package io.nats.client.support;

import com.pubmatic.sdk.openwrap.core.POBConstants;
import io.nats.client.NKey;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.time.Duration;
import java.util.List;

/* loaded from: classes4.dex */
public abstract class JwtUtils {
    public static final String NATS_USER_JWT_FORMAT = "-----BEGIN NATS USER JWT-----\n%s\n------END NATS USER JWT------\n\n************************* IMPORTANT *************************\nNKEY Seed printed below can be used to sign and prove identity.\nNKEYs are sensitive and should be treated as secrets.\n\n-----BEGIN USER NKEY SEED-----\n%s\n------END USER NKEY SEED------\n\n*************************************************************\n";

    /* renamed from: a, reason: collision with root package name */
    public static final String f53389a = Encoding.base64UrlEncodeToString("{\"typ\":\"JWT\", \"alg\":\"ed25519-nkey\"}");

    /* loaded from: classes4.dex */
    public static class Permission implements JsonSerializable {
        public String[] allow;
        public String[] deny;

        public Permission allow(String... strArr) {
            this.allow = strArr;
            return this;
        }

        public Permission deny(String... strArr) {
            this.deny = strArr;
            return this;
        }

        @Override // io.nats.client.support.JsonSerializable
        public /* bridge */ /* synthetic */ byte[] serialize() {
            return super.serialize();
        }

        @Override // io.nats.client.support.JsonSerializable
        public String toJson() {
            StringBuilder beginJson = JsonUtils.beginJson();
            JsonUtils.addStrings(beginJson, "allow", this.allow);
            JsonUtils.addStrings(beginJson, "deny", this.deny);
            return JsonUtils.endJson(beginJson).toString();
        }

        @Override // io.nats.client.support.JsonSerializable
        public /* bridge */ /* synthetic */ JsonValue toJsonValue() {
            return super.toJsonValue();
        }
    }

    /* loaded from: classes4.dex */
    public static class ResponsePermission implements JsonSerializable {
        public Duration expires;
        public int maxMsgs;

        public ResponsePermission expires(long j8) {
            this.expires = Duration.ofMillis(j8);
            return this;
        }

        public ResponsePermission expires(Duration duration) {
            this.expires = duration;
            return this;
        }

        public ResponsePermission maxMsgs(int i2) {
            this.maxMsgs = i2;
            return this;
        }

        @Override // io.nats.client.support.JsonSerializable
        public /* bridge */ /* synthetic */ byte[] serialize() {
            return super.serialize();
        }

        @Override // io.nats.client.support.JsonSerializable
        public String toJson() {
            StringBuilder beginJson = JsonUtils.beginJson();
            JsonUtils.addField(beginJson, "max", Integer.valueOf(this.maxMsgs));
            JsonUtils.addFieldAsNanos(beginJson, "ttl", this.expires);
            return JsonUtils.endJson(beginJson).toString();
        }

        @Override // io.nats.client.support.JsonSerializable
        public /* bridge */ /* synthetic */ JsonValue toJsonValue() {
            return super.toJsonValue();
        }
    }

    /* loaded from: classes4.dex */
    public static class TimeRange implements JsonSerializable {
        public String end;
        public String start;

        public TimeRange(String str, String str2) {
            this.start = str;
            this.end = str2;
        }

        @Override // io.nats.client.support.JsonSerializable
        public /* bridge */ /* synthetic */ byte[] serialize() {
            return super.serialize();
        }

        @Override // io.nats.client.support.JsonSerializable
        public String toJson() {
            StringBuilder beginJson = JsonUtils.beginJson();
            JsonUtils.addField(beginJson, "start", this.start);
            JsonUtils.addField(beginJson, "end", this.end);
            return JsonUtils.endJson(beginJson).toString();
        }

        @Override // io.nats.client.support.JsonSerializable
        public /* bridge */ /* synthetic */ JsonValue toJsonValue() {
            return super.toJsonValue();
        }
    }

