package io.jans.inbound;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.util.Base64;
import java.util.Date;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;

/* loaded from: input_file:io/jans/inbound/JwtUtil.class */
public class JwtUtil {
    private static final Base64.Decoder decoder = Base64.getDecoder();

    public static String mkES256SignedJWT(String str, String str2, String str3, String str4, String str5, int i) throws JOSEException, NoSuchAlgorithmException, InvalidKeySpecException {
        ECDSASigner eCDSASigner = new ECDSASigner(KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(decoder.decode(str))), Curve.P_256);
        long currentTimeMillis = System.currentTimeMillis();
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.ES256).keyID(str2).type(JOSEObjectType.JWT).build(), new JWTClaimsSet.Builder().issuer(str3).issueTime(new Date(currentTimeMillis)).expirationTime(new Date(currentTimeMillis + (i * 1000))).audience(str4).subject(str5).build());
        signedJWT.sign(eCDSASigner);
        return signedJWT.serialize();
    }

    public static Map<String, Object> partialVerifyJWT(String str, String str2, String str3) throws ParseException, JOSEException {
        JWTClaimsSet jWTClaimsSet = SignedJWT.parse(str).getJWTClaimsSet();
        if (!str2.equals(jWTClaimsSet.getIssuer())) {
            throw new JOSEException("Unexpected issuer value in id_token");
        }
        Stream stream = jWTClaimsSet.getAudience().stream();
        Objects.requireNonNull(str3);
        if (stream.filter((v1) -> {
            return r1.equals(v1);
        }).findFirst().isEmpty()) {
            throw new JOSEException("id_token does not contain the expected audience " + str3);
        }
        if (((Long) Optional.ofNullable(jWTClaimsSet.getExpirationTime()).map((v0) -> {
            return v0.getTime();
        }).orElse(0L)).longValue() < System.currentTimeMillis()) {
            throw new JOSEException("Expired id_token");
        }
        return jWTClaimsSet.toJSONObject();
    }

    private JwtUtil() {
    }
}
