package com.yahoo.athenz.auth.token;

import com.yahoo.athenz.auth.util.Crypto;
import com.yahoo.athenz.auth.util.CryptoException;
import java.security.PrivateKey;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yahoo/athenz/auth/token/PrincipalToken.class */
public class PrincipalToken extends Token {
    private String name;
    private String originalRequestor;
    protected String keyService;
    private List<String> authorizedServices;
    private String authorizedServiceName;
    private String authorizedServiceKeyId;
    private String authorizedServiceSignature;
    private static final Logger LOG = LoggerFactory.getLogger(PrincipalToken.class);

    /* loaded from: input_file:com/yahoo/athenz/auth/token/PrincipalToken$Builder.class */
    public static class Builder {
        private String domain;
        private String name;
        private String version;
        private String salt = Crypto.randomSalt();
        private String host = null;
        private String ip = null;
        private String keyId = "0";
        private long expirationWindow = 3600;
        private long issueTime = 0;
        private List<String> authorizedServices = null;
        private String keyService = null;
        private String originalRequestor = null;

        public Builder(String str, String str2, String str3) {
            if (str == null || str2 == null || str3 == null) {
                throw new IllegalArgumentException("version, domain and name parameters must not be null.");
            }
            if (str.isEmpty() || str2.isEmpty() || str3.isEmpty()) {
                throw new IllegalArgumentException("version, domain and name parameters must have values.");
            }
            this.version = str;
            this.domain = str2;
            this.name = str3;
        }

        public Builder host(String str) {
            this.host = str;
            return this;
        }

        public Builder salt(String str) {
            this.salt = str;
            return this;
        }

        public Builder ip(String str) {
            this.ip = str;
            return this;
        }

        public Builder keyId(String str) {
            this.keyId = str;
            return this;
        }

        public Builder issueTime(long j) {
            this.issueTime = j;
            return this;
        }

        public Builder expirationWindow(long j) {
            this.expirationWindow = j;
            return this;
        }

        public Builder authorizedServices(List<String> list) {
            this.authorizedServices = list;
            return this;
        }

        public Builder keyService(String str) {
            this.keyService = str;
            return this;
        }

        public Builder originalRequestor(String str) {
            this.originalRequestor = str;
            return this;
        }

        public PrincipalToken build() {
            return new PrincipalToken(this);
        }
    }

    private PrincipalToken(Builder builder) {
        this.name = null;
        this.originalRequestor = null;
        this.keyService = null;
        this.authorizedServices = null;
        this.authorizedServiceName = null;
        this.authorizedServiceKeyId = "0";
        this.authorizedServiceSignature = null;
        this.version = builder.version;
        this.domain = builder.domain;
        this.name = builder.name;
        this.host = builder.host;
        this.salt = builder.salt;
        this.keyId = builder.keyId;
        this.ip = builder.ip;
        this.authorizedServices = builder.authorizedServices;
        this.keyService = builder.keyService;
        this.originalRequestor = builder.originalRequestor;
        super.setTimeStamp(builder.issueTime, builder.expirationWindow);
        StringBuilder sb = new StringBuilder(512);
        sb.append("v=");
        sb.append(this.version);
        sb.append(";d=");
        sb.append(this.domain);
        sb.append(";n=");
        sb.append(this.name);
        if (this.host != null && !this.host.isEmpty()) {
            sb.append(";h=");
            sb.append(this.host);
        }
        sb.append(";a=");
        sb.append(this.salt);
        sb.append(";t=");
        sb.append(this.timestamp);
        sb.append(";e=");
        sb.append(this.expiryTime);
        sb.append(";k=");
        sb.append(this.keyId);
        if (this.keyService != null && !this.keyService.isEmpty()) {
            sb.append(";z=");
            sb.append(this.keyService);
        }
        if (this.originalRequestor != null && !this.originalRequestor.isEmpty()) {
            sb.append(";o=");
            sb.append(this.originalRequestor);
        }
        if (this.ip != null && !this.ip.isEmpty()) {
            sb.append(";i=");
            sb.append(this.ip);
        }
        if (this.authorizedServices != null && !this.authorizedServices.isEmpty()) {
            sb.append(";b=");
            sb.append(String.join(",", this.authorizedServices));
        }
        this.unsignedToken = sb.toString();
        if (LOG.isDebugEnabled()) {
            LOG.debug("PrincipalToken created: " + this.unsignedToken);
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:67:0x0245, code lost:
    
