package org.dhatim.dropwizard.jwt.cookie.authentication;

import com.fasterxml.jackson.databind.module.SimpleModule;
import com.google.common.hash.Hashing;
import com.google.common.primitives.Ints;
import io.dropwizard.Configuration;
import io.dropwizard.ConfiguredBundle;
import io.dropwizard.auth.AuthDynamicFeature;
import io.dropwizard.auth.AuthFilter;
import io.dropwizard.auth.AuthValueFactoryProvider;
import io.dropwizard.jersey.setup.JerseyEnvironment;
import io.dropwizard.setup.Bootstrap;
import io.dropwizard.setup.Environment;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.impl.DefaultClaims;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.time.Duration;
import java.util.Optional;
import java.util.function.BiFunction;
import java.util.function.Function;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.SecretKeySpec;
import javax.ws.rs.container.ContainerResponseFilter;
import org.dhatim.dropwizard.jwt.cookie.authentication.JwtCookieAuthRequestFilter;
import org.dhatim.dropwizard.jwt.cookie.authentication.JwtCookiePrincipal;
import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature;

/* loaded from: input_file:org/dhatim/dropwizard/jwt/cookie/authentication/JwtCookieAuthBundle.class */
public class JwtCookieAuthBundle<C extends Configuration, P extends JwtCookiePrincipal> implements ConfiguredBundle<C> {
    private static final String JWT_COOKIE_PREFIX = "jwtCookie";
    private static final String DEFAULT_COOKIE_NAME = "sessionToken";
    private final Class<P> principalType;
    private final Function<P, Claims> serializer;
    private final Function<Claims, P> deserializer;
    private Function<C, JwtCookieAuthConfiguration> configurationSupplier = configuration -> {
        return new JwtCookieAuthConfiguration();
    };
    private BiFunction<C, Environment, Key> keySuppplier;

    public static <C extends Configuration> JwtCookieAuthBundle<C, DefaultJwtCookiePrincipal> getDefault() {
        return new JwtCookieAuthBundle<>(DefaultJwtCookiePrincipal.class, (v0) -> {
            return v0.getClaims();
        }, DefaultJwtCookiePrincipal::new);
    }

    public JwtCookieAuthBundle(Class<P> cls, Function<P, Claims> function, Function<Claims, P> function2) {
        this.principalType = cls;
        this.serializer = function;
        this.deserializer = function2;
    }

    public JwtCookieAuthBundle<C, P> withKeyProvider(BiFunction<C, Environment, Key> biFunction) {
        this.keySuppplier = biFunction;
        return this;
    }

    public JwtCookieAuthBundle<C, P> withConfigurationSupplier(Function<C, JwtCookieAuthConfiguration> function) {
        this.configurationSupplier = function;
        return this;
    }

    public void initialize(Bootstrap<?> bootstrap) {
        bootstrap.getObjectMapper().registerModule(new SimpleModule().addAbstractTypeMapping(Claims.class, DefaultClaims.class));
    }

    public void run(C c, Environment environment) throws Exception {
        JwtCookieAuthConfiguration apply = this.configurationSupplier.apply(c);
        Key key = (Key) Optional.ofNullable(this.keySuppplier).map(biFunction -> {
            return (Key) biFunction.apply(c, environment);
        }).orElseGet(() -> {
            return generateKey(apply.getSecretSeed());
        });
        JerseyEnvironment jersey = environment.jersey();
        jersey.register(new AuthDynamicFeature(getAuthRequestFilter(key)));
        jersey.register(new AuthValueFactoryProvider.Binder(this.principalType));
        jersey.register(RolesAllowedDynamicFeature.class);
        jersey.register(getAuthResponseFilter(key, apply));
        jersey.register(DontRefreshSessionFilter.class);
    }

    public AuthFilter<String, P> getAuthRequestFilter(Key key) {
        return new JwtCookieAuthRequestFilter.Builder().setCookieName(DEFAULT_COOKIE_NAME).setAuthenticator(new JwtCookiePrincipalAuthenticator(key, this.deserializer)).setPrefix(JWT_COOKIE_PREFIX).setAuthorizer((v0, v1) -> {
            return v0.isInRole(v1);
        }).buildAuthFilter();
    }

    public ContainerResponseFilter getAuthResponseFilter(Key key, JwtCookieAuthConfiguration jwtCookieAuthConfiguration) {
        return new JwtCookieAuthResponseFilter(this.principalType, this.serializer, DEFAULT_COOKIE_NAME, jwtCookieAuthConfiguration.isSecure(), jwtCookieAuthConfiguration.isHttpOnly(), key, Ints.checkedCast(Duration.parse(jwtCookieAuthConfiguration.getSessionExpiryVolatile()).getSeconds()), Ints.checkedCast(Duration.parse(jwtCookieAuthConfiguration.getSessionExpiryPersistent()).getSeconds()));
    }

    public static Key generateKey(String str) {
        Optional map = Optional.ofNullable(str).map(str2 -> {
            return Hashing.sha256().newHasher().putString(str2, StandardCharsets.UTF_8).hash().asBytes();
        }).map(bArr -> {
            return new SecretKeySpec(bArr, SignatureAlgorithm.HS256.getJcaName());
        });
        KeyGenerator hmacSha256KeyGenerator = getHmacSha256KeyGenerator();
        hmacSha256KeyGenerator.getClass();
        return (Key) map.orElseGet(hmacSha256KeyGenerator::generateKey);
    }

    private static KeyGenerator getHmacSha256KeyGenerator() {
        try {
            return KeyGenerator.getInstance(SignatureAlgorithm.HS256.getJcaName());
        } catch (NoSuchAlgorithmException e) {
            throw new SecurityException(e);
        }
    }
}
