package org.webswing.server.common.util;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.Keys;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.UUID;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.webswing.Constants;
import org.webswing.server.common.model.security.AbstractWebswingUserProto;
import org.webswing.server.common.model.security.MapProto;
import org.webswing.server.common.model.security.WebswingAction;
import org.webswing.server.common.model.security.WebswingLoginSessionTokenClaimProto;
import org.webswing.server.common.model.security.WebswingTokenClaimProto;
import org.webswing.server.common.service.security.AbstractWebswingUser;
import org.webswing.server.common.service.security.WebswingLoginSessionTokenClaim;
import org.webswing.server.common.service.security.WebswingTokenClaim;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/webswing-server-common-20.2.1.jar:org/webswing/server/common/util/JwtUtil.class
 */
/* loaded from: input_file:WEB-INF/swing-lib/webswing-server-common-20.2.1.jar:org/webswing/server/common/util/JwtUtil.class */
public class JwtUtil {
    private static final String encryptionAlg = "AES/ECB/PKCS5Padding";
    private static final String encryptionKeySpec = "AES";
    private static Cipher cipher;
    private static SecretKey secretKey;
    private static final Logger log = LoggerFactory.getLogger(JwtUtil.class);
    private static final byte[] signingKey = System.getProperty(Constants.WEBSWING_CONNECTION_SECRET).getBytes(StandardCharsets.UTF_8);
    private static boolean usegGzip = Boolean.valueOf(System.getProperty(Constants.JWT_SERIALIZATION_USE_GZIP, "true")).booleanValue();
    private static boolean useProto = Boolean.valueOf(System.getProperty(Constants.JWT_SERIALIZATION_USE_PROTO, "true")).booleanValue();
    private static boolean useEncryption = Boolean.valueOf(System.getProperty(Constants.jWT_SERIALIZATION_USE_ENCRYPTION, "true")).booleanValue();
    private static ProtoMapper protoMapper = new ProtoMapper(ProtoMapper.PROTO_PACKAGE_JWT, ProtoMapper.PROTO_PACKAGE_JWT);
    private static ObjectMapper mapper = new ObjectMapper();

    public static boolean validateHandshakeToken(String str) {
        return validateToken(str, Constants.JWT_SUBJECT_HANDSHAKE);
    }

    private static boolean validateToken(String str, String str2) {
        try {
            createTokenParser(str2).parse(str);
            return true;
        } catch (Exception e) {
            log.debug("Could not validate JWT token [" + str + "]!", (Throwable) e);
            return false;
        }
    }

    public static String createHandshakeToken() {
        return createTokenBuilder(Long.getLong(Constants.JWT_HANDSHAKE_TOKEN_EXPIRATION_MILLIS, Constants.JWT_HANDSHAKE_TOKEN_EXPIRATION_MILLIS_DEFAULT).longValue(), Constants.JWT_SUBJECT_HANDSHAKE).compact();
    }

    public static String createAccessToken(String str) {
        return createTokenBuilder(Long.getLong(Constants.JWT_ACCESS_TOKEN_EXPIRATION_MILLIS, Constants.JWT_ACCESS_TOKEN_EXPIRATION_MILLIS_DEFAULT).longValue(), Constants.JWT_SUBJECT_ACCESS).claim(Constants.JWT_CLAIM_WEBSWING, str).compact();
    }

    public static String createRefreshToken(String str) {
        return createTokenBuilder(Long.getLong(Constants.JWT_REFRESH_TOKEN_EXPIRATION_MILLIS, Constants.JWT_REFRESH_TOKEN_EXPIRATION_MILLIS_DEFAULT).longValue(), Constants.JWT_SUBJECT_REFRESH).claim(Constants.JWT_CLAIM_WEBSWING, str).compact();
    }

    public static String createLoginSessionToken(String str) {
        return createTokenBuilder(Long.getLong(Constants.JWT_LOGIN_SESSION_TOKEN_EXPIRATION_MILLIS, Constants.JWT_LOGIN_SESSION_TOKEN_EXPIRATION_MILLIS_DEFAULT).longValue(), Constants.JWT_SUBJECT_LOGIN_SESSION).claim(Constants.JWT_CLAIM_WEBSWING_LOGIN_SESSION, str).compact();
    }

    public static String createTransferToken(String str) {
        return createTokenBuilder(Long.getLong(Constants.JWT_TRANSFER_TOKEN_EXPIRATION_MILLIS, Constants.JWT_TRANSFER_TOKEN_EXPIRATION_MILLIS_DEFAULT).longValue(), Constants.JWT_SUBJECT_TRANSFER).claim(Constants.JWT_CLAIM_WEBSWING, str).compact();
    }