        switch(r14) {
            case 0: goto L71;
            case 1: goto L72;
            case 2: goto L73;
            case 3: goto L74;
            case 4: goto L75;
            case 5: goto L76;
            case 6: goto L77;
            case 7: goto L78;
            case 8: goto L79;
            case 9: goto L80;
            case 10: goto L81;
            case 11: goto L82;
            case 12: goto L83;
            case 13: goto L84;
            case 14: goto L85;
            case 15: goto L86;
            default: goto L109;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:68:0x0294, code lost:
    
        r5.salt = r0[1];
     */
    /* JADX WARN: Code restructure failed: missing block: B:71:0x029f, code lost:
    
        r5.authorizedServices = java.util.Arrays.asList(r0[1].split(","));
     */
    /* JADX WARN: Code restructure failed: missing block: B:73:0x02b2, code lost:
    
        r5.authorizedServiceKeyId = r0[1];
     */
    /* JADX WARN: Code restructure failed: missing block: B:75:0x02bd, code lost:
    
        r5.authorizedServiceName = r0[1];
     */
    /* JADX WARN: Code restructure failed: missing block: B:77:0x02c8, code lost:
    
        r5.authorizedServiceSignature = r0[1];
     */
    /* JADX WARN: Code restructure failed: missing block: B:79:0x02d3, code lost:
    
        r5.domain = r0[1];
     */
    /* JADX WARN: Code restructure failed: missing block: B:81:0x02de, code lost:
    
        r5.expiryTime = java.lang.Long.parseLong(r0[1]);
     */
    /* JADX WARN: Code restructure failed: missing block: B:83:0x02ec, code lost:
    
        r5.host = r0[1];
     */
    /* JADX WARN: Code restructure failed: missing block: B:85:0x02f7, code lost:
    
        r5.ip = r0[1];
     */
    /* JADX WARN: Code restructure failed: missing block: B:87:0x0302, code lost:
    
        r5.keyId = r0[1];
     */
    /* JADX WARN: Code restructure failed: missing block: B:89:0x030d, code lost:
    
        r5.name = r0[1];
     */
    /* JADX WARN: Code restructure failed: missing block: B:91:0x0318, code lost:
    
        r5.originalRequestor = r0[1];
     */
    /* JADX WARN: Code restructure failed: missing block: B:93:0x0323, code lost:
    
        r5.signature = r0[1];
     */
    /* JADX WARN: Code restructure failed: missing block: B:95:0x032e, code lost:
    
        r5.timestamp = java.lang.Long.parseLong(r0[1]);
     */
    /* JADX WARN: Code restructure failed: missing block: B:97:0x033c, code lost:
    
        r5.version = r0[1];
     */
    /* JADX WARN: Code restructure failed: missing block: B:99:0x0347, code lost:
    
        r5.keyService = r0[1];
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public PrincipalToken(java.lang.String r6) {
        /*
            Method dump skipped, instructions count: 1164
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.yahoo.athenz.auth.token.PrincipalToken.<init>(java.lang.String):void");
    }

    public void signForAuthorizedService(String str, String str2, String str3) throws CryptoException {
        signForAuthorizedService(str, str2, Crypto.loadPrivateKey(str3));
    }

    public void signForAuthorizedService(String str, String str2, PrivateKey privateKey) throws CryptoException {
        if (this.authorizedServices == null || !this.authorizedServices.contains(str)) {
            throw new IllegalArgumentException("Authorized Service is not valid for this token");
        }
        this.authorizedServiceKeyId = str2;
        StringBuilder sb = new StringBuilder(512);
        sb.append(this.signedToken);
        sb.append(";bk=");
        sb.append(str2);
        if (this.authorizedServices.size() > 1) {
            this.authorizedServiceName = str;
            sb.append(";bn=");
            sb.append(str);
        }
        this.authorizedServiceSignature = Crypto.sign(sb.toString(), privateKey);
        sb.append(";bs=");
        sb.append(this.authorizedServiceSignature);
        this.signedToken = sb.toString();
    }

