package be.atbash.runtime.security.jwt;

import be.atbash.config.exception.ConfigurationException;
import be.atbash.ee.security.octopus.nimbus.jwt.jws.JWSAlgorithm;
import be.atbash.ee.security.octopus.util.PeriodUtil;
import be.atbash.runtime.core.data.util.SystemPropertyUtil;
import be.atbash.runtime.security.jwt.principal.JWTAuthContextInfo;
import be.atbash.util.resource.ResourceUtil;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.jwt.Claims;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ApplicationScoped
/* loaded from: input_file:be/atbash/runtime/security/jwt/JWTAuthContextInfoProvider.class */
public class JWTAuthContextInfoProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(JWTAuthContextInfoProvider.class);
    private static final String DEFAULT_COOKIE_NAME = "Bearer";
    private static final String NONE = "NONE";
    private JWTAuthContextInfo authContextInfo;

    @Inject
    @ConfigProperty(name = "mp.jwt.verify.publickey", defaultValue = NONE)
    private String mpJwtPublicKey;

    @Inject
    @ConfigProperty(name = "mp.jwt.verify.publickey.algorithm")
    private Optional<List<JWSAlgorithm>> mpJwtPublicKeyAlgorithms;

    @Inject
    @ConfigProperty(name = "mp.jwt.verify.issuer", defaultValue = NONE)
    private List<String> mpJwtIssuer;

    @Inject
    @ConfigProperty(name = "mp.jwt.verify.publickey.location", defaultValue = NONE)
    private List<String> mpJwtLocation;

    @Inject
    @ConfigProperty(name = "mp.jwt.decrypt.key.location", defaultValue = NONE)
    private List<String> mpJwtDecryptKeyLocation;

    @Inject
    @ConfigProperty(name = "mp.jwt.token.header")
    private Optional<String> mpJwtTokenHeader;

    @Inject
    @ConfigProperty(name = "mp.jwt.token.cookie")
    private Optional<String> mpJwtTokenCookie;

    @Inject
    @ConfigProperty(name = "mp.jwt.verify.audiences")
    Optional<Set<String>> mpJwtVerifyAudiences;

    @Inject
    @ConfigProperty(name = "mp.jwt.verify.clock.skew", defaultValue = "60")
    private int mpExpGracePeriodSecs;

    @Inject
    @ConfigProperty(name = "atbash.jwt.claims.groups")
    private Optional<String> defaultGroupsClaim;

    @Inject
    @ConfigProperty(name = "atbash.jwt.keys.refresh-interval", defaultValue = "24h")
    private String keysRefreshInterval;

    @Inject
    @ConfigProperty(name = "atbash.jwt.keys.forced-refresh-interval", defaultValue = "30m")
    private String forcedKeysRefreshInterval;

    @Inject
    @ConfigProperty(name = "atbash.jwt.required.claims")
    Optional<Set<String>> requiredClaims;

    private JWTAuthContextInfo getOptionalContextInfo() {
        JWTAuthContextInfo jWTAuthContextInfo = new JWTAuthContextInfo();
        this.mpJwtIssuer.remove(NONE);
        jWTAuthContextInfo.setIssuedBy(this.mpJwtIssuer);
        if (NONE.equals(this.mpJwtPublicKey)) {
            jWTAuthContextInfo.setPublicKeyLocation(defineLocations(this.mpJwtLocation));
        } else {
            jWTAuthContextInfo.setPublicKeyContent(this.mpJwtPublicKey);
            jWTAuthContextInfo.setPublicKeyLocation(Collections.emptyList());
        }
        jWTAuthContextInfo.setDecryptionKeyLocation(defineLocations(this.mpJwtDecryptKeyLocation));
        if (SystemPropertyUtil.getInstance().isTck("jwt")) {
            jWTAuthContextInfo.setTokenHeader(this.mpJwtTokenHeader.orElse("Authorization"));
        } else {
            Optional<String> optional = this.mpJwtTokenHeader;
            Objects.requireNonNull(jWTAuthContextInfo);
            optional.ifPresent(jWTAuthContextInfo::setTokenHeader);
        }
        jWTAuthContextInfo.setTokenCookie(this.mpJwtTokenCookie.orElse(DEFAULT_COOKIE_NAME));
        jWTAuthContextInfo.setSignatureAlgorithms(this.mpJwtPublicKeyAlgorithms.orElseGet(Collections::emptyList));
        if (this.mpJwtVerifyAudiences.isPresent()) {
            jWTAuthContextInfo.setExpectedAudience(this.mpJwtVerifyAudiences.get());
        } else {
            jWTAuthContextInfo.setExpectedAudience(Collections.emptySet());
        }
        jWTAuthContextInfo.setExpGracePeriodSecs(this.mpExpGracePeriodSecs);
        jWTAuthContextInfo.setGroupsClaimName(this.defaultGroupsClaim.orElse(Claims.groups.name()));
        jWTAuthContextInfo.setKeysRefreshInterval(defineInterval(this.keysRefreshInterval, "24h"));
        jWTAuthContextInfo.setForcedKeysRefreshInterval(defineInterval(this.forcedKeysRefreshInterval, "30m"));
        jWTAuthContextInfo.setRequiredClaims(this.requiredClaims.orElse(Collections.emptySet()));
        return jWTAuthContextInfo;
    }

    private int defineInterval(String str, String str2) {
        int defineSecondsInPeriod;
        try {
            defineSecondsInPeriod = PeriodUtil.defineSecondsInPeriod(str);
        } catch (ConfigurationException e) {
            defineSecondsInPeriod = PeriodUtil.defineSecondsInPeriod(str2);
        }
        return defineSecondsInPeriod;
    }

    private List<String> defineLocations(List<String> list) {
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            if (!NONE.equals(str)) {
                String trim = str.trim();
                if (trim.startsWith("http")) {
                    arrayList.add(trim);
                } else if (ResourceUtil.getInstance().resourceExists(trim)) {
                    arrayList.add(trim);
                } else {
                    String classPathResource = getClassPathResource(trim);
                    if (ResourceUtil.getInstance().resourceExists(classPathResource)) {
                        arrayList.add(classPathResource);
                    } else {
                        LOGGER.atInfo().addArgument(trim).log("JWT-010");
                    }
                }
            }
        }
        return arrayList;
    }

    private String getClassPathResource(String str) {
        if (str.startsWith("/")) {
            str = str.substring(1);
        }
        return "classpath:" + str;
    }

    public JWTAuthContextInfo getContextInfo() {
        if (this.authContextInfo == null) {
            this.authContextInfo = getOptionalContextInfo();
        }
        return this.authContextInfo;
    }
}