    public static String createAdminConsoleLoginToken(String str) {
        return createTokenBuilder(Long.getLong(Constants.JWT_ADMIN_CONSOLE_LOGIN_TOKEN_EXPIRATION_MILLIS, Constants.JWT_ADMIN_CONSOLE_LOGIN_TOKEN_EXPIRATION_MILLIS_DEFAULT).longValue(), Constants.JWT_SUBJECT_ADMIN_CONSOLE_LOGIN).claim(Constants.JWT_CLAIM_WEBSWING, str).compact();
    }

    public static String createAdminConsoleAccessToken(String str) {
        return createTokenBuilder(Long.getLong(Constants.JWT_ADMIN_CONSOLE_ACCESS_TOKEN_EXPIRATION_MILLIS, Constants.JWT_ADMIN_CONSOLE_ACCESS_TOKEN_EXPIRATION_MILLIS_DEFAULT).longValue(), Constants.JWT_SUBJECT_ADMIN_CONSOLE_ACCESS).claim(Constants.JWT_CLAIM_WEBSWING, str).compact();
    }

    public static String createAdminConsoleRefreshToken(String str) {
        return createTokenBuilder(Long.getLong(Constants.JWT_ADMIN_CONSOLE_REFRESH_TOKEN_EXPIRATION_MILLIS, Constants.JWT_ADMIN_CONSOLE_REFRESH_TOKEN_EXPIRATION_MILLIS_DEFAULT).longValue(), Constants.JWT_SUBJECT_ADMIN_CONSOLE_REFRESH).claim(Constants.JWT_CLAIM_WEBSWING, str).compact();
    }

    public static String createAdminConsoleThreadDumpToken(String str) {
        return createTokenBuilder(Long.getLong(Constants.JWT_ADMIN_CONSOLE_THREAD_DUMP_TOKEN_EXPIRATION_MILLIS, Constants.JWT_ADMIN_CONSOLE_THREAD_DUMP_TOKEN_EXPIRATION_MILLIS_DEFAULT).longValue(), Constants.JWT_SUBJECT_ADMIN_CONSOLE_THREAD_DUMP).claim(Constants.JWT_CLAIM_WEBSWING, str).compact();
    }

    private static JwtBuilder createTokenBuilder(long j, String str) {
        return Jwts.builder().signWith(Keys.hmacShaKeyFor(signingKey)).setIssuedAt(new Date()).setExpiration(new Date(System.currentTimeMillis() + j)).setSubject(str).setId(UUID.randomUUID().toString());
    }

    public static Jws<Claims> parseAccessTokenClaims(String str) {
        return parseTokenClaims(str, Constants.JWT_SUBJECT_ACCESS);
    }

    public static Jws<Claims> parseRefreshTokenClaims(String str) {
        return parseTokenClaims(str, Constants.JWT_SUBJECT_REFRESH);
    }

    public static Jws<Claims> parseLoginSessionTokenClaims(String str) {
        return parseTokenClaims(str, Constants.JWT_SUBJECT_LOGIN_SESSION, Constants.JWT_CLAIM_WEBSWING_LOGIN_SESSION);
    }

    public static Jws<Claims> parseTransferTokenClaims(String str) {
        return parseTokenClaims(str, Constants.JWT_SUBJECT_TRANSFER);
    }

    public static Jws<Claims> parseAdminConsoleLoginTokenClaims(String str) {
        return parseTokenClaims(str, Constants.JWT_SUBJECT_ADMIN_CONSOLE_LOGIN);
    }

    public static Jws<Claims> parseAdminConsoleAccessTokenClaims(String str) {
        return parseTokenClaims(str, Constants.JWT_SUBJECT_ADMIN_CONSOLE_ACCESS);
    }

    public static Jws<Claims> parseAdminConsoleRefreshTokenClaims(String str) {
        return parseTokenClaims(str, Constants.JWT_SUBJECT_ADMIN_CONSOLE_REFRESH);
    }

    public static Jws<Claims> parseAdminConsoleThreadDumpTokenClaims(String str) {
        return parseTokenClaims(str, Constants.JWT_SUBJECT_ADMIN_CONSOLE_THREAD_DUMP);
    }

    private static Jws<Claims> parseTokenClaims(String str, String str2) {
        return parseTokenClaims(str, str2, Constants.JWT_CLAIM_WEBSWING);
    }

    private static Jws<Claims> parseTokenClaims(String str, String str2, String str3) {
        try {
            Jws<Claims> parseClaimsJws = createTokenParser(str2).parseClaimsJws(str);
            if (parseClaimsJws.getBody().containsKey(str3)) {
                parseClaimsJws.getBody().put(str3, parseClaimsJws.getBody().get(str3, String.class));
            }
            return parseClaimsJws;
        } catch (Exception e) {
            log.debug("Could not validate and parse claims from JWT token [" + str + "]!", (Throwable) e);
            return null;
        }
    }

