package com.google.fleetengine.auth.token.factory.signer;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.google.common.collect.ImmutableMap;
import com.google.fleetengine.auth.token.FleetEngineToken;
import com.google.fleetengine.auth.token.factory.signer.util.CommonConstants;
import com.google.fleetengine.auth.token.factory.signer.util.RSAPrivateKeyUtils;
import com.google.gson.Gson;
import com.google.gson.JsonObject;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.logging.Logger;

/* loaded from: input_file:com/google/fleetengine/auth/token/factory/signer/LocalSigner.class */
public final class LocalSigner implements Signer {
    private static final Logger logger = Logger.getLogger(LocalSigner.class.getName());
    private static final String JWT_CLAIM_HEADER_KID_PROPERTY = "kid";
    private static final String CLIENT_EMAIL_PROPERTY = "client_email";
    private static final String PRIVATE_KEY_ID_PROPERTY = "private_key_id";
    private static final String PRIVATE_KEY_PROPERTY = "private_key";
    private final String clientEmail;
    private final String privateKeyId;
    private final String privateKey;

    public static LocalSigner create(String str, String str2, String str3) {
        return new LocalSigner(str, str2, str3);
    }

    public static LocalSigner create(InputStream inputStream) {
        JsonObject readGCPKeyFile = readGCPKeyFile(inputStream);
        return new LocalSigner(readGCPKeyFile.get(CLIENT_EMAIL_PROPERTY).getAsString(), readGCPKeyFile.get(PRIVATE_KEY_ID_PROPERTY).getAsString(), readGCPKeyFile.get(PRIVATE_KEY_PROPERTY).getAsString());
    }

    private LocalSigner(String str, String str2, String str3) {
        this.clientEmail = str;
        this.privateKeyId = str2;
        this.privateKey = str3;
    }

    @Override // com.google.fleetengine.auth.token.factory.signer.Signer
    public FleetEngineToken sign(FleetEngineToken fleetEngineToken) throws SigningTokenException {
        try {
            return fleetEngineToken.toBuilder().setJwt(JWT.create().withHeader(getHeader(this.privateKeyId)).withExpiresAt(fleetEngineToken.expirationTimestamp()).withIssuer(this.clientEmail).withSubject(this.clientEmail).withAudience(new String[]{fleetEngineToken.audience()}).withIssuedAt(fleetEngineToken.creationTimestamp()).withClaim(CommonConstants.JWT_CLAIM_AUTHORIZATION_PROPERTY, fleetEngineToken.authorizationClaims().toMap()).sign(getAlgorithm(this.privateKey))).build();
        } catch (InvalidKeySpecException e) {
            throw new SigningTokenException("Error while signing JWT.", e);
        }
    }

    private static JsonObject readGCPKeyFile(InputStream inputStream) {
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
            try {
                InputStreamReader inputStreamReader = new InputStreamReader(bufferedInputStream, StandardCharsets.UTF_8);
                try {
                    JsonObject jsonObject = (JsonObject) new Gson().fromJson(inputStreamReader, JsonObject.class);
                    inputStreamReader.close();
                    bufferedInputStream.close();
                    return jsonObject;
                } catch (Throwable th) {
                    try {
                        inputStreamReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            logger.warning("Error reading service account key. Please verify your file.");
            throw new IllegalStateException(e);
        }
    }

    private static ImmutableMap<String, Object> getHeader(String str) {
        return ImmutableMap.of(JWT_CLAIM_HEADER_KID_PROPERTY, str);
    }

    private static Algorithm getAlgorithm(String str) throws InvalidKeySpecException {
        return Algorithm.RSA256((RSAPublicKey) null, RSAPrivateKeyUtils.getPrivateKey(str));
    }
}
