package io.soffa.commons.jwt;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.DirectEncrypter;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import io.soffa.commons.exceptions.TechnicalException;
import io.soffa.commons.logging.Logger;
import io.soffa.commons.support.DateUtil;
import io.soffa.commons.support.IOUtil;
import java.io.InputStream;
import java.io.Serializable;
import java.util.Date;
import java.util.Map;
import org.json.JSONObject;

/* loaded from: input_file:io/soffa/commons/jwt/JwtUtil.class */
public class JwtUtil {
    private static final Logger logger = Logger.create((Class<?>) JwtUtil.class);

    private JwtUtil() {
    }

    public static String create(String str, String str2, String str3, Map<String, Serializable> map) {
        Date date = new Date();
        JWTClaimsSet.Builder expirationTime = new JWTClaimsSet.Builder().subject(str3).issuer(str).issueTime(date).expirationTime(DateUtil.plusSeconds(date, 60));
        for (Map.Entry<String, Serializable> entry : map.entrySet()) {
            expirationTime.claim(entry.getKey(), entry.getValue());
        }
        try {
            Payload payload = new Payload(expirationTime.build().toJSONObject());
            JWEHeader jWEHeader = new JWEHeader(JWEAlgorithm.DIR, EncryptionMethod.A128CBC_HS256);
            DirectEncrypter directEncrypter = new DirectEncrypter(str2.getBytes());
            JWEObject jWEObject = new JWEObject(jWEHeader, payload);
            jWEObject.encrypt(directEncrypter);
            return jWEObject.serialize();
        } catch (JOSEException e) {
            throw new TechnicalException("Unable to create JWT", (Throwable) e);
        }
    }

    public static String fromJwks(InputStream inputStream, String str, String str2, Map<String, Serializable> map) {
        String orElseThrow = IOUtil.toString(inputStream).orElseThrow(() -> {
            return new TechnicalException("INVALID_JWK_SOURCE", new Object[0]);
        });
        if (logger.isTraceEnabled()) {
            logger.trace("Using JWK: {}", orElseThrow);
        }
        JSONObject jSONObject = new JSONObject(orElseThrow);
        if (jSONObject.has("keys")) {
            jSONObject = jSONObject.getJSONArray("keys").getJSONObject(0);
        }
        RSAKey rSAKey = JWK.parse(new net.minidev.json.JSONObject(jSONObject.toMap())).toRSAKey();
        RSASSASigner rSASSASigner = new RSASSASigner(rSAKey);
        Date date = new Date();
        JWTClaimsSet.Builder expirationTime = new JWTClaimsSet.Builder().subject(str2).issuer(str).issueTime(date).expirationTime(DateUtil.plusHours(date, 1));
        if (map != null) {
            for (Map.Entry<String, Serializable> entry : map.entrySet()) {
                expirationTime.claim(entry.getKey(), entry.getValue());
            }
        }
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(rSAKey.getKeyID()).build(), expirationTime.build());
        signedJWT.sign(rSASSASigner);
        return signedJWT.serialize();
    }
}
