package com.fivefaces.structureclient.config.security.patient;

import com.fivefaces.setting.service.SettingService;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.ECDSAVerifier;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.text.ParseException;
import java.time.Instant;
import java.util.Date;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/fivefaces/structureclient/config/security/patient/PatientJwtTokenServiceImpl.class */
public class PatientJwtTokenServiceImpl implements PatientJwtTokenService {
    private static final Logger log = LoggerFactory.getLogger(PatientJwtTokenServiceImpl.class);
    public static final long JWT_TOKEN_VALIDITY = 18000;
    private final SettingService settingService;

    @Override // com.fivefaces.structureclient.config.security.patient.PatientJwtTokenService
    public String generateToken(Map<String, Object> map, String str) {
        try {
            ECKey jwtPrivateKey = getJwtPrivateKey();
            SignedJWT signedJWT = new SignedJWT(createHeader(jwtPrivateKey), createClaimsSet(str, map));
            signedJWT.sign(new ECDSASigner(jwtPrivateKey));
            return signedJWT.serialize();
        } catch (JOSEException | ParseException e) {
            log.error("Could not generate JWT token", e);
            throw new IllegalStateException("Could not generate JWT", e);
        }
    }

    @Override // com.fivefaces.structureclient.config.security.patient.PatientJwtTokenService
    public JWT validateToken(String str) {
        try {
            SignedJWT parse = SignedJWT.parse(str);
            if (parse.verify(new ECDSAVerifier(getJwtPrivateKey()))) {
                return parse;
            }
            throw new BadCredentialsException("Invalid JWT");
        } catch (JOSEException | ParseException e) {
            log.error("Could not validate JWT token", e);
            throw new IllegalStateException("Could not validate JWT", e);
        }
    }

    @Override // com.fivefaces.structureclient.config.security.patient.PatientJwtTokenService
    public String getJwtPublicKey() {
        return this.settingService.getSettingByName("JWT Public Key").getValue();
    }

    @Override // com.fivefaces.structureclient.config.security.patient.PatientJwtTokenService
    public String getIssuer() {
        return this.settingService.getSettingByName("JWT Issuer").getValue();
    }

    private JWSHeader createHeader(ECKey eCKey) {
        return new JWSHeader.Builder(JWSAlgorithm.ES256).type(JOSEObjectType.JWT).keyID(eCKey.getKeyID()).build();
    }

    private JWTClaimsSet createClaimsSet(String str, Map<String, Object> map) {
        Instant now = Instant.now();
        JWTClaimsSet.Builder expirationTime = new JWTClaimsSet.Builder().issuer(getIssuer()).subject(str).audience("ff-structure").notBeforeTime(Date.from(now)).issueTime(Date.from(now)).expirationTime(Date.from(now.plusSeconds(JWT_TOKEN_VALIDITY)));
        for (String str2 : map.keySet()) {
            expirationTime.claim(str2, map.get(str2));
        }
        return expirationTime.build();
    }

    private ECKey getJwtPrivateKey() throws ParseException {
        return ECKey.parse(this.settingService.getSettingByName("JWT Private Key").getValue());
    }

    public PatientJwtTokenServiceImpl(SettingService settingService) {
        this.settingService = settingService;
    }
}
