package fi.evolver.basics.spring.auth.alb.verify;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URI;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.spec.EncodedKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import org.springframework.security.authentication.InternalAuthenticationServiceException;

/* loaded from: input_file:fi/evolver/basics/spring/auth/alb/verify/AlbClaimsTokenVerifier.class */
public class AlbClaimsTokenVerifier extends AbstractTokenVerifier {
    private final KeyFactory keyFactory = KeyFactory.getInstance("EC");
    private final URI publicKeyBaseUri;
    private final String expectedSignerArn;

    public AlbClaimsTokenVerifier(String str, String str2) throws NoSuchAlgorithmException {
        this.publicKeyBaseUri = URI.create(str);
        this.expectedSignerArn = str2;
    }

    @Override // fi.evolver.basics.spring.auth.alb.verify.AbstractTokenVerifier
    protected void checkTokenFields(DecodedJWT decodedJWT) {
        if (this.expectedSignerArn.equals(decodedJWT.getHeaderClaim("signer").asString())) {
            return;
        }
        badCredentials("Invalid signer for token");
    }

    @Override // fi.evolver.basics.spring.auth.alb.verify.AbstractTokenVerifier
    protected JWTVerifier loadVerifier(String str) {
        try {
            this.verifierCache.cleanup();
            return buildVerifier(decodeKey(fetchPublicKey(str)));
        } catch (IOException | InterruptedException e) {
            LOG.error("AWS public key fetching failed", e);
            return null;
        } catch (InvalidKeySpecException e2) {
            LOG.error("JWTVerifier initialization failed", e2);
            return null;
        }
    }

    private String fetchPublicKey(String str) throws IOException, InterruptedException {
        return (String) this.client.send(HttpRequest.newBuilder(this.publicKeyBaseUri.resolve(str)).GET().build(), HttpResponse.BodyHandlers.ofString()).body();
    }

    private EncodedKeySpec decodeKey(String str) {
        try {
            return new X509EncodedKeySpec(Base64.getDecoder().decode(str.replace("-----BEGIN PUBLIC KEY-----", "").replaceAll("\r?\n", "").replace("-----END PUBLIC KEY-----", "")));
        } catch (IllegalArgumentException e) {
            LOG.error("Key decode failed. Key:\n%s".formatted(str), e);
            throw new InternalAuthenticationServiceException("Cannot decode key", e);
        }
    }

    private JWTVerifier buildVerifier(EncodedKeySpec encodedKeySpec) throws InvalidKeySpecException {
        return JWT.require(Algorithm.ECDSA256((ECPublicKey) this.keyFactory.generatePublic(encodedKeySpec), emptyPrivateKey())).build();
    }

    private static ECPrivateKey emptyPrivateKey() {
        return new ECPrivateKey() { // from class: fi.evolver.basics.spring.auth.alb.verify.AlbClaimsTokenVerifier.1
            @Override // java.security.Key
            public String getAlgorithm() {
                throw new UnsupportedOperationException("Unimplemented method 'getAlgorithm'");
            }

            @Override // java.security.Key
            public byte[] getEncoded() {
                throw new UnsupportedOperationException("Unimplemented method 'getEncoded'");
            }

            @Override // java.security.Key
            public String getFormat() {
                throw new UnsupportedOperationException("Unimplemented method 'getFormat'");
            }

            @Override // java.security.interfaces.ECKey
            public ECParameterSpec getParams() {
                throw new UnsupportedOperationException("Unimplemented method 'getParams'");
            }

            @Override // java.security.interfaces.ECPrivateKey
            public BigInteger getS() {
                throw new UnsupportedOperationException("Unimplemented method 'getS'");
            }
        };
    }
}
