package org.apache.shiro.spring.boot.jwt.token;

import com.google.common.collect.Maps;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.DirectDecrypter;
import com.nimbusds.jose.crypto.DirectEncrypter;
import com.nimbusds.jose.crypto.Ed25519Signer;
import com.nimbusds.jose.crypto.Ed25519Verifier;
import com.nimbusds.jose.jwk.OctetKeyPair;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.text.ParseException;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.SecretKey;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.spring.boot.jwt.JwtPayload;
import org.apache.shiro.spring.boot.jwt.exception.IncorrectJwtException;
import org.apache.shiro.spring.boot.jwt.exception.InvalidJwtToken;
import org.apache.shiro.spring.boot.jwt.time.JwtTimeProvider;
import org.apache.shiro.spring.boot.jwt.verifier.ExtendedEd25519Verifier;
import org.apache.shiro.spring.boot.utils.NimbusdsUtils;

/* loaded from: input_file:org/apache/shiro/spring/boot/jwt/token/SignedWithEdAndEncryptedWithAESJWTRepository.class */
public class SignedWithEdAndEncryptedWithAESJWTRepository implements JwtKeyPairRepository<OctetKeyPair, SecretKey> {
    private JwtTimeProvider timeProvider = JwtTimeProvider.DEFAULT_TIME_PROVIDER;

    @Override // org.apache.shiro.spring.boot.jwt.token.JwtKeyPairRepository
    public String issueJwt(OctetKeyPair octetKeyPair, SecretKey secretKey, String str, String str2, String str3, String str4, String str5, String str6, String str7, long j) throws AuthenticationException {
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("roles", str5);
        newHashMap.put("perms", str6);
        return issueJwt2(octetKeyPair, secretKey, str, str2, str3, str4, (Map<String, Object>) newHashMap, str7, j);
    }

    /* renamed from: issueJwt, reason: avoid collision after fix types in other method */
    public String issueJwt2(OctetKeyPair octetKeyPair, SecretKey secretKey, String str, String str2, String str3, String str4, Map<String, Object> map, String str5, long j) throws AuthenticationException {
        try {
            JWTClaimsSet.Builder claimsSet = NimbusdsUtils.claimsSet(str, str2, str3, str4, map, j);
            long now = getTimeProvider().now();
            Date date = new Date(now);
            claimsSet.issueTime(date);
            claimsSet.notBeforeTime(date);
            if (j >= 0) {
                claimsSet.expirationTime(new Date(now + j));
            }
            SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.EdDSA).keyID(octetKeyPair.getKeyID()).build(), claimsSet.build());
            signedJWT.sign(new Ed25519Signer(octetKeyPair));
            JWEObject jWEObject = new JWEObject(new JWEHeader(JWEAlgorithm.DIR, EncryptionMethod.A128GCM), new Payload(signedJWT));
            jWEObject.encrypt(new DirectEncrypter(secretKey));
            return jWEObject.serialize();
        } catch (KeyLengthException e) {
            throw new IncorrectJwtException((Throwable) e);
        } catch (JOSEException e2) {
            throw new IncorrectJwtException((Throwable) e2);
        } catch (IllegalStateException e3) {
            throw new IncorrectJwtException(e3);
        }
    }

    @Override // org.apache.shiro.spring.boot.jwt.token.JwtKeyPairRepository
    public boolean verify(OctetKeyPair octetKeyPair, SecretKey secretKey, String str, boolean z) throws AuthenticationException {
        try {
            JWEObject parse = JWEObject.parse(str);
            parse.decrypt(new DirectDecrypter(secretKey));
            SignedJWT signedJWT = parse.getPayload().toSignedJWT();
            JWSVerifier extendedEd25519Verifier = z ? new ExtendedEd25519Verifier(octetKeyPair.toPublicJWK(), signedJWT.getJWTClaimsSet(), getTimeProvider()) : new Ed25519Verifier(octetKeyPair.toPublicJWK());
            if (signedJWT.verify(extendedEd25519Verifier)) {
                return signedJWT.verify(extendedEd25519Verifier);
            }
            throw new AuthenticationException(String.format("Invalid JSON Web Token (JWT) : %s", str));
        } catch (JOSEException e) {
            throw new InvalidJwtToken((Throwable) e);
        } catch (IllegalStateException e2) {
            throw new IncorrectJwtException(e2);
        } catch (NumberFormatException e3) {
            throw new IncorrectJwtException(e3);
        } catch (ParseException e4) {
            throw new IncorrectJwtException(e4);
        }
    }

    @Override // org.apache.shiro.spring.boot.jwt.token.JwtKeyPairRepository
    public JwtPayload getPlayload(OctetKeyPair octetKeyPair, SecretKey secretKey, String str, boolean z) throws AuthenticationException {
        try {
            JWEObject parse = JWEObject.parse(str);
            parse.decrypt(new DirectDecrypter(secretKey));
            return NimbusdsUtils.payload(parse.getPayload().toSignedJWT().getJWTClaimsSet());
        } catch (IllegalStateException e) {
            throw new IncorrectJwtException(e);
        } catch (NumberFormatException e2) {
            throw new IncorrectJwtException(e2);
        } catch (JOSEException e3) {
            throw new InvalidJwtToken((Throwable) e3);
        } catch (ParseException e4) {
            throw new IncorrectJwtException(e4);
        }
    }

    public JwtTimeProvider getTimeProvider() {
        return this.timeProvider;
    }

    public void setTimeProvider(JwtTimeProvider jwtTimeProvider) {
        this.timeProvider = jwtTimeProvider;
    }

    @Override // org.apache.shiro.spring.boot.jwt.token.JwtKeyPairRepository
    public /* bridge */ /* synthetic */ String issueJwt(OctetKeyPair octetKeyPair, SecretKey secretKey, String str, String str2, String str3, String str4, Map map, String str5, long j) throws AuthenticationException {
        return issueJwt2(octetKeyPair, secretKey, str, str2, str3, str4, (Map<String, Object>) map, str5, j);
    }
}