    /* loaded from: classes4.dex */
    public static class UserClaim implements JsonSerializable {
        public String[] allowedConnectionTypes;
        public boolean bearerToken;
        public String issuerAccount;
        public String locale;
        public Permission pub;
        public ResponsePermission resp;
        public String[] src;
        public Permission sub;
        public String[] tags;
        public List<TimeRange> times;
        public String type = POBConstants.KEY_USER;
        public int version = 2;
        public long subs = -1;
        public long data = -1;
        public long payload = -1;

        public UserClaim(String str) {
            this.issuerAccount = str;
        }

        public UserClaim allowedConnectionTypes(String... strArr) {
            this.allowedConnectionTypes = strArr;
            return this;
        }

        public UserClaim bearerToken(boolean z5) {
            this.bearerToken = z5;
            return this;
        }

        public UserClaim data(long j8) {
            this.data = j8;
            return this;
        }

        public UserClaim locale(String str) {
            this.locale = str;
            return this;
        }

        public UserClaim payload(long j8) {
            this.payload = j8;
            return this;
        }

        public UserClaim pub(Permission permission) {
            this.pub = permission;
            return this;
        }

        public UserClaim resp(ResponsePermission responsePermission) {
            this.resp = responsePermission;
            return this;
        }

        @Override // io.nats.client.support.JsonSerializable
        public /* bridge */ /* synthetic */ byte[] serialize() {
            return super.serialize();
        }

        public UserClaim src(String... strArr) {
            this.src = strArr;
            return this;
        }

        public UserClaim sub(Permission permission) {
            this.sub = permission;
            return this;
        }

        public UserClaim subs(long j8) {
            this.subs = j8;
            return this;
        }

        public UserClaim tags(String... strArr) {
            this.tags = strArr;
            return this;
        }

        public UserClaim times(List<TimeRange> list) {
            this.times = list;
            return this;
        }

        @Override // io.nats.client.support.JsonSerializable
        public String toJson() {
            StringBuilder beginJson = JsonUtils.beginJson();
            JsonUtils.addField(beginJson, "issuer_account", this.issuerAccount);
            JsonUtils.addStrings(beginJson, ApiConstants.TAGS, this.tags);
            JsonUtils.addField(beginJson, "type", this.type);
            JsonUtils.addField(beginJson, ApiConstants.VERSION, Integer.valueOf(this.version));
            JsonUtils.addField(beginJson, "pub", this.pub);
            JsonUtils.addField(beginJson, NatsJetStreamConstants.ROLLUP_HDR_SUBJECT, this.sub);
            JsonUtils.addField(beginJson, "resp", this.resp);
            JsonUtils.addStrings(beginJson, ApiConstants.SRC, this.src);
            JsonUtils.addJsons(beginJson, "times", this.times);
            JsonUtils.addField(beginJson, "times_location", this.locale);
            JsonUtils.addFieldWhenGteMinusOne(beginJson, "subs", Long.valueOf(this.subs));
            JsonUtils.addFieldWhenGteMinusOne(beginJson, "data", Long.valueOf(this.data));
            JsonUtils.addFieldWhenGteMinusOne(beginJson, "payload", Long.valueOf(this.payload));
            JsonUtils.addFldWhenTrue(beginJson, "bearer_token", Boolean.valueOf(this.bearerToken));
            JsonUtils.addStrings(beginJson, "allowed_connection_types", this.allowedConnectionTypes);
            return JsonUtils.endJson(beginJson).toString();
        }

        @Override // io.nats.client.support.JsonSerializable
        public /* bridge */ /* synthetic */ JsonValue toJsonValue() {
            return super.toJsonValue();
        }
    }

    private JwtUtils() {
    }

    public static long currentTimeSeconds() {
        return System.currentTimeMillis() / 1000;
    }

    public static String getClaimBody(String str) {
        return Encoding.base64UrlDecodeToString(str.split("\\.")[1]);
    }

