package one.microproject.iamservice.client;

import io.jsonwebtoken.Jwt;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SigningKeyResolver;
import io.jsonwebtoken.impl.DefaultClaims;
import java.math.BigInteger;
import java.net.URISyntaxException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Base64;
import java.util.Iterator;
import java.util.Optional;
import java.util.Set;
import one.microproject.iamservice.client.impl.JWKSigningKeyResolver;
import one.microproject.iamservice.client.impl.ProviderSigningKeyResolver;
import one.microproject.iamservice.core.KeyProvider;
import one.microproject.iamservice.core.dto.JWKData;
import one.microproject.iamservice.core.dto.JWKResponse;
import one.microproject.iamservice.core.dto.StandardTokenClaims;
import one.microproject.iamservice.core.model.JWToken;
import one.microproject.iamservice.core.model.OrganizationId;
import one.microproject.iamservice.core.model.Permission;
import one.microproject.iamservice.core.model.ProjectId;
import one.microproject.iamservice.core.model.TokenType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:one/microproject/iamservice/client/JWTUtils.class */
public final class JWTUtils {
    private static final Logger LOG = LoggerFactory.getLogger(JWTUtils.class);
    public static final String ALGORITHM = "RSA";
    public static final String BC_PROVIDER = "BC";
    public static final String AUTHORIZATION = "Authorization";
    public static final String BEARER_PREFIX = "Bearer ";
    public static final String SCOPE = "scope";

    private JWTUtils() {
        throw new UnsupportedOperationException("Do not instantiate utility class.");
    }

    public static String createAuthorizationHeader(String str) {
        return "Bearer " + str.trim();
    }

    public static JWToken extractJwtToken(String str) {
        return new JWToken(str.substring(BEARER_PREFIX.length(), str.length()).trim());
    }

    public static boolean validatePermissions(StandardTokenClaims standardTokenClaims, Set<Permission> set, Set<Permission> set2) {
        Set scope = standardTokenClaims.getScope();
        if (set.isEmpty()) {
            Iterator<Permission> it = set2.iterator();
            while (it.hasNext()) {
                if (!scope.contains(it.next().asStringValue())) {
                    return false;
                }
            }
            return true;
        }
        Iterator<Permission> it2 = set.iterator();
        while (it2.hasNext()) {
            if (!scope.contains(it2.next().asStringValue())) {
                return false;
            }
        }
        return true;
    }

    public static Optional<StandardTokenClaims> validateToken(PublicKey publicKey, JWToken jWToken) {
        return validateToken(str -> {
            return publicKey;
        }, jWToken);
    }

    public static Optional<StandardTokenClaims> validateToken(KeyProvider keyProvider, JWToken jWToken) {
        try {
            return Optional.of(getStandardTokenClaims(new ProviderSigningKeyResolver(keyProvider), jWToken));
        } catch (Exception e) {
            LOG.info("Exception: ", e);
            return Optional.empty();
        }
    }

    public static Optional<StandardTokenClaims> validateToken(OrganizationId organizationId, ProjectId projectId, JWKResponse jWKResponse, JWToken jWToken) {
        StandardTokenClaims standardTokenClaims;
        try {
            standardTokenClaims = getStandardTokenClaims(new JWKSigningKeyResolver(jWKResponse), jWToken);
        } catch (Exception e) {
            LOG.info("Exception: ", e);
        }
        if (organizationId.equals(standardTokenClaims.getOrganizationId()) && projectId.equals(standardTokenClaims.getProjectId())) {
            return Optional.of(standardTokenClaims);
        }
        LOG.warn("Invalid organization ID or project ID.");
        return Optional.empty();
    }

    public static boolean validateToken(OrganizationId organizationId, ProjectId projectId, JWKResponse jWKResponse, Set<Permission> set, Set<Permission> set2, JWToken jWToken) {
        Optional<StandardTokenClaims> validateToken = validateToken(organizationId, projectId, jWKResponse, jWToken);
        if (validateToken.isPresent()) {
            return validatePermissions(validateToken.get(), set, set2);
        }
        return false;
    }

    public static PublicKey createPublicKey(JWKData jWKData) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        return KeyFactory.getInstance(ALGORITHM, BC_PROVIDER).generatePublic(new RSAPublicKeySpec(new BigInteger(Base64.getDecoder().decode(jWKData.getModulusValue())), new BigInteger(Base64.getDecoder().decode(jWKData.getExponentValue()))));
    }

    private static StandardTokenClaims getStandardTokenClaims(SigningKeyResolver signingKeyResolver, JWToken jWToken) throws URISyntaxException {
        Jwt parse = Jwts.parserBuilder().setSigningKeyResolver(signingKeyResolver).build().parse(jWToken.getToken());
        String str = (String) parse.getHeader().get("kid");
        DefaultClaims defaultClaims = (DefaultClaims) parse.getBody();
        String issuer = defaultClaims.getIssuer();
        String subject = defaultClaims.getSubject();
        Set of = Set.of((Object[]) defaultClaims.getAudience().split(" "));
        Set of2 = Set.of((Object[]) ((String) defaultClaims.get(SCOPE)).split(" "));
        String[] split = issuer.split("/");
        return new StandardTokenClaims(str, issuer, subject, of, of2, OrganizationId.from(split[split.length - 2]), ProjectId.from(split[split.length - 1]), TokenType.getTokenType((String) defaultClaims.get("typ")));
    }
}
