package alpine.server.auth;

import alpine.Config;
import alpine.common.logging.Logger;
import alpine.model.LdapUser;
import alpine.model.OidcUser;
import alpine.model.Permission;
import alpine.security.crypto.KeyManager;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.SignatureException;
import io.jsonwebtoken.UnsupportedJwtException;
import java.security.Key;
import java.security.Principal;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.crypto.SecretKey;
import org.owasp.security.logging.SecurityMarkers;

/* loaded from: input_file:alpine/server/auth/JsonWebToken.class */
public class JsonWebToken {
    private static final Logger LOGGER = Logger.getLogger(JsonWebToken.class);
    private static final String IDENTITY_PROVIDER_CLAIM = "idp";
    private static String ISSUER;
    private final Key key;
    private String subject;
    private Date expiration;
    private IdentityProvider identityProvider;

    public JsonWebToken(SecretKey secretKey) {
        this.key = secretKey;
    }

    public JsonWebToken() {
        this.key = KeyManager.getInstance().getSecretKey();
    }

    public String createToken(Principal principal) {
        return createToken(principal, null);
    }

    public String createToken(Principal principal, List<Permission> list) {
        return createToken(principal, list, null);
    }

    public String createToken(Principal principal, List<Permission> list, IdentityProvider identityProvider) {
        Date date = new Date();
        JwtBuilder builder = Jwts.builder();
        builder.setSubject(principal.getName());
        builder.setIssuer(ISSUER);
        builder.setIssuedAt(date);
        builder.setExpiration(addDays(date, 7));
        if (list != null) {
            builder.claim("permissions", list.stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.joining(",")));
        }
        if (identityProvider != null) {
            builder.claim(IDENTITY_PROVIDER_CLAIM, identityProvider.name());
        } else if (principal instanceof LdapUser) {
            builder.claim(IDENTITY_PROVIDER_CLAIM, IdentityProvider.LDAP.name());
        } else if (principal instanceof OidcUser) {
            builder.claim(IDENTITY_PROVIDER_CLAIM, IdentityProvider.OPENID_CONNECT.name());
        } else {
            builder.claim(IDENTITY_PROVIDER_CLAIM, IdentityProvider.LOCAL.name());
        }
        return builder.signWith(SignatureAlgorithm.HS256, this.key).compact();
    }

    public String createToken(Map<String, Object> map) {
        JwtBuilder builder = Jwts.builder();
        builder.setClaims(map);
        return builder.signWith(SignatureAlgorithm.HS256, this.key).compact();
    }

    public boolean validateToken(String str) {
        try {
            Jws parseClaimsJws = Jwts.parser().setSigningKey(this.key).parseClaimsJws(str);
            this.subject = ((Claims) parseClaimsJws.getBody()).getSubject();
            this.expiration = ((Claims) parseClaimsJws.getBody()).getExpiration();
            this.identityProvider = IdentityProvider.forName((String) ((Claims) parseClaimsJws.getBody()).get(IDENTITY_PROVIDER_CLAIM, String.class));
            return true;
        } catch (UnsupportedJwtException | IllegalArgumentException e) {
            LOGGER.error(SecurityMarkers.SECURITY_FAILURE, e.getMessage());
            return false;
        } catch (MalformedJwtException e2) {
            LOGGER.debug(SecurityMarkers.SECURITY_FAILURE, "Received malformed token");
            LOGGER.debug(SecurityMarkers.SECURITY_FAILURE, e2.getMessage());
            return false;
        } catch (ExpiredJwtException e3) {
            LOGGER.debug(SecurityMarkers.SECURITY_FAILURE, "Received expired token");
            return false;
        } catch (SignatureException e4) {
            LOGGER.info(SecurityMarkers.SECURITY_FAILURE, "Received token that did not pass signature verification");
            return false;
        }
    }

    private Date addDays(Date date, int i) {
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(5, i);
        return calendar.getTime();
    }

    public String getSubject() {
        return this.subject;
    }

    public Date getExpiration() {
        return this.expiration;
    }

    public IdentityProvider getIdentityProvider() {
        return this.identityProvider;
    }

    static {
        ISSUER = "Alpine";
        if (Config.getInstance().getApplicationName() != null) {
            ISSUER = Config.getInstance().getApplicationName();
        } else {
            Config.getInstance().getFrameworkName();
        }
    }
}
