package fish.payara.microprofile.jwtauth.eesecurity;

import fish.payara.microprofile.jwtauth.jwt.JsonWebTokenImpl;
import fish.payara.microprofile.jwtauth.jwt.JwtTokenParser;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.HashSet;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.enterprise.identitystore.CredentialValidationResult;
import javax.security.enterprise.identitystore.IdentityStore;
import org.apache.derby.impl.services.locks.Timeout;
import org.glassfish.grizzly.http.server.Constants;

/* loaded from: input_file:fish/payara/microprofile/jwtauth/eesecurity/SignedJWTIdentityStore.class */
public class SignedJWTIdentityStore implements IdentityStore {
    private static final Logger logger = Logger.getLogger(SignedJWTIdentityStore.class.getName());
    private final JwtTokenParser jwtTokenParser = new JwtTokenParser();
    private String acceptedIssuer;

    public SignedJWTIdentityStore() {
        try {
            Properties properties = new Properties();
            properties.load(Thread.currentThread().getContextClassLoader().getResource("/payara-mp-jwt.properties").openStream());
            this.acceptedIssuer = properties.getProperty("accepted.issuer");
        } catch (IOException e) {
            throw new IllegalStateException("Failed to load properties", e);
        }
    }

    public CredentialValidationResult validate(SignedJWTCredential signedJWTCredential) {
        try {
            JsonWebTokenImpl parse = this.jwtTokenParser.parse(signedJWTCredential.getSignedJWT(), this.acceptedIssuer, readPublicKey("/publicKey.pem"));
            return new CredentialValidationResult(parse, new HashSet(new ArrayList((Collection) parse.getClaim("groups"))));
        } catch (Exception e) {
            logger.log(Level.FINEST, "Exception trying to parse JWT token.", (Throwable) e);
            return CredentialValidationResult.INVALID_RESULT;
        }
    }

    public PublicKey readPublicKey(String str) throws Exception {
        byte[] bArr = new byte[16384];
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(new String(bArr, 0, Thread.currentThread().getContextClassLoader().getResource(str).openStream().read(bArr)).replaceAll("-----BEGIN (.*)-----", "").replaceAll("-----END (.*)----", "").replaceAll(Constants.CRLF, "").replaceAll(Timeout.newline, "").trim())));
    }
}
