package com.wix.mediaplatform.authentication;

import com.auth0.jwt.JWTSigner;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.io.BaseEncoding;
import com.google.gson.Gson;
import com.wix.mediaplatform.authentication.dto.GetAuthTokenResponse;
import com.wix.mediaplatform.configuration.Configuration;
import com.wix.mediaplatform.exception.UnauthorizedException;
import com.wix.mediaplatform.http.Constants;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/wix/mediaplatform/authentication/AuthenticationFacade.class */
public class AuthenticationFacade {
    private static final String AUTH_ENDPOINT = "/apps/auth/token";
    private static final String MEDIA_PLATFORM_HEADER_PREFIX = "MCLOUDTOKEN ";
    private static final String APP_HEADER_PREFIX = "APP ";
    private final Configuration configuration;
    private final Gson gson;
    private final HttpClient httpClient;
    private final JWTSigner signer;
    private final SecureRandom random = new SecureRandom();
    private final Cache<String, String> tokenCache = CacheBuilder.newBuilder().expireAfterWrite(20, TimeUnit.MINUTES).maximumSize(10000).build();
    private final String authUrl;

    public AuthenticationFacade(Configuration configuration, HttpClient httpClient, Gson gson) {
        this.configuration = configuration;
        this.httpClient = httpClient;
        this.gson = gson;
        this.signer = new JWTSigner(configuration.getSharedSecret());
        this.authUrl = "https://" + configuration.getDomain() + AUTH_ENDPOINT;
    }

    @Nullable
    public String getHeader(String str) throws IOException, UnauthorizedException {
        String token = getToken(str);
        if (token == null) {
            return null;
        }
        return MEDIA_PLATFORM_HEADER_PREFIX + token;
    }

    public String getSelfSignedHeader(String str, Map<String, Object> map) {
        return APP_HEADER_PREFIX + selfSignToken(str, map);
    }

    public void invalidateToken(String str) {
        this.tokenCache.invalidate(str);
    }

    @Nullable
    private String getToken(String str) throws IOException, UnauthorizedException {
        String str2 = (String) this.tokenCache.getIfPresent(str);
        if (str2 != null) {
            return str2;
        }
        String authHeader = getAuthHeader(str, null);
        HttpGet httpGet = new HttpGet(this.authUrl);
        httpGet.addHeader("Authorization", authHeader);
        httpGet.addHeader(Constants.ACCEPT_JSON);
        HttpResponse execute = this.httpClient.execute(httpGet);
        if (execute.getStatusLine().getStatusCode() == 401 || execute.getStatusLine().getStatusCode() == 403) {
            throw new UnauthorizedException();
        }
        if (execute.getStatusLine().getStatusCode() < 200 || execute.getStatusLine().getStatusCode() > 299) {
            throw new IOException(execute.toString());
        }
        String token = ((GetAuthTokenResponse) this.gson.fromJson(new InputStreamReader(execute.getEntity().getContent(), StandardCharsets.UTF_8), GetAuthTokenResponse.class)).getToken();
        if (token != null) {
            this.tokenCache.put(str, token);
        }
        return token;
    }

    private String getAuthHeader(String str, Map<String, Object> map) {
        return APP_HEADER_PREFIX + selfSignToken(str, map);
    }

    private String selfSignToken(String str, @Nullable Map<String, Object> map) {
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        byte[] bArr = new byte[6];
        this.random.nextBytes(bArr);
        HashMap hashMap = new HashMap();
        hashMap.put(com.wix.mediaplatform.jwt.Constants.SUBJECT, "user:" + str);
        hashMap.put(com.wix.mediaplatform.jwt.Constants.ISSUER, "app:" + this.configuration.getAppId());
        hashMap.put(com.wix.mediaplatform.jwt.Constants.EXPIRATION, Long.valueOf(currentTimeMillis + 60));
        hashMap.put(com.wix.mediaplatform.jwt.Constants.ISSUED_AT, Long.valueOf(currentTimeMillis));
        hashMap.put(com.wix.mediaplatform.jwt.Constants.IDENTIFIER, BaseEncoding.base16().encode(bArr));
        if (map != null) {
            hashMap.putAll(map);
        }
        return this.signer.sign(hashMap);
    }
}