    private static JwtParser createTokenParser(String str) {
        return Jwts.parserBuilder().setSigningKey(signingKey).setAllowedClockSkewSeconds(Long.getLong(Constants.JWT_CLOCK_SKEW_SECONDS, Constants.JWT_CLOCK_SKEW_SECONDS_DEFAULT).longValue()).requireSubject(str).build();
    }

    public static String serializeWebswingClaim(WebswingTokenClaim webswingTokenClaim) {
        byte[] bArr = null;
        if (useProto) {
            try {
                bArr = protoMapper.encodeProto(new WebswingTokenClaimProto(webswingTokenClaim));
            } catch (IOException e) {
                log.error("Failed to serialize user map!", (Throwable) e);
            }
        } else {
            try {
                bArr = mapper.writeValueAsBytes(webswingTokenClaim);
            } catch (JsonProcessingException e2) {
                log.error("Failed to serialize user map!", (Throwable) e2);
            }
        }
        return compressAndEncryptWebswingClaim(bArr);
    }

    public static String serializeWebswingLoginSessionClaim(WebswingLoginSessionTokenClaim webswingLoginSessionTokenClaim) {
        byte[] bArr = null;
        if (useProto) {
            try {
                bArr = protoMapper.encodeProto(new WebswingLoginSessionTokenClaimProto(webswingLoginSessionTokenClaim));
            } catch (IOException e) {
                log.error("Failed to serialize user map!", (Throwable) e);
            }
        } else {
            try {
                bArr = mapper.writeValueAsBytes(webswingLoginSessionTokenClaim);
            } catch (JsonProcessingException e2) {
                log.error("Failed to serialize user map!", (Throwable) e2);
            }
        }
        return compressAndEncryptWebswingClaim(bArr);
    }

    private static String compressAndEncryptWebswingClaim(byte[] bArr) {
        byte[] bArr2 = bArr;
        if (usegGzip) {
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    GZIPOutputStream gZIPOutputStream = new GZIPOutputStream(byteArrayOutputStream);
                    try {
                        gZIPOutputStream.write(bArr2);
                        gZIPOutputStream.finish();
                        bArr2 = byteArrayOutputStream.toByteArray();
                        gZIPOutputStream.close();
                        byteArrayOutputStream.close();
                    } catch (Throwable th) {
                        try {
                            gZIPOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } finally {
                }
            } catch (IOException e) {
                log.error("Could not gzip token claim!", (Throwable) e);
            }
        }
        if (useEncryption) {
            if (cipher == null || secretKey == null) {
                return null;
            }
            try {
                cipher.init(1, secretKey);
                bArr2 = Base64.getUrlEncoder().encode(cipher.doFinal(bArr2));
            } catch (Exception e2) {
                log.error("Failed to encrypt user map for JWT token!", (Throwable) e2);
            }
        }
        return new String(bArr2, StandardCharsets.UTF_8);
    }

