package com.tokera.ate.providers;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.Claim;
import com.esotericsoftware.yamlbeans.YamlException;
import com.esotericsoftware.yamlbeans.scalar.ScalarSerializer;
import com.google.common.base.Charsets;
import com.tokera.ate.common.ImmutalizableArrayList;
import com.tokera.ate.delegates.AteDelegate;
import com.tokera.ate.dto.ClaimDto;
import com.tokera.ate.dto.TokenDto;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.lang.annotation.Annotation;
import java.lang.reflect.Type;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.ws.rs.Consumes;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.MessageBodyReader;
import javax.ws.rs.ext.MessageBodyWriter;
import javax.ws.rs.ext.Provider;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.time.DateUtils;

@Produces({"text/plain"})
@Provider
@Consumes({"text/plain"})
/* loaded from: input_file:com/tokera/ate/providers/TokenSerializer.class */
public class TokenSerializer implements ScalarSerializer<TokenDto>, MessageBodyReader<TokenDto>, MessageBodyWriter<TokenDto> {
    private AteDelegate d = AteDelegate.get();
    private String jwtSecret;
    private byte[] jwtEncrypt;
    private String jwtIssuer;

    public TokenSerializer() {
        Properties propertiesForToken = this.d.bootstrapConfig.propertiesForToken();
        this.jwtSecret = propertiesForToken.getOrDefault("secret", "anyone").toString();
        this.jwtEncrypt = Base64.decodeBase64(propertiesForToken.getOrDefault("encrypt", "VD5eE_z1crGougAuE-xubgJwACNzN4aF7h5VrltBsYw").toString());
        this.jwtIssuer = propertiesForToken.getOrDefault("issuer", "nobody").toString();
    }

    public TokenDto createToken(Map<String, List<String>> map, int i) {
        Algorithm HMAC256 = this.d.bootstrapConfig.getSecurityLevel().signToken ? Algorithm.HMAC256(this.jwtSecret) : Algorithm.none();
        JWTCreator.Builder withIssuer = JWT.create().withIssuer(this.jwtIssuer);
        for (Map.Entry<String, List<String>> entry : map.entrySet()) {
            withIssuer = withIssuer.withArrayClaim(entry.getKey(), (String[]) entry.getValue().stream().toArray(i2 -> {
                return new String[i2];
            }));
        }
        if (i > 0) {
            withIssuer = withIssuer.withExpiresAt(DateUtils.addMinutes(new Date(), i));
        }
        String sign = withIssuer.sign(HMAC256);
        return new TokenDto(this.d.bootstrapConfig.getSecurityLevel().encryptToken ? Base64.encodeBase64URLSafeString(this.d.encryptor.encryptAes(this.jwtEncrypt, sign.getBytes())) : sign);
    }

    public void validateToken(TokenDto tokenDto) {
        try {
            JWT.require(this.d.bootstrapConfig.getSecurityLevel().signToken ? Algorithm.HMAC256(this.jwtSecret) : Algorithm.none()).withIssuer(new String[]{this.jwtIssuer}).build().verify(this.d.bootstrapConfig.getSecurityLevel().encryptToken ? new String(this.d.encryptor.decryptAes(this.jwtEncrypt, Base64.decodeBase64(tokenDto.getBase64()))) : tokenDto.getBase64());
        } catch (JWTVerificationException e) {
            throw new WebApplicationException("JWT token failed validation", e, Response.Status.UNAUTHORIZED);
        }
    }

    public ImmutalizableArrayList<ClaimDto> extractTokenClaims(TokenDto tokenDto) {
        List asList;
        String str = this.d.bootstrapConfig.getSecurityLevel().encryptToken ? new String(this.d.encryptor.decryptAes(this.jwtEncrypt, Base64.decodeBase64(tokenDto.getBase64()))) : tokenDto.getBase64();
        ImmutalizableArrayList<ClaimDto> immutalizableArrayList = new ImmutalizableArrayList<>();
        try {
            for (Map.Entry entry : JWT.decode(str).getClaims().entrySet()) {
                if (!((String) entry.getKey()).equals("iss") && !((String) entry.getKey()).equals("exp") && !((Claim) entry.getValue()).isNull() && (asList = ((Claim) entry.getValue()).asList(String.class)) != null) {
                    Iterator it = asList.iterator();
                    while (it.hasNext()) {
                        immutalizableArrayList.add(new ClaimDto((String) entry.getKey(), (String) it.next()));
                    }
                }
            }
            immutalizableArrayList.immutalize();
            return immutalizableArrayList;
        } catch (JWTDecodeException e) {
            throw new WebApplicationException("Failed to decode the JWT token.", e, Response.Status.UNAUTHORIZED);
        }
    }

    public String write(TokenDto tokenDto) throws YamlException {
        return tokenDto.getBase64();
    }

    /* renamed from: read, reason: merged with bridge method [inline-methods] */
    public TokenDto m97read(String str) throws YamlException {
        return new TokenDto(str);
    }

    public boolean isReadable(Class<?> cls, Type type, Annotation[] annotationArr, MediaType mediaType) {
        return TokenDto.class.isAssignableFrom(cls);
    }

    public TokenDto readFrom(Class<TokenDto> cls, Type type, Annotation[] annotationArr, MediaType mediaType, MultivaluedMap<String, String> multivaluedMap, InputStream inputStream) throws IOException, WebApplicationException {
        return new TokenDto(IOUtils.toString(inputStream, Charsets.UTF_8));
    }

    public boolean isWriteable(Class<?> cls, Type type, Annotation[] annotationArr, MediaType mediaType) {
        return TokenDto.class.isAssignableFrom(cls);
    }

    public void writeTo(TokenDto tokenDto, Class<?> cls, Type type, Annotation[] annotationArr, MediaType mediaType, MultivaluedMap<String, Object> multivaluedMap, OutputStream outputStream) throws IOException, WebApplicationException {
        new OutputStreamWriter(outputStream).write(tokenDto.getBase64());
    }

    /* renamed from: readFrom, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ Object m98readFrom(Class cls, Type type, Annotation[] annotationArr, MediaType mediaType, MultivaluedMap multivaluedMap, InputStream inputStream) throws IOException, WebApplicationException {
        return readFrom((Class<TokenDto>) cls, type, annotationArr, mediaType, (MultivaluedMap<String, String>) multivaluedMap, inputStream);
    }

    public /* bridge */ /* synthetic */ void writeTo(Object obj, Class cls, Type type, Annotation[] annotationArr, MediaType mediaType, MultivaluedMap multivaluedMap, OutputStream outputStream) throws IOException, WebApplicationException {
        writeTo((TokenDto) obj, (Class<?>) cls, type, annotationArr, mediaType, (MultivaluedMap<String, Object>) multivaluedMap, outputStream);
    }
}
