package eu.arrowhead.common.token;

import eu.arrowhead.common.CommonConstants;
import eu.arrowhead.common.Utilities;
import eu.arrowhead.common.exception.AuthException;
import eu.arrowhead.common.exception.InvalidParameterException;
import java.security.PrivateKey;
import java.security.PublicKey;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.MalformedClaimException;
import org.jose4j.jwt.consumer.ErrorCodeValidator;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.jose4j.jwt.consumer.JwtContext;
import org.springframework.util.Assert;

/* loaded from: input_file:eu/arrowhead/common/token/TokenUtilities.class */
public class TokenUtilities {
    private static final Logger logger = LogManager.getLogger(TokenUtilities.class);
    private static final AlgorithmConstraints JWS_ALG_CONSTRAINTS = new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, new String[]{CommonConstants.JWS_SIGN_ALG});
    private static final AlgorithmConstraints JWE_ALG_CONSTRAINTS = new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, new String[]{CommonConstants.JWE_KEY_MANAGEMENT_ALG});
    private static final AlgorithmConstraints JWE_ENCRYPTION_CONSTRAINTS = new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, new String[]{CommonConstants.JWE_ENCRYPTION_ALG});

    /* loaded from: input_file:eu/arrowhead/common/token/TokenUtilities$TokenInfo.class */
    public static class TokenInfo {
        private final String consumerName;
        private final String service;
        private final String interfaceName;
        private final Long endOfValidity;

        public TokenInfo(String str, String str2, String str3, Long l) {
            this.consumerName = str;
            this.service = str2;
            this.interfaceName = str3;
            this.endOfValidity = l;
        }

        public String getConsumerName() {
            return this.consumerName;
        }

        public String getService() {
            return this.service;
        }

        public String getInterfaceName() {
            return this.interfaceName;
        }

        public Long getEndOfValidity() {
            return this.endOfValidity;
        }

        public boolean hasEndOfValidity() {
            return this.endOfValidity != null && this.endOfValidity.longValue() > 0;
        }

        public String toString() {
            return "TokenInfo [consumerName=" + this.consumerName + ", service=" + this.service + ", interfaceName=" + this.interfaceName + ", endOfValidity=" + this.endOfValidity + "]";
        }
    }

    public static TokenInfo validateTokenAndExtractTokenInfo(String str, PublicKey publicKey, PrivateKey privateKey) {
        logger.debug("validateTokenAndExtractTokenInfo started...");
        Assert.notNull(publicKey, "Authorization public key is null.");
        Assert.notNull(privateKey, "Private key is null.");
        if (Utilities.isEmpty(str)) {
            throw new InvalidParameterException("No token is provided.");
        }
        try {
            JwtClaims processToClaims = new JwtConsumerBuilder().setRequireJwtId().setRequireNotBefore().setEnableRequireEncryption().setEnableRequireIntegrity().setExpectedIssuer(CommonConstants.CORE_SYSTEM_AUTHORIZATION).setDecryptionKey(privateKey).setVerificationKey(publicKey).setJwsAlgorithmConstraints(JWS_ALG_CONSTRAINTS).setJweAlgorithmConstraints(JWE_ALG_CONSTRAINTS).setJweContentEncryptionAlgorithmConstraints(JWE_ENCRYPTION_CONSTRAINTS).build().processToClaims(str);
            return new TokenInfo(extractConsumerName(processToClaims), extractService(processToClaims), extractInterfaceName(processToClaims), extractExpirationTime(processToClaims));
        } catch (InvalidJwtException e) {
            logger.debug("Token processing is failed: {}", e.getMessage());
            logger.debug(e);
            throw new AuthException("Token processing is failed", (Throwable) e);
        }
    }

    private TokenUtilities() {
        throw new UnsupportedOperationException();
    }

    private static String extractConsumerName(JwtClaims jwtClaims) throws InvalidJwtException {
        if (!jwtClaims.hasClaim(CommonConstants.JWT_CLAIM_CONSUMER_ID)) {
            throw new InvalidJwtException("Missing consumer information.", (ErrorCodeValidator.Error) null, (Throwable) null, (JwtContext) null);
        }
        try {
            return jwtClaims.getStringClaimValue(CommonConstants.JWT_CLAIM_CONSUMER_ID).split("\\.")[0];
        } catch (MalformedClaimException e) {
            throw new InvalidJwtException("Invalid consumer information.", (ErrorCodeValidator.Error) null, e, (JwtContext) null);
        }
    }

    private static String extractService(JwtClaims jwtClaims) throws InvalidJwtException {
        if (!jwtClaims.hasClaim("sid")) {
            throw new InvalidJwtException("Missing service information.", (ErrorCodeValidator.Error) null, (Throwable) null, (JwtContext) null);
        }
        try {
            return jwtClaims.getStringClaimValue("sid");
        } catch (MalformedClaimException e) {
            throw new InvalidJwtException("Invalid service information.", (ErrorCodeValidator.Error) null, e, (JwtContext) null);
        }
    }

    private static String extractInterfaceName(JwtClaims jwtClaims) throws InvalidJwtException {
        if (!jwtClaims.hasClaim(CommonConstants.JWT_CLAIM_INTERFACE_ID)) {
            throw new InvalidJwtException("Missing interface information.", (ErrorCodeValidator.Error) null, (Throwable) null, (JwtContext) null);
        }
        try {
            return jwtClaims.getStringClaimValue(CommonConstants.JWT_CLAIM_INTERFACE_ID);
        } catch (MalformedClaimException e) {
            throw new InvalidJwtException("Invalid interface information.", (ErrorCodeValidator.Error) null, e, (JwtContext) null);
        }
    }

    private static Long extractExpirationTime(JwtClaims jwtClaims) throws InvalidJwtException {
        try {
            if (jwtClaims.hasClaim("exp")) {
                return Long.valueOf(jwtClaims.getExpirationTime().getValueInMillis());
            }
            return null;
        } catch (MalformedClaimException e) {
            throw new InvalidJwtException("Invalid expiration time.", (ErrorCodeValidator.Error) null, e, (JwtContext) null);
        }
    }
}
