package group.phorus.auth.commons.services.impl;

import group.phorus.auth.commons.config.JwtEncryptionConfiguration;
import group.phorus.auth.commons.config.SecurityConfiguration;
import group.phorus.auth.commons.dtos.AccessToken;
import group.phorus.auth.commons.services.TokenFactory;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.AeadAlgorithm;
import io.jsonwebtoken.security.KeyAlgorithm;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.X509EncodedKeySpec;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.util.Base64;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.coroutines.Continuation;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.stereotype.Service;

/* compiled from: TokenFactoryImpl.kt */
@AutoConfiguration
@Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��8\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010 \n\u0002\u0010\u000e\n��\n\u0002\u0010$\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0002\b\u0002\b\u0017\u0018��2\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J8\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\b2\f\u0010\t\u001a\b\u0012\u0004\u0012\u00020\u000b0\n2\u0012\u0010\f\u001a\u000e\u0012\u0004\u0012\u00020\u000b\u0012\u0004\u0012\u00020\u000b0\rH\u0096@¢\u0006\u0002\u0010\u000eJ2\u0010\u000f\u001a\u00020\u000b2\u0006\u0010\u0007\u001a\u00020\b2\u0006\u0010\u0010\u001a\u00020\u00112\u0012\u0010\f\u001a\u000e\u0012\u0004\u0012\u00020\u000b\u0012\u0004\u0012\u00020\u000b0\rH\u0096@¢\u0006\u0002\u0010\u0012R\u000e\u0010\u0002\u001a\u00020\u0003X\u0092\u0004¢\u0006\u0002\n��¨\u0006\u0013"}, d2 = {"Lgroup/phorus/auth/commons/services/impl/TokenFactoryImpl;", "Lgroup/phorus/auth/commons/services/TokenFactory;", "securityConfiguration", "Lgroup/phorus/auth/commons/config/SecurityConfiguration;", "(Lgroup/phorus/auth/commons/config/SecurityConfiguration;)V", "createAccessToken", "Lgroup/phorus/auth/commons/dtos/AccessToken;", "userId", "Ljava/util/UUID;", "privileges", "", "", "properties", "", "(Ljava/util/UUID;Ljava/util/List;Ljava/util/Map;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "createRefreshToken", "expires", "", "(Ljava/util/UUID;ZLjava/util/Map;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "auth-commons"})
@Service
@SourceDebugExtension({"SMAP\nTokenFactoryImpl.kt\nKotlin\n*S Kotlin\n*F\n+ 1 TokenFactoryImpl.kt\ngroup/phorus/auth/commons/services/impl/TokenFactoryImpl\n+ 2 _Maps.kt\nkotlin/collections/MapsKt___MapsKt\n+ 3 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,110:1\n215#2,2:111\n215#2,2:114\n1#3:113\n*S KotlinDebug\n*F\n+ 1 TokenFactoryImpl.kt\ngroup/phorus/auth/commons/services/impl/TokenFactoryImpl\n*L\n61#1:111,2\n102#1:114,2\n*E\n"})
/* loaded from: input_file:group/phorus/auth/commons/services/impl/TokenFactoryImpl.class */
public class TokenFactoryImpl implements TokenFactory {

    @NotNull
    private final SecurityConfiguration securityConfiguration;

    public TokenFactoryImpl(@NotNull SecurityConfiguration securityConfiguration) {
        Intrinsics.checkNotNullParameter(securityConfiguration, "securityConfiguration");
        this.securityConfiguration = securityConfiguration;
        if (this.securityConfiguration.getJwt().getEncryption().getEncodedPublicKey() == null) {
            throw new Exception("group.phorus.security.jwt.encryption.encodedPublicKey - Encoded public key not set");
        }
        Set<String> algorithms = Security.getAlgorithms("KeyFactory");
        JwtEncryptionConfiguration encryption = this.securityConfiguration.getJwt().getEncryption();
        if (!algorithms.contains(encryption != null ? encryption.getAlgorithm() : null)) {
            throw new Exception("group.phorus.security.jwt.encryption.algorithm - Algorithm not found in the algorithms list, available: " + Security.getAlgorithms("KeyFactory"));
        }
        Map map = Jwts.KEY.get();
        Intrinsics.checkNotNullExpressionValue(map, "get(...)");
        if (!map.containsKey(this.securityConfiguration.getJwt().getEncryption().getKeyAlgorithm())) {
            throw new Exception("group.phorus.security.jwt.encryption.keyAlgorithm - Key algorithm not found in the Jwts key algorithms list, available: " + Jwts.KEY.get().keySet());
        }
        Map map2 = Jwts.ENC.get();
        Intrinsics.checkNotNullExpressionValue(map2, "get(...)");
        if (!map2.containsKey(this.securityConfiguration.getJwt().getEncryption().getAeadAlgorithm())) {
            throw new Exception("group.phorus.security.jwt.encryption.aeadAlgorithm - AEAD algorithm not found in the Jwts AEAD algorithms list, available: " + Jwts.ENC.get().keySet());
        }
    }

