package io.graphence.core.utils;

import io.graphence.core.config.JWTConfig;
import io.graphence.core.config.SecurityConfig;
import io.graphence.core.dto.objectType.Role;
import io.graphence.core.dto.objectType.User;
import io.graphence.core.jwt.GraphenceJsonWebToken;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.security.Key;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Set;
import java.util.stream.Stream;
import org.eclipse.microprofile.jwt.Claims;

@ApplicationScoped
/* loaded from: input_file:io/graphence/core/utils/JWTUtil.class */
public class JWTUtil {
    private final JWTConfig jwtConfig;
    private final SecurityConfig securityConfig;
    private final Key key;

    @Inject
    public JWTUtil(JWTConfig jWTConfig, SecurityConfig securityConfig) {
        this.jwtConfig = jWTConfig;
        this.securityConfig = securityConfig;
        this.key = Keys.secretKeyFor(SignatureAlgorithm.forName(jWTConfig.getAlgorithm()));
    }

    public String build(User user, Set<String> set, Set<String> set2) {
        Date issuedAt = getIssuedAt();
        return Jwts.builder().setIssuer(this.jwtConfig.getIssuer()).setSubject(user.getId()).claim(Claims.full_name.name(), user.getName()).claim(Claims.family_name.name(), user.getLastName()).claim(Claims.upn.name(), user.getRealmId()).claim(Claims.groups.name(), getGroups(user)).claim("roles", set.toArray(i -> {
            return new String[i];
        })).claim("permission_types", set2.toArray(i2 -> {
            return new String[i2];
        })).claim("is_root", Boolean.valueOf(this.securityConfig.getRootUser() != null && user.getLogin().equals(this.securityConfig.getRootUser()))).setIssuedAt(issuedAt).setExpiration(getExpiration(issuedAt)).signWith(this.key).compact();
    }

    protected Date getIssuedAt() {
        return new Date();
    }

    protected Date getExpiration(Date date) {
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(13, this.jwtConfig.getValidityPeriod().intValue());
        return calendar.getTime();
    }

    protected String[] getGroups(User user) {
        return (String[]) Stream.ofNullable(user.getGroups()).flatMap((v0) -> {
            return v0.stream();
        }).map((v0) -> {
            return v0.getId();
        }).toArray(i -> {
            return new String[i];
        });
    }

    public Stream<Role> getRoles(User user) {
        return Stream.concat(getRoles(user.getRoles()), Stream.ofNullable(user.getGroups()).flatMap((v0) -> {
            return v0.stream();
        }).flatMap(group -> {
            return getRoles(group.getRoles());
        }));
    }

    public Stream<Role> getRoles(Collection<Role> collection) {
        return Stream.ofNullable(collection).flatMap((v0) -> {
            return v0.stream();
        }).flatMap(role -> {
            return Stream.concat(Stream.of(role), getRoles(role.getComposites()));
        });
    }

    public GraphenceJsonWebToken parser(String str) throws JwtException {
        return new GraphenceJsonWebToken(Jwts.parserBuilder().setSigningKey(this.key).build().parseClaimsJws(str));
    }
}
