package es.iti.wakamiti.server.infra.auth;

import es.iti.wakamiti.server.spi.TokenAuthentication;
import io.smallrye.jwt.build.Jwt;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.time.Clock;
import java.time.Duration;
import java.util.Base64;
import javax.enterprise.context.ApplicationScoped;
import org.eclipse.microprofile.config.inject.ConfigProperty;

@ApplicationScoped
/* loaded from: input_file:es/iti/wakamiti/server/infra/auth/JwtAuthentication.class */
public class JwtAuthentication implements TokenAuthentication {

    @ConfigProperty(name = "mp.jwt.verify.privatekey.location")
    String privateKeyLocation;

    @ConfigProperty(name = "mp.jwt.verify.issuer")
    String issuer;

    @ConfigProperty(name = "mp.jwt.verify.tokenLife")
    Duration tokenLife;
    private PrivateKey privateKey;
    private final Clock clock;

    public JwtAuthentication(Clock clock) {
        this.clock = clock;
    }

    public JwtAuthentication() {
        this(Clock.systemUTC());
    }

    @Override // es.iti.wakamiti.server.spi.TokenAuthentication
    public String newToken(String str) {
        return Jwt.claims().issuer(this.issuer).issuedAt(this.clock.instant()).subject(str).expiresIn(this.tokenLife).jws().keyId(this.privateKeyLocation).sign(privateKey());
    }

    private PrivateKey privateKey() {
        try {
            if (this.privateKey == null) {
                this.privateKey = readPrivateKey(this.privateKeyLocation);
            }
            return this.privateKey;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static PrivateKey readPrivateKey(String str) throws IOException, GeneralSecurityException {
        InputStream resourceAsStream = contextClassLoader().getResourceAsStream(str);
        try {
            PrivateKey decodePrivateKey = decodePrivateKey(new String(resourceAsStream.readAllBytes(), StandardCharsets.UTF_8));
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
            return decodePrivateKey;
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static PrivateKey decodePrivateKey(String str) throws GeneralSecurityException {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(toEncodedBytes(str)));
    }

    private static byte[] toEncodedBytes(String str) {
        return Base64.getDecoder().decode(removeBeginEnd(str));
    }

    private static String removeBeginEnd(String str) {
        return str.replaceAll("-----BEGIN (.*)-----", "").replaceAll("-----END (.*)----", "").replace("\r\n", "").replace("\n", "").trim();
    }

    private static ClassLoader contextClassLoader() {
        return Thread.currentThread().getContextClassLoader();
    }
}
