package io.soffa.foundation.commons.jwt;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import io.soffa.foundation.commons.DateUtil;
import io.soffa.foundation.commons.IOUtil;
import io.soffa.foundation.commons.Logger;
import io.soffa.foundation.exceptions.TechnicalException;
import java.io.InputStream;
import java.io.Serializable;
import java.util.Date;
import java.util.List;
import java.util.Map;
import org.json.JSONObject;

/* loaded from: input_file:io/soffa/foundation/commons/jwt/JwtUtil.class */
public final class JwtUtil {
    private static final Logger LOG = Logger.get(JwtUtil.class);

    private JwtUtil() {
    }

    public static String create(String str, String str2, String str3, Map<String, Object> map, int i) {
        Algorithm HMAC256 = Algorithm.HMAC256(str2);
        Date date = new Date();
        JWTCreator.Builder withIssuer = JWT.create().withIssuedAt(date).withSubject(str3).withExpiresAt(DateUtil.plusMinutes(date, i)).withIssuer(str);
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            populateClaims(withIssuer, entry.getKey(), entry.getValue());
        }
        return withIssuer.sign(HMAC256);
    }

    private static void populateClaims(JWTCreator.Builder builder, String str, Object obj) {
        if (obj instanceof Integer) {
            builder.withClaim(str, (Integer) obj);
            return;
        }
        if (obj instanceof Double) {
            builder.withClaim(str, (Double) obj);
            return;
        }
        if (obj instanceof Long) {
            builder.withClaim(str, (Long) obj);
            return;
        }
        if (obj instanceof Boolean) {
            builder.withClaim(str, (Boolean) obj);
            return;
        }
        if (obj instanceof Date) {
            builder.withClaim(str, (Date) obj);
            return;
        }
        if (obj instanceof String) {
            builder.withClaim(str, obj.toString());
        } else if (obj instanceof List) {
            builder.withClaim(str, (List) obj);
        } else {
            if (!(obj instanceof Map)) {
                throw new TechnicalException("Claim type is not supported: %s", new Object[]{obj.getClass()});
            }
            builder.withClaim(str, (Map) obj);
        }
    }

    public static String fromJwks(InputStream inputStream, String str, String str2, Map<String, Serializable> map) {
        String str3 = (String) IOUtil.toString(inputStream).orElseThrow(() -> {
            return new TechnicalException("INVALID_JWK_SOURCE", new Object[0]);
        });
        if (LOG.isTraceEnabled()) {
            LOG.trace("Using JWK: %s", new Object[]{str3});
        }
        JSONObject jSONObject = new JSONObject(str3);
        if (jSONObject.has("keys")) {
            jSONObject = jSONObject.getJSONArray("keys").getJSONObject(0);
        }
        RSAKey rSAKey = JWK.parse(new net.minidev.json.JSONObject(jSONObject.toMap())).toRSAKey();
        RSASSASigner rSASSASigner = new RSASSASigner(rSAKey);
        Date date = new Date();
        JWTClaimsSet.Builder expirationTime = new JWTClaimsSet.Builder().subject(str2).issuer(str).issueTime(date).expirationTime(DateUtil.plusHours(date, 1));
        if (map != null) {
            for (Map.Entry<String, Serializable> entry : map.entrySet()) {
                expirationTime.claim(entry.getKey(), entry.getValue());
            }
        }
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(rSAKey.getKeyID()).build(), expirationTime.build());
        signedJWT.sign(rSASSASigner);
        return signedJWT.serialize();
    }
}
