package keywhiz.auth.cookie;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Throwables;
import com.google.inject.Inject;
import java.nio.charset.StandardCharsets;
import java.time.Clock;
import java.time.Duration;
import java.time.ZonedDateTime;
import java.util.Base64;
import javax.crypto.AEADBadTagException;
import javax.ws.rs.core.NewCookie;
import keywhiz.auth.User;
import org.eclipse.jetty.http.HttpCookie;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.server.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:keywhiz/auth/cookie/AuthenticatedEncryptedCookieFactory.class */
public class AuthenticatedEncryptedCookieFactory {
    private final Logger logger = LoggerFactory.getLogger(AuthenticatedEncryptedCookieFactory.class);
    private final Clock clock;
    private final ObjectMapper mapper;
    private final GCMEncryptor encryptor;
    private final CookieConfig config;

    @Inject
    public AuthenticatedEncryptedCookieFactory(Clock clock, ObjectMapper objectMapper, GCMEncryptor gCMEncryptor, @SessionCookie CookieConfig cookieConfig) {
        this.clock = clock;
        this.mapper = objectMapper;
        this.encryptor = gCMEncryptor;
        this.config = cookieConfig;
    }

    public String getSession(User user, ZonedDateTime zonedDateTime) {
        try {
            return Base64.getEncoder().encodeToString(this.encryptor.encrypt(this.mapper.writeValueAsString(new UserCookieData(user, zonedDateTime)).getBytes(StandardCharsets.UTF_8)));
        } catch (JsonProcessingException e) {
            throw Throwables.propagate(e);
        } catch (AEADBadTagException e2) {
            this.logger.error("Could not encrypt cookie", (Throwable) e2);
            throw Throwables.propagate(e2);
        }
    }

    public NewCookie cookieFor(String str, ZonedDateTime zonedDateTime) {
        HttpCookie httpCookie = new HttpCookie(this.config.getName(), str, this.config.getDomain(), this.config.getPath(), Duration.between(ZonedDateTime.now(this.clock), zonedDateTime).getSeconds(), this.config.isHttpOnly(), this.config.isSecure());
        Response response = new Response(null, null);
        response.addCookie(httpCookie);
        return NewCookie.valueOf(response.getHttpFields().getStringField(HttpHeader.SET_COOKIE));
    }

    public NewCookie getSessionCookie(User user, ZonedDateTime zonedDateTime) {
        return cookieFor(getSession(user, zonedDateTime), zonedDateTime);
    }

    public NewCookie getExpiredSessionCookie() {
        HttpCookie httpCookie = new HttpCookie(this.config.getName(), "expired", this.config.getDomain(), this.config.getPath(), 0L, this.config.isHttpOnly(), this.config.isSecure());
        Response response = new Response(null, null);
        response.addCookie(httpCookie);
        return NewCookie.valueOf(response.getHttpFields().getStringField(HttpHeader.SET_COOKIE));
    }
}
