package yandex.cloud.sdk.auth.jwt;

import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import tech.ydb.shaded.io.jsonwebtoken.JwsHeader;
import tech.ydb.shaded.io.jsonwebtoken.JwtBuilder;
import tech.ydb.shaded.io.jsonwebtoken.Jwts;
import tech.ydb.shaded.io.jsonwebtoken.SignatureAlgorithm;

/* loaded from: input_file:yandex/cloud/sdk/auth/jwt/JwtCreator.class */
public class JwtCreator {
    private static final String DEFAUL_ENDPOINT = "https://iam.api.cloud.yandex.net/iam/v1/tokens";
    private static final Duration DEFAULT_TTL = Duration.ofHours(1);
    private final String endpoint;
    private final Duration ttl;

    public JwtCreator() {
        this.endpoint = DEFAUL_ENDPOINT;
        this.ttl = DEFAULT_TTL;
    }

    public JwtCreator(JwtConfig jwtConfig) {
        if (jwtConfig.getEndpoint() != null) {
            this.endpoint = jwtConfig.getEndpoint();
        } else {
            this.endpoint = DEFAUL_ENDPOINT;
        }
        if (jwtConfig.getTtl() != null) {
            this.ttl = jwtConfig.getTtl();
        } else {
            this.ttl = DEFAULT_TTL;
        }
    }

    public Jwt generateJwt(ServiceAccountKey serviceAccountKey) {
        return generateJwt(serviceAccountKey, this.ttl);
    }

    public Jwt generateJwt(ServiceAccountKey serviceAccountKey, Duration duration) {
        SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.PS256;
        Instant now = Instant.now();
        Instant plus = now.plus((TemporalAmount) duration);
        JwtBuilder signWith = Jwts.builder().setIssuer(serviceAccountKey.getServiceAccountId()).setIssuedAt(Date.from(now)).setExpiration(Date.from(plus)).setAudience(this.endpoint).signWith(serviceAccountKey.getPrivateKey(), signatureAlgorithm);
        signWith.setHeaderParam(JwsHeader.KEY_ID, serviceAccountKey.getKeyId());
        return new Jwt(signWith.compact(), plus);
    }
}
