package net.trajano.ms.vertx.beans;

import javax.ws.rs.InternalServerErrorException;
import net.trajano.ms.core.CryptoOps;
import org.jose4j.jwk.HttpsJwks;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.jose4j.keys.resolvers.HttpsJwksVerificationKeyResolver;
import org.jose4j.lang.JoseException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/ms-common-impl-1.1.15.jar:net/trajano/ms/vertx/beans/JcaCryptoOps.class */
public class JcaCryptoOps implements CryptoOps {

    @Autowired
    private CachedDataProvider cachedDataProvider;

    @Autowired
    private TokenGenerator tokenGenerator;

    @Override // net.trajano.ms.core.CryptoOps
    public String newToken() {
        return this.tokenGenerator.newToken();
    }

    @Override // net.trajano.ms.core.CryptoOps
    public String sign(JwtClaims jwtClaims) {
        try {
            RsaJsonWebKey aSigningKey = this.cachedDataProvider.getASigningKey();
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.setPayload(jwtClaims.toJson());
            jsonWebSignature.setKeyIdHeaderValue(aSigningKey.getKeyId());
            jsonWebSignature.setKey(aSigningKey.getPrivateKey());
            jsonWebSignature.setAlgorithmHeaderValue(aSigningKey.getAlgorithm());
            jsonWebSignature.sign();
            return jsonWebSignature.getCompactSerialization();
        } catch (JoseException e) {
            throw new InternalServerErrorException(e);
        }
    }

    @Override // net.trajano.ms.core.CryptoOps
    public JwtClaims toClaimsSet(String str, String str2, HttpsJwks httpsJwks) {
        JwtConsumerBuilder verificationKeyResolver = new JwtConsumerBuilder().setVerificationKeyResolver(new HttpsJwksVerificationKeyResolver(httpsJwks));
        if (str2 == null) {
            verificationKeyResolver.setSkipDefaultAudienceValidation();
        } else {
            verificationKeyResolver.setExpectedAudience(str2);
        }
        try {
            return verificationKeyResolver.build().processToClaims(str);
        } catch (InvalidJwtException e) {
            throw new InternalServerErrorException(e);
        }
    }
}
