package de.adorsys.opba.api.security.internal.service;

import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.beans.ConstructorProperties;
import java.time.Duration;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import lombok.Generated;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/lib/opba-api-security-0.20.0.2-RC1.jar:de/adorsys/opba/api/security/internal/service/TokenBasedAuthService.class */
public class TokenBasedAuthService {
    private final JWSHeader jwsHeader;
    private final JWSSigner jwsSigner;
    private final JWSVerifier verifier;

    public String generateToken(String str, Duration duration) {
        ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
        SignedJWT signedJWT = new SignedJWT(this.jwsHeader, new JWTClaimsSet.Builder().expirationTime(Date.from(now.plus((TemporalAmount) duration).toInstant())).issueTime(Date.from(now.toInstant())).subject(String.valueOf(str)).build());
        signedJWT.sign(this.jwsSigner);
        return signedJWT.serialize();
    }

    public String validateTokenAndGetSubject(String str) {
        if (str != null) {
            if (!"".equals(str)) {
                SignedJWT parse = SignedJWT.parse(str);
                if (!parse.verify(this.verifier)) {
                    throw new IllegalArgumentException("Wrong token");
                }
                if (Instant.now().isAfter(parse.getJWTClaimsSet().getExpirationTime().toInstant())) {
                    throw new IllegalArgumentException("Expired token");
                }
                return parse.getJWTClaimsSet().getSubject();
            }
        }
        throw new IllegalArgumentException("Missing token");
    }

    @Generated
    @ConstructorProperties({"jwsHeader", "jwsSigner", "verifier"})
    public TokenBasedAuthService(JWSHeader jWSHeader, JWSSigner jWSSigner, JWSVerifier jWSVerifier) {
        this.jwsHeader = jWSHeader;
        this.jwsSigner = jWSSigner;
        this.verifier = jWSVerifier;
    }
}
