package org.openmetadata.service.security.jwt;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTCreationException;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Base64;
import java.util.Date;
import java.util.List;
import org.openmetadata.schema.api.security.jwt.JWTTokenConfiguration;
import org.openmetadata.schema.auth.GenerateTokenRequest;
import org.openmetadata.schema.auth.JWTAuthMechanism;
import org.openmetadata.schema.auth.JWTTokenExpiry;
import org.openmetadata.schema.entity.teams.AuthenticationMechanism;
import org.openmetadata.schema.entity.teams.User;
import org.openmetadata.service.security.AuthenticationException;
import org.openmetadata.service.util.JsonUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openmetadata/service/security/jwt/JWTTokenGenerator.class */
public class JWTTokenGenerator {
    private static final String SUBJECT_CLAIM = "sub";
    private static final String EMAIL_CLAIM = "email";
    private static final String IS_BOT_CLAIM = "isBot";
    private RSAPrivateKey privateKey;
    private RSAPublicKey publicKey;
    private String issuer;
    private String kid;
    private static final Logger LOG = LoggerFactory.getLogger(JWTTokenGenerator.class);
    private static final JWTTokenGenerator INSTANCE = new JWTTokenGenerator();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.openmetadata.service.security.jwt.JWTTokenGenerator$1, reason: invalid class name */
    /* loaded from: input_file:org/openmetadata/service/security/jwt/JWTTokenGenerator$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$openmetadata$schema$auth$JWTTokenExpiry = new int[JWTTokenExpiry.values().length];

        static {
            try {
                $SwitchMap$org$openmetadata$schema$auth$JWTTokenExpiry[JWTTokenExpiry.OneHour.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$openmetadata$schema$auth$JWTTokenExpiry[JWTTokenExpiry.One.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$openmetadata$schema$auth$JWTTokenExpiry[JWTTokenExpiry.Seven.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$openmetadata$schema$auth$JWTTokenExpiry[JWTTokenExpiry.Thirty.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$openmetadata$schema$auth$JWTTokenExpiry[JWTTokenExpiry.Sixty.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$openmetadata$schema$auth$JWTTokenExpiry[JWTTokenExpiry.Ninety.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$openmetadata$schema$auth$JWTTokenExpiry[JWTTokenExpiry.Unlimited.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    private JWTTokenGenerator() {
    }

    public static JWTTokenGenerator getInstance() {
        return INSTANCE;
    }

    public void init(JWTTokenConfiguration jWTTokenConfiguration) {
        try {
            if (jWTTokenConfiguration.getRsaprivateKeyFilePath() != null && !jWTTokenConfiguration.getRsaprivateKeyFilePath().isEmpty() && jWTTokenConfiguration.getRsapublicKeyFilePath() != null && !jWTTokenConfiguration.getRsapublicKeyFilePath().isEmpty()) {
                this.privateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Files.readAllBytes(Paths.get(jWTTokenConfiguration.getRsaprivateKeyFilePath(), new String[0]))));
                this.publicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Files.readAllBytes(Paths.get(jWTTokenConfiguration.getRsapublicKeyFilePath(), new String[0]))));
                this.issuer = jWTTokenConfiguration.getJwtissuer();
                this.kid = jWTTokenConfiguration.getKeyId();
            }
        } catch (Exception e) {
            LOG.error("Failed to initialize JWTTokenGenerator ", e);
        }
    }

    public void setAuthMechanism(User user, GenerateTokenRequest generateTokenRequest) {
        user.setAuthenticationMechanism(new AuthenticationMechanism().withConfig(generateJWTToken(user, generateTokenRequest.getJWTTokenExpiry())).withAuthType(AuthenticationMechanism.AuthType.JWT));
    }

    public JWTAuthMechanism getAuthMechanism(User user) {
        return (JWTAuthMechanism) JsonUtils.convertValue(user.getAuthenticationMechanism().getConfig(), JWTAuthMechanism.class);
    }

