package org.apache.hadoop.gateway.services.token.impl;

import java.security.Principal;
import java.util.Map;
import javax.security.auth.Subject;
import org.apache.hadoop.gateway.config.GatewayConfig;
import org.apache.hadoop.gateway.services.Service;
import org.apache.hadoop.gateway.services.ServiceLifecycleException;
import org.apache.hadoop.gateway.services.security.CryptoService;
import org.apache.hadoop.gateway.services.security.token.JWTokenAuthority;
import org.apache.hadoop.gateway.services.security.token.impl.JWTToken;

/* loaded from: input_file:org/apache/hadoop/gateway/services/token/impl/DefaultTokenAuthorityService.class */
public class DefaultTokenAuthorityService implements JWTokenAuthority, Service {
    private CryptoService crypto = null;

    public JWTToken issueToken(Subject subject, String str) {
        return issueToken((Principal) subject.getPrincipals().toArray()[0], str);
    }

    public JWTToken issueToken(Principal principal, String str) {
        return issueToken(principal, null, str);
    }

    public JWTToken issueToken(Principal principal, String str, String str2) {
        return issueToken(principal, str, str2, -1L);
    }

    public JWTToken issueToken(Principal principal, String str, String str2, long j) {
        String[] strArr = new String[4];
        strArr[0] = "HSSO";
        strArr[1] = principal.getName();
        if (str == null) {
            str = "HSSO";
        }
        strArr[2] = str;
        if (j == -1) {
            strArr[3] = Long.toString(System.currentTimeMillis() + 30000);
        } else {
            strArr[3] = String.valueOf(j);
        }
        JWTToken jWTToken = null;
        if ("RS256".equals(str2)) {
            jWTToken = new JWTToken("RS256", strArr);
            signToken(jWTToken);
        }
        return jWTToken;
    }

    private void signToken(JWTToken jWTToken) {
        jWTToken.setSignaturePayload(this.crypto.sign("SHA256withRSA", "gateway-identity", jWTToken.getPayloadToSign()));
    }

    public boolean verifyToken(JWTToken jWTToken) {
        return this.crypto.verify("SHA256withRSA", "gateway-identity", jWTToken.getPayloadToSign(), jWTToken.getSignaturePayload());
    }

    public void setCryptoService(CryptoService cryptoService) {
        this.crypto = cryptoService;
    }

    public void init(GatewayConfig gatewayConfig, Map<String, String> map) throws ServiceLifecycleException {
        if (this.crypto == null) {
            throw new ServiceLifecycleException("Crypto service is not set");
        }
    }

    public void start() throws ServiceLifecycleException {
    }

    public void stop() throws ServiceLifecycleException {
    }
}
