package com.e2eq.framework.util;

import io.smallrye.jwt.build.Jwt;
import io.smallrye.jwt.build.JwtClaimsBuilder;
import jakarta.validation.ValidationException;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Objects;
import java.util.Set;

/* loaded from: input_file:com/e2eq/framework/util/TokenUtils.class */
public class TokenUtils {
    public static final String REFRESH_SCOPE = "refreshToken";
    public static final String AUTH_SCOPE = "authToken";
    public static final String AUDIENCE = "b2bi-api-client";
    public static final int REFRESH_ADDITIONAL_DURATION_SECONDS = 10;
    static final /* synthetic */ boolean $assertionsDisabled;

    public static String generateUserToken(String str, Set<String> set, long j, String str2) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        Objects.requireNonNull(str, "UserId cannot be null");
        Objects.requireNonNull(str2, "Issuer cannot be null");
        if (j <= 10) {
            throw new ValidationException("Duration must be greater than10 seconds");
        }
        PrivateKey readPrivateKey = readPrivateKey("privateKey.pem");
        JwtClaimsBuilder claims = Jwt.claims();
        long currentTimeInSecs = currentTimeInSecs();
        claims.issuer(str2);
        claims.subject(str);
        claims.issuedAt(currentTimeInSecs);
        claims.audience(AUDIENCE);
        claims.expiresAt(j);
        claims.groups(set);
        claims.claim("username", str);
        claims.claim("scope", AUTH_SCOPE);
        return claims.jws().keyId("privateKey.pem").sign(readPrivateKey);
    }

    public static String generateRefreshToken(String str, long j, String str2) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        PrivateKey readPrivateKey = readPrivateKey("privateKey.pem");
        JwtClaimsBuilder claims = Jwt.claims();
        long currentTimeInSecs = currentTimeInSecs();
        claims.issuer(str2);
        claims.subject(str);
        claims.issuedAt(currentTimeInSecs);
        claims.audience("b2bi-api-client-refresh");
        claims.expiresAt(currentTimeInSecs + j + 10);
        claims.claim("username", str);
        claims.claim("scope", REFRESH_SCOPE);
        return claims.jws().keyId("privateKey.pem").sign(readPrivateKey);
    }

    public static PrivateKey readPrivateKey(String str) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str);
        try {
            if (resourceAsStream == null) {
                throw new IOException("Could not find Private Key with ResourceName:" + str);
            }
            byte[] bArr = new byte[4096];
            int read = resourceAsStream.read(bArr);
            if (read == 0) {
                throw new IOException("Could not find private key");
            }
            PrivateKey decodePrivateKey = decodePrivateKey(new String(bArr, 0, read, StandardCharsets.UTF_8));
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
            return decodePrivateKey;
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static PublicKey readPublicKey(String str) throws Exception {
        InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str);
        try {
            if (resourceAsStream == null) {
                throw new Exception("Could not find Public Key with ResourceName:" + str);
            }
            byte[] bArr = new byte[4096];
            if (!$assertionsDisabled && resourceAsStream == null) {
                throw new AssertionError();
            }
            PublicKey decodePublicKey = decodePublicKey(new String(bArr, 0, resourceAsStream.read(bArr)));
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
            return decodePublicKey;
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static PublicKey decodePublicKey(String str) throws Exception {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(removeBeginEnd(str))));
    }

    public static PrivateKey decodePrivateKey(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(toEncodedBytes(str)));
    }

    public static byte[] toEncodedBytes(String str) {
        return Base64.getDecoder().decode(removeBeginEnd(str));
    }

    public static String removeBeginEnd(String str) {
        return str.replaceAll("-----BEGIN (.*)-----", "").replaceAll("-----END (.*)----", "").replaceAll("\r\n", "").replaceAll("\n", "").trim();
    }

    public static long expiresAt(long j) {
        return currentTimeInSecs() + j + 10;
    }

    public static int currentTimeInSecs() {
        return (int) (System.currentTimeMillis() / 1000);
    }

    static {
        $assertionsDisabled = !TokenUtils.class.desiredAssertionStatus();
    }
}
