package io.confluent.kafkarest.testing;

import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:io/confluent/kafkarest/testing/JwtProvider.class */
public class JwtProvider {
    private final KeyPair keyPair;
    private final File publicKeyFile;

    /* loaded from: input_file:io/confluent/kafkarest/testing/JwtProvider$JwsContainer.class */
    public static class JwsContainer {
        private final String jwsToken;
        private final File publicKeyFile;

        JwsContainer(String str, File file) {
            this.jwsToken = str;
            this.publicKeyFile = file;
        }

        public File getPublicKeyFile() {
            return this.publicKeyFile;
        }

        public String getJwsToken() {
            return this.jwsToken;
        }
    }

    public JwtProvider() {
        try {
            this.keyPair = generateKeyPair();
            this.publicKeyFile = File.createTempFile("kafka", ".tmp");
            this.publicKeyFile.deleteOnExit();
            writePemFile(this.publicKeyFile, this.keyPair.getPublic());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public File publicFile() {
        return this.publicKeyFile;
    }

    public JwsContainer jws(Integer num, String str, String str2, String[] strArr) throws Exception {
        return new JwsContainer(sign(this.keyPair.getPrivate(), num, str, str2, strArr), this.publicKeyFile);
    }

    static void writePemFile(File file, PublicKey publicKey) throws IOException {
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new FileWriter(file));
        jcaPEMWriter.writeObject(publicKey);
        jcaPEMWriter.close();
    }

    private static KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        return keyPairGenerator.genKeyPair();
    }

    private static String sign(PrivateKey privateKey, Integer num, String str, String str2, String[] strArr) {
        try {
            JwtClaims jwtClaims = new JwtClaims();
            jwtClaims.setIssuer(str);
            if (num != null) {
                NumericDate now = NumericDate.now();
                now.addSeconds(num.intValue() / 1000);
                jwtClaims.setExpirationTime(now);
            }
            jwtClaims.setGeneratedJwtId();
            jwtClaims.setIssuedAtToNow();
            jwtClaims.setNotBeforeMinutesInThePast(2.0f);
            jwtClaims.setStringListClaim("clusters", strArr);
            if (str2 != null) {
                jwtClaims.setSubject(str2);
            }
            jwtClaims.setClaim("monitoring", true);
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.setPayload(jwtClaims.toJson());
            jsonWebSignature.setKey(privateKey);
            jsonWebSignature.setAlgorithmHeaderValue("RS256");
            return jsonWebSignature.getCompactSerialization();
        } catch (JoseException e) {
            throw new RuntimeException("Error creating JWS for test");
        }
    }
}
