package io.unitycatalog.server.security;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.unitycatalog.server.UnityCatalogServer;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Date;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/unitycatalog/server/security/SecurityContext.class */
public class SecurityContext {
    private static final ObjectMapper mapper = new ObjectMapper();
    private static final Logger LOGGER = LoggerFactory.getLogger(UnityCatalogServer.class);
    private final Path certsFile;
    private final Path serviceTokenFile;
    private final RSAPublicKey rsaPublicKey;
    private final RSAPrivateKey rsaPrivateKey;
    private final Algorithm algorithm;
    private final String serviceToken;
    private final String keyId;
    private final String serviceName;
    private final String localIssuer;

    /* loaded from: input_file:io/unitycatalog/server/security/SecurityContext$Issuers.class */
    public interface Issuers {
        public static final String INTERNAL = "internal";
    }

    public SecurityContext(Path path, SecurityConfiguration securityConfiguration, String str, String str2) {
        this.serviceName = str;
        this.localIssuer = str2;
        this.certsFile = path.resolve("certs.json");
        this.serviceTokenFile = path.resolve("token.txt");
        this.rsaPublicKey = securityConfiguration.rsaPublicKey();
        this.rsaPrivateKey = securityConfiguration.rsaPrivateKey();
        this.algorithm = securityConfiguration.algorithmRSA();
        this.keyId = securityConfiguration.getKeyId();
        this.serviceToken = createServiceToken();
        createInternalCertsFile();
        createServiceTokenFile();
        LOGGER.info("--- Internal Certs Configuration --");
        LOGGER.info(getInternalCertsFile());
    }

    public String createAccessToken(DecodedJWT decodedJWT) {
        return JWT.create().withSubject(this.serviceName).withIssuer(this.localIssuer).withIssuedAt(new Date()).withKeyId(this.keyId).withJWTId(UUID.randomUUID().toString()).withClaim(JwtClaim.TOKEN_TYPE.key(), JwtTokenType.ACCESS.name()).withClaim(JwtClaim.SUBJECT.key(), decodedJWT.getClaim(JwtClaim.EMAIL.key()).isMissing() ? decodedJWT.getClaim(JwtClaim.SUBJECT.key()).asString() : decodedJWT.getClaim(JwtClaim.EMAIL.key()).asString()).sign(this.algorithm);
    }

    public String createServiceToken() {
        return JWT.create().withSubject(this.serviceName).withIssuer(this.localIssuer).withIssuedAt(new Date()).withKeyId(this.keyId).withJWTId(UUID.randomUUID().toString()).withClaim(JwtClaim.TOKEN_TYPE.key(), JwtTokenType.SERVICE.name()).withClaim(JwtClaim.SUBJECT.key(), "admin").sign(this.algorithm);
    }

    public void createInternalCertsFile() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("kid", this.keyId);
        linkedHashMap.put("use", "sig");
        linkedHashMap.put("kty", this.rsaPublicKey.getAlgorithm());
        linkedHashMap.put("alg", this.algorithm.getName());
        linkedHashMap.put("e", Base64.getUrlEncoder().encodeToString(this.rsaPublicKey.getPublicExponent().toByteArray()));
        linkedHashMap.put("n", Base64.getUrlEncoder().encodeToString(this.rsaPublicKey.getModulus().toByteArray()));
        ArrayList arrayList = new ArrayList();
        arrayList.add(linkedHashMap);
        HashMap hashMap = new HashMap();
        hashMap.put("keys", arrayList);
        Files.writeString(this.certsFile, mapper.writerWithDefaultPrettyPrinter().writeValueAsString(hashMap), new OpenOption[0]);
    }

    public String getInternalCertsFile() {
        return Files.readString(this.certsFile);
    }

    public void createServiceTokenFile() {
        Files.writeString(this.serviceTokenFile, this.serviceToken, new OpenOption[0]);
    }

    public RSAPublicKey getRsaPublicKey() {
        return this.rsaPublicKey;
    }

    public RSAPrivateKey getRsaPrivateKey() {
        return this.rsaPrivateKey;
    }

    public Algorithm getAlgorithm() {
        return this.algorithm;
    }

    public String getServiceToken() {
        return this.serviceToken;
    }

    public String getKeyId() {
        return this.keyId;
    }

    public String getServiceName() {
        return this.serviceName;
    }

    public String getLocalIssuer() {
        return this.localIssuer;
    }
}
