package com.techempower.gemini.pyxis;

import com.techempower.collection.MutableNamedValues;
import com.techempower.gemini.GeminiApplicationInterface;
import com.techempower.gemini.pyxis.crypto.EncryptionError;
import com.techempower.helper.NumberHelper;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders;
import java.security.MessageDigest;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/techempower/gemini/pyxis/JsonWebToken.class */
public class JsonWebToken implements AuthToken, MutableNamedValues {
    private static final String BEARER_ID = "bearerId";
    private static final String USER_ID = "userId";
    private static final String LAST_PASSWORD_CHANGED = "lastPwdChanged";
    private static final String VALIDATION_HASH = "validationHash";
    public static final String ISSUER = "iss";
    public static final String SUBJECT = "sub";
    public static final String AUDIENCE = "aud";
    public static final String EXPIRATION = "exp";
    public static final String NOT_BEFORE = "nbf";
    public static final String ISSUED_AT = "iat";
    public static final String JWT_ID = "jti";
    private final GeminiApplicationInterface application;
    private final long lastPasswordChange;
    private final long bearerUserId;
    private final long issuedAt;
    private final String validationHash;
    private final Map<String, Object> claims = new HashMap();
    private long userId;

    public JsonWebToken(GeminiApplicationInterface geminiApplicationInterface, PyxisUser pyxisUser, long j, String str) {
        this.application = geminiApplicationInterface;
        this.issuedAt = j;
        this.bearerUserId = pyxisUser.getId();
        this.lastPasswordChange = pyxisUser.getUserLastPasswordChange() == null ? 0L : pyxisUser.getUserLastPasswordChange().getTime();
        this.validationHash = str;
        this.userId = this.bearerUserId;
    }

    public JsonWebToken(GeminiApplicationInterface geminiApplicationInterface, String str) throws MalformedJwtException, IllegalArgumentException {
        this.application = geminiApplicationInterface;
        Claims claims = (Claims) Jwts.parser().setSigningKey(geminiApplicationInterface.getSecurity().getSettings().getMacSigningKey()).parse(str).getBody();
        this.issuedAt = ((Long) claims.get(ISSUED_AT)).longValue();
        this.bearerUserId = NumberHelper.parseLong(claims.get(BEARER_ID).toString());
        this.lastPasswordChange = ((Long) claims.get(LAST_PASSWORD_CHANGED)).longValue();
        this.validationHash = (String) claims.get(VALIDATION_HASH);
        this.userId = NumberHelper.parseLong(claims.get(USER_ID).toString());
    }

    @Override // com.techempower.gemini.pyxis.AuthToken
    public void beginMasquerade(long j) {
        this.userId = j;
    }

    @Override // com.techempower.collection.MutableNamedValues
    public JsonWebToken clear() {
        this.claims.clear();
        return this;
    }

    @Override // com.techempower.gemini.pyxis.AuthToken
    public void endMasquerade() {
        this.userId = this.bearerUserId;
    }

    @Override // com.techempower.collection.NamedValues
    public String get(String str) {
        return get(str, null);
    }

    @Override // com.techempower.collection.NamedValues
    public String get(String str, String str2) {
        String str3 = (String) this.claims.get(str);
        if (str3 == null) {
            str3 = str2;
        }
        return str3;
    }

    @Override // com.techempower.collection.NamedValues
    public boolean getBoolean(String str) {
        return getBoolean(str, false);
    }

    @Override // com.techempower.collection.NamedValues
    public boolean getBoolean(String str, boolean z) {
        Boolean bool = (Boolean) this.claims.get(str);
        if (bool == null) {
            bool = Boolean.valueOf(z);
        }
        return bool.booleanValue();
    }

    @Override // com.techempower.collection.NamedValues
    public int getInt(String str) {
        return getInt(str, 0);
    }

    @Override // com.techempower.collection.NamedValues
    public int getInt(String str, int i) {
        Integer num = (Integer) this.claims.get(str);
        if (num == null) {
            num = Integer.valueOf(i);
        }
        return num.intValue();
    }

    @Override // com.techempower.collection.NamedValues
    public int getInt(String str, int i, int i2, int i3) {
        return NumberHelper.boundInteger(getInt(str, i), i2, i3);
    }

    @Override // com.techempower.gemini.pyxis.AuthToken
    public long getUserLastPasswordChange() {
        return this.lastPasswordChange;
    }