    @Override // group.phorus.auth.commons.services.TokenFactory
    @Nullable
    public Object createAccessToken(@NotNull UUID uuid, @NotNull List<String> list, @NotNull Map<String, String> map, @NotNull Continuation<? super AccessToken> continuation) {
        return createAccessToken$suspendImpl(this, uuid, list, map, continuation);
    }

    static /* synthetic */ Object createAccessToken$suspendImpl(TokenFactoryImpl tokenFactoryImpl, UUID uuid, List<String> list, Map<String, String> map, Continuation<? super AccessToken> continuation) {
        Instant instant = LocalDateTime.now().toInstant(ZoneOffset.UTC);
        PublicKey generatePublic = KeyFactory.getInstance(tokenFactoryImpl.securityConfiguration.getJwt().getEncryption().getAlgorithm()).generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(tokenFactoryImpl.securityConfiguration.getJwt().getEncryption().getEncodedPublicKey())));
        JwtBuilder.BuilderClaims claims = ((JwtBuilder) Jwts.builder().header().add("type", "ACCESS_TOKEN").and()).claims();
        String str = "ACCESS_TOKEN-" + uuid + "-" + instant.toEpochMilli();
        Charset charset = StandardCharsets.UTF_8;
        Intrinsics.checkNotNullExpressionValue(charset, "UTF_8");
        byte[] bytes = str.getBytes(charset);
        Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
        JwtBuilder.BuilderClaims add = claims.id(UUID.nameUUIDFromBytes(bytes).toString()).subject(uuid.toString()).issuer(tokenFactoryImpl.securityConfiguration.getJwt().getIssuer()).issuedAt(Date.from(instant)).expiration(Date.from(instant.plusSeconds(tokenFactoryImpl.securityConfiguration.getJwt().getExpiration().getTokenMinutes() * 60))).add("scope", CollectionsKt.joinToString$default(list, " ", (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 62, (Object) null));
        JwtBuilder.BuilderClaims builderClaims = add;
        for (Map.Entry<String, String> entry : map.entrySet()) {
            builderClaims.add(entry.getKey(), entry.getValue());
        }
        Object forKey = Jwts.KEY.get().forKey(tokenFactoryImpl.securityConfiguration.getJwt().getEncryption().getKeyAlgorithm());
        Intrinsics.checkNotNull(forKey, "null cannot be cast to non-null type io.jsonwebtoken.security.KeyAlgorithm<java.security.PublicKey, java.security.PrivateKey>");
        String compact = ((JwtBuilder) add.and()).encryptWith(generatePublic, (KeyAlgorithm) forKey, (AeadAlgorithm) Jwts.ENC.get().forKey(tokenFactoryImpl.securityConfiguration.getJwt().getEncryption().getAeadAlgorithm())).compact();
        Intrinsics.checkNotNull(compact);
        return new AccessToken(compact, list);
    }

    @Override // group.phorus.auth.commons.services.TokenFactory
    @Nullable
    public Object createRefreshToken(@NotNull UUID uuid, boolean z, @NotNull Map<String, String> map, @NotNull Continuation<? super String> continuation) {
        return createRefreshToken$suspendImpl(this, uuid, z, map, continuation);
    }

    static /* synthetic */ Object createRefreshToken$suspendImpl(TokenFactoryImpl tokenFactoryImpl, UUID uuid, boolean z, Map<String, String> map, Continuation<? super String> continuation) {
        Instant instant = LocalDateTime.now().toInstant(ZoneOffset.UTC);
        PublicKey generatePublic = KeyFactory.getInstance(tokenFactoryImpl.securityConfiguration.getJwt().getEncryption().getAlgorithm()).generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(tokenFactoryImpl.securityConfiguration.getJwt().getEncryption().getEncodedPublicKey())));
        JwtBuilder.BuilderClaims claims = ((JwtBuilder) Jwts.builder().header().add("type", "REFRESH_TOKEN").and()).claims();
        String str = "REFRESH_TOKEN-" + uuid + "-" + instant.toEpochMilli();
        Charset charset = StandardCharsets.UTF_8;
        Intrinsics.checkNotNullExpressionValue(charset, "UTF_8");
        byte[] bytes = str.getBytes(charset);
        Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
        JwtBuilder.BuilderClaims issuedAt = claims.id(UUID.nameUUIDFromBytes(bytes).toString()).subject(uuid.toString()).issuer(tokenFactoryImpl.securityConfiguration.getJwt().getIssuer()).issuedAt(Date.from(instant));
        JwtBuilder.BuilderClaims builderClaims = issuedAt;
        if (z) {
            builderClaims.expiration(Date.from(instant.plusSeconds(tokenFactoryImpl.securityConfiguration.getJwt().getExpiration().getRefreshTokenMinutes() * 60)));
        }
        for (Map.Entry<String, String> entry : map.entrySet()) {
            builderClaims.add(entry.getKey(), entry.getValue());
        }
        String compact = ((JwtBuilder) issuedAt.and()).encryptWith(generatePublic, Jwts.KEY.ECDH_ES_A256KW, Jwts.ENC.A256CBC_HS512).compact();
        Intrinsics.checkNotNullExpressionValue(compact, "compact(...)");
        return compact;
    }
}
