package com.adtsw.jchannels.auth;

import com.adtsw.jchannels.model.Constants;
import com.adtsw.jchannels.model.auth.SessionInfo;
import com.adtsw.jchannels.model.auth.TokenInfo;
import com.adtsw.jchannels.model.exception.InvalidTokenException;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.Keys;
import java.time.Instant;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Optional;
import javax.crypto.SecretKey;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/adtsw/jchannels/auth/JWTTokenManager.class */
public class JWTTokenManager implements ITokenManager {
    private static final Logger logger = LogManager.getLogger(JWTTokenManager.class);
    private final byte[] secretKey;
    private final long expirationInSeconds;
    private final Optional<ITokenValidator> additionalValidator;

    public JWTTokenManager(byte[] bArr, long j) {
        this.secretKey = bArr;
        this.expirationInSeconds = j;
        this.additionalValidator = Optional.empty();
    }

    @Override // com.adtsw.jchannels.auth.ITokenManager
    public TokenInfo generate(SessionInfo sessionInfo) {
        SecretKey hmacShaKeyFor = Keys.hmacShaKeyFor(this.secretKey);
        String str = sessionInfo.getIdentity() + "_" + System.currentTimeMillis();
        return new TokenInfo(str, Jwts.builder().claim(Constants.SCOPE_CLAIM, sessionInfo.getScope()).setSubject(sessionInfo.getIdentity()).setId(str).setExpiration(Date.from(Instant.now().plusSeconds(this.expirationInSeconds))).signWith(hmacShaKeyFor).compact());
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v24, types: [java.util.List] */
    @Override // com.adtsw.jchannels.auth.ITokenManager
    public SessionInfo validate(String str) throws InvalidTokenException {
        ArrayList arrayList;
        try {
            Jws<Claims> parseClaimsJws = Jwts.parserBuilder().setSigningKey(this.secretKey).build().parseClaimsJws(str);
            String id = ((Claims) parseClaimsJws.getBody()).getId();
            checkExpiration(id, parseClaimsJws);
            String subject = ((Claims) parseClaimsJws.getBody()).getSubject();
            Object obj = ((Claims) parseClaimsJws.getBody()).get(Constants.SCOPE_CLAIM);
            try {
                arrayList = obj == null ? new ArrayList() : (List) obj;
            } catch (Exception e) {
                arrayList = new ArrayList();
            }
            SessionInfo sessionInfo = new SessionInfo(subject, arrayList);
            runAdditionalValidations(id, sessionInfo);
            return sessionInfo;
        } catch (JwtException e2) {
            throw new InvalidTokenException(e2.getMessage());
        }
    }

    private void checkExpiration(String str, Jws<Claims> jws) throws InvalidTokenException {
        Date expiration = ((Claims) jws.getBody()).getExpiration();
        Instant instant = ZonedDateTime.now().toInstant();
        if (expiration == null || instant.isAfter(expiration.toInstant())) {
            logger.warn("token id " + str + " failed expiration check");
            throw new InvalidTokenException("Expiration check failed for " + str);
        }
    }

    private void runAdditionalValidations(String str, SessionInfo sessionInfo) throws InvalidTokenException {
        if (!this.additionalValidator.isPresent() || this.additionalValidator.get().validate(str, sessionInfo)) {
            return;
        }
        logger.warn("token id " + str + " failed additional validation");
        throw new InvalidTokenException("Additional validation failed for " + str);
    }

    public JWTTokenManager(byte[] bArr, long j, Optional<ITokenValidator> optional) {
        this.secretKey = bArr;
        this.expirationInSeconds = j;
        this.additionalValidator = optional;
    }
}
