package eu.unicore.services.rest.jwt;

import de.fzj.unicore.wsrflite.security.IContainerSecurityConfiguration;
import de.fzj.unicore.wsrflite.security.util.PubkeyCache;
import eu.unicore.security.AuthenticationException;
import eu.unicore.security.SecurityTokens;
import eu.unicore.services.rest.security.jwt.JWTUtils;
import java.security.PublicKey;

/* loaded from: input_file:eu/unicore/services/rest/jwt/JWTHelper.class */
public class JWTHelper {
    private final JWTServerProperties preferences;
    private final IContainerSecurityConfiguration securityProperties;
    private final String issuer;
    private final PubkeyCache keyCache;

    public JWTHelper(JWTServerProperties jWTServerProperties, IContainerSecurityConfiguration iContainerSecurityConfiguration, PubkeyCache pubkeyCache) {
        this.preferences = jWTServerProperties;
        this.securityProperties = iContainerSecurityConfiguration;
        this.issuer = iContainerSecurityConfiguration.getCredential() != null ? iContainerSecurityConfiguration.getCredential().getSubjectName() : "CN=ANONYMOUS,O=UNKNOWN,OU=UNKNOWN";
        this.keyCache = pubkeyCache;
    }

    public JWTHelper(JWTServerProperties jWTServerProperties, String str, PubkeyCache pubkeyCache) {
        this.preferences = jWTServerProperties;
        this.securityProperties = null;
        this.issuer = str;
        this.keyCache = pubkeyCache;
    }

    public String createJWTToken(SecurityTokens securityTokens) throws Exception {
        return createETDToken(securityTokens.getEffectiveUserName());
    }

    public String createETDToken(String str) throws Exception {
        return createETDToken(str, this.preferences.getTokenValidity());
    }

    public String createETDToken(String str, long j) throws Exception {
        return this.preferences.useKey() ? JWTUtils.createETDToken(str, j, this.issuer, this.securityProperties.getCredential().getKey()) : JWTUtils.createETDToken(str, j, this.issuer, this.preferences.getHMACSecret());
    }

    public void verifyJWTToken(String str) throws Exception {
        if (!this.preferences.useKey()) {
            JWTUtils.verifyJWTToken(str, this.preferences.getHMACSecret());
            return;
        }
        String issuer = JWTUtils.getIssuer(str);
        PublicKey publicKey = this.keyCache.getPublicKey(issuer);
        if (publicKey == null) {
            throw new AuthenticationException("No public key is available for <" + issuer + ">");
        }
        JWTUtils.verifyJWTToken(str, publicKey);
    }
}
