package io.confluent.common.security.jetty.jwt;

import io.confluent.common.security.util.PemUtils;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.time.Instant;
import java.util.concurrent.TimeUnit;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;

/* loaded from: input_file:io/confluent/common/security/jetty/jwt/JwtBuilder.class */
public final class JwtBuilder {
    private final KeyPair keyPair = generateKeyPair();

    public String buildJwt(String... strArr) {
        return buildJwt(TimeUnit.HOURS.toMillis(1L), strArr);
    }

    public String buildJwt(long j, String... strArr) {
        return buildJwt(null, j, strArr);
    }

    public String buildJwt(String str, long j, String... strArr) {
        long epochMilli = Instant.now().toEpochMilli() + j;
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setIssuer("Confluent");
        jwtClaims.setIssuedAtToNow();
        jwtClaims.setExpirationTime(NumericDate.fromMilliseconds(epochMilli));
        jwtClaims.setJwtId("000-111-222-333");
        jwtClaims.setStringListClaim("clusters", strArr);
        jwtClaims.setSubject("franz");
        if (str != null) {
            jwtClaims.setClaim("orgResourceId", str);
        }
        return buildJwt(jwtClaims);
    }

    public String buildJwt(JwtClaims jwtClaims) {
        try {
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.setPayload(jwtClaims.toJson());
            jsonWebSignature.setKey(this.keyPair.getPrivate());
            jsonWebSignature.setAlgorithmHeaderValue("RS256");
            return jsonWebSignature.getCompactSerialization();
        } catch (Exception e) {
            throw new RuntimeException("Failed to build JWT", e);
        }
    }

    public Path createJwtPublicKey(Path path) {
        try {
            OutputStream newOutputStream = Files.newOutputStream(path, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
            Throwable th = null;
            try {
                try {
                    PemUtils.writePublicKey(newOutputStream, this.keyPair.getPublic());
                    if (newOutputStream != null) {
                        if (0 != 0) {
                            try {
                                newOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newOutputStream.close();
                        }
                    }
                    return path;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException("Failed to load JWT PEM file", e);
        }
    }

    public Path createJwtKeyPair(Path path) {
        try {
            OutputStream newOutputStream = Files.newOutputStream(path, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
            Throwable th = null;
            try {
                try {
                    PemUtils.writeKeyPair(newOutputStream, this.keyPair);
                    if (newOutputStream != null) {
                        if (0 != 0) {
                            try {
                                newOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newOutputStream.close();
                        }
                    }
                    return path;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException("Failed to load JWT PEM file", e);
        }
    }

    public PublicKey getJwtPublicKey() {
        return this.keyPair.getPublic();
    }

    private static KeyPair generateKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            throw new RuntimeException("Failed to generate key pair", e);
        }
    }
}
