package org.eclipse.hono.util;

import io.jsonwebtoken.SignatureAlgorithm;
import io.vertx.core.Vertx;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
import java.time.Duration;
import java.util.Objects;
import java.util.function.Supplier;
import javax.crypto.spec.SecretKeySpec;
import org.eclipse.hono.config.KeyLoader;
import org.eclipse.hono.config.SignatureSupportingConfigProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/hono-core-1.8.1.jar:org/eclipse/hono/util/JwtHelper.class */
public abstract class JwtHelper {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) JwtHelper.class);
    protected SignatureAlgorithm algorithm;
    protected Key key;
    protected Duration tokenLifetime;
    private final Vertx vertx;

    protected JwtHelper(Vertx vertx) {
        this.vertx = vertx;
    }

    protected static final byte[] getBytes(String str) {
        return str.getBytes(StandardCharsets.UTF_8);
    }

    protected final void setSharedSecret(byte[] bArr) {
        if (((byte[]) Objects.requireNonNull(bArr)).length < 32) {
            throw new IllegalArgumentException("shared secret must be at least 32 bytes");
        }
        this.algorithm = SignatureAlgorithm.HS256;
        this.key = new SecretKeySpec(bArr, SignatureAlgorithm.HS256.getJcaName());
    }

    protected final void setPrivateKey(String str) {
        Objects.requireNonNull(str);
        this.key = KeyLoader.fromFiles(this.vertx, str, null).getPrivateKey();
        if (this.key == null) {
            throw new IllegalArgumentException("cannot load private key: " + str);
        }
        if (this.key instanceof ECKey) {
            this.algorithm = SignatureAlgorithm.ES256;
        } else {
            if (!(this.key instanceof RSAKey)) {
                throw new IllegalArgumentException("unsupported private key type: " + this.key.getClass());
            }
            this.algorithm = SignatureAlgorithm.RS256;
        }
    }

    protected final void setPublicKey(String str) {
        Objects.requireNonNull(str);
        this.key = KeyLoader.fromFiles(this.vertx, null, str).getPublicKey();
        if (this.key == null) {
            throw new IllegalArgumentException("cannot load public key: " + str);
        }
        if (this.key instanceof ECKey) {
            this.algorithm = SignatureAlgorithm.ES256;
        } else {
            if (!(this.key instanceof RSAKey)) {
                throw new IllegalArgumentException("unsupported public key type: " + this.key.getClass());
            }
            this.algorithm = SignatureAlgorithm.RS256;
        }
    }

    public final Duration getTokenLifetime() {
        return this.tokenLifetime;
    }

    protected static <T extends JwtHelper> T forSharedSecret(String str, long j, Supplier<T> supplier) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(supplier);
        T t = supplier.get();
        t.setSharedSecret(getBytes(str));
        t.tokenLifetime = Duration.ofSeconds(j);
        return t;
    }

    protected static <T extends JwtHelper> T forSigning(SignatureSupportingConfigProperties signatureSupportingConfigProperties, Supplier<T> supplier) {
        Objects.requireNonNull(signatureSupportingConfigProperties);
        Objects.requireNonNull(supplier);
        if (!signatureSupportingConfigProperties.isAppropriateForCreating()) {
            throw new IllegalArgumentException("configuration does not specify any signing tokens");
        }
        T t = supplier.get();
        t.tokenLifetime = Duration.ofSeconds(signatureSupportingConfigProperties.getTokenExpiration());
        LOG.info("using token lifetime of {} seconds", Long.valueOf(t.tokenLifetime.getSeconds()));
        if (signatureSupportingConfigProperties.getSharedSecret() != null) {
            byte[] bytes = getBytes(signatureSupportingConfigProperties.getSharedSecret());
            t.setSharedSecret(bytes);
            LOG.info("using shared secret [{} bytes] for signing tokens", Integer.valueOf(bytes.length));
        } else if (signatureSupportingConfigProperties.getKeyPath() != null) {
            t.setPrivateKey(signatureSupportingConfigProperties.getKeyPath());
            LOG.info("using private key [{}] for signing tokens", signatureSupportingConfigProperties.getKeyPath());
        }
        return t;
    }

    protected static <T extends JwtHelper> T forValidating(SignatureSupportingConfigProperties signatureSupportingConfigProperties, Supplier<T> supplier) {
        Objects.requireNonNull(signatureSupportingConfigProperties);
        Objects.requireNonNull(supplier);
        if (!signatureSupportingConfigProperties.isAppropriateForValidating()) {
            throw new IllegalArgumentException("configuration does not specify any key material for validating tokens");
        }
        T t = supplier.get();
        if (signatureSupportingConfigProperties.getSharedSecret() != null) {
            byte[] bytes = getBytes(signatureSupportingConfigProperties.getSharedSecret());
            t.setSharedSecret(bytes);
            LOG.info("using shared secret [{} bytes] for validating tokens", Integer.valueOf(bytes.length));
        } else if (signatureSupportingConfigProperties.getCertPath() != null) {
            t.setPublicKey(signatureSupportingConfigProperties.getCertPath());
            LOG.info("using public key from certificate [{}] for validating tokens", signatureSupportingConfigProperties.getCertPath());
        }
        return t;
    }
}
