package org.logdoc.tgbots.nursery.service.impl;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.typesafe.config.Config;
import java.nio.file.Paths;
import java.security.interfaces.RSAPublicKey;
import java.util.Collection;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.logdoc.fairhttp.service.DI;
import org.logdoc.helpers.Sporadics;
import org.logdoc.helpers.Texts;
import org.logdoc.helpers.gears.Pair;
import org.logdoc.tgbots.nursery.model.User;
import org.logdoc.tgbots.nursery.model.UserRole;
import org.logdoc.tgbots.nursery.service.TokenService;
import org.logdoc.tgbots.nursery.tools.KeyReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/logdoc/tgbots/nursery/service/impl/TokenServiceImpl.class */
public class TokenServiceImpl implements TokenService {
    private static final Logger logger = LoggerFactory.getLogger(TokenService.class);
    public final long lifetime;
    private final String issuer;
    private final JWSSigner signer;
    private final JWSVerifier verifier;

    public TokenServiceImpl() throws Exception {
        Config config = ((Config) DI.gain(Config.class)).getConfig("nursery.security");
        this.issuer = config.getString("jwt.issuer");
        this.lifetime = config.getDuration("jwt.life_time", TimeUnit.SECONDS) * 1000;
        this.signer = new RSASSASigner(KeyReader.privater.fromPath(Paths.get(config.getString("keys.private"), new String[0])));
        this.verifier = new RSASSAVerifier((RSAPublicKey) KeyReader.publicer.fromPath(Paths.get(config.getString("keys.public"), new String[0])));
    }

    public JWTClaimsSet jwtSet(String str) throws Exception {
        SignedJWT parse = SignedJWT.parse(str);
        if (!parse.verify(this.verifier)) {
            throw new RuntimeException("Подпись токен недействительна");
        }
        JWTClaimsSet jWTClaimsSet = parse.getJWTClaimsSet();
        if (this.issuer.equals(jWTClaimsSet.getIssuer())) {
            return jWTClaimsSet;
        }
        throw new RuntimeException("Издатель токена недействителен");
    }

    public String token(User user, Collection<UserRole> collection) {
        user.setSudo(user.isSudo() || collection.stream().anyMatch((v0) -> {
            return v0.isSudo();
        }));
        Pair<String, ?>[] pairArr = new Pair[2];
        pairArr[0] = Pair.create(TokenService.SUDO_CLAIM, user.isSudo() ? true : null);
        pairArr[1] = Pair.create(TokenService.PERMISSIONS_CLAIM, user.isSudo() ? null : (String) collection.stream().flatMap(userRole -> {
            return userRole.getPermissions().stream();
        }).map((v0) -> {
            return v0.toString();
        }).collect(Collectors.joining(",")));
        return token(user, pairArr);
    }

    @SafeVarargs
    private String token(User user, Pair<String, ?>... pairArr) {
        return token(user.getId(), user.getLogin(), System.currentTimeMillis() + this.lifetime, pairArr).serialize();
    }

    @SafeVarargs
    private SignedJWT token(long j, String str, long j2, Pair<String, ?>... pairArr) {
        JWTClaimsSet.Builder jwtID = new JWTClaimsSet.Builder().subject(String.valueOf(j)).audience(str).issueTime(new Date()).issuer(this.issuer).notBeforeTime(new Date()).expirationTime(new Date(j2)).jwtID(Sporadics.generateUuid().toString());
        if (!Texts.isEmpty(pairArr)) {
            for (Pair<String, ?> pair : pairArr) {
                if (pair.second != null) {
                    jwtID.claim((String) pair.first, pair.second);
                }
            }
        }
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), jwtID.build());
        try {
            signedJWT.sign(this.signer);
        } catch (JOSEException e) {
            logger.error(e.getMessage(), e);
        }
        return signedJWT;
    }
}
