package work.ready.core.security.cloud;

import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.interfaces.RSAPrivateKey;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;
import org.jose4j.lang.JoseException;
import work.ready.cloud.jdbc.olap.proto.Protocol;
import work.ready.core.log.Log;
import work.ready.core.log.LogFactory;
import work.ready.core.security.SecurityConfig;
import work.ready.core.server.Ready;

/* loaded from: input_file:work/ready/core/security/cloud/JwtIssuer.class */
public class JwtIssuer {
    private static final Log logger = LogFactory.getLog(JwtIssuer.class);
    private final SecurityConfig config;

    /* loaded from: input_file:work/ready/core/security/cloud/JwtIssuer$LazyHolder.class */
    private static class LazyHolder {
        static final JwtIssuer instance = new JwtIssuer(Ready.getMainApplicationConfig().getSecurity());

        private LazyHolder() {
        }
    }

    public static JwtIssuer getInstance() {
        return LazyHolder.instance;
    }

    public JwtIssuer(SecurityConfig securityConfig) {
        this.config = securityConfig;
    }

    public String getJwt(JwtClaims jwtClaims) throws JoseException {
        if (this.config.getKey() == null || !this.config.getKey().validate() || this.config.getJwtPrivateKeyPassword() == null) {
            throw new RuntimeException("Private Key settings for JWT component is invalid in security section of application config");
        }
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) getPrivateKey(this.config.getKey().getFilename(), this.config.getJwtPrivateKeyPassword(), this.config.getKey().getKeyName());
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(jwtClaims.toJson());
        jsonWebSignature.setKey(rSAPrivateKey);
        String str = "";
        if (this.config.getProviderId() != null) {
            str = this.config.getProviderId();
            if (str.length() == 1) {
                str = "0" + str;
            } else if (str.length() > 2) {
                logger.error("provider_id defined in the security.yml file is invalid; the length should be 2", new Object[0]);
                str = str.substring(0, 2);
            }
        }
        jsonWebSignature.setKeyIdHeaderValue(str + this.config.getKey().getKid());
        jsonWebSignature.setAlgorithmHeaderValue("RS256");
        return jsonWebSignature.getCompactSerialization();
    }

    public JwtClaims getDefaultJwtClaims() {
        return getJwtClaimsWithExpiresIn(null);
    }

    public JwtClaims getJwtClaimsWithExpiresIn(Integer num) {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setIssuer(this.config.getIssuer());
        jwtClaims.setAudience(this.config.getAudience());
        jwtClaims.setExpirationTime(NumericDate.fromMilliseconds(Ready.currentTimeMillis() + ((num == null ? this.config.getExpiredInMinutes() : num.intValue() / 60) * 60 * 1000)));
        jwtClaims.setGeneratedJwtId();
        jwtClaims.setIssuedAt(NumericDate.fromMilliseconds(Ready.currentTimeMillis()));
        jwtClaims.setNotBeforeMinutesInThePast(2.0f);
        jwtClaims.setClaim(Protocol.VERSION_NAME, this.config.getVersion());
        return jwtClaims;
    }

    private PrivateKey getPrivateKey(String str, String str2, String str3) {
        if (logger.isDebugEnabled()) {
            logger.debug("filename = " + str + " key = " + str3, new Object[0]);
        }
        PrivateKey privateKey = null;
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(Ready.config().getInputStreamFromFile(str), str2.toCharArray());
            privateKey = (PrivateKey) keyStore.getKey(str3, str2.toCharArray());
        } catch (Exception e) {
            logger.error(e, "Exception: ", new Object[0]);
        }
        if (privateKey == null) {
            logger.error("Failed to retrieve private key from keystore", new Object[0]);
        }
        return privateKey;
    }
}
