package io.vertx.up.secure.provider;

import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.file.FileSystem;
import io.vertx.core.json.Json;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.jwt.JWTAuthOptions;
import io.vertx.ext.auth.jwt.impl.JWTUser;
import io.vertx.ext.jwt.JWT;
import io.vertx.ext.jwt.JWTOptions;
import io.vertx.up.aiki.Ux;
import io.vertx.up.exception._401JwtAudientException;
import io.vertx.up.exception._401JwtExecutorException;
import io.vertx.up.exception._401JwtExpiredException;
import io.vertx.up.exception._401JwtIssuerException;
import io.vertx.up.exception._500JwtRuntimeException;
import java.util.Collections;
import java.util.function.Function;

/* loaded from: input_file:io/vertx/up/secure/provider/JwtAuthProvider.class */
public class JwtAuthProvider implements JwtAuth {
    private static final JsonArray EMPTY_ARRAY = new JsonArray();
    private final JWT jwt;
    private final String permissionsClaimKey;
    private final JWTOptions jwtOptions;
    private final Function<JsonObject, Future<Boolean>> executor;

    public JwtAuthProvider(Vertx vertx, JWTAuthOptions jWTAuthOptions, Function<JsonObject, Future<Boolean>> function) {
        this.executor = function;
        this.permissionsClaimKey = jWTAuthOptions.getPermissionsClaimKey();
        this.jwtOptions = jWTAuthOptions.getJWTOptions();
        FileSystem fileSystem = vertx.fileSystem();
        fileSystem.getClass();
        this.jwt = Ux.Jwt.create(jWTAuthOptions, (Function<String, Buffer>) fileSystem::readFileBlocking);
    }

    public void authenticate(JsonObject jsonObject, Handler<AsyncResult<User>> handler) {
        (null == this.executor ? authorize(jsonObject) : this.executor.apply(jsonObject).compose(bool -> {
            return bool.booleanValue() ? authorize(jsonObject) : Future.failedFuture(new _401JwtExecutorException(getClass(), jsonObject.getString("jwt")));
        })).setHandler(handler);
    }

    private Future<User> authorize(JsonObject jsonObject) {
        try {
            JsonObject decode = this.jwt.decode(jsonObject.getString("jwt"));
            if (this.jwt.isExpired(decode, this.jwtOptions)) {
                return Future.failedFuture(new _401JwtExpiredException(getClass(), decode));
            }
            if (this.jwtOptions.getAudience() != null) {
                if (Collections.disjoint(this.jwtOptions.getAudience(), (decode.getValue("aud") instanceof String ? new JsonArray().add(decode.getValue("aud", "")) : decode.getJsonArray("aud", EMPTY_ARRAY)).getList())) {
                    return Future.failedFuture(new _401JwtAudientException(getClass(), Json.encode(this.jwtOptions.getAudience())));
                }
            }
            return (this.jwtOptions.getIssuer() == null || this.jwtOptions.getIssuer().equals(decode.getString("iss"))) ? Future.succeededFuture(new JWTUser(decode, this.permissionsClaimKey)) : Future.failedFuture(new _401JwtIssuerException(getClass(), decode.getString("iss")));
        } catch (RuntimeException e) {
            return Future.failedFuture(new _500JwtRuntimeException(getClass(), e));
        }
    }

    @Override // io.vertx.up.secure.provider.JwtAuth
    public String generateToken(JsonObject jsonObject, JWTOptions jWTOptions) {
        JsonObject copy = jsonObject.copy();
        if (jWTOptions.getPermissions() != null && !copy.containsKey(this.permissionsClaimKey)) {
            copy.put(this.permissionsClaimKey, new JsonArray(jWTOptions.getPermissions()));
        }
        return this.jwt.sign(copy, jWTOptions);
    }
}
