package fr.enedis.chutney.security.infra.jwt;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;

/* loaded from: input_file:fr/enedis/chutney/security/infra/jwt/JwtUtil.class */
public class JwtUtil {
    private final ChutneyJwtProperties chutneyJwtProperties;
    private final RSAKey signinKey = new RSAKeyGenerator(2048).keyUse(KeyUse.SIGNATURE).keyID(UUID.randomUUID().toString()).generate();
    private final JWSAlgorithm algorithm = JWSAlgorithm.RS256;

    public JwtUtil(ChutneyJwtProperties chutneyJwtProperties) throws JOSEException {
        this.chutneyJwtProperties = chutneyJwtProperties;
    }

    public NimbusJwtDecoder nimbusJwtDecoder() throws JOSEException {
        return NimbusJwtDecoder.withPublicKey(this.signinKey.toRSAPublicKey()).build();
    }

    public String generateToken(String str, Map<String, Object> map) {
        String issuer = this.chutneyJwtProperties.issuer();
        Instant now = Instant.now();
        Instant plus = now.plus((TemporalAmount) Duration.ofMillis(this.chutneyJwtProperties.expiresIn().toMillis()));
        JWSHeader jWSHeader = new JWSHeader(this.algorithm);
        JWTClaimsSet.Builder expirationTime = new JWTClaimsSet.Builder().subject(str).issuer(issuer).issueTime(Date.from(now)).expirationTime(Date.from(plus));
        Objects.requireNonNull(expirationTime);
        map.forEach(expirationTime::claim);
        SignedJWT signedJWT = new SignedJWT(jWSHeader, expirationTime.build());
        try {
            signedJWT.sign(new RSASSASigner(this.signinKey));
            return signedJWT.serialize();
        } catch (JOSEException e) {
            throw new RuntimeException("Unable to generate JWT", e);
        }
    }
}
