package io.mapsmessaging.security.jaas;

import com.auth0.jwk.JwkException;
import com.auth0.jwk.UrlJwkProvider;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.sun.security.auth.UserPrincipal;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.time.LocalDate;
import java.time.ZoneId;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:io/mapsmessaging/security/jaas/Auth0JwtLoginModule.class */
public class Auth0JwtLoginModule extends BaseLoginModule {
    private String domain;

    @Override // io.mapsmessaging.security.jaas.BaseLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.domain = (String) map2.get("auth0Domain");
    }

    @Override // io.mapsmessaging.security.jaas.BaseLoginModule
    protected boolean validate(String str, char[] cArr) throws LoginException {
        try {
            String str2 = new String(cArr);
            UrlJwkProvider urlJwkProvider = new UrlJwkProvider("https://" + this.domain + "/");
            DecodedJWT decode = JWT.decode(str2);
            LocalDate localDate = JWT.require(Algorithm.RSA256((RSAPublicKey) urlJwkProvider.get(decode.getKeyId()).getPublicKey(), (RSAPrivateKey) null)).withIssuer("https://" + this.domain + "/").build().verify(str2).getExpiresAt().toInstant().atZone(ZoneId.systemDefault()).toLocalDate();
            if (localDate.isBefore(LocalDate.now())) {
                throw new LoginException("Token expired on " + localDate);
            }
            String subject = decode.getSubject();
            if (subject.contains("@")) {
                subject = subject.substring(0, subject.indexOf("@"));
            }
            if (!str.equals(subject)) {
                return false;
            }
            this.userPrincipal = new UserPrincipal(str);
            return true;
        } catch (JwkException e) {
            LoginException loginException = new LoginException("Java web token exception");
            loginException.initCause(e);
            throw loginException;
        }
    }
}
