package com.techempower.gemini.pyxis;

import com.techempower.gemini.Context;
import com.techempower.gemini.GeminiApplicationInterface;
import com.techempower.gemini.Request;
import io.jsonwebtoken.MalformedJwtException;
import java.security.MessageDigest;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Date;

/* loaded from: input_file:com/techempower/gemini/pyxis/JsonWebTokenReader.class */
public class JsonWebTokenReader implements TokenReader {
    private static final String AUTHORIZATION_BEARER = "Bearer ";
    private final GeminiApplicationInterface application;

    public JsonWebTokenReader(GeminiApplicationInterface geminiApplicationInterface) {
        this.application = geminiApplicationInterface;
    }

    @Override // com.techempower.gemini.pyxis.TokenReader
    public JsonWebToken read(Context context) {
        String str = context.headers().get(Request.HEADER_AUTHORIZATION);
        if (str == null || !str.contains(AUTHORIZATION_BEARER)) {
            return null;
        }
        try {
            JsonWebToken jsonWebToken = new JsonWebToken(this.application, str.substring(AUTHORIZATION_BEARER.length(), str.length()));
            if (!LocalDateTime.ofInstant(new Date(jsonWebToken.getIssuedAt()).toInstant(), ZoneId.systemDefault()).isAfter(LocalDateTime.now().minusDays(this.application.getSecurity().getSettings().getAuthTokenExpiryDays()))) {
                return null;
            }
            PyxisUser user = this.application.getSecurity().getUser(jsonWebToken.getUserId());
            LocalDateTime ofInstant = LocalDateTime.ofInstant(Instant.ofEpochMilli(jsonWebToken.getUserLastPasswordChange()), ZoneId.systemDefault());
            Login login = null;
            for (Login login2 : this.application.getSecurity().getUserLogins(user.getId())) {
                if (MessageDigest.isEqual(login2.getValidationHash().getBytes(), jsonWebToken.getUserValidationHash().getBytes())) {
                    login = login2;
                }
            }
            if (!ofInstant.isEqual(LocalDateTime.ofInstant(user.getUserLastPasswordChange().toInstant(), ZoneId.systemDefault())) || login == null || !login.getValidationHash().equals(jsonWebToken.getUserValidationHash())) {
                return null;
            }
            if (login.getCreated().getTime() == jsonWebToken.getIssuedAt()) {
                return jsonWebToken;
            }
            return null;
        } catch (MalformedJwtException | IllegalArgumentException e) {
            return null;
        }
    }
}
