package com.yahoo.athenz.auth.token;

import com.yahoo.athenz.auth.util.Crypto;
import com.yahoo.athenz.auth.util.CryptoException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yahoo/athenz/auth/token/Token.class */
public class Token {
    protected final int defaultBuilderBufSize = 512;
    protected String unsignedToken = null;
    protected String signedToken = null;
    protected String version = null;
    protected String salt = null;
    protected String host = null;
    protected String ip = null;
    protected String domain = null;
    protected String signature = null;
    protected String keyId = "0";
    protected long expiryTime = 0;
    protected long timestamp = 0;
    protected String digestAlgorithm = Crypto.SHA256;
    private static final Logger LOG = LoggerFactory.getLogger(Token.class);
    private static final String ATHENZ_PROP_TOKEN_MAX_EXPIRY = "athenz.token_max_expiry";
    private static final long ATHENZ_TOKEN_MAX_EXPIRY = Long.parseLong(System.getProperty(ATHENZ_PROP_TOKEN_MAX_EXPIRY, Long.toString(TimeUnit.SECONDS.convert(30, TimeUnit.DAYS))));
    private static final String ATHENZ_PROP_TOKEN_NO_EXPIRY = "athenz.token_no_expiry";
    static Boolean ATHENZ_TOKEN_NO_EXPIRY = Boolean.valueOf(Boolean.parseBoolean(System.getProperty(ATHENZ_PROP_TOKEN_NO_EXPIRY, "false")));

    public String getDigestAlgorithm() {
        return this.digestAlgorithm;
    }

    public void sign(String str) throws CryptoException {
        sign(Crypto.loadPrivateKey(str));
    }

    public void sign(PrivateKey privateKey) throws CryptoException {
        this.signature = Crypto.sign(this.unsignedToken, privateKey, getDigestAlgorithm());
        this.signedToken = this.unsignedToken + ";s=" + this.signature;
    }

    public void setTimeStamp(long j, long j2) {
        this.timestamp = j > 0 ? j : System.currentTimeMillis() / 1000;
        this.expiryTime = this.timestamp + j2;
    }

    public boolean validate(String str, int i) {
        return validate(str, i, false, (StringBuilder) null);
    }

    public boolean validate(String str, int i, boolean z) {
        return validate(str, i, z, (StringBuilder) null);
    }

    public boolean validate(String str, int i, boolean z, StringBuilder sb) {
        StringBuilder sb2 = sb == null ? new StringBuilder(512) : sb;
        if (str == null) {
            sb2.append("Token:validate: token=").append(this.unsignedToken).append(" : No public key provided");
            LOG.error(sb2.toString());
            return false;
        }
        try {
            return validate(Crypto.loadPublicKey(str), i, z, sb2);
        } catch (Exception e) {
            sb2.append("Token:validate: token=").append(this.unsignedToken).append(" : unable to load public key due to Exception=").append(e.getMessage());
            LOG.error(sb2.toString());
            return false;
        }
    }

    public boolean validate(PublicKey publicKey, int i, boolean z, StringBuilder sb) {
        StringBuilder sb2 = sb == null ? new StringBuilder(512) : sb;
        if (this.unsignedToken == null || this.signature == null) {
            sb2.append("Token:validate: token=").append(this.unsignedToken).append(" : missing data/signature component");
            LOG.error(sb2.toString());
            return false;
        }
        if (publicKey == null) {
            sb2.append("Token:validate: token=").append(this.unsignedToken).append(" : No public key provided");
            LOG.error(sb2.toString());
            return false;
        }
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        if (this.timestamp != 0 && this.timestamp - i > currentTimeMillis) {
            sb2.append("Token:validate: token=").append(this.unsignedToken).append(" : has future timestamp=").append(this.timestamp).append(" : current time=").append(currentTimeMillis).append(" : allowed offset=").append(i);
            LOG.error(sb2.toString());
            return false;
        }
        if (this.expiryTime != 0 || !ATHENZ_TOKEN_NO_EXPIRY.booleanValue() || !z) {
            if (this.expiryTime < currentTimeMillis) {
                sb2.append("Token:validate: token=").append(this.unsignedToken).append(" : has expired time=").append(this.expiryTime).append(" : current time=").append(currentTimeMillis);
                LOG.error(sb2.toString());
                return false;
            }
            if (this.expiryTime > currentTimeMillis + ATHENZ_TOKEN_MAX_EXPIRY + i) {
                sb2.append("Token:validate: token=").append(this.unsignedToken).append(" : expires too far in the future=").append(this.expiryTime).append(" : current time=").append(currentTimeMillis).append(" : max expiry=").append(ATHENZ_TOKEN_MAX_EXPIRY).append(" : allowed offset=").append(i);
                LOG.error(sb2.toString());
                return false;
            }
        }
        boolean z2 = false;
        try {
            z2 = Crypto.verify(this.unsignedToken, publicKey, this.signature, getDigestAlgorithm());
            if (!z2) {
                sb2.append("Token:validate: token=").append(this.unsignedToken).append(" : authentication failed");
                LOG.error(sb2.toString());
            } else if (LOG.isDebugEnabled()) {
                LOG.debug("validate: Token successfully authenticated");
            }
        } catch (Exception e) {
            sb2.append("Token:validate: token=").append(this.unsignedToken).append(" : verify signature failed due to Exception=").append(e.getMessage());
            LOG.error(sb2.toString());
        }
        return z2;
    }

    public String getVersion() {
        return this.version;
    }

    public String getSalt() {
        return this.salt;
    }

    public String getHost() {
        return this.host;
    }

    public String getDomain() {
        return this.domain;
    }

    public String getSignature() {
        return this.signature;
    }

    public long getTimestamp() {
        return this.timestamp;
    }

    public long getExpiryTime() {
        return this.expiryTime;
    }

    public String getSignedToken() {
        return this.signedToken;
    }

    public String getKeyId() {
        return this.keyId;
    }

    public String getIP() {
        return this.ip;
    }

    public String getUnsignedToken() {
        return this.unsignedToken;
    }

    public static String getUnsignedToken(String str) {
        int indexOf = str.indexOf(";s=");
        if (indexOf != -1) {
            str = str.substring(0, indexOf);
        }
        return str;
    }
}
