package inc.yukawa.chain.security.externalauth.apple;

import inc.yukawa.chain.security.externalauth.apple.AppleKeys;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.time.Instant;
import java.util.Base64;
import java.util.Date;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.MediaType;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.reactive.function.BodyInserters;
import org.springframework.web.reactive.function.client.WebClient;
import org.springframework.web.reactive.function.client.WebClientResponseException;
import reactor.core.publisher.Mono;

/* loaded from: input_file:inc/yukawa/chain/security/externalauth/apple/AppleIdClient.class */
public class AppleIdClient {
    private static final Logger LOG = LoggerFactory.getLogger(AppleIdClient.class);
    private final WebClient webClient;
    private final String clientId;
    private final String keyId;
    private final String teamId;
    private final String appleId;
    private final String redirectUrl;
    private final PrivateKey pKey;
    private final AppleIdTokenParser appleIdTokenParser;

    public AppleIdClient(WebClient webClient, String str, String str2, String str3, String str4, String str5, String str6) {
        this.webClient = webClient;
        this.clientId = str;
        this.keyId = str2;
        this.teamId = str3;
        this.appleId = str5;
        this.redirectUrl = str6;
        this.pKey = generatePrivateKey(str4);
        this.appleIdTokenParser = new AppleIdTokenParser(str5, str, getAppleKeys());
    }

    public Mono<Jws<Claims>> parseIdToken(String str) {
        return this.appleIdTokenParser.parse(str);
    }

    public Mono<String> getIdToken(String str) {
        return getAuthToken(str).map((v0) -> {
            return v0.id_token();
        });
    }

    public Mono<TokenResponse> getAuthToken(String str) {
        String generateVerificationToken = generateVerificationToken();
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("client_id", this.clientId);
        linkedMultiValueMap.add("client_secret", generateVerificationToken);
        linkedMultiValueMap.add("grant_type", "authorization_code");
        linkedMultiValueMap.add("code", str);
        if (StringUtils.hasText(this.redirectUrl)) {
            linkedMultiValueMap.add("redirect_uri", this.redirectUrl);
        }
        return this.webClient.post().uri("/auth/token", new Object[0]).headers(httpHeaders -> {
            httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        }).body(BodyInserters.fromFormData(linkedMultiValueMap)).retrieve().bodyToMono(TokenResponse.class).doOnNext(tokenResponse -> {
            LOG.debug("Got new token response which expires in {}", tokenResponse.expires_in());
        }).doOnError(WebClientResponseException.class, webClientResponseException -> {
            LOG.warn("Error response --> code: {} --> body: {}", webClientResponseException.getStatusCode(), webClientResponseException.getResponseBodyAsString());
        });
    }

    public Mono<AppleKeys> getAppleKeys() {
        return this.webClient.get().uri("/auth/keys", new Object[0]).retrieve().bodyToMono(AppleKeys.class).doOnNext(appleKeys -> {
            LOG.debug("Got apple keys response {}", appleKeys);
        }).doOnError(WebClientResponseException.class, webClientResponseException -> {
            LOG.warn("Error response --> code: {} --> body: {}", webClientResponseException.getStatusCode(), webClientResponseException.getResponseBodyAsString());
        });
    }

    private String generateVerificationToken() {
        return ((JwtBuilder) ((JwtBuilder) Jwts.builder().header().keyId(this.keyId).and()).issuer(this.teamId).audience().add(this.appleId).and()).subject(this.clientId).expiration(Date.from(Instant.now().plusSeconds(300L))).issuedAt(Date.from(Instant.now())).signWith(this.pKey).compact();
    }

    public static PrivateKey generatePrivateKey(String str) {
        try {
            return KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(Pattern.compile("(?m)(?s)^---*BEGIN.*---*$(.*)^---*END.*---*$.*").matcher(str).replaceFirst("$1").replaceAll("\\s", ""))));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new IllegalStateException(e);
        }
    }

    public static PublicKey asPublicKey(AppleKeys.AppleKey appleKey) {
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, Base64.getUrlDecoder().decode(appleKey.n())), new BigInteger(1, Base64.getUrlDecoder().decode(appleKey.e()))));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            LOG.warn("Unable to parse apple public key: {}", appleKey, e);
            throw new IllegalStateException(e);
        }
    }
}
