package org.kogito.examples.sw.github.service;

import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.impl.DefaultJwtBuilder;
import io.jsonwebtoken.jackson.io.JacksonSerializer;
import io.quarkus.cache.CacheResult;
import java.io.File;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.enterprise.context.ApplicationScoped;
import org.apache.commons.io.FileUtils;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.kohsuke.github.GHAppInstallation;
import org.kohsuke.github.GHPermissionType;
import org.kohsuke.github.GitHubBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ApplicationScoped
/* loaded from: input_file:org/kogito/examples/sw/github/service/TokenProvider.class */
public class TokenProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(TokenProvider.class);
    private static final int expirationMillis = 600000;
    private static final int cacheExpirationMillis = 300000;

    @ConfigProperty(name = "org.kogito.examples.sw.github.service.app_id")
    String appId;

    @ConfigProperty(name = "org.kogito.examples.sw.github.service.key")
    String privateKeyPath;

    @ConfigProperty(name = "org.kogito.examples.sw.github.service.installation_id")
    Long installationId;

    private PrivateKey getPrivateKey() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(FileUtils.readFileToByteArray(new File(this.privateKeyPath))));
    }

    public String createJWT() throws NoSuchAlgorithmException, IOException, InvalidKeySpecException {
        SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.RS256;
        long currentTimeMillis = System.currentTimeMillis();
        Date date = new Date(currentTimeMillis);
        JwtBuilder signWith = new DefaultJwtBuilder().setIssuedAt(date).setIssuer(this.appId).signWith(getPrivateKey(), signatureAlgorithm);
        signWith.serializeToJsonWith(new JacksonSerializer());
        signWith.setExpiration(new Date(currentTimeMillis + 600000));
        String compact = signWith.compact();
        LOGGER.info("JWT token generated and signed successfully");
        return compact;
    }

    @CacheResult(cacheName = "access_token", lockTimeout = 300000)
    public String getToken() throws Exception {
        GHAppInstallation installationById = new GitHubBuilder().withJwtToken(createJWT()).build().getApp().getInstallationById(this.installationId.longValue());
        LOGGER.info("Attempt to generate token to GH Account {}", installationById.getAccount().getName());
        String token = installationById.createToken(getPermissions()).create().getToken();
        LOGGER.info("Final token generated successfully");
        return token;
    }

    private Map<String, GHPermissionType> getPermissions() {
        HashMap hashMap = new HashMap();
        hashMap.put("pull_requests", GHPermissionType.WRITE);
        hashMap.put("issues", GHPermissionType.WRITE);
        return hashMap;
    }
}
