package org.kie.server.services.impl.util;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.JWTVerifier;
import java.security.KeyPair;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

/* loaded from: input_file:WEB-INF/lib/kie-server-services-common-7.75.0-SNAPSHOT.jar:org/kie/server/services/impl/util/JwtService.class */
public class JwtService {
    private JWTVerifier verifier;
    private Algorithm algorithm;
    private String issuer;

    /* loaded from: input_file:WEB-INF/lib/kie-server-services-common-7.75.0-SNAPSHOT.jar:org/kie/server/services/impl/util/JwtService$JwtServiceBuilder.class */
    public static class JwtServiceBuilder {
        Algorithm algorithm;
        String issuer;

        public JwtServiceBuilder keys(RSAPublicKey rSAPublicKey, RSAPrivateKey rSAPrivateKey) {
            this.algorithm = Algorithm.RSA256(rSAPublicKey, rSAPrivateKey);
            return this;
        }

        public JwtServiceBuilder issuer(String str) {
            this.issuer = str;
            return this;
        }

        public JwtService build() {
            return new JwtService(this.algorithm != null ? this.algorithm : Algorithm.none(), this.issuer != null ? this.issuer : "jBPM");
        }

        public JwtServiceBuilder keyPair(KeyPair keyPair) {
            if (keyPair != null) {
                this.algorithm = Algorithm.RSA256((RSAPublicKey) keyPair.getPublic(), (RSAPrivateKey) keyPair.getPrivate());
            }
            return this;
        }
    }

    private JwtService() {
        this(Algorithm.none());
    }

    private JwtService(Algorithm algorithm) {
        this(algorithm, "jBPM");
    }

    private JwtService(Algorithm algorithm, String str) {
        this.issuer = str;
        this.algorithm = algorithm;
        this.verifier = JWT.require(algorithm).withIssuer(str).build();
    }

    public String getIssuer() {
        return this.issuer;
    }

    public String token(String str, String... strArr) {
        return JWT.create().withIssuer(this.issuer).withSubject(str).withClaim("roles", Arrays.asList(strArr)).sign(this.algorithm);
    }

    public static JwtServiceBuilder newJwtServiceBuilder() {
        return new JwtServiceBuilder();
    }

    public JwtUserDetails decodeUserDetails(String str) {
        try {
            DecodedJWT verify = this.verifier.verify(str);
            String subject = verify.getSubject();
            List asList = verify.getClaim("roles").asList(String.class);
            return new JwtUserDetails(subject, asList != null ? asList : new ArrayList());
        } catch (JWTVerificationException e) {
            throw new IllegalArgumentException(e);
        }
    }
}
