package org.cloudfoundry.reactor.uaa;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.impl.Base64Codec;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import org.cloudfoundry.reactor.ConnectionContext;
import org.cloudfoundry.reactor.TokenProvider;
import org.cloudfoundry.uaa.tokens.GetTokenKeyRequest;
import org.cloudfoundry.uaa.tokens.GetTokenKeyResponse;
import org.cloudfoundry.uaa.tokens.Tokens;
import org.cloudfoundry.util.tuple.TupleUtils;
import reactor.core.publisher.Mono;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/cloudfoundry/reactor/uaa/UsernameProvider.class */
public final class UsernameProvider {
    private static final Base64Codec BASE64 = new Base64Codec();
    private static final String BEGIN = "-----BEGIN PUBLIC KEY-----";
    private static final String END = "-----END PUBLIC KEY-----";
    private final ConnectionContext connectionContext;
    private final TokenProvider tokenProvider;
    private final Tokens tokens;

    /* JADX INFO: Access modifiers changed from: package-private */
    public UsernameProvider(ConnectionContext connectionContext, TokenProvider tokenProvider, Tokens tokens) {
        this.connectionContext = connectionContext;
        this.tokenProvider = tokenProvider;
        this.tokens = tokens;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<String> get() {
        return Mono.when(getSigningKey(this.tokens), this.tokenProvider.getToken(this.connectionContext)).map(TupleUtils.function(UsernameProvider::getUsername));
    }

    private static PublicKey generateKey(String str) {
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(BASE64.decode(str)));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    private static Mono<PublicKey> getSigningKey(Tokens tokens) {
        return requestTokenKey(tokens).map((v0) -> {
            return v0.getValue();
        }).map(str -> {
            return str.replace(BEGIN, "").replace(END, "").trim();
        }).map(UsernameProvider::generateKey);
    }

    private static String getUsername(PublicKey publicKey, String str) {
        return (String) ((Claims) Jwts.parser().setSigningKey(publicKey).parseClaimsJws(str).getBody()).get("user_name", String.class);
    }

    private static Mono<GetTokenKeyResponse> requestTokenKey(Tokens tokens) {
        return tokens.getKey(GetTokenKeyRequest.builder().build());
    }
}
