package com.silanis.esl.sdk.external.signer.verification.processor.jwt.parser;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObject;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.KeyLengthException;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.DirectEncrypter;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.jwk.source.ImmutableSecret;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.JWEDecryptionKeySelector;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SimpleSecurityContext;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import com.silanis.esl.sdk.external.signer.verification.exceptions.InvalidJWTException;
import com.silanis.esl.sdk.external.signer.verification.exceptions.UnexpectedEncryptedJWTContentType;
import com.silanis.esl.sdk.external.signer.verification.processor.jwt.claims.ClaimSet;
import com.silanis.esl.sdk.external.signer.verification.processor.jwt.claims.ClaimSetBuilder;
import com.silanis.esl.sdk.external.signer.verification.processor.jwt.claims.DefaultClaimSet;
import com.silanis.esl.sdk.external.signer.verification.processor.jwt.claims.DefaultClaimSetBuilder;
import com.silanis.esl.sdk.external.signer.verification.processor.jwt.security.KeySource;
import java.text.ParseException;
import java.util.Date;
import java.util.Map;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/silanis/esl/sdk/external/signer/verification/processor/jwt/parser/DefaultJwtParser.class */
public class DefaultJwtParser implements JwtParser {
    private final KeySource keySource;
    private ConfigurableJWTProcessor<SimpleSecurityContext> jwtProcessor;
    private JWSSigner signer;
    private static final JWSAlgorithm JWS_ALGORITHM = JWSAlgorithm.HS512;
    private static final JWEAlgorithm JWE_ALGORITHM = JWEAlgorithm.DIR;
    private static final EncryptionMethod JWE_ENC_ALGORITHM = EncryptionMethod.A256CBC_HS512;
    private static final String JWT_CONTENT_TYPE = "JWT";
    private static final int CLOCK_SKEW_SECS = 60;
    private static final long JWT_EXPIRY_MS = 30000;

    public DefaultJwtParser(KeySource keySource) {
        this.keySource = keySource;
        initJWSSigner();
        initJWTProcessor();
    }

    @Override // com.silanis.esl.sdk.external.signer.verification.processor.jwt.parser.JwtParser
    public ClaimSet jwtToClaims(String str) {
        try {
            return new DefaultClaimSet(this.jwtProcessor.process(toJWTObject(str), new SimpleSecurityContext()));
        } catch (BadJOSEException e) {
            throw new InvalidJWTException(e);
        } catch (JOSEException e2) {
            throw new InvalidJWTException(e2);
        }
    }

    @Override // com.silanis.esl.sdk.external.signer.verification.processor.jwt.parser.JwtParser
    public String claimsToJWT(ClaimSet claimSet) {
        return toJOSE(claimSet).serialize();
    }

    private JOSEObject toJOSE(ClaimSet claimSet) {
        return buildEncryptedJWT(buildSignedJWT(claimSet));
    }

    @Override // com.silanis.esl.sdk.external.signer.verification.processor.jwt.parser.JwtParser
    public ClaimSetBuilder createClaimSetBuilder() {
        return new DefaultClaimSetBuilder();
    }

    private JWT toJWTObject(String str) {
        try {
            return EncryptedJWT.parse(str);
        } catch (ParseException e) {
            throw new InvalidJWTException(e);
        }
    }

    private SignedJWT buildSignedJWT(ClaimSet claimSet) {
        Date date = new Date(new Date().getTime());
        JWTClaimsSet.Builder jwtID = new JWTClaimsSet.Builder().issueTime(date).expirationTime(new Date(date.getTime() + JWT_EXPIRY_MS)).jwtID(UUID.randomUUID().toString());
        Map<String, Object> claims = claimSet.getClaims();
        for (String str : claims.keySet()) {
            jwtID.claim(str, claims.get(str));
        }
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWS_ALGORITHM), jwtID.build());
        try {
            signedJWT.sign(this.signer);
            return signedJWT;
        } catch (JOSEException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private JWEObject buildEncryptedJWT(SignedJWT signedJWT) {
        JWEObject jWEObject = new JWEObject(new JWEHeader.Builder(JWE_ALGORITHM, JWE_ENC_ALGORITHM).contentType(JWT_CONTENT_TYPE).build(), new Payload(signedJWT));
        try {
            jWEObject.encrypt(new DirectEncrypter(this.keySource.getEncryptionKey()));
            return jWEObject;
        } catch (JOSEException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private void initJWSSigner() {
        try {
            this.signer = new MACSigner(this.keySource.getSigningKey());
        } catch (KeyLengthException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private void initJWTProcessor() {
        createJWTProcessor();
        configureJWSKey();
        configureJWEKey();
        configureClaimsVerifier();
    }

    private void createJWTProcessor() {
        this.jwtProcessor = new DefaultJWTProcessor<SimpleSecurityContext>() { // from class: com.silanis.esl.sdk.external.signer.verification.processor.jwt.parser.DefaultJwtParser.1
            public JWTClaimsSet process(EncryptedJWT encryptedJWT, SimpleSecurityContext simpleSecurityContext) throws BadJOSEException, JOSEException {
                if (StringUtils.equalsIgnoreCase(encryptedJWT.getHeader().getContentType(), DefaultJwtParser.JWT_CONTENT_TYPE)) {
                    return super.process(encryptedJWT, simpleSecurityContext);
                }
                throw new UnexpectedEncryptedJWTContentType();
            }
        };
    }

    private void configureClaimsVerifier() {
        DefaultJWTClaimsVerifier defaultJWTClaimsVerifier = new DefaultJWTClaimsVerifier();
        defaultJWTClaimsVerifier.setMaxClockSkew(CLOCK_SKEW_SECS);
        this.jwtProcessor.setJWTClaimsSetVerifier(defaultJWTClaimsVerifier);
    }

    private void configureJWEKey() {
        this.jwtProcessor.setJWEKeySelector(new JWEDecryptionKeySelector(JWE_ALGORITHM, JWE_ENC_ALGORITHM, new ImmutableSecret(this.keySource.getDecryptionKey())));
    }

    private void configureJWSKey() {
        this.jwtProcessor.setJWSKeySelector(new JWSVerificationKeySelector(JWS_ALGORITHM, new ImmutableSecret(this.keySource.getVerificationKey())));
    }
}
