package org.finos.tracdap.common.auth.internal;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import java.security.KeyPair;
import java.util.Map;
import org.finos.tracdap.common.exception.EStartup;
import org.finos.tracdap.config.AuthenticationConfig;
import org.finos.tracdap.config.PlatformInfo;

/* loaded from: input_file:org/finos/tracdap/common/auth/internal/JwtProcessor.class */
public class JwtProcessor extends JwtValidator {
    public static JwtProcessor configure(AuthenticationConfig authenticationConfig, PlatformInfo platformInfo, KeyPair keyPair) {
        if (authenticationConfig.getDisableSigning()) {
            if (platformInfo.getProduction()) {
                throw new EStartup(String.format("Token signing must be enabled in production environment [%s]", platformInfo.getEnvironment()));
            }
            return new JwtProcessor(authenticationConfig, Algorithm.none());
        }
        if (keyPair == null) {
            throw new EStartup("Root authentication key is not available (do you need to run auth-tool)?");
        }
        return new JwtProcessor(authenticationConfig, chooseAlgorithm(keyPair));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JwtProcessor(AuthenticationConfig authenticationConfig, Algorithm algorithm) {
        super(authenticationConfig, algorithm);
    }

    public String encodeToken(SessionInfo sessionInfo) {
        return JWT.create().withHeader(Map.of("typ", "jwt", "alg", this.algorithm)).withSubject(sessionInfo.getUserInfo().getUserId()).withIssuer(this.issuer).withIssuedAt(sessionInfo.getIssueTime()).withExpiresAt(sessionInfo.getExpiryTime()).withClaim("limit", sessionInfo.getExpiryLimit()).withClaim("name", sessionInfo.getUserInfo().getDisplayName()).sign(this.algorithm).trim();
    }
}
