 = BaseEncoding.base64Url().omitPadding().encode(json.getBytes(Charsets.UTF_8));
        byte[] sha256 = this.alg.equals("none") ? null : sha256(this.privateKey.get(), Joiner.on(".").join(encode, encode2, new Object[0]).getBytes(Charsets.UTF_8));
        return Joiner.on(".").join(encode, encode2, sha256 != null ? BaseEncoding.base64Url().omitPadding().encode(sha256) : SwiftHeaders.CONTAINER_ACL_PRIVATE);
    }

    static byte[] sha256(PrivateKey privateKey, byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException e) {
            throw new AuthorizationException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AssertionError(e2);
        } catch (SignatureException e3) {
            throw new AuthorizationException(e3);
        }
    }
}
