package org.apache.pulsar.broker.authentication.utils;

import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.Optional;
import javax.crypto.SecretKey;
import org.apache.pulsar.client.api.url.URL;
import org.apache.pulsar.functions.runtime.shaded.com.google.common.io.ByteStreams;
import org.apache.pulsar.functions.runtime.shaded.io.jsonwebtoken.JwtBuilder;
import org.apache.pulsar.functions.runtime.shaded.io.jsonwebtoken.Jwts;
import org.apache.pulsar.functions.runtime.shaded.io.jsonwebtoken.SignatureAlgorithm;
import org.apache.pulsar.functions.runtime.shaded.io.jsonwebtoken.io.Decoders;
import org.apache.pulsar.functions.runtime.shaded.io.jsonwebtoken.io.Encoders;
import org.apache.pulsar.functions.runtime.shaded.io.jsonwebtoken.security.Keys;

/* loaded from: input_file:org/apache/pulsar/broker/authentication/utils/AuthTokenUtils.class */
public final class AuthTokenUtils {
    public static SecretKey createSecretKey(SignatureAlgorithm signatureAlgorithm) {
        return Keys.secretKeyFor(signatureAlgorithm);
    }

    public static SecretKey decodeSecretKey(byte[] bArr) {
        return Keys.hmacShaKeyFor(bArr);
    }

    public static PrivateKey decodePrivateKey(byte[] bArr, SignatureAlgorithm signatureAlgorithm) throws IOException {
        try {
            return KeyFactory.getInstance(keyTypeForSignatureAlgorithm(signatureAlgorithm)).generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (Exception e) {
            throw new IOException("Failed to decode private key", e);
        }
    }

    public static PublicKey decodePublicKey(byte[] bArr, SignatureAlgorithm signatureAlgorithm) throws IOException {
        try {
            return KeyFactory.getInstance(keyTypeForSignatureAlgorithm(signatureAlgorithm)).generatePublic(new X509EncodedKeySpec(bArr));
        } catch (Exception e) {
            throw new IOException("Failed to decode public key", e);
        }
    }

    private static String keyTypeForSignatureAlgorithm(SignatureAlgorithm signatureAlgorithm) {
        if (signatureAlgorithm.getFamilyName().equals("RSA")) {
            return "RSA";
        }
        if (signatureAlgorithm.getFamilyName().equals("ECDSA")) {
            return "EC";
        }
        throw new IllegalArgumentException("The " + signatureAlgorithm.name() + " algorithm does not support Key Pairs.");
    }

    public static String encodeKeyBase64(Key key) {
        return Encoders.BASE64.encode(key.getEncoded());
    }

    public static String createToken(Key key, String str, Optional<Date> optional) {
        JwtBuilder signWith = Jwts.builder().setSubject(str).signWith(key);
        if (optional.isPresent()) {
            signWith.setExpiration(optional.get());
        }
        return signWith.compact();
    }

    public static byte[] readKeyFromUrl(String str) throws IOException {
        if (!str.startsWith("data:") && !str.startsWith("file:")) {
            return Decoders.BASE64.decode(str);
        }
        try {
            return ByteStreams.toByteArray((InputStream) new URL(str).getContent());
        } catch (Exception e) {
            throw new IOException(e);
        }
    }

    private AuthTokenUtils() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }
}
