package org.starchartlabs.calamari.core.auth;

import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.io.IOException;
import java.io.StringReader;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Security;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.Date;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import java.util.function.Supplier;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMReader;
import org.starchartlabs.alloy.core.Strings;
import org.starchartlabs.alloy.core.Suppliers;
import org.starchartlabs.calamari.core.exception.KeyLoadingException;

/* loaded from: input_file:org/starchartlabs/calamari/core/auth/ApplicationKey.class */
public class ApplicationKey implements Supplier<String> {
    private static final int EXPIRATION_MINUTES = 9;
    private final String githubAppId;
    private final Supplier<String> privateKeySupplier;
    private final Supplier<String> headerSupplier = Suppliers.map(Suppliers.memoizeWithExpiration(this::generateNewPayload, 9, TimeUnit.MINUTES), ApplicationKey::toAuthorizationHeader);

    public ApplicationKey(String str, Supplier<String> supplier) {
        this.githubAppId = (String) Objects.requireNonNull(str);
        this.privateKeySupplier = (Supplier) Objects.requireNonNull(supplier);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.util.function.Supplier
    public String get() throws KeyLoadingException {
        return this.headerSupplier.get();
    }

    private String generateNewPayload() throws KeyLoadingException {
        try {
            PEMReader pEMReader = new PEMReader(new StringReader(this.privateKeySupplier.get()));
            Throwable th = null;
            try {
                try {
                    PrivateKey privateKey = ((KeyPair) Optional.ofNullable((KeyPair) pEMReader.readObject()).orElseThrow(() -> {
                        return new KeyLoadingException("Unable to parse valid private key data from provided content");
                    })).getPrivate();
                    ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
                    String compact = Jwts.builder().setId((String) null).setIssuedAt(toDate(now)).setExpiration(toDate(now.plusMinutes(Math.min(10, 10)))).setIssuer(this.githubAppId).signWith(SignatureAlgorithm.RS256, privateKey).compact();
                    if (pEMReader != null) {
                        if (0 != 0) {
                            try {
                                pEMReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            pEMReader.close();
                        }
                    }
                    return compact;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new KeyLoadingException("Error reading signing key", e);
        }
    }

    private static String toAuthorizationHeader(String str) {
        Objects.requireNonNull(str);
        return Strings.format("Bearer %s", new Object[]{str});
    }

    private static Date toDate(ZonedDateTime zonedDateTime) {
        Objects.requireNonNull(zonedDateTime);
        return new Date(zonedDateTime.toInstant().toEpochMilli());
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
