package com.networknt.security;

import com.networknt.common.DecryptUtil;
import com.networknt.config.Config;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.Map;
import org.apache.kafka.clients.consumer.internals.ConsumerProtocol;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.lang.JoseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/security/JwtIssuer.class */
public class JwtIssuer {
    public static final String JWT_CONFIG = "jwt";
    public static final String SECRET_CONFIG = "secret";
    public static final String CONFIG_SECURITY = "security";
    public static final String JWT_PRIVATE_KEY_PASSWORD = "jwtPrivateKeyPassword";
    private static final String PROVIDER_ID = "providerId";
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) JwtIssuer.class);
    private static JwtConfig jwtConfig = (JwtConfig) Config.getInstance().getJsonObjectConfig("jwt", JwtConfig.class);
    private static Map<String, Object> secretConfig = DecryptUtil.decryptMap(Config.getInstance().getJsonMapConfig("secret"));
    private static Map<String, Object> secuirtyConfig = Config.getInstance().getJsonMapConfig("security");

    public static String getJwt(JwtClaims jwtClaims) throws JoseException {
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) getPrivateKey(jwtConfig.getKey().getFilename(), (String) secretConfig.get(JWT_PRIVATE_KEY_PASSWORD), jwtConfig.getKey().getKeyName());
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(jwtClaims.toJson());
        jsonWebSignature.setKey(rSAPrivateKey);
        String str = "";
        if (secuirtyConfig.get(PROVIDER_ID) != null) {
            str = secuirtyConfig.get(PROVIDER_ID).toString();
            if (str.length() == 1) {
                str = "0" + str;
            } else if (str.length() > 2) {
                logger.error("provider_id defined in the security.yml file is invalid; the length should be 2");
                str = str.substring(0, 2);
            }
        }
        jsonWebSignature.setKeyIdHeaderValue(str + jwtConfig.getKey().getKid());
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
        return jsonWebSignature.getCompactSerialization();
    }

    public static JwtClaims getDefaultJwtClaims() {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setIssuer(jwtConfig.getIssuer());
        jwtClaims.setAudience(jwtConfig.getAudience());
        jwtClaims.setExpirationTimeMinutesInTheFuture(jwtConfig.getExpiredInMinutes());
        jwtClaims.setGeneratedJwtId();
        jwtClaims.setIssuedAtToNow();
        jwtClaims.setNotBeforeMinutesInThePast(2.0f);
        jwtClaims.setClaim(ConsumerProtocol.VERSION_KEY_NAME, jwtConfig.getVersion());
        return jwtClaims;
    }

    public static JwtClaims getJwtClaimsWithExpiresIn(int i) {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setIssuer(jwtConfig.getIssuer());
        jwtClaims.setAudience(jwtConfig.getAudience());
        jwtClaims.setExpirationTimeMinutesInTheFuture(i / 60);
        jwtClaims.setGeneratedJwtId();
        jwtClaims.setIssuedAtToNow();
        jwtClaims.setNotBeforeMinutesInThePast(2.0f);
        jwtClaims.setClaim(ConsumerProtocol.VERSION_KEY_NAME, jwtConfig.getVersion());
        return jwtClaims;
    }

    private static PrivateKey getPrivateKey(String str, String str2, String str3) {
        if (logger.isDebugEnabled()) {
            logger.debug("filename = " + str + " key = " + str3);
        }
        PrivateKey privateKey = null;
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(Config.getInstance().getInputStreamFromFile(str), str2.toCharArray());
            privateKey = (PrivateKey) keyStore.getKey(str3, str2.toCharArray());
        } catch (Exception e) {
            logger.error("Exception:", (Throwable) e);
        }
        if (privateKey == null) {
            logger.error("Failed to retrieve private key from keystore");
        }
        return privateKey;
    }
}