    @Override // com.techempower.collection.NamedValues
    public long getLong(String str) {
        return getLong(str, 0L);
    }

    @Override // com.techempower.collection.NamedValues
    public long getLong(String str, long j) {
        Long l = (Long) this.claims.get(str);
        if (l == null) {
            l = Long.valueOf(j);
        }
        return l.longValue();
    }

    @Override // com.techempower.collection.NamedValues
    public long getLong(String str, long j, long j2, long j3) {
        return NumberHelper.boundLong(getLong(str, j), j2, j3);
    }

    public String getSecret(String str) {
        String str2 = get(str);
        if (str2 != null) {
            try {
                str2 = new String(this.application.getSecurity().getCryptograph().decrypt(Base64.getDecoder().decode(str2.getBytes())));
            } catch (EncryptionError e) {
            }
        }
        return str2;
    }

    @Override // com.techempower.gemini.pyxis.AuthToken
    public long getIssuedAt() {
        return this.issuedAt;
    }

    @Override // com.techempower.gemini.pyxis.AuthToken
    public long getUserId() {
        return this.userId;
    }

    @Override // com.techempower.gemini.pyxis.AuthToken
    public String getUserValidationHash() {
        return this.validationHash;
    }

    @Override // com.techempower.collection.NamedValues
    public boolean has(String str) {
        return this.claims.containsKey(str);
    }

    @Override // com.techempower.gemini.pyxis.AuthToken
    public void invalidate() {
        PyxisUser user = this.application.getSecurity().getUser(this.userId);
        if (user != null) {
            Login login = null;
            for (Login login2 : this.application.getSecurity().getUserLogins(user.getId())) {
                if (MessageDigest.isEqual(login2.getValidationHash().getBytes(), this.validationHash.getBytes())) {
                    login = login2;
                }
            }
            this.application.getSecurity().removeUserLogin(user.getId(), login);
        }
    }

    @Override // com.techempower.gemini.pyxis.AuthToken
    public boolean isMasquerading() {
        return this.userId != this.bearerUserId;
    }

    @Override // com.techempower.collection.NamedValues
    public Set<String> names() {
        return this.claims.keySet();
    }

    @Override // com.techempower.collection.MutableNamedValues
    public JsonWebToken put(String str, String str2) {
        this.claims.put(str, str2);
        return this;
    }

    @Override // com.techempower.collection.MutableNamedValues
    public JsonWebToken put(String str, int i) {
        this.claims.put(str, Integer.valueOf(i));
        return this;
    }

    @Override // com.techempower.collection.MutableNamedValues
    public JsonWebToken put(String str, long j) {
        this.claims.put(str, Long.valueOf(j));
        return this;
    }

    @Override // com.techempower.collection.MutableNamedValues
    public JsonWebToken put(String str, boolean z) {
        this.claims.put(str, Boolean.valueOf(z));
        return this;
    }

    public JsonWebToken putSecret(String str, String str2) {
        this.claims.put(str, Base64.getEncoder().encodeToString(this.application.getSecurity().getCryptograph().encrypt(str2.getBytes())));
        return this;
    }

    @Override // com.techempower.collection.MutableNamedValues
    public JsonWebToken remove(String str) {
        this.claims.remove(str);
        return this;
    }

    @Override // com.techempower.gemini.pyxis.AuthToken
    public String tokenize() {
        JwtBuilder claim = Jwts.builder().claim(ISSUED_AT, Long.valueOf(getIssuedAt())).claim(EXPIRATION, Long.valueOf(Instant.ofEpochMilli(getIssuedAt()).plus(this.application.getSecurity().getSettings().getAuthTokenExpiryDays(), (TemporalUnit) ChronoUnit.DAYS).toEpochMilli())).claim(BEARER_ID, Long.valueOf(this.bearerUserId)).claim(USER_ID, Long.valueOf(getUserId())).claim(LAST_PASSWORD_CHANGED, Long.valueOf(getUserLastPasswordChange())).claim(VALIDATION_HASH, getUserValidationHash());
        for (String str : this.claims.keySet()) {
            claim.claim(str, this.claims.get(str));
        }
        return claim.signWith(new SecretKeySpec((byte[]) Decoders.BASE64.decode(this.application.getSecurity().getSettings().getMacSigningKey()), SignatureAlgorithm.HS256.getJcaName()), SignatureAlgorithm.HS256).compact();
    }
}
