package cn.com.pc.cloud.aaa.impl;

import cn.com.pc.cloud.aaa.LocalKeyPair;
import cn.com.pc.cloud.aaa.LocalTokenSigner;
import cn.com.pc.cloud.aaa.model.Identity;
import cn.com.pc.cloud.aaa.model.Token;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Date;

/* loaded from: input_file:BOOT-INF/classes/cn/com/pc/cloud/aaa/impl/LocalTokenSignerImpl.class */
public class LocalTokenSignerImpl implements LocalTokenSigner {
    private final Algorithm algorithm;
    private final String keyId;

    public LocalTokenSignerImpl(LocalKeyPair localKeyPair, String str) throws Exception {
        this.algorithm = buildAlgorithm(localKeyPair);
        this.keyId = str;
    }

    @Override // cn.com.pc.cloud.aaa.LocalTokenSigner
    public String sign(Token token) {
        return createJwt(Identity.fromToken(token), this.algorithm, this.keyId);
    }

    static String createJwt(Identity identity, Algorithm algorithm, String str) {
        return JWT.create().withKeyId(str).withIssuer("pc").withExpiresAt(new Date(identity.getExp() * 1000)).withIssuedAt(new Date(identity.getIat() * 1000)).withClaim("id", identity.getId()).withClaim("name", identity.getName()).withClaim("attrs", identity.getAttrs()).sign(algorithm);
    }

    static Algorithm buildAlgorithm(LocalKeyPair localKeyPair) throws Exception {
        KeyFactory keyFactory = KeyFactory.getInstance("EC");
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(localKeyPair.getPublicKey()));
        PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(localKeyPair.getPrivateKey())));
        PublicKey generatePublic = keyFactory.generatePublic(x509EncodedKeySpec);
        return Algorithm.ECDSA256((ECPublicKey) generatePublic, (ECPrivateKey) generatePrivate);
    }
}