    public boolean validateForAuthorizedService(String str, StringBuilder sb) {
        StringBuilder sb2 = sb == null ? new StringBuilder(512) : sb;
        if (this.authorizedServiceSignature == null) {
            sb2.append("PrincipalToken:validateForAuthorizedService: token=").append(this.unsignedToken).append(" : missing data/signature component: public key=").append(str);
            LOG.error(sb2.toString());
            return false;
        }
        int indexOf = this.signedToken.indexOf(";bs=");
        if (indexOf == -1) {
            sb2.append("PrincipalToken:validateForAuthorizedService: token=").append(this.unsignedToken).append(" : not signed by any authorized service");
            LOG.error(sb2.toString());
            return false;
        }
        String substring = this.signedToken.substring(0, indexOf);
        if (str == null) {
            sb2.append("PrincipalToken:validateForAuthorizedService: token=").append(this.unsignedToken).append(" : No public key provided");
            LOG.error(sb2.toString());
            return false;
        }
        boolean z = false;
        try {
            z = Crypto.verify(substring, Crypto.loadPublicKey(str), this.authorizedServiceSignature);
            if (!z) {
                sb2.append("PrincipalToken:validateForAuthorizedService: token=").append(this.unsignedToken).append(" : authentication failed: public key=").append(str);
                LOG.error(sb2.toString());
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("validateForAuthorizedService: Token: " + this.unsignedToken + " -  successfully authenticated");
            }
        } catch (Exception e) {
            sb2.append("PrincipalToken:validateForAuthorizedService: token=").append(this.unsignedToken).append(" : authentication failed verifying signature: exc=").append(e.getMessage()).append(" : public key=").append(str);
            LOG.error(sb2.toString());
        }
        return z;
    }

    public boolean isValidAuthorizedServiceToken(StringBuilder sb) {
        StringBuilder sb2 = sb == null ? new StringBuilder(512) : sb;
        if (this.authorizedServices == null) {
            if (this.authorizedServiceSignature == null) {
                return true;
            }
            sb2.append("PrincipalToken:isValidAuthorizedServiceToken: Invalid Token=").append(this.unsignedToken).append(" : Authorized Service Signature available without service name");
            LOG.error(sb2.toString());
            return false;
        }
        if (this.authorizedServiceSignature == null) {
            sb2.append("PrincipalToken:isValidAuthorizedServiceToken: Invalid Token=").append(this.unsignedToken).append(" : Missing signature for specified authorized service");
            LOG.error(sb2.toString());
            return false;
        }
        if (this.authorizedServiceName != null) {
            if (this.authorizedServices.contains(this.authorizedServiceName)) {
                return true;
            }
            sb2.append("PrincipalToken:isValidAuthorizedServiceToken: Invalid Token=").append(this.unsignedToken).append(" : Authorized service name=").append(this.authorizedServiceName).append(" is not listed in the service list");
            LOG.error(sb2.toString());
            return false;
        }
        if (this.authorizedServices.size() == 1) {
            return true;
        }
        sb2.append("PrincipalToken:isValidAuthorizedServiceToken: Invalid Token=").append(this.unsignedToken).append(" : No service name and Authorized service list contains multiple entries");
        LOG.error(sb2.toString());
        return false;
    }

    public String getName() {
        return this.name;
    }

    public String getKeyService() {
        return this.keyService;
    }

    public String getOriginalRequestor() {
        return this.originalRequestor;
    }

    public List<String> getAuthorizedServices() {
        return this.authorizedServices;
    }

    public String getAuthorizedServiceName() {
        return this.authorizedServiceName;
    }

    public String getAuthorizedServiceKeyId() {
        return this.authorizedServiceKeyId;
    }

    public String getAuthorizedServiceSignature() {
        return this.authorizedServiceSignature;
    }
}