    public JWTAuthMechanism generateJWTToken(User user, JWTTokenExpiry jWTTokenExpiry) {
        try {
            JWTAuthMechanism withJWTTokenExpiry = new JWTAuthMechanism().withJWTTokenExpiry(jWTTokenExpiry);
            Algorithm RSA256 = Algorithm.RSA256((RSAPublicKey) null, this.privateKey);
            Date expiryDate = getExpiryDate(jWTTokenExpiry);
            withJWTTokenExpiry.setJWTToken(JWT.create().withIssuer(this.issuer).withKeyId(this.kid).withClaim(SUBJECT_CLAIM, user.getName()).withClaim(EMAIL_CLAIM, user.getEmail()).withClaim("isBot", true).withIssuedAt(new Date(System.currentTimeMillis())).withExpiresAt(expiryDate).sign(RSA256));
            withJWTTokenExpiry.setJWTTokenExpiresAt(expiryDate != null ? Long.valueOf(expiryDate.getTime()) : null);
            return withJWTTokenExpiry;
        } catch (Exception e) {
            throw new JWTCreationException("Failed to generate JWT Token. Please check your OpenMetadata Configuration.", e);
        }
    }

    public JWTAuthMechanism generateJWTToken(String str, String str2, JWTTokenExpiry jWTTokenExpiry, boolean z) {
        try {
            JWTAuthMechanism withJWTTokenExpiry = new JWTAuthMechanism().withJWTTokenExpiry(jWTTokenExpiry);
            Algorithm RSA256 = Algorithm.RSA256((RSAPublicKey) null, this.privateKey);
            Date expiryDate = getExpiryDate(jWTTokenExpiry);
            withJWTTokenExpiry.setJWTToken(JWT.create().withIssuer(this.issuer).withKeyId(this.kid).withClaim(SUBJECT_CLAIM, str).withClaim(EMAIL_CLAIM, str2).withClaim("isBot", Boolean.valueOf(z)).withIssuedAt(new Date(System.currentTimeMillis())).withExpiresAt(expiryDate).sign(RSA256));
            withJWTTokenExpiry.setJWTTokenExpiresAt(expiryDate != null ? Long.valueOf(expiryDate.getTime()) : null);
            return withJWTTokenExpiry;
        } catch (Exception e) {
            throw new JWTCreationException("Failed to generate JWT Token. Please check your OpenMetadata Configuration.", e);
        }
    }

    /* JADX WARN: Type inference failed for: r0v16, types: [java.time.ZonedDateTime] */
    public Date getExpiryDate(JWTTokenExpiry jWTTokenExpiry) {
        LocalDateTime localDateTime;
        switch (AnonymousClass1.$SwitchMap$org$openmetadata$schema$auth$JWTTokenExpiry[jWTTokenExpiry.ordinal()]) {
            case 1:
                localDateTime = LocalDateTime.now().plusHours(1L);
                break;
            case 2:
                localDateTime = LocalDateTime.now().plusDays(1L);
                break;
            case 3:
                localDateTime = LocalDateTime.now().plusDays(7L);
                break;
            case 4:
                localDateTime = LocalDateTime.now().plusDays(30L);
                break;
            case 5:
                localDateTime = LocalDateTime.now().plusDays(60L);
                break;
            case 6:
                localDateTime = LocalDateTime.now().plusDays(90L);
                break;
            case 7:
            default:
                localDateTime = null;
                break;
        }
        if (localDateTime != null) {
            return Date.from(localDateTime.atZone(ZoneId.systemDefault()).toInstant());
        }
        return null;
    }

    public JWKSResponse getJWKSResponse() {
        JWKSResponse jWKSResponse = new JWKSResponse();
        JWKSKey jWKSKey = new JWKSKey();
        if (this.publicKey != null) {
            jWKSKey.setKid(this.kid);
            jWKSKey.setKty(this.publicKey.getAlgorithm());
            jWKSKey.setN(Base64.getUrlEncoder().encodeToString(this.publicKey.getModulus().toByteArray()));
            jWKSKey.setE(Base64.getUrlEncoder().encodeToString(this.publicKey.getPublicExponent().toByteArray()));
        }
        jWKSResponse.setJwsKeys(List.of(jWKSKey));
        return jWKSResponse;
    }

    public Date getTokenExpiryFromJWT(String str) {
        try {
            DecodedJWT decode = JWT.decode(str);
            if (decode.getExpiresAt() == null) {
                throw new AuthenticationException("Invalid Token, Expiry not present!");
            }
            return decode.getExpiresAt();
        } catch (JWTDecodeException e) {
            throw new AuthenticationException("Invalid token", e);
        }
    }

    public RSAPublicKey getPublicKey() {
        return this.publicKey;
    }
}
