package net.solarnetwork.web.jakarta.security;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import jakarta.servlet.http.Cookie;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Arrays;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Map;
import java.util.TimeZone;
import net.solarnetwork.security.AuthorizationUtils;
import net.solarnetwork.web.jakarta.support.JSONView;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:net/solarnetwork/web/jakarta/security/AuthenticationDataToken.class */
public class AuthenticationDataToken {
    public static final String HEADER_TOKEN_TYPE = "typ";
    public static final String HEADER_SIGN_ALG = "alg";
    public static final String TOKEN_TYPE_JWT = "JWT";
    public static final String SIGN_ALG_HMAC_SHA256 = "HS256";
    public static final String CLAIM_EXPIRES = "exp";
    public static final String CLAIM_ISSUED_AT = "iat";
    public static final String CLAIM_SUBJECT = "sub";
    private static final String MESSAGE_KEY = "__msg";
    private static final String SIGNATURE_KEY = "__sig";
    private final String identity;
    private final long expires;
    private final long issued;
    private final String messageData;
    private final byte[] signature;

    public AuthenticationDataToken(Cookie cookie) {
        Map<String, Object> parseTokenData = parseTokenData(cookie.getValue());
        Object obj = parseTokenData.get(CLAIM_SUBJECT);
        if (!(obj instanceof String)) {
            throw new IllegalArgumentException("Missing 'sub' property from cookie data");
        }
        this.identity = (String) obj;
        Object obj2 = parseTokenData.get(CLAIM_EXPIRES);
        if (!(obj2 instanceof Number)) {
            throw new IllegalArgumentException("Missing 'exp' property from cookie data");
        }
        this.expires = ((Number) obj2).longValue();
        Object obj3 = parseTokenData.get(CLAIM_ISSUED_AT);
        if (!(obj3 instanceof Number)) {
            throw new IllegalArgumentException("Missing 'iat' property from cookie data");
        }
        this.issued = ((Number) obj3).longValue();
        Object obj4 = parseTokenData.get(SIGNATURE_KEY);
        if (!(obj4 instanceof byte[])) {
            throw new IllegalArgumentException("Missing signature from cookie data");
        }
        this.signature = (byte[]) obj4;
        Object obj5 = parseTokenData.get(MESSAGE_KEY);
        if (!(obj5 instanceof String)) {
            throw new IllegalArgumentException("Missing message content from cookie data");
        }
        this.messageData = (String) obj5;
    }

    public AuthenticationDataToken(AuthenticationData authenticationData, String str) {
        this(authenticationData, utf8bytes(str));
    }

    public AuthenticationDataToken(AuthenticationData authenticationData, byte[] bArr) {
        this.identity = authenticationData.getAuthTokenId();
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("GMT"));
        gregorianCalendar.setTime(Date.from(authenticationData.getDate()));
        this.issued = gregorianCalendar.getTimeInMillis() / 1000;
        gregorianCalendar.add(5, 7);
        this.expires = gregorianCalendar.getTimeInMillis() / 1000;
        ObjectMapper objectMapper = new ObjectMapper();
        HashMap hashMap = new HashMap();
        hashMap.put(HEADER_TOKEN_TYPE, TOKEN_TYPE_JWT);
        hashMap.put(HEADER_SIGN_ALG, SIGN_ALG_HMAC_SHA256);
        HashMap hashMap2 = new HashMap();
        hashMap2.put(CLAIM_SUBJECT, this.identity);
        hashMap2.put(CLAIM_EXPIRES, Long.valueOf(this.expires));
        hashMap2.put(CLAIM_ISSUED_AT, Long.valueOf(this.issued));
        try {
            this.messageData = Base64.encodeBase64URLSafeString(objectMapper.writeValueAsBytes(hashMap)) + "." + Base64.encodeBase64URLSafeString(objectMapper.writeValueAsBytes(hashMap2));
            this.signature = AuthorizationUtils.computeHmacSha256(bArr, this.messageData);
        } catch (IOException e) {
            throw new IllegalArgumentException("Error encoding message data JSON", e);
        }
    }

    private static final byte[] utf8bytes(String str) {
        try {
            return str.getBytes(JSONView.UTF8_CHAR_ENCODING);
        } catch (UnsupportedEncodingException e) {
            return new byte[0];
        }
    }

    public static final Map<String, Object> parseTokenData(String str) {
        ObjectMapper objectMapper = new ObjectMapper();
        String[] split = str.split("\\.", 3);
        if (split.length != 3) {
            throw new IllegalArgumentException("Malformed token cookie data (missing header/payload/signature structure)");
        }
        HashMap hashMap = new HashMap(8);
        TypeReference<HashMap<String, Object>> typeReference = new TypeReference<HashMap<String, Object>>() { // from class: net.solarnetwork.web.jakarta.security.AuthenticationDataToken.1
        };
        Base64 base64 = new Base64(true);
        try {
            Map map = (Map) objectMapper.readValue(base64.decode(split[0]), typeReference);
            if (!TOKEN_TYPE_JWT.equals(map.get(HEADER_TOKEN_TYPE))) {
                throw new IllegalArgumentException("Unsupported token type");
            }
            if (!SIGN_ALG_HMAC_SHA256.equals(map.get(HEADER_SIGN_ALG))) {
                throw new IllegalArgumentException("Unsupported token sign algorithm");
            }
            Map map2 = (Map) objectMapper.readValue(base64.decode(split[1]), typeReference);
            if (map2.containsKey(CLAIM_SUBJECT)) {
                hashMap.put(CLAIM_SUBJECT, map2.get(CLAIM_SUBJECT));
            }
            if (map2.containsKey(CLAIM_EXPIRES)) {
                hashMap.put(CLAIM_EXPIRES, map2.get(CLAIM_EXPIRES));
            }
            if (map2.containsKey(CLAIM_ISSUED_AT)) {
                hashMap.put(CLAIM_ISSUED_AT, map2.get(CLAIM_ISSUED_AT));
            }
            hashMap.put(SIGNATURE_KEY, base64.decode(split[2]));
            hashMap.put(MESSAGE_KEY, split[0] + "." + split[1]);
            return hashMap;
        } catch (IOException e) {
            throw new IllegalArgumentException("Malformed token cookie data (header)", e);
        }
    }

    public void verify(String str) {
        verify(str, System.currentTimeMillis());
    }

    public void verify(String str, long j) {
        verify(utf8bytes(str), j);
    }

    public void verify(byte[] bArr) {
        verify(bArr, System.currentTimeMillis());
    }

    public void verify(byte[] bArr, long j) {
        if (!Arrays.equals(this.signature, AuthorizationUtils.computeHmacSha256(bArr, this.messageData))) {
            throw new SecurityException("Signature does not match.");
        }
        if (this.expires * 1000 < j) {
            throw new SecurityException("Token expired");
        }
    }

    public String cookieValue() {
        return this.messageData + "." + Base64.encodeBase64URLSafeString(this.signature);
    }

    public String getIdentity() {
        return this.identity;
    }

    public long getExpires() {
        return this.expires;
    }

    public long getIssued() {
        return this.issued;
    }

    public byte[] getSignature() {
        return this.signature;
    }
}