    public static WebswingTokenClaim deserializeWebswingClaim(String str) throws IOException {
        byte[] decryptAndDecompressWebswingClaim = decryptAndDecompressWebswingClaim(str);
        if (!useProto) {
            try {
                return (WebswingTokenClaim) mapper.readValue(decryptAndDecompressWebswingClaim, WebswingTokenClaim.class);
            } catch (IOException e) {
                log.error("Failed to deserialize user map!", (Throwable) e);
                throw e;
            }
        }
        WebswingTokenClaimProto webswingTokenClaimProto = (WebswingTokenClaimProto) protoMapper.decodeProto(decryptAndDecompressWebswingClaim, WebswingTokenClaimProto.class);
        WebswingTokenClaim webswingTokenClaim = new WebswingTokenClaim();
        webswingTokenClaim.setHost(webswingTokenClaimProto.getHost());
        if (webswingTokenClaimProto.getAttributes() != null) {
            HashMap hashMap = new HashMap();
            for (MapProto mapProto : webswingTokenClaimProto.getAttributes()) {
                try {
                    hashMap.put(mapProto.getKey(), mapper.readValue(mapProto.getValue(), Object.class));
                } catch (Exception e2) {
                    log.error("Could not deserialize attribute [" + mapProto.getKey() + "]!", (Throwable) e2);
                }
            }
            webswingTokenClaim.setAttributes(hashMap);
        }
        if (webswingTokenClaimProto.getUserMap() != null) {
            HashMap hashMap2 = new HashMap();
            for (AbstractWebswingUserProto abstractWebswingUserProto : webswingTokenClaimProto.getUserMap()) {
                AbstractWebswingUser abstractWebswingUser = new AbstractWebswingUser();
                abstractWebswingUser.setUserId(abstractWebswingUserProto.getUserId());
                abstractWebswingUser.setRoles(abstractWebswingUserProto.getRoles());
                ArrayList arrayList = new ArrayList();
                if (abstractWebswingUserProto.getPermissions() != null) {
                    arrayList.addAll(arrayList);
                }
                if (abstractWebswingUserProto.getWebswingActionPermissions() != null) {
                    Iterator<WebswingAction> it = abstractWebswingUserProto.getWebswingActionPermissions().iterator();
                    while (it.hasNext()) {
                        arrayList.add(it.next().name());
                    }
                }
                abstractWebswingUser.setPermissions(arrayList);
                if (abstractWebswingUserProto.getUserAttributes() != null) {
                    HashMap hashMap3 = new HashMap();
                    for (MapProto mapProto2 : abstractWebswingUserProto.getUserAttributes()) {
                        try {
                            hashMap3.put(mapProto2.getKey(), (Serializable) mapper.readValue(mapProto2.getValue(), Serializable.class));
                        } catch (Exception e3) {
                            log.error("Could not deserialize attribute [" + mapProto2.getKey() + "]!", (Throwable) e3);
                        }
                    }
                    abstractWebswingUser.setUserAttributes(hashMap3);
                }
                hashMap2.put(abstractWebswingUserProto.getSecuredPath(), abstractWebswingUser);
            }
            webswingTokenClaim.setUserMap(hashMap2);
        }
        return webswingTokenClaim;
    }

    public static WebswingLoginSessionTokenClaim deserializeWebswingLoginSessionClaim(String str) throws IOException {
        byte[] decryptAndDecompressWebswingClaim = decryptAndDecompressWebswingClaim(str);
        if (!useProto) {
            try {
                return (WebswingLoginSessionTokenClaim) mapper.readValue(decryptAndDecompressWebswingClaim, WebswingLoginSessionTokenClaim.class);
            } catch (IOException e) {
                log.error("Failed to deserialize user map!", (Throwable) e);
                throw e;
            }
        }
        WebswingLoginSessionTokenClaimProto webswingLoginSessionTokenClaimProto = (WebswingLoginSessionTokenClaimProto) protoMapper.decodeProto(decryptAndDecompressWebswingClaim, WebswingLoginSessionTokenClaimProto.class);
        WebswingLoginSessionTokenClaim webswingLoginSessionTokenClaim = new WebswingLoginSessionTokenClaim();
        if (webswingLoginSessionTokenClaimProto.getAttributes() != null) {
            HashMap hashMap = new HashMap();
            for (MapProto mapProto : webswingLoginSessionTokenClaimProto.getAttributes()) {
                try {
                    hashMap.put(mapProto.getKey(), mapper.readValue(mapProto.getValue(), Object.class));
                } catch (Exception e2) {
                    log.error("Could not deserialize attribute [" + mapProto.getKey() + "]!", (Throwable) e2);
                }
            }
            webswingLoginSessionTokenClaim.setAttributes(hashMap);
        }
        return webswingLoginSessionTokenClaim;
    }

    private static byte[] decryptAndDecompressWebswingClaim(String str) {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        if (useEncryption) {
            if (cipher == null || secretKey == null) {
                return null;
            }
            try {
                cipher.init(2, secretKey);
                bytes = cipher.doFinal(Base64.getUrlDecoder().decode(bytes));
            } catch (Exception e) {
                log.error("Failed to decrypt user map for JWT token!", (Throwable) e);
            }
        }
        if (usegGzip) {
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    GZIPInputStream gZIPInputStream = new GZIPInputStream(new ByteArrayInputStream(bytes));
                    try {
                        IOUtils.copy(gZIPInputStream, byteArrayOutputStream);
                        bytes = byteArrayOutputStream.toByteArray();
                        gZIPInputStream.close();
                        byteArrayOutputStream.close();
                    } catch (Throwable th) {
                        try {
                            gZIPInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } finally {
                }
            } catch (IOException e2) {
                log.error("Could not un-gzip token claim!", (Throwable) e2);
            }
        }
        return bytes;
    }

    static {
        try {
            cipher = Cipher.getInstance(encryptionAlg);
            secretKey = new SecretKeySpec(Arrays.copyOfRange(signingKey, 0, 32), encryptionKeySpec);
        } catch (Exception e) {
            log.error("Failed to initialize JWT encryption!", (Throwable) e);
        }
    }
}
