package ca.pjer.iam;

import ca.pjer.iam.config.TokenServiceProperties;
import java.util.List;
import java.util.Map;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.apache.logging.log4j.util.Strings;
import org.jose4j.jwk.HttpsJwks;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.jose4j.keys.resolvers.HttpsJwksVerificationKeyResolver;
import org.jose4j.keys.resolvers.JwksVerificationKeyResolver;
import org.jose4j.keys.resolvers.VerificationKeyResolver;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:ca/pjer/iam/JoseTokenService.class */
public class JoseTokenService implements TokenService {
    private final String issuer;
    private final String audience;
    private final Supplier<JsonWebKey> keySupplier;
    private final VerificationKeyResolver keyResolver;

    public JoseTokenService(TokenServiceProperties tokenServiceProperties) {
        this.issuer = tokenServiceProperties.getIssuer();
        this.audience = tokenServiceProperties.getAudience();
        if (!tokenServiceProperties.getJwks().isEmpty()) {
            List list = (List) tokenServiceProperties.getJwks().stream().map(this::createJsonWebKeyFromParams).collect(Collectors.toList());
            JsonWebKey jsonWebKey = (JsonWebKey) list.get(0);
            this.keySupplier = () -> {
                return jsonWebKey;
            };
            this.keyResolver = new JwksVerificationKeyResolver(list);
            return;
        }
        if (Strings.isBlank(tokenServiceProperties.getJkwsUri())) {
            this.keySupplier = null;
            this.keyResolver = null;
        } else {
            HttpsJwks httpsJwks = new HttpsJwks(tokenServiceProperties.getJkwsUri());
            this.keySupplier = () -> {
                try {
                    return (JsonWebKey) httpsJwks.getJsonWebKeys().get(0);
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            };
            this.keyResolver = new HttpsJwksVerificationKeyResolver(httpsJwks);
        }
    }

    private JsonWebKey createJsonWebKeyFromParams(Map<String, Object> map) {
        try {
            return JsonWebKey.Factory.newJwk(map);
        } catch (JoseException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    @Override // ca.pjer.iam.TokenService
    public String create(Map<String, Object> map) {
        if (this.keySupplier == null) {
            throw new UnsupportedOperationException("Cannot create token");
        }
        JsonWebKey jsonWebKey = this.keySupplier.get();
        if (jsonWebKey == null) {
            throw new UnsupportedOperationException("Cannot create token");
        }
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.getClass();
        map.forEach(jwtClaims::setClaim);
        jwtClaims.setIssuer(this.issuer);
        jwtClaims.setIssuedAt(NumericDate.now());
        jwtClaims.setAudience(this.audience);
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setKey(jsonWebKey.getKey());
        jsonWebSignature.setKeyIdHeaderValue(jsonWebKey.getKeyId());
        jsonWebSignature.setAlgorithmHeaderValue(jsonWebKey.getAlgorithm());
        jsonWebSignature.setPayload(jwtClaims.toJson());
        try {
            return jsonWebSignature.getCompactSerialization();
        } catch (JoseException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    @Override // ca.pjer.iam.TokenService
    public Map<String, Object> parse(String str) {
        JwtConsumerBuilder jwtConsumerBuilder = new JwtConsumerBuilder();
        jwtConsumerBuilder.setRequireSubject();
        if (!Strings.isBlank(this.issuer)) {
            jwtConsumerBuilder.setExpectedIssuer(this.issuer);
        }
        if (!Strings.isBlank(this.audience)) {
            jwtConsumerBuilder.setExpectedAudience(new String[]{this.audience});
        }
        if (this.keyResolver != null) {
            jwtConsumerBuilder.setVerificationKeyResolver(this.keyResolver);
        }
        try {
            return jwtConsumerBuilder.build().processToClaims(str).getClaimsMap();
        } catch (InvalidJwtException e) {
            throw new RuntimeException((Throwable) e);
        }
    }
}
