package org.apache.streampipes.user.management.jwt;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.SigningKeyResolver;
import java.security.Key;
import org.apache.streampipes.model.client.user.Principal;
import org.apache.streampipes.model.client.user.ServiceAccount;
import org.apache.streampipes.model.client.user.UserAccount;
import org.apache.streampipes.security.jwt.KeyGenerator;
import org.apache.streampipes.storage.api.IUserStorage;
import org.apache.streampipes.storage.management.StorageDispatcher;
import org.apache.streampipes.user.management.encryption.SecretEncryptionManager;

/* loaded from: input_file:BOOT-INF/lib/streampipes-user-management-0.93.0.jar:org/apache/streampipes/user/management/jwt/SpKeyResolver.class */
public class SpKeyResolver implements SigningKeyResolver {
    private final String tokenSecret;
    private final IUserStorage userStorage = StorageDispatcher.INSTANCE.getNoSqlStore().getUserStorageAPI();

    public SpKeyResolver(String str) {
        this.tokenSecret = str;
    }

    @Override // io.jsonwebtoken.SigningKeyResolver
    public Key resolveSigningKey(JwsHeader jwsHeader, Claims claims) {
        Principal principal = getPrincipal(claims.getSubject());
        if (principal == null) {
            return null;
        }
        if (isRealUser(principal)) {
            return new KeyGenerator().makeKeyForSecret(jwsHeader.getAlgorithm(), this.tokenSecret, getPublicKeyFromConfig());
        }
        return new KeyGenerator().makeKeyForSecret(jwsHeader.getAlgorithm(), SecretEncryptionManager.decrypt(((ServiceAccount) principal).getClientSecret()), getPublicKeyFromConfig());
    }

    @Override // io.jsonwebtoken.SigningKeyResolver
    public Key resolveSigningKey(JwsHeader jwsHeader, String str) {
        return null;
    }

    private Principal getPrincipal(String str) {
        return this.userStorage.getUser(str);
    }

    private boolean isRealUser(Principal principal) {
        return principal instanceof UserAccount;
    }

    public String getPublicKeyFromConfig() {
        return StorageDispatcher.INSTANCE.getNoSqlStore().getSpCoreConfigurationStorage().get().getLocalAuthConfig().getPublicKey();
    }
}
