package org.febit.common.jwt;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import jakarta.annotation.Nullable;
import java.lang.invoke.SerializedLambda;
import java.text.ParseException;
import java.time.Instant;
import java.util.Date;
import java.util.Map;
import java.util.function.Consumer;
import org.febit.common.jwt.JwtKey;
import org.febit.lang.Lazy;
import org.febit.lang.protocol.IResponse;
import org.febit.lang.util.Maps;

/* loaded from: input_file:org/febit/common/jwt/JwtCodec.class */
public class JwtCodec {
    static final int STATUS_UNAUTHORIZED = 401;
    static final String CODE_INVALID_TOKEN = "INVALID_TOKEN";
    static final String CODE_TOKEN_EXPIRED = "TOKEN_EXPIRED";
    static final String MSG_INVALID_FORMAT = "invalid JWT format";
    static final String MSG_INVALID_FORMAT_PAYLOAD = "invalid JWT format, failed to parse payload";
    static final String MSG_TOKEN_EXPIRED = "token expired";
    static final String MSG_TOKEN_NOT_EFFECTIVE = "token not effective yet";
    static final String MSG_NO_VERIFIER_KEY = "cannot found verifier key for token";
    static final String MSG_NO_SINGER_KEY = "no signer key found";
    static final String MSG_VERIFY_FAILED = "failed pass signing verifier";
    protected final JwtCodecProps props;
    protected final Lazy<Map<String, JwtKey.Resolved>> keys = Lazy.of(this::mappingKeys);
    protected final Lazy<JwtKey.Resolved> signerKey = Lazy.of(this::resolveSingerKey);

    public JwtCodec(JwtCodecProps jwtCodecProps) {
        this.props = jwtCodecProps;
    }

    private Map<String, JwtKey.Resolved> mappingKeys() {
        return Maps.mapping(this.props.keys(), (v0) -> {
            return v0.id();
        }, (v0) -> {
            return v0.resolve();
        });
    }

    private JwtKey.Resolved resolveSingerKey() {
        JwtKey.Resolved resolved = (JwtKey.Resolved) ((Map) this.keys.get()).get(this.props.signerKeyId());
        if (resolved == null) {
            throw new IllegalStateException("no signer key found, for id: " + this.props.signerKeyId());
        }
        return resolved;
    }

    protected <T> IResponse<T> onInvalidToken(String str) {
        return IResponse.failed(STATUS_UNAUTHORIZED, CODE_INVALID_TOKEN, str);
    }

    protected <T> IResponse<T> onTokenExpired() {
        return IResponse.failed(STATUS_UNAUTHORIZED, CODE_TOKEN_EXPIRED, MSG_TOKEN_EXPIRED);
    }

    protected Instant now() {
        return Instant.now();
    }

    @Nullable
    protected JwtKey.Resolved resolveKey(SignedJWT signedJWT) {
        String keyID = signedJWT.getHeader().getKeyID();
        if (keyID == null) {
            return null;
        }
        return (JwtKey.Resolved) ((Map) this.keys.get()).get(keyID);
    }

    public IResponse<JWTClaimsSet> decode(String str) {
        try {
            SignedJWT parse = SignedJWT.parse(str);
            JwtKey.Resolved resolveKey = resolveKey(parse);
            if (resolveKey == null || resolveKey.verifierKey().isEmpty()) {
                return onInvalidToken(MSG_NO_VERIFIER_KEY);
            }
            try {
                try {
                    if (!parse.verify(resolveKey.verifier(parse.getHeader()))) {
                        return onInvalidToken(MSG_VERIFY_FAILED);
                    }
                    try {
                        JWTClaimsSet jWTClaimsSet = parse.getJWTClaimsSet();
                        Instant now = now();
                        Date expirationTime = jWTClaimsSet.getExpirationTime();
                        if (expirationTime != null && expirationTime.toInstant().compareTo(now) <= 0) {
                            return onTokenExpired();
                        }
                        Date notBeforeTime = jWTClaimsSet.getNotBeforeTime();
                        return (notBeforeTime == null || !notBeforeTime.toInstant().isAfter(now)) ? IResponse.success(jWTClaimsSet) : onInvalidToken(MSG_TOKEN_NOT_EFFECTIVE);
                    } catch (ParseException e) {
                        return onInvalidToken("invalid JWT format, failed to parse payload: " + e.getMessage());
                    }
                } catch (JOSEException e2) {
                    return onInvalidToken("failed pass signing verifier: " + e2.getMessage());
                }
            } catch (JOSEException e3) {
                return onInvalidToken("cannot resolve signing verifier: " + e3.getMessage());
            }
        } catch (ParseException e4) {
            return onInvalidToken("invalid JWT format: " + e4.getMessage());
        }
    }

    public String encode(JWTClaimsSet jWTClaimsSet) throws JOSEException {
        return encode(jWTClaimsSet, builder -> {
        });
    }

    public String encode(JWTClaimsSet jWTClaimsSet, Consumer<JWSHeader.Builder> consumer) throws JOSEException {
        JwtKey.Resolved resolved = (JwtKey.Resolved) this.signerKey.get();
        JWSSigner orElseThrow = resolved.signer().orElseThrow(() -> {
            return new JOSEException("no signer key found, id: " + resolved.id());
        });
        JWSHeader.Builder builder = new JWSHeader.Builder(resolved.algorithm().getJws());
        consumer.accept(builder);
        builder.keyID(resolved.id());
        SignedJWT signedJWT = new SignedJWT(builder.build(), jWTClaimsSet);
        signedJWT.sign(orElseThrow);
        return signedJWT.serialize();
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1181047838:
                if (implMethodName.equals("mappingKeys")) {
                    z = false;
                    break;
                }
                break;
            case 659368119:
                if (implMethodName.equals("resolveSingerKey")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("org/febit/lang/func/SerializableSupplier") && serializedLambda.getFunctionalInterfaceMethodName().equals("get") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("org/febit/common/jwt/JwtCodec") && serializedLambda.getImplMethodSignature().equals("()Ljava/util/Map;")) {
                    JwtCodec jwtCodec = (JwtCodec) serializedLambda.getCapturedArg(0);
                    return jwtCodec::mappingKeys;
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("org/febit/lang/func/SerializableSupplier") && serializedLambda.getFunctionalInterfaceMethodName().equals("get") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("org/febit/common/jwt/JwtCodec") && serializedLambda.getImplMethodSignature().equals("()Lorg/febit/common/jwt/JwtKey$Resolved;")) {
                    JwtCodec jwtCodec2 = (JwtCodec) serializedLambda.getCapturedArg(0);
                    return jwtCodec2::resolveSingerKey;
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
