package io.nats.client.support;

import io.nats.client.NKey;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.time.Duration;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;

/* loaded from: input_file:BOOT-INF/lib/jnats-2.16.1.jar:io/nats/client/support/JwtUtils.class */
public abstract class JwtUtils {
    private static final String ENCODED_CLAIM_HEADER = Encoding.toBase64Url("{\"typ\":\"JWT\", \"alg\":\"ed25519-nkey\"}");
    public static final String NATS_USER_JWT_FORMAT = "-----BEGIN NATS USER JWT-----\n%s\n------END NATS USER JWT------\n\n************************* IMPORTANT *************************\n    NKEY Seed printed below can be used to sign and prove identity.\n    NKEYs are sensitive and should be treated as secrets.\n\n-----BEGIN USER NKEY SEED-----\n%s\n------END USER NKEY SEED------\n\n*************************************************************\n";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/jnats-2.16.1.jar:io/nats/client/support/JwtUtils$Claim.class */
    public static class Claim implements JsonSerializable {
        Duration exp;
        long iat;
        String iss;
        String jti;
        String name;
        Nats nats;
        String sub;

        Claim() {
        }

        @Override // io.nats.client.support.JsonSerializable
        public String toJson() {
            StringBuilder beginJson = JsonUtils.beginJson();
            if (this.exp != null && !this.exp.isZero() && !this.exp.isNegative()) {
                JsonUtils.addField(beginJson, "exp", Long.valueOf(this.iat + (this.exp.toMillis() / 1000)));
            }
            JsonUtils.addField(beginJson, "iat", Long.valueOf(this.iat));
            JsonUtils.addFieldEvenEmpty(beginJson, "jti", this.jti);
            JsonUtils.addField(beginJson, "iss", this.iss);
            JsonUtils.addField(beginJson, "name", this.name);
            JsonUtils.addField(beginJson, "nats", this.nats);
            JsonUtils.addField(beginJson, "sub", this.sub);
            return JsonUtils.endJson(beginJson).toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/jnats-2.16.1.jar:io/nats/client/support/JwtUtils$Nats.class */
    public static class Nats implements JsonSerializable {
        String issuerAccount;
        String[] tags;

        Nats() {
        }

        @Override // io.nats.client.support.JsonSerializable
        public String toJson() {
            StringBuilder beginJson = JsonUtils.beginJson();
            JsonUtils.addField(beginJson, "issuer_account", this.issuerAccount);
            JsonUtils.addStrings(beginJson, ApiConstants.TAGS, (List<String>) (null == this.tags ? Collections.emptyList() : Arrays.asList(this.tags)));
            JsonUtils.addField(beginJson, "type", "user");
            JsonUtils.addField(beginJson, "version", (Integer) 2);
            return JsonUtils.endJson(beginJson).toString();
        }
    }

    private JwtUtils() {
    }

    public static String issueUserJWT(NKey nKey, String str, String str2) throws GeneralSecurityException, IOException {
        return issueUserJWT(nKey, str, str2, null, null, new String[0]);
    }

    public static String issueUserJWT(NKey nKey, String str, String str2, String str3) throws GeneralSecurityException, IOException {
        return issueUserJWT(nKey, str, str2, str3, null, new String[0]);
    }

    public static String issueUserJWT(NKey nKey, String str, String str2, String str3, Duration duration, String... strArr) throws GeneralSecurityException, IOException {
        return issueUserJWT(nKey, str, str2, str3, duration, strArr, System.currentTimeMillis() / 1000);
    }

    protected static String issueUserJWT(NKey nKey, String str, String str2, String str3, Duration duration, String[] strArr, long j) throws GeneralSecurityException, IOException {
        if (nKey.getType() != NKey.Type.ACCOUNT) {
            throw new IllegalArgumentException("issueUserJWT requires an account key for the signingKey parameter, but got " + nKey.getType());
        }
        NKey fromPublicKey = NKey.fromPublicKey(str.toCharArray());
        if (fromPublicKey.getType() != NKey.Type.ACCOUNT) {
            throw new IllegalArgumentException("issueUserJWT requires an account key for the accountId parameter, but got " + fromPublicKey.getType());
        }
        NKey fromPublicKey2 = NKey.fromPublicKey(str2.toCharArray());
        if (fromPublicKey2.getType() != NKey.Type.USER) {
            throw new IllegalArgumentException("issueUserJWT requires a user key for the publicUserKey, but got " + fromPublicKey2.getType());
        }
        String str4 = new String(nKey.getPublicKey());
        Claim claim = new Claim();
        claim.exp = duration;
        claim.iat = j;
        claim.iss = str4;
        claim.name = Validator.nullOrEmpty(str3) ? str2 : str3;
        claim.sub = str2;
        claim.nats = new Nats();
        claim.nats.issuerAccount = str;
        claim.nats.tags = strArr;
        claim.jti = new String(Encoding.base32Encode(MessageDigest.getInstance("SHA-256").digest(claim.toJson().getBytes(StandardCharsets.UTF_8))));
        String base64Url = Encoding.toBase64Url(claim.toJson());
        return ENCODED_CLAIM_HEADER + "." + base64Url + "." + Encoding.toBase64Url(nKey.sign((ENCODED_CLAIM_HEADER + "." + base64Url).getBytes(StandardCharsets.UTF_8)));
    }
}