    public static String issueJWT(NKey nKey, String str, String str2, Duration duration, long j8, String str3, JsonSerializable jsonSerializable) throws GeneralSecurityException, IOException {
        return issueJWT(nKey, str, str2, duration, j8, str3, null, jsonSerializable);
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [Um.e, java.lang.Object] */
    public static String issueJWT(NKey nKey, String str, String str2, Duration duration, long j8, String str3, String str4, JsonSerializable jsonSerializable) throws GeneralSecurityException, IOException {
        ?? obj = new Object();
        obj.f26443a = str4;
        obj.f26445c = j8;
        obj.f26446d = str3;
        obj.f26447e = str2;
        obj.f26448f = str;
        obj.f26449g = duration;
        obj.f26450h = jsonSerializable;
        obj.f26444b = new String(Encoding.base32Encode(MessageDigest.getInstance(Digester.DEFAULT_DIGEST_ALGORITHM).digest(obj.toJson().getBytes(StandardCharsets.US_ASCII))));
        String base64UrlEncodeToString = Encoding.base64UrlEncodeToString(obj.toJson());
        StringBuilder sb2 = new StringBuilder();
        String str5 = f53389a;
        return str5 + NatsConstants.DOT + base64UrlEncodeToString + NatsConstants.DOT + Encoding.base64UrlEncodeToString(nKey.sign(Yc.a.l(sb2, str5, NatsConstants.DOT, base64UrlEncodeToString).getBytes(StandardCharsets.UTF_8)));
    }

    public static String issueUserJWT(NKey nKey, String str, String str2) throws GeneralSecurityException, IOException {
        return issueUserJWT(nKey, str2, (String) null, (Duration) null, currentTimeSeconds(), (String) null, new UserClaim(str));
    }

    public static String issueUserJWT(NKey nKey, String str, String str2, String str3) throws GeneralSecurityException, IOException {
        return issueUserJWT(nKey, str2, str3, (Duration) null, currentTimeSeconds(), (String) null, new UserClaim(str));
    }

    public static String issueUserJWT(NKey nKey, String str, String str2, String str3, Duration duration, String... strArr) throws GeneralSecurityException, IOException {
        return issueUserJWT(nKey, str2, str3, duration, currentTimeSeconds(), (String) null, new UserClaim(str).tags(strArr));
    }

    public static String issueUserJWT(NKey nKey, String str, String str2, String str3, Duration duration, String[] strArr, long j8) throws GeneralSecurityException, IOException {
        return issueUserJWT(nKey, str2, str3, duration, j8, (String) null, new UserClaim(str).tags(strArr));
    }

    public static String issueUserJWT(NKey nKey, String str, String str2, String str3, Duration duration, String[] strArr, long j8, String str4) throws GeneralSecurityException, IOException {
        return issueUserJWT(nKey, str2, str3, duration, j8, str4, new UserClaim(str).tags(strArr));
    }

    public static String issueUserJWT(NKey nKey, String str, String str2, Duration duration, long j8, UserClaim userClaim) throws GeneralSecurityException, IOException {
        return issueUserJWT(nKey, str, str2, duration, j8, (String) null, userClaim);
    }

    public static String issueUserJWT(NKey nKey, String str, String str2, Duration duration, long j8, String str3, UserClaim userClaim) throws GeneralSecurityException, IOException {
        NKey.Type type = nKey.getType();
        NKey.Type type2 = NKey.Type.ACCOUNT;
        if (type != type2) {
            throw new IllegalArgumentException("issueUserJWT requires an account key for the signingKey parameter, but got " + nKey.getType());
        }
        NKey fromPublicKey = NKey.fromPublicKey(userClaim.issuerAccount.toCharArray());
        if (fromPublicKey.getType() != type2) {
            throw new IllegalArgumentException("issueUserJWT requires an account key for the accountId parameter, but got " + fromPublicKey.getType());
        }
        NKey fromPublicKey2 = NKey.fromPublicKey(str.toCharArray());
        if (fromPublicKey2.getType() == NKey.Type.USER) {
            return issueJWT(nKey, str, Validator.nullOrEmpty(str2) ? str : str2, duration, j8, new String(nKey.getPublicKey()), str3, userClaim);
        }
        throw new IllegalArgumentException("issueUserJWT requires a user key for the publicUserKey parameter, but got " + fromPublicKey2.getType());
    }
}
