package org.yamcs.http.auth;

import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.yamcs.security.User;

/* loaded from: input_file:org/yamcs/http/auth/JwtHelper.class */
public class JwtHelper {
    private static final String NO_ALG_HEADER = Base64.getUrlEncoder().withoutPadding().encodeToString("{\"alg\":\"none\"}".getBytes());
    private static final String HS256_HEADER = Base64.getUrlEncoder().withoutPadding().encodeToString("{\"alg\":\"HS256\"}".getBytes());

    /* loaded from: input_file:org/yamcs/http/auth/JwtHelper$JwtDecodeException.class */
    public static final class JwtDecodeException extends Exception {
        public JwtDecodeException(String str) {
            super(str);
        }

        public JwtDecodeException(String str, Throwable th) {
            super(str, th);
        }
    }

    public static String generateUnsignedToken(User user, int i) {
        return NO_ALG_HEADER + "." + generatePayload(user, i) + ".";
    }

    public static String generateHS256Token(User user, byte[] bArr, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        String str = HS256_HEADER;
        String generatePayload = generatePayload(user, i);
        return str + "." + generatePayload + "." + hmacSha256(bArr, str + "." + generatePayload);
    }

    private static String generatePayload(User user, int i) {
        JsonObject jsonObject = new JsonObject();
        jsonObject.addProperty("iss", "Yamcs");
        jsonObject.addProperty("sub", user.getName());
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        jsonObject.addProperty("iat", Long.valueOf(currentTimeMillis));
        if (i >= 0) {
            jsonObject.addProperty("exp", Long.valueOf(currentTimeMillis + i));
        }
        return Base64.getUrlEncoder().withoutPadding().encodeToString(jsonObject.toString().getBytes(StandardCharsets.UTF_8));
    }

    private static String hmacSha256(byte[] bArr, String str) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
        return Base64.getUrlEncoder().withoutPadding().encodeToString(mac.doFinal(str.getBytes()));
    }

    public static JsonObject decodeUnverified(String str) throws JwtDecodeException {
        try {
            try {
                return new JsonParser().parse(new String(Base64.getUrlDecoder().decode(str.split("\\.")[1].getBytes()), StandardCharsets.UTF_8)).getAsJsonObject();
            } catch (JsonSyntaxException e) {
                throw new JwtDecodeException("Could not decode JWT Payload as JSON");
            } catch (IllegalStateException e2) {
                throw new JwtDecodeException("Decoded JWT Payload is not a valid JSON Object");
            }
        } catch (IllegalArgumentException e3) {
            throw new JwtDecodeException("Could not decode JWT Payload as Base 64 URL-encoded String", e3);
        }
    }

    public static JsonObject decode(String str, byte[] bArr) throws JwtDecodeException, InvalidKeyException, NoSuchAlgorithmException {
        String[] split = str.split("\\.");
        if (split.length < 2) {
            throw new JwtDecodeException("JWT should consist of three sections separated by dots");
        }
        byte[] bytes = hmacSha256(bArr, split[0] + "." + split[1]).getBytes();
        if (split.length < 3) {
            throw new JwtDecodeException("Signature missing");
        }
        if (!Arrays.equals(bytes, split[2].getBytes())) {
            throw new JwtDecodeException("Invalid signature");
        }
        try {
            try {
                return new JsonParser().parse(new String(Base64.getUrlDecoder().decode(split[1].getBytes()), StandardCharsets.UTF_8)).getAsJsonObject();
            } catch (IllegalStateException e) {
                throw new JwtDecodeException("Decoded JWT Payload is not a valid JSON Object");
            } catch (JsonSyntaxException e2) {
                throw new JwtDecodeException("Could not decode JWT Payload as JSON");
            }
        } catch (IllegalArgumentException e3) {
            throw new JwtDecodeException("Could not decode JWT Payload as Base 64 URL-encoded UTF-8 String", e3);
        }
    }
}
