package io.convergence_platform.services;

import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import com.auth0.jwt.interfaces.DecodedJWT;
import io.convergence_platform.common.exceptions.ManagedApiException;
import io.convergence_platform.common.helpers.ExceptionHelper;
import io.convergence_platform.common.responses.Errors;
import java.io.StringReader;
import java.security.KeyPair;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:io/convergence_platform/services/SecurityHelper.class */
public class SecurityHelper {
    public static Algorithm getJwtAlgorithm(String str) {
        return (Algorithm) ExceptionHelper.executeWithValue(() -> {
            PEMParser pEMParser = new PEMParser(new StringReader(str.replace("\\n", "\n").replace("\"", "")));
            KeyPair keyPair = new JcaPEMKeyConverter().getKeyPair((PEMKeyPair) pEMParser.readObject());
            pEMParser.close();
            return Algorithm.ECDSA512((ECPublicKey) keyPair.getPublic(), (ECPrivateKey) keyPair.getPrivate());
        });
    }

    public static DecodedJWT verifyJwt(JWTVerifier jWTVerifier, String str) {
        try {
            return jWTVerifier.verify(str);
        } catch (SignatureVerificationException e) {
            throw new ManagedApiException(HttpStatus.FORBIDDEN.value(), Errors.ERR_ACCESS_DENIED, "The authorization token signature is invalid.");
        } catch (TokenExpiredException e2) {
            throw new ManagedApiException(HttpStatus.FORBIDDEN.value(), Errors.EXPIRED_AUTHORIZATION_TOKEN, "The authorization token is expired, please sign-in again.");
        }
    }
}
