package io.keyko.common.helpers;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import io.keyko.common.exceptions.CryptoException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.time.Clock;
import java.time.Duration;
import java.util.Arrays;
import java.util.Date;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.web3j.crypto.Credentials;
import org.web3j.crypto.Keys;

/* loaded from: input_file:io/keyko/common/helpers/JwtHelper.class */
public abstract class JwtHelper {
    private static String BASE_AUD_URL = "/api/v1/gateway/services";
    private static long EXPIRES_AT = 3600;
    public static String GRANT_TYPE = "urn:ietf:params:oauth:grant-type:jwt-bearer";

    public static String generateAccessGrantToken(Credentials credentials, String str, String str2) throws CryptoException {
        return JWT.create().withIssuer(Keys.toChecksumAddress(credentials.getAddress())).withSubject(str).withAudience(new String[]{BASE_AUD_URL + "/access"}).withExpiresAt(getExpiresAt()).withClaim("did", str2).sign(credentialsToAlgorithm(credentials));
    }

    public static String generateDownloadGrantToken(Credentials credentials, String str) throws CryptoException {
        return JWT.create().withIssuer(Keys.toChecksumAddress(credentials.getAddress())).withAudience(new String[]{BASE_AUD_URL + "/download"}).withExpiresAt(getExpiresAt()).withClaim("did", str).sign(credentialsToAlgorithm(credentials));
    }

    public static String generateExecuteGrantToken(Credentials credentials, String str, String str2) throws CryptoException {
        return JWT.create().withIssuer(Keys.toChecksumAddress(credentials.getAddress())).withSubject(str).withAudience(new String[]{BASE_AUD_URL + "/execute"}).withExpiresAt(getExpiresAt()).withClaim("did", str2).sign(credentialsToAlgorithm(credentials));
    }

    public static String generateComputeGrantToken(Credentials credentials, String str, String str2) throws CryptoException {
        return JWT.create().withIssuer(Keys.toChecksumAddress(credentials.getAddress())).withSubject(str).withAudience(new String[]{BASE_AUD_URL + "/compute"}).withExpiresAt(getExpiresAt()).withClaim("execution_id", str2).sign(credentialsToAlgorithm(credentials));
    }

    private static ECPrivateKey credentialsToPrivateKey(Credentials credentials) throws InvalidKeySpecException, NoSuchAlgorithmException, NoSuchProviderException, InvalidParameterSpecException {
        BigInteger privateKey = credentials.getEcKeyPair().getPrivateKey();
        Security.addProvider(new BouncyCastleProvider());
        KeyFactory keyFactory = KeyFactory.getInstance("EC", "BC");
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC", "BC");
        algorithmParameters.init(new ECGenParameterSpec("secp256k1"));
        return (ECPrivateKey) keyFactory.generatePrivate(new ECPrivateKeySpec(privateKey, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
    }

    private static ECPublicKey credentialsToPublicKey(Credentials credentials) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException, InvalidParameterSpecException {
        byte[] serialize = Keys.serialize(credentials.getEcKeyPair());
        ECPoint eCPoint = new ECPoint(new BigInteger(1, Arrays.copyOfRange(serialize, 32, 64)), new BigInteger(1, Arrays.copyOfRange(serialize, 64, 96)));
        Security.addProvider(new BouncyCastleProvider());
        KeyFactory keyFactory = KeyFactory.getInstance("EC", "BC");
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC", "BC");
        algorithmParameters.init(new ECGenParameterSpec("secp256k1"));
        return (ECPublicKey) keyFactory.generatePublic(new ECPublicKeySpec(eCPoint, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
    }

    public static Algorithm credentialsToAlgorithm(Credentials credentials) throws CryptoException {
        try {
            return Algorithm.ECDSA256K(credentialsToPublicKey(credentials), credentialsToPrivateKey(credentials));
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException | InvalidParameterSpecException e) {
            throw new CryptoException(e.getMessage(), e);
        }
    }

    private static Date getExpiresAt() {
        return new Date(Clock.offset(Clock.systemUTC(), Duration.ofSeconds(EXPIRES_AT)).millis());
    }
}
