package no.rogfk.jwt.config;

import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.impl.TextCodec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import javax.annotation.PostConstruct;
import no.rogfk.jwt.SpringJwtTokenizer;
import no.rogfk.jwt.annotations.EnableJwt;
import no.rogfk.jwt.claims.Claim;
import no.rogfk.jwt.claims.validators.ClaimValidator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jasypt.encryption.StringEncryptor;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Scope;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.util.StringUtils;

@EnableConfigurationProperties
@Configuration
@ComponentScan(basePackageClasses = {SpringJwtTokenizer.class})
/* loaded from: input_file:no/rogfk/jwt/config/SpringJwtTokenizerConfig.class */
public class SpringJwtTokenizerConfig implements ApplicationContextAware {
    private static final Logger log = LoggerFactory.getLogger(SpringJwtTokenizerConfig.class);

    @Value("${jasypt.encryptor.algorithm:PBEWithMD5AndDES}")
    private String encryptorAlgorithm;

    @Value("${jasypt.encryptor.password:}")
    private char[] encryptorPassword;

    @Autowired
    private ClaimsConfig claimsConfig;
    private Collection<ClaimValidator> validators;

    @PostConstruct
    public void init() {
        if (!this.claimsConfig.isEncryptionEnabled()) {
            if (StringUtils.isEmpty(this.claimsConfig.getKey())) {
                throw new IllegalArgumentException("Missing property 'jwt.key'");
            }
            this.claimsConfig.setKey(TextCodec.BASE64.encode(this.claimsConfig.getKey()));
        } else {
            if (this.encryptorPassword == null || this.encryptorPassword.length == 0) {
                throw new IllegalArgumentException("Missing property 'jasypt.encryptor.password'");
            }
            String key = this.claimsConfig.getKey();
            if (key == null || key.length() == 0) {
                log.info("No JWT key set, using encryptor password as key");
                this.claimsConfig.setKey(new String(this.encryptorPassword));
            }
        }
    }

    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.validators = applicationContext.getBeansOfType(ClaimValidator.class).values();
        Map beansWithAnnotation = applicationContext.getBeansWithAnnotation(EnableJwt.class);
        if (beansWithAnnotation.size() != 1) {
            throw new IllegalStateException("Expected 1 bean with @EnableJwtTokenizer, but found " + beansWithAnnotation.size());
        }
        setAnnotationConfig((EnableJwt) AnnotationUtils.findAnnotation(beansWithAnnotation.values().iterator().next().getClass(), EnableJwt.class));
    }

    private void setAnnotationConfig(EnableJwt enableJwt) {
        this.claimsConfig.setEncryptionEnabled(enableJwt.encryption());
        this.claimsConfig.setStandardValidators(enableJwt.standardValidators());
        String issuer = enableJwt.issuer();
        if (StringUtils.isEmpty(this.claimsConfig.getIssuer()) && !StringUtils.isEmpty(issuer)) {
            this.claimsConfig.setIssuer(issuer);
        }
        long maxAgeMinutes = enableJwt.maxAgeMinutes();
        if (this.claimsConfig.getMaxAgeMinutes() != null || maxAgeMinutes <= 0) {
            return;
        }
        this.claimsConfig.setMaxAgeMinutes(Long.valueOf(maxAgeMinutes));
    }

    @Bean
    public SpringJwtTokenizer springJwtTokenizer() {
        return new SpringJwtTokenizer(getClaimValidators(), getStandardClaims());
    }

    private Collection<ClaimValidator> getClaimValidators() {
        if (this.validators != null && this.validators.size() != 0) {
            return this.validators;
        }
        log.warn("No JWT claims validators found");
        return Collections.emptyList();
    }

    private Collection<Claim> getStandardClaims() {
        String issuer = this.claimsConfig.getIssuer();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Claim("iat", System.currentTimeMillis()));
        if (!StringUtils.isEmpty(issuer)) {
            arrayList.add(new Claim("iss", issuer));
        }
        return arrayList;
    }

    @Bean
    public StringEncryptor stringEncryptor() {
        if (!this.claimsConfig.isEncryptionEnabled()) {
            return new StringEncryptor() { // from class: no.rogfk.jwt.config.SpringJwtTokenizerConfig.1
                public String encrypt(String str) {
                    return str;
                }

                public String decrypt(String str) {
                    return str;
                }
            };
        }
        StandardPBEStringEncryptor standardPBEStringEncryptor = new StandardPBEStringEncryptor();
        standardPBEStringEncryptor.setProvider(new BouncyCastleProvider());
        standardPBEStringEncryptor.setAlgorithm(this.encryptorAlgorithm);
        standardPBEStringEncryptor.setPasswordCharArray(this.encryptorPassword);
        for (int i = 0; i < this.encryptorPassword.length; i++) {
            this.encryptorPassword[i] = ' ';
        }
        return standardPBEStringEncryptor;
    }

    @Scope("prototype")
    @Bean
    public JwtBuilder jwtBuilder() {
        return Jwts.builder().signWith(SignatureAlgorithm.HS256, this.claimsConfig.getKey());
    }

    @Scope("prototype")
    @Bean
    public JwtParser jwtParser() {
        return Jwts.parser().setSigningKey(this.claimsConfig.getKey());
    }
}
