package org.sdase.commons.server.auth.service;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.apache.commons.lang3.Validate;
import org.sdase.commons.server.auth.error.JwtAuthException;
import org.sdase.commons.server.auth.key.RsaPublicKeyLoader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  
 */
/* loaded from: input_file:org/sdase/commons/server/auth/service/AuthRSA256Service.class */
public class AuthRSA256Service implements AuthService {
    private static Logger log = LoggerFactory.getLogger(AuthRSA256Service.class);
    private RsaPublicKeyLoader rsaPublicKeyLoader;
    private long leeway;

    public AuthRSA256Service(RsaPublicKeyLoader rsaPublicKeyLoader, long j) {
        Validate.notNull(rsaPublicKeyLoader);
        Validate.inclusiveBetween(0L, Long.MAX_VALUE, j);
        this.rsaPublicKeyLoader = rsaPublicKeyLoader;
        this.leeway = j;
    }

    @Override // org.sdase.commons.server.auth.service.AuthService
    public Map<String, Claim> auth(String str) {
        try {
            String keyId = JWT.decode(str).getKeyId();
            if (keyId == null) {
                List<RSAPublicKey> keysWithoutId = this.rsaPublicKeyLoader.getKeysWithoutId();
                if (keysWithoutId.size() > 1) {
                    log.warn("Verifying token without kid trying {} public keys", Integer.valueOf(keysWithoutId.size()));
                }
                Collections.reverse(keysWithoutId);
                return ((DecodedJWT) keysWithoutId.stream().map(rSAPublicKey -> {
                    return verifyJwtSignature(str, rSAPublicKey);
                }).filter((v0) -> {
                    return v0.isPresent();
                }).map((v0) -> {
                    return v0.get();
                }).findFirst().orElseThrow(() -> {
                    return new JwtAuthException("Could not verify JWT without kid.");
                })).getClaims();
            }
            RSAPublicKey key = this.rsaPublicKeyLoader.getKey(keyId);
            if (key != null) {
                return verifyJwtSignature(str, key).orElseThrow(() -> {
                    return new JwtAuthException("Verifying token failed");
                }).getClaims();
            }
            log.error("No key found for verification, matching the requested kid {}", keyId);
            throw new JwtAuthException("Could not verify JWT with the requested kid.");
        } catch (JWTVerificationException e) {
            throw new JwtAuthException((Throwable) e);
        }
    }

    private Optional<DecodedJWT> verifyJwtSignature(String str, RSAPublicKey rSAPublicKey) {
        try {
            return Optional.of(JWT.require(Algorithm.RSA256(rSAPublicKey, (RSAPrivateKey) null)).acceptLeeway(this.leeway).build().verify(str));
        } catch (TokenExpiredException e) {
            log.warn("Verifying token failed.", e);
            return Optional.empty();
        } catch (JWTVerificationException e2) {
            log.error("Verifying token failed.", e2);
            return Optional.empty();
        }
    }
}
