package org.rajivprab.sava.session;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Strings;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.time.Duration;
import java.time.Instant;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.SerializationException;
import org.apache.commons.lang3.SerializationUtils;
import org.rajivprab.cava.CheckedExceptionWrapper;
import org.rajivprab.cava.Validatec;
import org.rajivprab.sava.logging.Severity;
import org.rajivprab.sava.rest.InvalidTokenException;

/* loaded from: input_file:org/rajivprab/sava/session/SessionParser.class */
public class SessionParser<T> {
    private final SessionMac mac;
    private final SessionEncryption encryption;
    private final SessionCrossChecker<T> checker;

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:org/rajivprab/sava/session/SessionParser$PayloadWithSignature.class */
    public static class PayloadWithSignature implements Serializable {
        private final byte[] payload;
        private final byte[] hmacSignature;

        public PayloadWithSignature(byte[] bArr, Mac mac) {
            this.payload = bArr;
            this.hmacSignature = mac.doFinal(bArr);
        }

        public void verifyHmacSignature(Mac mac) {
            if (!Arrays.equals(new PayloadWithSignature(this.payload, mac).hmacSignature, this.hmacSignature)) {
                throw new InvalidTokenException("Token HMAC Signature Invalid", Severity.WARN);
            }
        }

        public byte[] getPayload() {
            return this.payload;
        }

        public String toString() {
            return "Payload:\n" + Arrays.toString(this.payload) + "\nSignature:\n" + Arrays.toString(this.hmacSignature);
        }
    }

    public static <T> SessionParser<T> build(SessionMac sessionMac, SessionEncryption sessionEncryption, SessionCrossChecker<T> sessionCrossChecker) {
        return new SessionParser<>(sessionMac, sessionEncryption, sessionCrossChecker);
    }

    private SessionParser(SessionMac sessionMac, SessionEncryption sessionEncryption, SessionCrossChecker<T> sessionCrossChecker) {
        this.mac = sessionMac;
        this.encryption = sessionEncryption;
        this.checker = sessionCrossChecker;
    }

    public Session<T> parseToken(String str) {
        Session<T> parseTokenInsecure = parseTokenInsecure(str);
        Validatec.isTrue(!this.checker.isTokenRevoked(str), () -> {
            throwInvalidTokenException(str);
        });
        this.checker.verifySessionData(parseTokenInsecure.getData());
        return parseTokenInsecure;
    }

    public Session<T> parseTokenInsecure(String str) {
        Session<T> verifyTokenIntegrity = verifyTokenIntegrity(str);
        Validatec.greaterThan(verifyTokenIntegrity.getExpiry(), Instant.now(), "Token has expired with time", InvalidTokenException.class);
        return verifyTokenIntegrity;
    }

    public String generateToken(T t, Duration duration) {
        return generateToken(Session.build(t, duration));
    }

    public String generateToken(Session<T> session) {
        return Base64.getEncoder().encodeToString(encrypt(SerializationUtils.serialize(new PayloadWithSignature(SerializationUtils.serialize(session), this.mac.getMacInstance()))));
    }

    private Session<T> verifyTokenIntegrity(String str) {
        Validatec.isTrue(!Strings.isNullOrEmpty(str), new InvalidTokenException("No token provided", Severity.DEBUG));
        try {
            PayloadWithSignature payloadWithSignature = (PayloadWithSignature) SerializationUtils.deserialize(decrypt(Base64.getDecoder().decode(str)));
            payloadWithSignature.verifyHmacSignature(this.mac.getMacInstance());
            return (Session) SerializationUtils.deserialize(payloadWithSignature.getPayload());
        } catch (ClassCastException | NoClassDefFoundError e) {
            throw new InvalidTokenException("Token decode error: Potential Hack", new CheckedExceptionWrapper(e), Severity.FATAL);
        } catch (IllegalArgumentException | SerializationException | ArrayIndexOutOfBoundsException e2) {
            throw new InvalidTokenException("Token decode error", e2, Severity.WARN);
        } catch (NegativeArraySizeException | NullPointerException e3) {
            throw new InvalidTokenException("Token decode error: NPE", e3, Severity.ERROR);
        }
    }

    private byte[] encrypt(byte[] bArr) {
        try {
            Cipher cipherInstance = this.encryption.getCipherInstance();
            cipherInstance.init(1, this.encryption.getEncryptionSecretKey());
            byte[] iv = ((IvParameterSpec) cipherInstance.getParameters().getParameterSpec(IvParameterSpec.class)).getIV();
            byte[] doFinal = cipherInstance.doFinal(bArr);
            Validatec.equals(Integer.valueOf(iv.length), Integer.valueOf(this.encryption.ivNumBytes()));
            return ArrayUtils.addAll(iv, doFinal);
        } catch (GeneralSecurityException e) {
            throw new CheckedExceptionWrapper(e);
        }
    }

    private byte[] decrypt(byte[] bArr) {
        try {
            Validatec.greaterThan(Integer.valueOf(bArr.length), Integer.valueOf(this.encryption.ivNumBytes()));
            byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, this.encryption.ivNumBytes());
            byte[] copyOfRange2 = Arrays.copyOfRange(bArr, this.encryption.ivNumBytes(), bArr.length);
            Cipher cipherInstance = this.encryption.getCipherInstance();
            cipherInstance.init(2, this.encryption.getEncryptionSecretKey(), new IvParameterSpec(copyOfRange));
            return cipherInstance.doFinal(copyOfRange2);
        } catch (Exception e) {
            throw new InvalidTokenException("Token decrypt error: " + Arrays.toString(bArr), e, Severity.INFO);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void throwInvalidTokenException(String str) {
        throw new InvalidTokenException("Revoked token being used: " + str, Severity.WARN);
    }
}
