package org.apache.streampipes.user.management.jwt;

import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.streampipes.commons.environment.Environment;
import org.apache.streampipes.commons.environment.Environments;
import org.apache.streampipes.config.backend.BackendConfig;
import org.apache.streampipes.config.backend.model.JwtSigningMode;
import org.apache.streampipes.config.backend.model.LocalAuthConfig;
import org.apache.streampipes.model.client.user.Principal;
import org.apache.streampipes.security.jwt.JwtTokenGenerator;
import org.apache.streampipes.security.jwt.JwtTokenUtils;
import org.apache.streampipes.security.jwt.JwtTokenValidator;
import org.apache.streampipes.user.management.model.PrincipalUserDetails;
import org.apache.streampipes.user.management.util.GrantedAuthoritiesBuilder;
import org.apache.streampipes.user.management.util.UserInfoUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:BOOT-INF/lib/streampipes-user-management-0.91.0.jar:org/apache/streampipes/user/management/jwt/JwtTokenProvider.class */
public class JwtTokenProvider {
    public static final String CLAIM_USER = "user";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) JwtTokenProvider.class);
    private BackendConfig config = BackendConfig.INSTANCE;
    private Environment env = Environments.getEnvironment();

    public String createToken(Authentication authentication) {
        return createToken(((PrincipalUserDetails) authentication.getPrincipal()).getDetails(), (Set) authentication.getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collectors.toSet()));
    }

    public String createToken(Principal principal) {
        return createToken(principal, new GrantedAuthoritiesBuilder(principal).buildAllAuthorities());
    }

    public String createToken(Principal principal, Set<String> set) {
        Date makeExpirationDate = makeExpirationDate();
        Map<String, Object> makeClaims = makeClaims(principal, set);
        if (authConfig().getJwtSigningMode() == JwtSigningMode.HMAC) {
            return JwtTokenGenerator.makeJwtToken(principal.getUsername(), tokenSecret(), makeClaims, makeExpirationDate);
        }
        try {
            return JwtTokenGenerator.makeJwtToken(principal.getUsername(), getKeyFilePath(), makeClaims, makeExpirationDate);
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            LOG.warn("Could not create JWT token from private key location..defaulting to HMAC");
            return JwtTokenGenerator.makeJwtToken(principal.getUsername(), tokenSecret(), makeClaims, makeExpirationDate);
        }
    }

    private Map<String, Object> makeClaims(Principal principal, Set<String> set) {
        HashMap hashMap = new HashMap();
        hashMap.put("user", UserInfoUtil.toUserInfoObj(principal, set));
        return hashMap;
    }

    public String getUserIdFromToken(String str) {
        return JwtTokenUtils.getUserIdFromToken(str, new SpKeyResolver(tokenSecret()));
    }

    public boolean validateJwtToken(String str) {
        return JwtTokenValidator.validateJwtToken(str, new SpKeyResolver(tokenSecret()));
    }

    public boolean validateJwtToken(String str, String str2) {
        return JwtTokenValidator.validateJwtToken(str, str2);
    }

    private String tokenSecret() {
        return authConfig().getTokenSecret();
    }

    private Path getKeyFilePath() {
        return Paths.get(this.env.getJwtPrivateKeyLoc().getValue(), new String[0]);
    }

    private LocalAuthConfig authConfig() {
        return this.config.getLocalAuthConfig();
    }

    private Date makeExpirationDate() {
        return new Date(new Date().getTime() + authConfig().getTokenExpirationTimeMillis());
    }
}
