package com.goinstant.auth;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;

/* loaded from: input_file:com/goinstant/auth/Signer.class */
public class Signer {
    private JWSSigner hmac;
    private static final JOSEObjectType TYP_JWT = new JOSEObjectType("JWT");
    private static final Set<String> RESERVED_CLAIMS;
    private static final Set<String> GROUP_RESERVED_CLAIMS;
    private static final List<String> AUDIENCE;
    private static final JWSHeader DEFAULT_HEADER;

    public Signer(String str) {
        byte[] parseKey = parseKey(str);
        if (parseKey.length < 32) {
            throw new IllegalArgumentException("secretKey is too short (must be >= 32 bytes after decoding)");
        }
        this.hmac = new MACSigner(parseKey);
    }

    public static byte[] parseKey(String str) {
        return new Base64(str.replace('-', '+').replace('_', '/')).decode();
    }

    public String sign(User user) {
        return sign(user, null);
    }

    public String sign(User user, Map<String, Object> map) {
        JWSHeader convertHeaders;
        if (map != null) {
            try {
                if (!map.isEmpty()) {
                    convertHeaders = convertHeaders(map);
                    SignedJWT signedJWT = new SignedJWT(convertHeaders, userToClaims(user));
                    signedJWT.sign(this.hmac);
                    return signedJWT.serialize();
                }
            } catch (JOSEException e) {
                return null;
            }
        }
        convertHeaders = DEFAULT_HEADER;
        SignedJWT signedJWT2 = new SignedJWT(convertHeaders, userToClaims(user));
        signedJWT2.sign(this.hmac);
        return signedJWT2.serialize();
    }

    private static void checkIdAndDn(String str, String str2) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("id must be a non-empty String");
        }
        if (str2 != null && str2.length() == 0) {
            throw new IllegalArgumentException("displayName must be a non-empty String");
        }
    }

    private static JWTClaimsSet userToClaims(User user) {
        JWTClaimsSet jWTClaimsSet = new JWTClaimsSet();
        String id = user.getID();
        String displayName = user.getDisplayName();
        checkIdAndDn(id, displayName);
        String domain = user.getDomain();
        if (domain == null || domain.length() == 0) {
            throw new IllegalArgumentException("domain must be a non-empty String");
        }
        jWTClaimsSet.setAudience(AUDIENCE);
        jWTClaimsSet.setSubject(id);
        jWTClaimsSet.setIssuer(domain);
        jWTClaimsSet.setCustomClaim("dn", displayName != null ? displayName : id);
        for (Map.Entry<String, Object> entry : user.getCustomClaims().entrySet()) {
            String key = entry.getKey();
            if (RESERVED_CLAIMS.contains(key)) {
                throw new IllegalArgumentException("The '" + key + "' claim cannot be custom for a User");
            }
            jWTClaimsSet.setClaim(key, entry.getValue());
        }
        Set<Group> groups = user.getGroups();
        if (groups.size() > 0) {
            ArrayList arrayList = new ArrayList(groups.size());
            Iterator<Group> it = groups.iterator();
            while (it.hasNext()) {
                arrayList.add(groupToMap(it.next()));
            }
            jWTClaimsSet.setCustomClaim("g", arrayList);
        }
        return jWTClaimsSet;
    }

    private static Map<String, Object> groupToMap(Group group) {
        TreeMap treeMap = new TreeMap();
        String id = group.getID();
        String displayName = group.getDisplayName();
        checkIdAndDn(id, displayName);
        treeMap.put("id", id);
        treeMap.put("dn", displayName);
        for (Map.Entry<String, Object> entry : group.getCustomClaims().entrySet()) {
            String key = entry.getKey();
            if (GROUP_RESERVED_CLAIMS.contains(key)) {
                throw new IllegalArgumentException("The '" + key + "' claim cannot be custom for a Group");
            }
            treeMap.put(key, entry.getValue());
        }
        return treeMap;
    }

    private static JWSHeader makeHeader() {
        JWSHeader jWSHeader = new JWSHeader(JWSAlgorithm.HS256);
        jWSHeader.setType(TYP_JWT);
        return jWSHeader;
    }

    private static JWSHeader convertHeaders(Map<String, Object> map) {
        JWSHeader makeHeader = makeHeader();
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            String key = entry.getKey();
            Object value = entry.getValue();
            if (key.equals("alg") || key.equals("typ")) {
                break;
            }
            if (key.equals("kid")) {
                makeHeader.setKeyID((String) value);
            } else if (key.equals("cty")) {
                makeHeader.setContentType((String) value);
            } else if (key.equals("jku")) {
                makeHeader.setJWKURL((URL) value);
            } else if (key.equals("jwk")) {
                makeHeader.setJWK((JWK) value);
            } else if (key.equals("x5u")) {
                makeHeader.setX509CertURL((URL) value);
            } else if (key.equals("x5t")) {
                makeHeader.setX509CertThumbprint((Base64URL) value);
            } else if (key.equals("x5c")) {
                makeHeader.setX509CertChain((List) value);
            } else if (key.equals("crit")) {
                makeHeader.setCriticalHeaders((Set) value);
            } else {
                makeHeader.setCustomParameter(key, value);
            }
        }
        return makeHeader;
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add("aud");
        hashSet.add("dn");
        hashSet.add("g");
        hashSet.add("iss");
        hashSet.add("sub");
        RESERVED_CLAIMS = Collections.unmodifiableSet(hashSet);
        HashSet hashSet2 = new HashSet();
        hashSet2.add("dn");
        hashSet2.add("id");
        GROUP_RESERVED_CLAIMS = Collections.unmodifiableSet(hashSet2);
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(0, "goinstant.net");
        AUDIENCE = Collections.unmodifiableList(arrayList);
        DEFAULT_HEADER = makeHeader();
    }
}
